Cherry-pick PRs for release 4.1.x

.github/workflows/build_java_hello_world_reusable.yml

@@ -16,7 +16,7 @@ jobs:
     strategy:
       matrix:
         toolchain:
-          - stable
+          - '1.80'
     steps:
       - name: Setup Java
         uses: actions/setup-java@v4

.github/workflows/build_tiny_todo_go_reusable.yml

@@ -2,9 +2,6 @@ name: Build and test TinyTodo-Go
 on:
     workflow_call:
       inputs:
-        cedar_policy_ref:
-          required: true
-          type: string
         cedar_examples_ref:
           required: true
           type: string

.github/workflows/ci.yml

@@ -54,6 +54,11 @@ jobs:
       cedar_policy_ref: refs/heads/${{ needs.get-branch-name.outputs.branch_name }}
       cedar_examples_ref: ${{ github.href }}
 
+  tinytodo-go:
+    uses: ./.github/workflows/build_tiny_todo_go_reusable.yml
+    with:
+      cedar_examples_ref: ${{ github.href }}
+
   build_and_run_oopsla_benchmarks:
     name: OOPSLA2024 benchmarks
     runs-on: ubuntu-latest

.gitignore

@@ -16,11 +16,11 @@ cedar-java-hello-world/.gradle/*
 cedar-java-hello-world/build/*
 cedar-java-hello-world/.jqwik-database
 
-# Don't check build files for cedar-rust-hello-world
+# Don't check cargo build artifacts
 cedar-rust-hello-world/Cargo.lock
 cedar-rust-hello-world/target/*
-
-# Don't check build files for tinytodo
+oopsla2024-benchmarks/Cargo.lock
+oopsla2024-benchmarks/target/*
 tinytodo/Cargo.lock
 tinytodo/target/*
 

cedar-example-use-cases/document_cloud/policies.cedar

@@ -115,4 +115,4 @@ when
   principal != resource.owner &&
   resource has isPrivate &&
   resource.isPrivate
-};
+};

cedar-example-use-cases/hotel_chains/static/policies.cedar

@@ -1,81 +1,99 @@
 // ==========================================
 // Policies for particular property resource types
-permit(
-  principal, 
+permit (
+  principal,
   action in [Action::"viewReservation"],
-  resource)
-when {
-   resource in principal.viewPermissions.hotelReservations ||
-   resource in principal.viewPermissions.propertyReservations
+  resource
+)
+when
+{
+  resource in principal.viewPermissions.hotelReservations ||
+  resource in principal.viewPermissions.propertyReservations
 };
-// ... three similar policies but for Inventory, PaymentDetails, Rates
 
-permit(
-  principal, 
-  action in [Action::"viewReservation",
-             Action::"updateReservation",
-             Action::"createReservation"],
-  resource)
-when {
+// ... three similar policies but for Inventory, PaymentDetails, Rates
+permit (
+  principal,
+  action in
+    [Action::"viewReservation",
+     Action::"updateReservation",
+     Action::"createReservation"],
+  resource
+)
+when
+{
   resource in principal.memberPermissions.hotelReservations ||
   resource in principal.memberPermissions.propertyReservations
 };
-// ... three similar policies but for Inventory, PaymentDetails, Rates
 
-permit(
-  principal, 
-  action in [Action::"viewReservation",
-             Action::"updateReservation",
-             Action::"createReservation",
-             Action::"grantAccessReservation"
-             // ... other actions for all resource types
-             ],             
-  resource)
-when {
+// ... three similar policies but for Inventory, PaymentDetails, Rates
+permit (
+  principal,
+  action in
+    [Action::"viewReservation",
+     Action::"updateReservation",
+     Action::"createReservation",
+     Action::"grantAccessReservation"
+    // ... other actions for all resource types
+    ],
+  resource
+)
+when
+{
   resource in principal.hotelAdminPermissions ||
   resource in principal.propertyAdminPermissions
 };
 
 // ==========================================
 // Policies for properties and hotels
-permit(
-  principal, 
-  action in [Action::"viewProperty",
-             Action::"viewHotel"],
-  resource)
-when {
+permit (
+  principal,
+  action in [Action::"viewProperty", Action::"viewHotel"],
+  resource
+)
+when
+{
   resource in principal.viewPermissions.hotelReservations ||
-  resource is Property && resource in principal.viewPermissions.propertyReservations
+  resource is Property &&
+  resource in principal.viewPermissions.propertyReservations
 // || resource in principal.viewPermissions.inventory ... for other resource types
 };
 
-permit(
-  principal, 
-  action in [Action::"viewProperty",
-             Action::"updateProperty",
-             Action::"createProperty",
-             Action::"viewHotel",
-             Action::"updateHotel",
-             Action::"createHotel"],
-  resource)
-when {
+permit (
+  principal,
+  action in
+    [Action::"viewProperty",
+     Action::"updateProperty",
+     Action::"createProperty",
+     Action::"viewHotel",
+     Action::"updateHotel",
+     Action::"createHotel"],
+  resource
+)
+when
+{
   resource in principal.memberPermissions.hotelReservations ||
-  resource is Property && resource in principal.memberPermissions.propertyReservations
+  resource is Property &&
+  resource in principal.memberPermissions.propertyReservations
 // || resource in principal.memberPermissions.inventory ... for other resource types
 };
 
