From 3fdb03dcd1530b3b1e144bca8ca9e7cf795effdb Mon Sep 17 00:00:00 2001 From: Mudit Chaudhary Date: Wed, 29 Jan 2025 19:33:54 +0000 Subject: [PATCH 1/6] adds jvm creation util for testing methods in interface Signed-off-by: Mudit Chaudhary --- CedarJavaFFI/Cargo.toml | 2 +- CedarJavaFFI/src/jvm_test_utils.rs | 35 ++++++++++++++++++++++++++++++ CedarJavaFFI/src/lib.rs | 1 + 3 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 CedarJavaFFI/src/jvm_test_utils.rs diff --git a/CedarJavaFFI/Cargo.toml b/CedarJavaFFI/Cargo.toml index 67445b1a..1bfc6884 100644 --- a/CedarJavaFFI/Cargo.toml +++ b/CedarJavaFFI/Cargo.toml @@ -15,7 +15,7 @@ thiserror = "2.0" itertools = "0.14" # JNI Support -jni = "0.21.0" +jni = { version = "0.21.1", features = ["invocation"] } jni_fn = "0.1.0" [features] diff --git a/CedarJavaFFI/src/jvm_test_utils.rs b/CedarJavaFFI/src/jvm_test_utils.rs new file mode 100644 index 00000000..1c57386f --- /dev/null +++ b/CedarJavaFFI/src/jvm_test_utils.rs @@ -0,0 +1,35 @@ +/* + * Copyright Cedar Contributors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#![cfg(test)] + +use jni::{InitArgsBuilder, JavaVM}; + +/// Creates a new Java Virtual Machine (JVM) instance with basic configuration for tests +/// +/// # Returns +/// * `Result` - A Result containing either: +/// * `JavaVM` - The successfully created JVM instance +/// * `StartJvmError` - Error that occurred during JVM creation +/// +pub(crate) fn create_jvm() -> Result { + let jvm_args = InitArgsBuilder::new() + .option("-Xcheck:jni") + .build() + .unwrap(); + + let jvm = JavaVM::new(jvm_args)?; + Ok(jvm) +} diff --git a/CedarJavaFFI/src/lib.rs b/CedarJavaFFI/src/lib.rs index 11f0b6f8..194b0ace 100644 --- a/CedarJavaFFI/src/lib.rs +++ b/CedarJavaFFI/src/lib.rs @@ -19,6 +19,7 @@ mod answer; mod interface; mod jlist; mod jset; +mod jvm_test_utils; mod objects; mod tests; mod utils; From 9075862c2c742a257aacefa178ce9b552b898af8 Mon Sep 17 00:00:00 2001 From: Mudit Chaudhary Date: Wed, 29 Jan 2025 19:34:38 +0000 Subject: [PATCH 2/6] adds example test for interface methods Signed-off-by: Mudit Chaudhary --- CedarJavaFFI/src/interface.rs | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/CedarJavaFFI/src/interface.rs b/CedarJavaFFI/src/interface.rs index 94e30491..d11e02df 100644 --- a/CedarJavaFFI/src/interface.rs +++ b/CedarJavaFFI/src/interface.rs @@ -623,3 +623,33 @@ fn policies_str_to_pretty_internal<'a>( } } } + +#[cfg(test)] +mod interface_tests { + use super::*; + use crate::jvm_test_utils::*; + use jni::JavaVM; + use std::sync::LazyLock; + + // Static JVM to be used by all the tests. LazyLock for lazy thread-safe lazy initialization + static JVM: LazyLock = LazyLock::new(|| create_jvm().unwrap()); + + mod policy_tests { + use super::*; + + fn policy_effect_test_util(env: &mut JNIEnv, policy: &str, expected_effect: &str) { + let policy_string = env.new_string(policy).unwrap(); + let effect_result = policy_effect_jni_internal(env, policy_string).unwrap(); + let effect_jstr = JString::cast(env, effect_result.l().unwrap()).unwrap(); + let effect = String::from(env.get_string(&effect_jstr).unwrap()); + assert_eq!(effect, expected_effect); + } + + #[test] + fn policy_effect_tests() { + let mut env = JVM.attach_current_thread().unwrap(); + policy_effect_test_util(&mut env, "permit(principal,action,resource);", "permit"); + policy_effect_test_util(&mut env, "forbid(principal,action,resource);", "forbid"); + } + } +} From 8fdd9be144f3e85d8e3a038183f0e60f060d8e81 Mon Sep 17 00:00:00 2001 From: Mudit Chaudhary Date: Wed, 29 Jan 2025 19:52:20 +0000 Subject: [PATCH 3/6] deliberate failure for github actions Signed-off-by: Mudit Chaudhary --- CedarJavaFFI/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CedarJavaFFI/Cargo.toml b/CedarJavaFFI/Cargo.toml index 1bfc6884..50668429 100644 --- a/CedarJavaFFI/Cargo.toml +++ b/CedarJavaFFI/Cargo.toml @@ -15,7 +15,7 @@ thiserror = "2.0" itertools = "0.14" # JNI Support -jni = { version = "0.21.1", features = ["invocation"] } +# jni = { version = "0.21.1", features = ["invocation"] } jni_fn = "0.1.0" [features] From 3827f246be7cac9fe41b920a54e0f32d9a039223 Mon Sep 17 00:00:00 2001 From: Mudit Chaudhary Date: Wed, 29 Jan 2025 20:02:23 +0000 Subject: [PATCH 4/6] deliberate failure for github actions -- tests Signed-off-by: Mudit Chaudhary --- CedarJavaFFI/src/tests.rs | 926 +++++++++++++++++++------------------- 1 file changed, 463 insertions(+), 463 deletions(-) diff --git a/CedarJavaFFI/src/tests.rs b/CedarJavaFFI/src/tests.rs index 8b9e2e64..94e54a8d 100644 --- a/CedarJavaFFI/src/tests.rs +++ b/CedarJavaFFI/src/tests.rs @@ -180,481 +180,481 @@ mod authorization_tests { } } -mod validation_tests { - use super::*; +// mod validation_tests { +// use