Merge branch 'main' into jans-tarp-issue-10658

docs/cedarling/cedarling-authz.md

@@ -83,14 +83,14 @@ decision_result = await cedarling(input)
 
 ## Automatically Adding Entity References to the Context
 
-Cedarling simplifies context creation by automatically including certain entities. This means you don't need to manually pass their references when using them in your policies. The following entities are automatically added to the context, along with their naming conventions in `lower_snake_case` format:
-
-- **Workload Entity**: `workload`
-- **User Entity**: `user`
-- **Resource Entity**: `resource`
-- **Access Token Entity**: `access_token`
-- **ID Token Entity**: `id_token`
-- **Userinfo Token Entity**: `userinfo_token`
+Cedarling simplifies context creation by automatically including certain entities. This means you don't need to manually pass their references when using them in your policies. The following entities are automatically added to the context.
+
+- Workload Entity
+- User Entity
+- Resource Entity
+- Access Token Entity
+- ID Token Entity
+- Userinfo Token Entity
 
 ### Example Policy
 

jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeAction.java

@@ -86,6 +86,7 @@
 @Named
 public class AuthorizeAction {
 
+    public static final String UNKNOWN = "Unknown";
     @Inject
     private Logger log;
 
@@ -985,7 +986,7 @@ public String getClientDisplayName() {
         log.trace("client {}", clientId);
 
         if (StringUtils.isBlank(clientId)) {
-            return "Unknown";
+            return UNKNOWN;
         }
 
         final Client client = clientService.getClient(clientId);
@@ -994,15 +995,19 @@ public String getClientDisplayName() {
 
     public String getClientDisplayName(final Client client) {
         log.trace("client {}", client);
-        
+
         if (client == null) {
-        	getClientDisplayName();
+            return UNKNOWN;
         }
 
         return getCheckedClientDisplayName(client);
     }
 
 	private String getCheckedClientDisplayName(final Client client) {
+        if (client == null) {
+            return UNKNOWN;
+        }
+
         if (StringUtils.isNotBlank(client.getClientName())) {
             return client.getClientName();
         }
@@ -1011,7 +1016,7 @@ private String getCheckedClientDisplayName(final Client client) {
             return client.getClientId();
         }
 
-        return "Unknown";
+        return UNKNOWN;
 	}
 
     public String getAuthReqId() {

jans-cedarling/bindings/cedarling_python/PYTHON_TYPES.md

@@ -209,30 +209,14 @@ ___
 Exception raised by authorize_errors
 ___
 
-# authorize_errors.CreateAccessTokenEntityError
-Error encountered while creating access_token entity
+# authorize_errors.BuildEntitiesError
+Error encountered while building entities into context
 ___
 
 # authorize_errors.CreateContextError
 Error encountered while validating context according to the schema
 ___
 
-# authorize_errors.CreateIdTokenEntityError
-Error encountered while creating id token entities
-___
-
-# authorize_errors.CreateUserEntityError
-Error encountered while creating User entity
-___
-
-# authorize_errors.CreateUserinfoTokenEntityError
-Error encountered while creating Userinfo_token entity
-___
-
-# authorize_errors.CreateWorkloadEntityError
-Error encountered while creating workload entity
-___
-
 # authorize_errors.EntitiesError
 Error encountered while collecting all entities
 ___
@@ -245,14 +229,6 @@ ___
 Error encountered while processing JWT token data
 ___
 
-# authorize_errors.ResourceEntityError
-Error encountered while creating resource entity
-___
-
-# authorize_errors.RoleEntityError
-Error encountered while creating role entity
-___
-
 # authorize_errors.UserRequestValidationError
 Error encountered while creating cedar_policy::Request for user entity principal
 ___

jans-cedarling/bindings/cedarling_python/src/authorize/errors.rs

@@ -30,54 +30,6 @@ create_exception!(
     "Error encountered while processing JWT token data"
 );
 
