upgraded cedar-go to v0.3.2 (#200)

Signed-off-by: mqf20 <mingqingfoo@gmail.com>
cedar-policy · Oct 14, 2024 · 5a29a38 · 5a29a38
1 parent 851135f
commit 5a29a38
Show file tree

Hide file tree

Showing 32 changed files with 600 additions and 532 deletions.
diff --git a/tinytodo-go/README.md b/tinytodo-go/README.md
@@ -22,6 +22,6 @@ You need Python3 and Go (1.22 or later).
 
 See [TinyTodo's README](../tinytodo/README.md) for more information.
 
-## Comparison with TinyTodo
+## Comparison with [TinyTodo](../tinytodo)
 
-TinyTodo-Go is constrained by the features of [`cedar-go`](https://github.com/cedar-policy/cedar-go). Refer to [this README](https://github.com/cedar-policy/cedar-go?tab=readme-ov-file#comparison-to-the-rust-implementation) to learn about the missing features.
+TinyTodo-Go relies on [v0.3.2 of `cedar-go`](https://github.com/cedar-policy/cedar-go/releases/tag/v0.3.2). Refer to [this README](https://github.com/cedar-policy/cedar-go/tree/v0.3.2?tab=readme-ov-file#comparison-to-the-rust-implementation) to learn about the features that `cedar-go` is missing in comparison to [`cedar`](https://github.com/cedar-policy/cedar).
diff --git a/tinytodo-go/cmd/server/authorization.go b/tinytodo-go/cmd/server/authorization.go
@@ -12,7 +12,7 @@ const (
 	DefaultEntitiesFileName    = "entities.json" // this is not in the Cedar entity schema, conversion required
 )
 
-func prepareCedarPolicyEntities() (*entitystore.EntityStore, cedar.PolicySet, error) {
+func prepareCedarPolicyEntities() (*entitystore.EntityStore, *cedar.PolicySet, error) {
 
 	entitiesFile, err := os.ReadFile(DefaultEntitiesFileName)
 	if err != nil {
@@ -29,7 +29,7 @@ func prepareCedarPolicyEntities() (*entitystore.EntityStore, cedar.PolicySet, er
 		return nil, nil, fmt.Errorf("failed to read Cedar policy file: %w", err)
 	}
 
-	ps, err := cedar.NewPolicySet(DefaultCedarPolicyFileName, psFile)
+	ps, err := cedar.NewPolicySetFromBytes(DefaultCedarPolicyFileName, psFile)
 	if err != nil {
 		return nil, nil, fmt.Errorf("failed to create Cedar policy set: %w", err)
 	}

diff --git a/tinytodo-go/go.mod b/tinytodo-go/go.mod
@@ -3,7 +3,7 @@ module github.com/cedar-policy/cedar-examples/tinytodo-go
 go 1.22
 
 require (
-	github.com/cedar-policy/cedar-go v0.0.0-20240715162045-a71e93ee6ae7 // pins the cedar-go commit
+	github.com/cedar-policy/cedar-go v0.3.2
 	github.com/go-chi/chi/v5 v5.1.0
 	github.com/stretchr/testify v1.9.0
 )

diff --git a/tinytodo-go/go.sum b/tinytodo-go/go.sum
@@ -1,5 +1,5 @@
-github.com/cedar-policy/cedar-go v0.0.0-20240715162045-a71e93ee6ae7 h1:3WPOmm5kgn8q5kbQc2kG97RK//GTQAp79AW7pV3pa8M=
-github.com/cedar-policy/cedar-go v0.0.0-20240715162045-a71e93ee6ae7/go.mod h1:pEgiK479O5dJfzXnTguOMm+bCplzy5rEEFPGdZKPWz4=
+github.com/cedar-policy/cedar-go v0.3.2 h1:WKE8sW/RsnTp9hkAHSf3oGspcEoIOGCPPz1GDF3dgFc=
+github.com/cedar-policy/cedar-go v0.3.2/go.mod h1:pEgiK479O5dJfzXnTguOMm+bCplzy5rEEFPGdZKPWz4=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/go-chi/chi/v5 v5.1.0 h1:acVI1TYaD+hhedDJ3r54HyA6sExp3HfXq7QWEEY/xMw=

