Struct IAMRequest

Source
pub struct IAMRequest {
    pub principal: String,
    pub action: String,
    pub resource: String,
    pub context: Context,
}
Expand description

Core IAM request containing principal, action, and resource

§Understanding the PARC model

The PARC model represents the request context based on the four JSON elements in the policy language:

  • Principal – The entity making the request. A principal represents a human user or programmatic workload that can be authenticated and then authorized to perform actions in AWS accounts.
  • Action – The operation being performed. Often the action will map to an API action.
  • Resource – The AWS resource on which the action is being performed.
  • Condition – Additional constraints that must be met for the request to be allowed.

The following shows an example of how the PARC model might represent a request context:

Principal: AIDA123456789EXAMPLE
Action: s3:CreateBucket
Resource: arn:aws:s3:::amzn-s3-demo-bucket1
Context:
- aws:UserId=AIDA123456789EXAMPLE:BobsSession
- aws:PrincipalAccount=123456789012
- aws:PrincipalOrgId=o-example
- aws:PrincipalARN=arn:aws:iam::AIDA123456789EXAMPLE:role/HR
- aws:MultiFactorAuthPresent=true
- aws:CurrentTime=...
- aws:EpochTime=...
- aws:SourceIp=...
- aws:PrincipalTag/dept=123
- aws:PrincipalTag/project=blue
- aws:RequestTag/dept=123

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic_policy-eval-reqcontext.html

Fields§

§principal: String

The principal making the request (e.g., AROA123456789EXAMPLE)

§action: String

The action being requested (e.g., iam:DeactivateMFADevice)

§resource: String

The resource being accessed (e.g., arn:aws:iam::user/martha)