super::*; - #[test] - fn empty_validation_call_json_schema_succeeds() { - let result = call_cedar("ValidateOperation", r#"{ "schema": {}, "policies": {} }"#); - assert_validation_success(&result); - } +// #[test] +// fn empty_validation_call_json_schema_succeeds() { +// let result = call_cedar("ValidateOperation", r#"{ "schema": {}, "policies": {} }"#); +// assert_validation_success(&result); +// } - #[test] - fn empty_validation_call_succeeds() { - let result = call_cedar("ValidateOperation", r#"{ "schema": "", "policies": {} }"#); - assert_validation_success(&result); - } -} +// #[test] +// fn empty_validation_call_succeeds() { +// let result = call_cedar("ValidateOperation", r#"{ "schema": "", "policies": {} }"#); +// assert_validation_success(&result); +// } +// } -mod entity_validation_tests { - use super::*; - use serde_json::json; +// mod entity_validation_tests { +// use super::*; +// use serde_json::json; - #[test] - fn validate_entities_succeeds() { - let json_data = json!( - { - "entities":[ - { - "uid": { - "type": "PhotoApp::User", - "id": "alice" - }, - "attrs": { - "userId": "897345789237492878", - "personInformation": { - "age": 25, - "name": "alice" - }, - }, - "parents": [ - { - "type": "PhotoApp::UserGroup", - "id": "alice_friends" - }, - { - "type": "PhotoApp::UserGroup", - "id": "AVTeam" - } - ] - }, - { - "uid": { - "type": "PhotoApp::Photo", - "id": "vacationPhoto.jpg" - }, - "attrs": { - "private": false, - "account": { - "__entity": { - "type": "PhotoApp::Account", - "id": "ahmad" - } - } - }, - "parents": [] - }, - { - "uid": { - "type": "PhotoApp::UserGroup", - "id": "alice_friends" - }, - "attrs": {}, - "parents": [] - }, - { - "uid": { - "type": "PhotoApp::UserGroup", - "id": "AVTeam" - }, - "attrs": {}, - "parents": [] - } - ], - "schema":{ - "PhotoApp": { - "commonTypes": { - "PersonType": { - "type": "Record", - "attributes": { - "age": { - "type": "Long" - }, - "name": { - "type": "String" - } - } - }, - "ContextType": { - "type": "Record", - "attributes": { - "ip": { - "type": "Extension", - "name": "ipaddr", - "required": false - }, - "authenticated": { - "type": "Boolean", - "required": true - } - } - } - }, - "entityTypes": { - "User": { - "shape": { - "type": "Record", - "attributes": { - "userId": { - "type": "String" - }, - "personInformation": { - "type": "PersonType" - } - } - }, - "memberOfTypes": [ - "UserGroup" - ] - }, - "UserGroup": { - "shape": { - "type": "Record", - "attributes": {} - } - }, - "Photo": { - "shape": { - "type": "Record", - "attributes": { - "account": { - "type": "Entity", - "name": "Account", - "required": true - }, - "private": { - "type": "Boolean", - "required": true - } - } - }, - "memberOfTypes": [ - "Album", - "Account" - ] - }, - "Album": { - "shape": { - "type": "Record", - "attributes": {} - } - }, - "Account": { - "shape": { - "type": "Record", - "attributes": {} - } - } - }, - "actions": {} - } - } - }); - let result = call_cedar("ValidateEntities", json_data.to_string().as_str()); - assert_success(&result); - } +// #[test] +// fn validate_entities_succeeds() { +// let json_data = json!( +// { +// "entities":[ +// { +// "uid": { +// "type": "PhotoApp::User", +// "id": "alice" +// }, +// "attrs": { +// "userId": "897345789237492878", +// "personInformation": { +// "age": 25, +// "name": "alice" +// }, +// }, +// "parents": [ +// { +// "type": "PhotoApp::UserGroup", +// "id": "alice_friends" +// }, +// { +// "type": "PhotoApp::UserGroup", +// "id": "AVTeam" +// } +// ] +// }, +// { +// "uid": { +// "type": "PhotoApp::Photo", +// "id": "vacationPhoto.jpg" +// }, +// "attrs": { +// "private": false, +// "account": { +// "__entity": { +// "type": "PhotoApp::Account", +// "id": "ahmad" +// } +// } +// }, +// "parents": [] +// }, +// { +// "uid": { +// "type": "PhotoApp::UserGroup", +// "id": "alice_friends" +// }, +// "attrs": {}, +// "parents": [] +// }, +// { +// "uid": { +// "type": "PhotoApp::UserGroup", +// "id": "AVTeam" +// }, +// "attrs": {}, +// "parents": [] +// } +// ], +// "schema":{ +// "PhotoApp": { +// "commonTypes": { +// "PersonType": { +// "type": "Record", +// "attributes": { +// "age": { +// "type": "Long" +// }, +// "name": { +// "type": "String" +// } +// } +// }, +// "ContextType": { +// "type": "Record", +// "attributes": { +// "ip": { +// "type": "Extension", +// "name": "ipaddr", +// "required": false +// }, +// "authenticated": { +// "type": "Boolean", +// "required": true +// } +// } +// } +// }, +// "entityTypes": { +// "User": { +// "shape": { +// "type": "Record", +// "attributes": { +// "userId": { +// "type": "String" +// }, +// "personInformation": { +// "type": "PersonType" +// } +// } +// }, +// "memberOfTypes": [ +// "UserGroup" +// ] +// }, +// "UserGroup": { +// "shape": { +// "type": "Record", +// "attributes": {} +// } +// }, +// "Photo": { +// "shape": { +// "type": "Record", +// "attributes": { +// "account": { +// "type": "Entity", +// "name": "Account", +// "required": true +// }, +// "private": { +// "type": "Boolean", +// "required": true +// } +// } +// }, +// "memberOfTypes": [ +// "Album", +// "Account" +// ] +// }, +// "Album": { +// "shape": { +// "type": "Record", +// "attributes": {} +// } +// }, +// "Account": { +// "shape": { +// "type": "Record", +// "attributes": {} +// } +// } +// }, +// "actions": {} +// } +// } +// }); +// let result = call_cedar("ValidateEntities", json_data.to_string().as_str()); +// assert_success(&result); +// } - #[test] - fn validate_entities_field_missing() { - let json_data = json!( - { - "entities":[ - { - "uid": { - "type": "PhotoApp::User", - "id": "alice" - }, - "attrs": { - "userId": "897345789237492878" - }, - "parents": [ - { - "type": "PhotoApp::UserGroup", - "id": "alice_friends" - }, - { - "type": "PhotoApp::UserGroup", - "id": "AVTeam" - } - ] - }, - { - "uid": { - "type": "PhotoApp::Photo", - "id": "vacationPhoto.jpg" - }, - "attrs": { - "private": false, - "account": { - "__entity": { - "type": "PhotoApp::Account", - "id": "ahmad" - } - } - }, - "parents": [] - }, - { - "uid": { - "type": "PhotoApp::UserGroup", - "id": "alice_friends" - }, - "attrs": {}, - "parents": [] - }, - { - "uid": { - "type": "PhotoApp::UserGroup", - "id": "AVTeam" - }, - "attrs": {}, - "parents": [] - } - ], - "schema":{ - "PhotoApp": { - "commonTypes": { - "PersonType": { - "type": "Record", - "attributes": { - "age": { - "type": "Long" - }, - "name": { - "type": "String" - } - } - }, - "ContextType": { - "type": "Record", - "attributes": { - "ip": { - "type": "Extension", - "name": "ipaddr", - "required": false - }, - "authenticated": { - "type": "Boolean", - "required": true - } - } - } - }, - "entityTypes": { - "User": { - "shape": { - "type": "Record", - "attributes": { - "userId": { - "type": "String" - }, - "personInformation": { - "type": "PersonType" - } - } - }, - "memberOfTypes": [ - "UserGroup" - ] - }, - "UserGroup": { - "shape": { - "type": "Record", - "attributes": {} - } - }, - "Photo": { - "shape": { - "type": "Record", - "attributes": { - "account": { - "type": "Entity", - "name": "Account", - "required": true - }, - "private": { - "type": "Boolean", - "required": true - } - } - }, - "memberOfTypes": [ - "Album", - "Account" - ] - }, - "Album": { - "shape": { - "type": "Record", - "attributes": {} - } - }, - "Account": { - "shape": { - "type": "Record", - "attributes": {} - } - } - }, - "actions": {} - } - } - }); - let result = call_cedar("ValidateEntities", json_data.to_string().as_str()); - assert_failure(&result); - } +// #[test] +// fn validate_entities_field_missing() { +// let json_data = json!( +// { +// "entities":[ +// { +// "uid": { +// "type": "PhotoApp::User", +// "id": "alice" +// }, +// "attrs": { +// "userId": "897345789237492878" +// }, +// "parents": [ +// { +// "type": "PhotoApp::UserGroup", +// "id": "alice_friends" +// }, +// { +// "type": "PhotoApp::UserGroup", +// "id": "AVTeam" +// } +// ] +// }, +// { +// "uid": { +// "type": "PhotoApp::Photo", +// "id": "vacationPhoto.jpg" +// }, +// "attrs": { +// "private": false, +// "account": { +// "__entity": { +// "type": "PhotoApp::Account", +// "id": "ahmad" +// } +// } +// }, +// "parents": [] +// }, +// { +// "uid": { +// "type": "PhotoApp::UserGroup", +// "id": "alice_friends" +// }, +// "attrs": {}, +// "parents": [] +// }, +// { +// "uid": { +// "type": "PhotoApp::UserGroup", +// "id": "AVTeam" +// }, +// "attrs": {}, +// "parents": [] +// } +// ], +// "schema":{ +// "PhotoApp": { +// "commonTypes": { +// "PersonType": { +// "type": "Record", +// "attributes": { +// "age": { +// "type": "Long" +// }, +// "name": { +// "type": "String" +// } +// } +// }, +// "ContextType": { +// "type": "Record", +// "attributes": { +// "ip": { +// "type": "Extension", +// "name": "ipaddr", +// "required": false +// }, +// "authenticated": { +// "type": "Boolean", +// "required": true +// } +// } +// } +// }, +// "entityTypes": { +// "User": { +// "shape": { +// "type": "Record", +// "attributes": { +// "userId": { +// "type": "String" +// }, +// "personInformation": { +// "type": "PersonType" +// } +// } +// }, +// "memberOfTypes": [ +// "UserGroup" +// ] +// }, +// "UserGroup": { +// "shape": { +// "type": "Record", +// "attributes": {} +// } +// }, +// "Photo": { +// "shape": { +// "type": "Record", +// "attributes": { +// "account": { +// "type": "Entity", +// "name": "Account", +// "required": true +// }, +// "private": { +// "type": "Boolean", +// "required": true +// } +// } +// }, +// "memberOfTypes": [ +// "Album", +// "Account" +// ] +// }, +// "Album": { +// "shape": { +// "type": "Record", +// "attributes": {} +// } +// }, +// "Account": { +// "shape": { +// "type": "Record", +// "attributes": {} +// } +// } +// }, +// "actions": {} +// } +// } +// }); +// let result = call_cedar("ValidateEntities", json_data.to_string().as_str()); +// assert_failure(&result); +// } - #[test] - #[should_panic] - fn validate_entities_invalid_json_fails() { - call_cedar("ValidateEntities", "{]"); - } +// #[test] +// #[should_panic] +// fn validate_entities_invalid_json_fails() { +// call_cedar("ValidateEntities", "{]"); +// } - #[test] - fn validate_entities_invalid_schema_fails() { - let json_data = json!