diff --git a/cedar-policy-cli/src/lib.rs b/cedar-policy-cli/src/lib.rs index 7e4b7443c..6fe3a36e8 100644 --- a/cedar-policy-cli/src/lib.rs +++ b/cedar-policy-cli/src/lib.rs @@ -624,7 +624,7 @@ struct RequestJSON { #[cfg(feature = "partial-eval")] /// This struct is the serde structure expected for --request-json #[derive(Deserialize)] -pub(self) struct PartialRequestJSON { +struct PartialRequestJSON { /// Principal for the request pub(self) principal: Option, /// Action for the request @@ -1262,27 +1262,24 @@ pub fn partial_authorize(args: &PartiallyAuthorizeArgs) -> CedarExitCode { args.timing, ); match ans { - Ok(ans) => { - let status = match ans.decision() { - Some(Decision::Allow) => { - println!("ALLOW"); - CedarExitCode::Success - } - Some(Decision::Deny) => { - println!("DENY"); - CedarExitCode::AuthorizeDeny - } - None => { - println!("UNKNOWN"); - println!("All policy residuals:"); - for p in ans.nontrivial_residuals() { - println!("{p}"); - } - CedarExitCode::Unknown + Ok(ans) => match ans.decision() { + Some(Decision::Allow) => { + println!("ALLOW"); + CedarExitCode::Success + } + Some(Decision::Deny) => { + println!("DENY"); + CedarExitCode::AuthorizeDeny + } + None => { + println!("UNKNOWN"); + println!("All policy residuals:"); + for p in ans.nontrivial_residuals() { + println!("{p}"); } - }; - status - } + CedarExitCode::Unknown + } + }, Err(errs) => { for err in errs { println!("{err:?}"); diff --git a/cedar-policy-validator/src/cedar_schema/test.rs b/cedar-policy-validator/src/cedar_schema/test.rs index 2cd1c5c7e..ab416f75b 100644 --- a/cedar-policy-validator/src/cedar_schema/test.rs +++ b/cedar-policy-validator/src/cedar_schema/test.rs @@ -2344,7 +2344,7 @@ mod entity_tags { assert_matches!(ty, json_schema::Type::Type(json_schema::TypeVariant::EntityOrCommon { type_name }) => { assert_eq!(&format!("{type_name}"), "String"); }); - assert_eq!(*required, true); + assert!(*required); }); }); }); diff --git a/cedar-policy-validator/src/cedar_schema/to_json_schema.rs b/cedar-policy-validator/src/cedar_schema/to_json_schema.rs index dd3f6e2f0..650b60dd1 100644 --- a/cedar-policy-validator/src/cedar_schema/to_json_schema.rs +++ b/cedar-policy-validator/src/cedar_schema/to_json_schema.rs @@ -181,11 +181,8 @@ impl TryFrom for json_schema::NamespaceDefinition { let name_loc = decl.name.loc.clone(); let id = UnreservedId::try_from(decl.name.node) .map_err(|e| ToJsonSchemaError::reserved_name(e.name(), name_loc.clone()))?; - let ctid = json_schema::CommonTypeId::new(id).map_err(|e| match e { - json_schema::ReservedCommonTypeBasenameError { id } => { - ToJsonSchemaError::reserved_keyword(id, name_loc) - } - })?; + let ctid = json_schema::CommonTypeId::new(id) + .map_err(|e| ToJsonSchemaError::reserved_keyword(e.id, name_loc))?; Ok((ctid, cedar_type_to_json_type(decl.def))) }) .collect::>()?; @@ -348,7 +345,7 @@ fn convert_entity_decl( let etype = json_schema::EntityType { member_of_types: e.member_of_types.into_iter().map(RawName::from).collect(), shape: convert_attr_decls(e.attrs), - tags: e.tags.map(|tag_ty| cedar_type_to_json_type(tag_ty)), + tags: e.tags.map(cedar_type_to_json_type), }; // Then map over all of the bound names diff --git a/cedar-policy-validator/src/diagnostics/validation_errors.rs b/cedar-policy-validator/src/diagnostics/validation_errors.rs index 0462620af..66432c1a5 100644 --- a/cedar-policy-validator/src/diagnostics/validation_errors.rs +++ b/cedar-policy-validator/src/diagnostics/validation_errors.rs @@ -485,8 +485,8 @@ impl Diagnostic for HierarchyNotRespected { } } -#[derive(Debug, Clone, Hash, Eq, PartialEq, Error, Copy, Ord, PartialOrd)] /// Represents