Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mmzeeman/acerl

WIP Experimental auth language for embedding in Erlang/Beam
https://github.com/mmzeeman/acerl

acl datalog erlang policy rego

Last synced: about 1 month ago
JSON representation

WIP Experimental auth language for embedding in Erlang/Beam

Host: GitHub
URL: https://github.com/mmzeeman/acerl
Owner: mmzeeman
License: apache-2.0
Created: 2022-05-12T18:50:27.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2022-07-11T07:39:36.000Z (over 2 years ago)
Last Synced: 2024-11-16T06:55:08.595Z (3 months ago)
Topics: acl, datalog, erlang, policy, rego
Language: Erlang
Homepage:
Size: 52.7 KB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # WIP Access Control for Erlang 

This repository contains a scanner/parser for Rego, the policy language from OPA. 

I work on this in my spare time, so progress is slow.

%% Integrating OPA

Rest API

# Named policy decisions (data api)

## /v1/data/ 

Dus als je een policy hebt

```rego

package example.authz

default allow := false

allow {

...

```

Dan gebruik je de api als volgt

```

POST /v1/data/example/authz/allow

...

```

%% Inspiration

https://www.openpolicyagent.org/docs/latest/policy-reference/#grammar

Grammar

https://github.com/antlr/grammars-v4/tree/rego

```

module          = package { import } policy

package         = "package" ref

import          = "import" ref [ "as" var ]

policy          = { rule }

rule            = [ "default" ] rule-head { rule-body }

rule-head       = var [ "(" rule-args ")" ] [ "[" term "]" ] [ = term ]

rule-args       = term { "," term }

rule-body       = [ else [ = term ] ] "{" query "}"

query           = literal { ";" | [\r\n] literal }

literal         = ( some-decl | expr | "not" expr ) { with-modifier }

with-modifier   = "with" term "as" term

some-decl       = "some" var { "," var }

expr            = term | expr-built-in | expr-infix

expr-built-in   = var [ "." var ] "(" [ term { , term } ] ")"

expr-infix      = [ term "=" ] term infix-operator term

term            = ref | var | scalar | array | object | set | array-compr | object-compr | set-compr

array-compr     = "[" term "|" rule-body "]"

set-compr       = "{" term "|" rule-body "}"

object-compr    = "{" object-item "|" rule-body "}"

infix-operator  = bool-operator | arith-operator | bin-operator

bool-operator   = "=" | "!=" | "<" | ">" | ">=" | "<="

arith-operator  = "+" | "-" | "*" | "/"

bin-operator    = "&" | "|"

ref             = var { ref-arg }

ref-arg         = ref-arg-dot | ref-arg-brack

ref-arg-brack   = "[" ( scalar | var | array | object | set | "_" ) "]"

ref-arg-dot     = "." var

var             = ( ALPHA | "_" ) { ALPHA | DIGIT | "_" }

scalar          = string | NUMBER | TRUE | FALSE | NULL

string          = STRING | raw-string

raw-string      = "`" { CHAR-"`" } "`"

array           = "[" term { "," term } "]"

object          = "{" object-item { "," object-item } "}"

object-item     = ( scalar | ref | var ) ":" term

set             = empty-set | non-empty-set

non-empty-set   = "{" term { "," term } "}"

empty-set       = "set(" ")"

====

[]     optional (zero or one instances)

{}     repetition (zero or more instances)

|      alternation (one of the instances)

()     grouping (order of expansion)

STRING JSON string

NUMBER JSON number

TRUE   JSON true

FALSE  JSON false

NULL   JSON null

CHAR   Unicode character

ALPHA  ASCII characters A-Z and a-z

DIGIT  ASCII characters 0-9

CR     Carriage Return

LF     Line Feed

```