( - { - "entities": [ +// #[test] +// fn validate_entities_invalid_schema_fails() { +// let json_data = json!( +// { +// "entities": [ - ], - "schema": { - "PhotoApp": { - "commonTypes": {}, - "entityTypes": { - "UserGroup": { - "shape44": { - "type": "Record", - "attributes": {} - }, - "memberOfTypes": [ - "UserGroup" - ] - } - }, - "actions": {} - } - } - }); - let result = call_cedar("ValidateEntities", json_data.to_string().as_str()); - assert_failure(&result); +// ], +// "schema": { +// "PhotoApp": { +// "commonTypes": {}, +// "entityTypes": { +// "UserGroup": { +// "shape44": { +// "type": "Record", +// "attributes": {} +// }, +// "memberOfTypes": [ +// "UserGroup" +// ] +// } +// }, +// "actions": {} +// } +// } +// }); +// let result = call_cedar("ValidateEntities", json_data.to_string().as_str()); +// assert_failure(&result); - assert!( - result.contains( - "unknown field `shape44`, expected one of `memberOfTypes`, `shape`, `tags`" - ), - "result was `{result}`", - ); - } +// assert!( +// result.contains( +// "unknown field `shape44`, expected one of `memberOfTypes`, `shape`, `tags`" +// ), +// "result was `{result}`", +// ); +// } - #[test] - fn validate_entities_detect_cycle_fails() { - let json_data = json!( - { - "entities": [ - { - "uid": { - "type": "PhotoApp::UserGroup", - "id": "ABCTeam" - }, - "attrs": {}, - "parents": [ - { - "type": "PhotoApp::UserGroup", - "id": "AVTeam" - } - ] - }, - { - "uid": { - "type": "PhotoApp::UserGroup", - "id": "AVTeam" - }, - "attrs": {}, - "parents": [ - { - "type": "PhotoApp::UserGroup", - "id": "ABCTeam" - } - ] - } - ], - "schema": { - "PhotoApp": { - "commonTypes": {}, - "entityTypes": { - "UserGroup": { - "shape": { - "type": "Record", - "attributes": {} - }, - "memberOfTypes": [ - "UserGroup" - ] - } - }, - "actions": {} - } - } - }); - let result = call_cedar("ValidateEntities", json_data.to_string().as_str()); - assert_failure(&result); +// #[test] +// fn validate_entities_detect_cycle_fails() { +// let json_data = json!( +// { +// "entities": [ +// { +// "uid": { +// "type": "PhotoApp::UserGroup", +// "id": "ABCTeam" +// }, +// "attrs": {}, +// "parents": [ +// { +// "type": "PhotoApp::UserGroup", +// "id": "AVTeam" +// } +// ] +// }, +// { +// "uid": { +// "type": "PhotoApp::UserGroup", +// "id": "AVTeam" +// }, +// "attrs": {}, +// "parents": [ +// { +// "type": "PhotoApp::UserGroup", +// "id": "ABCTeam" +// } +// ] +// } +// ], +// "schema": { +// "PhotoApp": { +// "commonTypes": {}, +// "entityTypes": { +// "UserGroup": { +// "shape": { +// "type": "Record", +// "attributes": {} +// }, +// "memberOfTypes": [ +// "UserGroup" +// ] +// } +// }, +// "actions": {} +// } +// } +// }); +// let result = call_cedar("ValidateEntities", json_data.to_string().as_str()); +// assert_failure(&result); - assert!( - result.contains("input graph has a cycle containing vertex `PhotoApp::UserGroup"), - "result was `{result}`", - ); - } -} +// assert!( +// result.contains("input graph has a cycle containing vertex `PhotoApp::UserGroup"), +// "result was `{result}`", +// ); +// } +// } -#[cfg(feature = "partial-eval")] -mod partial_authorization_tests { - use super::*; +// #[cfg(feature = "partial-eval")] +// mod partial_authorization_tests { +// use super::*; - #[test] - fn test_missing_resource_call_succeeds() { - let result = call_cedar( - "AuthorizationPartialOperation", - r#" - { - "context": {}, - "policies": { - "staticPolicies": { - "001": "permit(principal == User::\"alice\", action, resource == Photo::\"door\");" - }, - "templates": {}, - "templateLinks": [] - }, - "entities": [], - "principal" : { "type" : "User", "id" : "alice" }, - "action" : { "type" : "Action", "id" : "view" } - } - "#, - ); - assert_partial_authorization_success(&result); - } +// #[test] +// fn test_missing_resource_call_succeeds() { +// let result = call_cedar( +// "AuthorizationPartialOperation", +// r#" +// { +// "context": {}, +// "policies": { +// "staticPolicies": { +// "001": "permit(principal == User::\"alice\", action, resource == Photo::\"door\");" +// }, +// "templates": {}, +// "templateLinks": [] +// }, +// "entities": [], +// "principal" : { "type" : "User", "id" : "alice" }, +// "action" : { "type" : "Action", "id" : "view" } +// } +// "#, +// ); +// assert_partial_authorization_success(&result); +// } - #[test] - fn test_missing_principal_call_succeeds() { - let result = call_cedar( - "AuthorizationPartialOperation", - r#" - { - "context": {}, - "policies": { - "staticPolicies": { - "001": "permit(principal == User::\"alice\", action, resource == Photo::\"door\");" - }, - "templates": {}, - "templateLinks": [] - }, - "entities": [], - "action" : { "type" : "Action", "id" : "view" }, - "resource" : { "type" : "Photo", "id" : "door" } - } - "#, - ); - assert_partial_authorization_success(&result); - } -} +// #[test] +// fn test_missing_principal_call_succeeds() { +// let result = call_cedar( +// "AuthorizationPartialOperation", +// r#" +// { +// "context": {}, +// "policies": { +// "staticPolicies": { +// "001": "permit(principal == User::\"alice\", action, resource == Photo::\"door\");" +// }, +// "templates": {}, +// "templateLinks": [] +// }, +// "entities": [], +// "action" : { "type" : "Action", "id" : "view" }, +// "resource" : { "type" : "Photo", "id" : "door" } +// } +// "#, +// ); +// assert_partial_authorization_success(&result); +// } +// } -mod parsing_tests {} +// mod parsing_tests {} From 872b05795a0d784cf4d04dfebec8b6563437b0c8 Mon Sep 17 00:00:00 2001 From: Mudit Chaudhary Date: Wed, 29 Jan 2025 20:06:23 +0000 Subject: [PATCH 5/6] changing github workflow for fork Signed-off-by: Mudit Chaudhary --- .github/workflows/run_cedar_java_reusable.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/run_cedar_java_reusable.yml b/.github/workflows/run_cedar_java_reusable.yml index 4b81772e..972757ca 100644 --- a/.github/workflows/run_cedar_java_reusable.yml +++ b/.github/workflows/run_cedar_java_reusable.yml @@ -31,12 +31,12 @@ jobs: - name: Checkout Cedar Java uses: actions/checkout@v4 with: - repository: cedar-policy/cedar-java + repository: muditchaudhary/cedar-java ref: ${{ inputs.cedar_java_ref }} - name: Checkout cedar-policy uses: actions/checkout@v4 with: - repository: cedar-policy/cedar + repository: muditchaudhary/cedar ref: ${{ inputs.cedar_policy_ref }} path: ./cedar - name: Prepare Rust Build From e1484f1e6b3ef944f0fde60250a9f1b27fab037a Mon Sep 17 00:00:00 2001 From: Mudit Chaudhary Date: Wed, 29 Jan 2025 20:09:28 +0000 Subject: [PATCH 6/6] reverts deliberate failures Signed-off-by: Mudit Chaudhary --- CedarJavaFFI/Cargo.toml | 2 +- CedarJavaFFI/src/tests.rs | 926 +++++++++++++++++++------------------- 2 files changed, 464 insertions(+), 464 deletions(-) diff --git a/CedarJavaFFI/Cargo.toml b/CedarJavaFFI/Cargo.toml index 50668429..1bfc6884 100644 --- a/CedarJavaFFI/Cargo.toml +++ b/CedarJavaFFI/Cargo.toml @@ -15,7 +15,7 @@ thiserror = "2.0" itertools = "0.14" # JNI Support -# jni = { version = "0.21.1", features = ["invocation"] } +jni = { version = "0.21.1", features = ["invocation"] } jni_fn = "0.1.0" [features] diff --git a/CedarJavaFFI/src/tests.rs b/CedarJavaFFI/src/tests.rs index 94e54a8d..8b9e2e64 100644 --- a/CedarJavaFFI/src/tests.rs +++ b/CedarJavaFFI/src/tests.rs @@ -180,481 +180,481 @@ mod authorization_tests { } } -// mod validation_tests { -// use super::*; +mod validation_tests { + use super::*; -// #[test] -// fn empty_validation_call_json_schema_succeeds() { -// let result = call_cedar("ValidateOperation", r#"{ "schema": {}, "policies": {} }"#); -// assert_validation_success(&result); -// } + #[test] + fn empty_validation_call_json_schema_succeeds() { + let result = call_cedar("ValidateOperation", r#"{ "schema": {}, "policies": {} }"#); + assert_validation_success(&result); + } -// #[test] -// fn empty_validation_call_succeeds() { -// let result = call_cedar("ValidateOperation", r#"{ "schema": "", "policies": {} }"#); -// assert_validation_success(&result); -// } -// } + #[test] + fn empty_validation_call_succeeds() { + let result = call_cedar("ValidateOperation", r#"{ "schema": "", "policies": {} }"#); + assert_validation_success(&result); + } +} -// mod entity_validation_tests { -// use super::*; -// use serde_json::json; +mod entity_validation_tests { + use super::*; + use serde_json::json; -// #[test] -// fn validate_entities_succeeds() { -// let json_data = json!