From ff33f5981c29872b71ad14427b438c6e25b73759 Mon Sep 17 00:00:00 2001 From: Craig Disselkoen Date: Fri, 27 Oct 2023 21:04:32 +0000 Subject: [PATCH 1/2] update for cedar#360 --- cedar | 2 +- cedar-drt/fuzz/fuzz_targets/abac-type-directed.rs | 12 ++++++++---- cedar-drt/fuzz/fuzz_targets/eval-type-directed.rs | 12 ++++++++---- cedar-drt/fuzz/fuzz_targets/partial-eval.rs | 12 ++++++++---- cedar-drt/fuzz/src/lib.rs | 4 +++- cedar-policy-generators/src/hierarchy.rs | 12 +++++++++--- cedar-policy-generators/src/main.rs | 15 +++++++++++++-- 7 files changed, 50 insertions(+), 19 deletions(-) diff --git a/cedar b/cedar index 36dc764e5..c4bbbb353 160000 --- a/cedar +++ b/cedar @@ -1 +1 @@ -Subproject commit 36dc764e52d719359c77a526ec6a798c005b8d37 +Subproject commit c4bbbb353675780746276c9ad2b6b9f7eb265fc9 diff --git a/cedar-drt/fuzz/fuzz_targets/abac-type-directed.rs b/cedar-drt/fuzz/fuzz_targets/abac-type-directed.rs index 7b0fd25af..716289c3a 100644 --- a/cedar-drt/fuzz/fuzz_targets/abac-type-directed.rs +++ b/cedar-drt/fuzz/fuzz_targets/abac-type-directed.rs @@ -18,7 +18,8 @@ use cedar_drt::*; use cedar_drt_inner::*; use cedar_policy_core::ast; -use cedar_policy_core::entities::{Entities, TCComputation}; +use cedar_policy_core::entities::{Entities, NoEntitiesSchema, TCComputation}; +use cedar_policy_core::extensions::Extensions; use cedar_policy_generators::{ abac::{ABACPolicy, ABACRequest}, err::Error, @@ -119,10 +120,13 @@ fn drop_some_entities(entities: Entities, u: &mut Unstructured<'_>) -> arbitrary } } } - Ok( - Entities::from_entities(set.into_iter(), TCComputation::AssumeAlreadyComputed) - .expect("Should be valid"), + Ok(Entities::from_entities( + set.into_iter(), + None::<&NoEntitiesSchema>, + TCComputation::AssumeAlreadyComputed, + Extensions::all_available(), ) + .expect("Should be valid")) } else { Ok(entities) } diff --git a/cedar-drt/fuzz/fuzz_targets/eval-type-directed.rs b/cedar-drt/fuzz/fuzz_targets/eval-type-directed.rs index c9d56756d..49d5f85c0 100644 --- a/cedar-drt/fuzz/fuzz_targets/eval-type-directed.rs +++ b/cedar-drt/fuzz/fuzz_targets/eval-type-directed.rs @@ -19,7 +19,8 @@ use cedar_drt::*; use cedar_drt_inner::*; use cedar_policy_core::{ ast::Expr, - entities::{Entities, TCComputation}, + entities::{Entities, NoEntitiesSchema, TCComputation}, + extensions::Extensions, }; use cedar_policy_generators::abac::ABACRequest; use cedar_policy_generators::err::Error; @@ -115,10 +116,13 @@ fn drop_some_entities(entities: Entities, u: &mut Unstructured<'_>) -> arbitrary } } } - Ok( - Entities::from_entities(set.into_iter(), TCComputation::AssumeAlreadyComputed) - .expect("Should be valid"), + Ok(Entities::from_entities( + set.into_iter(), + None::<&NoEntitiesSchema>, + TCComputation::AssumeAlreadyComputed, + Extensions::all_available(), ) + .expect("Should be valid")) } else { Ok(entities) } diff --git a/cedar-drt/fuzz/fuzz_targets/partial-eval.rs b/cedar-drt/fuzz/fuzz_targets/partial-eval.rs index 07f2d5367..565590382 100644 --- a/cedar-drt/fuzz/fuzz_targets/partial-eval.rs +++ b/cedar-drt/fuzz/fuzz_targets/partial-eval.rs @@ -22,7 +22,8 @@ use cedar_policy_core::ast; use cedar_policy_core::ast::Policy; use cedar_policy_core::ast::PolicySet; use cedar_policy_core::authorizer::Authorizer; -use cedar_policy_core::entities::{Entities, TCComputation}; +use cedar_policy_core::entities::{Entities, NoEntitiesSchema, TCComputation}; +use cedar_policy_core::extensions::Extensions; use cedar_policy_generators::{ abac::{ABACPolicy, ABACRequest}, err::Error, @@ -120,10 +121,13 @@ fn drop_some_entities(entities: Entities, u: &mut Unstructured<'_>) -> arbitrary } } } - Ok( - Entities::from_entities(set.into_iter(), TCComputation::AssumeAlreadyComputed) - .expect("Should be valid"), + Ok(Entities::from_entities( + set.into_iter(), + None::<&NoEntitiesSchema>, + TCComputation::AssumeAlreadyComputed, + Extensions::all_available(), ) + .expect("Should be valid")) } else { Ok(entities) } diff --git a/cedar-drt/fuzz/src/lib.rs b/cedar-drt/fuzz/src/lib.rs index ea784b7a2..de14cf70e 100644 --- a/cedar-drt/fuzz/src/lib.rs +++ b/cedar-drt/fuzz/src/lib.rs @@ -178,7 +178,7 @@ pub fn run_val_test( fn test_run_auth_test() { use cedar_drt::JavaDefinitionalEngine; use cedar_policy_core::ast::{Entity, EntityUID, RestrictedExpr}; - use cedar_policy_core::entities::TCComputation; + use cedar_policy_core::entities::{NoEntitiesSchema, TCComputation}; use smol_str::SmolStr; let java_def_engine = @@ -241,7 +241,9 @@ fn test_run_auth_test() { ); let entities = Entities::from_entities( vec![entity_alice, entity_view, entity_vacation], + None::<&NoEntitiesSchema>, TCComputation::AssumeAlreadyComputed, + Extensions::all_available(), ) .unwrap(); run_auth_test(&java_def_engine, &query, &policies, &entities); diff --git a/cedar-policy-generators/src/hierarchy.rs b/cedar-policy-generators/src/hierarchy.rs index bc6bff220..35dc40eb7 100644 --- a/cedar-policy-generators/src/hierarchy.rs +++ b/cedar-policy-generators/src/hierarchy.rs @@ -6,7 +6,8 @@ use crate::schema::{attrs_from_attrs_or_context, build_qualified_entity_type_nam use crate::size_hint_utils::{size_hint_for_choose, size_hint_for_ratio}; use arbitrary::{Arbitrary, Unstructured}; use cedar_policy_core::ast::{self, Eid, Entity, EntityUID}; -use cedar_policy_core::entities::{Entities, TCComputation}; +use cedar_policy_core::entities::{Entities, NoEntitiesSchema, TCComputation}; +use cedar_policy_core::extensions::Extensions; use nanoid::nanoid; /// EntityUIDs with the mappings to their indices in the container. @@ -223,8 +224,13 @@ impl Hierarchy { impl TryFrom for Entities { type Error = String; fn try_from(h: Hierarchy) -> std::result::Result { - Entities::from_entities(h.into_entities().map(Into::into), TCComputation::ComputeNow) - .map_err(|e| e.to_string()) + Entities::from_entities( + h.into_entities().map(Into::into), + None::<&NoEntitiesSchema>, + TCComputation::ComputeNow, + Extensions::all_available(), + ) + .map_err(|e| e.to_string()) } } diff --git a/cedar-policy-generators/src/main.rs b/cedar-policy-generators/src/main.rs index cbeed41e0..617d00ff0 100644 --- a/cedar-policy-generators/src/main.rs +++ b/cedar-policy-generators/src/main.rs @@ -3,12 +3,13 @@ use std::{fs::File, io}; use anyhow::{anyhow, Result}; use arbitrary::Unstructured; use cedar_policy_core::entities::{Entities, TCComputation}; +use cedar_policy_core::extensions::Extensions; use cedar_policy_generators::{ hierarchy::{EntityUIDGenMode, HierarchyGenerator, HierarchyGeneratorMode, NumEntities}, schema::Schema, settings::ABACSettings, }; -use cedar_policy_validator::SchemaFragment; +use cedar_policy_validator::{CoreSchema, SchemaFragment, ValidatorSchema}; use clap::{Args, Parser, Subcommand}; use rand::{thread_rng, Rng}; @@ -85,15 +86,25 @@ fn generate_hierarchy_from_schema(byte_length: usize, args: &HierarchyArgs) -> R } .generate() .map_err(|err| anyhow!("failed to generate hierarchy: {err:#?}"))?; + let vschema = ValidatorSchema::try_from(schema) + .map_err(|err| anyhow!("failed to convert schema to ValidatorSchema: {err}"))?; + let coreschema = CoreSchema::new(&vschema); // this is just to ensure no cycles. // we throw away the `Entities` built with `ComputeNow`, because we want to // generate hierarchies that aren't necessarily TC-closed. - Entities::from_entities(h.entities().cloned(), TCComputation::ComputeNow)?; + Entities::from_entities( + h.entities().cloned(), + Some(&coreschema), + TCComputation::ComputeNow, + Extensions::all_available(), + )?; Ok(Entities::from_entities( h.entities().cloned(), + Some(&coreschema), // use `AssumeAlreadyComputed` because we want a hierarchy that isn't // necessarily TC-closed. TCComputation::AssumeAlreadyComputed, + Extensions::all_available(), )?) } From dcbf1ad738d5ed9a418e04406224b600ffbe0434 Mon Sep 17 00:00:00 2001 From: Craig Disselkoen Date: Mon, 30 Oct 2023 14:34:26 +0000 Subject: [PATCH 2/2] fix tests --- cedar-policy-generators/src/schema.rs | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/cedar-policy-generators/src/schema.rs b/cedar-policy-generators/src/schema.rs index d9ae73584..c70626de7 100644 --- a/cedar-policy-generators/src/schema.rs +++ b/cedar-policy-generators/src/schema.rs @@ -1266,7 +1266,8 @@ mod tests { use crate::{hierarchy::EntityUIDGenMode, settings::ABACSettings}; use arbitrary::Unstructured; use cedar_policy_core::entities::Entities; - use cedar_policy_validator::SchemaFragment; + use cedar_policy_core::extensions::Extensions; + use cedar_policy_validator::{CoreSchema, SchemaFragment, ValidatorSchema}; use rand::{rngs::ThreadRng, thread_rng, RngCore}; const RANDOM_BYTE_SIZE: u16 = 1024; @@ -1736,9 +1737,14 @@ mod tests { let h = schema .arbitrary_hierarchy_with_nanoid_uids(EntityUIDGenMode::default_nanoid_len(), &mut u) .expect("failed to generate hierarchy!"); + let vschema = + ValidatorSchema::try_from(schema).expect("failed to convert to ValidatorSchema"); + let coreschema = CoreSchema::new(&vschema); Entities::from_entities( h.entities().into_iter().map(|e| e.clone()), + Some(&coreschema), cedar_policy_core::entities::TCComputation::ComputeNow, + Extensions::all_available(), ) } }