how many entity dereferences can be applied to a node. +#[derive(Default, Debug, Clone, Hash, Eq, PartialEq, Error, Copy, Ord, PartialOrd)] pub struct EntityDerefLevel { /// A negative value `-n` represents `n` too many dereferences pub level: i64, @@ -506,12 +506,6 @@ impl From for EntityDerefLevel { } } -impl Default for EntityDerefLevel { - fn default() -> Self { - Self { level: 0 } - } -} - impl Add for EntityDerefLevel { type Output = Self; @@ -557,7 +551,7 @@ impl Diagnostic for EntityDerefLevelViolation { impl_diagnostic_from_source_loc_opt_field!(source_loc); fn help<'a>(&'a self) -> Option> { - Some(Box::new(format!("Consider increasing the level"))) + Some(Box::new("Consider increasing the level")) } } diff --git a/cedar-policy-validator/src/level_validate.rs b/cedar-policy-validator/src/level_validate.rs index 73338833c..55750e751 100644 --- a/cedar-policy-validator/src/level_validate.rs +++ b/cedar-policy-validator/src/level_validate.rs @@ -49,7 +49,7 @@ impl Validator { ); (peekable_errors.chain(levels_errors), warnings) } else { - (peekable_errors.into_iter().chain(vec![]), warnings) + (peekable_errors.chain(vec![]), warnings) } } @@ -69,10 +69,9 @@ impl Validator { match policy_check { PolicyCheck::Success(e) | PolicyCheck::Irrelevant(_, e) => { let res = - self.check_entity_deref_level_helper(&e, max_allowed_level, policy_id); - match res.1 { - Some(e) => errs.push(ValidationError::EntityDerefLevelViolation(e)), - None => (), + Self::check_entity_deref_level_helper(&e, max_allowed_level, policy_id); + if let Some(e) = res.1 { + errs.push(ValidationError::EntityDerefLevelViolation(e)) } } // PANIC SAFETY: We only validate the level after validation passed @@ -95,8 +94,7 @@ impl Validator { /// Walk the type-annotated AST and compute the used level and possible violation /// Returns a tuple of `(actual level used, optional violation information)` - fn check_entity_deref_level_helper<'a>( - &'a self, + fn check_entity_deref_level_helper( e: &cedar_policy_core::ast::Expr>, max_allowed_level: &EntityDerefLevel, policy_id: &PolicyID, @@ -108,7 +106,7 @@ impl Validator { EntityDerefLevel { level: 0 }, //Literals can't be dereferenced None, ), - ExprKind::Var(_) => (max_allowed_level.clone(), None), //Roots start at `max_allowed_level` + ExprKind::Var(_) => (*max_allowed_level, None), //Roots start at `max_allowed_level` ExprKind::Slot(_) => (EntityDerefLevel { level: 0 }, None), //Slot will be replaced by Entity literal so treat the same ExprKind::Unknown(_) => ( EntityDerefLevel { level: 0 }, //Can't dereference an unknown @@ -122,7 +120,7 @@ impl Validator { let es = [test_expr, then_expr, else_expr]; let v: Vec<(EntityDerefLevel, Option<_>)> = es .iter() - .map(|l| self.check_entity_deref_level_helper(l, max_allowed_level, policy_id)) + .map(|l| Self::check_entity_deref_level_helper(l, max_allowed_level, policy_id)) .collect(); Self::min(v) } @@ -130,17 +128,17 @@ impl Validator { let es = [left, right]; let v: Vec<(EntityDerefLevel, Option<_>)> = es .iter() - .map(|l| self.check_entity_deref_level_helper(l, max_allowed_level, policy_id)) + .map(|l| Self::check_entity_deref_level_helper(l, max_allowed_level, policy_id)) .collect(); Self::min(v) } ExprKind::UnaryApp { arg, .. } => { - self.check_entity_deref_level_helper(arg, max_allowed_level, policy_id) + Self::check_entity_deref_level_helper(arg, max_allowed_level, policy_id) } // `In` operator decrements the LHS only ExprKind::BinaryApp { op, arg1, arg2 } if op == &BinaryOp::In => { - let lhs = self.check_entity_deref_level_helper(arg1, max_allowed_level, policy_id); - let rhs = self.check_entity_deref_level_helper(arg2, max_allowed_level, policy_id); + let lhs = Self::check_entity_deref_level_helper(arg1, max_allowed_level, policy_id); + let rhs = Self::check_entity_deref_level_helper(arg2, max_allowed_level, policy_id); let lhs = (lhs.0.decrement(), lhs.1); let new_level = Self::min(vec![lhs, rhs]).0; if new_level.level < 0 { @@ -150,7 +148,7 @@ impl Validator { source_loc: e.source_loc().cloned(), policy_id: policy_id.clone(), actual_level: new_level, - allowed_level: max_allowed_level.clone(), + allowed_level: *max_allowed_level, }), ) } else { @@ -161,14 +159,14 @@ impl Validator { let es = [arg1, arg2]; let v: Vec<(EntityDerefLevel, Option<_>)> = es .iter() - .map(|l| self.check_entity_deref_level_helper(l, max_allowed_level, policy_id)) + .map(|l| Self::check_entity_deref_level_helper(l, max_allowed_level, policy_id)) .collect(); Self::min(v) } ExprKind::ExtensionFunctionApp { args, .. } => { let v: Vec<(EntityDerefLevel, Option<_>)> = args .iter() - .map(|l| self.check_entity_deref_level_helper(l, max_allowed_level, policy_id)) + .map(|l| Self::check_entity_deref_level_helper(l, max_allowed_level, policy_id)) .collect(); Self::min(v) } @@ -179,7 +177,7 @@ impl Validator { ExprKind::Record(m) => { // PANIC SAFETY: Validation checked that this access is safe #[allow(clippy::unwrap_used)] - self.check_entity_deref_level_helper( + Self::check_entity_deref_level_helper( m.get(attr).unwrap(), max_allowed_level, policy_id, @@ -196,7 +194,7 @@ impl Validator { { Some(ty) => { let child_level_info = - self.check_entity_deref_level_helper(expr, max_allowed_level, policy_id); + Self::check_entity_deref_level_helper(expr, max_allowed_level, policy_id); match ty { Type::EntityOrRecord(EntityRecordKind::Entity { .. }) | Type::EntityOrRecord(EntityRecordKind::ActionEntity { .. }) => { @@ -209,7 +207,7 @@ impl Validator { source_loc: e.source_loc().cloned(), policy_id: policy_id.clone(), actual_level: new_level, - allowed_level: max_allowed_level.clone(), + allowed_level: *max_allowed_level, }), ) } else { @@ -228,12 +226,12 @@ impl Validator { None => unreachable!("Expected type-annotated AST"), }, ExprKind::Like { expr, .. } | ExprKind::Is { expr, .. } => { - self.check_entity_deref_level_helper(expr, max_allowed_level, policy_id) + Self::check_entity_deref_level_helper(expr, max_allowed_level, policy_id) } ExprKind::Set(elems) => { let v: Vec<(EntityDerefLevel, Option<_>)> = elems .iter() - .map(|l| self.check_entity_deref_level_helper(l, max_allowed_level, policy_id)) + .map(|l| Self::check_entity_deref_level_helper(l, max_allowed_level, policy_id)) .collect(); Self::min(v) } @@ -241,7 +239,7 @@ impl Validator { let v: Vec<(EntityDerefLevel, Option<_>)> = fields .iter() .map(|(_, l)| { - self.check_entity_deref_level_helper(l, max_allowed_level, policy_id) + Self::check_entity_deref_level_helper(l, max_allowed_level, policy_id) }) .collect(); Self::min(v) diff --git a/cedar-policy-validator/src/schema.rs b/cedar-policy-validator/src/schema.rs index e8252ad87..8dd0a86a0 100644 --- a/cedar-policy-validator/src/schema.rs +++ b/cedar-policy-validator/src/schema.rs @@ -4507,7 +4507,7 @@ mod entity_tags { owner: User, } tags Set; "; - assert_matches!(collect_warnings(ValidatorSchema::from_cedarschema_str(src, &Extensions::all_available())), Ok((schema, warnings)) => { + assert_matches!(collect_warnings(ValidatorSchema::from_cedarschema_str(src, Extensions::all_available())), Ok((schema, warnings)) => { assert!(warnings.is_empty()); let user = assert_entity_type_exists(&schema, "User"); assert_matches!(user.tag_type(), Some(Type::Set { element_type: Some(el_ty) }) => { @@ -4557,7 +4557,7 @@ mod entity_tags { }, "actions": {} }}); - assert_matches!