Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(jans-cedarling): Policy Store: Parse Schema and Policies #9575

Merged
merged 18 commits into from
Sep 25, 2024
Merged

feat(jans-cedarling): Policy Store: Parse Schema and Policies #9575

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
97ea92a
feat(jans-cedarling): add PolicyStore and field schema. Also added de…
olehbozhok Sep 23, 2024
7dac32a
test(jans-cedarling): add unit tests to check `parse_cedar_schema` (d…
olehbozhok Sep 23, 2024
e01bc54
docs(jans-cedarling): add docs for PolicyStore
olehbozhok Sep 23, 2024
928b2bd
feat(jans-cedarling): add loading policy store based on config
olehbozhok Sep 23, 2024
bd0df57
feat(jans-cedarling): add loading policy store to Cedarling
olehbozhok Sep 23, 2024
3449b60
chore(jans-cedarling): rename LogType to LogTypeConfig
olehbozhok Sep 23, 2024
821cc2e
chore(jans-cedarling): fix `log_init` example after updating config
olehbozhok Sep 23, 2024
5cd1c79
chore(jans-cedarling): add allow(dead_code) on schema
olehbozhok Sep 23, 2024
d29218e
chore(jans-cedarling): add copyright notice
olehbozhok Sep 23, 2024
6b4ed70
docs(jans-cedarling): add README to init module
olehbozhok Sep 23, 2024
a1163bd
docs(jans-cedarling): add README to authz module
olehbozhok Sep 23, 2024
8d8cf8b
chore(jans-cedarling): update message in ErrorLoadPolicyStore::MoreTh…
olehbozhok Sep 23, 2024
bf89da3
chore(jans-cedarling): add comments to Cedarling::new
olehbozhok Sep 23, 2024
b6dacac
chore(jans-cedarling): remove unnecessary code
olehbozhok Sep 23, 2024
8cd92b3
docs(jans-cedarling): in README removed `Cedarling bindings` section
olehbozhok Sep 24, 2024
e724090
chore(jans-cedarling): move position of PolicyStoreMap to be first
olehbozhok Sep 24, 2024
cf20191
chore(jans-cedarling): refactor, move errors messages to the enum
olehbozhok Sep 24, 2024
df19054
Merge branch 'main' into jans-cedaling-issue-9568
moabu Sep 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 0 additions & 7 deletions jans-cedarling/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,6 @@ The Cedarling is a more productive and flexible way to handle authorization.

Cedarling is written in the Rust programming language (folder `cedarling`). And you can import it into your project as a dependency.

## Cedarling bindings

We have support binding for this platforms:

- [ ] Python
- [ ] Wasm

## Examples of rust Cedarling

Rust examples of using Cedarling contains in the folder `cedarling/examples`.
Expand Down
2 changes: 2 additions & 0 deletions jans-cedarling/cedarling/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,5 @@ serde_json = { workspace = true }
thiserror = { workspace = true }
sparkv = { workspace = true }
uuid7 = { version = "1.1.0", features = ["serde", "uuid"] }
cedar-policy = "4.0.0"
base64 = "0.22.1"
34 changes: 25 additions & 9 deletions jans-cedarling/cedarling/examples/log_init.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,19 @@
/*
* This software is available under the Apache-2.0 license.
* See https://www.apache.org/licenses/LICENSE-2.0.txt for full text.
*
* Copyright (c) 2024, Gluu, Inc.
*/

use cedarling::{
AuthzConfig, BootstrapConfig, Cedarling, LogConfig, LogStorage, LogType, MemoryLogConfig,
AuthzConfig, BootstrapConfig, Cedarling, LogConfig, LogStorage, LogTypeConfig, MemoryLogConfig,
PolicyStoreConfig, PolicyStoreSource,
};
use std::env;

fn main() {
static POLICY_STORE_RAW: &str = include_str!("../src/init/test_files/policy-store_ok.json");

fn main() -> Result<(), Box<dyn std::error::Error>> {
// Collect command-line arguments
let args: Vec<String> = env::args().collect();

Expand All @@ -17,13 +27,13 @@ fn main() {
// Parse the log type from the first argument
let log_type_arg = &args[1];
let log_type = match log_type_arg.as_str() {
"off" => LogType::Off,
"stdout" => LogType::StdOut,
"lock" => LogType::Lock,
"off" => LogTypeConfig::Off,
"stdout" => LogTypeConfig::StdOut,
"lock" => LogTypeConfig::Lock,
"memory" => extract_memory_config(args),
_ => {
eprintln!("Invalid log type, defaulting to StdOut.");
LogType::StdOut
LogTypeConfig::StdOut
},
};