§context: Context

Additional context for condition evaluation

Implementations§

Source§

impl IAMRequest

Source

pub fn new<S: Into<String>>(principal: S, action: S, resource: S) -> Self

Creates a new request

Examples found in repository?
examples/evaluation_demo.rs (lines 21-25)
7fn main() -> Result<(), Box<dyn std::error::Error>> {
8    println!("=== IAM Policy Evaluation Engine Demo ===\n");
9
10    // Example 1: Simple Allow Policy
11    println!("1. Simple Allow Policy:");
12    let allow_policy = IAMPolicy::new()
13        .with_id("550e8400-e29b-41d4-a716-446655440000")
14        .add_statement(
15            IAMStatement::new(Effect::Allow)
16                .with_sid("AllowS3Read")
17                .with_action(Action::Single("s3:GetObject".to_string()))
18                .with_resource(Resource::Single("arn:aws:s3:::my-bucket/*".to_string())),
19        );
20
21    let request = IAMRequest::new(
22        "arn:aws:iam::123456789012:user/alice",
23        "s3:GetObject",
24        "arn:aws:s3:::my-bucket/file.txt",
25    );
26
27    match evaluate_policy(&allow_policy, &request)? {
28        Decision::Allow => println!("✓ Access ALLOWED"),
29        Decision::Deny => println!("✗ Access DENIED"),
30        Decision::NotApplicable => println!("? No applicable policy (implicit deny)"),
31    }
32    println!();
33
34    // Example 2: Simple Deny Policy
35    println!("2. Simple Deny Policy:");
36    let deny_policy = IAMPolicy::new()
37        .with_id("550e8400-e29b-41d4-a716-446655440001")
38        .add_statement(
39            IAMStatement::new(Effect::Deny)
40                .with_sid("DenyS3Delete")
41                .with_action(Action::Single("s3:DeleteObject".to_string()))
42                .with_resource(Resource::Single(
43                    "arn:aws:s3:::protected-bucket/*".to_string(),
44                )),
45        );
46
47    let delete_request = IAMRequest::new(
48        "arn:aws:iam::123456789012:user/alice",
49        "s3:DeleteObject",
50        "arn:aws:s3:::protected-bucket/important.txt",
51    );
52
53    match evaluate_policy(&deny_policy, &delete_request)? {
54        Decision::Allow => println!("✓ Access ALLOWED"),
55        Decision::Deny => println!("✗ Access DENIED"),
56        Decision::NotApplicable => println!("? No applicable policy (implicit deny)"),
57    }
58    println!();
59
60    // Example 3: Wildcard Action Matching
61    println!("3. Wildcard Action Matching:");
62    let wildcard_policy = IAMPolicy::new()
63        .with_id("550e8400-e29b-41d4-a716-446655440002")
64        .add_statement(
65            IAMStatement::new(Effect::Allow)
66                .with_sid("AllowAllS3")
67                .with_action(Action::Single("s3:*".to_string()))
68                .with_resource(Resource::Single("arn:aws:s3:::my-bucket/*".to_string())),
69        );
70
71    let wildcard_request = IAMRequest::new(
72        "arn:aws:iam::123456789012:user/alice",
73        "s3:PutObject",
74        "arn:aws:s3:::my-bucket/new-file.txt",
75    );
76
77    match evaluate_policy(&wildcard_policy, &wildcard_request)? {
78        Decision::Allow => println!("✓ Wildcard action matched - Access ALLOWED"),
79        Decision::Deny => println!("✗ Access DENIED"),
80        Decision::NotApplicable => println!("? No applicable policy"),
81    }
82    println!();
83
84    // Example 4: Condition-Based Policy
85    println!("4. Condition-Based Policy:");
86    let mut context = Context::new();
87    context.insert(
88        "aws:userid".to_string(),
89        ContextValue::String("alice".to_string()),
90    );
91    context.insert(
92        "aws:CurrentTime".to_string(),
93        ContextValue::String("2024-01-15T10:00:00Z".to_string()),
94    );
95
96    let condition_policy = IAMPolicy::new()
97        .with_id("550e8400-e29b-41d4-a716-446655440003")
98        .add_statement(
99            IAMStatement::new(Effect::Allow)
100                .with_sid("AllowWithCondition")
101                .with_action(Action::Single("s3:GetObject".to_string()))
