Struct scratchstack_aspen::Statement

pub struct Statement { /* private fields */ }

Expand description

An Aspen policy statement.

Statement structs are immutable after creation. They can be created using the StatementBuilder.

Implementations§

impl Statement

pub fn builder() -> StatementBuilder

Create a new StatementBuilder for building a Statement.

pub fn sid(&self) -> Option<&str>

Returns the user-provided statement id if provided, else None.

pub fn effect(&self) -> &Effect

Returns the effect of the statement (allow or deny).

pub fn action(&self) -> Option<&ActionList>

Returns the list of actions this statement applies to if provided, else None.

pub fn not_action(&self) -> Option<&ActionList>

Returns the list of actions this statement does not apply to if provided, else None.

pub fn resource(&self) -> Option<&ResourceList>

Returns the list of resources this statement applies to if provided, else None.

pub fn not_resource(&self) -> Option<&ResourceList>

Returns the list of resources this statement does not apply to if provided, else None.

pub fn principal(&self) -> Option<&Principal>

Returns the list of principals this statement applies to if provided, else None.

pub fn not_principal(&self) -> Option<&Principal>

Returns the list of principals this statement does not apply to if provided, else None.

pub fn condition(&self) -> Option<&Condition>

Returns the conditions that must be met for this statement to apply if provided, else None.

pub fn evaluate(
    &self,
    context: &Context,
    pv: PolicyVersion
) -> Result<Decision, AspenError>

Evaluate this statement against the specified request Context, using the PolicyVersion to perform variable substitution.

Example

let actor = Principal::from(vec![User::from_str("arn:aws:iam::123456789012:user/exampleuser").unwrap().into()]);
let s3_object_arn = Arn::from_str("arn:aws:s3:::examplebucket/exampleuser/my-object").unwrap();
let resources = vec![s3_object_arn.clone()];
let session_data = SessionData::from([("aws:username", SessionValue::from("exampleuser"))]);
let context = Context::builder()
    .service("s3").api("GetObject").actor(actor.clone()).resources(resources.clone())
    .session_data(session_data.clone()).build().unwrap();
let statement = Statement::builder().effect(Effect::Allow).action(vec![Action::new("s3", "Get*").unwrap()])
    .resource(Resource::Any).build().unwrap();
assert_eq!(statement.evaluate(&context, PolicyVersion::V2012_10_17).unwrap(), Decision::Allow);

let context = Context::builder()
    .service("s3").api("PutObject").actor(actor).resources(resources)
    .session_data(session_data).build().unwrap();
assert_eq!(statement.evaluate(&context, PolicyVersion::V2012_10_17).unwrap(), Decision::DefaultDeny);

Trait Implementations§

impl Clone for Statement

fn clone(&self) -> Statement

Returns a copy of the value. Read more

1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for Statement

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl<'de> Deserialize<'de> for Statement

fn deserialize<D: Deserializer<'de>>(deserializer: D) -> Result<Self, D::Error>

Deserialize this value from the given Serde deserializer. Read more

impl Display for Statement

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl FromStr for Statement

type Err = Error

The associated error which can be returned from parsing.

fn from_str(s: &str) -> Result<Self, Self::Err>

Parses a string s to return a value of this type. Read more

impl PartialEq<Statement> for Statement

fn eq(&self, other: &Statement) -> bool

This method tests for self and other values to be equal, and is used by ==.

1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for Statement

fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>where
S: Serializer,

Serialize this value into the given Serde serializer. Read more

impl Eq for Statement

impl StructuralEq for Statement

impl StructuralPartialEq for Statement

Auto Trait Implementations§

impl RefUnwindSafe for Statement

impl Send for Statement

impl Sync for Statement

impl Unpin for Statement

impl UnwindSafe for Statement

Blanket Implementations§

impl<T> Any for Twhere
T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for Twhere
T: ?Sized,

const: unstable · source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for Twhere
T: ?Sized,

const: unstable · source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

const: unstable · source§

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for Twhere
U: From<T>,

const: unstable · source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> ToOwned for Twhere
T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T> ToString for Twhere
T: Display + ?Sized,

default fn to_string(&self) -> String

Converts the given value to a String. Read more

impl<T, U> TryFrom<U> for Twhere
U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

const: unstable · source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for Twhere
U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

const: unstable · source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<T> DeserializeOwned for Twhere
T: for<'de> Deserialize<'de>,