diff --git a/tinytodo-go/internal/app/server/context.go b/tinytodo-go/internal/app/server/context.go
@@ -3,8 +3,8 @@ package server
 import (
 	"context"
 	"fmt"
-	"github.com/cedar-policy/cedar-examples/tinytodo-go/internal/app/server/entitystore"
 	"github.com/cedar-policy/cedar-examples/tinytodo-go/internal/app/server/entitystore/action"
+	"github.com/cedar-policy/cedar-examples/tinytodo-go/internal/app/server/entitystore/entityuid"
 	"github.com/cedar-policy/cedar-go"
 	"log/slog"
 )
@@ -16,9 +16,9 @@ import (
 // Non-existent entities (resources) will result in an error. (TODO: we may not want this behaviour)
 func (s *Server) isAuthorized(
 	ctx context.Context,
-	principal entitystore.EntityUID,
+	principal entityuid.EntityUID,
 	action action.Action,
-	resource entitystore.EntityUID,
+	resource entityuid.EntityUID,
 ) (bool, cedar.Diagnostic, error) {
 
 	// we have to generate entities every time, because the entities may have been updated

diff --git a/tinytodo-go/internal/app/server/context_test.go b/tinytodo-go/internal/app/server/context_test.go
@@ -3,6 +3,10 @@ package server
 import (
 	"context"
 	"encoding/json"
+	"github.com/cedar-policy/cedar-examples/tinytodo-go/internal/app/server/entitystore/entity/list"
+	"github.com/cedar-policy/cedar-examples/tinytodo-go/internal/app/server/entitystore/entity/team"
+	"github.com/cedar-policy/cedar-examples/tinytodo-go/internal/app/server/entitystore/entity/user"
+	"github.com/cedar-policy/cedar-examples/tinytodo-go/internal/app/server/entitystore/entityuid"
 	"os"
 	"path"
 	"testing"
@@ -27,7 +31,7 @@ func TestServer_isAuthorized(t *testing.T) {
 	// read policies
 
 	psFile := readFile(t, path.Join("../../../", "policies.cedar"))
-	ps, err := cedar.NewPolicySet("policies.cedar", psFile)
+	ps, err := cedar.NewPolicySetFromBytes("policies.cedar", psFile)
 	require.NoError(t, err)
 
 	// read entities (will be modified later)
@@ -44,25 +48,25 @@ func TestServer_isAuthorized(t *testing.T) {
 
 	// extract users
 
-	userAndrew, ok := es.Users[entitystore.UserUID{
-		EntityUID: entitystore.NewEntityUID(entitytype.User, "andrew"),
+	userAndrew, ok := es.Users[user.UserUID{
+		EntityUID: entityuid.New(entitytype.User, "andrew"),
 	}]
 	require.True(t, ok)
 
-	userAaron, ok := es.Users[entitystore.UserUID{
-		EntityUID: entitystore.NewEntityUID(entitytype.User, "aaron"),
+	userAaron, ok := es.Users[user.UserUID{
+		EntityUID: entityuid.New(entitytype.User, "aaron"),
 	}]
 	require.True(t, ok)
 
-	userKesha, ok := es.Users[entitystore.UserUID{
-		EntityUID: entitystore.NewEntityUID(entitytype.User, "kesha"),
+	userKesha, ok := es.Users[user.UserUID{
+		EntityUID: entityuid.New(entitytype.User, "kesha"),
 	}]
 	require.True(t, ok)
 
 	// extract teams
 
-	teamInterns, ok := es.Teams[entitystore.TeamUID{
-		EntityUID: entitystore.NewEntityUID(entitytype.Team, "interns"),
+	teamInterns, ok := es.Teams[team.TeamUID{
+		EntityUID: entityuid.New(entitytype.Team, "interns"),
 	}]
 	require.True(t, ok)
 
@@ -100,7 +104,7 @@ func TestServer_isAuthorized(t *testing.T) {
 	list0Readers := es.InsertNextTeam() // readers for list0
 	list0Editors := es.InsertNextTeam() // editors for list0
 
