Skip to content

Commit

Permalink
Merge pull request #16 from cedar-policy/chore/hakanson/20241030
Browse files Browse the repository at this point in the history 
chore: update examples and dependencies
  • Loading branch information
@shaobo-he-aws
shaobo-he-aws authored Oct 31, 2024
2 parents ec4de4e + 15d1e11 commit ab7cfea
Show file tree
Hide file tree
Showing 10 changed files with 375 additions and 190 deletions.
387 changes: 209 additions & 178 deletions package-lock.json
View file

Large diffs are not rendered by default.

8 changes: 4 additions & 4 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,9 @@
"cedarschema"
],
"devDependencies": {
"highlight.js": "^11.9.0",
"prettier": "^3.2.5",
"vite": "^5.4.6",
"vitest": "^1.5.0"
"highlight.js": "^11.10.0",
"prettier": "^3.3.3",
"vite": "^5.4.10",
"vitest": "^1.6.0"
}
}
21 changes: 21 additions & 0 deletions test/data/namespaces.cedarschema
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,3 +35,24 @@ namespace N2 {

// no namespace
entity Y;

// numeronym namespace (like k8s or i18n)
namespace k8s {
entity User in Group;
entity Group;
entity Resource {
metadata?: String
};
action "list" appliesTo {
principal: [k8s::User],
resource: [k8s::Resource],
context: {}
};
action "update" appliesTo {
principal: [k8s::User],
resource: [k8s::Resource],
context: {
oldObject?: String
}
};
}
21 changes: 21 additions & 0 deletions test/data/namespaces.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,3 +35,24 @@

<span class="hljs-comment">// no namespace</span>
<span class="hljs-keyword">entity</span> Y<span class="hljs-punctuation">;</span>

