biscuit-auth/biscuit
1
1
Fork 0
mirror of https://github.com/biscuit-auth/biscuit.git synced 2024-09-11 06:15:30 +03:00
Code Issues Packages Projects Releases Wiki Activity

start updating the schema for v2

Browse Source 
- remove v0 compatibility
- convert v1 to v2
- remove the index from blocks (now the cryptographisc design guarantees
the order
This commit is contained in:
Geoffroy Couprie 2021-09-03 21:58:14 +02:00
parent d91e055156
commit 264dbb0aa4
22 changed files with 212 additions and 353 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

228
samples/v2/README.md
View File

@ -10,9 +10,9 @@ biscuit2 (1 check):
```
Biscuit {
symbols: ["authority", "ambient", "resource", "operation", "right", "current_time", "revocation_id", "read", "write", "check1", "0"]
authority: Block[0] {
authority: Block {
symbols: ["read", "write"]
version: 1
version: 2
context: ""
facts: [
right(#authority, "file1", #read),
@ -23,9 +23,9 @@ Biscuit {
checks: []
}
blocks: [
Block[1] {
Block {
symbols: ["check1", "0"]
version: 1
version: 2
context: ""
facts: []
rules: []
@ -42,13 +42,13 @@ verifier world:
World {
facts: {
"resource(#ambient, \"file1\")",
"revocation_id(0, hex:415b9d4bcfbcc052eb30b66bed5151a7291bd3ededa8679140753f97d9a0b3e6)",
"revocation_id(1, hex:057ef57833aac9fb405ba1abadca1b088f2557700ea2004c79004ea688abeb47)",
"revocation_id(0, hex:2d41aa8d0131f0a9f171ae849f99f78461157101001752852e1731281ad460b3)",
"revocation_id(1, hex:601083ff09e19882d762976dbb9bc98851439052e8c1bf3da1f32718a5a57eed)",
"right(#authority, \"file1\", #read)",
"right(#authority, \"file1\", #write)",
"right(#authority, \"file2\", #read)",
"unique_revocation_id(0, hex:415b9d4bcfbcc052eb30b66bed5151a7291bd3ededa8679140753f97d9a0b3e6)",
"unique_revocation_id(1, hex:057ef57833aac9fb405ba1abadca1b088f2557700ea2004c79004ea688abeb47)",
"unique_revocation_id(0, hex:2d41aa8d0131f0a9f171ae849f99f78461157101001752852e1731281ad460b3)",
"unique_revocation_id(1, hex:601083ff09e19882d762976dbb9bc98851439052e8c1bf3da1f32718a5a57eed)",
}
privileged rules: {}
rules: {}
@ -70,9 +70,9 @@ biscuit2 (1 check):
```
Biscuit {
symbols: ["authority", "ambient", "resource", "operation", "right", "current_time", "revocation_id", "read", "check1", "0"]
authority: Block[0] {
authority: Block {
symbols: ["read"]
version: 1
version: 2
context: ""
facts: [
right(#authority, "file1", #read)
@ -81,9 +81,9 @@ Biscuit {
checks: []
}
blocks: [
Block[1] {
Block {
symbols: ["check1", "0"]
version: 1
version: 2
context: ""
facts: []
rules: []
@ -106,9 +106,9 @@ biscuit2 (1 check):
```
Biscuit {
symbols: ["authority", "ambient", "resource", "operation", "right", "current_time", "revocation_id", "read", "write", "check1", "0"]
authority: Block[0] {
authority: Block {
symbols: ["read", "write"]
version: 1
version: 2
context: ""
facts: [
right(#authority, "file1", #read),
@ -119,9 +119,9 @@ Biscuit {
checks: []
}
blocks: [
Block[1] {
Block {
symbols: ["check1", "0"]
version: 1
version: 2
context: ""
facts: []
rules: []
@ -144,9 +144,9 @@ biscuit2 (1 check):
```
Biscuit {
symbols: ["authority", "ambient", "resource", "operation", "right", "current_time", "revocation_id", "read", "write", "check1", "0"]
authority: Block[0] {
authority: Block {
symbols: ["read", "write"]
version: 1
version: 2
context: ""
facts: [
right(#authority, "file1", #read),
@ -157,9 +157,9 @@ Biscuit {
checks: []
}
blocks: [
Block[1] {
Block {
symbols: ["check1", "0"]
version: 1
version: 2
context: ""
facts: []
rules: []
@ -182,9 +182,9 @@ biscuit2 (1 check):
```
Biscuit {
symbols: ["authority", "ambient", "resource", "operation", "right", "current_time", "revocation_id", "read", "write", "check1", "0"]
authority: Block[0] {
authority: Block {
symbols: ["read", "write"]
version: 1
version: 2
context: ""
facts: [
right(#authority, "file1", #read),
@ -195,9 +195,9 @@ Biscuit {
checks: []
}
blocks: [
Block[1] {
Block {
symbols: ["check1", "0"]
version: 1
version: 2
context: ""
facts: []
rules: []
@ -220,9 +220,9 @@ biscuit2 (1 check):
```
Biscuit {
symbols: ["authority", "ambient", "resource", "operation", "right", "current_time", "revocation_id", "read", "write", "check1", "0"]
authority: Block[0] {
authority: Block {
symbols: ["read", "write"]
version: 1
version: 2
context: ""
facts: [
right(#authority, "file1", #read),
@ -233,9 +233,9 @@ Biscuit {
checks: []
}
blocks: [
Block[1] {
Block {
symbols: ["check1", "0"]
version: 1
version: 2
context: ""
facts: []
rules: []
@ -251,9 +251,9 @@ biscuit3 (2 checks):
```
Biscuit {
symbols: ["authority", "ambient", "resource", "operation", "right", "current_time", "revocation_id", "read", "write", "check1", "0", "check2"]
authority: Block[0] {
authority: Block {
symbols: ["read", "write"]
version: 1
version: 2
context: ""
facts: [
right(#authority, "file1", #read),
@ -264,9 +264,9 @@ Biscuit {
checks: []
}
blocks: [
Block[1] {
Block {
symbols: ["check1", "0"]
version: 1
version: 2
context: ""
facts: []
rules: []
@ -274,9 +274,9 @@ Biscuit {
check if resource(#ambient, $0), operation(#ambient, #read), right(#authority, $0, #read)
]
},
Block[2] {
Block {
symbols: ["check2"]
version: 1
version: 2
context: ""
facts: []
rules: []
@ -299,9 +299,9 @@ biscuit2 (1 check):
```
Biscuit {
symbols: ["authority", "ambient", "resource", "operation", "right", "current_time", "revocation_id", "read", "write", "check1", "0"]
authority: Block[0] {
authority: Block {
symbols: ["read"]
version: 1
version: 2
context: ""
facts: [
right(#authority, "file1", #read)
@ -310,9 +310,9 @@ Biscuit {
checks: []
}
blocks: [
Block[1] {
Block {
symbols: ["write", "check1", "0"]
version: 1
version: 2
context: ""
facts: [
right(#authority, "file1", #write)
@ -337,9 +337,9 @@ biscuit2 (1 check):
```
Biscuit {
symbols: ["authority", "ambient", "resource", "operation", "right", "current_time", "revocation_id", "read", "write", "check1", "0"]
authority: Block[0] {
authority: Block {
symbols: ["read"]
version: 1
version: 2
context: ""
facts: [
right(#authority, "file1", #read)
@ -348,9 +348,9 @@ Biscuit {
checks: []
}
blocks: [
Block[1] {
Block {
symbols: ["write", "check1", "0"]
version: 1
version: 2
context: ""
facts: [
right(#ambient, "file1", #write)
@ -375,18 +375,18 @@ biscuit2 (1 check):
```
Biscuit {
symbols: ["authority", "ambient", "resource", "operation", "right", "current_time", "revocation_id", "check1", "expiration", "date", "time"]
authority: Block[0] {
authority: Block {
symbols: []
version: 1
version: 2
context: ""
facts: []
rules: []
checks: []
}
blocks: [
Block[1] {
Block {
symbols: ["check1", "expiration", "date", "time"]
version: 1
version: 2
context: ""
