diff --git a/CedarJava/src/main/java/com/cedarpolicy/BasicAuthorizationEngine.java b/CedarJava/src/main/java/com/cedarpolicy/BasicAuthorizationEngine.java index 2f47e51..fd8666c 100644 --- a/CedarJava/src/main/java/com/cedarpolicy/BasicAuthorizationEngine.java +++ b/CedarJava/src/main/java/com/cedarpolicy/BasicAuthorizationEngine.java @@ -113,7 +113,7 @@ private static class AuthorizationRequest extends com.cedarpolicy.model.Authoriz request.context, request.schema, request.enableRequestValidation); - this.slice = new BasicSlice(policySet.policies, entities, policySet.templates, policySet.templateInstantiations); + this.slice = new BasicSlice(policySet.policies, entities, policySet.templates, policySet.templateLinks); } } @@ -124,7 +124,7 @@ private static final class PartialAuthorizationRequest { PartialAuthorizationRequest(com.cedarpolicy.model.PartialAuthorizationRequest request, PolicySet policySet, Set entities) { this.request = request; - this.slice = new BasicSlice(policySet.policies, entities, policySet.templates, policySet.templateInstantiations); + this.slice = new BasicSlice(policySet.policies, entities, policySet.templates, policySet.templateLinks); } } diff --git a/CedarJava/src/main/java/com/cedarpolicy/model/policy/Instantiation.java b/CedarJava/src/main/java/com/cedarpolicy/model/policy/LinkValue.java similarity index 90% rename from CedarJava/src/main/java/com/cedarpolicy/model/policy/Instantiation.java rename to CedarJava/src/main/java/com/cedarpolicy/model/policy/LinkValue.java index cf3ba9d..07c5f23 100644 --- a/CedarJava/src/main/java/com/cedarpolicy/model/policy/Instantiation.java +++ b/CedarJava/src/main/java/com/cedarpolicy/model/policy/LinkValue.java @@ -19,19 +19,19 @@ import com.fasterxml.jackson.annotation.JsonCreator; import com.fasterxml.jackson.annotation.JsonProperty; -/** Instantiation for policy template. */ -public class Instantiation { +/** Link for policy template. */ +public class LinkValue { private final String slot; private final EntityTypeAndId value; /** - * Instantiation for policy template. + * Link for policy template. * * @param slot the slot in the template. * @param value the value to put in the slot */ @JsonCreator - public Instantiation( + public LinkValue( @JsonProperty("slot") String slot, @JsonProperty("value") EntityTypeAndId value) { this.slot = slot; this.value = value; diff --git a/CedarJava/src/main/java/com/cedarpolicy/model/policy/Policy.java b/CedarJava/src/main/java/com/cedarpolicy/model/policy/Policy.java index 50ef7b6..edfaea5 100644 --- a/CedarJava/src/main/java/com/cedarpolicy/model/policy/Policy.java +++ b/CedarJava/src/main/java/com/cedarpolicy/model/policy/Policy.java @@ -76,10 +76,10 @@ public static Policy parsePolicyTemplate(String templateStr) throws InternalExc } /** - * This method takes in a Policy and a list of Instantiations and calls Cedar JNI to ensure those slots - * can be used to instantiate the template. If the Template is validated ahead of time by using Policy.parsePolicyTemplate - * and the Instantiations are also ensured to be valid (for example, by validating their parts using EntityTypeName.parse - * and EntityIdentifier.parse), then this should only fail because the slots in the template don't match the instantiations + * This method takes in a template and a list of link values and calls Cedar JNI to ensure those slots + * can be used to link the template. If the template is validated ahead of time by using Policy.parsePolicyTemplate + * and the link values are also ensured to be valid (for example, by validating their parts using EntityTypeName.parse + * and EntityIdentifier.parse), then this should only fail because the slots in the template don't match the link values * (barring JNI failures). * @param p Policy object constructed from a valid template. Best if built from Policy.parsePolicyTemplate * @param principal EntityUid to put into the principal slot. Leave null if there's no principal slot diff --git a/CedarJava/src/main/java/com/cedarpolicy/model/policy/PolicySet.java b/CedarJava/src/main/java/com/cedarpolicy/model/policy/PolicySet.java index d0dc92d..9658e07 100644 --- a/CedarJava/src/main/java/com/cedarpolicy/model/policy/PolicySet.java +++ b/CedarJava/src/main/java/com/cedarpolicy/model/policy/PolicySet.java @@ -28,43 +28,43 @@ import java.nio.file.Files; import java.nio.file.Path; -/** Policy Set containing policies in the Cedar language. */ +/** Policy set containing policies in the Cedar language. */ public class PolicySet { static { LibraryLoader.loadLibrary(); } - /** Policy set. */ + /** Static policies */ public Set policies; - /** Template Instantiations. */ - public List