Expand All @@ -35,7 +45,11 @@ fn main() {
application_name: "test_app".to_string(),
},
log_config: LogConfig { log_type },
});
policy_store_config: PolicyStoreConfig {
source: PolicyStoreSource::Json(POLICY_STORE_RAW.to_string()),
store_id: None,
},
})?;

println!("Stage 1:");
let logs_ids = authz.get_log_ids();
Expand All @@ -58,9 +72,11 @@ fn main() {

println!("\n\n Stage 4:\nShow len of keys left using get_log_ids");
println!("Number of keys left: {:?}", authz.get_log_ids().len());

Ok(())
}

fn extract_memory_config(args: Vec<String>) -> LogType {
fn extract_memory_config(args: Vec<String>) -> LogTypeConfig {
if args.len() < 3 {
eprintln!("Memory log type requires two additional arguments: ttl value in seconds");
std::process::exit(1);
Expand All @@ -69,5 +85,5 @@ fn extract_memory_config(args: Vec<String>) -> LogType {
let log_ttl: u64 = args[2]
.parse()
.expect("Invalid ttl value, should be integer");
LogType::Memory(MemoryLogConfig { log_ttl })
LogTypeConfig::Memory(MemoryLogConfig { log_ttl })
}
6 changes: 6 additions & 0 deletions jans-cedarling/cedarling/src/authz/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
# Auth Engine

Part of Cedarling that main purpose is:

- evaluate if authorization is granted for *user*
- evaluate if authorization is granted for *client*
9 changes: 5 additions & 4 deletions jans-cedarling/cedarling/src/authz/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@
use crate::log::{LogWriter, Logger};
use crate::models::authz_config::AuthzConfig;
use crate::models::log_entry::{LogEntry, LogType};
use uuid7::{uuid4, Uuid};
use crate::models::policy_store::PolicyStore;
use uuid7::Uuid;

/// Authorization Service
/// The primary service of the Cedarling application responsible for evaluating authorization requests.
Expand All @@ -22,13 +23,12 @@ pub struct Authz {
log_service: Logger,
pdp_id: Uuid,
application_name: String,
policy_store: PolicyStore,
}

impl Authz {
/// Create a new Authorization Service
pub fn new(config: AuthzConfig, log: Logger) -> Self {
// we use uuid v4 because it is generated based on random numbers.
let pdp_id = uuid4();
pub fn new(config: AuthzConfig, pdp_id: Uuid, log: Logger, policy_store: PolicyStore) -> Self {
let application_name = config.application_name;

log.log(
Expand All @@ -40,6 +40,7 @@ impl Authz {
log_service: log,
pdp_id,
application_name,
policy_store,
}
}
}
7 changes: 7 additions & 0 deletions jans-cedarling/cedarling/src/init/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# Init engine

Init engine is responsible for reading and loading entities on start of the application, like:

- read boostrap properties
- load Cedar Policies
- get keys for JWT validation
86 changes: 86 additions & 0 deletions jans-cedarling/cedarling/src/init/cedar_schema.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
/*
* This software is available under the Apache-2.0 license.
* See https://www.apache.org/licenses/LICENSE-2.0.txt for full text.
*
* Copyright (c) 2024, Gluu, Inc.
*/

use base64::prelude::*;

#[derive(Debug, thiserror::Error)]
pub enum ParceCedarSchemaErrMsg {
#[error("unable to decode cedar policy schema base64")]
BASE64,
#[error("unable to decode cedar policy schema json")]
JSON,
}

/// A custom deserializer for Cedar's Schema.
//
// is used to deserialize field `schema` in `PolicyStore`
pub(crate) fn parse_cedar_schema<'de, D>(deserializer: D) -> Result<cedar_policy::Schema, D::Error>
where
D: serde::Deserializer<'de>,
{
let source = <String as serde::Deserialize>::deserialize(deserializer)?;
let decoded: Vec<u8> = BASE64_STANDARD.decode(source.as_str()).map_err(|err| {
serde::de::Error::custom(format!("{}: {}", ParceCedarSchemaErrMsg::BASE64, err,))
})?;

let schema = cedar_policy::Schema::from_json_file(decoded.as_slice()).map_err(|err| {
serde::de::Error::custom(format!("{}: {}", ParceCedarSchemaErrMsg::JSON, err))
})?;

