pub struct IpcSecurityPipeline { /* private fields */ }Expand description
Assembled IPC security pipeline holding all control point instances.
Implementations§
Source§impl IpcSecurityPipeline
impl IpcSecurityPipeline
Sourcepub fn new(config: IpcSecurityConfig, audit_config: AuditConfig) -> Self
pub fn new(config: IpcSecurityConfig, audit_config: AuditConfig) -> Self
Creates a new pipeline from configuration.
§Arguments
config: IPC security configuration.audit_config: Root audit persistence configuration.
§Returns
Returns an initialized IpcSecurityPipeline with all control
points ready.
Sourcepub fn check(
&mut self,
method: &str,
raw_body_len: usize,
peer_identity: &PeerIdentity,
connection_id: &str,
) -> CheckOutcome
pub fn check( &mut self, method: &str, raw_body_len: usize, peer_identity: &PeerIdentity, connection_id: &str, ) -> CheckOutcome
Runs pre-dispatch security checks, excluding C4 (replay) and C8 (idempotency) which are handled separately to resolve ordering.
Execution order (per contract, with corrected C4/C8 ordering): C6 → C5 → C2 → C3
C4 (replay protection) and C8 (idempotency) are ordered by the
caller: C8 is checked first; if the response is already cached,
it is returned without recording in C4. Otherwise C4 records the
request_id and dispatch proceeds — see check_replay_and_record.
C1 (socket owner) runs at bind time. C9 (allowlist) runs at extension points. C7 (audit) runs post-dispatch.
§Arguments
method: IPC method name.raw_body_len: Byte length of the raw request body (for C5).peer_identity: Extracted peer identity snapshot (for C2/C3).connection_id: Opaque connection identifier (for per-connection C6).
§Returns
Returns CheckOutcome::Passed when all checks pass, or
CheckOutcome::Denied(error) with the denial error.
Sourcepub fn check_replay_and_record(
&mut self,
request_id: &str,
) -> Result<(), DashboardError>
pub fn check_replay_and_record( &mut self, request_id: &str, ) -> Result<(), DashboardError>
Checks C4 replay protection and records the request_id.
Must be called after C8 idempotency check: if the response is already cached, the caller returns early without recording in C4. This prevents C4 from rejecting a legitimate retry that hits the idempotency cache.
§Arguments
request_id: Request identifier to check and record.
§Returns
Returns Ok(()) for a first submission, or
Err(DashboardError) with code replay_detected for a replay.
Sourcepub fn check_idempotency(&self, request_id: &str) -> Option<String>
pub fn check_idempotency(&self, request_id: &str) -> Option<String>
Sourcepub fn cache_result(&mut self, request_id: &str, response_json: &str)
pub fn cache_result(&mut self, request_id: &str, response_json: &str)
Caches a dispatch result for idempotency (C8).
§Arguments
request_id: Request identifier.response_json: Serialized response to cache.
Sourcepub fn request_size_limit_bytes(&self) -> Option<usize>
pub fn request_size_limit_bytes(&self) -> Option<usize>
Returns the C5 request size limit in bytes, or None if disabled.
Sourcepub fn high_risk_methods(&self) -> &[String]
pub fn high_risk_methods(&self) -> &[String]
Returns the configured high-risk command method list.
This is the list from AuthorizationConfig.high_risk_commands.
When empty (the config is not populated), the caller should
fall back to a hardcoded default set.
Sourcepub fn check_ext_command_allowlist(
&self,
path: &str,
) -> Result<(), DashboardError>
pub fn check_ext_command_allowlist( &self, path: &str, ) -> Result<(), DashboardError>
Checks whether an external command path is allowed by C9 allowlist.
This is called at extension points where external executables may be invoked under supervisor control. The allowlist rejects paths that are not explicitly configured.
§Arguments
path: Absolute executable path to check.
§Returns
Returns Ok(()) when the path is allowed, or
Err(DashboardError) with allowlist_empty or allowlist_denied.
Sourcepub fn audit_backend(&self) -> &AuditBackend
pub fn audit_backend(&self) -> &AuditBackend
Returns a reference to the audit backend for health checks.
Sourcepub fn write_audit(
&mut self,
method: &str,
peer_identity: &PeerIdentity,
allowed: bool,
denial_error: Option<&DashboardError>,
denial_control_point: &str,
is_high_risk: bool,
) -> Result<(), DashboardError>
pub fn write_audit( &mut self, method: &str, peer_identity: &PeerIdentity, allowed: bool, denial_error: Option<&DashboardError>, denial_control_point: &str, is_high_risk: bool, ) -> Result<(), DashboardError>
Writes an audit record after dispatch (C7).
Returns Ok(()) on success or Err(DashboardError) when the audit
backend is unwritable. The caller should fail closed for high-risk
commands.
When is_high_risk is true and the configured failure strategy is
fail_closed, any backend write error is propagated so the caller
can reject the command. When defer_bounded, errors are logged but
not propagated.
§Arguments
method: IPC method name.peer_identity: Peer identity snapshot.allowed: Whether the request was allowed.denial_error: The denial error if denied.denial_control_point: Which control point denied (C1-C9 or “dispatch”).is_high_risk: Whether this is a high-risk command (e.g. restart, shutdown).
§Returns
Returns Ok(()) when the audit record was written, or
Err(DashboardError) when the backend is unwritable and the
failure strategy requires fail-closed.
