From 0acff8a7dee4f0540095abef18ea4143fe751008 Mon Sep 17 00:00:00 2001 From: Mark Creamer Date: Wed, 16 Oct 2024 13:26:34 -0400 Subject: [PATCH 01/10] Adding tags support (#239) --- .../com/cedarpolicy/model/entity/Entity.java | 40 +++++++++++++++++-- .../serializer/EntitySerializer.java | 1 + .../cedarpolicy/EntityValidationTests.java | 20 +++++++++- .../cedarpolicy/SharedIntegrationTests.java | 21 +++++++++- 4 files changed, 75 insertions(+), 7 deletions(-) diff --git a/CedarJava/src/main/java/com/cedarpolicy/model/entity/Entity.java b/CedarJava/src/main/java/com/cedarpolicy/model/entity/Entity.java index ecef28c..00366e8 100644 --- a/CedarJava/src/main/java/com/cedarpolicy/model/entity/Entity.java +++ b/CedarJava/src/main/java/com/cedarpolicy/model/entity/Entity.java @@ -25,8 +25,8 @@ /** * An entity is the kind of object about which authorization decisions are made; principals, * actions, and resources are all a kind of entity. Each entity is defined by its entity type, a - * unique identifier (UID), zero or more attributes mapped to values, and zero or more parent - * entities. + * unique identifier (UID), zero or more attributes mapped to values, zero or more parent + * entities, and zero or more tags. */ public class Entity { private final EntityUID euid; @@ -37,6 +37,9 @@ public class Entity { /** Set of entity EUIDs that are parents to this entity. */ public final Set parentsEUIDs; + /** Tags on this entity (RFC 82) */ + public final Map tags; + /** * Create an entity from an EntityUIDs, a map of attributes, and a set of parent EntityUIDs. * @@ -45,9 +48,22 @@ public class Entity { * @param parentsEUIDs Set of parent entities' EUIDs. */ public Entity(EntityUID uid, Map attributes, Set parentsEUIDs) { + this(uid, attributes, parentsEUIDs, new HashMap<>()); + } + + /** + * Create an entity from an EntityUIDs, a map of attributes, a set of parent EntityUIDs, and a map of tags. + * + * @param uid EUID of the Entity. + * @param attributes Key/Value map of attributes. + * @param parentsEUIDs Set of parent entities' EUIDs. + * @param tags Key/Value map of tags. + */ + public Entity(EntityUID uid, Map attributes, Set parentsEUIDs, Map tags) { this.attrs = new HashMap<>(attributes); this.euid = uid; this.parentsEUIDs = parentsEUIDs; + this.tags = new HashMap<>(tags); } @Override @@ -66,7 +82,15 @@ public String toString() { .map(e -> e.getKey() + ": " + e.getValue()) .collect(Collectors.joining("\n\t\t")); } - return euid.toString() + parentStr + attributeStr; + String tagsStr = ""; + if (!tags.isEmpty()) { + tagsStr = + "\n\ttags:\n\t\t" + + tags.entrySet().stream() + .map(e -> e.getKey() + ": " + e.getValue()) + .collect(Collectors.joining("\n\t\t")); + } + return euid.toString() + parentStr + attributeStr + tagsStr; } @@ -79,10 +103,18 @@ public EntityUID getEUID() { } /** - * Get this Entities parents + * Get this Entity's parents * @return the set of parent EntityUIDs */ public Set getParents() { return parentsEUIDs; } + + /** + * Get this Entity's tags + * @return the map of tags + */ + public Map getTags() { + return tags; + } } diff --git a/CedarJava/src/main/java/com/cedarpolicy/serializer/EntitySerializer.java b/CedarJava/src/main/java/com/cedarpolicy/serializer/EntitySerializer.java index fccf4e5..c7cd142 100644 --- a/CedarJava/src/main/java/com/cedarpolicy/serializer/EntitySerializer.java +++ b/CedarJava/src/main/java/com/cedarpolicy/serializer/EntitySerializer.java @@ -37,6 +37,7 @@ public void serialize( jsonGenerator.writeObjectField("attrs", entity.attrs); jsonGenerator.writeObjectField("parents", entity.getParents().stream().map(EntityUID::asJson).collect(Collectors.toSet())); + jsonGenerator.writeObjectField("tags", entity.tags); jsonGenerator.writeEndObject(); } } diff --git a/CedarJava/src/test/java/com/cedarpolicy/EntityValidationTests.java b/CedarJava/src/test/java/com/cedarpolicy/EntityValidationTests.java index 812e1a6..6cfc2b3 100644 --- a/CedarJava/src/test/java/com/cedarpolicy/EntityValidationTests.java +++ b/CedarJava/src/test/java/com/cedarpolicy/EntityValidationTests.java @@ -35,7 +35,7 @@ import com.cedarpolicy.pbt.EntityGen; import com.cedarpolicy.value.EntityTypeName; import com.cedarpolicy.value.PrimBool; - +import com.cedarpolicy.value.PrimString; /** * Tests for entity validator @@ -96,6 +96,24 @@ public void testEntitiesWithCyclicParentRelationship() throws AuthException { "Expected to match regex but was: '%s'".formatted(errMsg)); } + /** + * Test that an entity with a tag not specified in the schema throws an exception. + */ + @Test + public void testEntityWithUnknownTag() throws AuthException { + Entity entity = EntityValidationTests.entityGen.arbitraryEntity(); + entity.tags.put("test", new PrimString("value")); + + EntityValidationRequest request = new EntityValidationRequest(ROLE_SCHEMA, List.of(entity)); + + BadRequestException exception = assertThrows(BadRequestException.class, () -> engine.validateEntities(request)); + + String errMsg = exception.getErrors().get(0); + assertTrue(errMsg.matches("found a tag `test` on `Role::\".*\"`, " + + "but no tags should exist on `Role::\".*\"` according to the schema"), + "Expected to match regex but was: '%s'".formatted(errMsg)); + } + @BeforeAll public static void setUp() { diff --git a/CedarJava/src/test/java/com/cedarpolicy/SharedIntegrationTests.java b/CedarJava/src/test/java/com/cedarpolicy/SharedIntegrationTests.java index 631dbff..68cb7cf 100644 --- a/CedarJava/src/test/java/com/cedarpolicy/SharedIntegrationTests.java +++ b/CedarJava/src/test/java/com/cedarpolicy/SharedIntegrationTests.java @@ -26,6 +26,8 @@ import com.cedarpolicy.model.AuthorizationResponse; import com.cedarpolicy.model.ValidationRequest; import com.cedarpolicy.model.ValidationResponse; +import com.cedarpolicy.model.ValidationResponse.ValidationError; +import com.cedarpolicy.model.ValidationResponse.ValidationSuccessResponse; import com.cedarpolicy.model.AuthorizationSuccessResponse.Decision; import com.cedarpolicy.model.exception.AuthException; import com.cedarpolicy.model.exception.BadRequestException; @@ -51,6 +53,7 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.HashSet; +import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Optional; @@ -173,6 +176,12 @@ private static class JsonEntity { value = "UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD", justification = "Initialized by Jackson.") public List parents; + + /** Entity tags, where the value string is a Cedar literal value. */ + @SuppressFBWarnings( + value = "UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD", + justification = "Initialized by Jackson.") + public Map tags; } /** @@ -296,8 +305,10 @@ private Entity loadEntity(JsonEntity je) { .map(euid -> EntityUID.parseFromJson(euid).get()) .collect(Collectors.toSet()); + // Support tags while also supporting old JsonEntity objects that don't specify tags + Map tags = je.tags != null ? je.tags : new HashMap<>(); - return new Entity(EntityUID.parseFromJson(je.uid).get(), je.attrs, parents); + return new Entity(EntityUID.parseFromJson(je.uid).get(), je.attrs, parents, tags); } /** @@ -326,7 +337,13 @@ private void executeJsonValidationTest(PolicySet policies, Schema schema, Boolea ValidationResponse result = auth.validate(validationQuery); assertEquals(result.type, ValidationResponse.SuccessOrFailure.Success); if (shouldValidate) { - assertTrue(result.validationPassed()); + ValidationSuccessResponse validationSuccessResponse = result.success.get(); + + // Assemble the validation failure messages, if any + List valErrList = List.copyOf(validationSuccessResponse.validationErrors); + String validationErrorMessages = valErrList.stream().map(e -> e.getError().message).collect(Collectors.joining(", ")); + + assertTrue(result.validationPassed(), validationErrorMessages); } } catch (BadRequestException e) { // A `BadRequestException` is the results of a parsing error. From 80f8077685d4c4158dc2259b8fc358b1108f63a1 Mon Sep 17 00:00:00 2001 From: Felix Zheng <37223155+felixzheng98@users.noreply.github.com> Date: Wed, 16 Oct 2024 13:39:24 -0400 Subject: [PATCH 02/10] Add support for specifying formatter config (#235) Signed-off-by: Felix Zheng --- .../formatter/PolicyFormatter.java | 4 +++ .../cedarpolicy/model/formatter/Config.java | 22 ++++++++++++ .../com/cedarpolicy/PolicyFormatterTests.java | 27 +++++++++++++++ .../formatted_policy_custom_config.cedar | 6 ++++ .../test/resources/malformed_policy_set.cedar | 2 +- .../test/resources/unformatted_policy.cedar | 2 +- CedarJavaFFI/src/interface.rs | 25 ++++++++++++-- CedarJavaFFI/src/objects.rs | 34 +++++++++++++++++++ 8 files changed, 117 insertions(+), 5 deletions(-) create mode 100644 CedarJava/src/main/java/com/cedarpolicy/model/formatter/Config.java create mode 100644 CedarJava/src/test/resources/formatted_policy_custom_config.cedar diff --git a/CedarJava/src/main/java/com/cedarpolicy/formatter/PolicyFormatter.java b/CedarJava/src/main/java/com/cedarpolicy/formatter/PolicyFormatter.java index afd3ae4..2c4f1d1 100644 --- a/CedarJava/src/main/java/com/cedarpolicy/formatter/PolicyFormatter.java +++ b/CedarJava/src/main/java/com/cedarpolicy/formatter/PolicyFormatter.java @@ -2,6 +2,7 @@ import com.cedarpolicy.loader.LibraryLoader; import com.cedarpolicy.model.exception.InternalException; +import com.cedarpolicy.model.formatter.Config; public final class PolicyFormatter { @@ -14,4 +15,7 @@ private PolicyFormatter() { public static native String policiesStrToPretty(String policies) throws InternalException, NullPointerException; + + public static native String policiesStrToPrettyWithConfig(String policies, Config config) + throws InternalException, NullPointerException; } diff --git a/CedarJava/src/main/java/com/cedarpolicy/model/formatter/Config.java b/CedarJava/src/main/java/com/cedarpolicy/model/formatter/Config.java new file mode 100644 index 0000000..3fc20e7 --- /dev/null +++ b/CedarJava/src/main/java/com/cedarpolicy/model/formatter/Config.java @@ -0,0 +1,22 @@ +package com.cedarpolicy.model.formatter; + +public class Config { + + private final int lineWidth; + private final int indentWidth; + + public Config(int lineWidth, int indentWidth) { + this.lineWidth = lineWidth; + this.indentWidth = indentWidth; + } + + @SuppressWarnings("unused") + public int getLineWidth() { + return lineWidth; + } + + @SuppressWarnings("unused") + public int getIndentWidth() { + return indentWidth; + } +} diff --git a/CedarJava/src/test/java/com/cedarpolicy/PolicyFormatterTests.java b/CedarJava/src/test/java/com/cedarpolicy/PolicyFormatterTests.java index abac4d1..ec6ef0d 100644 --- a/CedarJava/src/test/java/com/cedarpolicy/PolicyFormatterTests.java +++ b/CedarJava/src/test/java/com/cedarpolicy/PolicyFormatterTests.java @@ -2,6 +2,7 @@ import com.cedarpolicy.formatter.PolicyFormatter; import com.cedarpolicy.model.exception.InternalException; +import com.cedarpolicy.model.formatter.Config; import java.nio.file.Files; import java.nio.file.Path; import org.junit.jupiter.api.Test; @@ -37,4 +38,30 @@ public void