From 405f17786484c0f2c42e9fcf7b244b81847a2696 Mon Sep 17 00:00:00 2001 From: Craig Disselkoen Date: Mon, 9 Dec 2024 16:28:32 -0500 Subject: [PATCH] Remove unreleased JSON serialization code from the CLI (#1366) Signed-off-by: Craig Disselkoen --- cedar-policy-cli/src/lib.rs | 295 ++++++++++++++++------------------- cedar-policy-cli/src/main.rs | 41 ++--- 2 files changed, 147 insertions(+), 189 deletions(-) diff --git a/cedar-policy-cli/src/lib.rs b/cedar-policy-cli/src/lib.rs index 5ee89912a..a0312f6f5 100644 --- a/cedar-policy-cli/src/lib.rs +++ b/cedar-policy-cli/src/lib.rs @@ -118,17 +118,14 @@ pub enum Commands { New(NewArgs), /// Partially evaluate an authorization request PartiallyAuthorize(PartiallyAuthorizeArgs), - /// Ouput a JSON file for consumption by Lean - #[command(subcommand)] - WriteDRTJson(serialization::AnalysisCommands), /// Output a protobuf binary file for consumption by Lean #[cfg(feature = "protobufs")] #[command(subcommand)] - WriteDRTProto(serialization::AnalysisCommands), + WriteDRTProto(protobufs::AnalysisCommands), /// Output a protobuf binary file for consumption by Lean #[cfg(feature = "protobufs")] #[command(subcommand)] - WriteDRTProtoFromJSON(serialization::AnalyzeCommandsFromJson), + WriteDRTProtoFromJSON(protobufs::AnalyzeCommandsFromJson), /// Print Cedar language version LanguageVersion, } @@ -1603,17 +1600,25 @@ fn execute_partial_request( } } -pub mod serialization { +#[cfg(feature = "protobufs")] +pub mod protobufs { + // PANIC SAFETY experimental feature + #![allow(clippy::unwrap_used)] + // PANIC SAFETY experimental feature + #![allow(clippy::expect_used)] + + use crate::{proto, CedarExitCode}; use cedar_policy_core::{ast::PolicySet, extensions::Extensions, parser::parse_policyset}; use cedar_policy_validator::CedarSchemaError; use clap::{Args, Subcommand}; - use serde::Serialize; + use prost::Message; + use serde::{Deserialize, Serialize}; + use std::fs::File; + use std::io::Write; use std::path::{Path, PathBuf}; use thiserror::Error; - use crate::CedarExitCode; - - /// Captures all possible errors in CLI operations in the `serialization` module + /// Captures all possible errors in CLI operations in the `protobufs` module #[derive(Debug, Error)] pub enum CliError { /// Error opening or reading a file @@ -1754,176 +1759,148 @@ pub mod serialization { } } - #[cfg(feature = "protobufs")] - pub mod protobuf { - // PANIC SAFETY experimental feature - #![allow(clippy::unwrap_used)] - // PANIC SAFETY experimental feature - #![allow(clippy::expect_used)] - - use std::fs::File; - use std::io::Write; - use std::path::PathBuf; - - use super::{ - read_policies_from_file, AnalysisCommands, AnalyzeCommandsFromJson, - AnalyzeCommandsFromJsonArgs, EquivRequest, - }; - use super::{EquivalenceArgs, Result}; - use crate::serialization::read_schema_from_file; - use crate::{proto, CedarExitCode}; - use cedar_policy_core::ast::PolicySet; - use cedar_policy_core::parser::parse_policyset; - use prost::Message; - use serde::{Deserialize, Serialize}; - - #[derive(Debug, Serialize)] - pub struct ValidationRequest<'a> { - pub schema: &'a cedar_policy_validator::ValidatorSchema, - pub policies: &'a PolicySet, - pub mode: cedar_policy_validator::ValidationMode, - } + #[derive(Debug, Serialize)] + pub struct ValidationRequest<'a> { + pub schema: &'a cedar_policy_validator::ValidatorSchema, + pub policies: &'a PolicySet, + pub mode: cedar_policy_validator::ValidationMode, + } - impl From> for proto::ValidationRequestMsg { - fn from(v: ValidationRequest<'_>) -> Self { - Self { - schema: Some(cedar_policy_validator::proto::ValidatorSchema::from( - v.schema, - )), - policies: Some(cedar_policy_core::ast::proto::LiteralPolicySet::from( - v.policies, - )), - mode: cedar_policy_validator::proto::ValidationMode::from(&v.mode).into(), - } + impl