Merge pull request #134 from walt-id/regopolicy

support rego policy via CLI
walt-id · May 31, 2022 · e99959a · e99959a
2 parents f0b557a + 98480ee
commit e99959a
Show file tree

Hide file tree

Showing 9 changed files with 30 additions and 12 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,12 @@ Notable changes since the last release of the [SSI Kit](https://github.com/walt-
 
 ## [Unreleased]
 
+- Roadmap Items
+  - Verifiable Mandate & Delegation https://github.com/walt-id/waltid-roadmap/issues/37
+  - Integration of Open Policy Agent https://github.com/walt-id/waltid-roadmap/issues/40
+- Features
+  - Support rego policy via CLI  https://github.com/walt-id/waltid-ssikit/pull/134
+
 ## [1.10.0] - 2022-05-10
 
 -   Bumped all dependencies

diff --git a/README.md b/README.md
@@ -37,14 +37,14 @@ The easiest way to getting your hands dirty and to "play" with the functions the
 
 _Gradle_
 
-        implementation("id.walt:waltid-ssi-kit:1.10.0")
+        implementation("id.walt:waltid-ssi-kit:1.11.0")
 
 _Maven_
 
         <dependency>
             <groupId>id.walt</groupId>
             <artifactId>waltid-ssi-kit</artifactId>
-            <version>1.10.0</version>
+            <version>1.11.0</version>
         </dependency>
 
 Please go ahead and find further CLI commands and well as other ways how to use the SSI Kit in the documentation section below.

diff --git a/build.gradle.kts b/build.gradle.kts
@@ -10,7 +10,7 @@ plugins {
 }
 
 group = "id.walt"
-version = "1.11-SNAPSHOT"
+version = "1.11.0"
 
 repositories {
     mavenCentral()

diff --git a/src/main/kotlin/id/walt/Values.kt b/src/main/kotlin/id/walt/Values.kt
@@ -1,6 +1,6 @@
 package id.walt
 
 object Values {
-    const val version = "1.10.0"
+    const val version = "1.11.0"
     const val isSnapshot = false
 }
diff --git a/src/main/kotlin/id/walt/auditor/PolicyRegistry.kt b/src/main/kotlin/id/walt/auditor/PolicyRegistry.kt
@@ -35,5 +35,6 @@ object PolicyRegistry {
         register(VpTokenClaimPolicy::class)
         register(CredentialStatusPolicy::class)
         register(VerifiableMandatePolicy::class)
+        register(RegoPolicy::class)
     }
 }
diff --git a/src/main/kotlin/id/walt/auditor/RegoValidator.kt b/src/main/kotlin/id/walt/auditor/RegoValidator.kt
@@ -11,7 +11,6 @@ import io.ktor.client.statement.*
 import io.ktor.serialization.kotlinx.json.*
 import kotlinx.coroutines.runBlocking
 import java.io.File
-import java.net.URL
 
 object RegoValidator {
     val client = HttpClient(CIO) {

diff --git a/src/main/kotlin/id/walt/auditor/VerificationPolicy.kt b/src/main/kotlin/id/walt/auditor/VerificationPolicy.kt
@@ -1,6 +1,7 @@
 package id.walt.auditor
 
 import com.beust.klaxon.Klaxon
+import com.beust.klaxon.Parser
 import com.jayway.jsonpath.JsonPath
 import id.walt.model.AttributeInfo
 import id.walt.model.TrustedIssuer
@@ -22,6 +23,7 @@ import java.util.*
 import id.walt.vclib.credentials.CredentialStatusCredential
 import id.walt.vclib.credentials.VerifiableMandate
 import io.ktor.client.plugins.*
+import kotlinx.serialization.json.Json
 import java.net.URL
 
 private const val TIR_TYPE_ATTRIBUTE = "attribute"
@@ -290,19 +292,20 @@ class VerifiableMandatePolicy() : VerificationPolicy() {
 data class RegoPolicyArg (
     val input: String,
     val rego: String,
-    val dataPath: String = "\$.credentialSubject",
-    val resultPath: String = "\$.result[0].expressions[0].value.allow"
+    val dataPath: String = "\$.credentialSubject", // for specifying the input data
+    val resultPath: String = "\$.result[0].expressions[0].value.allow" // for evaluating the result from the rego engine
     )
 