102                .with_resource(Resource::Single(
103                    "arn:aws:s3:::private-bucket/*".to_string(),
104                ))
105                .with_condition(
106                    Operator::StringEquals,
107                    "aws:userid".to_string(),
108                    json!("alice"),
109                ),
110        );
111
112    let condition_request = IAMRequest::new_with_context(
113        "arn:aws:iam::123456789012:user/alice",
114        "s3:GetObject",
115        "arn:aws:s3:::private-bucket/personal.txt",
116        context,
117    );
118
119    match evaluate_policy(&condition_policy, &condition_request)? {
120        Decision::Allow => println!("✓ Condition satisfied - Access ALLOWED"),
121        Decision::Deny => println!("✗ Access DENIED"),
122        Decision::NotApplicable => println!("? Condition not satisfied"),
123    }
124    println!();
125
126    // Example 5: Failed Condition
127    println!("5. Failed Condition:");
128    let mut wrong_context = Context::new();
129    wrong_context.insert(
130        "aws:userid".to_string(),
131        ContextValue::String("bob".to_string()),
132    );
133
134    let failed_condition_request = IAMRequest::new_with_context(
135        "arn:aws:iam::123456789012:user/bob",
136        "s3:GetObject",
137        "arn:aws:s3:::private-bucket/personal.txt",
138        wrong_context,
139    );
140
141    match evaluate_policy(&condition_policy, &failed_condition_request)? {
142        Decision::Allow => println!("✓ Access ALLOWED"),
143        Decision::Deny => println!("✗ Access DENIED"),
144        Decision::NotApplicable => println!("? Condition failed - No applicable policy"),
145    }
146    println!();
147
148    // Example 6: Explicit Deny Overrides Allow
149    println!("6. Explicit Deny Overrides Allow:");
150    let combined_policies = vec![
151        IAMPolicy::new()
152            .with_id("550e8400-e29b-41d4-a716-446655440004")
153            .add_statement(
154                IAMStatement::new(Effect::Allow)
155                    .with_sid("AllowAll")
156                    .with_action(Action::Single("s3:*".to_string()))
157                    .with_resource(Resource::Single("*".to_string())),
158            ),
159        IAMPolicy::new()
160            .with_id("550e8400-e29b-41d4-a716-446655440005")
161            .add_statement(
162                IAMStatement::new(Effect::Deny)
163                    .with_sid("DenyProtected")
164                    .with_action(Action::Single("s3:DeleteObject".to_string()))
165                    .with_resource(Resource::Single(
166                        "arn:aws:s3:::protected-bucket/*".to_string(),
167                    )),
168            ),
169    ];
170
171    let evaluator = PolicyEvaluator::with_policies(combined_policies);
172    let protected_request = IAMRequest::new(
173        "arn:aws:iam::123456789012:user/alice",
174        "s3:DeleteObject",
175        "arn:aws:s3:::protected-bucket/critical.txt",
176    );
177
178    match evaluator.evaluate(&protected_request)?.decision {
179        Decision::Allow => println!("✓ Access ALLOWED"),
180        Decision::Deny => println!("✗ Explicit DENY overrides Allow"),
181        Decision::NotApplicable => println!("? No applicable policy"),
182    }
183    println!();
184
185    // Example 7: Numeric Condition
186    println!("7. Numeric Condition:");
187    let mut numeric_context = Context::new();
188    numeric_context.insert("aws:RequestCount".to_string(), ContextValue::Number(5.0));
189
190    let numeric_policy = IAMPolicy::new()
191        .with_id("550e8400-e29b-41d4-a716-446655440006")
192        .add_statement(
193            IAMStatement::new(Effect::Allow)
194                .with_sid("AllowLimitedRequests")
195                .with_action(Action::Single("s3:GetObject".to_string()))
196                .with_resource(Resource::Single("*".to_string()))
197                .with_condition(
198                    Operator::NumericLessThan,
199                    "aws:RequestCount".to_string(),
