Updates for cedar#837 (#155)

cedar-policy · Jun 4, 2024 · 7c1dd53 · 7c1dd53
1 parent b27777e
commit 7c1dd53
Show file tree

Hide file tree

Showing 7 changed files with 38 additions and 39 deletions.
diff --git a/CedarJava/src/main/java/com/cedarpolicy/model/AuthorizationRequest.java b/CedarJava/src/main/java/com/cedarpolicy/model/AuthorizationRequest.java
@@ -61,7 +61,7 @@ public class AuthorizationRequest {
      * If this is `false`, the schema will only be used for schema-based parsing
      * of `context`, and not for request validation.
      * If a schema is not provided, this option has no effect. */
-    @JsonProperty("enableRequestValidation")
+    @JsonProperty("validateRequest")
     public final boolean enableRequestValidation;
 
     /**

diff --git a/CedarJava/src/main/java/com/cedarpolicy/model/AuthorizationSuccessResponse.java b/CedarJava/src/main/java/com/cedarpolicy/model/AuthorizationSuccessResponse.java
@@ -31,10 +31,10 @@ public final class AuthorizationSuccessResponse {
     /** The two possible results of request evaluation. */
     public enum Decision {
         /** Represents an authorization request that is allowed. */
-        @JsonProperty("Allow")
+        @JsonProperty("allow")
         Allow,
         /** Represents an authorization request that is denied. */
-        @JsonProperty("Deny")
+        @JsonProperty("deny")
         Deny,
     }
 

diff --git a/CedarJava/src/main/java/com/cedarpolicy/model/PartialAuthorizationResponse.java b/CedarJava/src/main/java/com/cedarpolicy/model/PartialAuthorizationResponse.java
@@ -110,10 +110,10 @@ public Set<String> getNontrivialResiduals() {
      * @param decision Deserialized `decision` attribute of nested JSON object.
      * @param satisfied Deserialized `satisfied` attribute of nested JSON object.
      * @param errored Deserialized `errored` attribute of nested JSON object.
-     * @param may_be_determining Deserialized `may_be_determining` attribute of nested JSON object.
-     * @param must_be_determining Deserialized `must_be_determining` attribute of nested JSON object.
+     * @param may_be_determining Deserialized `mayBeDetermining` attribute of nested JSON object.
+     * @param must_be_determining Deserialized `mustBeDetermining` attribute of nested JSON object.
      * @param residuals Deserialized `residual` attribute of nested JSON object.
-     * @param nontrivial_residuals Deserialized `nontrivial_residuals` attribute of nested JSON object.
+     * @param nontrivial_residuals Deserialized `nontrivialResiduals` attribute of nested JSON object.
      * @param warnings Deserialized `warnings` attribute of nested JSON object.
      * @return
      */
@@ -123,10 +123,10 @@ public static PartialAuthorizationResponse createPartialAuthorizationResponse(
         @JsonProperty("decision") Decision decision,
         @JsonProperty("satisfied") Set<String> satisfied,
         @JsonProperty("errored") Set<String> errored,
-        @JsonProperty("may_be_determining") Set<String> may_be_determining,
-        @JsonProperty("must_be_determining") Set<String> must_be_determining,
+        @JsonProperty("mayBeDetermining") Set<String> may_be_determining,
+        @JsonProperty("mustBeDetermining") Set<String> must_be_determining,
         @JsonProperty("residuals") Map<String, JsonNode> residuals,
-        @JsonProperty("nontrivial_residuals") Set<String> nontrivial_residuals,
+        @JsonProperty("nontrivialResiduals") Set<String> nontrivial_residuals,
         @JsonProperty("warnings") Set<String> warnings) {
             if (nested != null) {
                 return nested;

diff --git a/CedarJava/src/main/java/com/cedarpolicy/model/ValidationRequest.java b/CedarJava/src/main/java/com/cedarpolicy/model/ValidationRequest.java
@@ -18,6 +18,7 @@
 
 import com.cedarpolicy.model.schema.Schema;
 import com.cedarpolicy.model.slice.Policy;
+import com.fasterxml.jackson.annotation.JsonProperty;
 
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 
@@ -29,41 +30,42 @@
 /** Information passed to Cedar for validation. */
 public final class ValidationRequest {
     private final Schema schema;
-    private final Map<String, String> policySet;
+    @JsonProperty("policies")
+    private final Map<String, String> policies;
 