<span class="hljs-comment">// numeronym namespace (like k8s or i18n)</span>
<span class="hljs-keyword">namespace</span> k8s <span class="hljs-punctuation">{</span>
<span class="hljs-keyword">entity</span> User <span class="hljs-keyword">in</span> Group<span class="hljs-punctuation">;</span>
<span class="hljs-keyword">entity</span> Group<span class="hljs-punctuation">;</span>
<span class="hljs-keyword">entity</span> Resource <span class="hljs-punctuation">{</span>
<span class="hljs-property">metadata</span>?: String
<span class="hljs-punctuation">}</span><span class="hljs-punctuation">;</span>
<span class="hljs-keyword">action</span> <span class="hljs-string">&quot;list&quot;</span> <span class="hljs-keyword">appliesTo</span> <span class="hljs-punctuation">{</span>
<span class="hljs-property">principal</span>: <span class="hljs-punctuation">[</span>k8s::User<span class="hljs-punctuation">]</span>,
<span class="hljs-property">resource</span>: <span class="hljs-punctuation">[</span>k8s::Resource<span class="hljs-punctuation">]</span>,
<span class="hljs-property">context</span>: <span class="hljs-punctuation">{</span><span class="hljs-punctuation">}</span>
<span class="hljs-punctuation">}</span><span class="hljs-punctuation">;</span>
<span class="hljs-keyword">action</span> <span class="hljs-string">&quot;update&quot;</span> <span class="hljs-keyword">appliesTo</span> <span class="hljs-punctuation">{</span>
<span class="hljs-property">principal</span>: <span class="hljs-punctuation">[</span>k8s::User<span class="hljs-punctuation">]</span>,
<span class="hljs-property">resource</span>: <span class="hljs-punctuation">[</span>k8s::Resource<span class="hljs-punctuation">]</span>,
<span class="hljs-property">context</span>: <span class="hljs-punctuation">{</span>
<span class="hljs-property">oldObject</span>?: String
<span class="hljs-punctuation">}</span>
<span class="hljs-punctuation">}</span><span class="hljs-punctuation">;</span>
<span class="hljs-punctuation">}</span>
8 changes: 8 additions & 0 deletions test/data/numeronym.cedar
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
// inspired by https://www.cedarpolicy.com/blog/cedar-for-kubernetes
forbid (
principal is k8s::User,
action in [k8s::Action::"list", k8s::Action::"update"],
resource is k8s::Resource
) when {
principal in k8s::Group::"block-list"
};
8 changes: 8 additions & 0 deletions test/data/numeronym.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
<span class="hljs-comment">// inspired by https://www.cedarpolicy.com/blog/cedar-for-kubernetes</span>
<span class="hljs-keyword">forbid</span> <span class="hljs-punctuation">(</span>
<span class="hljs-variable">principal</span> <span class="hljs-operator">is</span> <span class="hljs-title class_">k8s::User</span><span class="hljs-punctuation">,</span>
<span class="hljs-variable">action</span> <span class="hljs-operator">in</span> <span class="hljs-punctuation">[</span><span class="hljs-title class_">k8s::Action</span>::<span class="hljs-string">&quot;list&quot;</span><span class="hljs-punctuation">,</span> <span class="hljs-title class_">k8s::Action</span>::<span class="hljs-string">&quot;update&quot;</span><span class="hljs-punctuation">]</span><span class="hljs-punctuation">,</span>
<span class="hljs-variable">resource</span> <span class="hljs-operator">is</span> <span class="hljs-title class_">k8s::Resource</span>
<span class="hljs-punctuation">)</span> <span class="hljs-keyword">when</span> <span class="hljs-punctuation">{</span>
<span class="hljs-variable">principal</span> <span class="hljs-operator">in</span> <span class="hljs-title class_">k8s::Group</span>::<span class="hljs-string">&quot;block-list&quot;</span>
<span class="hljs-punctuation">}</span><span class="hljs-punctuation">;</span>
12 changes: 10 additions & 2 deletions test/data/quotes.cedar
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,12 @@
// you "must" be 54" tall to ride (wink)
@id("54\" rule") // 54" is 4' 6"
@id("54\" rule") // 54" is 4' 6"
forbid (principal, action, resource)
when { resource.restriction == "54\"" && principal.height < 54 };
when
{
resource.restriction == "54\"" &&
principal.height < 54 &&
principal.attrSet.contains({
"key": "height",
"values": ["54\"", "4' 6\""]
})
};
12 changes: 10 additions & 2 deletions test/data/quotes.html
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,12 @@
<span class="hljs-comment">// you &quot;must&quot; be 54&quot; tall to ride (wink)</span>
@id<span class="hljs-punctuation">(</span><span class="hljs-string">&quot;54\&quot; rule&quot;</span><span class="hljs-punctuation">)</span> <span class="hljs-comment">// 54&quot; is 4&#x27; 6&quot; </span>
@id<span class="hljs-punctuation">(</span><span class="hljs-string">&quot;54\&quot; rule&quot;</span><span class="hljs-punctuation">)</span> <span class="hljs-comment">// 54&quot; is 4&#x27; 6&quot;</span>
<span class="hljs-keyword">forbid</span> <span class="hljs-punctuation">(</span><span class="hljs-variable">principal</span><span class="hljs-punctuation">,</span> <span class="hljs-variable">action</span><span class="hljs-punctuation">,</span> <span class="hljs-variable">resource</span><span class="hljs-punctuation">)</span>
<span class="hljs-keyword">when</span> <span class="hljs-punctuation">{</span> <span class="hljs-variable">resource</span><span class="hljs-punctuation">.</span>restriction <span class="hljs-operator">==</span> <span class="hljs-string">&quot;54\&quot;&quot;</span> <span class="hljs-operator">&amp;&amp;</span> <span class="hljs-variable">principal</span><span class="hljs-punctuation">.</span>height <span class="hljs-operator">&lt;</span> <span class="hljs-number">54</span> <span class="hljs-punctuation">}</span><span class="hljs-punctuation">;</span>
<span class="hljs-keyword">when</span>
<span class="hljs-punctuation">{</span>
<span class="hljs-variable">resource</span><span class="hljs-punctuation">.</span>restriction <span class="hljs-operator">==</span> <span class="hljs-string">&quot;54\&quot;&quot;</span> <span class="hljs-operator">&amp;&amp;</span>
<span class="hljs-variable">principal</span><span class="hljs-punctuation">.</span>height <span class="hljs-operator">&lt;</span> <span class="hljs-number">54</span> <span class="hljs-operator">&amp;&amp;</span>
<span class="hljs-variable">principal</span><span class="hljs-punctuation">.</span>attrSet<span class="hljs-punctuation">.</span><span class="hljs-title function_ invoke__">contains</span><span class="hljs-punctuation">(</span><span class="hljs-punctuation">{</span>
<span class="hljs-string">&quot;key&quot;</span>: <span class="hljs-string">&quot;height&quot;</span><span class="hljs-punctuation">,</span>
<span class="hljs-string">&quot;values&quot;</span>: <span class="hljs-punctuation">[</span><span class="hljs-string">&quot;54\&quot;&quot;</span><span class="hljs-punctuation">,</span> <span class="hljs-string">&quot;4&#x27; 6\&quot;&quot;</span><span class="hljs-punctuation">]</span>
<span class="hljs-punctuation">}</span><span class="hljs-punctuation">)</span>
<span class="hljs-punctuation">}</span><span class="hljs-punctuation">;</span>
44 changes: 42 additions & 2 deletions test/static/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,14 +129,34 @@ <h3>is.cedar</h3>
// false - `ExampleCo::User` and `User` are different entity types
ExampleCo::User::"alice" is User
};
</code></pre>