(ValidatorSchema::from_json_value(json.clone(), &Extensions::all_available()), Ok(schema) => { + assert_matches!(ValidatorSchema::from_json_value(json.clone(), Extensions::all_available()), Ok(schema) => { let user = assert_entity_type_exists(&schema, "User"); assert_matches!(user.tag_type(), Some(Type::Set { element_type: Some(el_ty) }) => { assert_matches!(&**el_ty, Type::Primitive { primitive_type: Primitive::String }); @@ -4590,7 +4590,7 @@ mod entity_tags { entity Foo7 in E tags Set>; entity Foo8 in E tags Foo7; "; - assert_matches!(collect_warnings(ValidatorSchema::from_cedarschema_str(src, &Extensions::all_available())), Ok((schema, warnings)) => { + assert_matches!(collect_warnings(ValidatorSchema::from_cedarschema_str(src, Extensions::all_available())), Ok((schema, warnings)) => { assert!(warnings.is_empty()); let e = assert_entity_type_exists(&schema, "E"); assert_matches!(e.tag_type(), None); @@ -4616,7 +4616,7 @@ mod entity_tags { #[test] fn invalid_tags() { let src = "entity E tags Undef;"; - assert_matches!(collect_warnings(ValidatorSchema::from_cedarschema_str(src, &Extensions::all_available())), Err(e) => { + assert_matches!(collect_warnings(ValidatorSchema::from_cedarschema_str(src, Extensions::all_available())), Err(e) => { expect_err( src, &miette::Report::new(e), diff --git a/cedar-policy-validator/src/schema/raw_name.rs b/cedar-policy-validator/src/schema/raw_name.rs index 88c5cc84b..5453219b8 100644 --- a/cedar-policy-validator/src/schema/raw_name.rs +++ b/cedar-policy-validator/src/schema/raw_name.rs @@ -251,7 +251,7 @@ impl ConditionalName { /// `all_defs` also internally includes [`InternalName`]s, because some /// names containing `__cedar` might be internally defined/valid, even /// though it is not valid for _end-users_ to define those names. - pub fn resolve<'a>(self, all_defs: &AllDefs) -> Result { + pub fn resolve(self, all_defs: &AllDefs) -> Result { for possibility in &self.possibilities { // Per RFC 24, we give priority to trying to resolve to a common // type, before trying to resolve to an entity type. diff --git a/cedar-policy-validator/src/typecheck.rs b/cedar-policy-validator/src/typecheck.rs index d27943bac..0d898fe69 100644 --- a/cedar-policy-validator/src/typecheck.rs +++ b/cedar-policy-validator/src/typecheck.rs @@ -1503,7 +1503,7 @@ impl<'a> Typechecker<'a> { ExprBuilder::with_data(Some(type_of_has)) .with_same_source_loc(bin_expr) .binary_app(BinaryOp::HasTag, expr_ty_arg1, expr_ty_arg2), - CapabilitySet::singleton(Capability::new_borrowed_tag(arg1, &arg2)), + CapabilitySet::singleton(Capability::new_borrowed_tag(arg1, arg2)), ) }) }), @@ -1515,9 +1515,7 @@ impl<'a> Typechecker<'a> { arg1, Type::any_entity_reference(), type_errors, - |actual| match actual { - _ => None, - }, + |_actual| None, ) .then_typecheck(|expr_ty_arg1, _| { self.expect_type( @@ -1554,7 +1552,7 @@ impl<'a> Typechecker<'a> { ); } }; - if prior_capability.contains(&Capability::new_borrowed_tag(arg1, &arg2)) { + if prior_capability.contains(&Capability::new_borrowed_tag(arg1, arg2)) { // Determine the set of possible tag types for this access. let tag_types = match self.tag_types(kind) { Ok(tag_types) => tag_types, @@ -1602,7 +1600,7 @@ impl<'a> Typechecker<'a> { // compute the LUB of all the relevant tag types, and assign that // as the type. let tag_type = match Type::reduce_to_least_upper_bound( - &self.schema, + self.schema, tag_types.clone(), self.mode, ) { diff --git a/cedar-policy/src/api.rs b/cedar-policy/src/api.rs index c574e6d66..3a142d76d 100644 --- a/cedar-policy/src/api.rs +++ b/cedar-policy/src/api.rs @@ -991,7 +991,7 @@ impl PartialResponse { es: &Entities, ) -> Result { let exts = Extensions::all_available(); - let evaluator = RestrictedEvaluator::new(&exts); + let evaluator = RestrictedEvaluator::new(exts); let mapping = mapping .into_iter() .map(|(name, expr)| { @@ -2373,7 +2373,9 @@ fn get_valid_request_envs(ast: &ast::Template, s: &Schema) -> impl Iterator unreachable!