cedar-policy-cli 4.11.0

CLI interface for the Cedar Policy language.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133

/*
 * Copyright Cedar Contributors
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

use clap::Subcommand;
mod authorize;
pub use authorize::*;
mod evaluate;
pub use evaluate::*;
mod validate;
pub use validate::*;
mod check_parse;
pub use check_parse::*;
#[cfg(feature = "analyze")]
mod symcc;
pub use symcc::*;
#[cfg(feature = "tpe")]
mod tpe;
pub use tpe::*;
#[cfg(feature = "partial-eval")]
mod partial_eval;
pub use partial_eval::*;
mod run_test;
pub use run_test::*;
mod link;
pub use link::*;
mod format;
pub use format::*;
mod translate_policy;
pub use translate_policy::*;
mod translate_schema;
pub use translate_schema::*;
mod visualize;
pub use visualize::*;
mod new;
pub use new::*;
mod language_version;
pub use language_version::*;

#[cfg(not(feature = "tpe"))]
mod tpe {
    use crate::CedarExitCode;
    #[derive(Debug, clap::Args)]
    pub struct TpeArgs;

    pub fn tpe(_: &TpeArgs) -> CedarExitCode {
        eprintln!("Error: subcommand `tpe` is experimental, but this executable was not built with `tpe` experimental feature enabled");
        CedarExitCode::Failure
    }
}

#[cfg(not(feature = "partial-eval"))]
mod partial_eval {
    use crate::CedarExitCode;
    #[derive(Debug, clap::Args)]
    pub struct PartiallyAuthorizeArgs;

    pub fn partial_authorize(_: &PartiallyAuthorizeArgs) -> CedarExitCode {
        eprintln!("Error: subcommand `partially-authorize` is experimental, but this executable was not built with `partial-eval` experimental feature enabled");
        CedarExitCode::Failure
    }
}

#[cfg(not(feature = "analyze"))]
mod symcc {
    use crate::CedarExitCode;
    #[derive(Debug, clap::Args)]
    pub struct SymccArgs;

    pub fn symcc(_: &SymccArgs) -> CedarExitCode {
        eprintln!("Error: subcommand `symcc` is experimental, but this executable was not built with `analyze` experimental feature enabled");
        CedarExitCode::Failure
    }
}

#[derive(Subcommand, Debug)]
pub enum Commands {
    /// Evaluate an authorization request
    Authorize(AuthorizeArgs),
    /// Evaluate a Cedar expression
    Evaluate(EvaluateArgs),
    /// Validate a policy set against a schema
    Validate(ValidateArgs),
    /// Check that policies, expressions, schema, and/or entities successfully parse.
    /// (All arguments are optional; this checks that whatever is provided parses)
    ///
    /// If no arguments are provided, reads policies from stdin and checks that they parse.
    CheckParse(CheckParseArgs),
    /// Link a template
    Link(LinkArgs),
    /// Format a policy set
    Format(FormatArgs),
    /// Translate Cedar policy syntax to JSON policy syntax (except comments)
    TranslatePolicy(TranslatePolicyArgs),
    /// Translate Cedar schema syntax to JSON schema syntax and vice versa (except comments)
    TranslateSchema(TranslateSchemaArgs),
    /// Visualize a set of JSON entities to the graphviz format.
    /// Warning: Entity visualization is best-effort and not well tested.
    Visualize(VisualizeArgs),
    /// Create a Cedar project
    New(NewArgs),
    /// Partially evaluate an authorization request
    PartiallyAuthorize(PartiallyAuthorizeArgs),
    /// Partially evaluate an authorization request in a type-aware manner
    Tpe(TpeArgs),
    /// Run test cases on a policy set
    ///
    /// Tests are defined in a JSON array of objects with the following fields:
    ///   - name: optional test name string
    ///   - request: object using the same format as the `--request-json` argument for authorization
    ///   - entities: array of entity JSON objects in the same format expected by `--entities` argument for authorization
    ///   - decision: the string "allow" or "deny"
    ///   - reason: array of policy ID strings expected to contribute to the authorization decision
    ///   - num_errors: expected number of erroring policies
    #[clap(verbatim_doc_comment)] // stops clap from dropping newlines in bulleted list
    RunTests(RunTestsArgs),
    /// Symbolic analysis of Cedar policies using SymCC
    Symcc(SymccArgs),
    /// Print Cedar language version
    LanguageVersion,
}