testPoliciesStrToPrettyMalformedCedarPolicy() throws Exception { public void testPoliciesStrToPrettyNullSafety() { assertThrows(NullPointerException.class, () -> PolicyFormatter.policiesStrToPretty(null)); } + + @Test + public void testPoliciesStrToPrettyWithConfigNullSafety() throws Exception { + String cedarPolicy = Files.readString(Path.of(TEST_RESOURCES_DIR + "formatted_policy.cedar")); + + assertThrows(NullPointerException.class, + () -> PolicyFormatter.policiesStrToPrettyWithConfig(null, null)); + + assertThrows(NullPointerException.class, + () -> PolicyFormatter.policiesStrToPrettyWithConfig(cedarPolicy, null)); + + assertThrows(NullPointerException.class, + () -> PolicyFormatter.policiesStrToPrettyWithConfig(null, new Config(120, 4))); + } + + @Test + public void testPoliciesStrToPrettyWithConfig() throws Exception { + String unformattedCedarPolicy = Files.readString( + Path.of(TEST_RESOURCES_DIR + "unformatted_policy.cedar")); + + String formattedCedarPolicyWithCustomConfig = Files.readString( + Path.of(TEST_RESOURCES_DIR + "formatted_policy_custom_config.cedar")); + + assertEquals(formattedCedarPolicyWithCustomConfig, + PolicyFormatter.policiesStrToPrettyWithConfig(unformattedCedarPolicy, new Config(120, 4))); + } } diff --git a/CedarJava/src/test/resources/formatted_policy_custom_config.cedar b/CedarJava/src/test/resources/formatted_policy_custom_config.cedar new file mode 100644 index 0000000..1b940bc --- /dev/null +++ b/CedarJava/src/test/resources/formatted_policy_custom_config.cedar @@ -0,0 +1,6 @@ +permit ( + principal, + action == Action::"update", + resource +) +when { resource.owner == principal }; diff --git a/CedarJava/src/test/resources/malformed_policy_set.cedar b/CedarJava/src/test/resources/malformed_policy_set.cedar index 8097238..7325888 100644 --- a/CedarJava/src/test/resources/malformed_policy_set.cedar +++ b/CedarJava/src/test/resources/malformed_policy_set.cedar @@ -10,4 +10,4 @@ forbid ( principal == User::"Liam", action, resource = Photo::"Husky.jpg" -); \ No newline at end of file +); diff --git a/CedarJava/src/test/resources/unformatted_policy.cedar b/CedarJava/src/test/resources/unformatted_policy.cedar index 35121eb..7897777 100644 --- a/CedarJava/src/test/resources/unformatted_policy.cedar +++ b/CedarJava/src/test/resources/unformatted_policy.cedar @@ -3,4 +3,4 @@ permit( action == Action::"update", resource -) when {resource.owner == principal}; \ No newline at end of file +) when {resource.owner == principal}; diff --git a/CedarJavaFFI/src/interface.rs b/CedarJavaFFI/src/interface.rs index 6a6fff4..419d9af 100644 --- a/CedarJavaFFI/src/interface.rs +++ b/CedarJavaFFI/src/interface.rs @@ -32,6 +32,7 @@ use serde::{Deserialize, Serialize}; use serde_json::{from_str, Value}; use std::{error::Error, str::FromStr, thread}; +use crate::objects::JFormatterConfig; use crate::{ answer::Answer, jset::Set, @@ -537,7 +538,20 @@ pub fn policiesStrToPretty<'a>( _: JClass, policies_jstr: JString<'a>, ) -> jvalue { - match policies_str_to_pretty_internal(&mut env, policies_jstr) { + match policies_str_to_pretty_internal(&mut env, policies_jstr, None) { + Ok(v) => v.as_jni(), + Err(e) => jni_failed(&mut env, e.as_ref()), + } +} + +#[jni_fn("com.cedarpolicy.formatter.PolicyFormatter")] +pub fn policiesStrToPrettyWithConfig<'a>( + mut env: JNIEnv<'a>, + _: JClass, + policies_jstr: JString<'a>, + config_obj: JObject<'a>, +) -> jvalue { + match policies_str_to_pretty_internal(&mut env, policies_jstr, Some(config_obj)) { Ok(v) => v.as_jni(), Err(e) => jni_failed(&mut env, e.as_ref()), } @@ -546,11 +560,16 @@ pub fn policiesStrToPretty<'a>( fn policies_str_to_pretty_internal<'a>( env: &mut