Skip to content

feat(jans-cedarling): New interface: authorize_unsigned - send Principal as Object v. JWT #11035

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 53 commits into from
Mar 26, 2025
Merged

feat(jans-cedarling): New interface: authorize_unsigned - send Principal as Object v. JWT #11035

merged 53 commits into from
Mar 26, 2025
+2,707 −792

Conversation

olehbozhok
Copy link
Contributor

@olehbozhok olehbozhok commented Mar 12, 2025
edited
Loading

Prepare

Description

added support principals unverified by tokens

Target issue

link

closes #11000

Implementation Details

  • added method authorize_unverified that works like authorize but have another structure for request
pub struct RequestUnverified {
    /// Contains the JWTs that will be used for the AuthZ request
    pub principals: Vec<EntityData>,
    /// cedar_policy action
    pub action: String,
    /// cedar_policy resource data
    pub resource: EntityData,
    /// context to be used in cedar_policy
    pub context: serde_json::Value,
}

Test and Document the changes

  • Static code analysis has been run locally and issues have been fixed
  • Relevant unit and integration tests have been added/updated
  • Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

  • I confirm that there is no impact on the docs due to the code changes in this PR.

@olehbozhok
chore(jans-cedarling): rename ResourceData to EntityData
4a81f36 
Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
chore(jans-cedarling): rename method build_entities to `build_token…
c7c8514 
…_entities`

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
feat(jans-cedarling): add authorize_unverified method
1a33e70 
Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
chore(jans-cedarling): update python binding errors
deb7e44 
Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
chore(jans-cedarling): fix clippy warnings
acd6b94 
Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
test(jans-cedarling): fix unit tests
d365c9e 
Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok olehbozhok requested a review from rmarinn March 12, 2025 20:37
@olehbozhok olehbozhok self-assigned this Mar 12, 2025
@mo-auto mo-auto added area-documentation Documentation needs to change as part of issue or PR comp-jans-cedarling Touching folder /jans-cedarling kind-feature Issue or PR is a new feature request labels Mar 12, 2025
@olehbozhok olehbozhok removed the area-documentation Documentation needs to change as part of issue or PR label Mar 12, 2025
@olehbozhok
chore(jans-cedarling): remove commented code
e26c33e 
Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
rmarinn
rmarinn reviewed Mar 13, 2025
View reviewed changes
@olehbozhok
chore(jans-cedarling): add typealias TypeName
f4409a8 
Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
chore(jans-cedarling): remove allocate vector
1555d1d 
Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
chore(jans-cedarling): rename method authorize_unverified to `autho…
6d6e885 
…rize_unsigned`

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok olehbozhok changed the title feat(jans-cedarling): Support Principals sent as Object v. JWT feat(jans-cedarling): New interface: authorizeUnverified - send Principal as Object v. JWT Mar 14, 2025
@mo-auto mo-auto added the area-documentation Documentation needs to change as part of issue or PR label Mar 14, 2025
@olehbozhok
chore(jans-cedarling): rename error `UnverifiedPrincipalRequestValida…
6612793 
…tion` to `InvalidPrincipal`

also removed `WorkloadRequestValidation` and `UserRequestValidation`

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok olehbozhok force-pushed the jans-cedaling-issue-11000 branch from d773778 to 6612793 Compare March 14, 2025 23:31
@olehbozhok
test(jans-cedarling): update python test case
21709f6 
Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
test(jans-cedarling): update rust test cases related to `AuthorizeRes…
ba49d01 
…ult`

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
chore(jans-cedarling): rename unverified to unsigned
aef957f 
Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
chore(jans-cedarling): add authorize_unsigned to blocking client
71c2df9 
and rename `RequestUnverified` to `RequestUnsigned`

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
chore(jans-cedarling): fix parsing bool type from cedar schema
9b09990 
Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
test(jans-cedarling): add test case to check authorize_unsigned
ae46faa 
Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@nynymike
Copy link
Contributor

Did we change the name from Unverified to Unsigned ?