From> for proto::ValidationRequestMsg { + fn from(v: ValidationRequest<'_>) -> Self { + Self { + schema: Some(cedar_policy_validator::proto::ValidatorSchema::from( + v.schema, + )), + policies: Some(cedar_policy_core::ast::proto::LiteralPolicySet::from( + v.policies, + )), + mode: cedar_policy_validator::proto::ValidationMode::from(&v.mode).into(), } } + } - impl From> for proto::EquivRequestMsg { - fn from(v: EquivRequest<'_>) -> Self { - Self { - schema: Some(cedar_policy_validator::proto::ValidatorSchema::from( - v.schema, - )), - old_policies: Some(cedar_policy_core::ast::proto::LiteralPolicySet::from( - v.old_policies, - )), - new_policies: Some(cedar_policy_core::ast::proto::LiteralPolicySet::from( - v.new_policies, - )), - } + impl From> for proto::EquivRequestMsg { + fn from(v: EquivRequest<'_>) -> Self { + Self { + schema: Some(cedar_policy_validator::proto::ValidatorSchema::from( + v.schema, + )), + old_policies: Some(cedar_policy_core::ast::proto::LiteralPolicySet::from( + v.old_policies, + )), + new_policies: Some(cedar_policy_core::ast::proto::LiteralPolicySet::from( + v.new_policies, + )), } } + } - pub fn read_equivalence_drt_from_files( - args: EquivalenceArgs, - ) -> Result { - let schema = &read_schema_from_file(&args.schema_file)?; - let old_policies = &read_policies_from_file(&args.old_policies_file)?; - let new_policies = &read_policies_from_file(&args.new_policies_file)?; - - let equiv_request = EquivRequest { - schema, - old_policies, - new_policies, - }; - let equiv_request_proto = proto::EquivRequestMsg::from(equiv_request); - Ok(equiv_request_proto) - } + pub fn read_equivalence_drt_from_files( + args: EquivalenceArgs, + ) -> Result { + let schema = &read_schema_from_file(&args.schema_file)?; + let old_policies = &read_policies_from_file(&args.old_policies_file)?; + let new_policies = &read_policies_from_file(&args.new_policies_file)?; + + let equiv_request = EquivRequest { + schema, + old_policies, + new_policies, + }; + let equiv_request_proto = proto::EquivRequestMsg::from(equiv_request); + Ok(equiv_request_proto) + } - pub fn write_drt_proto_for_equivalence_from_files(args: EquivalenceArgs) -> Result<()> { - let equiv_request_proto: proto::EquivRequestMsg = - read_equivalence_drt_from_files(args)?; - write_drt_proto_for_equivalence(equiv_request_proto, "equiv_request.binpb".into()) - } + pub fn write_drt_proto_for_equivalence_from_files(args: EquivalenceArgs) -> Result<()> { + let equiv_request_proto: proto::EquivRequestMsg = read_equivalence_drt_from_files(args)?; + write_drt_proto_for_equivalence(equiv_request_proto, "equiv_request.binpb".into()) + } - #[derive(Debug, Deserialize)] - struct ComparisonRequest { - schema: String, - old_policy_set: String, - new_policy_set: String, - } + #[derive(Debug, Deserialize)] + struct ComparisonRequest { + schema: String, + old_policy_set: String, + new_policy_set: String, + } - pub fn read_equivalence_drt_from_json( - args: AnalyzeCommandsFromJsonArgs, - ) -> Result { - use std::str::FromStr; + pub fn read_equivalence_drt_from_json( + args: AnalyzeCommandsFromJsonArgs, + ) -> Result { + use std::str::FromStr; - let comparison_request: ComparisonRequest = - serde_json::from_str(args.data.as_ref()).expect("Failed to parse"); + let comparison_request: ComparisonRequest = + serde_json::from_str(args.data.as_ref()).expect("Failed to parse"); - let schema = - cedar_policy_validator::ValidatorSchema::from_str(&comparison_request.schema) - .expect("Failed to deserialize schema"); + let schema = cedar_policy_validator::ValidatorSchema::from_str(&comparison_request.schema) + .expect("Failed to deserialize schema"); - let old_policies = parse_policyset(&comparison_request.old_policy_set).unwrap(); + let old_policies = parse_policyset(&comparison_request.old_policy_set).unwrap(); - let