update for cedar#360 (#141)

cedar-drt/fuzz/fuzz_targets/abac-type-directed.rs

@@ -18,7 +18,8 @@
 use cedar_drt::*;
 use cedar_drt_inner::*;
 use cedar_policy_core::ast;
-use cedar_policy_core::entities::{Entities, TCComputation};
+use cedar_policy_core::entities::{Entities, NoEntitiesSchema, TCComputation};
+use cedar_policy_core::extensions::Extensions;
 use cedar_policy_generators::{
     abac::{ABACPolicy, ABACRequest},
     err::Error,
@@ -119,10 +120,13 @@ fn drop_some_entities(entities: Entities, u: &mut Unstructured<'_>) -> arbitrary
                 }
             }
         }
-        Ok(
-            Entities::from_entities(set.into_iter(), TCComputation::AssumeAlreadyComputed)
-                .expect("Should be valid"),
+        Ok(Entities::from_entities(
+            set.into_iter(),
+            None::<&NoEntitiesSchema>,
+            TCComputation::AssumeAlreadyComputed,
+            Extensions::all_available(),
         )
+        .expect("Should be valid"))
     } else {
         Ok(entities)
     }

cedar-drt/fuzz/fuzz_targets/eval-type-directed.rs

@@ -19,7 +19,8 @@ use cedar_drt::*;
 use cedar_drt_inner::*;
 use cedar_policy_core::{
     ast::Expr,
-    entities::{Entities, TCComputation},
+    entities::{Entities, NoEntitiesSchema, TCComputation},
+    extensions::Extensions,
 };
 use cedar_policy_generators::abac::ABACRequest;
 use cedar_policy_generators::err::Error;
@@ -115,10 +116,13 @@ fn drop_some_entities(entities: Entities, u: &mut Unstructured<'_>) -> arbitrary
                 }
             }
         }
-        Ok(
-            Entities::from_entities(set.into_iter(), TCComputation::AssumeAlreadyComputed)
-                .expect("Should be valid"),
+        Ok(Entities::from_entities(
+            set.into_iter(),
+            None::<&NoEntitiesSchema>,
+            TCComputation::AssumeAlreadyComputed,
+            Extensions::all_available(),
         )
+        .expect("Should be valid"))
     } else {
         Ok(entities)
     }

cedar-drt/fuzz/fuzz_targets/partial-eval.rs

@@ -22,7 +22,8 @@ use cedar_policy_core::ast;
 use cedar_policy_core::ast::Policy;
 use cedar_policy_core::ast::PolicySet;
 use cedar_policy_core::authorizer::Authorizer;
-use cedar_policy_core::entities::{Entities, TCComputation};
+use cedar_policy_core::entities::{Entities, NoEntitiesSchema, TCComputation};
+use cedar_policy_core::extensions::Extensions;
 use cedar_policy_generators::{
     abac::{ABACPolicy, ABACRequest},
     err::Error,
@@ -120,10 +121,13 @@ fn drop_some_entities(entities: Entities, u: &mut Unstructured<'_>) -> arbitrary
                 }
             }
         }
-        Ok(
-            Entities::from_entities(set.into_iter(), TCComputation::AssumeAlreadyComputed)
-                .expect("Should be valid"),
+        Ok(Entities::from_entities(
+            set.into_iter(),
+            None::<&NoEntitiesSchema>,
+            TCComputation::AssumeAlreadyComputed,
+            Extensions::all_available(),
         )
+        .expect("Should be valid"))
     } else {
         Ok(entities)
     }

cedar-drt/fuzz/src/lib.rs

@@ -178,7 +178,7 @@ pub fn run_val_test(
 fn test_run_auth_test() {
     use cedar_drt::JavaDefinitionalEngine;
     use cedar_policy_core::ast::{Entity, EntityUID, RestrictedExpr};
-    use cedar_policy_core::entities::TCComputation;
+    use cedar_policy_core::entities::{NoEntitiesSchema, TCComputation};
     use smol_str::SmolStr;
 
     let java_def_engine =
@@ -241,7 +241,9 @@ fn test_run_auth_test() {
     );
     let entities = Entities::from_entities(
         vec![entity_alice, entity_view, entity_vacation],
+        None::<&NoEntitiesSchema>,
         TCComputation::AssumeAlreadyComputed,
+        Extensions::all_available(),
     )
     .unwrap();
     run_auth_test(&java_def_engine, &query, &policies, &entities);

cedar-policy-generators/src/hierarchy.rs

@@ -6,7 +6,8 @@ use crate::schema::{attrs_from_attrs_or_context, build_qualified_entity_type_nam
 use crate::size_hint_utils::{size_hint_for_choose, size_hint_for_ratio};
 use arbitrary::{Arbitrary, Unstructured};
 use cedar_policy_core::ast::{self, Eid, Entity, EntityUID};
-use cedar_policy_core::entities::{Entities, TCComputation};
+use cedar_policy_core::entities::{Entities, NoEntitiesSchema, TCComputation};
+use cedar_policy_core::extensions::Extensions;
 use nanoid::nanoid;
 
