Crate ockam_abac

The ockam_abac crate is responsible for performing attribute based authorization control on messages within an Ockam worker system.

Re-exports

• pub use expr::Expr;
• pub use resource::Resource;
• pub use resource::ResourceType;
• pub use tokio;

Modules

• expr
• resource

Structs

• Abac
  This AccessControl uses a storage for authenticated attributes in order to verify if a policy expression is valid A similar access control policy is available as crate::policy::PolicyAccessControl where as crate::Policies can be used to retrieve a specific policy for a given resource and action
• Env
• IncomingAbac
• OutgoingAbac
• Policies
• PolicyAccessControl
  Evaluates a policy expression against an environment of attributes.
• ResourceName
• ResourcePolicy
• ResourcePolicySqlxDatabase
• ResourceTypePolicy
• ResourceTypePolicySqlxDatabase
• ResourcesSqlxDatabase
• Subject

Enums

• Action
• EvalError
• ParseError

Constants

• ABAC_HAS_CREDENTIAL_KEY
  Key we use to indicate a subject has valid credential
• ABAC_IDENTIFIER_KEY
  Key we use to check Identifier
• SUBJECT_KEY
  Prefix we use to check for subject attributes

Traits

• ResourcePoliciesRepository
  This repository stores policies for resources. A policy is an expression which can be evaluated against an environment (a list of attribute names and values) in order to determine if a given action can be performed on a given resource.
• ResourceTypePoliciesRepository
  This repository stores policies for resources types. A policy is an expression which can be evaluated against an environment (a list of attribute names and values) in order to determine if a given action can be performed on a given resource.
• ResourcesRepository
  This repository stores resources.

Functions

• eval
• parse