JNIEnv<'a>, policies_jstr: JString<'a>, + config_obj: Option>, ) -> Result> { - if policies_jstr.is_null() { + if policies_jstr.is_null() || config_obj.as_ref().is_some_and(|obj| obj.is_null()) { raise_npe(env) } else { - let config = Config::default(); + let config = if let Some(obj) = config_obj { + JFormatterConfig::cast(env, obj)?.get_rust_repr() + } else { + Config::default() + }; let policies_str = String::from(env.get_string(&policies_jstr)?); match policies_str_to_pretty(&policies_str, &config) { Ok(formatted_policies) => Ok(env.new_string(formatted_policies)?.into()), diff --git a/CedarJavaFFI/src/objects.rs b/CedarJavaFFI/src/objects.rs index 8d20a74..5aa24ce 100644 --- a/CedarJavaFFI/src/objects.rs +++ b/CedarJavaFFI/src/objects.rs @@ -21,6 +21,7 @@ use crate::{ use std::{marker::PhantomData, str::FromStr}; use cedar_policy::{EntityId, EntityTypeName, EntityUid}; +use cedar_policy_formatter::Config; use jni::{ objects::{JObject, JString, JValueGen, JValueOwned}, sys::jvalue, @@ -368,3 +369,36 @@ impl<'a> AsRef> for JPolicy<'a> { &self.obj } } + +pub struct JFormatterConfig<'a> { + obj: JObject<'a>, + formatter_config: Config, +} + +impl<'a> JFormatterConfig<'a> { + pub fn get_rust_repr(&self) -> Config { + self.formatter_config.clone() + } +} + +impl<'a> AsRef> for JFormatterConfig<'a> { + fn as_ref(&self) -> &JObject<'a> { + &self.obj + } +} + +impl<'a> Object<'a> for JFormatterConfig<'a> { + fn cast(env: &mut JNIEnv<'a>, obj: JObject<'a>) -> Result { + assert_is_class(env, &obj, "com/cedarpolicy/model/formatter/Config")?; + let line_width_jint = env.call_method(&obj, "getLineWidth", "()I", &[])?.i()?; + let indent_width_jint = env.call_method(&obj, "getIndentWidth", "()I", &[])?.i()?; + let formatter_config = Config { + line_width: usize::try_from(line_width_jint)?, + indent_width: isize::try_from(indent_width_jint)?, + }; + Ok(Self { + obj, + formatter_config, + }) + } +} From 6147429cdd33cece6a9c6ac2ca3a557ff70184c8 Mon Sep 17 00:00:00 2001 From: shaobo-he-aws <130499339+shaobo-he-aws@users.noreply.github.com> Date: Tue, 29 Oct 2024 12:10:10 -0700 Subject: [PATCH 03/10] Let CI use Rust 1.81 (#247) --- .github/workflows/run_cedar_java_reusable.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/run_cedar_java_reusable.yml b/.github/workflows/run_cedar_java_reusable.yml index 4b81772..bf19940 100644 --- a/.github/workflows/run_cedar_java_reusable.yml +++ b/.github/workflows/run_cedar_java_reusable.yml @@ -40,7 +40,8 @@ jobs: ref: ${{ inputs.cedar_policy_ref }} path: ./cedar - name: Prepare Rust Build - run: rustup install stable && rustup default stable + # zigbuild issue: rust-cross/cargo-zigbuild#289 + run: rustup install 1.81 && rustup default 1.81 && rustup component add rustfmt - name: Configure CedarJavaFFI for CI build run: bash configure_ci_build.sh - name: Check FFI Formatting From c0e4e77ce640dee41599f143c4ad9e9cf7738205 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 12:53:55 -0700 Subject: [PATCH 04/10] Bump org.junit.jupiter:junit-jupiter-api from 5.11.2 to 5.11.3 in /CedarJava (#244) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- CedarJava/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CedarJava/build.gradle b/CedarJava/build.gradle index ea3b4fa..f959788 100644 --- a/CedarJava/build.gradle +++ b/CedarJava/build.gradle @@ -84,7 +84,7 @@ dependencies { implementation 'com.google.guava:guava:33.3.1-jre' compileOnly 'com.github.spotbugs:spotbugs-annotations:4.8.6' testImplementation 'net.jqwik:jqwik:1.9.1' - testImplementation 'org.junit.jupiter:junit-jupiter-api:5.11.2' + testImplementation 'org.junit.jupiter:junit-jupiter-api:5.11.3' testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.11.2' } From 