Ok(schema)
}

#[cfg(test)]
mod tests {
use super::*;
use crate::models::policy_store::PolicyStoreMap;

#[test]
fn test_read_ok() {
static POLICY_STORE_RAW: &str = include_str!("test_files/policy-store_ok.json");

let policy_result = serde_json::from_str::<PolicyStoreMap>(POLICY_STORE_RAW);
assert!(policy_result.is_ok());
}

#[test]
fn test_read_base64_error() {
static POLICY_STORE_RAW: &str =
include_str!("test_files/policy-store_schema_err_base64.json");

let policy_result = serde_json::from_str::<PolicyStoreMap>(POLICY_STORE_RAW);
assert!(policy_result
.unwrap_err()
.to_string()
.contains(&ParceCedarSchemaErrMsg::BASE64.to_string()));
}

#[test]
fn test_read_json_error() {
static POLICY_STORE_RAW: &str =
include_str!("test_files/policy-store_schema_err_json.json");

let policy_result = serde_json::from_str::<PolicyStoreMap>(POLICY_STORE_RAW);
assert!(policy_result
.unwrap_err()
.to_string()
.contains(&ParceCedarSchemaErrMsg::JSON.to_string()));
}

#[test]
fn test_read_cedar_error() {
static POLICY_STORE_RAW: &str =
include_str!("test_files/policy-store_schema_err_cedar_mistake.json");

let policy_result = serde_json::from_str::<PolicyStoreMap>(POLICY_STORE_RAW);
// in this scenario error message looks like:
// `unable to decode cedar policy schema json: failed to resolve type: User_TypeNotExist", line: 35, column: 1`
let err_msg = policy_result.unwrap_err().to_string();
assert!(err_msg.contains(&ParceCedarSchemaErrMsg::JSON.to_string()));
assert!(err_msg.contains("failed to resolve type"));
}
}
7 changes: 5 additions & 2 deletions jans-cedarling/cedarling/src/init/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,14 @@
/*
* This software is available under the Apache-2.0 license.
* This software is available under the Apache-2.0 license.
* See https://www.apache.org/licenses/LICENSE-2.0.txt for full text.
*
* Copyright (c) 2024, Gluu, Inc.
* Copyright (c) 2024, Gluu, Inc.
*/
//! # Init Engine
//! Part of Cedarling that main purpose is:
//! - read boostrap properties
//! - load Cedar Policies
//! - get keys for JWT validation

pub(crate) mod cedar_schema;
pub(crate) mod policy_store;
58 changes: 58 additions & 0 deletions jans-cedarling/cedarling/src/init/policy_store.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
/*
* This software is available under the Apache-2.0 license.
* See https://www.apache.org/licenses/LICENSE-2.0.txt for full text.
*
* Copyright (c) 2024, Gluu, Inc.
*/

use crate::models::policy_store::{PolicyStore, PolicyStoreMap};
use crate::models::policy_store_config::{PolicyStoreConfig, PolicyStoreSource};

/// Error cases for loading policy
#[derive(Debug, thiserror::Error)]
pub enum ErrorLoadPolicyStore {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rather than creating different enums for showing error messages, can we just make a single enum for all error messages inside \jans-cedarling\cedarling\src\models\enum\error.

for Example:

pub enum CedarlingApplicationError {
 #[error("{0}")]
    LoadPolicyStoreJsonParseError(#[from] serde_json::Error),
    #[error("store policy is empty")]
    LoadPolicyStoreWithEmptyPolicy,
    #[error("the `store_key` is not specified and the count on policies more than 1")]
    LoadPolicyStoreMoreThanOnePolicy,
    #[error("could not found policy by id: {0}")]
    LoadPolicyStorePolicyNotFound(String),
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the idea to return the error struct in functions that cover all possible error cases for only the current situation. Because it will be easier to maintain when application grows.

And If we have somethinglike CedarlingApplicationError
It will have all possible errors for all application.

And when we will be wanted to handle the error cases with match statement, it will be hard to understand what exactly cases current function returns. Because CedarlingApplicationError have all possible cases in the application.

Copy link
Contributor

@duttarnab duttarnab Sep 24, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And If we have something like CedarlingApplicationError
It will have all possible errors for all application.

This is what we practise in most of applications. We do not clutter our project with multiple Enums for error messages.

