From 4f13e2a41ef8633a5f4cbec7f101e5c2f9cb41b4 Mon Sep 17 00:00:00 2001 From: Pierre Troger Date: Thu, 3 Oct 2024 12:58:46 +0200 Subject: [PATCH] Revert "Evaluation is responsible to enforce casing (#550)" This reverts commit a0ec7dddd7a821450f0a30d9822864b0da561ad6. --- .../rego/__test__/criteria/approval_test.rego | 10 + .../__test__/criteria/intent/source_test.rego | 16 +- .../__test__/criteria/principal_test.rego | 8 +- .../rego/__test__/criteria/resource_test.rego | 27 +- .../rego/__test__/main_test.rego | 78 ++-- .../rego/__test__/policies/approvals.rego | 1 + .../__test__/policies/approvals_test.rego | 3 +- .../rego/__test__/policies/spendings.rego | 1 + .../rego/__test__/utils_test.rego | 15 +- .../rego/criteria/approval.rego | 47 +-- .../rego/criteria/intent/amount.rego | 4 +- .../rego/criteria/intent/destination.rego | 14 +- .../rego/criteria/intent/intent.rego | 9 +- .../rego/criteria/intent/source.rego | 15 +- .../intent/userOperation/entryPoint.rego | 7 +- .../userOperation/intents/destination.rego | 3 +- .../intent/userOperation/intents/source.rego | 3 +- .../rego/criteria/permission.rego | 3 +- .../rego/criteria/principal.rego | 17 +- .../rego/criteria/resource.rego | 23 +- .../rego/criteria/spendingLimit.rego | 2 +- .../__test__/account_test.rego} | 42 ++- .../chainAccount.rego => util/account.rego} | 85 +++-- .../open-policy-agent/rego/util/entities.rego | 34 ++ .../open-policy-agent/rego/util/eth.rego | 5 + .../rego/{utils => util}/number.rego | 0 .../rego/{utils => util}/time.rego | 0 .../rego/{utils => util}/transfers.rego | 70 ++-- .../utils/__test__/entityQueries_test.rego | 135 ------- .../open-policy-agent/rego/utils/case.rego | 26 -- .../rego/utils/entityQueries.rego | 355 ------------------ .../e2e/criterion/check-approvals.spec.ts | 8 +- .../e2e/criterion/check-rate-limit.spec.ts | 6 +- .../criterion/check-spending-limit.spec.ts | 8 +- .../scenarii/address-book-management.spec.ts | 4 +- .../approvals-and-spending-limit.spec.ts | 4 +- .../e2e/scenarii/defi-interactions.spec.ts | 4 +- .../tiered-eth-transfer-policy.spec.ts | 4 +- 38 files changed, 289 insertions(+), 807 deletions(-) rename apps/policy-engine/src/resource/open-policy-agent/rego/{utils/__test__/chainAccount_test.rego => util/__test__/account_test.rego} (73%) rename apps/policy-engine/src/resource/open-policy-agent/rego/{utils/chainAccount.rego => util/account.rego} (62%) create mode 100644 apps/policy-engine/src/resource/open-policy-agent/rego/util/entities.rego create mode 100644 apps/policy-engine/src/resource/open-policy-agent/rego/util/eth.rego rename apps/policy-engine/src/resource/open-policy-agent/rego/{utils => util}/number.rego (100%) rename apps/policy-engine/src/resource/open-policy-agent/rego/{utils => util}/time.rego (100%) rename apps/policy-engine/src/resource/open-policy-agent/rego/{utils => util}/transfers.rego (77%) delete mode 100644 apps/policy-engine/src/resource/open-policy-agent/rego/utils/__test__/entityQueries_test.rego delete mode 100644 apps/policy-engine/src/resource/open-policy-agent/rego/utils/case.rego delete mode 100644 apps/policy-engine/src/resource/open-policy-agent/rego/utils/entityQueries.rego diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/criteria/approval_test.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/criteria/approval_test.rego index 02fee40ac..d41d2ed2e 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/criteria/approval_test.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/criteria/approval_test.rego @@ -1,5 +1,15 @@ package main +test_approversRoles { + roles = approversRoles with input as requestWithEip1559Transaction with data.entities as entities + roles == {"root", "member", "admin"} +} + +test_approversGroups { + groups = approversGroups with input as requestWithEip1559Transaction with data.entities as entities + groups == {"test-user-group-one-uid", "test-user-group-two-uid"} +} + test_checkApprovalByUserId { requiredApproval = { "approvalCount": 2, diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/criteria/intent/source_test.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/criteria/intent/source_test.rego index 3f2e3d270..a85c9081b 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/criteria/intent/source_test.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/criteria/intent/source_test.rego @@ -1,22 +1,18 @@ package main -import data.armory.lib.chainAccount.build - test_source { - res = build.intentSourceChainAccount(input.intent) with input as requestWithEip1559Transaction with data.entities as entities + res = getIntentSourceChainAccount(input.intent) with input as requestWithEip1559Transaction with data.entities as entities - expected := { - "id": "eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98E", - "address": "0xddcf208f219a6e6af072f2cfdc615b2c1805f98E", + res == { + "id": "eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", + "address": "0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", "chainId": 137, "classification": "managed", "accountType": "eoa", - "assignees": ["test-bOb-uid", "test-alicE-uid", "test-foo-uid", "test-bar-uid"], - "groups": {"test-account-group-ONE-uid"}, + "assignees": ["test-bob-uid", "test-alice-uid", "test-foo-uid", "test-bar-uid"], + "accountGroups": {"test-account-group-one-uid"}, } - expected == res - checkSourceId({"eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"}) with input as requestWithEip1559Transaction with data.entities as entities checkSourceAddress({"0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"}) with input as requestWithEip1559Transaction with data.entities as entities checkSourceAccountType({"eoa"}) with input as requestWithEip1559Transaction with data.entities as entities diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/criteria/principal_test.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/criteria/principal_test.rego index 90a92dc78..b9a7f9f6b 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/criteria/principal_test.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/criteria/principal_test.rego @@ -1,11 +1,11 @@ package main -import data.armory.entities.get - test_principal { - user = get.user(input.principal.userId) with input as requestWithEip1559Transaction with data.entities as entities + user = principal with input as requestWithEip1559Transaction with data.entities as entities + user == {"id": "test-bob-uid", "role": "root"} - user == {"id": "test-BOB-uid", "role": "root", "groups": {"test-USER-group-one-uid", "test-USER-group-two-uid"}} + groups = principalGroups with input as requestWithEip1559Transaction with data.entities as entities + groups == {"test-user-group-one-uid", "test-user-group-two-uid"} checkPrincipalId({"test-bob-uid", "test-alice-uid"}) with input as requestWithEip1559Transaction with data.entities as entities checkPrincipalRole({"root", "admin"}) with input as requestWithEip1559Transaction with data.entities as entities diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/criteria/resource_test.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/criteria/resource_test.rego index 7ec663366..182f98607 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/criteria/resource_test.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/criteria/resource_test.rego @@ -1,21 +1,22 @@ package main -import data.armory.entities.get - test_resource { - account = get.account(input.resource.uid) with input as requestWithEip1559Transaction with data.entities as entities - - expected := { - "id": "eip155:eoa:0xDDcf208f219a6e6af072f2cfdc615b2c1805f98e", - "address": "0xddcf208F219a6e6af072f2cfdc615b2c1805f98e", + account = resource with input as requestWithEip1559Transaction with data.entities as entities + account == { + "id": "eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", + "address": "0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", "accountType": "eoa", - "assignees": ["test-bOb-uid", "test-alicE-uid", "test-foo-uid", "test-bar-uid"], - "groups": {"test-account-group-ONE-uid"}, + "assignees": ["test-bob-uid", "test-alice-uid", "test-foo-uid", "test-bar-uid"], } - account == expected - checkAccountId({"eip155:eoa:0xdDcF208f219a6e6af072f2cfdc615b2c1805F98E"}) with input as requestWithEip1559Transaction with data.entities as entities - checkAccountAddress({"0xdDCf208f219a6e6af072f2cfdc615b2c1805f98e"}) with input as requestWithEip1559Transaction with data.entities as entities + groups = accountGroups with input as requestWithEip1559Transaction with data.entities as entities + groups == {"test-account-group-one-uid"} + + accountGroupsById = getAccountGroups("eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e") with input as requestWithEip1559Transaction with data.entities as entities + accountGroupsById == {"test-account-group-one-uid"} + + checkAccountId({"eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"}) with input as requestWithEip1559Transaction with data.entities as entities + checkAccountAddress({"0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"}) with input as requestWithEip1559Transaction with data.entities as entities checkAccountType({"eoa"}) with input as requestWithEip1559Transaction with data.entities as entities - checkAccountGroup({"teST-account-groUp-one-uid"}) with input as requestWithEip1559Transaction with data.entities as entities + checkAccountGroup({"test-account-group-one-uid"}) with input as requestWithEip1559Transaction with data.entities as entities } diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/main_test.