refactor: policies

Author: alanshaw

examples/capability_definition_test.go

@@ -10,7 +10,7 @@ import (
 	"github.com/alanshaw/ucantone/principal/ed25519"
 	"github.com/alanshaw/ucantone/ucan/command"
 	"github.com/alanshaw/ucantone/ucan/delegation"
-	"github.com/alanshaw/ucantone/ucan/delegation/policy/builder"
+	"github.com/alanshaw/ucantone/ucan/delegation/policy"
 	"github.com/alanshaw/ucantone/ucan/invocation"
 	"github.com/alanshaw/ucantone/validator/capability"
 )
@@ -22,7 +22,7 @@ func TestCapabilityDefinition(t *testing.T) {
 	messageSendCapability, err := capability.New[*types.MessageSendArguments](
 		must(command.Parse("/message/send")),
 		capability.WithPolicy(
-			must(builder.Build(builder.NotEqual(".to", []string{}))),
+			must(policy.Build(policy.NotEqual(".to", []string{}))),
 		),
 	)
 	if err != nil {
@@ -79,7 +79,7 @@ func TestCapabilityDefinitionGenericMap(t *testing.T) {
 	messageSendCapability, err := capability.New[*datamodel.Map](
 		must(command.Parse("/message/send")),
 		capability.WithPolicy(
-			must(builder.Build(builder.NotEqual(".to", []string{}))),
+			must(policy.Build(policy.NotEqual(".to", []string{}))),
 		),
 	)
 	if err != nil {

examples/container_test.go

@@ -9,7 +9,7 @@ import (
 	"github.com/alanshaw/ucantone/ucan/command"
 	"github.com/alanshaw/ucantone/ucan/container"
 	"github.com/alanshaw/ucantone/ucan/delegation"
-	"github.com/alanshaw/ucantone/ucan/delegation/policy/builder"
+	"github.com/alanshaw/ucantone/ucan/delegation/policy"
 	"github.com/alanshaw/ucantone/ucan/invocation"
 )
 
@@ -25,7 +25,7 @@ func TestContainer(t *testing.T) {
 		panic(err)
 	}
 
-	policy, err := builder.Build(builder.All(".to", builder.Like(".", "*.example.com")))
+	pol, err := policy.Build(policy.All(".to", policy.Like(".", "*.example.com")))
 	if err != nil {
 		panic(err)
 	}
@@ -37,7 +37,7 @@ func TestContainer(t *testing.T) {
 		alice,
 		must(command.Parse("/message/send")),
 		delegation.WithSubject(mailer),
-		delegation.WithPolicy(policy),
+		delegation.WithPolicy(pol),
 	)
 	if err != nil {
 		panic(err)

examples/delegations_test.go

@@ -6,7 +6,7 @@ import (
 	"github.com/alanshaw/ucantone/principal/ed25519"
 	"github.com/alanshaw/ucantone/ucan/command"
 	"github.com/alanshaw/ucantone/ucan/delegation"
-	"github.com/alanshaw/ucantone/ucan/delegation/policy/builder"
+	"github.com/alanshaw/ucantone/ucan/delegation/policy"
 )
 
 func TestDelegations(t *testing.T) {
@@ -39,7 +39,7 @@ func TestDelegations(t *testing.T) {
 
 	// alice delegates bob capability to use the email service, but only allows
 	// bob to send to example.com email addresses
-	policy, err := builder.Build(builder.All(".to", builder.Like(".", "*.example.com")))
+	policy, err := policy.Build(policy.All(".to", policy.Like(".", "*.example.com")))
 	if err != nil {
 		panic(err)
 	}

examples/policies_test.go

@@ -0,0 +1,54 @@
+package examples
+
+import (
+	"testing"
+
+	"github.com/alanshaw/ucantone/ipld/datamodel"
+	"github.com/alanshaw/ucantone/ucan/delegation/policy"
+)
+
+func TestParsePolicy(t *testing.T) {
+	// Create some data to match against the policy:
+	msg := datamodel.NewMap(
+		datamodel.WithEntry("to", []string{"bob@example.com"}),
+		datamodel.WithEntry("from", "alice@example.com"),
+		datamodel.WithEntry("message", "Hello bob!"),
+	)
+
+	// A policy is a list of statements.
+	// See https://github.com/ucan-wg/delegation/blob/main/README.md#policy
+	pol, err := policy.Build(
+		policy.All(".to", policy.Like(".", "*.example.com")),
+		policy.Equal(".from", "alice@example.com"),
+	)
+	if err != nil {
+		panic(err)
+	}
+
+	ok, err := policy.Match(pol, msg)
+	if err != nil {
+		panic(err)
+	}
+	// expect this policy to match the data
+	if ok != true {
+		panic("policy did not match")
+	}
+
+	// Alternatively you can parse a DAG-JSON encoded policy:
+	pol, err = policy.Parse(`[
+		["all", ".to", ["like", ".", "*@example.com"]],
+		["==", ".from", "alice@example.com"]
+	]`)
+	if err != nil {
+		panic(err)
+	}
+
+	ok, err = policy.Match(pol, msg)
+	if err != nil {
+		panic(err)
+	}
+	// expect this policy to match the data
+	if ok != true {
+		panic("policy did not match")
+	}
+}

notes.md

@@ -6,10 +6,11 @@
 * No IPLD prime - [CBOR gen](https://github.com/whyrusleeping/cbor-gen) is adequete and significantly less complicated. It's a shame to not have IPLD schemas, but the inflexibility and boilerplate it introduces is prohibitive.
 * Consequently, no `ipld.Link` usage. The `cid.Cid` type is actually useful, despite it being a bit heavy. We _have_ to use it anyways, since it's the only thing that implements `ipld.Link`. Also `Link` is just such a nothing interface.
 * Fewer generics. Generic types in Go are not super powerful and can easily get in the way. We use generics more sparingly in this version.
+* DAG-JSON all the things to make debugging easier!
 
 ## Specifics
 
-* `DID` is now in string representation (not their binary representation as a string). You must call `Encode` and `Decode` to move to/from binary. Note, it does not have a `Bytes()` method since encoding to bytes may raise an error - you must use `Encode` instead.
+* `DID` is now in string representation (not their binary representation as a string). You can call `Encode` and `Decode` to move to/from binary. Note, it does not have a `Bytes()` method since encoding to bytes may raise an error - you must use `Encode` instead.
 * Receipt is not defined properly in the specs...
 * Signatures
   * Varsig does not implement anything other than ed25519 signature and dag-cbor payload right now.
@@ -23,4 +24,4 @@
 ## TODOs
 
 * Policy code needs finishing off and testing against the fixture
-* IPLD layer needs to support floats
+* IPLD layer needs to support floats(?)