new_policies = parse_policyset(&comparison_request.new_policy_set).unwrap(); + let new_policies = parse_policyset(&comparison_request.new_policy_set).unwrap(); - Ok(proto::EquivRequestMsg { - schema: Some(cedar_policy_validator::proto::ValidatorSchema::from( - &schema, - )), - old_policies: Some(cedar_policy_core::ast::proto::LiteralPolicySet::from( - &old_policies, - )), - new_policies: Some(cedar_policy_core::ast::proto::LiteralPolicySet::from( - &new_policies, - )), - }) - } + Ok(proto::EquivRequestMsg { + schema: Some(cedar_policy_validator::proto::ValidatorSchema::from( + &schema, + )), + old_policies: Some(cedar_policy_core::ast::proto::LiteralPolicySet::from( + &old_policies, + )), + new_policies: Some(cedar_policy_core::ast::proto::LiteralPolicySet::from( + &new_policies, + )), + }) + } - pub fn write_drt_proto_for_equivalence_from_json( - args: AnalyzeCommandsFromJsonArgs, - ) -> Result<()> { - let output_path = args.output_path.clone(); - let equiv_request_proto: proto::EquivRequestMsg = read_equivalence_drt_from_json(args)?; - write_drt_proto_for_equivalence(equiv_request_proto, output_path) - } + pub fn write_drt_proto_for_equivalence_from_json( + args: AnalyzeCommandsFromJsonArgs, + ) -> Result<()> { + let output_path = args.output_path.clone(); + let equiv_request_proto: proto::EquivRequestMsg = read_equivalence_drt_from_json(args)?; + write_drt_proto_for_equivalence(equiv_request_proto, output_path) + } - pub fn write_drt_proto_for_equivalence( - equiv_request_proto: proto::EquivRequestMsg, - output_location: PathBuf, - ) -> Result<()> { - let mut buf: Vec = vec![]; - buf.reserve(equiv_request_proto.encoded_len()); - equiv_request_proto - .encode(&mut buf) - .expect("Serialization failed"); - - let mut file = File::create(output_location).unwrap(); - // Write a slice of bytes to the file - file.write_all(&buf).unwrap(); - - Ok(()) - } + pub fn write_drt_proto_for_equivalence( + equiv_request_proto: proto::EquivRequestMsg, + output_location: PathBuf, + ) -> Result<()> { + let mut buf: Vec = vec![]; + buf.reserve(equiv_request_proto.encoded_len()); + equiv_request_proto + .encode(&mut buf) + .expect("Serialization failed"); + + let mut file = File::create(output_location).unwrap(); + // Write a slice of bytes to the file + file.write_all(&buf).unwrap(); + + Ok(()) + } - pub fn write_drt_proto(acmd: AnalysisCommands) -> CedarExitCode { - let res = match acmd { - AnalysisCommands::Equivalence(args) => { - write_drt_proto_for_equivalence_from_files(args) - } - }; - match res { - Ok(()) => CedarExitCode::Success, - Err(e) => { - eprintln!("{e}"); - CedarExitCode::Failure - } + pub fn write_drt_proto(acmd: AnalysisCommands) -> CedarExitCode { + let res = match acmd { + AnalysisCommands::Equivalence(args) => write_drt_proto_for_equivalence_from_files(args), + }; + match res { + Ok(()) => CedarExitCode::Success, + Err(e) => { + eprintln!("{e}"); + CedarExitCode::Failure } } + } - pub fn write_drt_proto_from_json(acmd: AnalyzeCommandsFromJson) -> CedarExitCode { - let res = match acmd { - AnalyzeCommandsFromJson::Equivalence(args) => { - write_drt_proto_for_equivalence_from_json(args) - } - }; - match res { - Ok(()) => CedarExitCode::Success, - Err(e) => { - eprintln!("{e}"); - CedarExitCode::Failure - } + pub fn write_drt_proto_from_json(acmd: AnalyzeCommandsFromJson) -> CedarExitCode { + let res = match acmd { + AnalyzeCommandsFromJson::Equivalence(args) => { + write_drt_proto_for_equivalence_from_json(args) + } + }; + match res { + Ok(()) => CedarExitCode::Success, + Err(e) => { + eprintln!