-create_exception!(
-    authorize_errors,
-    CreateIdTokenEntityError,
-    AuthorizeError,
-    "Error encountered while creating id token entities"
-);
-
-create_exception!(
-    authorize_errors,
-    CreateUserinfoTokenEntityError,
-    AuthorizeError,
-    "Error encountered while creating Userinfo_token entity"
-);
-create_exception!(
-    authorize_errors,
-    CreateAccessTokenEntityError,
-    AuthorizeError,
-    "Error encountered while creating access_token entity"
-);
-
-create_exception!(
-    authorize_errors,
-    CreateUserEntityError,
-    AuthorizeError,
-    "Error encountered while creating User entity"
-);
-
-create_exception!(
-    authorize_errors,
-    CreateWorkloadEntityError,
-    AuthorizeError,
-    "Error encountered while creating workload entity"
-);
-
-create_exception!(
-    authorize_errors,
-    ResourceEntityError,
-    AuthorizeError,
-    "Error encountered while creating resource entity"
-);
-
-create_exception!(
-    authorize_errors,
-    RoleEntityError,
-    AuthorizeError,
-    "Error encountered while creating role entity"
-);
-
 create_exception!(
     authorize_errors,
     ActionError,
@@ -120,6 +72,13 @@ create_exception!(
     "Error encountered while parsing all entities to json for logging"
 );
 
+create_exception!(
+    authorize_errors,
+    BuildEntitiesError,
+    AuthorizeError,
+    "Error encountered while building entities into context"
+);
+
 create_exception!(
     authorize_errors,
     AddEntitiesIntoContextError,
@@ -166,17 +125,11 @@ macro_rules! errors_functions {
 // For each possible case of `AuthorizeError`, we have created a corresponding Python exception that inherits from `cedarling::AuthorizeError`.
 errors_functions! {
     ProcessTokens => ProcessTokens,
-    CreateIdTokenEntity => CreateIdTokenEntityError,
-    CreateUserinfoTokenEntity => CreateUserinfoTokenEntityError,
-    CreateAccessTokenEntity => CreateAccessTokenEntityError,
-    CreateUserEntity => CreateUserEntityError,
-    CreateWorkloadEntity => CreateWorkloadEntityError,
-    ResourceEntity => ResourceEntityError,
-    RoleEntity => RoleEntityError,
     Action => ActionError,
     CreateContext => CreateContextError,
     WorkloadRequestValidation => WorkloadRequestValidationError,
     UserRequestValidation => UserRequestValidationError,
+    BuildEntity => BuildEntitiesError,
     BuildContext => AddEntitiesIntoContextError,
     Entities => EntitiesError,
     EntitiesToJson => EntitiesToJsonError

jans-cedarling/bindings/cedarling_python/tests/test_authorize.py

@@ -186,8 +186,8 @@ def test_resource_entity_error():
     '''
     try:
         raise_authorize_error(load_bootstrap_config())
-    except authorize_errors.ResourceEntityError as e:
-        assert str(e) == "could not create resource entity: could not get attribute value from payload: type mismatch for key 'org_id'. expected: 'String', but found: 'number'"
+    except authorize_errors.BuildEntitiesError as e:
+        assert str(e) == "failed to build resource entity: failed to build `org_id` attribute: failed to build restricted expression: type mismatch for key 'org_id'. expected: 'string', but found: 'number'"
 
 
 def test_authorize_error():
@@ -199,4 +199,4 @@ def test_authorize_error():
     try:
         raise_authorize_error(load_bootstrap_config())
     except authorize_errors.AuthorizeError as e:
-        assert str(e) == "could not create resource entity: could not get attribute value from payload: type mismatch for key 'org_id'. expected: 'String', but found: 'number'"
+        assert str(e) == "failed to build resource entity: failed to build `org_id` attribute: failed to build restricted expression: type mismatch for key 'org_id'. expected: 'string', but found: 'number'"

jans-cedarling/cedarling/Cargo.toml

@@ -16,7 +16,7 @@ serde_yml = "0.0.12"
 thiserror = { workspace = true }
 sparkv = { workspace = true }
 uuid7 = { version = "1.1.0", features = ["serde", "uuid"] }
-cedar-policy = "4.2"
+cedar-policy = { version = "4.2", features = ["partial-eval"] }
 base64 = "0.22.1"
 url = "2.5.2"
 lazy_static = "1.5.0"