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/main_test.rego index 8ba86e0e7..595065203 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/main_test.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/main_test.rego @@ -20,13 +20,13 @@ tenHoursAgo = (nowSeconds - ((10 * 60) * 60)) * 1000 # in ms nineHoursAgo = (nowSeconds - ((9 * 60) * 60)) * 1000 # in ms -principalReq = {"userId": "test-bob-Uid"} +principalReq = {"userId": "test-bob-uid"} -resourceReq = {"uid": "eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98E"} +resourceReq = {"uid": "eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"} transactionRequestEIP1559 = { - "from": "0xddcf208f219a6e6af072f2cfdc615b2c1805f98E", - "to": "0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7A3", + "from": "0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", + "to": "0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3", "chainId": 137, "maxFeePerGas": "20000000000", "maxPriorityFeePerGas": "3000000000", @@ -38,12 +38,12 @@ transactionRequestEIP1559 = { } transactionRequestLegacy = { - "from": "0xddcf208f219a6e6af072f2cfdc615b2c1805f98E", - "to": "0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7A3", + "from": "0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", + "to": "0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3", "chainId": 137, "gas": "21000", "gasPrice": "20000000000", - "value": "0xde0b6b3A7640000", + "value": "0xde0b6b3a7640000", "data": "0x00000000", "nonce": 192, "type": "0", @@ -51,17 +51,17 @@ transactionRequestLegacy = { intentReq = { "type": "transferERC20", - "from": "eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98E", - "to": "eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7A3", - "token": "eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aA84174", + "from": "eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", + "to": "eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3", + "token": "eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174", "amount": "1000000000000000000", # 1 USDC } approvalsReq = [ - {"userId": "test-bob-uiD"}, - {"userId": "test-alice-uiD"}, - {"userId": "test-foo-uiD"}, - {"userId": "0xaaa8ee1cbaa1856f4550c6fc24abb16c5c9b2A43"}, + {"userId": "test-bob-uid"}, + {"userId": "test-alice-uid"}, + {"userId": "test-foo-uid"}, + {"userId": "0xaaa8ee1cbaa1856f4550c6fc24abb16c5c9b2a43"}, ] feedsReq = [ @@ -143,82 +143,82 @@ requestWithLegacyTransaction = { entities = { "addressBook": { "eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3": { - "id": "eip155:137:0xA45E21e9370ba031c5e1f47dedca74a7ce2ed7a3", - "address": "0xa45e21E9370Ba031c5e1f47dedca74a7ce2ed7a3", + "id": "eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3", + "address": "0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3", "chainId": 137, "classification": "internal", }, "eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e": { - "id": "eip155:137:0xDDcf208f219a6e6af072f2cfdc615b2c1805f98e", - "address": "0xddCF208f219a6e6af072f2cfdc615b2c1805f98e", + "id": "eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", + "address": "0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", "chainId": 137, "classification": "managed", }, "eip155:1:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e": { - "id": "eip155:1:0xDDCf208f219a6e6af072f2cfdc615b2c1805f98e", - "address": "0xddcf208F219a6e6af072f2cfdc615b2c1805f98e", + "id": "eip155:1:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", + "address": "0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", "chainId": 1, "classification": "managed", }, }, "tokens": {"eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174": { - "id": "eip155:137/erc20:0x2791bCA1f2de4661ed88a30c99a7a9449aa84174", - "address": "0x2791bca1f2de4661ED88a30c99a7a9449aa84174", + "id": "eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174", + "address": "0x2791bca1f2de4661ed88a30c99a7a9449aa84174", "symbol": "USDC", "chainId": 137, "decimals": 6, }}, "users": { "test-bob-uid": { - "id": "test-BOB-uid", + "id": "test-bob-uid", "role": "root", }, "test-alice-uid": { - "id": "test-Alice-uid", + "id": "test-alice-uid", "role": "member", }, "test-bar-uid": { - "id": "test-Bar-uid", + "id": "test-bar-uid", "role": "admin", }, "test-foo-uid": { - "id": "test-Foo-uid", + "id": "test-foo-uid", "role": "admin", }, "0xaaa8ee1cbaa1856f4550c6fc24abb16c5c9b2a43": { - "id": "0xAAA8ee1cbaa1856f4550c6fc24abb16c5c9b2a43", + "id": "0xaaa8ee1cbaa1856f4550c6fc24abb16c5c9b2a43", "role": "admin", }, }, "userGroups": { "test-user-group-one-uid": { - "id": "test-USER-group-one-uid", + "id": "test-user-group-one-uid", "name": "dev", - "users": ["test-Bob-uid", "test-Bar-uid"], + "users": ["test-bob-uid", "test-bar-uid"], }, "test-user-group-two-uid": { - "id": "test-USER-group-two-uid", + "id": "test-user-group-two-uid", "name": "finance", - "users": ["tesT-Bob-uid", "test-bar-uid"], + "users": ["test-bob-uid", "test-bar-uid"], }, }, "accounts": { "eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e": { - "id": "eip155:eoa:0xDDcf208f219a6e6af072f2cfdc615b2c1805f98e", - "address": "0xddcf208F219a6e6af072f2cfdc615b2c1805f98e", + "id": "eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", + "address": "0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", "accountType": "eoa", - "assignees": ["test-bOb-uid", "test-alicE-uid", "test-foo-uid", "test-bar-uid"], + "assignees": ["test-bob-uid", "test-alice-uid", "test-foo-uid", "test-bar-uid"], }, "eip155:eoa:0xbbbb208f219a6e6af072f2cfdc615b2c1805f98e": { - "id": "eip155:eoa:0xbbbb208f219a6e6af072F2cfdc615b2c1805f98e", - "address": "0xbbbb208f219a6e6af072f2cfdC615b2c1805f98e", + "id": "eip155:eoa:0xbbbb208f219a6e6af072f2cfdc615b2c1805f98e", + "address": "0xbbbb208f219a6e6af072f2cfdc615b2c1805f98e", "accountType": "eoa", - "assignees": ["test-Bob-uid", "test-alicE-uid", "test-foo-uid", "test-bar-uid", "0xAAA8ee1cbaa1856f4550c6fc24abb16c5c9b2a43"], + "assignees": ["test-bob-uid", "test-alice-uid", "test-foo-uid", "test-bar-uid", "0xaaa8ee1cbaa1856f4550c6fc24abb16c5c9b2a43"], }, }, "accountGroups": {"test-account-group-one-uid": { - "id": "test-account-group-ONE-uid", + "id": "test-account-group-one-uid", "name": "dev", - "accounts": ["eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", "eip155:eoa:0xbbBB208f219a6e6af072f2cfdc615b2c1805f98e"], + "accounts": ["eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", "eip155:eoa:0xbbbb208f219a6e6af072f2cfdc615b2c1805f98e"], }}, } diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/policies/approvals.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/policies/approvals.rego index 562ae51b7..7e174ef13 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/policies/approvals.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/policies/approvals.rego @@ -53,6 +53,7 @@ permit[{"policyId": "approvalByUserGroups"}] = reason { checkIntentAmount(transferValueCondition) approvals = checkApprovals(approvalsRequired) + reason = { "type": "permit", "policyId": "approvalByUserGroups", diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/policies/approvals_test.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/policies/approvals_test.rego index a38bdbb94..2a8c99c88 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/policies/approvals_test.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/policies/approvals_test.rego @@ -35,7 +35,7 @@ test_approvalByUserGroups { res = permit[{"policyId": "approvalByUserGroups"}] with input as approvalByUserGroupsReq with data.entities as entities - expected := { + res == { "approvalsMissing": [], "approvalsSatisfied": [{ "approvalCount": 2, @@ -46,7 +46,6 @@ test_approvalByUserGroups { "policyId": "approvalByUserGroups", "type": "permit", } - res == expected } test_approvalByUserRoles { diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/policies/spendings.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/policies/spendings.rego index a51f48ceb..0e4ac5162 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/policies/spendings.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/policies/spendings.rego @@ -93,6 +93,7 @@ forbid[{"policyId": "spendingLimitByUserGroup"}] = reason { }, "filters": {"userGroups": {"test-user-group-one-uid"}}, }) + reason = { "type": "forbid", "policyId": "spendingLimitByUserGroup", diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/utils_test.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/utils_test.rego index 930b6fa92..621c77cd3 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/utils_test.