facts: []
rules: []
@ -405,11 +405,11 @@ World {
facts: {
"operation(#ambient, #read)",
"resource(#ambient, \"file1\")",
"revocation_id(0, hex:96123a8ee182336c4c63ad29f2b23549020da2a90841ac63ccec4c20413753b0)",
"revocation_id(1, hex:60e6f54cb7a20ee0859495abe176da0306dfe91b4ee270244dfecf954da340bb)",
"revocation_id(0, hex:97d9502fe0963f757c0f7e20e7d3a07b13f762c206c77506f4bd60af68565ce1)",
"revocation_id(1, hex:5ccf80411f761b01c08783efede6b86898b920107507bd500c3854c8fe451f35)",
"time(#ambient, SystemTime { tv_sec: 1608542592, tv_nsec: 0 })",
"unique_revocation_id(0, hex:96123a8ee182336c4c63ad29f2b23549020da2a90841ac63ccec4c20413753b0)",
"unique_revocation_id(1, hex:60e6f54cb7a20ee0859495abe176da0306dfe91b4ee270244dfecf954da340bb)",
"unique_revocation_id(0, hex:97d9502fe0963f757c0f7e20e7d3a07b13f762c206c77506f4bd60af68565ce1)",
"unique_revocation_id(1, hex:5ccf80411f761b01c08783efede6b86898b920107507bd500c3854c8fe451f35)",
}
privileged rules: {}
rules: {}
@ -432,9 +432,9 @@ biscuit2 (1 check):
```
Biscuit {
symbols: ["authority", "ambient", "resource", "operation", "right", "current_time", "revocation_id", "1", "read", "owner", "0", "write", "check1", "check2", "alice"]
authority: Block[0] {
authority: Block {
symbols: ["1", "read", "owner", "0", "write"]
version: 1
version: 2
context: ""
facts: []
rules: [
@ -444,9 +444,9 @@ Biscuit {
checks: []
}
blocks: [
Block[1] {
Block {
symbols: ["check1", "check2", "alice"]
version: 1
version: 2
context: ""
facts: []
rules: []
@ -466,12 +466,12 @@ World {
"operation(#ambient, #read)",
"owner(#ambient, #alice, \"file1\")",
"resource(#ambient, \"file1\")",
"revocation_id(0, hex:7b1c49cfd08df0bca951d50aa6f5062db8e4decce6713974186abd050382ab67)",
"revocation_id(1, hex:c5fdfd4294c92dca9f14fa659c45c811828853bf913e71a5d18ef9eecd7a6cab)",
"revocation_id(0, hex:615c86ed96ffb3e756cee9a922facef14e7ceedd7833a22474ffa69986a02aab)",
"revocation_id(1, hex:f5948d6b975b1f2e2571557588435445eeb088f6634c54247f0bc267bd11bc2a)",
"right(#authority, \"file1\", #read)",
"right(#authority, \"file1\", #write)",
"unique_revocation_id(0, hex:7b1c49cfd08df0bca951d50aa6f5062db8e4decce6713974186abd050382ab67)",
"unique_revocation_id(1, hex:c5fdfd4294c92dca9f14fa659c45c811828853bf913e71a5d18ef9eecd7a6cab)",
"unique_revocation_id(0, hex:615c86ed96ffb3e756cee9a922facef14e7ceedd7833a22474ffa69986a02aab)",
"unique_revocation_id(1, hex:f5948d6b975b1f2e2571557588435445eeb088f6634c54247f0bc267bd11bc2a)",
}
privileged rules: {
"right(#authority, $1, #read) <- resource(#ambient, $1), owner(#ambient, $0, $1)",
@ -497,9 +497,9 @@ biscuit:
```
Biscuit {
symbols: ["authority", "ambient", "resource", "operation", "right", "current_time", "revocation_id", "read"]
authority: Block[0] {
authority: Block {
symbols: ["read"]
version: 1
version: 2
context: ""
facts: [
right(#authority, "file1", #read)
@ -519,9 +519,9 @@ World {
facts: {
"operation(#ambient, #read)",
"resource(#ambient, \"file2\")",
"revocation_id(0, hex:f3db615323f48dc225b793ec494c30c1d4a800ec8299aa7558fe769803f1446b)",
"revocation_id(0, hex:74d206f233bdcadbb6a8bdca0303b0520d75f94944f0dfc1d3b8edb0b3200b53)",
"right(#authority, \"file1\", #read)",
"unique_revocation_id(0, hex:f3db615323f48dc225b793ec494c30c1d4a800ec8299aa7558fe769803f1446b)",
"unique_revocation_id(0, hex:74d206f233bdcadbb6a8bdca0303b0520d75f94944f0dfc1d3b8edb0b3200b53)",
}
privileged rules: {}
rules: {}
@ -543,9 +543,9 @@ biscuit:
```
Biscuit {
symbols: ["authority", "ambient", "resource", "operation", "right", "current_time", "revocation_id", "check1"]
authority: Block[0] {
authority: Block {
symbols: ["check1"]
version: 1
version: 2
context: ""
facts: []
rules: []
@ -565,8 +565,8 @@ World {
facts: {
"operation(#ambient, #read)",
"resource(#ambient, \"file1\")",
"revocation_id(0, hex:a6d33a7c61185cc962a4100d17176b72a60e95490af7c3cccbd244f3cce02b85)",
"unique_revocation_id(0, hex:a6d33a7c61185cc962a4100d17176b72a60e95490af7c3cccbd244f3cce02b85)",
"revocation_id(0, hex:6da467f30421f10f2bdd7eacb3ed3ce0741757c1afa8da1775f376dba88a5683)",
"unique_revocation_id(0, hex:6da467f30421f10f2bdd7eacb3ed3ce0741757c1afa8da1775f376dba88a5683)",
}
privileged rules: {}
rules: {}
@ -585,8 +585,8 @@ World {
facts: {
"operation(#ambient, #read)",
"resource(#ambient, \"file2\")",
"revocation_id(0, hex:a6d33a7c61185cc962a4100d17176b72a60e95490af7c3cccbd244f3cce02b85)",
"unique_revocation_id(0, hex:a6d33a7c61185cc962a4100d17176b72a60e95490af7c3cccbd244f3cce02b85)",
"revocation_id(0, hex:6da467f30421f10f2bdd7eacb3ed3ce0741757c1afa8da1775f376dba88a5683)",
"unique_revocation_id(0, hex:6da467f30421f10f2bdd7eacb3ed3ce0741757c1afa8da1775f376dba88a5683)",
}
privileged rules: {}
rules: {}
@ -608,9 +608,9 @@ biscuit2 (1 check):
```
Biscuit {
symbols: ["authority", "ambient", "resource", "operation", "right", "current_time", "revocation_id", "read", "valid_date", "time", "0", "1", "check1"]
authority: Block[0] {
authority: Block {
symbols: ["read"]
version: 1
version: 2
context: ""
facts: [
right(#authority, "file1", #read),
@ -620,9 +620,9 @@ Biscuit {
checks: []
}
blocks: [
Block[1] {
Block {
symbols: ["valid_date", "time", "0", "1", "check1"]
version: 1
version: 2
context: ""
facts: []
rules: [
@ -642,13 +642,13 @@ verifier world:
World {
facts: {
"resource(#ambient, \"file1\")",
"revocation_id(0, hex:d0e882a6d2405213cc7a8f2ac3f0041fecbf535177b6a6b4a581b48783a9d19b)",
"revocation_id(1, hex:cab9e5395e49e41c53c3418796f73379a167d9c2d1504c99dac5e9bb06ec02cc)",
"revocation_id(0, hex:9a30e5b4f22cdffd389bd06c77c8ef1912604b4ebe3f0de7ceea9f4ddb571da5)",
"revocation_id(1, hex:35dc6e409f6582a669f0d41bf3cd9aa837a19764f0262e3dd8b6d2bdacee5b82)",
"right(#authority, \"file1\", #read)",
"right(#authority, \"file2\", #read)",
"time(#ambient, SystemTime { tv_sec: 1608542592, tv_nsec: 0 })",
"unique_revocation_id(0, hex:d0e882a6d2405213cc7a8f2ac3f0041fecbf535177b6a6b4a581b48783a9d19b)",
"unique_revocation_id(1, hex:cab9e5395e49e41c53c3418796f73379a167d9c2d1504c99dac5e9bb06ec02cc)",
"unique_revocation_id(0, hex:9a30e5b4f22cdffd389bd06c77c8ef1912604b4ebe3f0de7ceea9f4ddb571da5)",
"unique_revocation_id(1, hex:35dc6e409f6582a669f0d41bf3cd9aa837a19764f0262e3dd8b6d2bdacee5b82)",
"valid_date(\"file1\")",
}
privileged rules: {}
@ -670,13 +670,13 @@ verifier world:
World {
facts: {
"resource(#ambient, \"file2\")",
"revocation_id(0, hex:d0e882a6d2405213cc7a8f2ac3f0041fecbf535177b6a6b4a581b48783a9d19b)",
"revocation_id(1, hex:cab9e5395e49e41c53c3418796f73379a167d9c2d1504c99dac5e9bb06ec02cc)",
"revocation_id(0, hex:9a30e5b4f22cdffd389bd06c77c8ef1912604b4ebe3f0de7ceea9f4ddb571da5)",