-	list0 := entitystore.NewList(
+	list0 := list.New(
 		list0UID,
 		"Cedar blog post",
 		userAndrew.EUID,
@@ -157,7 +161,7 @@ func TestServer_isAuthorized(t *testing.T) {
 			context.Background(),
 			userAaron.EUID.EntityUID,
 			action.GetList,
-			entitystore.NewEntityUID(entitytype.List, "non-existent"),
+			entityuid.New(entitytype.List, "non-existent"),
 		)
 		require.NoError(t, err)
 		assert.False(t, decision)

diff --git a/tinytodo-go/internal/app/server/entitystore/action/action.go b/tinytodo-go/internal/app/server/entitystore/action/action.go
@@ -1,13 +1,14 @@
-// Package action contains the enum Action that represents the different actions supported by entitystore.EntityStore.
+// Package action contains the enum Action that represents the different actions supported by TinyTodo.
 package action
 
 import (
-	"github.com/cedar-policy/cedar-examples/tinytodo-go/internal/app/server/entitystore"
 	"github.com/cedar-policy/cedar-examples/tinytodo-go/internal/app/server/entitystore/entitytype"
+	"github.com/cedar-policy/cedar-examples/tinytodo-go/internal/app/server/entitystore/entityuid"
+	"github.com/cedar-policy/cedar-go/types"
 	"strings"
 )
 
-// Action is an enum that represents the different entity types supported by Cedar.
+// Action is an enum that represents the different entity types supported by TinyTodo.
 type Action int
 
 const (
@@ -37,17 +38,17 @@ var (
 		DeleteList: "Action::\"DeleteList\"",
 	}
 
-	EntityUID = map[Action]entitystore.EntityUID{}
+	EntityUID = map[Action]entityuid.EntityUID{}
 )
 
 func init() {
 	// verify that all Actions are valid EUIDs
 	for k, act := range Name {
-		euid, err := entitystore.ParseEntityUID(act)
+		euid, err := entityuid.Parse(act)
 		if err != nil {
 			panic(err)
 		}
-		if euid.Type != entitytype.Action.String() {
+		if euid.Type != types.EntityType(entitytype.Action.String()) {
 			panic(err)
 		}
 		EntityUID[k] = euid
@@ -68,6 +69,6 @@ func Parse(act string) Action {
 	return Unknown
 }
 
-func (a Action) GetEUID() entitystore.EntityUID {
+func (a Action) GetEUID() entityuid.EntityUID {
 	return EntityUID[a]
 }
diff --git a/tinytodo-go/internal/app/server/entitystore/app.go b/tinytodo-go/internal/app/server/entitystore/app.go
diff --git a/tinytodo-go/internal/app/server/entitystore/convert.go b/tinytodo-go/internal/app/server/entitystore/convert.go
@@ -1,36 +1,36 @@
 package entitystore
 
 import (
-	"github.com/cedar-policy/cedar-go"
+	"github.com/cedar-policy/cedar-go/types"
 )
 
-// AsEntities converts EntityStore's native objects into cedar.Entities, to be passed to the Cedar authorization engine
+// AsEntities converts EntityStore's native objects into types.Entities, to be passed to the Cedar authorization engine
 // when it evaluates a request.
-func (e *EntityStore) AsEntities() (cedar.Entities, error) {
+func (e *EntityStore) AsEntities() (types.Entities, error) {
 
-	es := make(cedar.Entities)
+	es := make(types.Entities)
 
 	// process users
 
 	for _, user := range e.Users {
-		es[user.EUID.EntityUID.EntityUID] = *user.AsCedarEntity()
+		es[user.EUID.EntityUID.EntityUID] = user.AsCedarEntity()
 	}
 
 	// process teams
 
 	for _, team := range e.Teams {
-		es[team.UID.EntityUID.EntityUID] = *team.AsCedarEntity()
+		es[team.UID.EntityUID.EntityUID] = team.AsCedarEntity()
 	}
 
 	// process lists
 
 	for _, list := range e.Lists {
-		es[list.UID.EntityUID.EntityUID] = *list.AsCedarEntity()
+		es[list.UID.EntityUID.EntityUID] = list.AsCedarEntity()
 	}
 
