diem_secure_storage/
policy.rs

1// Copyright (c) The Diem Core Contributors
2// SPDX-License-Identifier: Apache-2.0
3
4// Copyright 2021 Conflux Foundation. All rights reserved.
5// Conflux is free software and distributed under GNU General Public License.
6// See http://www.gnu.org/licenses/
7
8use serde::{Deserialize, Serialize};
9
10/// Dictates a set of permissions
11#[derive(Debug, Default, Deserialize, PartialEq, Serialize)]
12pub struct Policy {
13    pub permissions: Vec<Permission>,
14}
15
16impl Policy {
17    pub fn new(permissions: Vec<Permission>) -> Self { Self { permissions } }
18
19    pub fn public() -> Self {
20        Self::new(vec![Permission::new(
21            Identity::Anyone,
22            vec![Capability::Read, Capability::Write],
23        )])
24    }
25}
26
27/// Maps an identity to a set of capabilities
28#[derive(Debug, Deserialize, PartialEq, Serialize)]
29pub struct Permission {
30    pub id: Identity,
31    pub capabilities: Vec<Capability>,
32}
33
34impl Permission {
35    pub fn new(id: Identity, capabilities: Vec<Capability>) -> Self {
36        Self { id, capabilities }
37    }
38}
39
40/// Id represents a Diem internal identifier for a given process. For example,
41/// safety_rules or key_manager. It is up to the Storage and its deployment to
42/// translate these identifiers into verifiable material. For example, the
43/// process running safety_rules may have a token that is intended for only
44/// safety_rules to own. The specifics are left to the implementation of the
45/// storage backend interface layer.
46#[derive(Debug, Deserialize, PartialEq, Serialize)]
47pub enum Identity {
48    User(String),
49    Anyone,
50    NoOne,
51}
52
53/// Represents actions
54#[derive(Debug, Deserialize, PartialEq, Serialize)]
55pub enum Capability {
56    Export,
57    Read,
58    Rotate,
59    Sign,
60    Write,
61}
diem_secure_storage/policy.rs

diem_secure_storage/
policy.rs
