feat: Default access policy one factor if no rules

src/resources/access_control_rule.rs

@@ -49,6 +49,7 @@ struct AccessControl {
 
 #[derive(Serialize, Deserialize, Clone, Debug, Hash)]
 struct TopLevel {
+    default_policy: AccessPolicy,
     access_control: AccessControl,
 }
 
@@ -60,13 +61,19 @@ impl AccessControlRule {
         debug!("Updating acl");
         rules.sort_by_cached_key(|rule| rule.name_any());
 
-        let rules = rules
+        let rules: Vec<_> = rules
             .iter()
             .inspect(|rule| trace!(name = rule.name_any(), "Rule found"))
             .map(|rule| rule.spec.clone())
             .collect();
 
         let top = TopLevel {
+            // TODO: Make sure configurable?
+            default_policy: if rules.is_empty() {
+                AccessPolicy::OneFactor
+            } else {
+                AccessPolicy::Deny
+            },
             access_control: AccessControl { rules },
         };