Auto Trait Implementations§
impl Freeze for IpcSecurityPipeline
impl RefUnwindSafe for IpcSecurityPipeline
impl Send for IpcSecurityPipeline
impl Sync for IpcSecurityPipeline
impl Unpin for IpcSecurityPipeline
impl UnsafeUnpin for IpcSecurityPipeline
impl UnwindSafe for IpcSecurityPipeline
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> Instrument for T
impl<T> Instrument for T
Source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
Source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
Source§impl<T> Paint for Twhere
T: ?Sized,
impl<T> Paint for Twhere
T: ?Sized,
Source§fn fg(&self, value: Color) -> Painted<&T>
fn fg(&self, value: Color) -> Painted<&T>
Returns a styled value derived from self with the foreground set to
value.
This method should be used rarely. Instead, prefer to use color-specific
builder methods like red() and
green(), which have the same functionality but are
pithier.
§Example
Set foreground color to white using fg():
use yansi::{Paint, Color};
painted.fg(Color::White);Set foreground color to white using white().
use yansi::Paint;
painted.white();Source§fn bright_black(&self) -> Painted<&T>
fn bright_black(&self) -> Painted<&T>
Source§fn bright_red(&self) -> Painted<&T>
fn bright_red(&self) -> Painted<&T>
Source§fn bright_green(&self) -> Painted<&T>
fn bright_green(&self) -> Painted<&T>
Source§fn bright_yellow(&self) -> Painted<&T>
fn bright_yellow(&self) -> Painted<&T>
Source§fn bright_blue(&self) -> Painted<&T>
fn bright_blue(&self) -> Painted<&T>
Source§fn bright_magenta(&self) -> Painted<&T>
fn bright_magenta(&self) -> Painted<&T>
Source§fn bright_cyan(&self) -> Painted<&T>
fn bright_cyan(&self) -> Painted<&T>
Source§fn bright_white(&self) -> Painted<&T>
fn bright_white(&self) -> Painted<&T>
Source§fn bg(&self, value: Color) -> Painted<&T>
fn bg(&self, value: Color) -> Painted<&T>
Returns a styled value derived from self with the background set to
value.
This method should be used rarely. Instead, prefer to use color-specific
builder methods like on_red() and
on_green(), which have the same functionality but
are pithier.
§Example
Set background color to red using fg():
use yansi::{Paint, Color};
painted.bg(Color::Red);Set background color to red using on_red().
use yansi::Paint;
painted.on_red();Source§fn on_primary(&self) -> Painted<&T>
fn on_primary(&self) -> Painted<&T>
Source§fn on_magenta(&self) -> Painted<&T>
fn on_magenta(&self) -> Painted<&T>
Source§fn on_bright_black(&self) -> Painted<&T>
fn on_bright_black(&self) -> Painted<&T>
Source§fn on_bright_red(&self) -> Painted<&T>
fn on_bright_red(&self) -> Painted<&T>
Source§fn on_bright_green(&self) -> Painted<&T>
fn on_bright_green(&self) -> Painted<&T>
Source§fn on_bright_yellow(&self) -> Painted<&T>
fn on_bright_yellow(&self) -> Painted<&T>
Source§fn on_bright_blue(&self) -> Painted<&T>
fn on_bright_blue(&self) -> Painted<&T>
Source§fn on_bright_magenta(&self) -> Painted<&T>
fn on_bright_magenta(&self) -> Painted<&T>
Source§fn on_bright_cyan(&self) -> Painted<&T>
fn on_bright_cyan(&self) -> Painted<&T>
Source§fn on_bright_white(&self) -> Painted<&T>
fn on_bright_white(&self) -> Painted<&T>
Source§fn attr(&self, value: Attribute) -> Painted<&T>
fn attr(&self, value: Attribute) -> Painted<&T>
Enables the styling Attribute value.
This method should be used rarely. Instead, prefer to use
attribute-specific builder methods like bold() and
underline(), which have the same functionality
but are pithier.
§Example
Make text bold using attr():
use yansi::{Paint, Attribute};
painted.attr(Attribute::Bold);Make text bold using using bold().
use yansi::Paint;
painted.bold();Source§fn rapid_blink(&self) -> Painted<&T>
fn rapid_blink(&self) -> Painted<&T>
Source§fn quirk(&self, value: Quirk) -> Painted<&T>
fn quirk(&self, value: Quirk) -> Painted<&T>
Enables the yansi Quirk value.
This method should be used rarely. Instead, prefer to use quirk-specific
builder methods like mask() and
wrap(), which have the same functionality but are
pithier.
§Example
Enable wrapping using .quirk():
use yansi::{Paint, Quirk};
painted.quirk(Quirk::Wrap);Enable wrapping using wrap().
use yansi::Paint;
painted.wrap();Source§fn clear(&self) -> Painted<&T>
👎Deprecated since 1.0.1: renamed to resetting() due to conflicts with Vec::clear().
The clear() method will be removed in a future release.
fn clear(&self) -> Painted<&T>
renamed to resetting() due to conflicts with Vec::clear().
The clear() method will be removed in a future release.
Source§fn whenever(&self, value: Condition) -> Painted<&T>
fn whenever(&self, value: Condition) -> Painted<&T>
Conditionally enable styling based on whether the Condition value
applies. Replaces any previous condition.
See the crate level docs for more details.
§Example
Enable styling painted only when both stdout and stderr are TTYs:
use yansi::{Paint, Condition};
painted.red().on_yellow().whenever(Condition::STDOUTERR_ARE_TTY);