Struct scratchstack_aspen::Statement
source · pub struct Statement { /* private fields */ }
Expand description
An Aspen policy statement.
Statement structs are immutable after creation. They can be created using the StatementBuilder.
Implementations§
source§impl Statement
impl Statement
sourcepub fn builder() -> StatementBuilder
pub fn builder() -> StatementBuilder
Create a new StatementBuilder for building a Statement.
sourcepub fn sid(&self) -> Option<&str>
pub fn sid(&self) -> Option<&str>
Returns the user-provided statement id if provided, else None
.
sourcepub fn action(&self) -> Option<&ActionList>
pub fn action(&self) -> Option<&ActionList>
Returns the list of actions this statement applies to if provided, else None
.
sourcepub fn not_action(&self) -> Option<&ActionList>
pub fn not_action(&self) -> Option<&ActionList>
Returns the list of actions this statement does not apply to if provided, else None
.
sourcepub fn resource(&self) -> Option<&ResourceList>
pub fn resource(&self) -> Option<&ResourceList>
Returns the list of resources this statement applies to if provided, else None
.
sourcepub fn not_resource(&self) -> Option<&ResourceList>
pub fn not_resource(&self) -> Option<&ResourceList>
Returns the list of resources this statement does not apply to if provided, else None
.
sourcepub fn principal(&self) -> Option<&Principal>
pub fn principal(&self) -> Option<&Principal>
Returns the list of principals this statement applies to if provided, else None
.
sourcepub fn not_principal(&self) -> Option<&Principal>
pub fn not_principal(&self) -> Option<&Principal>
Returns the list of principals this statement does not apply to if provided, else None
.
sourcepub fn condition(&self) -> Option<&Condition>
pub fn condition(&self) -> Option<&Condition>
Returns the conditions that must be met for this statement to apply if provided, else None
.
sourcepub fn evaluate(
&self,
context: &Context,
pv: PolicyVersion
) -> Result<Decision, AspenError>
pub fn evaluate(
&self,
context: &Context,
pv: PolicyVersion
) -> Result<Decision, AspenError>
Evaluate this statement against the specified request Context, using the PolicyVersion to perform variable substitution.
Example
let actor = Principal::from(vec![User::from_str("arn:aws:iam::123456789012:user/exampleuser").unwrap().into()]);
let s3_object_arn = Arn::from_str("arn:aws:s3:::examplebucket/exampleuser/my-object").unwrap();
let resources = vec![s3_object_arn.clone()];
let session_data = SessionData::from([("aws:username", SessionValue::from("exampleuser"))]);
let context = Context::builder()
.service("s3").api("GetObject").actor(actor.clone()).resources(resources.clone())
.session_data(session_data.clone()).build().unwrap();
let statement = Statement::builder().effect(Effect::Allow).action(vec![Action::new("s3", "Get*").unwrap()])
.resource(Resource::Any).build().unwrap();
assert_eq!(statement.evaluate(&context, PolicyVersion::V2012_10_17).unwrap(), Decision::Allow);
let context = Context::builder()
.service("s3").api("PutObject").actor(actor).resources(resources)
.session_data(session_data).build().unwrap();
assert_eq!(statement.evaluate(&context, PolicyVersion::V2012_10_17).unwrap(), Decision::DefaultDeny);