"revocation_id(1, hex:35dc6e409f6582a669f0d41bf3cd9aa837a19764f0262e3dd8b6d2bdacee5b82)",
"right(#authority, \"file1\", #read)",
"right(#authority, \"file2\", #read)",
"time(#ambient, SystemTime { tv_sec: 1608542592, tv_nsec: 0 })",
"unique_revocation_id(0, hex:d0e882a6d2405213cc7a8f2ac3f0041fecbf535177b6a6b4a581b48783a9d19b)",
"unique_revocation_id(1, hex:cab9e5395e49e41c53c3418796f73379a167d9c2d1504c99dac5e9bb06ec02cc)",
"unique_revocation_id(0, hex:9a30e5b4f22cdffd389bd06c77c8ef1912604b4ebe3f0de7ceea9f4ddb571da5)",
"unique_revocation_id(1, hex:35dc6e409f6582a669f0d41bf3cd9aa837a19764f0262e3dd8b6d2bdacee5b82)",
}
privileged rules: {}
rules: {
@ -701,9 +701,9 @@ biscuit:
```
Biscuit {
symbols: ["authority", "ambient", "resource", "operation", "right", "current_time", "revocation_id", "resource_match", "0"]
authority: Block[0] {
authority: Block {
symbols: ["resource_match", "0"]
version: 1
version: 2
context: ""
facts: []
rules: []
@ -722,8 +722,8 @@ verifier world:
World {
facts: {
"resource(#ambient, \"file1\")",
"revocation_id(0, hex:1da4cd4d7c60491948662acc237bb10599c6046e1ef09a867267b5e039a4d1b6)",
"unique_revocation_id(0, hex:1da4cd4d7c60491948662acc237bb10599c6046e1ef09a867267b5e039a4d1b6)",
"revocation_id(0, hex:7d04d352cd30ad2875f003ff2ccc57dc7ec39763f3a823f87c9e26bf40b0310d)",
"unique_revocation_id(0, hex:7d04d352cd30ad2875f003ff2ccc57dc7ec39763f3a823f87c9e26bf40b0310d)",
}
privileged rules: {}
rules: {}
@ -741,8 +741,8 @@ verifier world:
World {
facts: {
"resource(#ambient, \"file123.txt\")",
"revocation_id(0, hex:1da4cd4d7c60491948662acc237bb10599c6046e1ef09a867267b5e039a4d1b6)",
"unique_revocation_id(0, hex:1da4cd4d7c60491948662acc237bb10599c6046e1ef09a867267b5e039a4d1b6)",
"revocation_id(0, hex:7d04d352cd30ad2875f003ff2ccc57dc7ec39763f3a823f87c9e26bf40b0310d)",
"unique_revocation_id(0, hex:7d04d352cd30ad2875f003ff2ccc57dc7ec39763f3a823f87c9e26bf40b0310d)",
}
privileged rules: {}
rules: {}
@ -764,9 +764,9 @@ biscuit:
```
Biscuit {
symbols: ["authority", "ambient", "resource", "operation", "right", "current_time", "revocation_id", "must_be_present"]
authority: Block[0] {
authority: Block {
symbols: ["must_be_present"]
version: 1
version: 2
context: ""
facts: [
must_be_present(#authority, "hello")
@ -785,8 +785,8 @@ verifier world:
World {
facts: {
"must_be_present(#authority, \"hello\")",
"revocation_id(0, hex:128099942c46fc6a4f9a8f8f0cc5d8b70c4d55d834255ef6065b62c967eef50c)",
"unique_revocation_id(0, hex:128099942c46fc6a4f9a8f8f0cc5d8b70c4d55d834255ef6065b62c967eef50c)",
"revocation_id(0, hex:a869933238d941c3c6fd2a6949844a35727741e04865faf66ebdeb0e2cadab40)",
"unique_revocation_id(0, hex:a869933238d941c3c6fd2a6949844a35727741e04865faf66ebdeb0e2cadab40)",
}
privileged rules: {}
rules: {}
@ -808,9 +808,9 @@ biscuit:
```
Biscuit {
symbols: ["authority", "ambient", "resource", "operation", "right", "current_time", "revocation_id", "check1", "test", "hello"]
authority: Block[0] {
authority: Block {
symbols: ["check1", "test", "hello"]
version: 1
version: 2
context: ""
facts: []
rules: []
@ -819,9 +819,9 @@ Biscuit {
]
}
blocks: [
Block[1] {
Block {
symbols: []
version: 1
version: 2
context: ""
facts: [
check1(#test)
@ -838,10 +838,10 @@ verifier world:
World {
facts: {
"check1(#test)",
"revocation_id(0, hex:08321b952cecd6cc7ca5d3493ae391e44fcf3d3d55e63aa7e8b098217b7736c3)",
"revocation_id(1, hex:e166c05f9ec0632fe286df76048a527a621d7ca08e2cd9f3995b4ee33b1e001c)",
"unique_revocation_id(0, hex:08321b952cecd6cc7ca5d3493ae391e44fcf3d3d55e63aa7e8b098217b7736c3)",
"unique_revocation_id(1, hex:e166c05f9ec0632fe286df76048a527a621d7ca08e2cd9f3995b4ee33b1e001c)",
"revocation_id(0, hex:4a366515e159a7577166d8158bdca3c0bb39cbabb4988824ad0c9aab5d3ea402)",
"revocation_id(1, hex:2e8c19fefac5e54b7a8e21bb40eaf8aac70909e48f22c388ebb8cc742065d1dc)",
"unique_revocation_id(0, hex:4a366515e159a7577166d8158bdca3c0bb39cbabb4988824ad0c9aab5d3ea402)",
"unique_revocation_id(1, hex:2e8c19fefac5e54b7a8e21bb40eaf8aac70909e48f22c388ebb8cc742065d1dc)",
}
privileged rules: {}
rules: {}
@ -863,9 +863,9 @@ biscuit:
```
Biscuit {
symbols: ["authority", "ambient", "resource", "operation", "right", "current_time", "revocation_id", "query", "abc", "hello", "world"]
authority: Block[0] {
authority: Block {
symbols: ["query", "abc", "hello", "world"]
version: 1
version: 2
context: ""
facts: []
rules: []
@ -911,8 +911,8 @@ validation:
verifier world:
World {
facts: {
"revocation_id(0, hex:09b4fab17d84885149e416bf10990d19b918a02854acd9ad96494994735cd25d)",
"unique_revocation_id(0, hex:09b4fab17d84885149e416bf10990d19b918a02854acd9ad96494994735cd25d)",
"revocation_id(0, hex:fde35e855f6e4a1037e6698d3085bef54a71093dc06c2f2a2027e7c126a340d8)",
"unique_revocation_id(0, hex:fde35e855f6e4a1037e6698d3085bef54a71093dc06c2f2a2027e7c126a340d8)",
}
privileged rules: {}
rules: {}
@ -961,9 +961,9 @@ biscuit2 (1 check):
```
Biscuit {
symbols: ["authority", "ambient", "resource", "operation", "right", "current_time", "revocation_id", "check1", "test", "read", "unbound", "any1", "any2"]
authority: Block[0] {
authority: Block {
symbols: ["check1", "test", "read"]
version: 1
version: 2
context: ""
facts: []
rules: []
@ -972,9 +972,9 @@ Biscuit {
]
}
blocks: [
Block[1] {
Block {
symbols: ["unbound", "any1", "any2"]
version: 1
version: 2
context: ""
facts: []
rules: [
@ -997,9 +997,9 @@ biscuit2 (1 check):
```
Biscuit {
symbols: ["authority", "ambient", "resource", "operation", "right", "current_time", "revocation_id", "check1", "test", "read", "any"]
authority: Block[0] {
authority: Block {
symbols: ["check1", "test", "read"]
version: 1
version: 2
context: ""
facts: []
rules: []
@ -1008,9 +1008,9 @@ Biscuit {
]
}
blocks: [
Block[1] {
Block {
symbols: ["any"]
version: 1
version: 2
context: ""
facts: []
rules: [
@ -1027,10 +1027,10 @@ verifier world:
World {
facts: {
"operation(#ambient, #write)",
"revocation_id(0, hex:cfbc25eee0ffc9bca3930e88469c45b8aa43e856464fc401db213c3d9587783a)",
"revocation_id(1, hex:0e180a4400430a812b58751a3d3877af6ac2fe87559a32656c9ae78a4e973781)",
"unique_revocation_id(0, hex:cfbc25eee0ffc9bca3930e88469c45b8aa43e856464fc401db213c3d9587783a)",
"unique_revocation_id(1, hex:0e180a4400430a812b58751a3d3877af6ac2fe87559a32656c9ae78a4e973781)",
"revocation_id(0, hex:345b72b425b0e134ba294e1183e91af519a154fefc8f3a6b788da47668fa90c9)",
"revocation_id(1, hex:5262c65a6042072011eb868c9f47a279264324a2781d3dd38e72f3464dc93348)",
"unique_revocation_id(0, hex:345b72b425b0e134ba294e1183e91af519a154fefc8f3a6b788da47668fa90c9)",
"unique_revocation_id(1, hex:5262c65a6042072011eb868c9f47a279264324a2781d3dd38e72f3464dc93348)",
}
privileged rules: {}
rules: {

