Struct Statement

pub struct Statement { /* private fields */ }

An Aspen policy statement.

Statement structs are immutable after creation. They can be created using the StatementBuilder.

Implementations

impl Statement

pub fn builder() -> StatementBuilder

Create a new StatementBuilder for building a Statement.

pub fn sid(&self) -> Option<&str>

Returns the user-provided statement id if provided, else None.

pub fn effect(&self) -> &Effect

Returns the effect of the statement (allow or deny).

pub fn action(&self) -> Option<&ActionList>

Returns the list of actions this statement applies to if provided, else None.

pub fn not_action(&self) -> Option<&ActionList>

Returns the list of actions this statement does not apply to if provided, else None.

pub fn resource(&self) -> Option<&ResourceList>

Returns the list of resources this statement applies to if provided, else None.

pub fn not_resource(&self) -> Option<&ResourceList>

Returns the list of resources this statement does not apply to if provided, else None.

pub fn principal(&self) -> Option<&Principal>

Returns the list of principals this statement applies to if provided, else None.

pub fn not_principal(&self) -> Option<&Principal>

Returns the list of principals this statement does not apply to if provided, else None.

pub fn condition(&self) -> Option<&Condition>

Returns the conditions that must be met for this statement to apply if provided, else None.

pub fn evaluate( &self, context: &Context, pv: PolicyVersion, ) -> Result<Decision, AspenError>

Evaluate this statement against the specified request Context, using the PolicyVersion to perform variable substitution.

Example

let actor = Principal::from(vec![User::from_str("arn:aws:iam::123456789012:user/exampleuser").unwrap().into()]);
let s3_object_arn = Arn::from_str("arn:aws:s3:::examplebucket/exampleuser/my-object").unwrap();
let resources = vec![s3_object_arn.clone()];
let session_data = SessionData::from([("aws:username", SessionValue::from("exampleuser"))]);
let context = Context::builder()
    .service("s3").api("GetObject").actor(actor.clone()).resources(resources.clone())
    .session_data(session_data.clone()).build().unwrap();
let statement = Statement::builder().effect(Effect::Allow).action(vec![Action::new("s3", "Get*").unwrap()])
    .resource(Resource::Any).build().unwrap();
assert_eq!(statement.evaluate(&context, PolicyVersion::V2012_10_17).unwrap(), Decision::Allow);

let context = Context::builder()
    .service("s3").api("PutObject").actor(actor).resources(resources)
    .session_data(session_data).build().unwrap();
assert_eq!(statement.evaluate(&context, PolicyVersion::V2012_10_17).unwrap(), Decision::DefaultDeny);

Trait Implementations

impl Clone for Statement

fn clone(&self) -> Statement

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Statement

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for Statement

fn deserialize<D: Deserializer<'de>>(deserializer: D) -> Result<Self, D::Error>

Deserialize this value from the given Serde deserializer.

impl Display for Statement

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl FromStr for Statement

type Err = Error

The associated error which can be returned from parsing.

fn from_str(s: &str) -> Result<Self, Self::Err>

Parses a string s to return a value of this type.

impl PartialEq for Statement

fn eq(&self, other: &Statement) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for Statement

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Eq for Statement

impl StructuralPartialEq for Statement