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/utils_test.rego @@ -1,22 +1,19 @@ package main -import data.armory.lib.chainAccount.build.extractAddressFromAccountId - test_transformIntentToTransferObject { res = transformIntentToTransferObject(input.intent) with input as requestWithEip1559Transaction with data.entities as entities - expected := { + res == { "amount": "1000000000000000000", "chainId": 137, - "from": "eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98E", - "initiatedBy": "test-bob-Uid", + "from": "eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", + "initiatedBy": "test-bob-uid", "rates": {"fiat:eur": "1.10", "fiat:usd": "0.99"}, - "resourceId": "eip155:eoa:0xDDcf208f219a6e6af072f2cfdc615b2c1805f98e", + "resourceId": "eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", "timestamp": nowSeconds * 1000, - "to": "eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7A3", - "token": "eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aA84174", + "to": "eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3", + "token": "eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174", } - res == expected } test_parseUnits { diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/approval.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/approval.rego index 2debb5592..1534a7b1e 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/approval.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/approval.rego @@ -1,14 +1,11 @@ package main -import data.armory.entities.get -import data.armory.lib.case.equalsIgnoreCase -import data.armory.lib.case.findCaseInsensitive import future.keywords.in getApprovalsCount(possibleApprovers) = result { matchedApprovers = {approval.userId | approval = input.approvals[_] - findCaseInsensitive(approval.userId, possibleApprovers) + approval.userId in possibleApprovers } result = count(matchedApprovers) } @@ -16,8 +13,6 @@ getApprovalsCount(possibleApprovers) = result { # User approvals checkApproval(approval) = result { - principal := get.user(input.principal.userId) - approval.countPrincipal == true approval.approvalEntityType == "Narval::User" possibleApprovers = {entity | entity = approval.entityIds[_]} | {principal.id} @@ -25,13 +20,11 @@ checkApproval(approval) = result { } checkApproval(approval) = result { - principal := get.user(input.principal.userId) - approval.countPrincipal == false approval.approvalEntityType == "Narval::User" possibleApprovers = {entity | entity = approval.entityIds[_] - equalsIgnoreCase(entity, principal.id) == false + entity != principal.id } result = getApprovalsCount(possibleApprovers) } @@ -39,13 +32,11 @@ checkApproval(approval) = result { # User group approvals checkApproval(approval) = result { - principal := get.user(input.principal.userId) - approval.countPrincipal == true approval.approvalEntityType == "Narval::UserGroup" possibleApprovers = {user | entity = approval.entityIds[_] - users = get.userGroups(entity).users + users = data.entities.userGroups[entity].users user = users[_] } | {principal.id} @@ -53,15 +44,13 @@ checkApproval(approval) = result { } checkApproval(approval) = result { - principal := get.user(input.principal.userId) - approval.countPrincipal == false approval.approvalEntityType == "Narval::UserGroup" possibleApprovers = {user | entity = approval.entityIds[_] - users = get.userGroups(entity).users + users = data.entities.userGroups[entity].users user = users[_] - equalsIgnoreCase(user, principal.id) == false + user != principal.id } result = getApprovalsCount(possibleApprovers) @@ -70,39 +59,29 @@ checkApproval(approval) = result { # User role approvals checkApproval(approval) = result { - principal := get.user(input.principal.userId) - approval.countPrincipal == true approval.approvalEntityType == "Narval::UserRole" - possibleApprovers := {user | - role := approval.entityIds[_] - users := get.usersByRole(role) - user := users[_] - } + possibleApprovers = {user.id | + user = data.entities.users[_] + user.role in approval.entityIds + } | {principal.id} result = getApprovalsCount(possibleApprovers) } checkApproval(approval) = result { - principal := get.user(input.principal.userId) - approval.countPrincipal == false approval.approvalEntityType == "Narval::UserRole" - role := approval.entityIds[_] - - possibleApprovers := {user | - role_id := approval.entityIds[_] - users := get.usersByRole(role_id) - user := users[_] - equalsIgnoreCase(user, principal.id) == false + possibleApprovers = {user.id | + user = data.entities.users[_] + user.role in approval.entityIds + user.id != principal.id } result = getApprovalsCount(possibleApprovers) } checkApprovals(approvals) = result { - principal := get.user(input.principal.userId) - approvalsMissing = [approval | approval = approvals[_] approvalCount = checkApproval(approval) diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/amount.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/amount.rego index 1a0b3a1cf..3338ad906 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/amount.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/amount.rego @@ -21,14 +21,14 @@ calculateIntentAmount(currency) = result { calculateIntentAmount(currency) = result { currency != wildcard token = input.intent.token - price = to_number(priceFeed[lower(token)][lower(currency)]) + price = to_number(priceFeed[token][currency]) result = intentAmount * price } calculateIntentAmount(currency) = result { currency != wildcard contract = input.intent.contract - price = to_number(priceFeed[lower(contract)][lower(currency)]) + price = to_number(priceFeed[contract][currency]) result = intentAmount * price } diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/destination.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/destination.rego index a8d0eace2..eba06db6d 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/destination.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/destination.rego @@ -1,25 +1,23 @@ package main -import data.armory.lib.case.findCaseInsensitive -import data.armory.lib.chainAccount.build import future.keywords.in checkDestinationId(values) { - destination = build.intentDestinationChainAccount(input.intent) - findCaseInsensitive(destination.id, values) + destination = getIntentDestinationChainAccount(input.intent) + destination.id in values } checkDestinationAddress(values) { - destination = build.intentDestinationChainAccount(input.intent) - findCaseInsensitive(destination.address, values) + destination = getIntentDestinationChainAccount(input.intent) + destination.address in values } checkDestinationAccountType(values) { - destination = build.intentDestinationChainAccount(input.intent) + destination = getIntentDestinationChainAccount(input.intent) destination.accountType in values } checkDestinationClassification(values) { - destination = build.intentDestinationChainAccount(input.intent) + destination = getIntentDestinationChainAccount(input.intent) destination.classification in values } diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/intent.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/intent.rego index 1163e89e3..77f38badb 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/intent.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/intent.rego @@ -1,6 +1,5 @@ package main -import data.armory.lib.case.findCaseInsensitive import future.keywords.in checkIntentType(values) { @@ -8,15 +7,15 @@ checkIntentType(values) { } checkIntentContract(values) { - findCaseInsensitive(input.intent.contract, values) + input.intent.contract in values } checkIntentToken(values) { - findCaseInsensitive(input.intent.token, values) + input.intent.token in values } checkIntentSpender(values) { - findCaseInsensitive(input.intent.spender, values) + input.intent.spender in values } checkIntentChainId(values) { @@ -24,7 +23,7 @@ checkIntentChainId(values) { } checkIntentHexSignature(values) { - findCaseInsensitive(input.intent.hexSignature, values) + input.intent.hexSignature in values } checkIntentAlgorithm(values) { diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/source.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/source.rego index f7f291a5d..f03df0d4c 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/source.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/source.rego @@ -1,26 +1,23 @@ package main -import data.armory.lib.case.findCaseInsensitive -import data.armory.lib.chainAccount.build - import future.keywords.in checkSourceId(values) { - source = build.intentSourceChainAccount(input.intent) - findCaseInsensitive(source.id, values) + source = getIntentSourceChainAccount(input.intent) + source.id in values } checkSourceAddress(values) { - source = build.intentSourceChainAccount(input.intent) - findCaseInsensitive(source.address, values) + source = getIntentSourceChainAccount(input.intent) + source.address in values } checkSourceAccountType(values) { - source = build.intentSourceChainAccount(input.intent) + source = getIntentSourceChainAccount(input.intent) source.accountType in values } checkSourceClassification(values) { - source = build.intentSourceChainAccount(input.intent) + source = getIntentSourceChainAccount(input.intent) source.classification in values } diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/userOperation/entryPoint.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/userOperation/entryPoint.rego index f860ec715..4ac68483b 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/userOperation/entryPoint.