124
samples/v2/samples.json
View File

@ -6,20 +6,20 @@
"title": "basic token",
"filename": "test1_basic.bc",
"print_token": {
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\", \"write\", \"check1\", \"0\"]\n authority: Block[0] {\n symbols: [\"read\", \"write\"]\n version: 1\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read),\n right(#authority, \"file2\", #read),\n right(#authority, \"file1\", #write)\n ]\n rules: []\n checks: []\n }\n blocks: [\n Block[1] {\n symbols: [\"check1\", \"0\"]\n version: 1\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, $0), operation(#ambient, #read), right(#authority, $0, #read)\n ]\n }\n ]\n}"
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\", \"write\", \"check1\", \"0\"]\n authority: Block {\n symbols: [\"read\", \"write\"]\n version: 2\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read),\n right(#authority, \"file2\", #read),\n right(#authority, \"file1\", #write)\n ]\n rules: []\n checks: []\n }\n blocks: [\n Block {\n symbols: [\"check1\", \"0\"]\n version: 2\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, $0), operation(#ambient, #read), right(#authority, $0, #read)\n ]\n }\n ]\n}"
},
"validations": {
"": [
{
"facts": [
"resource(#ambient, \"file1\")",
"revocation_id(0, hex:415b9d4bcfbcc052eb30b66bed5151a7291bd3ededa8679140753f97d9a0b3e6)",
"revocation_id(1, hex:057ef57833aac9fb405ba1abadca1b088f2557700ea2004c79004ea688abeb47)",
"revocation_id(0, hex:2d41aa8d0131f0a9f171ae849f99f78461157101001752852e1731281ad460b3)",
"revocation_id(1, hex:601083ff09e19882d762976dbb9bc98851439052e8c1bf3da1f32718a5a57eed)",
"right(#authority, \"file1\", #read)",
"right(#authority, \"file1\", #write)",
"right(#authority, \"file2\", #read)",
"unique_revocation_id(0, hex:415b9d4bcfbcc052eb30b66bed5151a7291bd3ededa8679140753f97d9a0b3e6)",
"unique_revocation_id(1, hex:057ef57833aac9fb405ba1abadca1b088f2557700ea2004c79004ea688abeb47)"
"unique_revocation_id(0, hex:2d41aa8d0131f0a9f171ae849f99f78461157101001752852e1731281ad460b3)",
"unique_revocation_id(1, hex:601083ff09e19882d762976dbb9bc98851439052e8c1bf3da1f32718a5a57eed)"
],
"rules": [],
"privileged_rules": [],
@ -42,7 +42,7 @@
"title": "different root key",
"filename": "test2_different_root_key.bc",
"print_token": {
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\", \"check1\", \"0\"]\n authority: Block[0] {\n symbols: [\"read\"]\n version: 1\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read)\n ]\n rules: []\n checks: []\n }\n blocks: [\n Block[1] {\n symbols: [\"check1\", \"0\"]\n version: 1\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, $0), operation(#ambient, #read), right(#authority, $0, #read)\n ]\n }\n ]\n}"
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\", \"check1\", \"0\"]\n authority: Block {\n symbols: [\"read\"]\n version: 2\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read)\n ]\n rules: []\n checks: []\n }\n blocks: [\n Block {\n symbols: [\"check1\", \"0\"]\n version: 2\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, $0), operation(#ambient, #read), right(#authority, $0, #read)\n ]\n }\n ]\n}"
},
"validations": {
"": [
@ -59,7 +59,7 @@
"title": "invalid signature format",
"filename": "test3_invalid_signature_format.bc",
"print_token": {
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\", \"write\", \"check1\", \"0\"]\n authority: Block[0] {\n symbols: [\"read\", \"write\"]\n version: 1\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read),\n right(#authority, \"file2\", #read),\n right(#authority, \"file1\", #write)\n ]\n rules: []\n checks: []\n }\n blocks: [\n Block[1] {\n symbols: [\"check1\", \"0\"]\n version: 1\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, $0), operation(#ambient, #read), right(#authority, $0, #read)\n ]\n }\n ]\n}"
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\", \"write\", \"check1\", \"0\"]\n authority: Block {\n symbols: [\"read\", \"write\"]\n version: 2\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read),\n right(#authority, \"file2\", #read),\n right(#authority, \"file1\", #write)\n ]\n rules: []\n checks: []\n }\n blocks: [\n Block {\n symbols: [\"check1\", \"0\"]\n version: 2\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, $0), operation(#ambient, #read), right(#authority, $0, #read)\n ]\n }\n ]\n}"
},
"validations": {
"": [
@ -76,7 +76,7 @@
"title": "random block",
"filename": "test4_random_block.bc",
"print_token": {
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\", \"write\", \"check1\", \"0\"]\n authority: Block[0] {\n symbols: [\"read\", \"write\"]\n version: 1\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read),\n right(#authority, \"file2\", #read),\n right(#authority, \"file1\", #write)\n ]\n rules: []\n checks: []\n }\n blocks: [\n Block[1] {\n symbols: [\"check1\", \"0\"]\n version: 1\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, $0), operation(#ambient, #read), right(#authority, $0, #read)\n ]\n }\n ]\n}"
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\", \"write\", \"check1\", \"0\"]\n authority: Block {\n symbols: [\"read\", \"write\"]\n version: 2\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read),\n right(#authority, \"file2\", #read),\n right(#authority, \"file1\", #write)\n ]\n rules: []\n checks: []\n }\n blocks: [\n Block {\n symbols: [\"check1\", \"0\"]\n version: 2\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, $0), operation(#ambient, #read), right(#authority, $0, #read)\n ]\n }\n ]\n}"
},
"validations": {
"": [
@ -93,7 +93,7 @@
"title": "invalid signature",
"filename": "test5_invalid_signature.bc",
"print_token": {
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\", \"write\", \"check1\", \"0\"]\n authority: Block[0] {\n symbols: [\"read\", \"write\"]\n version: 1\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read),\n right(#authority, \"file2\", #read),\n right(#authority, \"file1\", #write)\n ]\n rules: []\n checks: []\n }\n blocks: [\n Block[1] {\n symbols: [\"check1\", \"0\"]\n version: 1\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, $0), operation(#ambient, #read), right(#authority, $0, #read)\n ]\n }\n ]\n}"
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\", \"write\", \"check1\", \"0\"]\n authority: Block {\n symbols: [\"read\", \"write\"]\n version: 2\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read),\n right(#authority, \"file2\", #read),\n right(#authority, \"file1\", #write)\n ]\n rules: []\n checks: []\n }\n blocks: [\n Block {\n symbols: [\"check1\", \"0\"]\n version: 2\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, $0), operation(#ambient, #read), right(#authority, $0, #read)\n ]\n }\n ]\n}"
},
"validations": {
"": [
@ -110,8 +110,8 @@
"title": "reordered blocks",
"filename": "test6_reordered_blocks.bc",
"print_token": {
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\", \"write\", \"check1\", \"0\"]\n authority: Block[0] {\n symbols: [\"read\", \"write\"]\n version: 1\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read),\n right(#authority, \"file2\", #read),\n right(#authority, \"file1\", #write)\n ]\n rules: []\n checks: []\n }\n blocks: [\n Block[1] {\n symbols: [\"check1\", \"0\"]\n version: 1\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, $0), operation(#ambient, #read), right(#authority, $0, #read)\n ]\n }\n ]\n}",
"biscuit3 (2 checks)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\", \"write\", \"check1\", \"0\", \"check2\"]\n authority: Block[0] {\n symbols: [\"read\", \"write\"]\n version: 1\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read),\n right(#authority, \"file2\", #read),\n right(#authority, \"file1\", #write)\n ]\n rules: []\n checks: []\n }\n blocks: [\n Block[1] {\n symbols: [\"check1\", \"0\"]\n version: 1\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, $0), operation(#ambient, #read), right(#authority, $0, #read)\n ]\n },\n\tBlock[2] {\n symbols: [\"check2\"]\n version: 1\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, \"file1\")\n ]\n }\n ]\n}"
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\", \"write\", \"check1\", \"0\"]\n authority: Block {\n symbols: [\"read\", \"write\"]\n version: 2\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read),\n right(#authority, \"file2\", #read),\n right(#authority, \"file1\", #write)\n ]\n rules: []\n checks: []\n }\n blocks: [\n Block {\n symbols: [\"check1\", \"0\"]\n version: 2\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, $0), operation(#ambient, #read), right(#authority, $0, #read)\n ]\n }\n ]\n}",
