Skip to main content

PolicyDocument

fakecloud_iam::evaluator

Struct PolicyDocument 

Source 
pub struct PolicyDocument { /* private fields */ }
Expand description

Parsed policy document — only the fields the evaluator needs. Any statement that fails to parse (wrong shape, unknown effect, etc.) is dropped with a warn-level log and the rest of the document is still usable, matching how AWS behaves with invalid statements (the broken statement is ignored, not the whole policy).

Implementations§

Source§

impl PolicyDocument

Source

pub fn parse(json: &str) -> Self

Parse a policy document from its JSON string form. Returns an empty document on JSON errors so the caller can fall through to implicit-deny rather than panicking on malformed state.

Source

pub fn from_value(value: &Value) -> Self

Parse a policy document from a serde_json::Value. Used by both PolicyDocument::parse and tests that build inline serde_json! values.

Source

pub fn statement_count(&self) -> usize

Number of parsed statements in this document. Used by tests as a proxy for “did this statement parse successfully?” without exposing the internal representation.

Source

pub fn matching_identity_statements( &self, request: &EvalRequest<'_>, allow: bool, ) -> usize

Count the identity-policy statements in this document that match the request’s action + resource (and condition, if any) and carry the given effect (allow selects Allow, otherwise Deny). Used by policy simulation to attribute MatchedStatements provenance: a statement that contributed to the decision is reported with its source policy id. Statements carrying a Principal/NotPrincipal (resource-policy only) are never identity matches.

Trait Implementations§

Source§

impl Clone for PolicyDocument

Source§

fn clone(&self) -> PolicyDocument

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for PolicyDocument

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for PolicyDocument

Source§

fn default() -> PolicyDocument

Returns the “default value” for a type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FromRef<T> for T
where T: Clone,

Source§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
Source§

impl<A, B, T> HttpServerConnExec<A, B> for T
where B: Body,

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more