Skip to content

API for extracting values from template-linked policy #515

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Dec 18, 2023
Merged

API for extracting values from template-linked policy #515

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d7c140b
API for extracting values from template-linked policy
mwhicks1 Dec 17, 2023
1978dd3
update changelog
mwhicks1 Dec 17, 2023
328ad69
tighten test
mwhicks1 Dec 17, 2023
ff33b0a
format
mwhicks1 Dec 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions cedar-policy/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Added

- `AsRef<str>` implementation for `PolicyId`.
- New API `template_links` for `Policy` to retrieve the linked values for a
template-linked policy. (resolving #489)

### Changed

Expand Down
16 changes: 16 additions & 0 deletions cedar-policy/src/api.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2612,6 +2612,22 @@ impl Policy {
}
}

/// Get the values this `Template` is linked to, expressed as a map from `SlotId` to `EntityUid`.
/// If this is a static policy, this will return `None`.
pub fn template_links(&self) -> Option<HashMap<SlotId, EntityUid>> {
if self.is_static() {
None
} else {
let wrapped_vals: HashMap<SlotId, EntityUid> = self
.ast
.env()
.into_iter()
.map(|(key, value)| (SlotId(*key), EntityUid(value.clone())))
.collect();
Some(wrapped_vals)
}
}

/// Get the `Effect` (`Permit` or `Forbid`) for this instance
pub fn effect(&self) -> Effect {
self.ast.effect()
Expand Down
37 changes: 37 additions & 0 deletions cedar-policy/src/tests.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -494,6 +494,43 @@ mod policy_set_tests {
use ast::LinkingError;
use cool_asserts::assert_matches;

#[test]
fn template_link_lookup() {
let mut pset = PolicySet::new();
let p = Policy::parse(Some("p".into()), "permit(principal,action,resource);")
.expect("Failed to parse");
pset.add(p).expect("Failed to add");
let template = Template::parse(
Some("t".into()),
"permit(principal == ?principal, action, resource);",
)
.expect("Failed to parse");
pset.add_template(template).expect("Add failed");

let env: HashMap<SlotId, EntityUid> =
std::iter::once((SlotId::principal(), EntityUid::from_strs("Test", "test"))).collect();
pset.link(
PolicyId::from_str("t").unwrap(),
PolicyId::from_str("id").unwrap(),
env.clone(),
)
.expect("Failed to link");

let p0 = pset.policy(&PolicyId::from_str("p").unwrap()).unwrap();
let tp = pset.policy(&PolicyId::from_str("id").unwrap()).unwrap();

assert_eq!(
p0.template_links(),
None,
"A normal policy should not have template links"
);
assert_eq!(
tp.template_links(),
Some(env),
"A template-linked policy's links should be stored properly"
);
}

#[test]
fn link_conflicts() {
let mut pset = PolicySet::new();
Expand Down