Use of ExternFunc

[cisaacson]

We have a use case where we need to perform custom policy validation in an allow policy. I assume we should use ExternFunc to have it perform our specialized logic, based on facts that are in the Authority block.

I see the API allows a left and an optional right arg, that will work for our purposes.

Is this the right way to do this? Can you point us to an example?

[divarvel]

so functions in datalog are either unary ($my_value.extern::my_func()) or binary ($my_value.extern::my_func($my_other_value)). In the first case, left is the value of $my_value, and right is None. In the second case, left is the value of $my_value and right is Some(value of my_other_value) (variables are replaced with their values before calling extern functions, so you only need to work on values.

You can see examples in the test suite:

• how to register an external function in an authorizer builder:

  biscuit-rust/biscuit-auth/examples/testcases.rs

  Line 355 in 66fe786

  .set_extern_funcs(extern_funcs)

• how to define an external function mapping: 

  biscuit-rust/biscuit-auth/examples/testcases.rs

  Line 2361 in 66fe786

  HashMap::from([(

Here an example of a function that:

• when called as unary, just returns its argument
• when called as binary with two equal strings: returns "equal strings"
• when called as binary with two different strings: returns "different strings"
• errors out in other cases

            HashMap::from([(
                "test".to_string(),
                ExternFunc::new(Arc::new(|left, right| match (left, right) {
                    (t, None) => Ok(t),
                    (builder::Term::Str(left), Some(builder::Term::Str(right)))
                        if left == right =>
                    {
                        Ok(builder::Term::Str("equal strings".to_string()))
                    }
                    (builder::Term::Str(_), Some(builder::Term::Str(_))) => {
                        Ok(builder::Term::Str("different strings".to_string()))
                    }
                    _ => Err("unsupported operands".to_string()),
                })),
            )]),

an extern function can only be called with the following term variants:

    Integer(i64),
    Str(String),
    Date(u64),
    Bytes(Vec<u8>),
    Bool(bool),
    Set(BTreeSet<Term>),
    Null,
    Array(Vec<Term>),
    Map(BTreeMap<MapKey, Term>),

Variable and Parameter cannot be provided to an extern function, it should error out in this case