Crate core_policy

Crate core_policy 

Source
Expand description

§mesh-policy-core

Pure RBAC/ABAC policy engine with zero dependencies on crypto or network layers.

This crate provides the core domain logic for authorization policies, including:

  • Policy rules and evaluation
  • Resource path matching
  • Role-Based Access Control (RBAC)
  • Attribute-Based Access Control (ABAC)

§Security

  • T20 Mitigation: Strict limits on policy size to prevent algorithmic DoS
    • MAX_RULES_PER_POLICY = 1024
    • MAX_RESOURCE_PATTERN_LENGTH = 256

Re-exports§

pub use authorizer::Authorizer;
pub use authorizer::PolicyAuthorizer;
pub use builder::PolicyBuilder;
pub use builder::PolicyRuleBuilder;
pub use context_expr::CompareOp;
pub use context_expr::ContextExpr;
pub use context_expr::MAX_EXPR_DEPTH;
pub use context_expr::MAX_EXPR_LENGTH;
pub use error::PolicyError;
pub use error::Result;
pub use path::PathPattern;
pub use policy::Action;
pub use policy::Policy;
pub use policy::PolicyRule;
pub use policy::Resource;
pub use resource_matcher::ResourceMatcher;
pub use resource_matcher::ResourceMatcherRegistry;

Modules§

authorizer
Authorization evaluation logic (SRP - Single Responsibility Principle)
builder
Builder pattern for ergonomic policy construction
context_expr
ABAC Context Expression Parser & Evaluator
error
Error types for mesh-policy-core
path
Path matching using a custom wildcard implementation to avoid external dependencies.
policy
Policy definitions and validation logic
resource_matcher
Resource Matcher

Constants§

MAX_POLICY_NAME_LENGTH
Maximum length for policy name (T20 DoS mitigation)
MAX_RESOURCE_PATTERN_LENGTH
Maximum length for resource patterns (T20 DoS mitigation)
MAX_RULES_PER_POLICY
Maximum number of rules per policy (T20 DoS mitigation)