"biscuit3 (2 checks)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\", \"write\", \"check1\", \"0\", \"check2\"]\n authority: Block {\n symbols: [\"read\", \"write\"]\n version: 2\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read),\n right(#authority, \"file2\", #read),\n right(#authority, \"file1\", #write)\n ]\n rules: []\n checks: []\n }\n blocks: [\n Block {\n symbols: [\"check1\", \"0\"]\n version: 2\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, $0), operation(#ambient, #read), right(#authority, $0, #read)\n ]\n },\n\tBlock {\n symbols: [\"check2\"]\n version: 2\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, \"file1\")\n ]\n }\n ]\n}"
},
"validations": {
"": [
@ -128,7 +128,7 @@
"title": "invalid block fact with authority tag",
"filename": "test7_invalid_block_fact_authority.bc",
"print_token": {
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\", \"write\", \"check1\", \"0\"]\n authority: Block[0] {\n symbols: [\"read\"]\n version: 1\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read)\n ]\n rules: []\n checks: []\n }\n blocks: [\n Block[1] {\n symbols: [\"write\", \"check1\", \"0\"]\n version: 1\n context: \"\"\n facts: [\n right(#authority, \"file1\", #write)\n ]\n rules: []\n checks: [\n check if operation(#ambient, #read)\n ]\n }\n ]\n}"
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\", \"write\", \"check1\", \"0\"]\n authority: Block {\n symbols: [\"read\"]\n version: 2\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read)\n ]\n rules: []\n checks: []\n }\n blocks: [\n Block {\n symbols: [\"write\", \"check1\", \"0\"]\n version: 2\n context: \"\"\n facts: [\n right(#authority, \"file1\", #write)\n ]\n rules: []\n checks: [\n check if operation(#ambient, #read)\n ]\n }\n ]\n}"
},
"validations": {
"": [
@ -145,7 +145,7 @@
"title": "invalid block fact with ambient tag",
"filename": "test8_invalid_block_fact_ambient.bc",
"print_token": {
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\", \"write\", \"check1\", \"0\"]\n authority: Block[0] {\n symbols: [\"read\"]\n version: 1\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read)\n ]\n rules: []\n checks: []\n }\n blocks: [\n Block[1] {\n symbols: [\"write\", \"check1\", \"0\"]\n version: 1\n context: \"\"\n facts: [\n right(#ambient, \"file1\", #write)\n ]\n rules: []\n checks: [\n check if operation(#ambient, #read)\n ]\n }\n ]\n}"
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\", \"write\", \"check1\", \"0\"]\n authority: Block {\n symbols: [\"read\"]\n version: 2\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read)\n ]\n rules: []\n checks: []\n }\n blocks: [\n Block {\n symbols: [\"write\", \"check1\", \"0\"]\n version: 2\n context: \"\"\n facts: [\n right(#ambient, \"file1\", #write)\n ]\n rules: []\n checks: [\n check if operation(#ambient, #read)\n ]\n }\n ]\n}"
},
"validations": {
"": [
@ -162,7 +162,7 @@
"title": "expired token",
"filename": "test9_expired_token.bc",
"print_token": {
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"check1\", \"expiration\", \"date\", \"time\"]\n authority: Block[0] {\n symbols: []\n version: 1\n context: \"\"\n facts: []\n rules: []\n checks: []\n }\n blocks: [\n Block[1] {\n symbols: [\"check1\", \"expiration\", \"date\", \"time\"]\n version: 1\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, \"file1\"),\n check if time(#ambient, $date), $date <= 2018-12-20T00:00:00+00:00\n ]\n }\n ]\n}"
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"check1\", \"expiration\", \"date\", \"time\"]\n authority: Block {\n symbols: []\n version: 2\n context: \"\"\n facts: []\n rules: []\n checks: []\n }\n blocks: [\n Block {\n symbols: [\"check1\", \"expiration\", \"date\", \"time\"]\n version: 2\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, \"file1\"),\n check if time(#ambient, $date), $date <= 2018-12-20T00:00:00+00:00\n ]\n }\n ]\n}"
},
"validations": {
"": [
@ -170,11 +170,11 @@
"facts": [
"operation(#ambient, #read)",
"resource(#ambient, \"file1\")",
"revocation_id(0, hex:96123a8ee182336c4c63ad29f2b23549020da2a90841ac63ccec4c20413753b0)",
"revocation_id(1, hex:60e6f54cb7a20ee0859495abe176da0306dfe91b4ee270244dfecf954da340bb)",
"revocation_id(0, hex:97d9502fe0963f757c0f7e20e7d3a07b13f762c206c77506f4bd60af68565ce1)",
"revocation_id(1, hex:5ccf80411f761b01c08783efede6b86898b920107507bd500c3854c8fe451f35)",
"time(#ambient, SystemTime { tv_sec: 1608542592, tv_nsec: 0 })",
"unique_revocation_id(0, hex:96123a8ee182336c4c63ad29f2b23549020da2a90841ac63ccec4c20413753b0)",
"unique_revocation_id(1, hex:60e6f54cb7a20ee0859495abe176da0306dfe91b4ee270244dfecf954da340bb)"
"unique_revocation_id(0, hex:97d9502fe0963f757c0f7e20e7d3a07b13f762c206c77506f4bd60af68565ce1)",
"unique_revocation_id(1, hex:5ccf80411f761b01c08783efede6b86898b920107507bd500c3854c8fe451f35)"
],
"rules": [],
"privileged_rules": [],
@ -198,7 +198,7 @@
"title": "authority rules",
"filename": "test10_authority_rules.bc",
"print_token": {
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"1\", \"read\", \"owner\", \"0\", \"write\", \"check1\", \"check2\", \"alice\"]\n authority: Block[0] {\n symbols: [\"1\", \"read\", \"owner\", \"0\", \"write\"]\n version: 1\n context: \"\"\n facts: []\n rules: [\n right(#authority, $1, #read) <- resource(#ambient, $1), owner(#ambient, $0, $1),\n right(#authority, $1, #write) <- resource(#ambient, $1), owner(#ambient, $0, $1)\n ]\n checks: []\n }\n blocks: [\n Block[1] {\n symbols: [\"check1\", \"check2\", \"alice\"]\n version: 1\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if right(#authority, $0, $1), resource(#ambient, $0), operation(#ambient, $1),\n check if resource(#ambient, $0), owner(#ambient, #alice, $0)\n ]\n }\n ]\n}"
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"1\", \"read\", \"owner\", \"0\", \"write\", \"check1\", \"check2\", \"alice\"]\n authority: Block {\n symbols: [\"1\", \"read\", \"owner\", \"0\", \"write\"]\n version: 2\n context: \"\"\n facts: []\n rules: [\n right(#authority, $1, #read) <- resource(#ambient, $1), owner(#ambient, $0, $1),\n right(#authority, $1, #write) <- resource(#ambient, $1), owner(#ambient, $0, $1)\n ]\n checks: []\n }\n blocks: [\n Block {\n symbols: [\"check1\", \"check2\", \"alice\"]\n version: 2\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if right(#authority, $0, $1), resource(#ambient, $0), operation(#ambient, $1),\n check if resource(#ambient, $0), owner(#ambient, #alice, $0)\n ]\n }\n ]\n}"
},
"validations": {
"": [
@ -207,12 +207,12 @@
"operation(#ambient, #read)",
"owner(#ambient, #alice, \"file1\")",
"resource(#ambient, \"file1\")",
"revocation_id(0, hex:7b1c49cfd08df0bca951d50aa6f5062db8e4decce6713974186abd050382ab67)",
"revocation_id(1, hex:c5fdfd4294c92dca9f14fa659c45c811828853bf913e71a5d18ef9eecd7a6cab)",
"revocation_id(0, hex:615c86ed96ffb3e756cee9a922facef14e7ceedd7833a22474ffa69986a02aab)",
"revocation_id(1, hex:f5948d6b975b1f2e2571557588435445eeb088f6634c54247f0bc267bd11bc2a)",
"right(#authority, \"file1\", #read)",
"right(#authority, \"file1\", #write)",
"unique_revocation_id(0, hex:7b1c49cfd08df0bca951d50aa6f5062db8e4decce6713974186abd050382ab67)",
"unique_revocation_id(1, hex:c5fdfd4294c92dca9f14fa659c45c811828853bf913e71a5d18ef9eecd7a6cab)"
"unique_revocation_id(0, hex:615c86ed96ffb3e756cee9a922facef14e7ceedd7833a22474ffa69986a02aab)",
"unique_revocation_id(1, hex:f5948d6b975b1f2e2571557588435445eeb088f6634c54247f0bc267bd11bc2a)"
],
"rules": [],
"privileged_rules": [
@ -237,7 +237,7 @@
"title": "verifier authority checks",
"filename": "test11_verifier_authority_caveats.bc",
"print_token": {
"biscuit": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\"]\n authority: Block[0] {\n symbols: [\"read\"]\n version: 1\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read)\n ]\n rules: []\n checks: []\n }\n blocks: [\n \n ]\n}"
"biscuit": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\"]\n authority: Block {\n symbols: [\"read\"]\n version: 2\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read)\n ]\n rules: []\n checks: []\n }\n blocks: [\n \n ]\n}"
},
"validations": {
"": [
@ -245,9 +245,9 @@
"facts": [
"operation(#ambient, #read)",
"resource(#ambient, \"file2\")",
"revocation_id(0, hex:f3db615323f48dc225b793ec494c30c1d4a800ec8299aa7558fe769803f1446b)",
"revocation_id(0, hex:74d206f233bdcadbb6a8bdca0303b0520d75f94944f0dfc1d3b8edb0b3200b53)",
"right(#authority, \"file1\", #read)",