200                    json!(10),
201                ),
202        );
203
204    let numeric_request = IAMRequest::new_with_context(
205        "arn:aws:iam::123456789012:user/alice",
206        "s3:GetObject",
207        "arn:aws:s3:::any-bucket/file.txt",
208        numeric_context,
209    );
210
211    match evaluate_policy(&numeric_policy, &numeric_request)? {
212        Decision::Allow => println!("✓ Numeric condition satisfied - Access ALLOWED"),
213        Decision::Deny => println!("✗ Access DENIED"),
214        Decision::NotApplicable => println!("? Numeric condition failed"),
215    }
216    println!();
217
218    // Example 8: Detailed Evaluation with Options
219    println!("8. Detailed Evaluation with Options:");
220    let detailed_evaluator = PolicyEvaluator::with_policies(vec![allow_policy.clone()])
221        .with_options(EvaluationOptions {
222            collect_match_details: true,
223            stop_on_explicit_deny: false,
224            max_statements: 100,
225        });
226
227    let detailed_result = detailed_evaluator.evaluate(&request)?;
228    println!("Decision: {:?}", detailed_result.decision);
229    println!("Matched Statements:");
230    for (i, statement_match) in detailed_result.matched_statements.iter().enumerate() {
231        println!(
232            "  {}. SID: {:?}, Effect: {:?}, Satisfied: {}, Reason: {}",
233            i + 1,
234            statement_match.sid,
235            statement_match.effect,
236            statement_match.conditions_satisfied,
237            statement_match.reason
238        );
239    }
240    println!();
241
242    // Example 9: No Applicable Policy (Implicit Deny)
243    println!("9. No Applicable Policy (Implicit Deny):");
244    let unrelated_request = IAMRequest::new(
245        "arn:aws:iam::123456789012:user/alice",
246        "ec2:DescribeInstances",
247        "arn:aws:ec2:us-east-1:123456789012:instance/*",
248    );
249
250    match evaluate_policy(&allow_policy, &unrelated_request)? {
251        Decision::Allow => println!("✓ Access ALLOWED"),
252        Decision::Deny => println!("✗ Access DENIED"),
253        Decision::NotApplicable => println!("? No applicable policy - Implicit DENY"),
254    }
255    println!();
256
257    // Example 10: Resource Pattern Matching
258    println!("10. Resource Pattern Matching:");
259    let pattern_policy = IAMPolicy::new()
260        .with_id("550e8400-e29b-41d4-a716-446655440007")
261        .add_statement(
262            IAMStatement::new(Effect::Allow)
263                .with_sid("AllowBucketAccess")
264                .with_action(Action::Multiple(vec![
265                    "s3:GetObject".to_string(),
266                    "s3:PutObject".to_string(),
267                ]))
268                .with_resource(Resource::Single("arn:aws:s3:::user-data-*/*".to_string())),
269        );
270
271    let pattern_request = IAMRequest::new(
272        "arn:aws:iam::123456789012:user/alice",
273        "s3:GetObject",
274        "arn:aws:s3:::user-data-alice/profile.json",
275    );
276
277    match evaluate_policy(&pattern_policy, &pattern_request)? {
278        Decision::Allow => println!("✓ Resource pattern matched - Access ALLOWED"),
279        Decision::Deny => println!("✗ Access DENIED"),
280        Decision::NotApplicable => println!("? Resource pattern didn't match"),
281    }
282
283    println!("\n=== Policy Evaluation Demo Complete ===");
284    println!("\nThe Policy Evaluation Engine successfully:");
285    println!("• ✅ Evaluates Allow/Deny effects");
286    println!("• ✅ Handles wildcard actions and resources");
287    println!("• ✅ Processes condition blocks with various operators");
288    println!("• ✅ Implements proper IAM logic (explicit deny overrides)");
289    println!("• ✅ Supports detailed evaluation with match information");
290    println!("• ✅ Handles multiple policies with complex interactions");
291    println!("• ✅ Provides clear Allow/Deny/NotApplicable decisions");
292
293    Ok(())
294}
Source