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/userOperation/entryPoint.rego @@ -1,18 +1,15 @@ package main -import data.armory.lib.case.findCaseInsensitive -import data.armory.lib.chainAccount.build.getEntryPoint import future.keywords.in checkEntryPointId(values) { entrypoint = getEntryPoint(input.intent) - print("entrypoint.id: ", entrypoint.id) - findCaseInsensitive(entrypoint.id, values) + entrypoint.id in values } checkEntryPointAddress(values) { entrypoint = getEntryPoint(input.intent) - findCaseInsensitive(entrypoint.address, values) + entrypoint.address in values } checkEntryPointAccountType(values) { diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/userOperation/intents/destination.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/userOperation/intents/destination.rego index 3beeea177..d2f3750b2 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/userOperation/intents/destination.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/userOperation/intents/destination.rego @@ -1,6 +1,5 @@ package main -import data.armory.lib.chainAccount.build.intentDestinationChainAccount import future.keywords.in checkUserOperationDestination(key, intent, condition) { @@ -8,6 +7,6 @@ checkUserOperationDestination(key, intent, condition) { } checkUserOperationDestination(key, intent, condition) { - destination = intentDestinationChainAccount(intent) + destination = getIntentDestinationChainAccount(intent) destination[key] in condition[key] } diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/userOperation/intents/source.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/userOperation/intents/source.rego index 68606d413..e40d2c037 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/userOperation/intents/source.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/intent/userOperation/intents/source.rego @@ -1,6 +1,5 @@ package main -import data.armory.lib.chainAccount.build import future.keywords.in checkUserOperationSource(key, intent, condition) { @@ -8,6 +7,6 @@ checkUserOperationSource(key, intent, condition) { } checkUserOperationSource(key, intent, condition) { - source = build.intentSourceChainAccount(intent) + source = getIntentSourceChainAccount(intent) source[key] in condition[key] } diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/permission.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/permission.rego index 0c5946250..f1fb882ff 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/permission.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/permission.rego @@ -1,12 +1,11 @@ package main -import data.armory.lib.case.findCaseInsensitive import future.keywords.every import future.keywords.in checkResource(values) { input.action in {actions.grantPermission} - findCaseInsensitive(input.resource.uid, values) + input.resource.uid in values } checkPermission(grantedPermission) { diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/principal.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/principal.rego index b1d41989f..034dc1c58 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/principal.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/principal.rego @@ -1,25 +1,18 @@ package main -import data.armory.lib.case.findCaseInsensitive -import data.armory.entities.get - import future.keywords.in -## Id are lowercased +principal = data.entities.users[input.principal.userId] + checkPrincipalId(values) { - principal := get.user(input.principal.userId) - findCaseInsensitive(principal.id, values) + principal.id in values } -## roles are constants checkPrincipalRole(values) { - principal := get.user(input.principal.userId) principal.role in values } -## Ids are lowercased checkPrincipalGroup(values) { - principalGroups := get.user(input.principal.userId).groups - some group in principalGroups - findCaseInsensitive(group, values) + group = principalGroups[_] + group in values } diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/resource.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/resource.rego index f69e9a214..7d8033702 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/resource.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/resource.rego @@ -1,38 +1,31 @@ package main -import data.armory.entities.get -import data.armory.lib.case.findCaseInsensitive - import future.keywords.in +resource = data.entities.accounts[input.resource.uid] + checkAccountAssigned { - principal := get.user(input.principal.userId) - resource := get.account(input.resource.uid) - findCaseInsensitive(principal.id, resource.assignees) + account = data.entities.accounts[resource.id] + principal.id in account.assignees } checkAccountId(values) { - resource := get.account(input.resource.uid) - findCaseInsensitive(resource.id, values) + resource.id in values } checkAccountAddress(values) { - resource := get.account(input.resource.uid) - findCaseInsensitive(resource.address, values) + resource.address in values } checkAccountType(values) { - resource := get.account(input.resource.uid) resource.accountType in values } checkAccountChainId(values) { - resource := get.account(input.resource.uid) numberToString(resource.chainId) in values } checkAccountGroup(values) { - resource := get.account(input.resource.uid) - group = resource.groups[_] - findCaseInsensitive(group, values) + group = accountGroups[_] + group in values } diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/spendingLimit.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/spendingLimit.rego index 8a029eb8a..2aba870d5 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/spendingLimit.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/spendingLimit.rego @@ -32,7 +32,7 @@ calculateTransferSpending(transfer, currency) = result { calculateTransferSpending(transfer, currency) = result { currency != wildcard - result = to_number(transfer.amount) * to_number(transfer.rates[lower(currency)]) + result = to_number(transfer.amount) * to_number(transfer.rates[currency]) } # Check Spendings diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/utils/__test__/chainAccount_test.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/util/__test__/account_test.rego similarity index 73% rename from apps/policy-engine/src/resource/open-policy-agent/rego/utils/__test__/chainAccount_test.rego rename to apps/policy-engine/src/resource/open-policy-agent/rego/util/__test__/account_test.rego index 402709734..dc0daa4e4 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/utils/__test__/chainAccount_test.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/util/__test__/account_test.rego @@ -1,9 +1,25 @@ package main -import data.armory.lib.chainAccount.build.intentDestinationChainAccount +test_getIntentDestinationChainAccount_looks_up_Accounts_by_intent_to_property { + getIntentDestinationChainAccount({ + "type": "transferERC20", + "from": "eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", + "to": "eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3", + "token": "eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174", + "amount": "200000000000000000", + }) with data.entities as { + "addressBook": {}, + "accounts": {"eip155:eoa:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3": { + "id": "eip155:eoa:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3", + "address": "0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3", + "accountType": "eoa", + "assignees": [], + }}, + } +} -test_intentDestinationChainAccount_returns_implicit_managed_AddressBook_for_EOA_Account_found { - entry = intentDestinationChainAccount({ +test_getIntentDestinationChainAccount_returns_implicit_managed_AddressBook_for_EOA_Account_found { + entry = getIntentDestinationChainAccount({ "type": "transferERC20", "from": "eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", "to": "eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3", @@ -26,12 +42,12 @@ test_intentDestinationChainAccount_returns_implicit_managed_AddressBook_for_EOA_ "classification": "managed", "accountType": "eoa", "assignees": [], - "groups": set(), + "accountGroups": set(), } } -test_intentDestinationChainAccount_returns_implicit_managed_AddressBook_for_smart_Account_found { - entry = intentDestinationChainAccount({ +test_getIntentDestinationChainAccount_returns_implicit_managed_AddressBook_for_smart_Account_found { + entry = getIntentDestinationChainAccount({ "type": "transferERC20", "from": "eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", "to": "eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3", @@ -55,12 +71,12 @@ test_intentDestinationChainAccount_returns_implicit_managed_AddressBook_for_smar "classification": "managed", "accountType": "4337", "assignees": [], - "groups": set(), + "accountGroups": set(), } } -test_intentDestinationChainAccount_looks_up_AddressBook_by_intent_to_property { - intentDestinationChainAccount({ +test_getIntentDestinationChainAccount_looks_up_AddressBook_by_intent_to_property { + getIntentDestinationChainAccount({ "type": "transferERC20", "from": "eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", "to": "eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3", @@ -77,8 +93,8 @@ test_intentDestinationChainAccount_looks_up_AddressBook_by_intent_to_property { } } -test_intentDestinationChainAccount_returns_AddressBook_over_Account { - entry = intentDestinationChainAccount({ +test_getIntentDestinationChainAccount_returns_AddressBook_over_Account { + entry = getIntentDestinationChainAccount({ "type": "transferERC20", "from": "eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", "to": "eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3", @@ -103,8 +119,8 @@ test_intentDestinationChainAccount_returns_AddressBook_over_Account { entry.classification == "internal" } -test_intentDestinationChainAccount_ignores_case_on_look_up { - entry = intentDestinationChainAccount({ +test_getIntentDestinationChainAccount_ignores_case_on_look_up { + entry = getIntentDestinationChainAccount({ "to": "eip155:1:0x76d1b7f9b3f69c435eef76a98a415332084a856f", "from": "eip155:1:0x0301e2724a40e934cce3345928b88956901aa127", "type": "transferNative", diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/utils/chainAccount.