"unique_revocation_id(0, hex:f3db615323f48dc225b793ec494c30c1d4a800ec8299aa7558fe769803f1446b)"
"unique_revocation_id(0, hex:74d206f233bdcadbb6a8bdca0303b0520d75f94944f0dfc1d3b8edb0b3200b53)"
],
"rules": [],
"privileged_rules": [],
@ -270,7 +270,7 @@
"title": "authority checks",
"filename": "test12_authority_caveats.bc",
"print_token": {
"biscuit": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"check1\"]\n authority: Block[0] {\n symbols: [\"check1\"]\n version: 1\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, \"file1\")\n ]\n }\n blocks: [\n \n ]\n}"
"biscuit": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"check1\"]\n authority: Block {\n symbols: [\"check1\"]\n version: 2\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, \"file1\")\n ]\n }\n blocks: [\n \n ]\n}"
},
"validations": {
"file1": [
@ -278,8 +278,8 @@
"facts": [
"operation(#ambient, #read)",
"resource(#ambient, \"file1\")",
"revocation_id(0, hex:a6d33a7c61185cc962a4100d17176b72a60e95490af7c3cccbd244f3cce02b85)",
"unique_revocation_id(0, hex:a6d33a7c61185cc962a4100d17176b72a60e95490af7c3cccbd244f3cce02b85)"
"revocation_id(0, hex:6da467f30421f10f2bdd7eacb3ed3ce0741757c1afa8da1775f376dba88a5683)",
"unique_revocation_id(0, hex:6da467f30421f10f2bdd7eacb3ed3ce0741757c1afa8da1775f376dba88a5683)"
],
"rules": [],
"privileged_rules": [],
@ -299,8 +299,8 @@
"facts": [
"operation(#ambient, #read)",
"resource(#ambient, \"file2\")",
"revocation_id(0, hex:a6d33a7c61185cc962a4100d17176b72a60e95490af7c3cccbd244f3cce02b85)",
"unique_revocation_id(0, hex:a6d33a7c61185cc962a4100d17176b72a60e95490af7c3cccbd244f3cce02b85)"
"revocation_id(0, hex:6da467f30421f10f2bdd7eacb3ed3ce0741757c1afa8da1775f376dba88a5683)",
"unique_revocation_id(0, hex:6da467f30421f10f2bdd7eacb3ed3ce0741757c1afa8da1775f376dba88a5683)"
],
"rules": [],
"privileged_rules": [],
@ -323,20 +323,20 @@
"title": "block rules",
"filename": "test13_block_rules.bc",
"print_token": {
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\", \"valid_date\", \"time\", \"0\", \"1\", \"check1\"]\n authority: Block[0] {\n symbols: [\"read\"]\n version: 1\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read),\n right(#authority, \"file2\", #read)\n ]\n rules: []\n checks: []\n }\n blocks: [\n Block[1] {\n symbols: [\"valid_date\", \"time\", \"0\", \"1\", \"check1\"]\n version: 1\n context: \"\"\n facts: []\n rules: [\n valid_date(\"file1\") <- time(#ambient, $0), resource(#ambient, \"file1\"), $0 <= 2030-12-31T12:59:59+00:00,\n valid_date($1) <- time(#ambient, $0), resource(#ambient, $1), $0 <= 1999-12-31T12:59:59+00:00, ![\"file1\"].contains($1)\n ]\n checks: [\n check if valid_date($0), resource(#ambient, $0)\n ]\n }\n ]\n}"
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"read\", \"valid_date\", \"time\", \"0\", \"1\", \"check1\"]\n authority: Block {\n symbols: [\"read\"]\n version: 2\n context: \"\"\n facts: [\n right(#authority, \"file1\", #read),\n right(#authority, \"file2\", #read)\n ]\n rules: []\n checks: []\n }\n blocks: [\n Block {\n symbols: [\"valid_date\", \"time\", \"0\", \"1\", \"check1\"]\n version: 2\n context: \"\"\n facts: []\n rules: [\n valid_date(\"file1\") <- time(#ambient, $0), resource(#ambient, \"file1\"), $0 <= 2030-12-31T12:59:59+00:00,\n valid_date($1) <- time(#ambient, $0), resource(#ambient, $1), $0 <= 1999-12-31T12:59:59+00:00, ![\"file1\"].contains($1)\n ]\n checks: [\n check if valid_date($0), resource(#ambient, $0)\n ]\n }\n ]\n}"
},
"validations": {
"file1": [
{
"facts": [
"resource(#ambient, \"file1\")",
"revocation_id(0, hex:d0e882a6d2405213cc7a8f2ac3f0041fecbf535177b6a6b4a581b48783a9d19b)",
"revocation_id(1, hex:cab9e5395e49e41c53c3418796f73379a167d9c2d1504c99dac5e9bb06ec02cc)",
"revocation_id(0, hex:9a30e5b4f22cdffd389bd06c77c8ef1912604b4ebe3f0de7ceea9f4ddb571da5)",
"revocation_id(1, hex:35dc6e409f6582a669f0d41bf3cd9aa837a19764f0262e3dd8b6d2bdacee5b82)",
"right(#authority, \"file1\", #read)",
"right(#authority, \"file2\", #read)",
"time(#ambient, SystemTime { tv_sec: 1608542592, tv_nsec: 0 })",
"unique_revocation_id(0, hex:d0e882a6d2405213cc7a8f2ac3f0041fecbf535177b6a6b4a581b48783a9d19b)",
"unique_revocation_id(1, hex:cab9e5395e49e41c53c3418796f73379a167d9c2d1504c99dac5e9bb06ec02cc)",
"unique_revocation_id(0, hex:9a30e5b4f22cdffd389bd06c77c8ef1912604b4ebe3f0de7ceea9f4ddb571da5)",
"unique_revocation_id(1, hex:35dc6e409f6582a669f0d41bf3cd9aa837a19764f0262e3dd8b6d2bdacee5b82)",
"valid_date(\"file1\")"
],
"rules": [
@ -359,13 +359,13 @@
{
"facts": [
"resource(#ambient, \"file2\")",
"revocation_id(0, hex:d0e882a6d2405213cc7a8f2ac3f0041fecbf535177b6a6b4a581b48783a9d19b)",
"revocation_id(1, hex:cab9e5395e49e41c53c3418796f73379a167d9c2d1504c99dac5e9bb06ec02cc)",
"revocation_id(0, hex:9a30e5b4f22cdffd389bd06c77c8ef1912604b4ebe3f0de7ceea9f4ddb571da5)",
"revocation_id(1, hex:35dc6e409f6582a669f0d41bf3cd9aa837a19764f0262e3dd8b6d2bdacee5b82)",
"right(#authority, \"file1\", #read)",
"right(#authority, \"file2\", #read)",
"time(#ambient, SystemTime { tv_sec: 1608542592, tv_nsec: 0 })",
"unique_revocation_id(0, hex:d0e882a6d2405213cc7a8f2ac3f0041fecbf535177b6a6b4a581b48783a9d19b)",
"unique_revocation_id(1, hex:cab9e5395e49e41c53c3418796f73379a167d9c2d1504c99dac5e9bb06ec02cc)"
"unique_revocation_id(0, hex:9a30e5b4f22cdffd389bd06c77c8ef1912604b4ebe3f0de7ceea9f4ddb571da5)",
"unique_revocation_id(1, hex:35dc6e409f6582a669f0d41bf3cd9aa837a19764f0262e3dd8b6d2bdacee5b82)"
],
"rules": [
"valid_date(\"file1\") <- time(#ambient, $0), resource(#ambient, \"file1\"), $0 <= 2030-12-31T12:59:59+00:00",
@ -391,15 +391,15 @@
"title": "regex_constraint",
"filename": "test14_regex_constraint.bc",
"print_token": {
"biscuit": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"resource_match\", \"0\"]\n authority: Block[0] {\n symbols: [\"resource_match\", \"0\"]\n version: 1\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, $0), $0.matches(\"file[0-9]+.txt\")\n ]\n }\n blocks: [\n \n ]\n}"
"biscuit": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"resource_match\", \"0\"]\n authority: Block {\n symbols: [\"resource_match\", \"0\"]\n version: 2\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, $0), $0.matches(\"file[0-9]+.txt\")\n ]\n }\n blocks: [\n \n ]\n}"
},
"validations": {
"file1": [
{
"facts": [
"resource(#ambient, \"file1\")",
"revocation_id(0, hex:1da4cd4d7c60491948662acc237bb10599c6046e1ef09a867267b5e039a4d1b6)",
"unique_revocation_id(0, hex:1da4cd4d7c60491948662acc237bb10599c6046e1ef09a867267b5e039a4d1b6)"
"revocation_id(0, hex:7d04d352cd30ad2875f003ff2ccc57dc7ec39763f3a823f87c9e26bf40b0310d)",
"unique_revocation_id(0, hex:7d04d352cd30ad2875f003ff2ccc57dc7ec39763f3a823f87c9e26bf40b0310d)"
],
"rules": [],
"privileged_rules": [],
@ -420,8 +420,8 @@
{
"facts": [
"resource(#ambient, \"file123.txt\")",
"revocation_id(0, hex:1da4cd4d7c60491948662acc237bb10599c6046e1ef09a867267b5e039a4d1b6)",
"unique_revocation_id(0, hex:1da4cd4d7c60491948662acc237bb10599c6046e1ef09a867267b5e039a4d1b6)"
"revocation_id(0, hex:7d04d352cd30ad2875f003ff2ccc57dc7ec39763f3a823f87c9e26bf40b0310d)",
"unique_revocation_id(0, hex:7d04d352cd30ad2875f003ff2ccc57dc7ec39763f3a823f87c9e26bf40b0310d)"
],
"rules": [],
"privileged_rules": [],
@ -442,15 +442,15 @@
"title": "multi queries checks",
"filename": "test15_multi_queries_caveats.bc",
"print_token": {
"biscuit": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"must_be_present\"]\n authority: Block[0] {\n symbols: [\"must_be_present\"]\n version: 1\n context: \"\"\n facts: [\n must_be_present(#authority, \"hello\")\n ]\n rules: []\n checks: []\n }\n blocks: [\n \n ]\n}"
"biscuit": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"must_be_present\"]\n authority: Block {\n symbols: [\"must_be_present\"]\n version: 2\n context: \"\"\n facts: [\n must_be_present(#authority, \"hello\")\n ]\n rules: []\n checks: []\n }\n blocks: [\n \n ]\n}"
},
"validations": {
"": [
{
"facts": [
"must_be_present(#authority, \"hello\")",
"revocation_id(0, hex:128099942c46fc6a4f9a8f8f0cc5d8b70c4d55d834255ef6065b62c967eef50c)",
"unique_revocation_id(0, hex:128099942c46fc6a4f9a8f8f0cc5d8b70c4d55d834255ef6065b62c967eef50c)"
"revocation_id(0, hex:a869933238d941c3c6fd2a6949844a35727741e04865faf66ebdeb0e2cadab40)",
"unique_revocation_id(0, hex:a869933238d941c3c6fd2a6949844a35727741e04865faf66ebdeb0e2cadab40)"
],
"rules": [],
"privileged_rules": [],
@ -471,17 +471,17 @@
"title": "check head name should be independent from fact names",
"filename": "test16_caveat_head_name.bc",