("{e}"); + CedarExitCode::Failure } } } diff --git a/cedar-policy-cli/src/main.rs b/cedar-policy-cli/src/main.rs index e9011f780..0890bf3da 100644 --- a/cedar-policy-cli/src/main.rs +++ b/cedar-policy-cli/src/main.rs @@ -21,14 +21,12 @@ use miette::ErrorHook; use cedar_policy_cli::{ authorize, check_parse, evaluate, format_policies, language_version, link, new, - partial_authorize, serialization::write_drt_json, translate_policy, translate_schema, validate, - visualize, CedarExitCode, Cli, Commands, ErrorFormat, + partial_authorize, translate_policy, translate_schema, validate, visualize, CedarExitCode, Cli, + Commands, ErrorFormat, }; #[cfg(feature = "protobufs")] -use cedar_policy_cli::{ - serialization::protobuf::write_drt_proto, serialization::protobuf::write_drt_proto_from_json, -}; +use cedar_policy_cli::{protobufs::write_drt_proto, protobufs::write_drt_proto_from_json}; fn main() -> CedarExitCode { let cli = Cli::parse(); @@ -58,7 +56,6 @@ fn main() -> CedarExitCode { Commands::TranslateSchema(args) => translate_schema(&args), Commands::New(args) => new(&args), Commands::PartiallyAuthorize(args) => partial_authorize(&args), - Commands::WriteDRTJson(acmd) => write_drt_json(acmd), #[cfg(feature = "protobufs")] Commands::WriteDRTProto(acmd) => write_drt_proto(acmd), #[cfg(feature = "protobufs")] @@ -69,29 +66,12 @@ fn main() -> CedarExitCode { #[cfg(test)] mod test { - use cedar_policy_cli::serialization::AnalysisCommands; - use cedar_policy_cli::serialization::EquivalenceArgs; - use std::path::Path; - use std::path::PathBuf; - - #[test] - fn test_json_serialize() { - let test_data_root = PathBuf::from(r"../sample-data/sandbox_b"); - let schema_file = Path::new(&test_data_root).join("schema.cedarschema"); - let old_policies_file = Path::new(&test_data_root).join("policies_4.cedar"); - let new_policies_file = old_policies_file.clone(); - - let acmd = AnalysisCommands::Equivalence(EquivalenceArgs { - schema_file, - old_policies_file, - new_policies_file, - }); - super::write_drt_json(acmd); - } - #[cfg(feature = "protobufs")] #[test] fn test_proto_serialize() { + use cedar_policy_cli::protobufs::{AnalysisCommands, EquivalenceArgs}; + use std::path::PathBuf; + let test_data_root = PathBuf::from(r"../sample-data/sandbox_b"); let mut schema_file = test_data_root.clone(); schema_file.push("schema.cedarschema"); @@ -110,7 +90,9 @@ mod test { #[cfg(feature = "protobufs")] #[test] fn test_proto_serialize_from_json() { - use cedar_policy_cli::serialization::AnalyzeCommandsFromJson; + use cedar_policy_cli::protobufs::{AnalyzeCommandsFromJson, AnalyzeCommandsFromJsonArgs}; + use std::path::PathBuf; + let data = r#" { "schema":"entity Team, UserGroup in [UserGroup];\r\nentity Issue = {\r\n \"repo\": Repository,\r\n \"reporter\": User,\r\n};\r\nentity Org = {\r\n \"members\": UserGroup,\r\n \"owners\": UserGroup,\r\n};\r\nentity Repository = {\r\n \"admins\": UserGroup,\r\n \"maintainers\": UserGroup,\r\n \"readers\": UserGroup,\r\n \"triagers\": UserGroup,\r\n \"writers\": UserGroup,\r\n};\r\nentity User in [UserGroup, Team] = {\r\n \"is_intern\": Bool,\r\n};\r\nentity File = {\r\n \"filename\": String,\r\n \"owner\": User,\r\n \"private\": Bool,\r\n};\r\n\r\naction push, pull, fork appliesTo {\r\n principal: [User],\r\n resource: [Repository]\r\n};\r\naction assign_issue, delete_issue, edit_issue appliesTo {\r\n principal: [User],\r\n resource: [Issue]\r\n};\r\naction add_reader, add_writer, add_maintainer, add_admin, add_triager appliesTo {\r\n principal: [User],\r\n resource: [Repository]\r\n};\r\naction view, comment appliesTo {\r\n principal: [User],\r\n resource: [File]\r\n};", @@ -121,9 +103,8 @@ mod test { "#.to_string(); let output_path = PathBuf::from("/tmp/tmp.binpb"); - let acmd = AnalyzeCommandsFromJson::Equivalence( - cedar_policy_cli::serialization::AnalyzeCommandsFromJsonArgs { data, output_path }, - ); + let acmd = + AnalyzeCommandsFromJson::Equivalence(AnalyzeCommandsFromJsonArgs { data, output_path }); super::write_drt_proto_from_json(acmd); } }