ExCedar.PolicySet (ex_cedar v0.1.2)

Copy Markdown View Source

Compiled Cedar policy set handle.

compile/1 parses Cedar policy DSL text and returns an opaque reference backed by a ResourceArc<PolicySet>. The handle is immutable, thread-safe, and can be shared across processes or stored in ETS. It does not survive a node restart; recompile from source on boot (e.g. in a supervised start task or Application.start/2).

Use link_template/4 to instantiate a template policy and get a new handle with the linked policy included.

Summary

Functions

Parses Cedar policy text and returns a compiled handle.

Like compile/1 but raises an ExCedar.Error exception on failure.

Reads policy text from path and compiles it. Returns the same tuple shapes as compile/1, or {:error, reason} if the file cannot be read.

Instantiates template template_id with the given principal/resource UIDs and returns a new PolicySet handle that includes the linked policy.

Returns the list of static policy IDs in the compiled policy set.

Returns the list of template IDs in the compiled policy set.

Functions

compile(text)

Parses Cedar policy text and returns a compiled handle.

iex> {:ok, ps} = ExCedar.PolicySet.compile("permit(principal, action, resource);")
iex> is_reference(ps)
true

Returns {:error, %ExCedar.Error.Invalid{}} if the policy text has syntax errors. The error's errors list contains %ExCedar.Error.Parse{} structs with Cedar's parse messages.

compile!(text)

Like compile/1 but raises an ExCedar.Error exception on failure.

from_file(path)

Reads policy text from path and compiles it. Returns the same tuple shapes as compile/1, or {:error, reason} if the file cannot be read.

policy_ids(policy_set)

Returns the list of static policy IDs in the compiled policy set.

template_ids(policy_set)

Returns the list of template IDs in the compiled policy set.