Skip to content

fix(jans-cedarling): authorize_unsigned not building Role entities #11160

New issue
New issue
Closed
#11176
Closed
fix(jans-cedarling): authorize_unsigned not building Role entities#11160
#11176
Assignees
rmarinn
Labels
comp-jans-cedarlingTouching folder /jans-cedarlingkind-bugIssue or PR is a bug in existing functionality
@rmarinn

Description

@rmarinn
rmarinn
opened on Apr 3, 2025

Describe the bug

Role entities are not being created in the authorize_unsigned interface causing policies like below:

permit(
  principal in Jans::Role::"Admin",
  action,
  resource
);

With an entity attributes like:

{
    "type": "Jans::User",
    "role": ["Admin"]
}

to always result in a DENY.

To Reproduce
Steps to reproduce the behavior:

  1. Define a User entity with a Role parent in the Cedar schema:
    entity Role;
    entity User in [Role] = { ... };
  1. Define a policy that checks for the role:
permit(
  principal in Jans::Role::"Admin",
  action,
  resource
);
  1. Call cedarling::authorize_unsigned with a principal attributes that contains a Role
{
    "type": "Jans::User",
    "role": ["Admin"]
}
  1. Get a DENY result

Expected behavior

  • The result should be ALLOW
  • The Role entity should be created

Metadata

Metadata

Assignees

Labels

comp-jans-cedarlingTouching folder /jans-cedarlingkind-bugIssue or PR is a bug in existing functionality

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions