cedar_evaluator

Module: enforcement::cedar_evaluator

Contents

Structs

• CedarPolicyEvaluator - Concrete Cedar policy evaluator for Sidecar Stage 2.

Enums

• CedarEvaluatorError - Errors produced by Cedar policy loading and evaluation.

---

firma_sidecar::enforcement::cedar_evaluator::CedarEvaluatorError

Enum

Errors produced by Cedar policy loading and evaluation.

Variants:

• InvalidUtf8(std::str::Utf8Error)
• EmptyPolicies
• MissingSchema
• PolicyParse(cedar_policy::ParseErrors)
• SchemaParse(Box<cedar_policy::HumanSchemaError>)
• EntityUidParse(cedar_policy::ParseErrors)
• ContextBuild(Box<cedar_policy::ContextJsonError>)
• RequestBuild(Box<dyn std::error::Error>) - cedar_policy::RequestValidationError is intentionally not re-exported

Trait Implementations:

• Debug
  • fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result
• From
  • fn from(source: std::str::Utf8Error) -> Self
• Error
  • fn source(self: &Self) -> ::core::option::Option<&dyn ::thiserror::__private18::Error>
• Display
  • fn fmt(self: &Self, __formatter: & mut ::core::fmt::Formatter) -> ::core::fmt::Result

firma_sidecar::enforcement::cedar_evaluator::CedarPolicyEvaluator

Struct

Concrete Cedar policy evaluator for Sidecar Stage 2.

Constructed from a [PolicyBundle] received from the Authority via WatchPolicyBundle. Tracks freshness against the bundle’s ttl_seconds and evaluates Cedar policies schema-lessly.

Methods:

• fn from_bundle(bundle: &PolicyBundle) -> Result<Self, CedarEvaluatorError> - Construct from a [PolicyBundle] received from the Authority.

Trait Implementations:

• PolicyEvaluation
  • fn evaluate(self: &Self, principal: &AgentId, action: &str, resource: &str, context: &serde_json::Value) -> Result<bool, String> - Evaluate Cedar policies for the given principal, action, and resource.
  • fn is_fresh(self: &Self) -> bool
  • fn version(self: &Self) -> Option<String>
• Debug
  • fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result