Compiled Cedar policy set handle.
compile/1 parses Cedar policy DSL text and returns an opaque reference
backed by a ResourceArc<PolicySet>. The handle is immutable, thread-safe,
and can be shared across processes or stored in ETS. It does not survive
a node restart; recompile from source on boot (e.g. in a supervised start
task or Application.start/2).
Use link_template/4 to instantiate a template policy and get a new handle
with the linked policy included.
Summary
Functions
Parses Cedar policy text and returns a compiled handle.
Like compile/1 but raises an ExCedar.Error exception on failure.
Reads policy text from path and compiles it. Returns the same tuple
shapes as compile/1, or {:error, reason} if the file cannot be read.
Instantiates template template_id with the given principal/resource UIDs
and returns a new PolicySet handle that includes the linked policy.
Returns the list of static policy IDs in the compiled policy set.
Returns the list of template IDs in the compiled policy set.
Functions
Parses Cedar policy text and returns a compiled handle.
iex> {:ok, ps} = ExCedar.PolicySet.compile("permit(principal, action, resource);")
iex> is_reference(ps)
trueReturns {:error, %ExCedar.Error.Invalid{}} if the policy text has syntax
errors. The error's errors list contains %ExCedar.Error.Parse{} structs
with Cedar's parse messages.
Like compile/1 but raises an ExCedar.Error exception on failure.
Reads policy text from path and compiles it. Returns the same tuple
shapes as compile/1, or {:error, reason} if the file cannot be read.
Instantiates template template_id with the given principal/resource UIDs
and returns a new PolicySet handle that includes the linked policy.
The original handle is unchanged. env is a map with optional :principal
and :resource keys, each an ExCedar.EntityUid.
Cedar auto-assigns IDs like "policy0" when parsing policy text without an
explicit @id() annotation.
iex> {:ok, ps} = ExCedar.PolicySet.compile("permit(principal == ?principal, action, resource);")
iex> principal = ExCedar.EntityUid.new("User", "alice")
iex> {:ok, ps2} = ExCedar.PolicySet.link_template(ps, "policy0", "alice_policy", %{principal: principal})
iex> is_reference(ps2)
trueReturns {:error, %ExCedar.Error.Invalid{}} if the template ID does not
exist or the slot environment is malformed.
Returns the list of static policy IDs in the compiled policy set.
Returns the list of template IDs in the compiled policy set.