9006507fd1635afa1d288eb88d0bce23958c41b4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 14:43:30 -0700 Subject: [PATCH 05/10] Bump org.junit.jupiter:junit-jupiter-engine from 5.11.2 to 5.11.3 in /CedarJava (#245) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- CedarJava/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CedarJava/build.gradle b/CedarJava/build.gradle index f959788..bd1f0dd 100644 --- a/CedarJava/build.gradle +++ b/CedarJava/build.gradle @@ -85,7 +85,7 @@ dependencies { compileOnly 'com.github.spotbugs:spotbugs-annotations:4.8.6' testImplementation 'net.jqwik:jqwik:1.9.1' testImplementation 'org.junit.jupiter:junit-jupiter-api:5.11.3' - testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.11.2' + testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.11.3' } def ffiDir = '../CedarJavaFFI' From 5542e4de9b813a60eb1cd8c2ec169b2775183f32 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Oct 2024 11:01:01 -0700 Subject: [PATCH 06/10] Bump com.github.spotbugs.snom:spotbugs-gradle-plugin from 6.0.24 to 6.0.25 in /CedarJava (#242) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- CedarJava/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CedarJava/build.gradle b/CedarJava/build.gradle index bd1f0dd..e5e589a 100644 --- a/CedarJava/build.gradle +++ b/CedarJava/build.gradle @@ -5,7 +5,7 @@ buildscript { } } dependencies { - classpath "com.github.spotbugs.snom:spotbugs-gradle-plugin:6.0.24" + classpath "com.github.spotbugs.snom:spotbugs-gradle-plugin:6.0.25" classpath "gradle.plugin.com.github.sherter.google-java-format:google-java-format-gradle-plugin:0.9" } } From 13ffe8d7e8714c5527d8b6b27a8ec30c8795fbff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 08:53:04 -0500 Subject: [PATCH 07/10] Bump com.github.spotbugs.snom:spotbugs-gradle-plugin from 6.0.25 to 6.0.26 in /CedarJava (#248) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- CedarJava/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CedarJava/build.gradle b/CedarJava/build.gradle index e5e589a..6cf3f77 100644 --- a/CedarJava/build.gradle +++ b/CedarJava/build.gradle @@ -5,7 +5,7 @@ buildscript { } } dependencies { - classpath "com.github.spotbugs.snom:spotbugs-gradle-plugin:6.0.25" + classpath "com.github.spotbugs.snom:spotbugs-gradle-plugin:6.0.26" classpath "gradle.plugin.com.github.sherter.google-java-format:google-java-format-gradle-plugin:0.9" } } From 9ba1449c8784f8d9be181e23cec361bce833f351 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 08:53:28 -0500 Subject: [PATCH 08/10] Bump com.fasterxml.jackson.datatype:jackson-datatype-jdk8 from 2.18.0 to 2.18.1 in /CedarJava (#250) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- CedarJava/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CedarJava/build.gradle b/CedarJava/build.gradle index 6cf3f77..f8ec331 100644 --- a/CedarJava/build.gradle +++ b/CedarJava/build.gradle @@ -79,7 +79,7 @@ dependencies { // Do not upgrade to Jackson 3.x without addressing stack overflow issues in ValueDeserializer // The upgrade should be reviewed by AppSec implementation 'com.fasterxml.jackson.core:jackson-databind:2.18.0' - implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.18.0' + implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.18.1' implementation 'com.fizzed:jne:4.1.1' implementation 'com.google.guava:guava:33.3.1-jre' compileOnly 'com.github.spotbugs:spotbugs-annotations:4.8.6' From dcdc73afd1e09a2eda02ec478a95cf85c56119a6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 09:24:49 -0500 Subject: [PATCH 09/10] Bump com.fasterxml.jackson.core:jackson-databind from 2.18.0 to 2.18.1 in /CedarJava (#249) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- CedarJava/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CedarJava/build.gradle b/CedarJava/build.gradle index f8ec331..fbaa354 100644 --- a/CedarJava/build.gradle +++ b/CedarJava/build.gradle @@ -78,7 +78,7 @@ configurations { dependencies { // Do not upgrade to Jackson 3.x without addressing stack overflow issues in ValueDeserializer // The upgrade should be reviewed by AppSec - implementation 'com.fasterxml.jackson.core:jackson-databind:2.18.0' + implementation 'com.fasterxml.jackson.core:jackson-databind:2.18.1' implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.18.1' implementation 'com.fizzed:jne:4.1.1' implementation 'com.google.guava:guava:33.3.1-jre' From 5b3f64e5e6ea6fa094e3c2f9555a63b4b7a7fbe6 Mon Sep 17 00:00:00 2001 From: shaobo-he-aws <130499339+shaobo-he-aws@users.noreply.github.com> Date: Mon, 4 Nov 2024 12:41:44 -0800 Subject: [PATCH 10/10] Use Rust 1.81 to crossbuild FFI (#252) Signed-off-by: Shaobo He --- .github/workflows/run_cedar_java_reusable.yml | 3 +- CedarJava/build.gradle | 34 ++++++++++--------- 2 files changed, 19 insertions(+), 18 deletions(-) diff --git a/.github/workflows/run_cedar_java_reusable.yml b/.github/workflows/run_cedar_java_reusable.yml index bf19940..4b81772 100644 --- a/.github/workflows/run_cedar_java_reusable.yml +++ b/.github/workflows/run_cedar_java_reusable.yml @@ -40,8 +40,7 @@ jobs: ref: ${{ inputs.cedar_policy_ref }} path: ./cedar - name: Prepare Rust Build - # zigbuild issue: rust-cross/cargo-zigbuild#289 - run: rustup install 1.81 && rustup default 1.81 && rustup component add rustfmt + run: rustup install stable && rustup default stable - name: Configure CedarJavaFFI for CI build run: bash configure_ci_build.sh - name: Check FFI Formatting diff --git a/CedarJava/build.gradle b/CedarJava/build.gradle index fbaa354..2d39498 100644 --- a/CedarJava/build.gradle +++ b/CedarJava/build.gradle @@ -107,37 +107,39 @@ def rustJavaTargets = [ 'x86_64-unknown-linux-gnu' : 'linux/x86_64' ] -tasks.register('installCargoZigbuild', Exec) { - group 'Build' - description 'Installs Cargo Zigbuild for Rust compilation.' +def RustVersion = '1.81' - commandLine 'cargo', 'install', 'cargo-zigbuild@0.19.3' +tasks.register('installRequiredRustVersion', Exec) { + group 'Build' + description 'Install required Rust version.' + commandLine 'rustup', 'install', RustVersion } -tasks.register('installRustTargets') { - dependsOn('installCargoZigbuild') +tasks.register('installCargoZigbuild', Exec) { + dependsOn('installRequiredRustVersion') group 'Build' - description 'Installs Rust platform build targets.' + description 'Installs Cargo Zigbuild for Rust compilation.' - doLast { - rustLibraryTargets.keySet().forEach { rustTarget -> - exec { - commandLine 'rustup', 'target', 'add', rustTarget - } - } - } + commandLine 'cargo', '+' + RustVersion, 'install', 'cargo-zigbuild@0.19.3' } tasks.register('compileFFI') { - dependsOn('installRustTargets') + dependsOn('installCargoZigbuild') group 'Build' description 'Compiles Foreign Function Interface libraries.' + exec { + workingDir = ffiDir + commandLine 'rustup', 'override', 'set', RustVersion + } doLast { rustLibraryTargets.forEach { rustTarget, libraryFile -> + exec { + commandLine 'rustup', 'target', 'add', rustTarget, '--toolchain', RustVersion + } exec { workingDir = ffiDir - commandLine 'cargo', 'zigbuild', '--features', 'partial-eval', '--release', '--target', rustTarget + commandLine 'cargo', '+' + RustVersion, 'zigbuild', '--features', 'partial-eval', '--release', '--target', rustTarget } def sourcePath = "${ffiDir}/target/${rustTarget}/release/${libraryFile}"