Introduce protobuf message testing to policies

l46kok · copybara-github · commit 138b11dab2fd · 2024-07-03T15:12:59.000-07:00
PiperOrigin-RevId: 649212262
diff --git a/policy/src/test/java/dev/cel/policy/BUILD.bazel b/policy/src/test/java/dev/cel/policy/BUILD.bazel
@@ -15,6 +15,7 @@ java_library(
         "//common",
         "//common:options",
         "//common/internal",
+        "//common/resources/testdata/proto3:test_all_types_java_proto",
         "//compiler",
         "//extensions:optional_library",
         "//parser",
diff --git a/policy/src/test/java/dev/cel/policy/CelPolicyCompilerImplTest.java b/policy/src/test/java/dev/cel/policy/CelPolicyCompilerImplTest.java
@@ -14,7 +14,7 @@
 
 package dev.cel.policy;
 
-import static com.google.common.collect.ImmutableMap.toImmutableMap;
+import static com.google.common.base.Strings.isNullOrEmpty;
 import static com.google.common.truth.Truth.assertThat;
 import static dev.cel.policy.PolicyTestHelper.readFromYaml;
 import static org.junit.Assert.assertThrows;
@@ -36,9 +36,11 @@
 import dev.cel.policy.PolicyTestHelper.PolicyTestSuite;
 import dev.cel.policy.PolicyTestHelper.PolicyTestSuite.PolicyTestSection;
 import dev.cel.policy.PolicyTestHelper.PolicyTestSuite.PolicyTestSection.PolicyTestCase;
+import dev.cel.policy.PolicyTestHelper.PolicyTestSuite.PolicyTestSection.PolicyTestCase.PolicyTestInput;
 import dev.cel.policy.PolicyTestHelper.TestYamlPolicy;
 import dev.cel.runtime.CelRuntime.CelFunctionBinding;
-import java.util.Map.Entry;
+import dev.cel.testing.testdata.proto3.TestAllTypesProto.TestAllTypes;
+import java.util.Map;
 import java.util.Optional;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -138,10 +140,17 @@ public void evaluateYamlPolicy_withCanonicalTestData(
     // Compile then evaluate the policy
     CelAbstractSyntaxTree compiledPolicyAst =
         CelPolicyCompilerFactory.newPolicyCompiler(cel).build().compile(policy);
-    ImmutableMap<String, Object> input =
-        testData.testCase.getInput().entrySet().stream()
-            .collect(toImmutableMap(Entry::getKey, e -> e.getValue().getValue()));
-    Object evalResult = cel.createProgram(compiledPolicyAst).eval(input);
+    ImmutableMap.Builder<String, Object> inputBuilder = ImmutableMap.builder();
+    for (Map.Entry<String, PolicyTestInput> entry : testData.testCase.getInput().entrySet()) {
+      String exprInput = entry.getValue().getExpr();
+      if (isNullOrEmpty(exprInput)) {
+        inputBuilder.put(entry.getKey(), entry.getValue().getValue());
+      } else {
+        CelAbstractSyntaxTree exprInputAst = cel.compile(exprInput).getAst();
+        inputBuilder.put(entry.getKey(), cel.createProgram(exprInputAst).eval());
+      }
+    }
+    Object evalResult = cel.createProgram(compiledPolicyAst).eval(inputBuilder.buildOrThrow());
 
     // Assert
     // Note that policies may either produce an optional or a non-optional result,
@@ -219,6 +228,7 @@ private static Cel newCel() {
         .setStandardMacros(CelStandardMacro.STANDARD_MACROS)
         .addCompilerLibraries(CelOptionalLibrary.INSTANCE)
         .addRuntimeLibraries(CelOptionalLibrary.INSTANCE)
+        .addMessageTypes(TestAllTypes.getDescriptor())
         .setOptions(CEL_OPTIONS)
         .addFunctionBindings(
             CelFunctionBinding.from(
diff --git a/policy/src/test/java/dev/cel/policy/PolicyTestHelper.java b/policy/src/test/java/dev/cel/policy/PolicyTestHelper.java
@@ -82,7 +82,12 @@ enum TestYamlPolicy {
             + " \"true\", !(variables.break_glass || resource.containers.all(c,"
             + " c.startsWith(variables.env + \".\"))) ? optional.of(\"only \" + variables.env + \""
             + " containers are allowed in namespace \" + resource.namespace) :"
-            + " optional.none()))");
+            + " optional.none()))"),
+    PB(
+        "pb",
+        true,
+        "(spec.single_int32 > 10) ? optional.of(\"invalid spec, got single_int32=\" +"
+            + " string(spec.single_int32) + \", wanted <= 10\") : optional.none()");
     private final String name;
     private final boolean producesOptionalResult;
     private final String unparsed;
diff --git a/policy/src/test/resources/pb/config.yaml b/policy/src/test/resources/pb/config.yaml
@@ -0,0 +1,23 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: "pb"
+container: "dev.cel.testing.testdata.proto3"
+extensions:
+- name: "strings"
+  version: 2
+variables:
+- name: "spec"
+  type:
+    type_name: "dev.cel.testing.testdata.proto3.TestAllTypes"
diff --git a/policy/src/test/resources/pb/policy.yaml b/policy/src/test/resources/pb/policy.yaml
@@ -0,0 +1,20 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: "pb"
+rule:
+  match:
+  - condition: spec.single_int32 > 10
+    output: |
+      "invalid spec, got single_int32=" + string(spec.single_int32) + ", wanted <= 10"
diff --git a/policy/src/test/resources/pb/tests.yaml b/policy/src/test/resources/pb/tests.yaml
@@ -0,0 +1,33 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+description: "Protobuf input tests"
+section:
+- name: "valid"
+  tests:
+  - name: "good spec"
+    input:
+      spec:
+        expr: >
+          TestAllTypes{single_int32: 10}
+    output: "optional.none()"
+- name: "invalid"
+  tests:
+  - name: "bad spec"
+    input:
+      spec:
+        expr: >
+          TestAllTypes{single_int32: 11}
+    output: >
+      "invalid spec, got single_int32=11, wanted <= 10"