pub fn new_with_context<S: Into<String>>( principal: S, action: S, resource: S, context: Context, ) -> Self

Creates a request with context

Examples found in repository?
examples/evaluation_demo.rs (lines 112-117)
7fn main() -> Result<(), Box<dyn std::error::Error>> {
8    println!("=== IAM Policy Evaluation Engine Demo ===\n");
9
10    // Example 1: Simple Allow Policy
11    println!("1. Simple Allow Policy:");
12    let allow_policy = IAMPolicy::new()
13        .with_id("550e8400-e29b-41d4-a716-446655440000")
14        .add_statement(
15            IAMStatement::new(Effect::Allow)
16                .with_sid("AllowS3Read")
17                .with_action(Action::Single("s3:GetObject".to_string()))
18                .with_resource(Resource::Single("arn:aws:s3:::my-bucket/*".to_string())),
19        );
20
21    let request = IAMRequest::new(
22        "arn:aws:iam::123456789012:user/alice",
23        "s3:GetObject",
24        "arn:aws:s3:::my-bucket/file.txt",
25    );
26
27    match evaluate_policy(&allow_policy, &request)? {
28        Decision::Allow => println!("✓ Access ALLOWED"),
29        Decision::Deny => println!("✗ Access DENIED"),
30        Decision::NotApplicable => println!("? No applicable policy (implicit deny)"),
31    }
32    println!();
33
34    // Example 2: Simple Deny Policy
35    println!("2. Simple Deny Policy:");
36    let deny_policy = IAMPolicy::new()
37        .with_id("550e8400-e29b-41d4-a716-446655440001")
38        .add_statement(
39            IAMStatement::new(Effect::Deny)
40                .with_sid("DenyS3Delete")
41                .with_action(Action::Single("s3:DeleteObject".to_string()))
42                .with_resource(Resource::Single(
43                    "arn:aws:s3:::protected-bucket/*".to_string(),
44                )),
45        );
46
47    let delete_request = IAMRequest::new(
48        "arn:aws:iam::123456789012:user/alice",
49        "s3:DeleteObject",
50        "arn:aws:s3:::protected-bucket/important.txt",
51    );
52
53    match evaluate_policy(&deny_policy, &delete_request)? {
54        Decision::Allow => println!("✓ Access ALLOWED"),
55        Decision::Deny => println!("✗ Access DENIED"),
56        Decision::NotApplicable => println!("? No applicable policy (implicit deny)"),
57    }
58    println!();
59
60    // Example 3: Wildcard Action Matching
61    println!("3. Wildcard Action Matching:");
62    let wildcard_policy = IAMPolicy::new()
63        .with_id("550e8400-e29b-41d4-a716-446655440002")
64        .add_statement(
65            IAMStatement::new(Effect::Allow)
66                .with_sid("AllowAllS3")
67                .with_action(Action::Single("s3:*".to_string()))
68                .with_resource(Resource::Single("arn:aws:s3:::my-bucket/*".to_string())),
69        );
70
71    let wildcard_request = IAMRequest::new(
72        "arn:aws:iam::123456789012:user/alice",
73        "s3:PutObject",
74        "arn:aws:s3:::my-bucket/new-file.txt",
75    );
76
77    match evaluate_policy(&wildcard_policy, &wildcard_request)? {
78        Decision::Allow => println!("✓ Wildcard action matched - Access ALLOWED"),
79        Decision::Deny => println!("✗ Access DENIED"),
80        Decision::NotApplicable => println!("? No applicable policy"),
81    }
82    println!();
83
84    // Example 4: Condition-Based Policy
85    println!("4. Condition-Based Policy:");
86    let mut context = Context::new();
87    context.insert(
88        "aws:userid".to_string(),
89        ContextValue::String("alice".to_string()),
90    );
91    context.insert(
92        "aws:CurrentTime".to_string(),
93        ContextValue::String("2024-01-15T10:00:00Z".to_string()),
94    );
95
96    let condition_policy = IAMPolicy::new()
97        .with_id("550e8400-e29b-41d4-a716-446655440003")
98        .add_statement(
99            IAMStatement::new(Effect::Allow)
100                .with_sid("AllowWithCondition")
101                .with_action(Action::Single("s3:GetObject".to_string()))
102                .with_resource(Resource::Single(
103                    "arn:aws:s3:::private-bucket/*".to_string(),
104                ))
105                .with_condition(
106                    Operator::StringEquals,
107                    "aws:userid".to_string(),
108                    json!("alice"),
109                ),
110        );
111
112    let condition_request = IAMRequest::new_with_context(
113        "arn:aws:iam::123456789012:user/alice",
114        "s3:GetObject",