     /**
      * Construct a validation request.
      *
      * @param schema Schema for the request
-     * @param policySet Map of Policy ID to policy.
+     * @param policies Map of Policy ID to policy.
      */
     @SuppressFBWarnings
-    public ValidationRequest(Schema schema, Map<String, String> policySet) {
+    public ValidationRequest(Schema schema, Map<String, String> policies) {
         if (schema == null) {
             throw new NullPointerException("schema");
         }
 
-        if (policySet == null) {
-            throw new NullPointerException("policySet");
+        if (policies == null) {
+            throw new NullPointerException("policies");
         }
 
         this.schema = schema;
-        this.policySet = policySet;
+        this.policies = policies;
     }
 
-    public ValidationRequest(Schema schema, Set<Policy> policySet) {
+    public ValidationRequest(Schema schema, Set<Policy> policies) {
         if (schema == null) {
             throw new NullPointerException("schema");
         }
 
-        if (policySet == null) {
-            throw new NullPointerException("policySet");
+        if (policies == null) {
+            throw new NullPointerException("policies");
         }
 
         this.schema = schema;
-        this.policySet = new HashMap<>();
-        for (Policy p : policySet) {
-            this.policySet.put(p.policyID, p.policySrc);
+        this.policies = new HashMap<>();
+        for (Policy p : policies) {
+            this.policies.put(p.policyID, p.policySrc);
         }
     }
 
@@ -83,7 +85,7 @@ public Schema getSchema() {
      */
     @SuppressFBWarnings
     public Map<String, String> getPolicySet() {
-        return this.policySet;
+        return this.policies;
     }
 
     /** Test equality. */
@@ -94,17 +96,17 @@ public boolean equals(final Object o) {
         }
 
         final ValidationRequest other = (ValidationRequest) o;
-        return schema.equals(other.schema) && policySet.equals(other.policySet);
+        return schema.equals(other.schema) && policies.equals(other.policies);
     }
 
     /** Hash. */
     @Override
     public int hashCode() {
-        return Objects.hash(schema, policySet);
+        return Objects.hash(schema, policies);
     }
 
     /** Get readable string representation. */
     public String toString() {
-        return "ValidationRequest(schema=" + schema + ", policySet=" + policySet + ")";
+        return "ValidationRequest(schema=" + schema + ", policies=" + policies + ")";
     }
 }
diff --git a/CedarJava/src/test/java/com/cedarpolicy/JSONTests.java b/CedarJava/src/test/java/com/cedarpolicy/JSONTests.java
@@ -59,7 +59,7 @@ private static void assertJSONEqual(JsonNode expectedJSON, Object obj) {
     @Test
     public void testAuthSuccessResponse() {
         String src =
-                "{ \"response\": { \"decision\":\"Allow\", \"diagnostics\": { \"reason\":[], \"errors\": [] } } }";
+                "{ \"response\": { \"decision\":\"allow\", \"diagnostics\": { \"reason\":[], \"errors\": [] } } }";
         try {
             AuthorizationResponse r = objectReader().forType(AuthorizationResponse.class).readValue(src);
             assertTrue(r.success.get().isAllowed());
@@ -71,7 +71,7 @@ public void testAuthSuccessResponse() {
     @Test
     public void testAuthConcretePartialResponse() {
         String src =
-                "{ \"response\": { \"decision\":\"Allow\", \"satisfied\": [], \"errored\": [\"p0\"], \"may_be_determining\": [], \"must_be_determining\": [\"p1\"], \"residuals\": {\"p2\": 3}, \"nontrivial_residuals\": [] } }";
+                "{ \"response\": { \"decision\":\"allow\", \"satisfied\": [], \"errored\": [\"p0\"], \"mayBeDetermining\": [], \"mustBeDetermining\": [\"p1\"], \"residuals\": {\"p2\": 3}, \"nontrivialResiduals\": [] } }";
         try {
             PartialAuthorizationResponse r = objectReader().forType(PartialAuthorizationResponse.class).readValue(src);
             assertTrue(r.getDecision() == Decision.Allow);
@@ -83,7 +83,7 @@ public void testAuthConcretePartialResponse() {
     @Test
     public void testAuthResidualPartialResponse() {
         final String policy = "{ \"effect\": \"permit\", \"principal\": { \"op\": \"All\" }, \"action\": { \"op\": \"All\" }, \"resource\": { \"op\": \"All\" }, \"conditions\": [ { \"kind\": \"when\", \"body\": { \"==\": { \"left\": { \"unknown\": [ { \"Value\": \"principal\" } ] }, \"right\": { \"Value\": { \"__entity\": { \"type\": \"User\", \"id\": \"alice\" } } } } } } ] }";
-        final String src =  "{ \"response\": { \"decision\":\"Allow\", \"satisfied\": [], \"errored\": [\"p0\"], \"may_be_determining\": [], \"must_be_determining\": [\"p1\"], \"residuals\": {\"p0\": " + policy + " }, \"nontrivial_residuals\": [] } }";;
+        final String src =  "{ \"response\": { \"decision\":\"allow\", \"satisfied\": [], \"errored\": [\"p0\"], \"mayBeDetermining\": [], \"mustBeDetermining\": [\"p1\"], \"residuals\": {\"p0\": " + policy + " }, \"nontrivialResiduals\": [] } }";;
         try {
             PartialAuthorizationResponse r = objectReader().forType(PartialAuthorizationResponse.class).readValue(src);
             var residuals = r.getResiduals();
@@ -109,7 +109,7 @@ public void testRequest() {
         n.set("principal", buildEuidObject("Wizard", "gandalf"));
         n.set("action", buildEuidObject("Action", "opens"));
         n.set("resource", buildEuidObject("Mines", "moria"));
-        n.set("enableRequestValidation", JsonNodeFactory.instance.booleanNode(false));
+        n.set("validateRequest", JsonNodeFactory.instance.booleanNode(false));
         assertJSONEqual(n, q);
     }
 