templateInstantiations; + /** Template-linked policies */ + public List templateLinks; - /** Templates. */ + /** Policy templates */ public Set templates; public PolicySet() { this.policies = Collections.emptySet(); this.templates = Collections.emptySet(); - this.templateInstantiations = Collections.emptyList(); + this.templateLinks = Collections.emptyList(); } public PolicySet(Set policies) { this.policies = policies; this.templates = Collections.emptySet(); - this.templateInstantiations = Collections.emptyList(); + this.templateLinks = Collections.emptyList(); } public PolicySet(Set policies, Set templates) { this.policies = policies; this.templates = templates; - this.templateInstantiations = Collections.emptyList(); + this.templateLinks = Collections.emptyList(); } - public PolicySet(Set policies, Set templates, List templateInstantiations) { + public PolicySet(Set policies, Set templates, List templateLinks) { this.policies = policies; this.templates = templates; - this.templateInstantiations = templateInstantiations; + this.templateLinks = templateLinks; } /** diff --git a/CedarJava/src/main/java/com/cedarpolicy/model/policy/TemplateInstantiation.java b/CedarJava/src/main/java/com/cedarpolicy/model/policy/TemplateLink.java similarity index 75% rename from CedarJava/src/main/java/com/cedarpolicy/model/policy/TemplateInstantiation.java rename to CedarJava/src/main/java/com/cedarpolicy/model/policy/TemplateLink.java index 47def55..895d6f1 100644 --- a/CedarJava/src/main/java/com/cedarpolicy/model/policy/TemplateInstantiation.java +++ b/CedarJava/src/main/java/com/cedarpolicy/model/policy/TemplateLink.java @@ -21,8 +21,8 @@ import java.util.List; import com.google.common.collect.ImmutableList; -/** Template instantiation. */ -public class TemplateInstantiation { +/** Template-linked policy. */ +public class TemplateLink { @JsonProperty("templateId") private final String templateId; @@ -30,23 +30,24 @@ public class TemplateInstantiation { @JsonProperty("resultPolicyId") private final String resultPolicyId; - private final List instantiations; + @JsonProperty("instantiations") + private final List linkValues; /** - * Template Instantiation. + * Template-linked policy. * * @param templateId the template ID. * @param resultPolicyId the id of the resulting policy. - * @param instantiations the instantiations. + * @param linkValues the link values. */ @JsonCreator - public TemplateInstantiation( + public TemplateLink( @JsonProperty("templateId") String templateId, @JsonProperty("resultPolicyId") String resultPolicyId, - @JsonProperty("instantiations") List instantiations) { + @JsonProperty("instantiations") List linkValues) { this.templateId = templateId; this.resultPolicyId = resultPolicyId; - this.instantiations = ImmutableList.copyOf(instantiations); + this.linkValues = ImmutableList.copyOf(linkValues); } /** Get the template ID. */ @@ -59,8 +60,8 @@ public String getResultPolicyId() { return resultPolicyId; } - /** Get the instantiations to fill the slots. */ - public List getInstantiations() { - return instantiations; + /** Get the link values, which map slots to EUIDs. */ + public List getLinkValues() { + return linkValues; } } diff --git a/CedarJava/src/main/java/com/cedarpolicy/model/slice/BasicSlice.java b/CedarJava/src/main/java/com/cedarpolicy/model/slice/BasicSlice.java index a4644d1..2ae2a4d 100644 --- a/CedarJava/src/main/java/com/cedarpolicy/model/slice/BasicSlice.java +++ b/CedarJava/src/main/java/com/cedarpolicy/model/slice/BasicSlice.java @@ -18,7 +18,7 @@ import com.cedarpolicy.model.entity.Entity; import com.cedarpolicy.model.policy.Policy; -import com.cedarpolicy.model.policy.TemplateInstantiation; +import com.cedarpolicy.model.policy.TemplateLink; import com.cedarpolicy.value.Value; import com.fasterxml.jackson.annotation.JsonProperty; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; @@ -41,7 +41,7 @@ public class BasicSlice implements Slice { private final Map templatePolicies; @JsonProperty("templateInstantiations") - private final List templateInstantiations; + private final List templateLinks; /** * Construct a Slice from Entity and Policy objects. @@ -49,14 +49,14 @@ public class BasicSlice implements Slice { * @param policies Set of policies. * @param entities Set of entities. * @param templates Set of policy templates. - * @param templateInstantiations List of TemplateInstantiations. + * @param templateLinks List of templateLinks. */ @SuppressFBWarnings public BasicSlice( Set policies, Set entities, Set templates, - List templateInstantiations) { + List templateLinks) { // Copy of previous constructor. We can't call the previous constructor because fields are // final this.policies = new