 class RegoPolicy() : VerificationPolicy() {
 
     constructor(regoPolicyArg: RegoPolicyArg): this() { arguments = regoPolicyArg }
+    constructor(regoPolicyStr: String): this() { arguments = regoPolicyStr }
 
     override val description = "Verify credential by rego policy"
     override fun doVerify(vc: VerifiableCredential): Boolean {
         // params: rego (string, URL, file, credential property), input (json string), data jsonpath (default: $.credentialSubject)
-        if(arguments != null && arguments is RegoPolicyArg) {
-            val regoPolicyArg = arguments as RegoPolicyArg
+        if(arguments != null) {
+            val regoPolicyArg = if(arguments is RegoPolicyArg) { arguments as RegoPolicyArg } else { Klaxon().parse<RegoPolicyArg>(arguments.toString()) } ?: return false
             val rego = if (regoPolicyArg.rego.startsWith("$")) {
                 JsonPath.parse(vc.json!!).read<String>(regoPolicyArg.rego)
             } else {
@@ -334,4 +337,4 @@ data class VerificationResult(
 ) {
     override fun toString() =
         "VerificationResult(valid=$valid, policyResults={${policyResults.entries.joinToString { it.key + "=" + it.value }}})"
-}
+}
diff --git a/src/test/kotlin/id/walt/auditor/AuditorTest.kt b/src/test/kotlin/id/walt/auditor/AuditorTest.kt
@@ -1,6 +1,5 @@
 package id.walt.auditor
 
-import com.sksamuel.hoplite.fp.valid
 import id.walt.custodian.Custodian
 import id.walt.model.DidMethod
 import id.walt.servicematrix.ServiceMatrix
@@ -126,6 +125,8 @@ class AuditorCommandTest : StringSpec() {
             }
         }
 
+        // CLI call for testing VerifiableMandatePolicy
+        // ./ssikit.sh -v vc verify rego-vc.json -p VerifiableMandatePolicy='{"user": "did:ebsi:ze2dC9GezTtVSzjHVMQzpkE", "action": "apply_to_masters", "location": "Slovenia"}'
         "5. verifiable mandate policy" {
             val mandateSubj = mapOf(
                 "credentialSubject" to mapOf(
@@ -156,7 +157,10 @@ class AuditorCommandTest : StringSpec() {
             verificationResult.valid shouldBe true
         }
 
+        // CLI call for testing RegoPolicy
+        // ./ssikit.sh -v vc verify rego-vc.json -p RegoPolicy='{"dataPath" : "$.credentialSubject.holder", "input" : "{\"user\": \"did:ebsi:ze2dC9GezTtVSzjHVMQzpkE\", \"action\": \"apply_to_masters\", \"location\": \"Slovenia\" }", "rego" : "src/test/resources/rego/test-policy.rego", "resultPath" : "$.result[0].expressions[0].value.allow"}'
         "6. rego policy" {
+            // Successful testcase
             val query = """{"user": "$did" }"""
             println("Testing query: $query")
             val verificationResult = Auditor.getService().verify(vcStr,
@@ -169,6 +173,11 @@ class AuditorCommandTest : StringSpec() {
                 )))
             verificationResult.valid shouldBe true
 
+            // Successful testcase with Rego Policy Arg str
+            val verificationResultStr =Auditor.getService().verify(vcStr,listOf(RegoPolicy("{\"dataPath\" : \"\$.credentialSubject\", \"input\" : \"{\\\"user\\\": \\\"$did\\\" }\", \"rego\" : \"src/test/resources/rego/subject-policy.rego\", \"resultPath\" : \"\$.result[0].expressions[0].value.test\"}"))).valid
+            verificationResultStr shouldBe true
+
+            // Unsuccessful testcase
             val negQuery = """{"user": "did:key:1234" }"""
             val negResult = Auditor.getService().verify(vcStr,
                 listOf(RegoPolicy(

diff --git a/ssikit.sh b/ssikit.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 set -e
 
-version='1.10.0'
+version='1.11.0'
 
 function header() {
   echo "waltid-ssi-kit wrapper script"