ExCedar (ex_cedar v0.1.2)

Copy Markdown View Source

Cedar policy engine bindings for Elixir.

One-shot convenience: compile inputs and evaluate authorization in a single call. Use ExCedar.PolicySet, ExCedar.Entities, and ExCedar.Authorizer directly when you need to reuse compiled handles across multiple requests.

Example

iex> policy = "permit(principal, action, resource);"
iex> request = %ExCedar.Request{
...>   principal: ExCedar.EntityUid.new("User", "alice"),
...>   action: ExCedar.EntityUid.new("Action", "view"),
...>   resource: ExCedar.EntityUid.new("Document", "doc1"),
...>   context: %{}
...> }
iex> {:ok, dec} = ExCedar.authorize(policy, [], request)
iex> dec.decision
:allow

Summary

Functions

Compiles policy_text and entities on the fly and runs authorization.

Functions

authorize(policy_text, entities, request, opts \\ [])

@spec authorize(String.t(), list(), ExCedar.Request.t(), keyword()) ::
  {:ok, ExCedar.Decision.t()} | {:error, term()}

Compiles policy_text and entities on the fly and runs authorization.

Options:

  • :schema — Cedar schema text or a compiled ExCedar.Schema handle. When supplied, the request is validated against the schema before evaluation.

Prefer ExCedar.Authorizer.authorize/4 with pre-compiled handles on hot paths to avoid recompiling on every call.