("used unsupported feature"), + cedar_policy_validator::types::RequestEnv::UndeclaredAction => { + unreachable!("used unsupported feature") + } }) } else { None @@ -2973,12 +2975,9 @@ impl Policy { .condition() .subexpressions() .filter_map(|e| match e.expr_kind() { - cedar_policy_core::ast::ExprKind::Lit(l) => match l { - cedar_policy_core::ast::Literal::EntityUID(euid) => { - Some(EntityUid((*euid).as_ref().clone())) - } - _ => None, - }, + cedar_policy_core::ast::ExprKind::Lit( + cedar_policy_core::ast::Literal::EntityUID(euid), + ) => Some(EntityUid((*euid).as_ref().clone())), _ => None, }) .collect() @@ -2995,8 +2994,7 @@ impl Policy { let cloned_est = self .lossless .est() - .expect("Internal error, failed to construct est.") - .clone(); + .expect("Internal error, failed to construct est."); let mapping = mapping.into_iter().map(|(k, v)| (k.0, v.0)).collect(); @@ -3011,7 +3009,7 @@ impl Policy { Err(e) => return Err(e.into()), }; - Ok(Policy { + Ok(Self { ast, lossless: LosslessPolicy::Est(est), }) @@ -4451,5 +4449,5 @@ pub fn compute_entity_manifest( schema: &Schema, pset: &PolicySet, ) -> Result { - entity_manifest::compute_entity_manifest(&schema.0, &pset.ast).map_err(|e| e.into()) + entity_manifest::compute_entity_manifest(&schema.0, &pset.ast).map_err(Into::into) } diff --git a/cedar-policy/src/tests.rs b/cedar-policy/src/tests.rs index 61a65bf97..3740ebfa0 100644 --- a/cedar-policy/src/tests.rs +++ b/cedar-policy/src/tests.rs @@ -1865,16 +1865,16 @@ mod entity_validate_tests { #[test] fn issue_1176_should_fail3() { let (schema, _) = Schema::from_cedarschema_str( - r###" + r#" entity A = {"foo": Set < Set < {"bar": __cedar::Bool, "baz"?: __cedar::Bool} > >}; action "g" appliesTo { principal: [A], resource: [A], }; - "###, + "#, ) .unwrap(); - let entity_str = r###" + let entity_str = r#" { "uid": { "type": "A", @@ -1916,7 +1916,7 @@ action "g" appliesTo { }, "parents": [] } - "###; + "#; assert_matches!( Entity::from_json_str(entity_str, Some(&schema)), @@ -1962,16 +1962,16 @@ action "g" appliesTo { #[test] fn should_pass_set_set_rec_one_req_one_opt() { let (schema, _) = Schema::from_cedarschema_str( - r###" + r#" entity A = {"foo": Set < Set < {"bar": __cedar::Bool, "baz"?: __cedar::Bool} > >}; action "g" appliesTo { principal: [A], resource: [A], }; - "###, + "#, ) .unwrap(); - let entity_str = r###" + let entity_str = r#" { "uid": { "type": "A", @@ -2014,7 +2014,7 @@ action "g" appliesTo { }, "parents": [] } - "###; + "#; assert_matches!(Entity::from_json_str(entity_str, Some(&schema)), Ok(_)); } @@ -2022,7 +2022,7 @@ action "g" appliesTo { #[test] fn example_app_tags() { let (schema, _) = Schema::from_cedarschema_str( - r###" + r#" entity User { allowedTagsForRole: { "Role-A"?: { @@ -2042,10 +2042,10 @@ action "g" appliesTo { principal: User, resource: User, }; - "###, + "#, ) .unwrap(); - let entity_str = r###" + let entity_str = r#" { "uid": { "type": "User", @@ -2068,24 +2068,24 @@ action "g" appliesTo { }, "parents": [] } - "###; + "#; assert_matches!