( -// { -// "entities":[ -// { -// "uid": { -// "type": "PhotoApp::User", -// "id": "alice" -// }, -// "attrs": { -// "userId": "897345789237492878", -// "personInformation": { -// "age": 25, -// "name": "alice" -// }, -// }, -// "parents": [ -// { -// "type": "PhotoApp::UserGroup", -// "id": "alice_friends" -// }, -// { -// "type": "PhotoApp::UserGroup", -// "id": "AVTeam" -// } -// ] -// }, -// { -// "uid": { -// "type": "PhotoApp::Photo", -// "id": "vacationPhoto.jpg" -// }, -// "attrs": { -// "private": false, -// "account": { -// "__entity": { -// "type": "PhotoApp::Account", -// "id": "ahmad" -// } -// } -// }, -// "parents": [] -// }, -// { -// "uid": { -// "type": "PhotoApp::UserGroup", -// "id": "alice_friends" -// }, -// "attrs": {}, -// "parents": [] -// }, -// { -// "uid": { -// "type": "PhotoApp::UserGroup", -// "id": "AVTeam" -// }, -// "attrs": {}, -// "parents": [] -// } -// ], -// "schema":{ -// "PhotoApp": { -// "commonTypes": { -// "PersonType": { -// "type": "Record", -// "attributes": { -// "age": { -// "type": "Long" -// }, -// "name": { -// "type": "String" -// } -// } -// }, -// "ContextType": { -// "type": "Record", -// "attributes": { -// "ip": { -// "type": "Extension", -// "name": "ipaddr", -// "required": false -// }, -// "authenticated": { -// "type": "Boolean", -// "required": true -// } -// } -// } -// }, -// "entityTypes": { -// "User": { -// "shape": { -// "type": "Record", -// "attributes": { -// "userId": { -// "type": "String" -// }, -// "personInformation": { -// "type": "PersonType" -// } -// } -// }, -// "memberOfTypes": [ -// "UserGroup" -// ] -// }, -// "UserGroup": { -// "shape": { -// "type": "Record", -// "attributes": {} -// } -// }, -// "Photo": { -// "shape": { -// "type": "Record", -// "attributes": { -// "account": { -// "type": "Entity", -// "name": "Account", -// "required": true -// }, -// "private": { -// "type": "Boolean", -// "required": true -// } -// } -// }, -// "memberOfTypes": [ -// "Album", -// "Account" -// ] -// }, -// "Album": { -// "shape": { -// "type": "Record", -// "attributes": {} -// } -// }, -// "Account": { -// "shape": { -// "type": "Record", -// "attributes": {} -// } -// } -// }, -// "actions": {} -// } -// } -// }); -// let result = call_cedar("ValidateEntities", json_data.to_string().as_str()); -// assert_success(&result); -// } + #[test] + fn validate_entities_succeeds() { + let json_data = json!( + { + "entities":[ + { + "uid": { + "type": "PhotoApp::User", + "id": "alice" + }, + "attrs": { + "userId": "897345789237492878", + "personInformation": { + "age": 25, + "name": "alice" + }, + }, + "parents": [ + { + "type": "PhotoApp::UserGroup", + "id": "alice_friends" + }, + { + "type": "PhotoApp::UserGroup", + "id": "AVTeam" + } + ] + }, + { + "uid": { + "type": "PhotoApp::Photo", + "id": "vacationPhoto.jpg" + }, + "attrs": { + "private": false, + "account": { + "__entity": { + "type": "PhotoApp::Account", + "id": "ahmad" + } + } + }, + "parents": [] + }, + { + "uid": { + "type": "PhotoApp::UserGroup", + "id": "alice_friends" + }, + "attrs": {}, + "parents": [] + }, + { + "uid": { + "type": "PhotoApp::UserGroup", + "id": "AVTeam" + }, + "attrs": {}, + "parents": [] + } + ], + "schema":{ + "PhotoApp": { + "commonTypes": { + "PersonType": { + "type": "Record", + "attributes": { + "age": { + "type": "Long" + }, + "name": { + "type": "String" + } + } + }, + "ContextType": { + "type": "Record", + "attributes": { + "ip": { + "type": "Extension", + "name": "ipaddr", + "required": false + }, + "authenticated": { + "type": "Boolean", + "required": true + } + } + } + }, + "entityTypes": { + "User": { + "shape": { + "type": "Record", + "attributes": { + "userId": { + "type": "String" + }, + "personInformation": { + "type": "PersonType" + } + } + }, + "memberOfTypes": [ + "UserGroup" + ] + }, + "UserGroup": { + "shape": { + "type": "Record", + "attributes": {} + } + }, + "Photo": { + "shape": { + "type": "Record", + "attributes": { + "account": { + "type": "Entity", + "name": "Account", + "required": true + }, + "private": { + "type": "Boolean", + "required": true + } + } + }, + "memberOfTypes": [ + "Album", + "Account" + ] + }, + "Album": { + "shape": { + "type": "Record", + "attributes": {} + } + }, + "Account": { + "shape": { + "type": "Record", + "attributes": {} + } + } + }, + "actions": {} + } + } + }); + let result = call_cedar("ValidateEntities", json_data.to_string().as_str()); + assert_success(&result); + } -// #[test] -// fn validate_entities_field_missing() { -// let json_data = json!