-permit(
+permit (
   principal,
-  action in [Action::"viewProperty",
-             Action::"updateProperty",
-             Action::"createProperty",
-             Action::"grantAccessProperty",
-             Action::"viewHotel",
-             Action::"updateHotel",
-             Action::"createHotel",
-             Action::"grantAccessHotel"],
-  resource)
-when {
+  action in
+    [Action::"viewProperty",
+     Action::"updateProperty",
+     Action::"createProperty",
+     Action::"grantAccessProperty",
+     Action::"viewHotel",
+     Action::"updateHotel",
+     Action::"createHotel",
+     Action::"grantAccessHotel"],
+  resource
+)
+when
+{
   resource in principal.hotelAdminPermissions ||
-  resource is Property && resource in principal.propertyAdminPermissions
-};
+  resource is Property &&
+  resource in principal.propertyAdminPermissions
+};

cedar-example-use-cases/hotel_chains/templated/policies.cedar

@@ -1,53 +1,62 @@
 @id("ViewReservation")
-permit(
+permit (
   principal == ?principal,
   action in [Action::"viewReservation"],
-  resource in ?resource);
-
+  resource in ?resource
+);
+
 @id("MemberReservation")
-permit(
-  principal == ?principal, 
-  action in [Action::"viewReservation",
-             Action::"updateReservation",
-             Action::"createReservation"],
-  resource in ?resource);
+permit (
+  principal == ?principal,
+  action in
+    [Action::"viewReservation",
+     Action::"updateReservation",
+     Action::"createReservation"],
+  resource in ?resource
+);
 
 @id("AdminReservation")
-permit(
+permit (
   principal == ?principal,
-  action in [Action::"viewReservation",
-             Action::"updateReservation",
-             Action::"createReservation",
-             Action::"grantAccessReservation"],
-  resource in ?resource);
+  action in
+    [Action::"viewReservation",
+     Action::"updateReservation",
+     Action::"createReservation",
+     Action::"grantAccessReservation"],
+  resource in ?resource
+);
 
 @id("ViewPropertyOrHotel")
-permit(
+permit (
   principal == ?principal,
-  action in [Action::"viewHotel",
-             Action::"viewProperty"],
-  resource in ?resource);
-  
+  action in [Action::"viewHotel", Action::"viewProperty"],
+  resource in ?resource
+);
+
 @id("MemberPropertyOrHotel")
-permit(
-  principal == ?principal, 
-  action in [Action::"viewHotel",
-             Action::"updateHotel",
-             Action::"createHotel",
-             Action::"viewProperty",
-             Action::"updateProperty",
-             Action::"createProperty"],
-  resource in ?resource);
+permit (
+  principal == ?principal,
+  action in
+    [Action::"viewHotel",
+     Action::"updateHotel",
+     Action::"createHotel",
+     Action::"viewProperty",
+     Action::"updateProperty",
+     Action::"createProperty"],
+  resource in ?resource
+);
 
 @id("AdminPropertyOrHotel")
-permit(
+permit (
   principal == ?principal,
-  action in [Action::"viewHotel",
-             Action::"updateHotel",
-             Action::"createHotel",
-             Action::"grantAccessHotel",
-             Action::"viewProperty",
-             Action::"updateProperty",
-             Action::"createProperty",
-             Action::"grantAccessProperty"],
-  resource in ?resource);
+  action in
+    [Action::"viewHotel",
+     Action::"updateHotel",
+     Action::"createHotel",
+     Action::"grantAccessHotel",
+     Action::"viewProperty",
+     Action::"updateProperty",
+     Action::"createProperty",
+     Action::"grantAccessProperty"],
+  resource in ?resource
+);

cedar-example-use-cases/run.sh

@@ -30,24 +30,24 @@ format "tax_preprarer" "policies.cedar"
 echo -e "\nTesting Sales Orgs (static)..."
 validate "sales_orgs/static" "policies.cedar" "policies.cedarschema"
 authorize "sales_orgs/static" "policies.cedar" "entities.json" "policies.cedarschema"
-#format "sales_orgs/static" "policies.cedar"
+format "sales_orgs/static" "policies.cedar"
 
 # Sales org templated
 echo -e "\nTesting Sales Orgs (templated)..."
 validate "sales_orgs/templated" "policies.cedar" "policies.cedarschema" "linked"
 authorize "sales_orgs/templated" "policies.cedar" "entities.json" "policies.cedarschema" "linked"
-#format "sales_orgs/templated" "policies.cedar"
+format "sales_orgs/templated" "policies.cedar"
 
 # Hotel chains static
 echo -e "\nTesting Hotels (static)..."
 validate "hotel_chains/static" "policies.cedar" "policies.cedarschema"
 authorize "hotel_chains/static" "policies.cedar" "entities.json" "policies.cedarschema"
-#format "hotel_chains/static" "policies.cedar"
+format "hotel_chains/static" "policies.cedar"
 
 # Hotel chains templated
 echo -e "\nTesting Hotels (templated)..."
 validate "hotel_chains/templated" "policies.cedar" "policies.cedarschema" "linked"
 authorize "hotel_chains/templated" "policies.cedar" "entities.json" "policies.cedarschema" "linked"
-#format "hotel_chains/static" "policies.cedar"
+format "hotel_chains/templated" "policies.cedar"
 
 exit "$any_failed"