ExCedar.Validator (ex_cedar v0.1.2)

Copy Markdown View Source

Schema-based policy validation over compiled handles.

Validates that every policy in a PolicySet is consistent with the given Schema. Findings (errors and warnings) are returned as plain data in a ValidationResult struct — they are not raised as exceptions.

Only :strict validation mode is supported. Cedar's :permissive mode is experimental and not enabled.

Summary

Functions

Validates policy_set against schema and returns a ValidationResult.

Functions

validate(policy_set, schema, opts \\ [])

Validates policy_set against schema and returns a ValidationResult.

Options:

  • :mode — validation mode; only :strict is supported (default: :strict).

Returns {:ok, %ExCedar.ValidationResult{}} on a successful call. Check validated? and the errors/warnings lists for findings.

Returns {:error, %ExCedar.Error.Invalid{}} only for operational failures (e.g. non-reference handles passed as arguments), not for validation findings.

Raises ArgumentError if an unsupported mode is given.