( -// { -// "entities":[ -// { -// "uid": { -// "type": "PhotoApp::User", -// "id": "alice" -// }, -// "attrs": { -// "userId": "897345789237492878" -// }, -// "parents": [ -// { -// "type": "PhotoApp::UserGroup", -// "id": "alice_friends" -// }, -// { -// "type": "PhotoApp::UserGroup", -// "id": "AVTeam" -// } -// ] -// }, -// { -// "uid": { -// "type": "PhotoApp::Photo", -// "id": "vacationPhoto.jpg" -// }, -// "attrs": { -// "private": false, -// "account": { -// "__entity": { -// "type": "PhotoApp::Account", -// "id": "ahmad" -// } -// } -// }, -// "parents": [] -// }, -// { -// "uid": { -// "type": "PhotoApp::UserGroup", -// "id": "alice_friends" -// }, -// "attrs": {}, -// "parents": [] -// }, -// { -// "uid": { -// "type": "PhotoApp::UserGroup", -// "id": "AVTeam" -// }, -// "attrs": {}, -// "parents": [] -// } -// ], -// "schema":{ -// "PhotoApp": { -// "commonTypes": { -// "PersonType": { -// "type": "Record", -// "attributes": { -// "age": { -// "type": "Long" -// }, -// "name": { -// "type": "String" -// } -// } -// }, -// "ContextType": { -// "type": "Record", -// "attributes": { -// "ip": { -// "type": "Extension", -// "name": "ipaddr", -// "required": false -// }, -// "authenticated": { -// "type": "Boolean", -// "required": true -// } -// } -// } -// }, -// "entityTypes": { -// "User": { -// "shape": { -// "type": "Record", -// "attributes": { -// "userId": { -// "type": "String" -// }, -// "personInformation": { -// "type": "PersonType" -// } -// } -// }, -// "memberOfTypes": [ -// "UserGroup" -// ] -// }, -// "UserGroup": { -// "shape": { -// "type": "Record", -// "attributes": {} -// } -// }, -// "Photo": { -// "shape": { -// "type": "Record", -// "attributes": { -// "account": { -// "type": "Entity", -// "name": "Account", -// "required": true -// }, -// "private": { -// "type": "Boolean", -// "required": true -// } -// } -// }, -// "memberOfTypes": [ -// "Album", -// "Account" -// ] -// }, -// "Album": { -// "shape": { -// "type": "Record", -// "attributes": {} -// } -// }, -// "Account": { -// "shape": { -// "type": "Record", -// "attributes": {} -// } -// } -// }, -// "actions": {} -// } -// } -// }); -// let result = call_cedar("ValidateEntities", json_data.to_string().as_str()); -// assert_failure(&result); -// } + #[test] + fn validate_entities_field_missing() { + let json_data = json!( + { + "entities":[ + { + "uid": { + "type": "PhotoApp::User", + "id": "alice" + }, + "attrs": { + "userId": "897345789237492878" + }, + "parents": [ + { + "type": "PhotoApp::UserGroup", + "id": "alice_friends" + }, + { + "type": "PhotoApp::UserGroup", + "id": "AVTeam" + } + ] + }, + { + "uid": { + "type": "PhotoApp::Photo", + "id": "vacationPhoto.jpg" + }, + "attrs": { + "private": false, + "account": { + "__entity": { + "type": "PhotoApp::Account", + "id": "ahmad" + } + } + }, + "parents": [] + }, + { + "uid": { + "type": "PhotoApp::UserGroup", + "id": "alice_friends" + }, + "attrs": {}, + "parents": [] + }, + { + "uid": { + "type": "PhotoApp::UserGroup", + "id": "AVTeam" + }, + "attrs": {}, + "parents": [] + } + ], + "schema":{ + "PhotoApp": { + "commonTypes": { + "PersonType": { + "type": "Record", + "attributes": { + "age": { + "type": "Long" + }, + "name": { + "type": "String" + } + } + }, + "ContextType": { + "type": "Record", + "attributes": { + "ip": { + "type": "Extension", + "name": "ipaddr", + "required": false + }, + "authenticated": { + "type": "Boolean", + "required": true + } + } + } + }, + "entityTypes": { + "User": { + "shape": { + "type": "Record", + "attributes": { + "userId": { + "type": "String" + }, + "personInformation": { + "type": "PersonType" + } + } + }, + "memberOfTypes": [ + "UserGroup" + ] + }, + "UserGroup": { + "shape": { + "type": "Record", + "attributes": {} + } + }, + "Photo": { + "shape": { + "type": "Record", + "attributes": { + "account": { + "type": "Entity", + "name": "Account", + "required": true + }, + "private": { + "type": "Boolean", + "required": true + } + } + }, + "memberOfTypes": [ + "Album", + "Account" + ] + }, + "Album": { + "shape": { + "type": "Record", + "attributes": {} + } + }, + "Account": { + "shape": { + "type": "Record", + "attributes": {} + } + } + }, + "actions": {} + } + } + }); + let result = call_cedar("ValidateEntities", json_data.to_string().as_str()); + assert_failure(&result); + } -// #[test] -// #[should_panic] -// fn validate_entities_invalid_json_fails() { -// call_cedar("ValidateEntities", "{]"); -// } + #[test] + #[should_panic] + fn validate_entities_invalid_json_fails() { + call_cedar("ValidateEntities", "{]"); + } -// #[test] -// fn validate_entities_invalid_schema_fails() { -// let json_data = json!( -// { -// "entities": [ + #[test] + fn validate_entities_invalid_schema_fails() { + let json_data = json!( + { + "entities": [ -// ], -// "schema": { -// "PhotoApp": { -// "commonTypes": {}, -// "entityTypes": { -// "UserGroup": { -// "shape44": { -// "type": "Record", -// "attributes": {} -// }, -// "memberOfTypes": [ -// "UserGroup" -// ] -// } -// }, -// "actions": {} -// } -// } -// }); -// let result = call_cedar("ValidateEntities", json_data.to_string().as_str()); -// assert_failure(&result); + ], + "schema": { + "PhotoApp": { + "commonTypes": {}, + "entityTypes": { + "UserGroup": { + "shape44": { + "type": "Record", + "attributes": {} + }, + "memberOfTypes": [ + "UserGroup" + ] + } + }, + "actions": {} + } + } + }); + let result = call_cedar("ValidateEntities", json_data.to_string().as_str()); + assert_failure(&result); -// assert!