@@ -122,7 +122,7 @@ public void testPartialRequest() {
         n.set("context", JsonNodeFactory.instance.objectNode());
         n.set("action", buildEuidObject("Action", "opens"));
         n.set("resource", buildEuidObject("Mines", "moria"));
-        n.set("enableRequestValidation", JsonNodeFactory.instance.booleanNode(false));
+        n.set("validateRequest", JsonNodeFactory.instance.booleanNode(false));
         assertJSONEqual(n, q);
     }
 

diff --git a/CedarJava/src/test/java/com/cedarpolicy/SharedIntegrationTests.java b/CedarJava/src/test/java/com/cedarpolicy/SharedIntegrationTests.java
@@ -117,11 +117,9 @@ private static class JsonTest {
         /**
          * Whether the given policies are expected to pass the validator with this schema, or not
          */
-        @JsonProperty("should_validate")
         public boolean shouldValidate;
 
         /** List of requests with their expected result. */
-        @JsonAlias("queries")
         public List<JsonRequest> requests;
     }
 
@@ -130,7 +128,7 @@ private static class JsonTest {
     @JsonDeserialize
     private static class JsonRequest {
         /** Textual description of the request. */
-        public String desc;
+        public String description;
 
         /** Principal entity uid used for the request. */
         public JsonEUID principal;
@@ -145,13 +143,12 @@ private static class JsonRequest {
         public Map<String, Value> context;
 
         /** Whether to enable request validation for this request. Default true */
-        public boolean enable_request_validation = true;
+        public boolean validateRequest = true;
 
         /** The expected decision that should be returned by the authorization engine. */
         public Decision decision;
 
         /** The expected reason list that should be returned by the authorization engine. */
-        @JsonAlias("reasons")
         public List<String> reason;
 
         /** The expected error list that should be returned by the authorization engine. */
@@ -274,7 +271,7 @@ private DynamicContainer loadJsonTests(String jsonFile) throws IOException {
                         .map(
                                 request ->
                                         DynamicTest.dynamicTest(
-                                                jsonFile + ": " + request.desc,
+                                                jsonFile + ": " + request.description,
                                                 () ->
                                                         executeJsonRequestTest(
                                                                 entities, policies, request,
@@ -409,7 +406,7 @@ private void executeJsonRequestTest(
                     request.resource == null ? Optional.empty() : Optional.of(EntityUID.parseFromJson(request.resource).get()),
                     Optional.of(request.context),
                     Optional.of(schema),
-                    request.enable_request_validation);
+                    request.validateRequest);
         Slice slice = new BasicSlice(policies, entities);
 
         try {

diff --git a/CedarJavaFFI/src/tests.rs b/CedarJavaFFI/src/tests.rs
@@ -164,7 +164,7 @@ mod validation_tests {
     fn empty_validation_call_json_schema_succeeds() {
         let result = call_cedar(
             "ValidateOperation",
-            r#"{ "schema": { "json": {} }, "policySet": {} }"#,
+            r#"{ "schema": { "json": {} }, "policies": {} }"#,
         );
         assert_validation_success(result);
     }
@@ -173,7 +173,7 @@ mod validation_tests {
     fn empty_validation_call_succeeds() {
         let result = call_cedar(
             "ValidateOperation",
-            r#"{ "schema": { "human": "" }, "policySet": {} }"#,
+            r#"{ "schema": { "human": "" }, "policies": {} }"#,
         );
         assert_validation_success(result);
     }