@olehbozhok
feat(jans-cedarling): add getting principal decision result by entity…
e1f3adb 
… uid

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
fix(jans-cedarling): fix documentation CEDARLING_POLICY_STORE_LOCAL c…
c4780c6 
…an hold only string (#11015)

* docs(jans-cedarling): update usage of `CEDARLING_POLICY_STORE_LOCAL` in documentation

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

* docs(jans-cedarling): fix python documentation usage `CEDARLING_POLICY_STORE_LOCAL_FN` env var

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

---------

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
olehbozhok and others added 11 commits March 25, 2025 02:41
@olehbozhok
Merge commit '5b74f9d37769d6d2f696946785ffa270cfe20077' into jans-ced…
625996e 
…aling-issue-11000

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
docs(jans-cedarling): update docs that user can use cedar-policy uid …
dbb4a2e 
…in JsonLogic

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
docs(jans-cedarling): update wasm typescript interface
29da809 
Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
docs(jans-cedarling): add WASM example how to call `authorize_unsigne…
086e347 
…d` method

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
chore(jans-cedarling): fix logging
7be8a9a 
Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
docs(jans-cedarling): fix markdown linter errors
2da766a 
Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@SafinWasi
chore(jans-cedarling): update python components (#11112)
bc48028 
Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com>
@olehbozhok
docs(jans-cedarling): update documentation
7f9fad2 
Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
Merge commit 'bc48028c869877a593bb690c74abeaafa7196764' into jans-ced…
bc75ef2 
…aling-issue-11000

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
chore(jans-cedarling): update python example to use authorize_unsigned
3ecb7a7 
Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
docs(jans-cedarling): update python documentation
d231517 
Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok olehbozhok marked this pull request as ready for review March 25, 2025 17:24
@mo-auto mo-auto added the comp-docs Touching folder /docs label Mar 25, 2025
SafinWasi and others added 4 commits March 25, 2025 19:27
@SafinWasi @olehbozhok
chore(jans-cedarling): update python components (#11112)
9da0cfa 
Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>

Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
Merge commit 'd231517b858c489253812a594ce52efea18e3bad' into HEAD
620f286 
Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
chore(jans-cedarling): update python example to use authorize_unsigned
867f7f2 
Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>


Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com>
@olehbozhok
Merge branch 'main' into jans-cedaling-issue-11000
f5b112c
@duttarnab duttarnab mentioned this pull request Mar 26, 2025
Open
@olehbozhok olehbozhok enabled auto-merge (squash) March 26, 2025 15:18
@olehbozhok olehbozhok merged commit 37b72ad into main Mar 26, 2025
2 checks passed
@olehbozhok olehbozhok deleted the jans-cedaling-issue-11000 branch March 26, 2025 15:21
@nynymike nynymike changed the title feat(jans-cedarling): New interface: authorizeUnverified - send Principal as Object v. JWT feat(jans-cedarling): New interface: authorize_unsigned - send Principal as Object v. JWT Mar 27, 2025
@nynymike nynymike changed the title feat(jans-cedarling): New interface: authorize_unsigned - send Principal as Object v. JWT feat(jans-cedarling): New interface: authorize_unsigned - send Principal as Object v. JWT Mar 27, 2025
@mo-auto mo-auto mentioned this pull request Apr 3, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SafinWasi SafinWasi SafinWasi approved these changes

@moabu moabu moabu approved these changes

@rmarinn rmarinn Awaiting requested review from rmarinn

@nynymike nynymike Awaiting requested review from nynymike

@duttarnab duttarnab Awaiting requested review from duttarnab

Assignees

@olehbozhok olehbozhok

Labels
area-documentation Documentation needs to change as part of issue or PR comp-docs Touching folder /docs comp-jans-cedarling Touching folder /jans-cedarling kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat(jans-cedarling): New interface: authorize_unsigned - send Principal as Object v. JWT