( -// result.contains( -// "unknown field `shape44`, expected one of `memberOfTypes`, `shape`, `tags`" -// ), -// "result was `{result}`", -// ); -// } + assert!( + result.contains( + "unknown field `shape44`, expected one of `memberOfTypes`, `shape`, `tags`" + ), + "result was `{result}`", + ); + } -// #[test] -// fn validate_entities_detect_cycle_fails() { -// let json_data = json!( -// { -// "entities": [ -// { -// "uid": { -// "type": "PhotoApp::UserGroup", -// "id": "ABCTeam" -// }, -// "attrs": {}, -// "parents": [ -// { -// "type": "PhotoApp::UserGroup", -// "id": "AVTeam" -// } -// ] -// }, -// { -// "uid": { -// "type": "PhotoApp::UserGroup", -// "id": "AVTeam" -// }, -// "attrs": {}, -// "parents": [ -// { -// "type": "PhotoApp::UserGroup", -// "id": "ABCTeam" -// } -// ] -// } -// ], -// "schema": { -// "PhotoApp": { -// "commonTypes": {}, -// "entityTypes": { -// "UserGroup": { -// "shape": { -// "type": "Record", -// "attributes": {} -// }, -// "memberOfTypes": [ -// "UserGroup" -// ] -// } -// }, -// "actions": {} -// } -// } -// }); -// let result = call_cedar("ValidateEntities", json_data.to_string().as_str()); -// assert_failure(&result); + #[test] + fn validate_entities_detect_cycle_fails() { + let json_data = json!( + { + "entities": [ + { + "uid": { + "type": "PhotoApp::UserGroup", + "id": "ABCTeam" + }, + "attrs": {}, + "parents": [ + { + "type": "PhotoApp::UserGroup", + "id": "AVTeam" + } + ] + }, + { + "uid": { + "type": "PhotoApp::UserGroup", + "id": "AVTeam" + }, + "attrs": {}, + "parents": [ + { + "type": "PhotoApp::UserGroup", + "id": "ABCTeam" + } + ] + } + ], + "schema": { + "PhotoApp": { + "commonTypes": {}, + "entityTypes": { + "UserGroup": { + "shape": { + "type": "Record", + "attributes": {} + }, + "memberOfTypes": [ + "UserGroup" + ] + } + }, + "actions": {} + } + } + }); + let result = call_cedar("ValidateEntities", json_data.to_string().as_str()); + assert_failure(&result); -// assert!( -// result.contains("input graph has a cycle containing vertex `PhotoApp::UserGroup"), -// "result was `{result}`", -// ); -// } -// } + assert!( + result.contains("input graph has a cycle containing vertex `PhotoApp::UserGroup"), + "result was `{result}`", + ); + } +} -// #[cfg(feature = "partial-eval")] -// mod partial_authorization_tests { -// use super::*; +#[cfg(feature = "partial-eval")] +mod partial_authorization_tests { + use super::*; -// #[test] -// fn test_missing_resource_call_succeeds() { -// let result = call_cedar( -// "AuthorizationPartialOperation", -// r#" -// { -// "context": {}, -// "policies": { -// "staticPolicies": { -// "001": "permit(principal == User::\"alice\", action, resource == Photo::\"door\");" -// }, -// "templates": {}, -// "templateLinks": [] -// }, -// "entities": [], -// "principal" : { "type" : "User", "id" : "alice" }, -// "action" : { "type" : "Action", "id" : "view" } -// } -// "#, -// ); -// assert_partial_authorization_success(&result); -// } + #[test] + fn test_missing_resource_call_succeeds() { + let result = call_cedar( + "AuthorizationPartialOperation", + r#" + { + "context": {}, + "policies": { + "staticPolicies": { + "001": "permit(principal == User::\"alice\", action, resource == Photo::\"door\");" + }, + "templates": {}, + "templateLinks": [] + }, + "entities": [], + "principal" : { "type" : "User", "id" : "alice" }, + "action" : { "type" : "Action", "id" : "view" } + } + "#, + ); + assert_partial_authorization_success(&result); + } -// #[test] -// fn test_missing_principal_call_succeeds() { -// let result = call_cedar( -// "AuthorizationPartialOperation", -// r#" -// { -// "context": {}, -// "policies": { -// "staticPolicies": { -// "001": "permit(principal == User::\"alice\", action, resource == Photo::\"door\");" -// }, -// "templates": {}, -// "templateLinks": [] -// }, -// "entities": [], -// "action" : { "type" : "Action", "id" : "view" }, -// "resource" : { "type" : "Photo", "id" : "door" } -// } -// "#, -// ); -// assert_partial_authorization_success(&result); -// } -// } + #[test] + fn test_missing_principal_call_succeeds() { + let result = call_cedar( + "AuthorizationPartialOperation", + r#" + { + "context": {}, + "policies": { + "staticPolicies": { + "001": "permit(principal == User::\"alice\", action, resource == Photo::\"door\");" + }, + "templates": {}, + "templateLinks": [] + }, + "entities": [], + "action" : { "type" : "Action", "id" : "view" }, + "resource" : { "type" : "Photo", "id" : "door" } + } + "#, + ); + assert_partial_authorization_success(&result); + } +} -// mod parsing_tests {} +mod parsing_tests {}