ppl: remove support for aliases (#2400)

config/policy_ppl.go

@@ -50,7 +50,7 @@ func (p *Policy) ToPPL() *parser.Policy {
 	for _, ag := range p.AllAllowedGroups() {
 		allowRule.Or = append(allowRule.Or,
 			parser.Criterion{
-				Name: "group",
+				Name: "groups",
 				Data: parser.Object{
 					"has": parser.String(ag),
 				},
@@ -68,7 +68,7 @@ func (p *Policy) ToPPL() *parser.Policy {
 				data, _ := parser.ParseValue(bytes.NewReader(bs))
 				allowRule.Or = append(allowRule.Or,
 					parser.Criterion{
-						Name:    "claims",
+						Name:    "claim",
 						SubPath: k,
 						Data:    data,
 					})

pkg/policy/criteria/accept.go

@@ -19,8 +19,8 @@ func (acceptCriterion) DataType() CriterionDataType {
 	return generator.CriterionDataTypeUnused
 }
 
-func (acceptCriterion) Names() []string {
-	return []string{"accept"}
+func (acceptCriterion) Name() string {
+	return "accept"
 }
 
 func (c acceptCriterion) GenerateRule(_ string, _ parser.Value) (*ast.Rule, []*ast.Rule, error) {

pkg/policy/criteria/authenticated_user.go

@@ -22,8 +22,8 @@ func (authenticatedUserCriterion) DataType() CriterionDataType {
 	return generator.CriterionDataTypeUnused
 }
 
-func (authenticatedUserCriterion) Names() []string {
-	return []string{"authenticated_user"}
+func (authenticatedUserCriterion) Name() string {
+	return "authenticated_user"
 }
 
 func (c authenticatedUserCriterion) GenerateRule(_ string, _ parser.Value) (*ast.Rule, []*ast.Rule, error) {

pkg/policy/criteria/claims.go

@@ -40,8 +40,8 @@ func (claimsCriterion) DataType() CriterionDataType {
 	return generator.CriterionDataTypeUnknown
 }
 
-func (claimsCriterion) Names() []string {
-	return []string{"claim", "claims"}
+func (claimsCriterion) Name() string {
+	return "claim"
 }
 
 func (c claimsCriterion) GenerateRule(subPath string, data parser.Value) (*ast.Rule, []*ast.Rule, error) {

pkg/policy/criteria/cors_preflight.go

@@ -21,8 +21,8 @@ func (corsPreflightCriterion) DataType() CriterionDataType {
 	return generator.CriterionDataTypeUnused
 }
 
-func (corsPreflightCriterion) Names() []string {
-	return []string{"cors_preflight"}
+func (corsPreflightCriterion) Name() string {
+	return "cors_preflight"
 }
 
 func (c corsPreflightCriterion) GenerateRule(_ string, _ parser.Value) (*ast.Rule, []*ast.Rule, error) {

pkg/policy/criteria/domains.go

@@ -27,8 +27,8 @@ func (domainsCriterion) DataType() CriterionDataType {
 	return CriterionDataTypeStringMatcher
 }
 
-func (domainsCriterion) Names() []string {
-	return []string{"domain", "domains"}
+func (domainsCriterion) Name() string {
+	return "domain"
 }
 
 func (c domainsCriterion) GenerateRule(_ string, data parser.Value) (*ast.Rule, []*ast.Rule, error) {

pkg/policy/criteria/emails.go

@@ -28,8 +28,8 @@ func (emailsCriterion) DataType() generator.CriterionDataType {
 	return CriterionDataTypeStringMatcher
 }
 
-func (emailsCriterion) Names() []string {
-	return []string{"email", "emails"}
+func (emailsCriterion) Name() string {
+	return "email"
 }
 
 func (c emailsCriterion) GenerateRule(_ string, data parser.Value) (*ast.Rule, []*ast.Rule, error) {

pkg/policy/criteria/groups.go

@@ -47,8 +47,8 @@ func (groupsCriterion) DataType() generator.CriterionDataType {
 	return CriterionDataTypeStringListMatcher
 }
 
-func (groupsCriterion) Names() []string {
-	return []string{"group", "groups"}
+func (groupsCriterion) Name() string {
+	return "groups"
 }
 
 func (c groupsCriterion) GenerateRule(_ string, data parser.Value) (*ast.Rule, []*ast.Rule, error) {

pkg/policy/criteria/invalid_client_certificate.go

@@ -21,8 +21,8 @@ func (invalidClientCertificateCriterion) DataType() CriterionDataType {
 	return generator.CriterionDataTypeUnused
 }
 
