policy
Module: policy
Section titled “Module: policy”Contents
Section titled “Contents”Structs
PolicyBundle- Policy bundle containing Cedar policies and entity schema.
Enums
EvaluationError- Errors from policy evaluation operations.
Traits
PolicyBundleStore- Load and manage policy bundles.PolicyEvaluator- Evaluate policy rules against an execution context.
firma_core::policy::EvaluationError
Section titled “firma_core::policy::EvaluationError”Enum
Errors from policy evaluation operations.
Variants:
PolicyLoadFailure{ reason: String }- Policy bundle could not be loaded.ContextBuildFailure{ reason: String }- Execution context could not be built from the envelope.InternalError{ reason: String }- Internal evaluation error.
Traits: Error
Trait Implementations:
- Debug
fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result
- Display
fn fmt(self: &Self, __formatter: & mut ::core::fmt::Formatter) -> ::core::fmt::Result
firma_core::policy::PolicyBundle
Section titled “firma_core::policy::PolicyBundle”Struct
Policy bundle containing Cedar policies and entity schema.
Created by the Authority when loading policies from disk, and distributed
to Sidecars via WatchPolicyBundle streaming. The version field is a
hex-encoded SHA-256 hash of the concatenated policy + schema bytes,
enabling cheap equality checks for deduplication.
Fields:
version: String- Bundle version identifier (hex SHA-256 of policies + schema).policies: Vec<u8>- Raw Cedar policy source (concatenated.cedarfiles).entity_schema: Vec<u8>- Raw Cedar entity schema bytes.ttl_seconds: u32- Time-to-live in seconds. Sidecars enter fail-closed when stale.
Methods:
fn new(version: String, policies: Vec<u8>, entity_schema: Vec<u8>, ttl_seconds: u32) -> Self- Create a newPolicyBundle.
Trait Implementations:
- Clone
fn clone(self: &Self) -> PolicyBundle
- Debug
fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result
firma_core::policy::PolicyBundleStore
Section titled “firma_core::policy::PolicyBundleStore”Trait
Load and manage policy bundles.
Implementations handle storage, caching, and TTL management.
Methods:
load_bundle: Load the current policy bundle from storage/cache.get_version: Return the current bundle version ID, if known.is_fresh: Whether the bundle TTL is still valid.
firma_core::policy::PolicyEvaluator
Section titled “firma_core::policy::PolicyEvaluator”Trait
Evaluate policy rules against an execution context.
No Cedar dependency — this is a contract that Cedar implementations fulfill in later intents (005/006).
Methods:
evaluate: Evaluate the policy against the given context and return a decision.