From 664d26f1f65c6d4cf815df8e7225c2d48c58fd15 Mon Sep 17 00:00:00 2001
From: Shaobo He <shaobohe@amazon.com>
Date: Fri, 20 Dec 2024 11:32:42 -0800
Subject: [PATCH] Do not generate annotations on the empty namespace

Signed-off-by: Shaobo He <shaobohe@amazon.com>
---
 cedar-policy-generators/src/schema.rs | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/cedar-policy-generators/src/schema.rs b/cedar-policy-generators/src/schema.rs
index 821a1e41..726bebea 100644
--- a/cedar-policy-generators/src/schema.rs
+++ b/cedar-policy-generators/src/schema.rs
@@ -30,6 +30,7 @@ use crate::size_hint_utils::{size_hint_for_choose, size_hint_for_range, size_hin
 use crate::{accum, gen, gen_inner, uniform};
 use arbitrary::{self, Arbitrary, MaxRecursionReached, Unstructured};
 use cedar_policy_core::ast::{self, Effect, PolicyID, UnreservedId};
+use cedar_policy_core::est;
 use cedar_policy_core::extensions::Extensions;
 use cedar_policy_validator::json_schema::{CommonType, CommonTypeId};
 use cedar_policy_validator::{
@@ -1064,7 +1065,13 @@ impl Schema {
             common_types: BTreeMap::new().into(),
             entity_types: entity_types.into_iter().collect(),
             actions: actions.into_iter().collect(),
-            annotations: u.arbitrary()?,
+            // We cannot allow annotations on the empty namespace
+            // See GH PR: https://github.com/cedar-policy/cedar/pull/1386
+            annotations: if namespace.is_none() {
+                est::Annotations::new()
+            } else {
+                u.arbitrary()?
+            },
         };
         let attrsorcontexts /* : impl Iterator<Item = &AttributesOrContext> */ = nsdef.entity_types.values().map(|et| attrs_from_attrs_or_context(&nsdef, &et.shape))
             .chain(nsdef.actions.iter().filter_map(|(_, action)| action.applies_to.as_ref()).map(|a| attrs_from_attrs_or_context(&nsdef, &a.context)));