And when we will be wanted to handle the error cases with match statement, it will be hard to understand what exactly cases current function returns. Because CedarlingApplicationError have all possible cases in the application.

The naming convention of enum items should be sufficient of make its purpose clear. We don't need to make multiple error enums for this.

And I could see ErrorLoadPolicyStore in cedar_schem.rs and policy_store.rs. Code duplication does not make sense.

#[error("{0}")]
JsonParce(#[from] serde_json::Error),
#[error("store policy is empty")]
PolicyEmpty,
#[error("the `store_key` is not specified and the count on policies more than 1")]
MoreThanOnePolicy,
#[error("could not found policy by id: {0}")]
FindPolicy(String),
}

/// Load policy store based on config
//
// Unit tests will be added when will be implemented other types of sources
pub(crate) fn load_policy_store(
config: PolicyStoreConfig,
) -> Result<PolicyStore, ErrorLoadPolicyStore> {
let mut policy_store_map: PolicyStoreMap = match config.source {
PolicyStoreSource::Json(json_raw) => serde_json::from_str(json_raw.as_str())?,
};

let policy: PolicyStore = match (config.store_id, policy_store_map.policy_stores.len()) {
(Some(store_id), _) => policy_store_map
.policy_stores
.remove(store_id.as_str())
.ok_or(ErrorLoadPolicyStore::FindPolicy(store_id))?,
(None, 0) => {
return Err(ErrorLoadPolicyStore::PolicyEmpty);
},
(None, 1) => {
// getting first element and we know it is save to use unwrap here,
// because we know that there is only one element in the map
policy_store_map
.policy_stores
.into_values()
.into_iter()
.next()
.unwrap()
},
(None, 2..) => {
return Err(ErrorLoadPolicyStore::MoreThanOnePolicy);
},
};