"print_token": {
"biscuit": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"check1\", \"test\", \"hello\"]\n authority: Block[0] {\n symbols: [\"check1\", \"test\", \"hello\"]\n version: 1\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, #hello)\n ]\n }\n blocks: [\n Block[1] {\n symbols: []\n version: 1\n context: \"\"\n facts: [\n check1(#test)\n ]\n rules: []\n checks: []\n }\n ]\n}"
"biscuit": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"check1\", \"test\", \"hello\"]\n authority: Block {\n symbols: [\"check1\", \"test\", \"hello\"]\n version: 2\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if resource(#ambient, #hello)\n ]\n }\n blocks: [\n Block {\n symbols: []\n version: 2\n context: \"\"\n facts: [\n check1(#test)\n ]\n rules: []\n checks: []\n }\n ]\n}"
},
"validations": {
"": [
{
"facts": [
"check1(#test)",
"revocation_id(0, hex:08321b952cecd6cc7ca5d3493ae391e44fcf3d3d55e63aa7e8b098217b7736c3)",
"revocation_id(1, hex:e166c05f9ec0632fe286df76048a527a621d7ca08e2cd9f3995b4ee33b1e001c)",
"unique_revocation_id(0, hex:08321b952cecd6cc7ca5d3493ae391e44fcf3d3d55e63aa7e8b098217b7736c3)",
"unique_revocation_id(1, hex:e166c05f9ec0632fe286df76048a527a621d7ca08e2cd9f3995b4ee33b1e001c)"
"revocation_id(0, hex:4a366515e159a7577166d8158bdca3c0bb39cbabb4988824ad0c9aab5d3ea402)",
"revocation_id(1, hex:2e8c19fefac5e54b7a8e21bb40eaf8aac70909e48f22c388ebb8cc742065d1dc)",
"unique_revocation_id(0, hex:4a366515e159a7577166d8158bdca3c0bb39cbabb4988824ad0c9aab5d3ea402)",
"unique_revocation_id(1, hex:2e8c19fefac5e54b7a8e21bb40eaf8aac70909e48f22c388ebb8cc742065d1dc)"
],
"rules": [],
"privileged_rules": [],
@ -504,14 +504,14 @@
"title": "test expression syntax and all available operations",
"filename": "test17_expressions.bc",
"print_token": {
"biscuit": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"query\", \"abc\", \"hello\", \"world\"]\n authority: Block[0] {\n symbols: [\"query\", \"abc\", \"hello\", \"world\"]\n version: 1\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if true,\n check if !false,\n check if false or true,\n check if 1 < 2,\n check if 2 > 1,\n check if 1 <= 2,\n check if 1 <= 1,\n check if 2 >= 1,\n check if 2 >= 2,\n check if 3 == 3,\n check if 1 + 2 * 3 - 4 / 2 == 5,\n check if \"hello world\".starts_with(\"hello\") && \"hello world\".ends_with(\"world\"),\n check if \"aaabde\".matches(\"a*c?.e\"),\n check if \"abcD12\" == \"abcD12\",\n check if 2019-12-04T09:46:41+00:00 < 2020-12-04T09:46:41+00:00,\n check if 2020-12-04T09:46:41+00:00 > 2019-12-04T09:46:41+00:00,\n check if 2019-12-04T09:46:41+00:00 <= 2020-12-04T09:46:41+00:00,\n check if 2020-12-04T09:46:41+00:00 >= 2020-12-04T09:46:41+00:00,\n check if 2020-12-04T09:46:41+00:00 >= 2019-12-04T09:46:41+00:00,\n check if 2020-12-04T09:46:41+00:00 >= 2020-12-04T09:46:41+00:00,\n check if 2020-12-04T09:46:41+00:00 == 2020-12-04T09:46:41+00:00,\n check if #abc == #abc,\n check if hex:12ab == hex:12ab,\n check if [1, 2].contains(2),\n check if [2019-12-04T09:46:41+00:00, 2020-12-04T09:46:41+00:00].contains(2020-12-04T09:46:41+00:00),\n check if [false, true].contains(true),\n check if [\"abc\", \"def\"].contains(\"abc\"),\n check if [hex:12ab, hex:34de].contains(hex:34de),\n check if [#hello, #world].contains(#hello)\n ]\n }\n blocks: [\n \n ]\n}"
"biscuit": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"query\", \"abc\", \"hello\", \"world\"]\n authority: Block {\n symbols: [\"query\", \"abc\", \"hello\", \"world\"]\n version: 2\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if true,\n check if !false,\n check if false or true,\n check if 1 < 2,\n check if 2 > 1,\n check if 1 <= 2,\n check if 1 <= 1,\n check if 2 >= 1,\n check if 2 >= 2,\n check if 3 == 3,\n check if 1 + 2 * 3 - 4 / 2 == 5,\n check if \"hello world\".starts_with(\"hello\") && \"hello world\".ends_with(\"world\"),\n check if \"aaabde\".matches(\"a*c?.e\"),\n check if \"abcD12\" == \"abcD12\",\n check if 2019-12-04T09:46:41+00:00 < 2020-12-04T09:46:41+00:00,\n check if 2020-12-04T09:46:41+00:00 > 2019-12-04T09:46:41+00:00,\n check if 2019-12-04T09:46:41+00:00 <= 2020-12-04T09:46:41+00:00,\n check if 2020-12-04T09:46:41+00:00 >= 2020-12-04T09:46:41+00:00,\n check if 2020-12-04T09:46:41+00:00 >= 2019-12-04T09:46:41+00:00,\n check if 2020-12-04T09:46:41+00:00 >= 2020-12-04T09:46:41+00:00,\n check if 2020-12-04T09:46:41+00:00 == 2020-12-04T09:46:41+00:00,\n check if #abc == #abc,\n check if hex:12ab == hex:12ab,\n check if [1, 2].contains(2),\n check if [2019-12-04T09:46:41+00:00, 2020-12-04T09:46:41+00:00].contains(2020-12-04T09:46:41+00:00),\n check if [false, true].contains(true),\n check if [\"abc\", \"def\"].contains(\"abc\"),\n check if [hex:12ab, hex:34de].contains(hex:34de),\n check if [#hello, #world].contains(#hello)\n ]\n }\n blocks: [\n \n ]\n}"
},
"validations": {
"": [
{
"facts": [
"revocation_id(0, hex:09b4fab17d84885149e416bf10990d19b918a02854acd9ad96494994735cd25d)",
"unique_revocation_id(0, hex:09b4fab17d84885149e416bf10990d19b918a02854acd9ad96494994735cd25d)"
"revocation_id(0, hex:fde35e855f6e4a1037e6698d3085bef54a71093dc06c2f2a2027e7c126a340d8)",
"unique_revocation_id(0, hex:fde35e855f6e4a1037e6698d3085bef54a71093dc06c2f2a2027e7c126a340d8)"
],
"rules": [],
"privileged_rules": [],
@ -559,7 +559,7 @@
"title": "invalid block rule with unbound_variables",
"filename": "test18_unbound_variables_in_rule.bc",
"print_token": {
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"check1\", \"test\", \"read\", \"unbound\", \"any1\", \"any2\"]\n authority: Block[0] {\n symbols: [\"check1\", \"test\", \"read\"]\n version: 1\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if operation(#ambient, #read)\n ]\n }\n blocks: [\n Block[1] {\n symbols: [\"unbound\", \"any1\", \"any2\"]\n version: 1\n context: \"\"\n facts: []\n rules: [\n operation($unbound, #read) <- operation($any1, $any2)\n ]\n checks: []\n }\n ]\n}"
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"check1\", \"test\", \"read\", \"unbound\", \"any1\", \"any2\"]\n authority: Block {\n symbols: [\"check1\", \"test\", \"read\"]\n version: 2\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if operation(#ambient, #read)\n ]\n }\n blocks: [\n Block {\n symbols: [\"unbound\", \"any1\", \"any2\"]\n version: 2\n context: \"\"\n facts: []\n rules: [\n operation($unbound, #read) <- operation($any1, $any2)\n ]\n checks: []\n }\n ]\n}"
},
"validations": {
"": [
@ -576,17 +576,17 @@
"title": "invalid block rule generating an #authority or #ambient symbol with a variable",
"filename": "test19_generating_ambient_from_variables.bc",
"print_token": {
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"check1\", \"test\", \"read\", \"any\"]\n authority: Block[0] {\n symbols: [\"check1\", \"test\", \"read\"]\n version: 1\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if operation(#ambient, #read)\n ]\n }\n blocks: [\n Block[1] {\n symbols: [\"any\"]\n version: 1\n context: \"\"\n facts: []\n rules: [\n operation($ambient, #read) <- operation($ambient, $any)\n ]\n checks: []\n }\n ]\n}"
"biscuit2 (1 check)": "Biscuit {\n symbols: [\"authority\", \"ambient\", \"resource\", \"operation\", \"right\", \"current_time\", \"revocation_id\", \"check1\", \"test\", \"read\", \"any\"]\n authority: Block {\n symbols: [\"check1\", \"test\", \"read\"]\n version: 2\n context: \"\"\n facts: []\n rules: []\n checks: [\n check if operation(#ambient, #read)\n ]\n }\n blocks: [\n Block {\n symbols: [\"any\"]\n version: 2\n context: \"\"\n facts: []\n rules: [\n operation($ambient, #read) <- operation($ambient, $any)\n ]\n checks: []\n }\n ]\n}"
},
"validations": {
"": [
{
"facts": [
"operation(#ambient, #write)",
"revocation_id(0, hex:cfbc25eee0ffc9bca3930e88469c45b8aa43e856464fc401db213c3d9587783a)",
"revocation_id(1, hex:0e180a4400430a812b58751a3d3877af6ac2fe87559a32656c9ae78a4e973781)",
"unique_revocation_id(0, hex:cfbc25eee0ffc9bca3930e88469c45b8aa43e856464fc401db213c3d9587783a)",
"unique_revocation_id(1, hex:0e180a4400430a812b58751a3d3877af6ac2fe87559a32656c9ae78a4e973781)"
"revocation_id(0, hex:345b72b425b0e134ba294e1183e91af519a154fefc8f3a6b788da47668fa90c9)",
"revocation_id(1, hex:5262c65a6042072011eb868c9f47a279264324a2781d3dd38e72f3464dc93348)",
"unique_revocation_id(0, hex:345b72b425b0e134ba294e1183e91af519a154fefc8f3a6b788da47668fa90c9)",
"unique_revocation_id(1, hex:5262c65a6042072011eb868c9f47a279264324a2781d3dd38e72f3464dc93348)"
],
"rules": [
"operation($ambient, #read) <- operation($ambient, $any)"

