a2x 0.1.2

A converter from ALFA to XACML policy language.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

ALFA to XACML (a2x)
-------------------
[![builds.sr.ht status](https://builds.sr.ht/~gheartsfield/a2x/commits/master.svg)](https://builds.sr.ht/~gheartsfield/a2x/commits/master?)

a2x converts policies written in the ALFA language to XACML 3.0 XML
policies.

Licensed under the [GNU General Public License v3.0 or
later](https://spdx.org/licenses/GPL-3.0-or-later.html).

### CHANGELOG

Please see the [CHANGELOG](CHANGELOG.md) for release history.

### Usage

Convert any files in the `src` directory ending in `.alfa` to XACML,
saving to the `xacml` directory.

```
$ a2x --input src --output xacml
```

The `--input` option can be repeated for as many files or directories
as desired.

Most entities from the XACML spec are predefined and available through
an implicitly imported namespace.  To see a listing, run:

```
$ a2x --show-builtins
```

If you prefer to not have these implicitly imported, they can be
disabled with the ```--disable-builtins``` flag.

The default prefix for `PolicySetId`, `PolicyId`, and `RuleId` can be
customized with the ```--namespace``` option.



### Sample Policy

A [sample policy](samples/retail/README.md) is included in this
repository, which may be helpful as a reference for ALFA language
features, and a known working example for running `a2x`.

Convert the sample to XACML:

```
$ a2x -i samples -o xacml-gen

ALFA to XACML Converter v0.1.2
==============================

Input:  samples
Output: xacml-gen

Scanning input directory...
Found 5 ALFA policy files

Parsing ALFA policies:
  ✓ samples/retail/attr.alfa
  ✓ samples/retail/oblig.alfa
  ✓ samples/retail/common.alfa
  ✓ samples/retail/main.alfa
  ⊘ samples/retail/empty.alfa (empty)

Writing XACML policies:
  ✓ xacml-gen/main.retail.xml
  ✓ xacml-gen/common.deny.xml
  ✓ xacml-gen/main.customerBusinessHours.xml
  ✓ xacml-gen/main.customerAddToCart.xml
  ✓ xacml-gen/main.clerkAddToCart.xml
  ✓ xacml-gen/main.voidTransaction.xml

Summary:
--------
ALFA files processed  : 5
XACML files generated : 6
Policy Sets written   : 3
Policies written      : 7
Rules written         : 9

Total time: 4.1ms

✓ Conversion completed successfully
```

### Building

a2x is written in Rust, so you will need to [install
Rust](https://www.rust-lang.org/) to compile it.  Rust version 1.85.0
(stable) or newer is supported.

To build a2x:

```
$ git clone https://git.sr.ht/~gheartsfield/a2x
$ cd a2x
$ cargo build --release --locked
$ ./target/release/a2x --version
a2x 0.1.0
```

### Running tests

a2x has unit tests and full end-to-end tests that ensure ALFA policies
are converted to exact matches of manually verified XACML policies.
To run all these tests, use:

```
$ cargo test
```

### References

* [XACML
  3.0](https://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html) -
  the OASIS specification for eXtensible Access Control Markup
  Language.
* [ALFA 1.0](https://groups.oasis-open.org/higherlogic/ws/public/download/55228/alfa-for-xacml-v1.0-wd01.doc) - the OASIS draft specification for ALFA (Word format)
* [ALFA Guide](https://alfa.guide/) - many resources for learning and using ALFA
* [ALFA 2.0](https://www.ietf.org/archive/id/draft-brossard-alfa-authz-00.html) - future evolution of the ALFA language