(Entity::from_json_str(entity_str, Some(&schema)), Ok(_)); } #[test] fn should_pass_set_set_record_one_req_one_opt() { let (schema, _) = Schema::from_cedarschema_str( - r###" + r#" entity A = {"qqamncWam": Set < Set < {"": __cedar::Bool, "bbrb"?: __cedar::Bool} > >}; action "g" appliesTo { principal: [A], resource: [A], context: {"vlipwwpm0am": Set < Set < {"": __cedar::String, "b"?: __cedar::Bool} > >} }; - "###, + "#, ) .unwrap(); - let entity_str = r###" + let entity_str = r#" { "uid": { "type": "A", @@ -2155,7 +2155,7 @@ action "g" appliesTo { }, "parents": [] } - "###; + "#; assert_matches!(Entity::from_json_str(entity_str, Some(&schema)), Ok(_)); } } @@ -5968,18 +5968,18 @@ mod policy_manipulation_functions_tests { #[test] fn empty_policy() { - let policy_str = r###"permit(principal, action, resource); - "###; + let policy_str = r"permit(principal, action, resource); + "; let policy = Policy::from_str(policy_str).expect("should succeed"); assert_eq!(policy.entity_literals(), vec![]); } #[test] fn non_empty_policy() { - let policy_str = r###"permit(principal == User::"Bob", action == Action::"view", resource) when { + let policy_str = r#"permit(principal == User::"Bob", action == Action::"view", resource) when { !resource.private && resource.owner != User::"Alice" }; - "###; + "#; let policy = Policy::from_str(policy_str).expect("should succeed"); let res = policy.entity_literals(); assert_eq!(res.len(), 3); @@ -5990,7 +5990,7 @@ mod policy_manipulation_functions_tests { #[test] fn test_entity_sub_principal() { - let policy_str = r###"permit(principal == User::"Alice", action, resource);"###; + let policy_str = r#"permit(principal == User::"Alice", action, resource);"#; let policy = Policy::from_str(policy_str).expect("should succeed"); let new_policy = policy @@ -6023,7 +6023,7 @@ mod policy_manipulation_functions_tests { #[test] fn test_entity_sub_action() { - let policy_str = r###"permit(principal, action == Action::"view", resource);"###; + let policy_str = r#"permit(principal, action == Action::"view", resource);"#; let policy = Policy::from_str(policy_str).expect("should succeed"); let new_policy = policy @@ -6056,7 +6056,7 @@ mod policy_manipulation_functions_tests { #[test] fn test_entity_sub_resource() { - let policy_str = r###"permit(principal, action, resource == User::"Alice");"###; + let policy_str = r#"permit(principal, action, resource == User::"Alice");"#; let policy = Policy::from_str(policy_str).expect("should succeed"); let new_policy = policy @@ -6090,7 +6090,7 @@ mod policy_manipulation_functions_tests { #[test] fn test_entity_sub_body() { let policy_str = - r###"permit(principal, action, resource) when { principal == User::"Alice" };"###; + r#"permit(principal, action, resource) when { principal == User::"Alice" };"#; let policy = Policy::from_str(policy_str).expect("should succeed"); let new_policy = policy @@ -6123,9 +6123,9 @@ mod policy_manipulation_functions_tests { #[test] fn test_entity_swap() { - let policy_str = r###"permit(principal, action in [Action::"1", Action::"2"], resource) when { principal in [User::"1", User::"2"] };"###; + let policy_str = r#"permit(principal, action in [Action::"1", Action::"2"], resource) when { principal in [User::"1", User::"2"] };"#; let policy = Policy::from_str(policy_str).expect("should succeed"); - let expected_policy_str = r###"permit(principal, action in [Action::"2", Action::"1"], resource) when { principal in [User::"2", User::"1"] };"###; + let expected_policy_str = r#"permit(principal, action in [Action::"2", Action::"1"], resource) when { principal in [User::"2", User::"1"] };"#; let new_policy = policy .sub_entity_literals(BTreeMap::from([ @@ -6176,7 +6176,7 @@ mod policy_manipulation_functions_tests { #[test] fn test_err_illegal_substitution() { - let policy_str = r###"permit(principal, action == Action::"1", resource);"###; + let policy_str = r#"permit(principal, action == Action::"1", resource);"#; let policy = Policy::from_str(policy_str).expect("should succeed"); assert_matches!