Ok(policy)
}
35 changes: 35 additions & 0 deletions jans-cedarling/cedarling/src/init/test_files/policy-store_ok.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
{
"8b805e22fdd39f3dd33a13d9fb446d8e6314153ca997": {
"name": "gluustore",
"description": "gluu",
"policies": {
"840da5d85403f35ea76519ed1a18a33989f855bf1cf8": {
"description": "admin access",
"creation_date": "2024-09-20T17:22:39.996050",
"policy_content": "QGlkKCJhZG1pbiBhY2Nlc3MiKQpwZXJtaXQKKAogcHJpbmNpcGFsID09IEphbnM6OlJvbGU6OiJBZG1pbiIsCiBhY3Rpb24gaW4gW0phbnM6OkFjdGlvbjo6IkNvbXBhcmUiLEphbnM6OkFjdGlvbjo6IkV4ZWN1dGUiXSwKIHJlc291cmNlID09IEphbnM6OkFwcGxpY2F0aW9uOjoiQWRtaW4iCikKd2hlbgp7CiBKYW5zOjpBY2Nlc3NfdG9rZW46OiJhYmMiLnNjb3BlPT0iYWJjIiAmJiBKYW5zOjppZF90b2tlbjo6ImlkeHh4Ii5hbXI9PSJpZHh4eCIgIAp9Ow=="
},
"b6313811924c9e67f898257cbf017674e08203779ae9": {
"description": "manager access",
"creation_date": "2024-09-20T18:11:26.442574",
"policy_content": "QGlkKCJtYW5hZ2VyIGFjY2VzcyIpCnBlcm1pdAooCiBwcmluY2lwYWwsCiBhY3Rpb24sCiByZXNvdXJjZQopCndoZW4KewogSmFuczo6QWNjZXNzX3Rva2VuOjoieHh4Ii5zY29wZT09Inh4eCIgfHwgSmFuczo6aWRfdG9rZW46OiJpZHh4eCIuYW1yPT0iaWR4eHgiICYmIGNvbnRleHQubmV0d29yay5pc0luUmFuZ2UoaXAoIjIyMi4yMjIuMjIyLjAvMjQiKSkgIAp9Ow=="
},
"f2b38413cad977ab21616bd4a63c233548491cf25b72": {
"description": "manager access",
"creation_date": "2024-09-20T18:11:37.774401",
"policy_content": "QGlkKCJtYW5hZ2VyIGFjY2VzcyIpCnBlcm1pdAooCiBwcmluY2lwYWwsCiBhY3Rpb24sCiByZXNvdXJjZQopCndoZW4KewogSmFuczo6QWNjZXNzX3Rva2VuOjoieHh4Ii5zY29wZT09Inh4eCIgfHwgSmFuczo6aWRfdG9rZW46OiJpZHh4eCIuYW1yPT0iaWR4eHgiICYmIGNvbnRleHQubmV0d29yay5pc0luUmFuZ2UoaXAoIjIyMi4yMjIuMjIyLjAvMjQiKSkgIAp9Ow=="
},
"fa6a3f46ab5f741e806deff0f81d0f848af37604500f": {
"description": "without condition",
"creation_date": "2024-09-22T18:18:35.801566",
"policy_content": "QGlkKCJ3aXRob3V0IGNvbmRpdGlvbiIpCnBlcm1pdAooCiBwcmluY2lwYWwgPT0gSmFuczo6Um9sZTo6IkFkbWluIiwKIGFjdGlvbiwKIHJlc291cmNlCikKOw=="
},
"96deb02f8ce44c46d497d44dbfec80b3b6a64fe22994": {
"description": "forbid",
"creation_date": "2024-09-23T14:51:21.480763",
"policy_content": "QGlkKCJmb3JiaWQiKQpmb3JiaWQKKAogcHJpbmNpcGFsIGluIEphbnM6OlJvbGU6OiJBZG1pbiIsCiBhY3Rpb24gaW4gW0phbnM6OkFjdGlvbjo6IlNlYXJjaCIsSmFuczo6QWN0aW9uOjoiVGFnIl0sCiByZXNvdXJjZSBpbiBKYW5zOjpBcHBsaWNhdGlvbjo6IkFkbWluUG9ydGFsIgopCndoZW4KewogSmFuczo6QWNjZXNzX3Rva2VuOjoieHh4Ii5leHA+MTIzICYmIEphbnM6OkFjY2Vzc190b2tlbjo6ImFhYSIuZXhwPDMyMSB8fCBKYW5zOjpBY2Nlc3NfdG9rZW46OiJhYWEiLmlhdD49MTExICAKfTs="
