Cedar policy engine bindings for Elixir.
One-shot convenience: compile inputs and evaluate authorization in a single
call. Use ExCedar.PolicySet, ExCedar.Entities, and ExCedar.Authorizer
directly when you need to reuse compiled handles across multiple requests.
Example
iex> policy = "permit(principal, action, resource);"
iex> request = %ExCedar.Request{
...> principal: ExCedar.EntityUid.new("User", "alice"),
...> action: ExCedar.EntityUid.new("Action", "view"),
...> resource: ExCedar.EntityUid.new("Document", "doc1"),
...> context: %{}
...> }
iex> {:ok, dec} = ExCedar.authorize(policy, [], request)
iex> dec.decision
:allow
Summary
Functions
Compiles policy_text and entities on the fly and runs authorization.
Functions
@spec authorize(String.t(), list(), ExCedar.Request.t(), keyword()) :: {:ok, ExCedar.Decision.t()} | {:error, term()}
Compiles policy_text and entities on the fly and runs authorization.
Options:
:schema— Cedar schema text or a compiledExCedar.Schemahandle. When supplied, the request is validated against the schema before evaluation.
Prefer ExCedar.Authorizer.authorize/4 with pre-compiled handles on hot
paths to avoid recompiling on every call.