( @@ -6243,7 +6243,7 @@ mod reserved_keywords_in_policies { permit(principal, action, resource); "# )); - assert_matches!(res, Ok(_)) + assert_matches!(res, Ok(_)); } #[track_caller] @@ -6297,14 +6297,14 @@ mod reserved_keywords_in_policies { }); // No restrictions on OTHER_SPECIAL_IDENTS - OTHER_SPECIAL_IDENTS.iter().for_each(|id| { + for id in OTHER_SPECIAL_IDENTS.iter() { assert_valid_expression(format!("{{ {id}: 1 }}")); assert_valid_expression(format!("principal has {id}")); assert_valid_expression(format!("principal.{id} == \"foo\"")); - }); + } // RESERVED_IDENTS cannot be used as keys without quotes - RESERVED_IDENTS.into_iter().for_each(|id| { + for id in RESERVED_IDENTS.into_iter() { // slightly different errors depending on `id`; related to #407 match id { "true" | "false" => { @@ -6352,10 +6352,10 @@ mod reserved_keywords_in_policies { RESERVED_IDENT_MSG(id), id.into(), ); - }); + } // RESERVED_NAMESPACE cannot be used as keys without quotes - RESERVED_NAMESPACE.into_iter().for_each(|id| { + for id in RESERVED_NAMESPACE.into_iter() { assert_invalid_expression( format!("{{ {id}: 1 }}"), RESERVED_NAMESPACE_MSG(id), @@ -6371,19 +6371,19 @@ mod reserved_keywords_in_policies { RESERVED_NAMESPACE_MSG(id), id.into(), ); - }); + } } #[test] fn test_reserved_namespace_elements() { // No restrictions on OTHER_SPECIAL_IDENTS - OTHER_SPECIAL_IDENTS.iter().for_each(|id| { + for id in OTHER_SPECIAL_IDENTS.iter() { assert_valid_expression(format!("foo::{id}::\"bar\"")); assert_valid_expression(format!("principal is {id}::foo")); - }); + } // RESERVED_IDENTS cannot be used in namespaces - RESERVED_IDENTS.into_iter().for_each(|id| { + for id in RESERVED_IDENTS.into_iter() { assert_invalid_expression( format!("foo::{id}::\"bar\""), RESERVED_IDENT_MSG(id), @@ -6394,10 +6394,10 @@ mod reserved_keywords_in_policies { RESERVED_IDENT_MSG(id), id.into(), ); - }); + } // RESERVED_NAMESPACE cannot be used in namespaces - RESERVED_NAMESPACE.into_iter().for_each(|id| { + for id in RESERVED_NAMESPACE.into_iter() { assert_invalid_expression( format!("foo::{id}::\"bar\""), RESERVED_NAMESPACE_MSG(&format!("foo::{id}")), @@ -6408,7 +6408,7 @@ mod reserved_keywords_in_policies { RESERVED_NAMESPACE_MSG(&format!("{id}::foo")), format!("{id}::foo"), ); - }); + } } #[test] @@ -6416,7 +6416,7 @@ mod reserved_keywords_in_policies { // No keyword is allowed as an extension function names since we check // against the known extension functions at parse time. - RESERVED_IDENTS.into_iter().for_each(|id| { + for id in RESERVED_IDENTS.into_iter() { assert_invalid_expression( format!("extension::function::{id}(\"foo\")"), RESERVED_IDENT_MSG(id), @@ -6427,9 +6427,9 @@ mod reserved_keywords_in_policies { RESERVED_IDENT_MSG(id), id.into(), ); - }); + } - RESERVED_NAMESPACE.into_iter().for_each(|id| { + for id in RESERVED_NAMESPACE.into_iter() { assert_invalid_expression( format!("extension::function::{id}(\"foo\")"), RESERVED_NAMESPACE_MSG(&format!("extension::function::{id}")), @@ -6440,9 +6440,9 @@ mod reserved_keywords_in_policies { RESERVED_NAMESPACE_MSG(id), id.into(), ); - }); + } - OTHER_SPECIAL_IDENTS.into_iter().for_each(|id| { + for id in OTHER_SPECIAL_IDENTS.into_iter() { assert_invalid_expression( format!("extension::function::{id}(\"foo\")"), format!("`extension::function::{id}` is not a valid function"), @@ -6453,6 +6453,6 @@ mod reserved_keywords_in_policies { format!("`{id}` is not a valid method"), format!("context.{id}(1)"), ); - }); + } } }