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/util/account.rego similarity index 62% rename from apps/policy-engine/src/resource/open-policy-agent/rego/utils/chainAccount.rego rename to apps/policy-engine/src/resource/open-policy-agent/rego/util/account.rego index 6226687ec..46248674f 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/utils/chainAccount.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/util/account.rego @@ -1,7 +1,6 @@ -package armory.lib.chainAccount.build +package main -import data.armory.entities.get -import data.armory.lib.case.equalsIgnoreCase +import data.armory.util.eth.isAddressEqual # EOA accounts are multichain by design. _getChainId(account, chainAccount) = chainId { @@ -30,8 +29,15 @@ parseChainAccount(accountId) = chainAccount { } } +getAccountFromAddress(address) = accountData { + account = data.entities.accounts[_] + isAddressEqual(account.address, address) == true + accountGroups = getAccountGroups(account.id) + accountData := object.union(account, {"accountGroups": accountGroups}) +} + # Build chainAccount by merging accountData and addressBookData -mergeAccountAndAddressBook(chainAccount, accountData, addressBookData) = built { +buildChainAccount(chainAccount, accountData, addressBookData) = built { addressBookData accountData @@ -44,18 +50,17 @@ mergeAccountAndAddressBook(chainAccount, accountData, addressBookData) = built { # TODO: @ptroger add addressBookGroups when implemented "accountType": accountData.accountType, "assignees": accountData.assignees, - "groups": accountData.groups, + "accountGroups": accountData.accountGroups, } } # Default source information when 'from' address is not found in account or address book -intentSourceChainAccount(intent) = source { +getIntentSourceChainAccount(intent) = source { intent.from chainAccount = parseChainAccount(intent.from) - get.account(chainAccount.address) == null - get.addressBookEntry(intent.from) == null - + not getAccountFromAddress(chainAccount.address) + not data.entities.addressBook[intent.from] source := { "id": intent.from, "address": chainAccount.address, @@ -67,12 +72,11 @@ intentSourceChainAccount(intent) = source { } # Get source information when there is only an account entry -intentSourceChainAccount(intent) = source { +getIntentSourceChainAccount(intent) = source { chainAccount = parseChainAccount(intent.from) - accountData := get.account(chainAccount.address) - get.addressBookEntry(intent.from) == null - + accountData := getAccountFromAddress(chainAccount.address) + not data.entities.addressBook[intent.from] source := { "id": chainAccount.id, "address": chainAccount.address, @@ -81,16 +85,16 @@ intentSourceChainAccount(intent) = source { # we can default to 'managed' because its in entities.accounts "accountType": accountData.accountType, "assignees": accountData.assignees, - "groups": accountData.groups, + "accountGroups": accountData.accountGroups, } } # Get source information when there is only an address book entry -intentSourceChainAccount(intent) = source { +getIntentSourceChainAccount(intent) = source { chainAccount = parseChainAccount(intent.from) - get.account(chainAccount.address) == null - addressBookData = get.addressBookEntry(intent.from) + not getAccountFromAddress(chainAccount.address) + addressBookData = data.entities.addressBook[intent.from] source := { "id": chainAccount.id, @@ -102,19 +106,19 @@ intentSourceChainAccount(intent) = source { } # Get source information when there is both an account and address book entry -intentSourceChainAccount(intent) = source { +getIntentSourceChainAccount(intent) = source { chainAccount = parseChainAccount(intent.from) - addressBookData = get.addressBookEntry(intent.from) - accountData = get.account(chainAccount.address) - source := mergeAccountAndAddressBook(chainAccount, accountData, addressBookData) + addressBookData = data.entities.addressBook[intent.from] + accountData = getAccountFromAddress(chainAccount.address) + source := buildChainAccount(chainAccount, accountData, addressBookData) } # Get destination information when there is neither account or address book entry, but an intent.to -intentDestinationChainAccount(intent) = destination { +getIntentDestinationChainAccount(intent) = destination { intent.to chainAccount = parseChainAccount(intent.to) - get.account(chainAccount.address) == null - get.addressBookEntry(intent.to) == null + not getAccountFromAddress(chainAccount.address) + not data.entities.addressBook[intent.to] destination := { "id": intent.to, "address": chainAccount.address, @@ -123,10 +127,12 @@ intentDestinationChainAccount(intent) = destination { } # Get destination information when there is only an account entry -intentDestinationChainAccount(intent) = destination { +getIntentDestinationChainAccount(intent) = destination { chainAccount = parseChainAccount(intent.to) - get.addressBookEntry(intent.to) == null - accountData = get.account(chainAccount.address) + + not data.entities.addressBook[intent.to] + accountData = getAccountFromAddress(chainAccount.address) + destination := { "id": chainAccount.id, "address": chainAccount.address, @@ -135,15 +141,15 @@ intentDestinationChainAccount(intent) = destination { # we can default to 'managed' because its in entities.accounts "accountType": accountData.accountType, "assignees": accountData.assignees, - "groups": accountData.groups, + "accountGroups": accountData.accountGroups, } } # Get destination information when there is only an address book entry -intentDestinationChainAccount(intent) = destination { +getIntentDestinationChainAccount(intent) = destination { chainAccount = parseChainAccount(intent.to) - get.account(chainAccount.address) == null - addressBookData = get.addressBookEntry(intent.to) + not getAccountFromAddress(chainAccount.address) + addressBookData = data.entities.addressBook[intent.to] destination := { "id": chainAccount.id, @@ -154,17 +160,14 @@ intentDestinationChainAccount(intent) = destination { } # Get destination information when there is both an account and address book entry -intentDestinationChainAccount(intent) = destination { - addressBookData = get.addressBookEntry(intent.to) +getIntentDestinationChainAccount(intent) = destination { + addressBookData = data.entities.addressBook[intent.to] chainAccount = parseChainAccount(intent.to) - accountData = get.account(chainAccount.address) + accountData = getAccountFromAddress(chainAccount.address) - destination := mergeAccountAndAddressBook(chainAccount, accountData, addressBookData) + destination := buildChainAccount(chainAccount, accountData, addressBookData) } -getEntryPoint(intent) = entrypoint { - entrypoint := get.account(intent.entrypoint) - entrypoint != null -} else = entrypoint { - entrypoint := get.addressBookEntry(intent.entrypoint) -} +getEntryPoint(intent) = data.entities.accounts[intent.entrypoint] + +getEntryPoint(intent) = data.entities.addressBook[intent.entrypoint] diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/util/entities.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/util/entities.rego new file mode 100644 index 000000000..3029bfce5 --- /dev/null +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/util/entities.rego @@ -0,0 +1,34 @@ +package main + +import future.keywords.in + +principalGroups = {group.id | + group = data.entities.userGroups[_] + input.principal.userId in group.users +} + +accountGroups = {group.id | + group = data.entities.accountGroups[_] + input.resource.uid in group.accounts +} + +approversRoles = {user.role | + approval = input.approvals[_] + user = data.entities.users[approval.userId] +} + +approversGroups = {group.id | + approval = input.approvals[_] + group = data.entities.userGroups[_] + approval.userId in group.users +} + +getAccountGroups(id) = {group.id | + group = data.entities.accountGroups[_] + id in group.accounts +} + +getUserGroups(id) = {group.id | + group = data.entities.userGroups[_] + id in group.users +} diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/util/eth.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/util/eth.rego new file mode 100644 index 000000000..3c86c44ae --- /dev/null +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/util/eth.rego @@ -0,0 +1,5 @@ +package armory.util.eth + +isAddressEqual(a, b) = result { + result := lower(a) == lower(b) +} diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/utils/number.