Struct scratchstack_aspen::ResourceArn

source · 
pub struct ResourceArn { /* private fields */ }
Expand description

An Amazon Resource Name (ARN) statement in an IAM Aspen policy.

This is used to match scratchstack_arn::Arn objects from a resource statement in the IAM Aspen policy language. For example, an ResourceArn created from arn:aws*:ec2:us-*-?:123456789012:instance/i-* would match the following Arn objects:

  • arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0
  • arn:aws-us-gov:ec2:us-west-2:123456789012:instance/i-1234567890abcdef0

Patterns are similar to glob statements with a few differences:

  • The * character matches any number of characters, including none, within a single segment of the ARN.
  • The ? character matches any single character within a single segment of the ARN.

ResourceArn objects are immutable.

Implementations§

Create a new ARN pattern from the specified components.

  • partition - The partition the resource is in.
  • service - The service the resource belongs to.
  • region - The region the resource is in.
  • account_id - The account ID the resource belongs to.
  • resource - The resource name.

Retrieve the partition string pattern.

Retrieve the service string pattern.

Retrieve the region string pattern.

Retrieve the account ID string pattern.

Retrieve the resource name string pattern.

Indicates whether this ResourceArn matches the candidate Arn, given the request Context ad using variable substitution rules according to the specified PolicyVersion.

Example
let actor = Principal::from(vec![User::from_str("arn:aws:iam::123456789012:user/exampleuser").unwrap().into()]);
let s3_object_arn = Arn::from_str("arn:aws:s3:::examplebucket/exampleuser/my-object").unwrap();
let resources = vec![s3_object_arn.clone()];
let session_data = SessionData::from([("aws:username", SessionValue::from("exampleuser"))]);
let context = Context::builder()
    .service("s3").api("GetObject").actor(actor).resources(resources)
    .session_data(session_data).build().unwrap();
let resource_arn = ResourceArn::new("aws", "s3", "", "", "examplebucket/${aws:username}/*");
assert!(resource_arn.matches(&context, PolicyVersion::V2012_10_17, &s3_object_arn).unwrap());

let bad_s3_object_arn = Arn::from_str("arn:aws:s3:::examplebucket/other-user/object").unwrap();
assert!(!resource_arn.matches(&context, PolicyVersion::V2012_10_17, &bad_s3_object_arn).unwrap());

Trait Implementations§

Returns a copy of the value. Read more
Performs copy-assignment from source. Read more
Formats the value using the given formatter. Read more
Formats the value using the given formatter. Read more

Create an ResourceArn from a string.

The associated error which can be returned from parsing.
Feeds this value into the given Hasher. Read more
Feeds a slice of this type into the given Hasher. Read more
This method tests for self and other values to be equal, and is used by ==.
This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

Auto Trait Implementations§

Blanket Implementations§

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

The resulting type after obtaining ownership.
Creates owned data from borrowed data, usually by cloning. Read more
Uses borrowed data to replace owned data, usually by cloning. Read more
Converts the given value to a String. Read more
The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.