HashMap<>(); @@ -79,7 +79,7 @@ public BasicSlice( this.templatePolicies = templates.stream().collect(Collectors.toMap(p -> p.policyID, p -> p.policySrc)); - this.templateInstantiations = new ArrayList(templateInstantiations); + this.templateLinks = new ArrayList(templateLinks); } @@ -128,8 +128,8 @@ public Map getTemplates() { @Override @SuppressFBWarnings - public List getTemplateInstantiations() { - return templateInstantiations; + public List getTemplateLinks() { + return templateLinks; } @Override diff --git a/CedarJava/src/main/java/com/cedarpolicy/model/slice/Slice.java b/CedarJava/src/main/java/com/cedarpolicy/model/slice/Slice.java index 54e9239..af2c97d 100644 --- a/CedarJava/src/main/java/com/cedarpolicy/model/slice/Slice.java +++ b/CedarJava/src/main/java/com/cedarpolicy/model/slice/Slice.java @@ -17,7 +17,7 @@ package com.cedarpolicy.model.slice; import com.cedarpolicy.model.entity.Entity; -import com.cedarpolicy.model.policy.TemplateInstantiation; +import com.cedarpolicy.model.policy.TemplateLink; import com.cedarpolicy.value.Value; import java.util.List; import java.util.Map; @@ -68,9 +68,9 @@ public interface Slice { Map getTemplates(); /** - * Get the template instantiations. + * Get the template links. * - * @return List of template instatiations + * @return List of template links */ - List getTemplateInstantiations(); + List getTemplateLinks(); } diff --git a/CedarJava/src/main/java/com/cedarpolicy/serializer/SliceSerializer.java b/CedarJava/src/main/java/com/cedarpolicy/serializer/SliceSerializer.java index eb5799b..46735f7 100644 --- a/CedarJava/src/main/java/com/cedarpolicy/serializer/SliceSerializer.java +++ b/CedarJava/src/main/java/com/cedarpolicy/serializer/SliceSerializer.java @@ -43,7 +43,7 @@ public void serialize( "entities", convertEntitiesToJsonEntities(slice.getEntities())); jsonGenerator.writeObjectField("templates", slice.getTemplates()); jsonGenerator.writeObjectField( - "templateInstantiations", slice.getTemplateInstantiations()); + "templateInstantiations", slice.getTemplateLinks()); jsonGenerator.writeEndObject(); } diff --git a/CedarJava/src/test/java/com/cedarpolicy/pbt/IntegrationTests.java b/CedarJava/src/test/java/com/cedarpolicy/pbt/IntegrationTests.java index 83353db..2eba3f8 100644 --- a/CedarJava/src/test/java/com/cedarpolicy/pbt/IntegrationTests.java +++ b/CedarJava/src/test/java/com/cedarpolicy/pbt/IntegrationTests.java @@ -27,10 +27,10 @@ import com.cedarpolicy.model.AuthorizationResponse; import com.cedarpolicy.model.entity.Entity; import com.cedarpolicy.model.policy.EntityTypeAndId; -import com.cedarpolicy.model.policy.Instantiation; +import com.cedarpolicy.model.policy.LinkValue; import com.cedarpolicy.model.policy.Policy; import com.cedarpolicy.model.policy.PolicySet; -import com.cedarpolicy.model.policy.TemplateInstantiation; +import com.cedarpolicy.model.policy.TemplateLink; import com.cedarpolicy.value.Decimal; import com.cedarpolicy.value.EntityUID; import com.cedarpolicy.value.EntityTypeName; @@ -554,20 +554,19 @@ public void testTemplateResourceAttribute() { Set templates = new HashSet<>(); templates.add(policy); - Instantiation instantiation = - new Instantiation(principalSlot, new EntityTypeAndId("User", "alice")); + LinkValue linkValue = new LinkValue(principalSlot, new EntityTypeAndId("User", "alice")); - final String instantiatedPolicyId = "ID0_alice"; - TemplateInstantiation templateInstantiation = - new TemplateInstantiation( + final String linkId = "ID0_alice"; + TemplateLink templateLink = + new TemplateLink( policyId, - instantiatedPolicyId, - new ArrayList(Arrays.asList(instantiation))); + linkId, + new ArrayList(Arrays.asList(linkValue))); - ArrayList templateInstantiations = - new ArrayList(Arrays.asList(templateInstantiation)); + ArrayList templateLinks = + new ArrayList(Arrays.asList(templateLink)); - PolicySet policySet = new PolicySet(policies, templates, templateInstantiations); + PolicySet policySet = new PolicySet(policies, templates, templateLinks); Map currentContext = new HashMap<>(); AuthorizationRequest request = new AuthorizationRequest( diff --git a/CedarJavaFFI/src/interface.rs b/CedarJavaFFI/src/interface.rs index 972ad91..3b6f331 100644 --- a/CedarJavaFFI/src/interface.rs +++ b/CedarJavaFFI/src/interface.rs @@ -371,11 +371,11 @@ fn validate_template_linked_policy_internal<'a>( } let template_id = template.id().clone(); - let instantiated_id = PolicyId::from_str("x")?; + let link_id = PolicyId::from_str("x")?; let mut policy_set = PolicySet::new(); policy_set.add_template(template)?; - policy_set.link(template_id, instantiated_id, slots_map)?; + policy_set.link(template_id, link_id, slots_map)?; Ok(JValueGen::Bool(1)) } }