Struct RbacPolicy 

#[non_exhaustive]
pub struct RbacPolicy { /* private fields */ }

Compiled RBAC policy for fast lookup.

Built from RbacConfig at startup. All lookups are O(n) over the role’s allow/deny/host lists, which is fine for the expected cardinality (a handful of roles with tens of entries each).

Implementations

impl RbacPolicy

pub fn new(config: &RbacConfig) -> Self

Build a policy from config. When config.enabled is false, all checks return RbacDecision::Allow.

pub fn disabled() -> Self

Create a policy that always allows (RBAC disabled).

pub fn is_enabled(&self) -> bool

Whether RBAC enforcement is active.

pub fn summary(&self) -> RbacPolicySummary

Summarize the policy for diagnostics (admin endpoint).

Returns (enabled, role_count, per_role_stats) where each stat is (name, allow_count, deny_count, host_count, argument_allowlist_count).

pub fn check_operation(&self, role: &str, operation: &str) -> RbacDecision

Check whether role may perform operation (ignoring host).

Use this for tools that don’t target a specific host (e.g. ping, list_hosts).

pub fn check(&self, role: &str, operation: &str, host: &str) -> RbacDecision

Check whether role may perform operation on host.

Evaluation order:

1. If RBAC is disabled, allow.
2. Check operation permission (deny overrides allow).
3. Check host visibility via glob matching.

pub fn host_visible(&self, role: &str, host: &str) -> bool

Check whether role can see host at all (for list_hosts filtering).

pub fn host_patterns(&self, role: &str) -> Option<&[String]>

Get the list of hosts patterns for a role.

pub fn argument_allowed( &self, role: &str, tool: &str, argument: &str, value: &str, ) -> bool

Check whether value passes the argument allowlists for tool under role.

If the role has no matching argument_allowlists entry for the tool, all values are allowed. When a matching entry exists, the first whitespace-delimited token of value (or its /-basename) must appear in the allowed list.

pub fn redact_arg(&self, value: &str) -> String

HMAC-SHA256 the given argument value with this policy’s redaction salt and return the first 8 hex characters (4 bytes / 32 bits).

32 bits is enough entropy for log correlation (1-in-4-billion collision per pair) while being far short of any preimage attack surface for an attacker reading logs. The HMAC construction guarantees that even short or low-entropy values cannot be recovered without the key.

Trait Implementations

impl Clone for RbacPolicy

fn clone(&self) -> RbacPolicy

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for RbacPolicy

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.