 	// process application
 
-	es[e.App.EUID.EntityUID] = *e.App.AsCedarEntity()
+	es[e.App.EUID.EntityUID] = e.App.AsCedarEntity()
 
 	return es, nil
 }
diff --git a/tinytodo-go/internal/app/server/entitystore/convert_test.go b/tinytodo-go/internal/app/server/entitystore/convert_test.go
@@ -3,7 +3,8 @@ package entitystore
 import (
 	"encoding/json"
 	"github.com/cedar-policy/cedar-examples/tinytodo-go/internal/app/server/entitystore/entitytype"
-	"github.com/cedar-policy/cedar-go"
+	"github.com/cedar-policy/cedar-examples/tinytodo-go/internal/app/server/entitystore/entityuid"
+	"github.com/cedar-policy/cedar-go/types"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"testing"
@@ -16,7 +17,7 @@ func TestEntityStore_AsEntities(t *testing.T) {
 		require.NoError(t, json.Unmarshal(f, &es))
 		assert.Equal(
 			t,
-			NewEntityUID(entitytype.Application, "TinyTodo"),
+			entityuid.New(entitytype.Application, "TinyTodo"),
 			es.App.EUID,
 		)
 
@@ -26,19 +27,28 @@ func TestEntityStore_AsEntities(t *testing.T) {
 		assert.Contains(
 			t,
 			entities,
-			cedar.NewEntityUID(entitytype.Application.String(), "TinyTodo"),
+			types.NewEntityUID(
+				types.EntityType(entitytype.Application.String()),
+				"TinyTodo",
+			),
 		)
 
 		assert.Contains(
 			t,
 			entities,
-			cedar.NewEntityUID(entitytype.User.String(), "kesha"),
+			types.NewEntityUID(
+				types.EntityType(entitytype.User.String()),
+				"kesha",
+			),
 		)
 
 		assert.Contains(
 			t,
 			entities,
-			cedar.NewEntityUID(entitytype.Team.String(), "temp"),
+			types.NewEntityUID(
+				types.EntityType(entitytype.Team.String()),
+				"temp",
+			),
 		)
 	})
 }
diff --git a/tinytodo-go/internal/app/server/entitystore/entity.go b/tinytodo-go/internal/app/server/entitystore/entity.go
diff --git a/tinytodo-go/internal/app/server/entitystore/entity/app/app.go b/tinytodo-go/internal/app/server/entitystore/entity/app/app.go
@@ -0,0 +1,21 @@
+package app
+
+import (
+	"github.com/cedar-policy/cedar-examples/tinytodo-go/internal/app/server/entitystore/entityuid"
+	"github.com/cedar-policy/cedar-go/types"
+)
+
+// App represents the application entity (in this case, TinyTodo).
+type App struct {
+	EUID entityuid.EntityUID `json:"euid"`
+}
+
+// AsCedarEntity converts App into a types.Entity, to be passed to the Cedar authorization engine when it evaluates a
+// request.
+func (a *App) AsCedarEntity() *types.Entity {
+	return &types.Entity{
+		UID: a.EUID.EntityUID,
+		//Parents:    nil,
+		//Attributes: nil,
+	}
+}
diff --git a/...ternal/app/server/entitystore/app_test.go → ...server/entitystore/entity/app/app_test.go b/...ternal/app/server/entitystore/app_test.go → ...server/entitystore/entity/app/app_test.go
@@ -1,8 +1,9 @@
-package entitystore
+package app
 
 import (
 	"encoding/json"
 	"github.com/cedar-policy/cedar-examples/tinytodo-go/internal/app/server/entitystore/entitytype"
+	"github.com/cedar-policy/cedar-examples/tinytodo-go/internal/app/server/entitystore/entityuid"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"testing"
@@ -19,7 +20,7 @@ func Test_App(t *testing.T) {
 		require.NoError(t, json.Unmarshal(marshalled, &app))
 		assert.Equal(
 			t,
-			NewEntityUID(entitytype.Application, "TinyTodo"),
+			entityuid.New(entitytype.Application, "TinyTodo"),
 			app.EUID,
 		)
 	})

diff --git a/tinytodo-go/internal/app/server/entitystore/entity/entity.go b/tinytodo-go/internal/app/server/entitystore/entity/entity.go
@@ -0,0 +1,9 @@
+package entity
+
+import (
+	"github.com/cedar-policy/cedar-go/types"
+)
+
+type Entity interface {
+	AsCedarEntity() *types.Entity
+}