diff --git a/authorize_test.go b/authorize_test.go index 74f7734..fddcaa5 100644 --- a/authorize_test.go +++ b/authorize_test.go @@ -35,8 +35,26 @@ func TestIsAuthorized(t *testing.T) { DiagErr: 0, }, { - Name: "nil-entity-map", + Name: "permit-when-tags", + Policy: `permit(principal,action,resource) when { principal.hasTag("foo") };`, + Entities: types.EntityMap{ + cuzco: types.Entity{ + Tags: types.NewRecord(cedar.RecordMap{ + "foo": types.String("bar"), + }), + }, + }, + Principal: cuzco, + Action: dropTable, + Resource: cedar.NewEntityUID("table", "whatever"), + Context: cedar.Record{}, + Want: true, + DiagErr: 0, + }, + { + Name: "nil-entity-getter", Policy: `permit(principal,action,resource);`, + Entities: nil, Principal: cuzco, Action: dropTable, Resource: cedar.NewEntityUID("table", "whatever"), @@ -795,7 +813,7 @@ func TestIsAuthorized(t *testing.T) { for _, tt := range tests { tt := tt t.Run(tt.Name, func(t *testing.T) { - // t.Parallel() + t.Parallel() ps, err := cedar.NewPolicySetFromBytes("policy.cedar", []byte(tt.Policy)) testutil.Equals(t, err != nil, tt.ParseErr) ok, diag := ps.IsAuthorized(tt.Entities, cedar.Request{ diff --git a/corpus_test.go b/corpus_test.go index 1269434..613461c 100644 --- a/corpus_test.go +++ b/corpus_test.go @@ -251,21 +251,6 @@ func TestCorpusRelated(t *testing.T) { reasons []cedar.PolicyID errors []cedar.PolicyID }{ - { - "a9fe7e4b20024dc7818a168c67ce312d6e076b93", - `forbid( - principal, - action in [Action::"action",Action::"action"], - resource - ) when { - true && (resource.hasTag("A")) - };`, - types.EntityMap{cedar.NewEntityUID("a", ""): cedar.Entity{Attributes: cedar.NewRecord(cedar.RecordMap{"A": types.False})}}, - cedar.Request{Principal: cedar.NewEntityUID("a", ""), Action: cedar.NewEntityUID("Action", "action"), Resource: cedar.NewEntityUID("a", "'")}, - cedar.Deny, - nil, - nil, - }, { "0cb1ad7042508e708f1999284b634ed0f334bc00", `forbid( diff --git a/internal/eval/evalers.go b/internal/eval/evalers.go index 8b43a5e..6fc97ea 100644 --- a/internal/eval/evalers.go +++ b/internal/eval/evalers.go @@ -820,8 +820,8 @@ func (n *getTagEval) Eval(env Env) (types.Value, error) { return zeroValue(), err } - var unspecified types.EntityUID - if eid == unspecified { + var zero types.EntityUID + if eid == zero { return zeroValue(), fmt.Errorf("cannot access tag `%s` of %w", n.rhs, errUnspecifiedEntity) } diff --git a/internal/eval/evalers_test.go b/internal/eval/evalers_test.go index 5c06694..0580489 100644 --- a/internal/eval/evalers_test.go +++ b/internal/eval/evalers_test.go @@ -1505,7 +1505,7 @@ func TestGetTagNode(t *testing.T) { newLiteralEval(knownTag), zeroValue(), errEntityNotExist}, - {"UnspecifiedEntity", + {"ZeroEntity", newLiteralEval(types.NewEntityUID("", "")), newLiteralEval(knownTag), zeroValue(), diff --git a/types/entity.go b/types/entity.go index a4c1f5a..931dab1 100644 --- a/types/entity.go +++ b/types/entity.go @@ -11,7 +11,7 @@ type Entity struct { UID EntityUID `json:"uid"` Parents EntityUIDSet `json:"parents"` Attributes Record `json:"attrs"` - Tags Record `json:"tags,omitempty"` + Tags Record `json:"tags"` } // MarshalJSON serializes Entity as a JSON object, using the implicit form of EntityUID encoding to match the Rust diff --git a/types/entity_tag_test.go b/types/entity_tag_test.go deleted file mode 100644 index e365458..0000000 --- a/types/entity_tag_test.go +++ /dev/null @@ -1,46 +0,0 @@ -package types_test - -import ( - "testing" - "time" - - "github.com/cedar-policy/cedar-go" - "github.com/cedar-policy/cedar-go/internal/testutil" - "github.com/cedar-policy/cedar-go/types" -) - -func TestEntityTagMarshalJSON(t *testing.T) { - t.Parallel() - e := types.Entity{ - UID: types.NewEntityUID("FooType", "1"), - Parents: types.NewEntityUIDSet(), - Attributes: types.Record{}, - Tags: cedar.NewRecord(types.RecordMap{ - "key": types.String("value"), - "entity": types.NewEntityUID("FootType", "1"), - "datetime": types.NewDatetime(time.Unix(0, 0)), - }), - } - - testutil.JSONMarshalsTo(t, e, - `{ - "uid": {"type":"FooType","id":"1"}, - "parents": [], - "attrs":{}, - "tags": { - "datetime": { - "__extn": { - "fn": "datetime", - "arg": "1970-01-01T00:00:00.000Z" - } - }, - "entity": { - "__entity": { - "type": "FootType", - "id": "1" - } - }, - "key": "value" - } - }`) -} diff --git a/types/entity_test.go b/types/entity_test.go index 9b6ce4d..5a97349 100644 --- a/types/entity_test.go +++ b/types/entity_test.go @@ -2,6 +2,7 @@ package types_test import ( "testing" + "time" "github.com/cedar-policy/cedar-go/internal/testutil" "github.com/cedar-policy/cedar-go/types" @@ -57,3 +58,39 @@ func TestEntityMarshalJSON(t *testing.T) { "tags":{} }`) } + +func TestEntityTagMarshalJSON(t *testing.T) { + t.Parallel() + e := types.Entity{ + UID: types.NewEntityUID("FooType", "1"), + Parents: types.NewEntityUIDSet(), + Attributes: types.Record{}, + Tags: types.NewRecord(types.RecordMap{ + "key": types.String("value"), + "entity": types.NewEntityUID("FootType", "1"), + "datetime": types.NewDatetime(time.Unix(0, 0)), + }), + } + + testutil.JSONMarshalsTo(t, e, + `{ + "uid": {"type":"FooType","id":"1"}, + "parents": [], + "attrs":{}, + "tags": { + "datetime": { + "__extn": { + "fn": "datetime", + "arg": "1970-01-01T00:00:00.000Z" + } + }, + "entity": { + "__entity": { + "type": "FootType", + "id": "1" + } + }, + "key": "value" + } + }`) +}