pub trait PolicyBackend: Send + Sync {
// Required methods
fn evaluate(
&self,
subject: &ObjectId,
target: &ObjectId,
operation: &Operation,
exposure_labels: &[ExposureLabel],
) -> PolicyDecision;
fn classification(&self, target: &ObjectId) -> Vec<ExposureLabel>;
fn list_grants(&self, subject: &ObjectId) -> Vec<CapabilityGrant>;
fn can_delegate(&self, subject: &ObjectId) -> bool;
}Expand description
Pluggable policy backend trait.
Implementations evaluate capability requests against their policy model.
The default implementation is the CList backend in hessra-cap-policy.
Required Methods§
Sourcefn evaluate(
&self,
subject: &ObjectId,
target: &ObjectId,
operation: &Operation,
exposure_labels: &[ExposureLabel],
) -> PolicyDecision
fn evaluate( &self, subject: &ObjectId, target: &ObjectId, operation: &Operation, exposure_labels: &[ExposureLabel], ) -> PolicyDecision
Evaluate whether a subject can access a target with the given operation, considering any exposure labels from the subject’s context.
Sourcefn classification(&self, target: &ObjectId) -> Vec<ExposureLabel>
fn classification(&self, target: &ObjectId) -> Vec<ExposureLabel>
Get the data classification (exposure labels) for a target.
When the engine mints a capability for a classified target, these labels are automatically added to the subject’s context token.
Sourcefn list_grants(&self, subject: &ObjectId) -> Vec<CapabilityGrant>
fn list_grants(&self, subject: &ObjectId) -> Vec<CapabilityGrant>
List all capability grants for a subject (for introspection and audit).
Sourcefn can_delegate(&self, subject: &ObjectId) -> bool
fn can_delegate(&self, subject: &ObjectId) -> bool
Check if a subject can delegate capabilities to other objects.