Andrewmwells/protobufs

cedar-policy-core/Cargo.toml

@@ -28,6 +28,7 @@ stacker = "0.1.15"
 arbitrary = { version = "1", features = ["derive"], optional = true }
 miette = { version = "7.1.0", features = ["serde"] }
 nonempty = "0.10.0"
+prost = "0.12"
 
 # decimal extension requires regex
 regex = { version = "1.8", features = ["unicode"], optional = true }
@@ -39,7 +40,7 @@ wasm-bindgen = { version = "0.2.82", optional = true }
 
 [features]
 # by default, enable all Cedar extensions
-default = ["ipaddr", "decimal"]
+default = ["ipaddr", "decimal", "protobufs"]
 ipaddr = []
 decimal = ["dep:regex"]
 
@@ -52,9 +53,11 @@ test-util = []
 # Experimental features.
 partial-eval = []
 wasm = ["serde-wasm-bindgen", "tsify", "wasm-bindgen"]
+protobufs = []
 
 [build-dependencies]
 lalrpop = "0.22.0"
+prost-build = "0.5"
 
 [dev-dependencies]
 cool_asserts = "2.0"

cedar-policy-core/build.rs

@@ -16,6 +16,8 @@
 
 fn main() {
     generate_parsers();
+    #[cfg(feature = "protobufs")]
+    generate_schemas();
 }
 
 /// Reads parser grammar files (.lalrpop) and generates Rust modules
@@ -26,3 +28,10 @@ fn generate_parsers() {
         .process_dir("src/parser/")
         .expect("parser synth");
 }
+
+#[cfg(feature = "protobufs")]
+/// Reads protobuf schema files (.proto) and generates Rust modules
+fn generate_schemas() {
+    prost_build::compile_protos(&["./schema/AST.proto"], &["./schema"])
+        .expect("Prost protobuf compilation error;");
+}