 /// EntityUIDs with the mappings to their indices in the container.
@@ -223,8 +224,13 @@ impl Hierarchy {
 impl TryFrom<Hierarchy> for Entities {
     type Error = String;
     fn try_from(h: Hierarchy) -> std::result::Result<Entities, String> {
-        Entities::from_entities(h.into_entities().map(Into::into), TCComputation::ComputeNow)
-            .map_err(|e| e.to_string())
+        Entities::from_entities(
+            h.into_entities().map(Into::into),
+            None::<&NoEntitiesSchema>,
+            TCComputation::ComputeNow,
+            Extensions::all_available(),
+        )
+        .map_err(|e| e.to_string())
     }
 }
 

cedar-policy-generators/src/main.rs

@@ -3,12 +3,13 @@ use std::{fs::File, io};
 use anyhow::{anyhow, Result};
 use arbitrary::Unstructured;
 use cedar_policy_core::entities::{Entities, TCComputation};
+use cedar_policy_core::extensions::Extensions;
 use cedar_policy_generators::{
     hierarchy::{EntityUIDGenMode, HierarchyGenerator, HierarchyGeneratorMode, NumEntities},
     schema::Schema,
     settings::ABACSettings,
 };
-use cedar_policy_validator::SchemaFragment;
+use cedar_policy_validator::{CoreSchema, SchemaFragment, ValidatorSchema};
 use clap::{Args, Parser, Subcommand};
 use rand::{thread_rng, Rng};
 
@@ -85,15 +86,25 @@ fn generate_hierarchy_from_schema(byte_length: usize, args: &HierarchyArgs) -> R
     }
     .generate()
     .map_err(|err| anyhow!("failed to generate hierarchy: {err:#?}"))?;
+    let vschema = ValidatorSchema::try_from(schema)
+        .map_err(|err| anyhow!("failed to convert schema to ValidatorSchema: {err}"))?;
+    let coreschema = CoreSchema::new(&vschema);
     // this is just to ensure no cycles.
     // we throw away the `Entities` built with `ComputeNow`, because we want to
     // generate hierarchies that aren't necessarily TC-closed.
-    Entities::from_entities(h.entities().cloned(), TCComputation::ComputeNow)?;
+    Entities::from_entities(
+        h.entities().cloned(),
+        Some(&coreschema),
+        TCComputation::ComputeNow,
+        Extensions::all_available(),
+    )?;
     Ok(Entities::from_entities(
         h.entities().cloned(),
+        Some(&coreschema),
         // use `AssumeAlreadyComputed` because we want a hierarchy that isn't
         // necessarily TC-closed.
         TCComputation::AssumeAlreadyComputed,
+        Extensions::all_available(),
     )?)
 }
 

cedar-policy-generators/src/schema.rs

@@ -1266,7 +1266,8 @@ mod tests {
     use crate::{hierarchy::EntityUIDGenMode, settings::ABACSettings};
     use arbitrary::Unstructured;
     use cedar_policy_core::entities::Entities;
-    use cedar_policy_validator::SchemaFragment;
+    use cedar_policy_core::extensions::Extensions;
+    use cedar_policy_validator::{CoreSchema, SchemaFragment, ValidatorSchema};
     use rand::{rngs::ThreadRng, thread_rng, RngCore};
 
     const RANDOM_BYTE_SIZE: u16 = 1024;
@@ -1736,9 +1737,14 @@ mod tests {
         let h = schema
             .arbitrary_hierarchy_with_nanoid_uids(EntityUIDGenMode::default_nanoid_len(), &mut u)
             .expect("failed to generate hierarchy!");
+        let vschema =
+            ValidatorSchema::try_from(schema).expect("failed to convert to ValidatorSchema");
+        let coreschema = CoreSchema::new(&vschema);
         Entities::from_entities(
             h.entities().into_iter().map(|e| e.clone()),
+            Some(&coreschema),
             cedar_policy_core::entities::TCComputation::ComputeNow,
+            Extensions::all_available(),
         )
     }
 }