cedar
Module: cedar
Section titled “Module: cedar”Contents
Section titled “Contents”Enums
FirmaEntityUid- A typed Cedar entity UID in theFirmanamespace.
Functions
validate_policies- Strictly validate a parsed Cedar policy set against a schema.
Constants
FIRMA_SCHEMA- Canonical Firma Cedar schema, embedded at compile time.
firma_core::cedar::FIRMA_SCHEMA
Section titled “firma_core::cedar::FIRMA_SCHEMA”Constant: &str
Canonical Firma Cedar schema, embedded at compile time.
This is the single source of truth for the Cedar schema shared between the
Authority (issuance) and the Sidecar (enforcement). Operators who extend
the action registry can override the schema at runtime by configuring an
explicit schema_path in the Authority config.
firma_core::cedar::FirmaEntityUid
Section titled “firma_core::cedar::FirmaEntityUid”Enum
A typed Cedar entity UID in the Firma namespace.
Variants:
Agent(crate::agent::AgentId)Action(String)Resource(String)
Trait Implementations:
- Clone
fn clone(self: &Self) -> FirmaEntityUid
- Debug
fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result
firma_core::cedar::validate_policies
Section titled “firma_core::cedar::validate_policies”Function
Strictly validate a parsed Cedar policy set against a schema.
Runs Cedar’s strict validation and returns every validation error as a
human-readable string. An empty policy set is valid. The Authority’s bundle
loader calls this to fail closed on an invalid bundle, applying the same
strict-validation contract that the offline firma policy validate CLI
enforces (the CLI runs the equivalent strict check separately so it can
render located miette diagnostics).
Errors
Section titled “Errors”Returns Err(messages) with one entry per validation error when the policy
set does not strictly type-check against schema. Validation warnings are
not treated as errors.
fn validate_policies(policies: &cedar_policy::PolicySet, schema: &cedar_policy::Schema) -> Result<(), Vec<String>>