ppl: fix empty/no-op allow block added in some cases to converted PPL policies (#5289)

Fix empty/no-op allow block added in some cases to converted PPL policies
2025-08-02 16:30:17 +02:00 · 2024-09-16 18:52:54 -04:00 · 2024-09-16 18:52:54 -04:00 · d06a101f79
commit d06a101f79
parent 6171c09596
2 changed files with 76 additions and 2 deletions
--- a/config/policy_ppl_test.go
+++ b/config/policy_ppl_test.go
@ -533,3 +533,73 @@ else := value if {
 }
 `, str)
 }
+
+func TestPolicy_ToPPL_Embedded(t *testing.T) {
+	policy := Policy{
+		Policy: &PPLPolicy{
+			Policy: &parser.Policy{
+				Rules: []parser.Rule{
+					{
+						Action: parser.ActionAllow,
+						Or: []parser.Criterion{
+							{
+								Name: "foo",
+								Data: parser.Number("5"),
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+	assert.Equal(t, policy.Policy.Policy, policy.ToPPL())
+
+	policy2 := Policy{
+		AllowedUsers: []string{"test"},
+		Policy: &PPLPolicy{
+			Policy: &parser.Policy{
+				Rules: []parser.Rule{
+					{
+						Action: parser.ActionAllow,
+						Or: []parser.Criterion{
+							{
+								Name: "foo",
+								Data: parser.Number("5"),
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+	assert.Equal(t, &parser.Policy{
+		Rules: []parser.Rule{
+			{
+				Action: parser.ActionAllow,
+				Or: []parser.Criterion{
+					{
+						Name: "user",
+						Data: parser.Object{
+							"is": parser.String("test"),
+						},
+					},
+					{
+						Name: "email",
+						Data: parser.Object{
+							"is": parser.String("test"),
+						},
+					},
+				},
+			},
+			{
+				Action: parser.ActionAllow,
+				Or: []parser.Criterion{
+					{
+						Name: "foo",
+						Data: parser.Number("5"),
+					},
+				},
+			},
+		},
+	}, policy2.ToPPL())
+}