BIN
samples/v2/test10_authority_rules.bc
View File

Binary file not shown.

BIN
samples/v2/test11_verifier_authority_caveats.bc
View File

Binary file not shown.

BIN
samples/v2/test12_authority_caveats.bc
View File

Binary file not shown.

BIN
samples/v2/test13_block_rules.bc
View File

Binary file not shown.

BIN
samples/v2/test14_regex_constraint.bc
View File

Binary file not shown.

BIN
samples/v2/test15_multi_queries_caveats.bc
View File

Binary file not shown.

BIN
samples/v2/test16_caveat_head_name.bc
View File

Binary file not shown.

BIN
samples/v2/test17_expressions.bc
View File

Binary file not shown.

BIN
samples/v2/test18_unbound_variables_in_rule.bc
View File

Binary file not shown.

BIN
samples/v2/test19_generating_ambient_from_variables.bc
View File

Binary file not shown.

BIN
samples/v2/test1_basic.bc
View File

Binary file not shown.

BIN
samples/v2/test2_different_root_key.bc
View File

Binary file not shown.

BIN
samples/v2/test3_invalid_signature_format.bc
View File

Binary file not shown.

BIN
samples/v2/test4_random_block.bc
View File

Binary file not shown.

BIN
samples/v2/test5_invalid_signature.bc
View File

Binary file not shown.

BIN
samples/v2/test6_reordered_blocks.bc
View File

Binary file not shown.

BIN
samples/v2/test7_invalid_block_fact_authority.bc
View File

Binary file not shown.

BIN
samples/v2/test8_invalid_block_fact_ambient.bc
View File

Binary file not shown.

BIN
samples/v2/test9_expired_token.bc
View File

Binary file not shown.

213
schema.proto
View File

@ -23,176 +23,34 @@ message Proof {
}
message Block {
required uint32 index = 1;
repeated string symbols = 2;
repeated FactV0 facts_v0 = 3;
repeated RuleV0 rules_v0 = 4;
repeated CaveatV0 caveats_v0 = 5;
optional string context = 6;
optional uint32 version = 7;
repeated FactV1 facts_v1 = 8;
repeated RuleV1 rules_v1 = 9;
repeated CheckV1 checks_v1 = 10;
repeated string symbols = 1;
optional string context = 2;
optional uint32 version = 3;
repeated FactV2 facts_v2 = 4;
repeated RuleV2 rules_v2 = 5;
repeated CheckV2 checks_v2 = 6;
}
message FactV0 {
required PredicateV0 predicate = 1;
message FactV2 {
required PredicateV2 predicate = 1;
}
message RuleV0 {
required PredicateV0 head = 1;
repeated PredicateV0 body = 2;
repeated ConstraintV0 constraints = 3;
message RuleV2 {
required PredicateV2 head = 1;
repeated PredicateV2 body = 2;
repeated ExpressionV2 expressions = 3;
}
message CaveatV0 {
repeated RuleV0 queries = 1;
message CheckV2 {
repeated RuleV2 queries = 1;
}
message PredicateV0 {
message PredicateV2 {
required uint64 name = 1;
repeated IDV0 ids = 2;
repeated IDV2 ids = 2;
}
message IDV0 {
enum Kind {
SYMBOL = 0;
VARIABLE = 1;
INTEGER = 2;
STR = 3;
DATE = 4;
BYTES = 5;
}
required Kind kind = 1;
optional uint64 symbol = 2;
optional uint32 variable = 3;
optional int64 integer = 4;
optional string str = 5;
optional uint64 date = 6;
optional bytes bytes = 7;
}
message ConstraintV0 {
required uint32 id = 1;
enum Kind {
INT = 0;
STRING = 1;
DATE = 2;
SYMBOL = 3;
BYTES = 4;
}
required Kind kind = 2;
optional IntConstraintV0 int = 3;
optional StringConstraintV0 str = 4;
optional DateConstraintV0 date = 5;
optional SymbolConstraintV0 symbol = 6;
optional BytesConstraintV0 bytes = 7;
}
message IntConstraintV0 {
enum Kind {
LOWER = 0;
LARGER = 1;
LOWER_OR_EQUAL = 2;
LARGER_OR_EQUAL = 3;
EQUAL = 4;
IN = 5;
NOT_IN = 6;
}
required Kind kind = 1;
optional int64 lower = 2;
optional int64 larger = 3;
optional int64 lower_or_equal = 4;
optional int64 larger_or_equal = 5;
optional int64 equal = 6;
repeated int64 in_set = 7 [packed=true];
repeated int64 not_in_set = 8 [packed=true];
}
message StringConstraintV0 {
enum Kind {
PREFIX = 0;
SUFFIX = 1;
EQUAL = 2;
IN = 3;
NOT_IN = 4;
REGEX = 5;
}
required Kind kind = 1;
optional string prefix = 2;
optional string suffix = 3;
optional string equal = 4;
repeated string in_set = 5;
repeated string not_in_set = 6;
optional string regex = 7;
}
message DateConstraintV0 {
enum Kind {
BEFORE = 0;
AFTER = 1;
}
required Kind kind = 1;
optional uint64 before = 2;
optional uint64 after = 3;
}
message SymbolConstraintV0 {
enum Kind {
IN = 0;
NOT_IN = 1;
}
required Kind kind = 1;
repeated uint64 in_set = 2;
repeated uint64 not_in_set = 3;
}
message BytesConstraintV0 {
enum Kind {
EQUAL = 0;
IN = 1;
NOT_IN = 2;
}
required Kind kind = 1;
optional bytes equal = 2;
repeated bytes in_set = 3;
repeated bytes not_in_set = 4;
}
message FactV1 {
required PredicateV1 predicate = 1;
}
message RuleV1 {
required PredicateV1 head = 1;
repeated PredicateV1 body = 2;
repeated ExpressionV1 expressions = 3;
}
message CheckV1 {
repeated RuleV1 queries = 1;
}
message PredicateV1 {
required uint64 name = 1;
repeated IDV1 ids = 2;
}
message IDV1 {
message IDV2 {
oneof Content {
uint64 symbol = 1;
uint32 variable = 2;
@ -206,22 +64,22 @@ message IDV1 {
}
message IDSet {
repeated IDV1 set = 1;
repeated IDV2 set = 1;
}
message ConstraintV1 {
message ConstraintV2 {
required uint32 id = 1;
oneof Constraint {
IntConstraintV1 int = 2;
StringConstraintV1 string = 3;
DateConstraintV1 date = 4;
SymbolConstraintV1 symbol = 5;
BytesConstraintV1 bytes = 6;
IntConstraintV2 int = 2;
StringConstraintV2 string = 3;
DateConstraintV2 date = 4;
SymbolConstraintV2 symbol = 5;
BytesConstraintV2 bytes = 6;
}
}
message IntConstraintV1 {
message IntConstraintV2 {
oneof Constraint {
int64 less_than = 1;
int64 greater_than = 2;
@ -237,7 +95,7 @@ message IntSet {
repeated int64 set = 7 [packed=true];
}
message StringConstraintV1 {
message StringConstraintV2 {
oneof Constraint {
string prefix = 1;
string suffix = 2;
@ -252,14 +110,14 @@ message StringSet {
repeated string set = 1;
}
message DateConstraintV1 {
message DateConstraintV2 {
oneof Constraint {
uint64 before = 1;
uint64 after = 2;
}
}
message SymbolConstraintV1 {
message SymbolConstraintV2 {
oneof Constraint {
SymbolSet in_set = 1;
SymbolSet not_in_set = 2;
@ -270,7 +128,7 @@ message SymbolSet {
repeated uint64 set = 1 [packed=true];
}
message BytesConstraintV1 {
message BytesConstraintV2 {
oneof Constraint {
bytes equal = 1;
BytesSet in_set = 2;
@ -282,13 +140,13 @@ message BytesSet {
repeated bytes set = 1;
}
message ExpressionV1 {
message ExpressionV2 {
repeated Op ops = 1;
}
message Op {
oneof Content {
IDV1 value = 1;
IDV2 value = 1;
OpUnary unary = 2;
OpBinary Binary = 3;
}
@ -334,15 +192,16 @@ message Policy {
Deny = 1;
}
repeated RuleV1 queries = 1;
repeated RuleV2 queries = 1;
required Kind kind = 2;
}
message VerifierPolicies {
repeated string symbols = 1;
optional uint32 version = 2;
repeated FactV1 facts = 3;
repeated RuleV1 rules = 4;
repeated CheckV1 checks = 5;
repeated FactV2 facts = 3;
repeated RuleV2 rules = 4;
repeated CheckV2 checks = 5;
repeated Policy policies = 6;
repeated RuleV2 privileged_rules = 7;
}