115        "arn:aws:s3:::private-bucket/personal.txt",
116        context,
117    );
118
119    match evaluate_policy(&condition_policy, &condition_request)? {
120        Decision::Allow => println!("✓ Condition satisfied - Access ALLOWED"),
121        Decision::Deny => println!("✗ Access DENIED"),
122        Decision::NotApplicable => println!("? Condition not satisfied"),
123    }
124    println!();
125
126    // Example 5: Failed Condition
127    println!("5. Failed Condition:");
128    let mut wrong_context = Context::new();
129    wrong_context.insert(
130        "aws:userid".to_string(),
131        ContextValue::String("bob".to_string()),
132    );
133
134    let failed_condition_request = IAMRequest::new_with_context(
135        "arn:aws:iam::123456789012:user/bob",
136        "s3:GetObject",
137        "arn:aws:s3:::private-bucket/personal.txt",
138        wrong_context,
139    );
140
141    match evaluate_policy(&condition_policy, &failed_condition_request)? {
142        Decision::Allow => println!("✓ Access ALLOWED"),
143        Decision::Deny => println!("✗ Access DENIED"),
144        Decision::NotApplicable => println!("? Condition failed - No applicable policy"),
145    }
146    println!();
147
148    // Example 6: Explicit Deny Overrides Allow
149    println!("6. Explicit Deny Overrides Allow:");
150    let combined_policies = vec![
151        IAMPolicy::new()
152            .with_id("550e8400-e29b-41d4-a716-446655440004")
153            .add_statement(
154                IAMStatement::new(Effect::Allow)
155                    .with_sid("AllowAll")
156                    .with_action(Action::Single("s3:*".to_string()))
157                    .with_resource(Resource::Single("*".to_string())),
158            ),
159        IAMPolicy::new()
160            .with_id("550e8400-e29b-41d4-a716-446655440005")
161            .add_statement(
162                IAMStatement::new(Effect::Deny)
163                    .with_sid("DenyProtected")
164                    .with_action(Action::Single("s3:DeleteObject".to_string()))
165                    .with_resource(Resource::Single(
166                        "arn:aws:s3:::protected-bucket/*".to_string(),
167                    )),
168            ),
169    ];
170
171    let evaluator = PolicyEvaluator::with_policies(combined_policies);
172    let protected_request = IAMRequest::new(
173        "arn:aws:iam::123456789012:user/alice",
174        "s3:DeleteObject",
175        "arn:aws:s3:::protected-bucket/critical.txt",
176    );
177
178    match evaluator.evaluate(&protected_request)?.decision {
179        Decision::Allow => println!("✓ Access ALLOWED"),
180        Decision::Deny => println!("✗ Explicit DENY overrides Allow"),
181        Decision::NotApplicable => println!("? No applicable policy"),
182    }
183    println!();
184
185    // Example 7: Numeric Condition
186    println!("7. Numeric Condition:");
187    let mut numeric_context = Context::new();
188    numeric_context.insert("aws:RequestCount".to_string(), ContextValue::Number(5.0));
189
190    let numeric_policy = IAMPolicy::new()
191        .with_id("550e8400-e29b-41d4-a716-446655440006")
192        .add_statement(
193            IAMStatement::new(Effect::Allow)
194                .with_sid("AllowLimitedRequests")
195                .with_action(Action::Single("s3:GetObject".to_string()))
196                .with_resource(Resource::Single("*".to_string()))
197                .with_condition(
198                    Operator::NumericLessThan,
199                    "aws:RequestCount".to_string(),
200                    json!(10),
201                ),
202        );
203
204    let numeric_request = IAMRequest::new_with_context(
205        "arn:aws:iam::123456789012:user/alice",
206        "s3:GetObject",
207        "arn:aws:s3:::any-bucket/file.txt",
208        numeric_context,
209    );
210
211    match evaluate_policy(&numeric_policy, &numeric_request)? {
212        Decision::Allow => println!("✓ Numeric condition satisfied - Access ALLOWED"),
213        Decision::Deny => println!("✗ Access DENIED"),
214        Decision::NotApplicable => println!("? Numeric condition failed"),
215    }
216    println!();
217
218    // Example 8: Detailed Evaluation with Options
219    println!("8. Detailed Evaluation with Options:");
220    let detailed_evaluator = PolicyEvaluator::with_policies(vec![allow_policy.clone()])
221        .with_options(EvaluationOptions {