}
},
"identity_source": {},
"schema": "eyJKYW5zIjp7ImNvbW1vblR5cGVzIjp7IlVybCI6eyJ0eXBlIjoiUmVjb3JkIiwiYXR0cmlidXRlcyI6eyJob3N0Ijp7InR5cGUiOiJTdHJpbmcifSwicGF0aCI6eyJ0eXBlIjoiU3RyaW5nIn0sInByb3RvY29sIjp7InR5cGUiOiJTdHJpbmcifX19LCJDb250ZXh0Ijp7InR5cGUiOiJSZWNvcmQiLCJhdHRyaWJ1dGVzIjp7ImJyb3dzZXIiOnsidHlwZSI6IlN0cmluZyJ9LCJjdXJyZW50X3RpbWUiOnsidHlwZSI6IkxvbmcifSwiZGV2aWNlX2hlYWx0aCI6eyJ0eXBlIjoiU2V0IiwiZWxlbWVudCI6eyJ0eXBlIjoiU3RyaW5nIn19LCJmcmF1ZF9pbmRpY2F0b3JzIjp7InR5cGUiOiJTZXQiLCJlbGVtZW50Ijp7InR5cGUiOiJTdHJpbmcifX0sImdlb2xvY2F0aW9uIjp7InR5cGUiOiJTZXQiLCJlbGVtZW50Ijp7InR5cGUiOiJTdHJpbmcifX0sIm5ldHdvcmsiOnsidHlwZSI6IkV4dGVuc2lvbiIsIm5hbWUiOiJpcGFkZHIifSwibmV0d29ya190eXBlIjp7InR5cGUiOiJTdHJpbmcifSwib3BlcmF0aW5nX3N5c3RlbSI6eyJ0eXBlIjoiU3RyaW5nIn19fSwiZW1haWxfYWRkcmVzcyI6eyJ0eXBlIjoiUmVjb3JkIiwiYXR0cmlidXRlcyI6eyJkb21haW4iOnsidHlwZSI6IlN0cmluZyJ9LCJpZCI6eyJ0eXBlIjoiU3RyaW5nIn19fX0sImVudGl0eVR5cGVzIjp7IlVzZXJpbmZvX3Rva2VuIjp7InNoYXBlIjp7InR5cGUiOiJSZWNvcmQiLCJhdHRyaWJ1dGVzIjp7ImF1ZCI6eyJ0eXBlIjoiU3RyaW5nIn0sImJpcnRoZGF0ZSI6eyJ0eXBlIjoiU3RyaW5nIn0sImVtYWlsIjp7InR5cGUiOiJlbWFpbF9hZGRyZXNzIn0sImV4cCI6eyJ0eXBlIjoiTG9uZyJ9LCJpYXQiOnsidHlwZSI6IkxvbmcifSwiaXNzIjp7InR5cGUiOiJFbnRpdHkiLCJuYW1lIjoiVHJ1c3RlZElzc3VlciJ9LCJqdGkiOnsidHlwZSI6IlN0cmluZyJ9LCJuYW1lIjp7InR5cGUiOiJTdHJpbmcifSwicGhvbmVfbnVtYmVyIjp7InR5cGUiOiJTdHJpbmcifSwicm9sZSI6eyJ0eXBlIjoiU2V0IiwiZWxlbWVudCI6eyJ0eXBlIjoiU3RyaW5nIn19LCJzdWIiOnsidHlwZSI6IlN0cmluZyJ9fX19LCJBY2Nlc3NfdG9rZW4iOnsic2hhcGUiOnsidHlwZSI6IlJlY29yZCIsImF0dHJpYnV0ZXMiOnsiYXVkIjp7InR5cGUiOiJTdHJpbmcifSwiZXhwIjp7InR5cGUiOiJMb25nIn0sImlhdCI6eyJ0eXBlIjoiTG9uZyJ9LCJpc3MiOnsidHlwZSI6IkVudGl0eSIsIm5hbWUiOiJUcnVzdGVkSXNzdWVyIn0sImp0aSI6eyJ0eXBlIjoiU3RyaW5nIn0sIm5iZiI6eyJ0eXBlIjoiTG9uZyJ9LCJzY29wZSI6eyJ0eXBlIjoiU3RyaW5nIn19fX0sIkFwcGxpY2F0aW9uIjp7InNoYXBlIjp7InR5cGUiOiJSZWNvcmQiLCJhdHRyaWJ1dGVzIjp7ImNsaWVudCI6eyJ0eXBlIjoiRW50aXR5IiwibmFtZSI6IkNsaWVudCJ9LCJuYW1lIjp7InR5cGUiOiJTdHJpbmcifX19fSwiUm9sZSI6e30sIlRydXN0ZWRJc3N1ZXIiOnsic2hhcGUiOnsidHlwZSI6IlJlY29yZCIsImF0dHJpYnV0ZXMiOnsiaXNzdWVyX2VudGl0eV9pZCI6eyJ0eXBlIjoiVXJsIn19fX0sIkNsaWVudCI6eyJzaGFwZSI6eyJ0eXBlIjoiUmVjb3JkIiwiYXR0cmlidXRlcyI6eyJjbGllbnRfaWQiOnsidHlwZSI6IlN0cmluZyJ9LCJpc3MiOnsidHlwZSI6IkVudGl0eSIsIm5hbWUiOiJUcnVzdGVkSXNzdWVyIn19fX0sImlkX3Rva2VuIjp7InNoYXBlIjp7InR5cGUiOiJSZWNvcmQiLCJhdHRyaWJ1dGVzIjp7ImFjciI6eyJ0eXBlIjoiU2V0IiwiZWxlbWVudCI6eyJ0eXBlIjoiU3RyaW5nIn19LCJhbXIiOnsidHlwZSI6IlN0cmluZyJ9LCJhdWQiOnsidHlwZSI6IlN0cmluZyJ9LCJhenAiOnsidHlwZSI6IlN0cmluZyJ9LCJiaXJ0aGRhdGUiOnsidHlwZSI6IlN0cmluZyJ9LCJlbWFpbCI6eyJ0eXBlIjoiZW1haWxfYWRkcmVzcyJ9LCJleHAiOnsidHlwZSI6IkxvbmcifSwiaWF0Ijp7InR5cGUiOiJMb25nIn0sImlzcyI6eyJ0eXBlIjoiRW50aXR5IiwibmFtZSI6IlRydXN0ZWRJc3N1ZXIifSwianRpIjp7InR5cGUiOiJTdHJpbmcifSwibmFtZSI6eyJ0eXBlIjoiU3RyaW5nIn0sInBob25lX251bWJlciI6eyJ0eXBlIjoiU3RyaW5nIn0sInJvbGUiOnsidHlwZSI6IlNldCIsImVsZW1lbnQiOnsidHlwZSI6IlN0cmluZyJ9fSwic3ViIjp7InR5cGUiOiJTdHJpbmcifX19fSwiVXNlciI6eyJtZW1iZXJPZlR5cGVzIjpbIlJvbGUiXSwic2hhcGUiOnsidHlwZSI6IlJlY29yZCIsImF0dHJpYnV0ZXMiOnsiZW1haWwiOnsidHlwZSI6ImVtYWlsX2FkZHJlc3MifSwicGhvbmVfbnVtYmVyIjp7InR5cGUiOiJTdHJpbmcifSwicm9sZSI6eyJ0eXBlIjoiU2V0IiwiZWxlbWVudCI6eyJ0eXBlIjoiU3RyaW5nIn19LCJzdWIiOnsidHlwZSI6IlN0cmluZyJ9LCJ1c2VybmFtZSI6eyJ0eXBlIjoiU3RyaW5nIn19fX0sIkhUVFBfUmVxdWVzdCI6eyJzaGFwZSI6eyJ0eXBlIjoiUmVjb3JkIiwiYXR0cmlidXRlcyI6eyJhY2NlcHQiOnsidHlwZSI6IlNldCIsImVsZW1lbnQiOnsidHlwZSI6IlN0cmluZyJ9fSwiaGVhZGVyIjp7InR5cGUiOiJTZXQiLCJlbGVtZW50Ijp7InR5cGUiOiJTdHJpbmcifX0sInVybCI6eyJ0eXBlIjoiVXJsIn19fX19LCJhY3Rpb25zIjp7IkdFVCI6eyJhcHBsaWVzVG8iOnsicmVzb3VyY2VUeXBlcyI6WyJIVFRQX1JlcXVlc3QiXSwicHJpbmNpcGFsVHlwZXMiOlsiQ2xpZW50Il0sImNvbnRleHQiOnsidHlwZSI6IkNvbnRleHQifX19LCJERUxFVEUiOnsiYXBwbGllc1RvIjp7InJlc291cmNlVHlwZXMiOlsiSFRUUF9SZXF1ZXN0Il0sInByaW5jaXBhbFR5cGVzIjpbIkNsaWVudCJdLCJjb250ZXh0Ijp7InR5cGUiOiJDb250ZXh0In19fSwiUE9TVCI6eyJhcHBsaWVzVG8iOnsicmVzb3VyY2VUeXBlcyI6WyJIVFRQX1JlcXVlc3QiXSwicHJpbmNpcGFsVHlwZXMiOlsiQ2xpZW50Il0sImNvbnRleHQiOnsidHlwZSI6IkNvbnRleHQifX19LCJIRUFEIjp7ImFwcGxpZXNUbyI6eyJyZXNvdXJjZVR5cGVzIjpbIkhUVFBfUmVxdWVzdCJdLCJwcmluY2lwYWxUeXBlcyI6WyJDbGllbnQiXSwiY29udGV4dCI6eyJ0eXBlIjoiQ29udGV4dCJ9fX0sIlBVVCI6eyJhcHBsaWVzVG8iOnsicmVzb3VyY2VUeXBlcyI6WyJIVFRQX1JlcXVlc3QiXSwicHJpbmNpcGFsVHlwZXMiOlsiQ2xpZW50Il0sImNvbnRleHQiOnsidHlwZSI6IkNvbnRleHQifX19LCJQQVRDSCI6eyJhcHBsaWVzVG8iOnsicmVzb3VyY2VUeXBlcyI6WyJIVFRQX1JlcXVlc3QiXSwicHJpbmNpcGFsVHlwZXMiOlsiQ2xpZW50Il0sImNvbnRleHQiOnsidHlwZSI6IkNvbnRleHQifX19LCJBY2Nlc3MiOnsiYXBwbGllc1RvIjp7InJlc291cmNlVHlwZXMiOlsiQXBwbGljYXRpb24iXSwicHJpbmNpcGFsVHlwZXMiOlsiVXNlciIsIlJvbGUiXSwiY29udGV4dCI6eyJ0eXBlIjoiQ29udGV4dCJ9fX19fX0="
}
}
35 changes: 35 additions & 0 deletions jans-cedarling/cedarling/src/init/test_files/policy-store_schema_err_base64.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
