Skip to main content

cedar_policy_cli/
command.rs

1/*
2 * Copyright Cedar Contributors
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      https://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17use clap::Subcommand;
18mod authorize;
19pub use authorize::*;
20mod evaluate;
21pub use evaluate::*;
22mod validate;
23pub use validate::*;
24mod check_parse;
25pub use check_parse::*;
26#[cfg(feature = "analyze")]
27mod symcc;
28pub use symcc::*;
29#[cfg(feature = "tpe")]
30mod tpe;
31pub use tpe::*;
32#[cfg(feature = "partial-eval")]
33mod partial_eval;
34pub use partial_eval::*;
35mod run_test;
36pub use run_test::*;
37mod link;
38pub use link::*;
39mod format;
40pub use format::*;
41mod translate_policy;
42pub use translate_policy::*;
43mod translate_schema;
44pub use translate_schema::*;
45mod visualize;
46pub use visualize::*;
47mod new;
48pub use new::*;
49mod language_version;
50pub use language_version::*;
51
52#[cfg(not(feature = "tpe"))]
53mod tpe {
54    use crate::CedarExitCode;
55    #[derive(Debug, clap::Args)]
56    pub struct TpeArgs;
57
58    pub fn tpe(_: &TpeArgs) -> CedarExitCode {
59        eprintln!("Error: subcommand `tpe` is experimental, but this executable was not built with `tpe` experimental feature enabled");
60        CedarExitCode::Failure
61    }
62}
63
64#[cfg(not(feature = "partial-eval"))]
65mod partial_eval {
66    use crate::CedarExitCode;
67    #[derive(Debug, clap::Args)]
68    pub struct PartiallyAuthorizeArgs;
69
70    pub fn partial_authorize(_: &PartiallyAuthorizeArgs) -> CedarExitCode {
71        eprintln!("Error: subcommand `partially-authorize` is experimental, but this executable was not built with `partial-eval` experimental feature enabled");
72        CedarExitCode::Failure
73    }
74}
75
76#[cfg(not(feature = "analyze"))]
77mod symcc {
78    use crate::CedarExitCode;
79    #[derive(Debug, clap::Args)]
80    pub struct SymccArgs;
81
82    pub fn symcc(_: &SymccArgs) -> CedarExitCode {
83        eprintln!("Error: subcommand `symcc` is experimental, but this executable was not built with `analyze` experimental feature enabled");
84        CedarExitCode::Failure
85    }
86}
87
88#[derive(Subcommand, Debug)]
89pub enum Commands {
90    /// Evaluate an authorization request
91    Authorize(AuthorizeArgs),
92    /// Evaluate a Cedar expression
93    Evaluate(EvaluateArgs),
94    /// Validate a policy set against a schema
95    Validate(ValidateArgs),
96    /// Check that policies, expressions, schema, and/or entities successfully parse.
97    /// (All arguments are optional; this checks that whatever is provided parses)
98    ///
99    /// If no arguments are provided, reads policies from stdin and checks that they parse.
100    CheckParse(CheckParseArgs),
101    /// Link a template
102    Link(LinkArgs),
103    /// Format a policy set
104    Format(FormatArgs),
105    /// Translate Cedar policy syntax to JSON policy syntax (except comments)
106    TranslatePolicy(TranslatePolicyArgs),
107    /// Translate Cedar schema syntax to JSON schema syntax and vice versa (except comments)
108    TranslateSchema(TranslateSchemaArgs),
109    /// Visualize a set of JSON entities to the graphviz format.
110    /// Warning: Entity visualization is best-effort and not well tested.
111    Visualize(VisualizeArgs),
112    /// Create a Cedar project
113    New(NewArgs),
114    /// Partially evaluate an authorization request
115    PartiallyAuthorize(PartiallyAuthorizeArgs),
116    /// Partially evaluate an authorization request in a type-aware manner
117    Tpe(TpeArgs),
118    /// Run test cases on a policy set
119    ///
120    /// Tests are defined in a JSON array of objects with the following fields:
121    ///   - name: optional test name string
122    ///   - request: object using the same format as the `--request-json` argument for authorization
123    ///   - entities: array of entity JSON objects in the same format expected by `--entities` argument for authorization
124    ///   - decision: the string "allow" or "deny"
125    ///   - reason: array of policy ID strings expected to contribute to the authorization decision
126    ///   - num_errors: expected number of erroring policies
127    #[clap(verbatim_doc_comment)] // stops clap from dropping newlines in bulleted list
128    RunTests(RunTestsArgs),
129    /// Symbolic analysis of Cedar policies using SymCC
130    Symcc(SymccArgs),
131    /// Print Cedar language version
132    LanguageVersion,
133}