222            collect_match_details: true,
223            stop_on_explicit_deny: false,
224            max_statements: 100,
225        });
226
227    let detailed_result = detailed_evaluator.evaluate(&request)?;
228    println!("Decision: {:?}", detailed_result.decision);
229    println!("Matched Statements:");
230    for (i, statement_match) in detailed_result.matched_statements.iter().enumerate() {
231        println!(
232            "  {}. SID: {:?}, Effect: {:?}, Satisfied: {}, Reason: {}",
233            i + 1,
234            statement_match.sid,
235            statement_match.effect,
236            statement_match.conditions_satisfied,
237            statement_match.reason
238        );
239    }
240    println!();
241
242    // Example 9: No Applicable Policy (Implicit Deny)
243    println!("9. No Applicable Policy (Implicit Deny):");
244    let unrelated_request = IAMRequest::new(
245        "arn:aws:iam::123456789012:user/alice",
246        "ec2:DescribeInstances",
247        "arn:aws:ec2:us-east-1:123456789012:instance/*",
248    );
249
250    match evaluate_policy(&allow_policy, &unrelated_request)? {
251        Decision::Allow => println!("✓ Access ALLOWED"),
252        Decision::Deny => println!("✗ Access DENIED"),
253        Decision::NotApplicable => println!("? No applicable policy - Implicit DENY"),
254    }
255    println!();
256
257    // Example 10: Resource Pattern Matching
258    println!("10. Resource Pattern Matching:");
259    let pattern_policy = IAMPolicy::new()
260        .with_id("550e8400-e29b-41d4-a716-446655440007")
261        .add_statement(
262            IAMStatement::new(Effect::Allow)
263                .with_sid("AllowBucketAccess")
264                .with_action(Action::Multiple(vec![
265                    "s3:GetObject".to_string(),
266                    "s3:PutObject".to_string(),
267                ]))
268                .with_resource(Resource::Single("arn:aws:s3:::user-data-*/*".to_string())),
269        );
270
271    let pattern_request = IAMRequest::new(
272        "arn:aws:iam::123456789012:user/alice",
273        "s3:GetObject",
274        "arn:aws:s3:::user-data-alice/profile.json",
275    );
276
277    match evaluate_policy(&pattern_policy, &pattern_request)? {
278        Decision::Allow => println!("✓ Resource pattern matched - Access ALLOWED"),
279        Decision::Deny => println!("✗ Access DENIED"),
280        Decision::NotApplicable => println!("? Resource pattern didn't match"),
281    }
282
283    println!("\n=== Policy Evaluation Demo Complete ===");
284    println!("\nThe Policy Evaluation Engine successfully:");
285    println!("• ✅ Evaluates Allow/Deny effects");
286    println!("• ✅ Handles wildcard actions and resources");
287    println!("• ✅ Processes condition blocks with various operators");
288    println!("• ✅ Implements proper IAM logic (explicit deny overrides)");
289    println!("• ✅ Supports detailed evaluation with match information");
290    println!("• ✅ Handles multiple policies with complex interactions");
291    println!("• ✅ Provides clear Allow/Deny/NotApplicable decisions");
292
293    Ok(())
294}
Source

pub fn with_context(self, other_context: Context) -> Self

Adds all context key-value pairs from another context

Source

pub fn with_string_context<K: Into<String>, V: Into<String>>( self, key: K, value: V, ) -> Self

Adds string context to the request

Source

pub fn with_boolean_context<K: Into<String>>(self, key: K, value: bool) -> Self

Adds boolean context to the request

Source

pub fn with_number_context<K: Into<String>>(self, key: K, value: f64) -> Self

Adds numeric context to the request

Source

pub fn get_context(&self, key: &str) -> Option<&ContextValue>

Gets a context value by key

Source

pub fn has_context(&self, key: &str) -> bool

Checks if a context key exists

Source

pub fn context_keys(&self) -> Vec<&String>

Gets all context keys

Trait Implementations§

Source§

impl Clone for IAMRequest

Source§

fn clone(&self) -> IAMRequest

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for IAMRequest

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for IAMRequest

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl PartialEq for IAMRequest

Source§

fn eq(&self, other: &IAMRequest) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for IAMRequest

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl StructuralPartialEq for IAMRequest

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,