trace2e_core::traceability::core::compliance

Struct Policy

Source 
pub struct Policy { /* private fields */ }
Expand description

Policy for a resource that controls compliance checking for data flows.

A Policy combines multiple dimensions of access control and resource management to determine whether data flows involving a resource should be permitted.

§Fields

  • confidentiality: Controls whether the resource contains sensitive data
  • integrity: Numeric trust level (0 = lowest, higher = more trusted)
  • deleted: Tracks deletion status through a multi-phase process
  • consent: WIP…

§Policy Evaluation

When evaluating flows between resources, policies are checked to ensure:

  1. No deleted resources are involved
  2. Integrity levels are compatible (source >= destination)
  3. Confidentiality is preserved (secret data doesn’t leak to public)
  4. All parties have given consent

This policy is used to check the compliance of input/output flows of the associated resource.

Implementations§

Source§

impl Policy

Source

pub fn new( confidentiality: ConfidentialityPolicy, integrity: u32, deleted: DeletionPolicy, consent: bool, ) -> Self

Creates a new policy with the specified parameters.

§Arguments
  • confidentiality - The confidentiality level for the resource
  • integrity - The integrity level (0 = lowest, higher = more trusted)
  • deleted - The deletion status
  • consent - Whether the resource owner consent is required for flows
Source

pub fn is_confidential(&self) -> bool

Returns true if the resource contains confidential data.

This is a convenience method that checks if the confidentiality policy is set to Secret.

Source

pub fn is_deleted(&self) -> bool

Returns true if the resource is deleted or pending deletion.

Resources that are deleted cannot participate in data flows.

Source

pub fn is_pending_deletion(&self) -> bool

Returns true if the resource is pending deletion.

This indicates the resource has been marked for deletion but hasn’t been fully removed yet.

Source

pub fn get_integrity(&self) -> u32

Returns the integrity level of the resource.

Higher values indicate more trusted data. For flows to be permitted, the source integrity must be greater than or equal to the destination integrity.

Returns true if the resource owner has given consent for flows.

When consent is false, flows involving this resource should be denied.

Updates the consent flag for this policy.

Returns PolicyUpdated if the consent was successfully changed, or PolicyNotUpdated if the resource is deleted and cannot be modified.

Source

pub fn with_integrity(&mut self, integrity: u32) -> ComplianceResponse

Updates the integrity level for this policy.

Returns PolicyUpdated if the integrity was successfully changed, or PolicyNotUpdated if the resource is deleted and cannot be modified.

§Arguments
  • integrity - The new integrity level
Source

pub fn with_confidentiality( &mut self, confidentiality: ConfidentialityPolicy, ) -> ComplianceResponse

Updates the confidentiality level for this policy.

Returns PolicyUpdated if the confidentiality was successfully changed, or PolicyNotUpdated if the resource is deleted and cannot be modified.

§Arguments
  • confidentiality - The new confidentiality level
Source

pub fn deleted(&mut self) -> ComplianceResponse

Marks the resource for deletion.

This transitions the resource from NotDeleted to Pending deletion status. Once marked for deletion, the policy cannot be further modified.

Returns PolicyUpdated if the deletion was successfully marked as pending, or PolicyNotUpdated if the resource is already deleted or pending deletion.

Source

pub fn deletion_enforced(&mut self) -> ComplianceResponse

Marks the deletion as enforced for a resource that is pending deletion.

This transitions the resource from Pending to Deleted status. This method should be called after the actual deletion has been performed.

Returns PolicyUpdated if the deletion was successfully marked, or PolicyNotUpdated if the resource is not pending deletion.

Trait Implementations§

Source§

impl Clone for Policy

Source§

fn clone(&self) -> Policy

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Policy

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for Policy

Source§

fn default() -> Self

Returns the “default value” for a type. Read more
Source§

impl From<Policy> for DestinationCompliance

Converts internal Policy to Protocol Buffer DestinationCompliance response.

Source§

fn from(policy: Policy) -> Self

Converts to this type from the input type.
Source§

impl From<Policy> for Policy

Source§

fn from(policy: Policy) -> Self

Converts to this type from the input type.
Source§

impl From<Policy> for Policy

Source§

fn from(proto_policy: Policy) -> Self

Converts to this type from the input type.
Source§

impl PartialEq for Policy

Source§

fn eq(&self, other: &Policy) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Eq for Policy

Source§

impl StructuralPartialEq for Policy

Auto Trait Implementations§

§

impl Freeze for Policy

§

impl RefUnwindSafe for Policy

§

impl Send for Policy

§

impl Sync for Policy

§

impl Unpin for Policy

§

impl UnwindSafe for Policy

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> FromRef<T> for T
where T: Clone,

§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
§

impl<T> IntoRequest<T> for T

§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
§

impl<L> LayerExt<L> for L

§

fn named_layer<S>(&self, service: S) -> Layered<<L as Layer<S>>::Service, S>
where L: Layer<S>,

Applies the layer to a service and wraps it in [Layered].
§

impl<T> Pointable for T

§

const ALIGN: usize

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more