diff --git a/449805c83e13f332b1b35eac6ffa93187fbd1c648085.json b/449805c83e13f332b1b35eac6ffa93187fbd1c648085.json deleted file mode 100644 index 5f3495b..0000000 --- a/449805c83e13f332b1b35eac6ffa93187fbd1c648085.json +++ /dev/null @@ -1,164 +0,0 @@ -{ - "cedar_version": "4.4.0", - "policy_stores": { - "449805c83e13f332b1b35eac6ffa93187fbd1c648085": { - "name": "tarpDemo", - "description": "", - "policies": { - "76acfe86fb09731682f92c4fbf7d2e066813ce639404": { - "description": "allow_teacher_secretdocument", - "creation_date": "2025-06-04T14:41:49.809437", - "policy_content": "QGlkKCJhbGxvd190ZWFjaGVyX3NlY3JldGRvY3VtZW50IikKcGVybWl0KAogIHByaW5jaXBhbCBpbiBKYW5zOjpSb2xlOjoiVGVhY2hlciIsCiAgYWN0aW9uLAogIHJlc291cmNlIGlzIEphbnM6OlNlY3JldERvY3VtZW50Cik7" - }, - "a6f9c66ddcadeeec9e0f65420c89715b00a835ffdaec": { - "description": "allow_student_read", - "creation_date": "2025-10-23T02:34:43.316922", - "policy_content": "QGlkKCJhbGxvd19zdHVkZW50X3JlYWQiKQpwZXJtaXQgKAogIHByaW5jaXBhbCBpbiBKYW5zOjpSb2xlOjoiU3R1ZGVudCIsCiAgYWN0aW9uIGluIFtKYW5zOjpBY3Rpb246OiJSZWFkIl0sCiAgcmVzb3VyY2UKKTs=" - }, - "91b2611a1ea9859cb7ce780ca16adf3b2a68f892786a": { - "description": "user_can_read", - "creation_date": "2025-12-17T03:23:22.073817", - "policy_content": "QGlkKCJ1c2VyX2Nhbl9yZWFkIikKcGVybWl0ICgKICBwcmluY2lwYWwgaXMgSmFuczo6VXNlciwKICBhY3Rpb24gPT0gSmFuczo6QWN0aW9uOjoiUmVhZCIsCiAgcmVzb3VyY2UgaXMgSmFuczo6QXBwbGljYXRpb24KKTs=" - }, - "13b34711a196f382ade96677cefd513a2a6deff1b949": { - "description": "admin_can_write_to_application", - "creation_date": "2025-12-17T03:27:11.348191", - "policy_content": "QGlkKCJhZG1pbl9jYW5fd3JpdGVfdG9fYXBwbGljYXRpb24iKQpwZXJtaXQgKAogIHByaW5jaXBhbCBpbiBKYW5zOjpSb2xlOjoiYWRtaW4iLAogIGFjdGlvbiA9PSBKYW5zOjpBY3Rpb246OiJXcml0ZSIsCiAgcmVzb3VyY2UgaXMgSmFuczo6QXBwbGljYXRpb24KKTs=" - }, - "e76eb1853f0c6a199ca383cd9714e0113dfd851e079a": { - "description": "user_can_execute", - "creation_date": "2025-12-17T03:29:29.697429", - "policy_content": "QGlkKCJ1c2VyX2Nhbl9leGVjdXRlIikKcGVybWl0ICgKICBwcmluY2lwYWwgaXMgSmFuczo6VXNlciwKICBhY3Rpb24gPT0gSmFuczo6QWN0aW9uOjoiRXhlY3V0ZSIsCiAgcmVzb3VyY2UgaXMgSmFuczo6QXBwbGljYXRpb24KKTs=" - }, - "6e46e36071466cc37c0e9bbd65f16c51ea2ab152c6fc": { - "description": "user_can_search", - "creation_date": "2025-12-17T03:30:23.395550", - "policy_content": "QGlkKCJ1c2VyX2Nhbl9zZWFyY2giKQpwZXJtaXQgKAogIHByaW5jaXBhbCBpcyBKYW5zOjpVc2VyLAogIGFjdGlvbiA9PSBKYW5zOjpBY3Rpb246OiJTZWFyY2giLAogIHJlc291cmNlIGlzIEphbnM6OkFwcGxpY2F0aW9uCik7" - }, - "c4729e4ab456b4c8e74102593e5b32e04176bc837cc5": { - "description": "user_can_compare", - "creation_date": "2025-12-17T03:31:56.340687", - "policy_content": "QGlkKCJ1c2VyX2Nhbl9jb21wYXJlIikKcGVybWl0ICgKICBwcmluY2lwYWwgaXMgSmFuczo6VXNlciwKICBhY3Rpb24gPT0gSmFuczo6QWN0aW9uOjoiQ29tcGFyZSIsCiAgcmVzb3VyY2UgaXMgSmFuczo6QXBwbGljYXRpb24KKTs=" - }, - "b5111ecf0d218da2cdbece83aeb77cb6b479d3b5d85c": { - "description": "user