{
"8b805e22fdd39f3dd33a13d9fb446d8e6314153ca997": {
"name": "gluustore",
"description": "gluu",
"policies": {
"840da5d85403f35ea76519ed1a18a33989f855bf1cf8": {
"description": "admin access",
"creation_date": "2024-09-20T17:22:39.996050",
"policy_content": "QGlkKCJhZG1pbiBhY2Nlc3MiKQpwZXJtaXQKKAogcHJpbmNpcGFsID09IEphbnM6OlJvbGU6OiJBZG1pbiIsCiBhY3Rpb24gaW4gW0phbnM6OkFjdGlvbjo6IkNvbXBhcmUiLEphbnM6OkFjdGlvbjo6IkV4ZWN1dGUiXSwKIHJlc291cmNlID09IEphbnM6OkFwcGxpY2F0aW9uOjoiQWRtaW4iCikKd2hlbgp7CiBKYW5zOjpBY2Nlc3NfdG9rZW46OiJhYmMiLnNjb3BlPT0iYWJjIiAmJiBKYW5zOjppZF90b2tlbjo6ImlkeHh4Ii5hbXI9PSJpZHh4eCIgIAp9Ow=="
},
"b6313811924c9e67f898257cbf017674e08203779ae9": {
"description": "manager access",
"creation_date": "2024-09-20T18:11:26.442574",
"policy_content": "QGlkKCJtYW5hZ2VyIGFjY2VzcyIpCnBlcm1pdAooCiBwcmluY2lwYWwsCiBhY3Rpb24sCiByZXNvdXJjZQopCndoZW4KewogSmFuczo6QWNjZXNzX3Rva2VuOjoieHh4Ii5zY29wZT09Inh4eCIgfHwgSmFuczo6aWRfdG9rZW46OiJpZHh4eCIuYW1yPT0iaWR4eHgiICYmIGNvbnRleHQubmV0d29yay5pc0luUmFuZ2UoaXAoIjIyMi4yMjIuMjIyLjAvMjQiKSkgIAp9Ow=="
},
"f2b38413cad977ab21616bd4a63c233548491cf25b72": {
"description": "manager access",
"creation_date": "2024-09-20T18:11:37.774401",
"policy_content": "QGlkKCJtYW5hZ2VyIGFjY2VzcyIpCnBlcm1pdAooCiBwcmluY2lwYWwsCiBhY3Rpb24sCiByZXNvdXJjZQopCndoZW4KewogSmFuczo6QWNjZXNzX3Rva2VuOjoieHh4Ii5zY29wZT09Inh4eCIgfHwgSmFuczo6aWRfdG9rZW46OiJpZHh4eCIuYW1yPT0iaWR4eHgiICYmIGNvbnRleHQubmV0d29yay5pc0luUmFuZ2UoaXAoIjIyMi4yMjIuMjIyLjAvMjQiKSkgIAp9Ow=="
},
"fa6a3f46ab5f741e806deff0f81d0f848af37604500f": {
"description": "without condition",
"creation_date": "2024-09-22T18:18:35.801566",
"policy_content": "QGlkKCJ3aXRob3V0IGNvbmRpdGlvbiIpCnBlcm1pdAooCiBwcmluY2lwYWwgPT0gSmFuczo6Um9sZTo6IkFkbWluIiwKIGFjdGlvbiwKIHJlc291cmNlCikKOw=="
},
"96deb02f8ce44c46d497d44dbfec80b3b6a64fe22994": {
"description": "forbid",
"creation_date": "2024-09-23T14:51:21.480763",
"policy_content": "QGlkKCJmb3JiaWQiKQpmb3JiaWQKKAogcHJpbmNpcGFsIGluIEphbnM6OlJvbGU6OiJBZG1pbiIsCiBhY3Rpb24gaW4gW0phbnM6OkFjdGlvbjo6IlNlYXJjaCIsSmFuczo6QWN0aW9uOjoiVGFnIl0sCiByZXNvdXJjZSBpbiBKYW5zOjpBcHBsaWNhdGlvbjo6IkFkbWluUG9ydGFsIgopCndoZW4KewogSmFuczo6QWNjZXNzX3Rva2VuOjoieHh4Ii5leHA+MTIzICYmIEphbnM6OkFjY2Vzc190b2tlbjo6ImFhYSIuZXhwPDMyMSB8fCBKYW5zOjpBY2Nlc3NfdG9rZW46OiJhYWEiLmlhdD49MTExICAKfTs="
}
},
"identity_source": {},
"schema": "ewogICJKYW...gfQp9"
}
}
Loading