Skip to content

Commit 48d5ce6

Browse files
l46kokcopybara-github
authored andcommitted
Validate required fields for policy variables
PiperOrigin-RevId: 649215393
1 parent 138b11d commit 48d5ce6

File tree

3 files changed

+39
-11
lines changed

3 files changed

+39
-11
lines changed

policy/src/main/java/dev/cel/policy/CelPolicy.java

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -217,20 +217,28 @@ public abstract static class Variable {
217217

218218
/** Builder for {@link Variable}. */
219219
@AutoValue.Builder
220-
public abstract static class Builder {
220+
public abstract static class Builder implements RequiredFieldsChecker {
221+
222+
abstract Optional<ValueString> name();
223+
224+
abstract Optional<ValueString> expression();
221225

222226
public abstract Builder setName(ValueString name);
223227

224228
public abstract Builder setExpression(ValueString expression);
225229

230+
@Override
231+
public ImmutableList<RequiredField> requiredFields() {
232+
return ImmutableList.of(
233+
RequiredField.of("name", this::name), RequiredField.of("expression", this::expression));
234+
}
235+
226236
public abstract Variable build();
227237
}
228238

229239
/** Creates a new builder to construct a {@link Variable} instance. */
230240
public static Builder newBuilder() {
231-
return new AutoValue_CelPolicy_Variable.Builder()
232-
.setName(ValueString.newBuilder().build())
233-
.setExpression(ValueString.newBuilder().build());
241+
return new AutoValue_CelPolicy_Variable.Builder();
234242
}
235243
}
236244
}

policy/src/main/java/dev/cel/policy/CelPolicyYamlParser.java

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -38,13 +38,11 @@
3838
final class CelPolicyYamlParser implements CelPolicyParser {
3939

4040
// Sentinel values for parsing errors
41+
private static final ValueString ERROR_VALUE = ValueString.newBuilder().setValue(ERROR).build();
4142
private static final Match ERROR_MATCH =
42-
Match.newBuilder()
43-
.setCondition(ValueString.newBuilder().setValue(ERROR).build())
44-
.setResult(Result.ofOutput(ValueString.newBuilder().setValue(ERROR).build()))
45-
.build();
43+
Match.newBuilder().setCondition(ERROR_VALUE).setResult(Result.ofOutput(ERROR_VALUE)).build();
4644
private static final Variable ERROR_VARIABLE =
47-
Variable.newBuilder().setName(ValueString.newBuilder().setValue(ERROR).build()).build();
45+
Variable.newBuilder().setExpression(ERROR_VALUE).setName(ERROR_VALUE).build();
4846

4947
private final TagVisitor<Node> tagVisitor;
5048

@@ -272,6 +270,10 @@ public CelPolicy.Variable parseVariable(
272270
}
273271
}
274272

273+
if (!assertRequiredFields(ctx, id, builder.getMissingRequiredFieldNames())) {
274+
return ERROR_VARIABLE;
275+
}
276+
275277
return builder.build();
276278
}
277279

policy/src/test/java/dev/cel/policy/CelPolicyYamlParserTest.java

Lines changed: 20 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -134,10 +134,28 @@ private enum PolicyParseErrorTestCase {
134134
"inputs:\n" + " - name: a\n" + " - name: b",
135135
"ERROR: <input>:1:1: Unsupported policy tag: inputs\n" + " | inputs:\n" + " | ^"),
136136
UNSUPPORTED_VARIABLE_TAG(
137-
"rule:\n" + " variables:\n" + " - name: 'true'\n" + " alt_name: 'bool_true'",
138-
"ERROR: <input>:4:7: Unsupported variable tag: alt_name\n"
137+
"rule:\n" //
138+
+ " variables:\n" //
139+
+ " - name: 'hello'\n" //
140+
+ " expression: 'true'\n" //
141+
+ " alt_name: 'bool_true'",
142+
"ERROR: <input>:5:7: Unsupported variable tag: alt_name\n"
139143
+ " | alt_name: 'bool_true'\n"
140144
+ " | ......^"),
145+
MISSING_VARIABLE_NAME(
146+
"rule:\n" //
147+
+ " variables:\n" //
148+
+ " - expression: 'true'", //
149+
"ERROR: <input>:3:7: Missing required attribute(s): name\n"
150+
+ " | - expression: 'true'\n"
151+
+ " | ......^"),
152+
MISSING_VARIABLE_EXPRESSION(
153+
"rule:\n" //
154+
+ " variables:\n" //
155+
+ " - name: 'hello'", //
156+
"ERROR: <input>:3:7: Missing required attribute(s): expression\n"
157+
+ " | - name: 'hello'\n"
158+
+ " | ......^"),
141159
UNSUPPORTED_MATCH_TAG(
142160
"rule:\n"
143161
+ " match:\n"

0 commit comments

Comments
 (0)