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/util/number.rego similarity index 100% rename from apps/policy-engine/src/resource/open-policy-agent/rego/utils/number.rego rename to apps/policy-engine/src/resource/open-policy-agent/rego/util/number.rego diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/utils/time.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/util/time.rego similarity index 100% rename from apps/policy-engine/src/resource/open-policy-agent/rego/utils/time.rego rename to apps/policy-engine/src/resource/open-policy-agent/rego/util/time.rego diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/utils/transfers.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/util/transfers.rego similarity index 77% rename from apps/policy-engine/src/resource/open-policy-agent/rego/utils/transfers.rego rename to apps/policy-engine/src/resource/open-policy-agent/rego/util/transfers.rego index cf2b25631..d99410abc 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/utils/transfers.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/util/transfers.rego @@ -2,18 +2,12 @@ package main import future.keywords.in -import data.armory.entities.get -import data.armory.lib.case.equalsIgnoreCase -import data.armory.lib.case.findCaseInsensitive -import data.armory.lib.chainAccount.build.parseChainAccount +import data.armory.util.eth.isAddressEqual transformIntentToTransferObject(intent) = result { contract = intent.contract not priceFeed[contract] - resource := get.account(input.resource.uid) - principal := get.user(input.principal.userId) - result = { "amount": intent.amount, "resourceId": resource.id, @@ -27,15 +21,11 @@ transformIntentToTransferObject(intent) = result { } } -# Case 1: When token is not in priceFeed transformIntentToTransferObject(intent) = result { - token := intent.token - not priceFeed[lower(token)] - - resource := get.account(input.resource.uid) - principal := get.user(input.principal.userId) + token = intent.token + not priceFeed[token] - result := { + result = { "amount": intent.amount, "resourceId": resource.id, "from": intent.from, @@ -48,41 +38,32 @@ transformIntentToTransferObject(intent) = result { } } -# Case 2: When token is in priceFeed transformIntentToTransferObject(intent) = result { - token := intent.token - priceFeed[lower(token)] - - resource := get.account(input.resource.uid) - principal := get.user(input.principal.userId) + contract = intent.contract - result := { + result = { "amount": intent.amount, "resourceId": resource.id, "from": intent.from, "to": intent.to, - "token": token, - "rates": priceFeed[lower(token)], + "token": contract, + "rates": priceFeed[contract], "timestamp": nowSeconds * 1000, "chainId": input.transactionRequest.chainId, "initiatedBy": input.principal.userId, } } -# Case 3: When intent has a contract field instead of token transformIntentToTransferObject(intent) = result { - token := intent.contract + token = intent.token - resource := get.account(input.resource.uid) - principal := get.user(input.principal.userId) - - result := { + result = { "amount": intent.amount, "resourceId": resource.id, "from": intent.from, "to": intent.to, "token": token, - "rates": priceFeed[lower(token)], + "rates": priceFeed[token], "timestamp": nowSeconds * 1000, "chainId": input.transactionRequest.chainId, "initiatedBy": input.principal.userId, @@ -110,7 +91,7 @@ checkTransferCondition(value, set) { checkTransferCondition(value, set) { set != wildcard - findCaseInsensitive(value, set) + value in set } # Check By Principal @@ -120,9 +101,8 @@ checkTransferByPrincipal(initiator, perPrincipal) { } checkTransferByPrincipal(initiator, perPrincipal) { - principal := get.user(input.principal.userId) perPrincipal == true - equalsIgnoreCase(initiator, principal.id) + principal.id == initiator } # Check By User Groups @@ -133,32 +113,34 @@ checkTransferByUserGroups(userId, values) { checkTransferByUserGroups(userId, values) { values != wildcard - groups = get.user(userId).groups - group := groups[_] - res := findCaseInsensitive(group, values) + groups = getUserGroups(userId) + group = groups[_] + group in values } # Check By Account Groups + checkTransferByAccountGroups(accountId, values) { values == wildcard } ## if accountId is not an eoa id checkTransferByAccountGroups(chainAccountId, values) { - values != wildcard - - address := parseChainAccount(chainAccountId).address - groups := get.account(address).groups + chainAccount = parseChainAccount(chainAccountId) + account = data.entities.accounts[_] + isAddressEqual(account.address, chainAccount.address) == true - group := groups[_] - findCaseInsensitive(group, values) + values != wildcard + groups = getAccountGroups(account.id) + group = groups[_] + group in values } checkTransferByAccountGroups(accountId, values) { values != wildcard - groups = get.account(accountId).groups + groups = getAccountGroups(accountId) group = groups[_] - findCaseInsensitive(group, values) + group in values } # Check By Start Date diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/utils/__test__/entityQueries_test.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/utils/__test__/entityQueries_test.rego deleted file mode 100644 index 869677971..000000000 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/utils/__test__/entityQueries_test.rego +++ /dev/null @@ -1,135 +0,0 @@ -package main - -import data.armory.entities.get -import data.armory.lib.case.findCaseInsensitive - -test_account { - account := get.account("eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e") with data.entities as entities - - expected := { - "accountType": "eoa", - "address": "0xddcf208F219a6e6af072f2cfdc615b2c1805f98e", - "assignees": ["test-bOb-uid", "test-alicE-uid", "test-foo-uid", "test-bar-uid"], - "groups": {"test-account-group-ONE-uid"}, - "id": "eip155:eoa:0xDDcf208f219a6e6af072f2cfdc615b2c1805f98e", - } - account == expected - - # Test case insensitivity - account_upper := get.account("eip155:eoa:0xDDCF208F219a6e6af072f2cfdc615b2c1805f98e") with data.entities as entities - account == account_upper -} - -test_account_from_address { - account := get.account("0xddcf208F219a6e6af072f2cfdc615b2c1805f98e") with data.entities as entities - expected := { - "accountType": "eoa", - "address": "0xddcf208F219a6e6af072f2cfdc615b2c1805f98e", - "assignees": ["test-bOb-uid", "test-alicE-uid", "test-foo-uid", "test-bar-uid"], - "groups": {"test-account-group-ONE-uid"}, - "id": "eip155:eoa:0xDDcf208f219a6e6af072f2cfdc615b2c1805f98e", - } - account == expected - - # Test case insensitivity - account_upper := get.account("0xDDCF208F219a6e6af072f2cfdc615b2c1805f98e") with data.entities as entities - account == account_upper -} - -test_accountGroups { - # Test finding a group by ID - group := get.accountGroups("test-account-group-ONE-uid") with data.entities as entities - expected_group := { - "id": "test-account-group-ONE-uid", - "accounts": [ - "eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", - "eip155:eoa:0xbbBB208f219a6e6af072f2cfdc615b2c1805f98e", - ], - "name": "dev", - } - group == expected_group - - # Test case insensitivity - groups_upper := get.accountGroups("test-account-group-one-uid") with data.entities as entities - group == groups_upper - - # Test non-existent input - non_existent := get.accountGroups("unknown") with data.entities as entities - non_existent == null -} - -test_userGroups { - # Test finding a group by ID - group := get.userGroups("test-USER-group-one-uid") with data.entities as entities - expected_group := { - "id": "test-USER-group-one-uid", - "name": "dev", - "users": ["test-Bob-uid", "test-Bar-uid"], - } - group == expected_group - - # Test case insensitivity - groups_upper := get.userGroups("test-user-group-one-UID") with data.entities as entities - group == groups_upper - - # Test non-existent input - non_existent := get.userGroups("unknown") with data.entities as entities - non_existent == null -} - -test_addressBookEntry { - entry := get.addressBookEntry("eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3") with data.entities as entities - expected := { - "id": "eip155:137:0xA45E21e9370ba031c5e1f47dedca74a7ce2ed7a3", - "address": "0xa45e21E9370Ba031c5e1f47dedca74a7ce2ed7a3", - "chainId": 137, - "classification": "internal", - } - entry == expected - - # Test case insensitivity - entry_upper := get.addressBookEntry("EIP155:137:0xA45E21E9370ba031c5e1f47dedca74a7ce2ed7a3") with data.entities as entities - entry == entry_upper -} - -test_token { - token := get.token("eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174") with data.entities as entities - expected := { - "id": "eip155:137/erc20:0x2791bCA1f2de4661ed88a30c99a7a9449aa84174", - "address": "0x2791bca1f2de4661ED88a30c99a7a9449aa84174", - "symbol": "USDC", - "chainId": 137, - "decimals": 6, - } - - # Test case insensitivity - token_upper := get.token("EIP155:137/ERC20:0x2791BCA1f2de4661ed88a30c99a7a9449aa84174") with data.entities as entities - token == token_upper -} - -test_user { - user := get.user("test-bob-uid") with data.entities as entities - - user == { - "id": "test-BOB-uid", - "role": "root", - "groups": {"test-USER-group-one-uid", "test-USER-group-two-uid"}, - } - - # Test case insensitivity - user_upper := get.user("test-BOB-uid") with data.entities as entities - user == user_upper -} - -test_usersByRole { - root := get.usersByRole("root") with data.entities as entities - - root == {"test-BOB-uid"} - - admin := get.usersByRole("admin") with data.entities as entities - admin == { - "test-Bar-uid", - "test-Foo-uid", - "0xAAA8ee1cbaa1856f4550c6fc24abb16c5c9b2a43", - } -} diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/utils/case.