pub struct AuthorityContract {
pub name: String,
pub profile: Option<String>,
pub namespace: Option<String>,
pub access_profile: RbacProfile,
pub allow_all_secrets: bool,
pub allowed_secrets: Vec<String>,
pub required_secrets: Vec<String>,
pub allowed_targets: Vec<String>,
pub trust: AuthorityTrust,
pub network: AuthorityNetworkPolicy,
}Expand description
A validated named authority contract.
Fields§
§name: String§profile: Option<String>§namespace: Option<String>§access_profile: RbacProfile§allow_all_secrets: bool§allowed_secrets: Vec<String>§required_secrets: Vec<String>§allowed_targets: Vec<String>§trust: AuthorityTrust§network: AuthorityNetworkPolicyImplementations§
Source§impl AuthorityContract
impl AuthorityContract
Sourcepub fn resolved_exec_policy(&self) -> ResolvedAuthorityPolicy
pub fn resolved_exec_policy(&self) -> ResolvedAuthorityPolicy
Resolve the trust posture into a concrete exec policy.
Sourcepub fn requires_zero_secrets(&self) -> bool
pub fn requires_zero_secrets(&self) -> bool
Return whether this contract requires no secret names.
Sourcepub fn injects_zero_secrets(&self) -> bool
pub fn injects_zero_secrets(&self) -> bool
Return whether this contract’s secret policy permits no injection.
An omitted allowed_secrets field compiles to allow_all_secrets, so
it is not the same as an explicit empty allowlist.
Sourcepub fn is_no_secret_diagnostic_contract(&self) -> bool
pub fn is_no_secret_diagnostic_contract(&self) -> bool
Return whether this contract has the conservative no-secret diagnostic shape used until the schema grows an explicit diagnostic marker.
Sourcepub fn allows_target(&self, command: &str) -> bool
pub fn allows_target(&self, command: &str) -> bool
Return whether this contract allows the given execution target.
Targets are matched exactly against the provided string and, when that string is a path, also against the basename. An empty target allowlist means “no target restriction yet”.
Sourcepub fn evaluate_target(
&self,
command: Option<&str>,
) -> AuthorityTargetEvaluation
pub fn evaluate_target( &self, command: Option<&str>, ) -> AuthorityTargetEvaluation
Evaluate a target command against this contract’s allowlist.
The result is explicit and auditable: higher layers can tell whether a command was allowed by exact match, basename match, lack of restriction, or denied outright.
Trait Implementations§
Source§impl Clone for AuthorityContract
impl Clone for AuthorityContract
Source§fn clone(&self) -> AuthorityContract
fn clone(&self) -> AuthorityContract
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read moreSource§impl Debug for AuthorityContract
impl Debug for AuthorityContract
impl Eq for AuthorityContract
Source§impl PartialEq for AuthorityContract
impl PartialEq for AuthorityContract
Source§fn eq(&self, other: &AuthorityContract) -> bool
fn eq(&self, other: &AuthorityContract) -> bool
self and other values to be equal, and is used by ==.impl StructuralPartialEq for AuthorityContract
Auto Trait Implementations§
impl Freeze for AuthorityContract
impl RefUnwindSafe for AuthorityContract
impl Send for AuthorityContract
impl Sync for AuthorityContract
impl Unpin for AuthorityContract
impl UnsafeUnpin for AuthorityContract
impl UnwindSafe for AuthorityContract
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
key and return true if they are equal.