Skip to main content

cedar_policy_cli/
lib.rs

1/*
2 * Copyright Cedar Contributors
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      https://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17use clap::{Parser, ValueEnum};
18use std::{
19    fmt::{self, Display},
20    process::{ExitCode, Termination},
21};
22
23/// Defines the different sub-commands implemented by the Cedar CLI
24mod command;
25pub use command::*;
26
27/// Utilities for reading policies, schema, and entities from command line
28/// arguments in a consistent format across the subcommands.
29mod utils;
30pub use utils::*;
31
32/// Basic Cedar CLI for evaluating authorization queries
33#[derive(Parser, Debug)]
34#[command(author, version, about, long_about = None)] // Pull from `Cargo.toml`
35pub struct Cli {
36    #[command(subcommand)]
37    pub command: Commands,
38    /// The output format to use for error reporting.
39    #[arg(
40        global = true,
41        short = 'f',
42        long = "error-format",
43        env = "CEDAR_ERROR_FORMAT",
44        default_value_t,
45        value_enum
46    )]
47    pub err_fmt: ErrorFormat,
48}
49
50#[derive(Clone, Copy, Debug, Default, Eq, PartialEq, ValueEnum)]
51pub enum ErrorFormat {
52    /// Human-readable error messages with terminal graphics and inline code
53    /// snippets.
54    #[default]
55    Human,
56    /// Plain-text error messages without fancy graphics or colors, suitable for
57    /// screen readers.
58    Plain,
59    /// Machine-readable JSON output.
60    Json,
61}
62
63impl Display for ErrorFormat {
64    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
65        write!(
66            f,
67            "{}",
68            match self {
69                ErrorFormat::Human => "human",
70                ErrorFormat::Plain => "plain",
71                ErrorFormat::Json => "json",
72            }
73        )
74    }
75}
76
77#[derive(Eq, PartialEq, Debug, Copy, Clone)]
78pub enum CedarExitCode {
79    // The command completed successfully with a result other than a
80    // authorization deny or validation failure.
81    Success,
82    // The command failed to complete successfully.
83    Failure,
84    // The command completed successfully, but the result of the authorization
85    // request was DENY.
86    AuthorizeDeny,
87    // The command completed successfully, but it detected a validation failure
88    // in the given schema and policies.
89    ValidationFailure,
90    #[cfg(any(feature = "partial-eval", feature = "tpe"))]
91    // The command completed successfully with an incomplete result, e.g.,
92    // partial authorization result is not determining.
93    Unknown,
94}
95
96impl Termination for CedarExitCode {
97    fn report(self) -> ExitCode {
98        match self {
99            CedarExitCode::Success => ExitCode::SUCCESS,
100            CedarExitCode::Failure => ExitCode::FAILURE,
101            CedarExitCode::AuthorizeDeny => ExitCode::from(2),
102            CedarExitCode::ValidationFailure => ExitCode::from(3),
103            #[cfg(any(feature = "partial-eval", feature = "tpe"))]
104            CedarExitCode::Unknown => ExitCode::SUCCESS,
105        }
106    }
107}