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/utils/case.rego deleted file mode 100644 index eaf706214..000000000 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/utils/case.rego +++ /dev/null @@ -1,26 +0,0 @@ -package armory.lib.case - -import future.keywords.in - -## Case insensitive string comparison -## -## Example: -## equalsIgnoreCase("foo", "FOO") => true -## equalsIgnoreCase("foo", "bar") => false -## -## This should be use for every id and hex string comparison. -equalsIgnoreCase(a, b) = result { - result := lower(a) == lower(b) -} - -## Find a case-insensitive match in a SET -## -## Example: -## findCaseInsensitive("foo", {"bar", "foo", "baz"}) => true -## findCaseInsensitive("foo", {"bar", "baz"}) => false -## -findCaseInsensitive(needle, set) { - lowerNeedle := lower(needle) - some elem in set - lower(elem) == lowerNeedle -} diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/utils/entityQueries.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/utils/entityQueries.rego deleted file mode 100644 index 66f43e163..000000000 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/utils/entityQueries.rego +++ /dev/null @@ -1,355 +0,0 @@ -package armory.entities.get - -import data.armory.lib.case.equalsIgnoreCase -import data.armory.lib.case.findCaseInsensitive -import future.keywords.in - -# Helper function to find an account by its lowercased ID -accountById(id) = account { - account := data.entities.accounts[lower(id)] -} - -# Helper function to find an account by its address -# It returns the first account found with the given address - -## NOTE: When/if we actuallys support Smart Accounts, we will need to return all accounts with the given address -accountByAddress(address) = account { - account := {account | - account := data.entities.accounts[_] - equalsIgnoreCase(account.address, address) - }[_] -} - -## Account -## -## !! IMPORTANT !! -## This query finds an account by its ID or address. This works because currently we only support EOA accounts. -## If we support Smart Accounts in the future, this query will likely need to be splitted in two. -## -## Input: string -## Output: account object with its groups | null -## This function doesn't assumes wether the string is an ID or an address. It just tries its best to find an account giving a string. -## - It first treats string as an ID, and try to lookup at account index. -## - If not found, it treats string as an address, and try to find a matching address. -## -## 1st: It lookups the index. -## Index is created before evaluation lowercased. -## The ID passed to this function is lowercased before lookup. -## -## 2nd: It iterates through account and look the addresses. -## -## Example entity data: -## { -## "entities": { -## "accounts": { -## "eip155:eoa:0xabc": { -## "accountType": "eoa", -## "address": "abc", -## "assignees": ["bob", "alice"] -## "groups": {"dev"}, -## "id": "eip155:eoa:abc", -## }, -## "eip155:137:def": { -## "accountType": "4337", -## "address": "0xdef", -## "assignees": ["bob", "alice"] -## "groups": {"dev"}, -## "id": "eip155:137:0xdef", -## }, -## }, -## }, -## } -## -## -## get.account("eip155:eoa:0x123") -## RETURNS { -## "accountType": "eoa", -## "address": "0x123", -## "assignees": ["bob", "alice"] -## "groups": {"dev"}, -## "id": "eip155:eoa:0x123", -## } -## -## get.account("eip155:137:0x456") -## RETURNS { -## "accountType": "4337", -## "address": "0x456", -## "assignees": ["bob", "alice"] -## "groups": {"dev"}, -## "id": "eip155:137:0x456", -## } -## -## get.account("0x456") -## RETURNS { -## "accountType": "4337", -## "address": "0x456", -## "assignees": ["bob", "alice"] -## "groups": {"dev"}, -## "id": "eip155:137:0x456", -## } -## -## Query4: get.account("foo") => null -account(string) = accountData { - # First, try to find the account by ID - account := accountById(string) - accountGroups := groupsByAccount(account.id) - accountData := object.union(account, {"groups": accountGroups}) -} else = accountData { - # If not found by ID, try to find by address - account := accountByAddress(string) - accountGroups := groupsByAccount(account.id) - accountData := object.union(account, {"groups": accountGroups}) -} else = null - -# If not found by ID or address, return null - -## Account Groups -## -## Input: string -## Output: accountGroup object | null -## -## This function first tries to find an account group by its ID. -## -## Example entity data: -## { -## "entities": { -## "accountGroups": { -## "test-account-group-ONE-uid": { -## "id": "test-account-group-ONE-uid", -## "accounts": ["eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"], -## "name": "dev", -## }, -## }, -## }, -## } -## -## get.accountGroups("test-account-group-ONE-uid") -## RETURNS { -## "id": "test-account-group-ONE-uid", -## "accounts": ["eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"], -## "name": "dev", -## } -## -## -## get.accountGroups("unknown") -## RETURNS null -accountGroups(string) = group { - group := data.entities.accountGroups[lower(string)] -} else = null - -## Groups by Account -## -## Input: string -## Output: set of account group IDs | null -## -## This function returns a set of account group IDs that the account is a member of. -## -## get.groupsByAccount("eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e") -## RETURNS {"test-account-group-ONE-uid"} -## -## get.groupsByAccount("unknown") -## RETURNS {} -groupsByAccount(accountId) = groups { - groups := {group.id | - group := data.entities.accountGroups[_] - findCaseInsensitive(accountId, group.accounts) - } -} else = null - -## User Groups -## -## Input: string -## Output: userGroup object | null -## -## This function first tries to find a user group by its ID. -## -## Example entity data: -## { -## "entities": { -## "userGroups": { -## "test-user-group-one-uid": { -## "id": "test-USER-group-one-uid", -## "name": "dev", -## "users": ["test-Bob-uid", "test-Bar-uid"], -## }, -## }, -## }, -## } -## -## get.userGroups("test-USER-group-one-uid") -## RETURNS { -## "id": "test-USER-group-one-uid", -## "name": "dev", -## "users": ["test-Bob-uid", "test-Bar-uid"], -## } -## -## -## get.userGroups("unknown") -## RETURNS null -userGroups(string) = group { - group := data.entities.userGroups[lower(string)] -} else = null - -## Groups by User -## -## Input: string -## Output: set of user group IDs | null -## -## This function returns a set of user group IDs that the user is a member of. -## -## get.groupsByUser("test-bob-uid") -## RETURNS {"test-USER-group-one-uid"} -## -## get.groupsByUser("unknown") -## RETURNS {} -groupsByUser(userId) = groups { - groups := {group.id | - group := data.entities.userGroups[_] - findCaseInsensitive(userId, group.users) - } -} else = null - -## Address Book Entry -## -## Input: string -## Output: addressBookEntry object | null -## -## This function returns an address book entry. -## -## Example entity data: -## { -## "entities": { -## "addressBook": { -## "eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3": { -## "id": "eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3", -## "address": "0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3", -## "classification": "internal", -## "chainId": 137, -## }, -## }, -## }, -## } -## -## get.addressBookEntry("eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3") -## RETURNS { -## "id": "eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3", -## "address": "0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3", -## "classification": "internal", -## "chainId": 137, -## } -## -## Query2: get.addressBookEntry("eip155:137:0x123") -## RETURNS null -addressBookEntry(id) = entry { - entry := data.entities.addressBook[lower(id)] -} else = null - -## Token -## -## Input: string -## Output: token object | null -## -## This function returns a token. -## -## Example entity data: -## { -## "entities": { -## "tokens": { -## "eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174": { -## "id": "eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174", -## "address": "0x2791bca1f2de4661ed88a30c99a7a9449aa84174", -## "symbol": "USDC", -## "chainId": 137, -## "decimals": 6, -## }, -## }, -## }, -## } -## -## get.token("eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174") -## RETURNS { -## "id": "eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174", -## "address": "0x2791bca1f2de4661ed88a30c99a7a9449aa84174", -## "symbol": "USDC", -## "chainId": 137, -## "decimals": 6, -## } -## -## get.token("unknown") -## RETURNS null -token(id) = tokenData { - tokenData := data.entities.tokens[lower(id)] -} else = null - -## User -## -## Input: string -## Output: user object with groups | null -## -## This function returns a user. -## -## Example entity data: -## { -## "entities": { -## "users": { -## "test-bob-uid": { -## "id": "test-BOB-uid", -## "role": "root", -## }, -## }, -## "userGroups": { -## "test-user-group-one-uid": { -## "id": "test-USER-group-one-uid", -## "name": "dev", -## "users": ["test-bob-uid", "test-Bar-uid"], -## }, -## } -## -## get.user("test-bob-uid") -## RETURNS { -## "id": "test-BOB-uid", -## "role": "root", -## "groups": {"test-USER-group-one-uid"}, -## } -## -## get.user("unknown") -## RETURNS null -user(id) = userData { - user := data.entities.users[lower(id)] - groups := groupsByUser(user.id) - userData := object.union(user, {"groups": groups}) -} else = null - -## User by role -## -## Input: 'admin' | 'root' | 'member' | 'manager' | 'wildcard' -## Output: set of user IDs | null -## -## This function returns a set of user IDs that have the given role. -## -## Example entity data: -## { -## "entities": { -## "users": { -## "test-bob-uid": { -## "id": "test-BOB-uid", -## "role": "root", -## }, -## "test-alice-uid": { -## "id": "test-Alice-uid", -## "role": "member", -## }, -## }, -## } -## -## get.usersByRole("root") -## RETURNS {"test-BOB-uid"} -## -## get.usersByRole("admin") -## RETURNS null -usersByRole(role) = users { - users := {user.id | - user := data.entities.users[_] - user.role == role - } -} else = null diff --git a/packages/armory-sdk/src/lib/__test__/e2e/criterion/check-approvals.spec.ts b/packages/armory-sdk/src/lib/__test__/e2e/criterion/check-approvals.spec.ts index c54e8435f..7ff15a145 100644 --- a/packages/armory-sdk/src/lib/__test__/e2e/criterion/check-approvals.spec.ts +++ b/packages/armory-sdk/src/lib/__test__/e2e/criterion/check-approvals.spec.ts @@ -1,9 +1,9 @@ import { Action, Decision, entitiesSchema, FIXTURE, Request } from '@narval/policy-engine-shared' import { v4 } from 'uuid' -import defaultEntities from '../../resource/entity/test.default.json' -import twoAdminApproval from '../../resource/policy/checkApprovals/2-admin-approval-required.json' -import adminApproval from '../../resource/policy/checkApprovals/admin-approval-required.json' -import adminPermitAll from '../../resource/policy/checkPrincipalRole/admin-permit-all.json' +import defaultEntities from '../../../../resource/entity/test.default.json' +import twoAdminApproval from '../../../../resource/policy/checkApprovals/2-admin-approval-required.json' +import adminApproval from '../../../../resource/policy/checkApprovals/admin-approval-required.json' +import adminPermitAll from '../../../../resource/policy/checkPrincipalRole/admin-permit-all.json' import { buildAuthClient, buildPolicy, diff --git a/packages/armory-sdk/src/lib/__test__/e2e/criterion/check-rate-limit.spec.ts b/packages/armory-sdk/src/lib/__test__/e2e/criterion/check-rate-limit.spec.ts index 769246bb4..e04ee629d 100644 --- a/packages/armory-sdk/src/lib/__test__/e2e/criterion/check-rate-limit.spec.ts +++ b/packages/armory-sdk/src/lib/__test__/e2e/criterion/check-rate-limit.spec.ts @@ -1,8 +1,8 @@ import { Action, entitiesSchema, FIXTURE, Request } from '@narval/policy-engine-shared' import { v4 } from 'uuid' -import defaultEntities from '../../resource/entity/test.default.json' -import adminPermitAll from '../../resource/policy/checkPrincipalRole/admin-permit-all.json' -import memberTwoTransferPerDay from '../../resource/policy/checkRateLimit/members-2-transfer-per-day.json' +import defaultEntities from '../../../../resource/entity/test.default.json' +import adminPermitAll from '../../../../resource/policy/checkPrincipalRole/admin-permit-all.json' +import memberTwoTransferPerDay from '../../../../resource/policy/checkRateLimit/members-2-transfer-per-day.json' import { buildAuthClient, buildPolicy, diff --git a/packages/armory-sdk/src/lib/__test__/e2e/criterion/check-spending-limit.spec.ts b/packages/armory-sdk/src/lib/__test__/e2e/criterion/check-spending-limit.spec.ts index c5d2c29a9..453b50abf 100644 --- a/packages/armory-sdk/src/lib/__test__/e2e/criterion/check-spending-limit.spec.ts +++ b/packages/armory-sdk/src/lib/__test__/e2e/criterion/check-spending-limit.spec.ts @@ -1,9 +1,9 @@ import { Action, entitiesSchema, FIXTURE, Request } from '@narval/policy-engine-shared' import { v4 } from 'uuid' -import defaultEntities from '../../resource/entity/test.default.json' -import adminPermitAll from '../../resource/policy/checkPrincipalRole/admin-permit-all.json' -import treasuryMemberCanTransferOneEthFixed from '../../resource/policy/checkSpendingLimit/treasury-groupMember-can-transfer-1-eth-fixed.json' -import treasuryMemberCanTransferOneEthRolling from '../../resource/policy/checkSpendingLimit/treasury-groupMember-can-transfer-1-eth-rolling.json' +import defaultEntities from '../../../../resource/entity/test.default.json' +import adminPermitAll from '../../../../resource/policy/checkPrincipalRole/admin-permit-all.json' +import treasuryMemberCanTransferOneEthFixed from '../../../../resource/policy/checkSpendingLimit/treasury-groupMember-can-transfer-1-eth-fixed.json' +import treasuryMemberCanTransferOneEthRolling from '../../../../resource/policy/checkSpendingLimit/treasury-groupMember-can-transfer-1-eth-rolling.json' import { buildAuthClient, buildPolicy, diff --git a/packages/armory-sdk/src/lib/__test__/e2e/scenarii/address-book-management.spec.ts b/packages/armory-sdk/src/lib/__test__/e2e/scenarii/address-book-management.spec.ts index 07884f0ce..6398b94f6 100644 --- a/packages/armory-sdk/src/lib/__test__/e2e/scenarii/address-book-management.spec.ts +++ b/packages/armory-sdk/src/lib/__test__/e2e/scenarii/address-book-management.spec.ts @@ -11,8 +11,8 @@ import { AddressBookAddresses } from 'packages/policy-engine-shared/src/lib/dev. import { v4 } from 'uuid' import { Hex } from 'viem' import { generatePrivateKey, privateKeyToAccount } from 'viem/accounts' -import defaultEntities from '../../resource/entity/test.default.json' -import addressBookAndRoles from '../../resource/policy/set/address-book-and-roles.json' +import defaultEntities from '../../../../resource/entity/test.default.json' +import addressBookAndRoles from '../../../../resource/policy/set/address-book-and-roles.json' import { buildAuthClient, createClient, saveDataStore } from '../../util/setup' const TEST_TIMEOUT_MS = 30_000 diff --git a/packages/armory-sdk/src/lib/__test__/e2e/scenarii/approvals-and-spending-limit.spec.ts b/packages/armory-sdk/src/lib/__test__/e2e/scenarii/approvals-and-spending-limit.spec.ts index fd8a43e7a..6484b3b2c 100644 --- a/packages/armory-sdk/src/lib/__test__/e2e/scenarii/approvals-and-spending-limit.spec.ts +++ b/packages/armory-sdk/src/lib/__test__/e2e/scenarii/approvals-and-spending-limit.spec.ts @@ -1,8 +1,8 @@ /* eslint-disable jest/consistent-test-it */ import { Action, Decision, entitiesSchema, FIXTURE, policySchema, Request } from '@narval/policy-engine-shared' import { v4 } from 'uuid' -import defaultEntities from '../../resource/entity/test.default.json' -import approvalsAndSpendingLimit from '../../resource/policy/set/approvals-and-spending-limit.json' +import defaultEntities from '../../../../resource/entity/test.default.json' +import approvalsAndSpendingLimit from '../../../../resource/policy/set/approvals-and-spending-limit.json' import { buildAuthClient, createClient, saveDataStore } from '../../util/setup' const TEST_TIMEOUT_MS = 30_000 diff --git a/packages/armory-sdk/src/lib/__test__/e2e/scenarii/defi-interactions.spec.ts b/packages/armory-sdk/src/lib/__test__/e2e/scenarii/defi-interactions.spec.ts index 285d289b0..fcb41a2b8 100644 --- a/packages/armory-sdk/src/lib/__test__/e2e/scenarii/defi-interactions.spec.ts +++ b/packages/armory-sdk/src/lib/__test__/e2e/scenarii/defi-interactions.spec.ts @@ -8,8 +8,8 @@ import { Request } from '@narval/policy-engine-shared' import { v4 } from 'uuid' -import defiEntities from '../../resource/entity/defi-interaction.json' -import defiInteractionPolicy from '../../resource/policy/set/defi-interaction.json' +import defiEntities from '../../../../resource/entity/defi-interaction.json' +import defiInteractionPolicy from '../../../../resource/policy/set/defi-interaction.json' import { buildAuthClient, createClient, saveDataStore } from '../../util/setup' const TEST_TIMEOUT_MS = 30_000 diff --git a/packages/armory-sdk/src/lib/__test__/e2e/scenarii/tiered-eth-transfer-policy.spec.ts b/packages/armory-sdk/src/lib/__test__/e2e/scenarii/tiered-eth-transfer-policy.spec.ts index d162947e3..40f711418 100644 --- a/packages/armory-sdk/src/lib/__test__/e2e/scenarii/tiered-eth-transfer-policy.spec.ts +++ b/packages/armory-sdk/src/lib/__test__/e2e/scenarii/tiered-eth-transfer-policy.spec.ts @@ -1,8 +1,8 @@ /* eslint-disable jest/consistent-test-it */ import { Action, Decision, entitiesSchema, FIXTURE, policySchema, Request, toHex } from '@narval/policy-engine-shared' import { v4 } from 'uuid' -import defaultEntities from '../../resource/entity/test.default.json' -import tieredEthTransfer from '../../resource/policy/set/tiered-eth-transfer.json' +import defaultEntities from '../../../../resource/entity/test.default.json' +import tieredEthTransfer from '../../../../resource/policy/set/tiered-eth-transfer.json' import { buildAuthClient, createClient, saveDataStore } from '../../util/setup' const TEST_TIMEOUT_MS = 30_000