<h3>numeronym.cedar</h3>
<pre><code class="language-cedar">
// inspired by https://www.cedarpolicy.com/blog/cedar-for-kubernetes
forbid (
principal is k8s::User,
action in [k8s::Action::"list", k8s::Action::"update"],
resource is k8s::Resource
) when {
principal in k8s::Group::"block-list"
};
</code></pre>

<h3>quotes.cedar</h3>
<pre><code class="language-cedar">
// you "must" be 54" tall to ride (wink)
@id("54\" rule") // 54" is 4' 6"
@id("54\" rule") // 54" is 4' 6"
forbid (principal, action, resource)
when { resource.restriction == "54\"" && principal.height &lt; 54 };
when
{
resource.restriction == "54\"" &&
principal.height &lt; 54 &&
principal.attrSet.contains({
"key": "height",
"values": ["54\"", "4' 6\""]
})
};
</code></pre>

<h3>template.cedar</h3>
Expand Down Expand Up @@ -211,6 +231,26 @@ <h3>namespaces.cedarschema</h3>
// no namespace
entity Y;

// numeronym namespace (like k8s or i18n)
namespace k8s {
entity User in Group;
entity Group;
entity Resource {
metadata?: String
};
action "list" appliesTo {
principal: [k8s::User],
resource: [k8s::Resource],
context: {}
};
action "update" appliesTo {
principal: [k8s::User],
resource: [k8s::Resource],
context: {
oldObject?: String
}
};
}
</code></pre>

<!-- END generated code -->
Expand Down
44 changes: 42 additions & 2 deletions test/vite/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,14 +119,34 @@ <h3>is.cedar</h3>
// false - `ExampleCo::User` and `User` are different entity types
ExampleCo::User::"alice" is User
};
</code></pre>

<h3>numeronym.cedar</h3>
<pre><code class="language-cedar">
// inspired by https://www.cedarpolicy.com/blog/cedar-for-kubernetes
forbid (
principal is k8s::User,
action in [k8s::Action::"list", k8s::Action::"update"],
resource is k8s::Resource
) when {
principal in k8s::Group::"block-list"
};
</code></pre>

<h3>quotes.cedar</h3>
<pre><code class="language-cedar">
// you "must" be 54" tall to ride (wink)
@id("54\" rule") // 54" is 4' 6"
@id("54\" rule") // 54" is 4' 6"
forbid (principal, action, resource)
when { resource.restriction == "54\"" && principal.height &lt; 54 };
when
{
resource.restriction == "54\"" &&
principal.height &lt; 54 &&
principal.attrSet.contains({
"key": "height",
"values": ["54\"", "4' 6\""]
})
};
</code></pre>

<h3>template.cedar</h3>
Expand Down Expand Up @@ -201,6 +221,26 @@ <h3>namespaces.cedarschema</h3>
// no namespace
entity Y;

// numeronym namespace (like k8s or i18n)
namespace k8s {
entity User in Group;
entity Group;
entity Resource {
metadata?: String
};
action "list" appliesTo {
principal: [k8s::User],
resource: [k8s::Resource],
context: {}
};
action "update" appliesTo {
principal: [k8s::User],
resource: [k8s::Resource],
context: {
oldObject?: String
}
};
}
</code></pre>

<!-- END generated code -->
Expand Down

0 comments on commit ab7cfea

Please sign in to comment.