-func (invalidClientCertificateCriterion) Names() []string {
-	return []string{"invalid_client_certificate"}
+func (invalidClientCertificateCriterion) Name() string {
+	return "invalid_client_certificate"
 }
 
 func (c invalidClientCertificateCriterion) GenerateRule(_ string, _ parser.Value) (*ast.Rule, []*ast.Rule, error) {

pkg/policy/criteria/pomerium_routes.go

@@ -21,8 +21,8 @@ func (pomeriumRoutesCriterion) DataType() generator.CriterionDataType {
 	return generator.CriterionDataTypeUnused
 }
 
-func (pomeriumRoutesCriterion) Names() []string {
-	return []string{"pomerium_routes"}
+func (pomeriumRoutesCriterion) Name() string {
+	return "pomerium_routes"
 }
 
 func (c pomeriumRoutesCriterion) GenerateRule(_ string, _ parser.Value) (*ast.Rule, []*ast.Rule, error) {

pkg/policy/criteria/reject.go

@@ -19,8 +19,8 @@ func (rejectMatcher) DataType() CriterionDataType {
 	return generator.CriterionDataTypeUnused
 }
 
-func (rejectMatcher) Names() []string {
-	return []string{"reject"}
+func (rejectMatcher) Name() string {
+	return "reject"
 }
 
 func (m rejectMatcher) GenerateRule(_ string, _ parser.Value) (*ast.Rule, []*ast.Rule, error) {

pkg/policy/criteria/users.go

@@ -28,8 +28,8 @@ func (usersCriterion) DataType() generator.CriterionDataType {
 	return CriterionDataTypeStringMatcher
 }
 
-func (usersCriterion) Names() []string {
-	return []string{"user", "users"}
+func (usersCriterion) Name() string {
+	return "user"
 }
 
 func (c usersCriterion) GenerateRule(_ string, data parser.Value) (*ast.Rule, []*ast.Rule, error) {

pkg/policy/generator/criterion.go

@@ -9,7 +9,7 @@ import (
 // A Criterion generates rego rules based on data.
 type Criterion interface {
 	DataType() CriterionDataType
-	Names() []string
+	Name() string
 	GenerateRule(subPath string, data parser.Value) (rule *ast.Rule, additionalRules []*ast.Rule, err error)
 }
 
@@ -19,7 +19,7 @@ type CriterionConstructor func(*Generator) Criterion
 // A criterionFunc is a criterion implemented as a function and a list of names.
 type criterionFunc struct {
 	dataType     CriterionDataType
-	names        []string
+	name         string
 	generateRule func(subPath string, data parser.Value) (rule *ast.Rule, additionalRules []*ast.Rule, err error)
 }
 
@@ -28,9 +28,9 @@ func (c criterionFunc) DataType() CriterionDataType {
 	return c.dataType
 }
 
-// Names returns the names of the criterion.
-func (c criterionFunc) Names() []string {
-	return c.names
+// Name returns the name of the criterion.
+func (c criterionFunc) Name() string {
+	return c.name
 }
 
 // GenerateRule calls the underlying generateRule function.
@@ -41,11 +41,12 @@ func (c criterionFunc) GenerateRule(subPath string, data parser.Value) (rule *as
 // NewCriterionFunc creates a new Criterion from a function.
 func NewCriterionFunc(
 	dataType CriterionDataType,
-	names []string,
+	name string,
 	f func(subPath string, data parser.Value) (rule *ast.Rule, additionalRules []*ast.Rule, err error),
 ) Criterion {
 	return criterionFunc{
-		names:        names,
+		dataType:     dataType,
+		name:         name,
 		generateRule: f,
 	}
 }

pkg/policy/generator/generator.go

@@ -23,9 +23,7 @@ type Option func(*Generator)
 func WithCriterion(criterionConstructor CriterionConstructor) Option {
 	return func(g *Generator) {
 		c := criterionConstructor(g)
-		for _, name := range c.Names() {
-			g.criteria[name] = c
-		}
+		g.criteria[c.Name()] = c
 	}
 }
 

pkg/policy/generator/generator_test.go

@@ -13,7 +13,7 @@ import (
 
 func Test(t *testing.T) {
 	g := New(WithCriterion(func(g *Generator) Criterion {
-		return NewCriterionFunc(CriterionDataTypeUnused, []string{"accept"}, func(subPath string, data parser.Value) (rule *ast.Rule, additionalRules []*ast.Rule, err error) {
+		return NewCriterionFunc(CriterionDataTypeUnused, "accept", func(subPath string, data parser.Value) (rule *ast.Rule, additionalRules []*ast.Rule, err error) {
 			rule = g.NewRule("accept")
 			rule.Body = append(rule.Body, ast.MustParseExpr("1 == 1"))
 			return rule, nil, nil