Skip to main content

DecisionCache

vellaveto_engine::cache

Struct DecisionCache 

Source 
pub struct DecisionCache { /* private fields */ }
Expand description

LRU decision cache for policy evaluation results.

Thread-safe via RwLock. Lock poisoning is handled fail-closed (cache miss on read, no-op on write).

Implementations§

Source§

impl DecisionCache

Source

pub fn new(max_entries: usize, ttl: Duration) -> Self

Create a new decision cache.

§Arguments
  • max_entries — Maximum number of cached verdicts. Clamped to [1, MAX_CACHE_ENTRIES].
  • ttl — Time-to-live for each entry. Clamped to [MIN_TTL_SECS, MAX_TTL_SECS] seconds.
Source

pub fn get_with_risk( &self, action: &Action, context: Option<&EvaluationContext>, has_risk_score: bool, ) -> Option<Verdict>

Look up a cached verdict for the given action and optional context.

Returns None (cache miss) if:

  • The context is session-dependent (non-cacheable)
  • A risk score is present (dynamic continuous authorization)
  • No entry exists for this action
  • The entry’s TTL has expired
  • The entry’s policy generation is stale
  • The internal lock is poisoned (fail-closed)
§Arguments
  • has_risk_score — Set to true when the request context carries a risk score from continuous authorization. This forces a cache miss because the ABAC verdict depends on the current risk score.
Source

pub fn get( &self, action: &Action, context: Option<&EvaluationContext>, ) -> Option<Verdict>

Look up a cached verdict (backward-compatible, assumes no risk score).

Equivalent to get_with_risk(action, context, false).

Source

pub fn insert_with_risk( &self, action: &Action, context: Option<&EvaluationContext>, verdict: &Verdict, has_risk_score: bool, )

Insert a verdict into the cache for the given action.

If the context is session-dependent or a risk score is present, this is a no-op (the result should not be cached). If the cache is at capacity, the least-recently-used entry is evicted.

No-op if the internal lock is poisoned (fail-closed: we do not serve stale data from a potentially corrupted map).

§Arguments
  • has_risk_score — Set to true when the request context carries a risk score from continuous authorization.
Source

pub fn insert( &self, action: &Action, context: Option<&EvaluationContext>, verdict: &Verdict, )

Insert a verdict (backward-compatible, assumes no risk score).

Equivalent to insert_with_risk(action, context, verdict, false).

Source

pub fn invalidate(&self)

Invalidate all cached entries by bumping the policy generation counter.

Existing entries remain in memory but will be treated as stale on the next get call. This is O(1) — no iteration required.

Source

pub fn stats(&self) -> CacheStats

Return aggregate cache performance statistics.

Source

pub fn len(&self) -> usize

Return the number of entries currently in the cache.

Returns 0 if the lock is poisoned (fail-closed).

Source

pub fn is_empty(&self) -> bool

Returns true if the cache contains no entries.

Returns true if the lock is poisoned (fail-closed).

Trait Implementations§

Source§

impl Debug for DecisionCache

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more