cedar-policy-core/schema/AST.proto

@@ -0,0 +1,317 @@
+syntax = "proto3";
+package cedar_policy_core;
+
+message Request {
+    EntityUidEntry principal = 1;
+    EntityUidEntry action = 2;
+    EntityUidEntry resource = 3;
+    Context context = 4;
+}
+
+message LiteralPolicySet {
+    // Key is PolicyID as a string
+    map<string, TemplateBody> templates = 1;
+    map<string, LiteralPolicy> links = 2;
+}
+
+enum Mode {
+    Concrete = 0;
+    Partial = 1;
+}
+
+message Entities {
+    repeated Entity entities = 1;
+    Mode mode = 2;
+}
+
+message Context {
+    Expr context = 1;
+}
+
+// BEGIN REQUEST MESSAGES
+
+message EntityUidEntry {
+    EntityUid euid = 1;
+    Loc loc = 2;
+}
+
+message EntityUid {
+    EntityType ty = 1;
+    string eid = 2;
+    Loc loc = 3;
+}
+
+message EntityType {
+    Name name = 1;
+}
+
+// alias Id = string
+message Name {
+    string id = 1;
+    repeated string path = 2;
+    Loc loc = 3;
+}
+
+message Loc {
+    uint32 offset = 1;
+    uint32 length = 2;
+    string src = 3;
+}
+
+
+// END REQUEST MESSAGES
+
+
+// BEGIN POLICYSET MESSAGES
+
+message LiteralPolicy {
+    string template_id = 1;
+    string link_id = 2;
+    bool link_id_specified = 3;
+    // map<SlotId, EntityUid> is not allowed since keys in map
+    // fields cannot be enum types
+    // map<SlotId, EntityUid> values = 4;
+    EntityUid principal_euid = 4;
+    EntityUid resource_euid = 5;
+}
+
+message Annotation {
+    string val = 1;
+    Loc loc = 2;
+}
+
+enum Effect {
+    Forbid = 0;
+    Permit = 1;
+}
+
+message TemplateBody {
+    string id = 1;
+    Loc loc = 2;
+    // alias AnyId = string
+    // alias Annotations = map<AnyId, Annotation>
+    map<string, Annotation> annotations = 3;
+    Effect effect = 4;
+    PrincipalConstraint principal_constraint = 5;
+    ActionConstraint action_constraint = 6;
+    ResourceConstraint resource_constraint = 7;
+    Expr non_scope_constraints = 8;
+}
+
+message PrincipalConstraint {
+    PrincipalOrResourceConstraint constraint = 1;
+}
+
+message ResourceConstraint {
+    PrincipalOrResourceConstraint constraint = 1;
+}
+
+message EntityReference {
+    oneof data {
+        Ty ty = 1;
+        EntityUid euid = 2;
+    }
+
+    // Zero-Arity constructors
+    enum Ty {
+        Slot = 0;
+    }
+}
+
+message PrincipalOrResourceConstraint {
+    oneof data {
+        Ty ty = 1;
+        InMessage in = 2;
+        EqMessage eq = 3;
+        IsMessage is = 4;
+        IsInMessage isIn = 5;
+    }
+
+    // Zero-arity constructors
+    enum Ty {
+        Any = 0;
+    }
+
+    message InMessage {
+        EntityReference er = 1;
+    }
+    message EqMessage {
+        EntityReference er = 1;
+    }
+    message IsMessage {
+        EntityType et = 1;
+    }
+    message IsInMessage {
+        EntityReference er = 1;
+        EntityType et = 2;
+    }
+}
+
+enum SlotId {
+    Principal = 0;
+    Resource = 1;
+}
+
+message ActionConstraint {
+    oneof data {
+        Ty ty = 1;
+        InMessage in = 2;
+        EqMessage eq = 3;
+    }
+
+    enum Ty {
+        Any = 0;
+    }
+    message InMessage {
+        repeated EntityUid euids = 1;
+    }
+    message EqMessage {
+        EntityUid euid = 1;
+    }
+}
+
+message Expr {
+    ExprKind expr_kind = 1;
+    Loc source_loc = 2;
+
+    message ExprKind {
+        oneof data {
+            Literal lit = 1;
+            Var var = 2;
+            SlotId slot = 3;
+            If if = 4;
+            And and = 5;
+            Or or = 6;
+            UnaryApp uApp = 7;
+            BinaryApp bApp = 8;
+            ExtensionFunctionApp extApp = 9;
+            GetAttr getAttr = 10;
+            HasAttr hasAttr = 11;
+            Like like = 12;
+            Is is = 13;
+            Set set = 14;
+            Record record = 15;
+        }
+    }
+    message Literal {
+        oneof lit {
+            bool b = 1;
+            int64 i = 2;
+            string s = 3;
+            EntityUid euid = 4;
+        }
+    }
+
+    enum Var {
+        Principal = 0;
+        Action = 1;
+        Resource = 2;
+        CONTEXT = 3;
+    }
+
+    message If {
+        Expr test_expr = 1;
+        Expr then_expr = 2;
+        Expr else_expr = 3;
+    }
+
+    message And {
+        Expr left = 1;
+        Expr right = 2;
+    }
+
+    message Or {
+        Expr left = 1;
+        Expr right = 2;
+    }
+
+    message UnaryApp {
+        Op op = 1;
+        Expr expr = 2;
+
+        enum Op {
+            Not = 0;
+            Neg = 1;
+        }
+    }
+
+    message BinaryApp {
+        Op op = 1;
+        Expr left = 2;
+        Expr right = 3;
+
+        enum Op {
+            Eq = 0;
+            Less = 1;
+            LessEq = 2;
+            Add = 3;
+            Sub = 4;
+            Mul = 5;
+            In = 6;
+            Contains = 7;
+            ContainsAll = 8;
+            ContainsAny = 9;
+            GetTag = 10;
+            HasTag = 11;
+        }
+    }
+
+    message ExtensionFunctionApp {
+        Name fn_name = 1;
+        repeated Expr args = 2;
+    }
+
+    message GetAttr {
+        Expr expr = 1;
+        string attr = 2;
+    }
+
+    message HasAttr {
+        Expr expr = 1;
+        string attr = 2;
+    }
+
+    message Like {
+        Expr expr = 1;
+        repeated PatternElem pattern = 2;
+
+        message PatternElem {
+            oneof data {
+                Ty ty = 1;
+                string c = 2;
+            }
+
+            // Zero-arity constructors
+            enum Ty {
+                Wildcard = 0;
+            }
+        }
+    }
+
+    message Is {
+        Expr expr = 1;
+        EntityType entity_type = 2;
+    }
+
+    message Set {
+        repeated Expr elements = 1;
+    }
+
+    message Record {
+        map<string, Expr> items = 1;
+    }
+}
+
+// END POLICYSET MESSAGES
+
+
+// ENTER ENTITITES MESSAGES
+
+message Entity {
+    EntityUid uid = 1;
+    map<string, Expr> attrs = 2;
+    repeated EntityUid ancestors = 3;
+    map<string, Expr> tags = 4;
+}
+
+// END ENTITITES MESSAGES

cedar-policy-core/src/ast.rs

@@ -16,6 +16,12 @@
 
 //! This module contains the AST datatypes.
 
+#[cfg(feature = "protobufs")]
+pub mod proto {
+    #![allow(missing_docs)]
+    include!(concat!(env!("OUT_DIR"), "/cedar_policy_core.rs"));
+}
+
 mod expr;
 pub use expr::*;
 mod entity;