_can_monitor", - "creation_date": "2025-12-17T03:36:25.922696", - "policy_content": "QGlkKCJ1c2VyX2Nhbl9tb25pdG9yIikKcGVybWl0ICgKICBwcmluY2lwYWwgaXMgSmFuczo6VXNlciwKICBhY3Rpb24gPT0gSmFuczo6QWN0aW9uOjoiTW9uaXRvciIsCiAgcmVzb3VyY2UgaXMgSmFuczo6QXBwbGljYXRpb24KKTs=" - }, - "fe84f983188f1639a03ed77c0753fc893fbe0d4cf155": { - "description": "editor_can_share", - "creation_date": "2025-12-17T03:42:20.479615", - "policy_content": "QGlkKCJlZGl0b3JfY2FuX3NoYXJlIikKcGVybWl0ICgKICBwcmluY2lwYWwgaW4gSmFuczo6Um9sZTo6IkVkaXRvciIsCiAgYWN0aW9uID09IEphbnM6OkFjdGlvbjo6IlNoYXJlIiwKICByZXNvdXJjZSBpcyBKYW5zOjpBcHBsaWNhdGlvbgopOw==" - }, - "4ab79a92feac06a1a005373b741ed50e07d23d98f9a5": { - "description": "user_can_tag", - "creation_date": "2025-12-17T03:46:40.203758", - "policy_content": "QGlkKCJ1c2VyX2Nhbl90YWciKQpwZXJtaXQgKAogIHByaW5jaXBhbCBpcyBKYW5zOjpVc2VyLAogIGFjdGlvbiA9PSBKYW5zOjpBY3Rpb246OiJUYWciLAogIHJlc291cmNlIGlzIEphbnM6OkFwcGxpY2F0aW9uCik7" - }, - "f38f10e80c6f429153cf97781a4c6bcf29761a04259f": { - "description": "cannot_write_if_not_admin", - "creation_date": "2025-12-17T03:58:32.886850", - "policy_content": "QGlkKCJjYW5ub3Rfd3JpdGVfaWZfbm90X2FkbWluIikKZm9yYmlkICgKICBwcmluY2lwYWwgaXMgSmFuczo6VXNlciwKICBhY3Rpb24gPT0gSmFuczo6QWN0aW9uOjoiV3JpdGUiLAogIHJlc291cmNlIGlzIEphbnM6OkFwcGxpY2F0aW9uCikgd2hlbiB7CiAgcHJpbmNpcGFsIGhhcyByb2xlICYmCiAgIXByaW5jaXBhbC5yb2xlLmNvbnRhaW5zKCJhZG1pbiIpCn07" - }, - "420184da127304d1b2898761893a974096f6dbade45a": { - "description": "user_cannot_execute_on_public_network", - "creation_date": "2025-12-17T04:00:52.937385", - "policy_content": "QGlkKCJ1c2VyX2Nhbm5vdF9leGVjdXRlX29uX3B1YmxpY19uZXR3b3JrIikKZm9yYmlkICgKICBwcmluY2lwYWwgaXMgSmFuczo6VXNlciwKICBhY3Rpb24gPT0gSmFuczo6QWN0aW9uOjoiRXhlY3V0ZSIsCiAgcmVzb3VyY2UgaXMgSmFuczo6QXBwbGljYXRpb24KKSB3aGVuIHsKICBjb250ZXh0IGhhcyBuZXR3b3JrX3R5cGUgJiYKICBjb250ZXh0Lm5ldHdvcmtfdHlwZSA9PSAicHVibGljIgp9Owo=" - }, - "e459eba6691d141497dd1317e44d3d5b3bdd9fd65150": { - "description": "user_can_read_if_confidential_role", - "creation_date": "2025-12-17T04:08:48.207025", - "policy_content": "QGlkKCJ1c2VyX2Nhbl9yZWFkX2lmX2NvbmZpZGVudGlhbF9yb2xlIikKcGVybWl0ICgKICBwcmluY2lwYWwgaW4gSmFuczo6Um9sZTo6ImNvbmZpZGVudGlhbCIsCiAgYWN0aW9uID09IEphbnM6OkFjdGlvbjo6IlJlYWQiLAogIHJlc291cmNlIGlzIEphbnM6OlNlY3JldERvY3VtZW50Cik7" - }, - "9e2f1520bd292765609e8ce57add8d3c134e3a91759d": { - "description": "security_admin_can_write_to_secretdocument", - "creation_date": "2025-12-17T04:17:56.420102", - "policy_content": "QGlkKCJzZWN1cml0eV9hZG1pbl9jYW5fd3JpdGVfdG9fc2VjcmV0ZG9jdW1lbnQiKQpwZXJtaXQgKAogIHByaW5jaXBhbCBpbiBKYW5zOjpSb2xlOjoic2VjdXJpdHktYWRtaW4iLAogIGFjdGlvbiA9PSBKYW5zOjpBY3Rpb246OiJXcml0ZSIsCiAgcmVzb3VyY2UgaXMgSmFuczo6U2VjcmV0RG9jdW1lbnQKKTs=" - }, - "689edd369c276afb5a163119dcd92c74196a4e0c7bdb": { - "description": "user_cannot_read_if_compromised", - "creation_date": "2025-12-17T10:14:47.702218", - "policy_content": "QGlkKCJ1c2VyX2Nhbm5vdF9yZWFkX2lmX2NvbXByb21pc2VkIikKZm9yYmlkICgKICBwcmluY2lwYWwgaXMgSmFuczo6VXNlciwKICBhY3Rpb24gPT0gSmFuczo6QWN0aW9uOjoiUmVhZCIsCiAgcmVzb3VyY2UgaXMgSmFuczo6U2VjcmV0RG9jdW1lbnQKKSB3aGVuIHsKICBjb250ZXh0IGhhcyBkZXZpY2VfaGVhbHRoICYmCiAgY29udGV4dC5kZXZpY2VfaGVhbHRoLmNvbnRhaW5zKCJjb21wcm9taXNlZCIpCn07" - }, - "fe83e4b2338614b970559ce4141b6d3e60559d79282c": { - "description": "user_can_read_in_corp_network", - "creation_date": "2025-12-17T10:15:23.244030", - "policy_content": "QGlkKCJ1c2VyX2Nhbl9yZWFkX2luX2NvcnBfbmV0d29yayIpCnBlcm1pdCAoCiAgcHJpbmNpcGFsIGlzIEphbnM6OlVzZXIsCiAgYWN0aW9uID09IEphbnM6OkFjdGlvbjo6IlJlYWQiLAogIHJlc291cmNlIGlzIEphbnM6OlNlY3JldERvY3VtZW50Cikgd2hlbiB7CiAgY29udGV4dCBoYXMgbmV0d29yayAmJgogIGNvbnRleHQubmV0d29yayA9PSAiY29ycCIKfTs=" - }, - "c367d06f19af8db1ec69354044334c799ff4cd2021ae": { - "description": "user_cannot_read_if_fraudulent", - "creation_date": "2025-12-17T10:16:52.386299", - "policy_content": "QGlkKCJ1c2VyX2Nhbm5vdF9yZWFkX2lmX2ZyYXVkdWxlbnQiKQpmb3JiaWQgKAogIHByaW5jaXBhbCBpcyBKYW5zOjpVc2VyLAogIGFjdGlvbiA9PSBKYW5zOjpBY3Rpb246OiJSZWFkIiwKICByZXNvdXJjZSBpcyBKYW5zOjpTZWNyZXREb2N1bWVudAopIHdoZW4gewogIGNvbnRleHQgaGFzIGZyYXVkX2luZGljYXRvcnMgJiYKICBjb250ZXh0LmZyYXVkX2luZGljYXRvcnMuY29udGFpbnMoImhpZ2hfcmlzayIpCn07" - }, - "50c0ea31a9ed25a575b7538dec38cb953431651e7bec": { - "description": "user_can_read_if_email_is_example", - "creation_date": "2025-12-17T10:21:47.433255", - "policy_content": "QGlkKCJ1c2VyX2Nhbl9yZWFkX2lmX2VtYWlsX2lzX2V4YW1wbGUiKQpwZXJtaXQgKAogIHByaW5jaXBhbCBpcyBKYW5zOjpVc2VyLAogIGFjdGlvbiA9PSBKYW5zOjpBY3Rpb246OiJSZWFkIiwKICByZXNvdXJjZSBpcyBKYW5zOjpTZWNyZXREb2N1bWVudAopCndoZW4gewogIHByaW5jaXBhbCBoYXMgZW1haWwgJiYKICBwcmluY2lwYWwuZW1haWwuZG9tYWluID09ICJleGFtcGxlLmNvbSIKfTs=" - }, - "28e83add6e203af0d3814f06228e45a0eeb5c1269b08": { - "description": "user_cannot_write_from_restricted_country", - "creation_date": "2025-12-17T10:25:47.641641", - "policy_content": "QGlkKCJ1c2VyX2Nhbm5vdF93cml0ZV9mcm9tX3Jlc3RyaWN0ZWRfY291bnRyeSIpCmZvcmJpZCAoCiAgcHJpbmNpcGFsIGlzIEphbnM6OlVzZXIsCiAgYWN0aW9uID09IEphbnM6OkFjdGlvbjo6IldyaXRlIiwKICByZXNvdXJjZSBpcyBKYW5zOjpTZWNyZXREb2N1bWVudAopIHdoZW4gewogIGNvbnRleHQgaGFzIGdlb2xvY2F0aW9uICYmCiAgY29udGV4dC5nZW9sb2NhdGlvbi5jb250YWlucygicmVzdHJpY3RlZCIpCn07" - } - }, - "trusted_issuers": { - "1985d6d8767b87d752035c9f9c0078daf057ad2cd5ea": { - "name": "Jans", - "description": "", - "openid_configuration_endpoint": "https://test-jans.gluu.info/.well-known/openid-configuration", - "token_metadata": { - "access_token": { - "trusted": true, - "entity_type_name": "Jans::Access_token", - "user_id": "sub", - "token_id": "jti", - "workload_id": "rp_id", - "claim_mapping": {}, - "required_claims": [ - "jti", - "iss", - "aud", - "sub", - "exp", - "nbf" - ], - "role_mapping": "role", - "principal_mapping": [ - "Jans::Workload" - ] - }, - "id_token": { - "trusted": true, - "entity_type_name": "Jans::id_token", - "user_id": "sub", - "token_id": "jti", - "role_mapping": "role", - "claim_mapping": {}, - "principal_mapping": [ - "Jans::User" - ] - }, - "userinfo_token": { - "trusted": true, - "entity_type_name": "Jans::Userinfo_token", - "user_id": "sub", - "token_id": "jti", - "role_mapping": "role", - "claim_mapping": {}, - "principal_mapping": [ - "Jans::User" - ] - }, - "tx_token": { - "trusted": true, - "entity_type_name": "Jans::Access_token", - "user_id": "sub", - "token_id": "jti" - } - } - } - }, - "schema": "eyJKYW5zIjp7ImNvbW1vblR5cGVzIjp7IkNvbnRleHQiOnsidHlwZSI6IlJlY29yZCIsImF0dHJpYnV0ZXMiOnsiY3VycmVudF90aW1lIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IkxvbmcifSwiZGV2aWNlX2hlYWx0aCI6eyJ0eXBlIjoiU2V0IiwicmVxdWlyZWQiOmZhbHNlLCJlbGVtZW50Ijp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsIm5hbWUiOiJTdHJpbmcifX0sImZyYXVkX2luZGljYXRvcnMiOnsidHlwZSI6IlNldCIsInJlcXVpcmVkIjpmYWxzZSwiZWxlbWVudCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiU3RyaW5nIn19LCJnZW9sb2NhdGlvbiI6eyJ0eXBlIjoiU2V0IiwicmVxdWlyZWQiOmZhbHNlLCJlbGVtZW50Ijp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsIm5hbWUiOiJTdHJpbmcifX0sIm5ldHdvcmsiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sIm5ldHdvcmtfdHlwZSI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJTdHJpbmcifSwib3BlcmF0aW5nX3N5c3RlbSI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJTdHJpbmcifSwidG9rZW5zIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IlRva2Vuc0NvbnRleHQifSwidXNlcl9hZ2VudCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJTdHJpbmcifX19LCJlbWFpbF9hZGRyZXNzIjp7InR5cGUiOiJSZWNvcmQiLCJhdHRyaWJ1dGVzIjp7ImRvbWFpbiI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiU3RyaW5nIn0sInVpZCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiU3RyaW5nIn19fSwiVG9rZW5zQ29udGV4dCI6eyJ0eXBlIjoiUmVjb3JkIiwiYXR0cmlidXRlcyI6eyJ0b3RhbF90b2tlbl9jb3VudCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiTG9uZyJ9fX0sIlVybCI6eyJ0eXBlIjoiUmVjb3JkIiwiYXR0cmlidXRlcyI6eyJob3N0Ijp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsIm5hbWUiOiJTdHJpbmcifSwicGF0aCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiU3RyaW5nIn0sInByb3RvY29sIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsIm5hbWUiOiJTdHJpbmcifX19fSwiZW50aXR5VHlwZXMiOnsiQWNjZXNzX3Rva2VuIjp7InNoYXBlIjp7InR5cGUiOiJSZWNvcmQiLCJhdHRyaWJ1dGVzIjp7ImF1ZCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJTdHJpbmcifSwiZXhwIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IkxvbmcifSwiaWF0Ijp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IkxvbmcifSwiaXNzIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IlRydXN0ZWRJc3N1ZXIifSwianRpIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IlN0cmluZyJ9LCJuYmYiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiTG9uZyJ9LCJzY29wZSI6eyJ0eXBlIjoiU2V0IiwicmVxdWlyZWQiOmZhbHNlLCJlbGVtZW50Ijp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsIm5hbWUiOiJTdHJpbmcifX0sInRva2VuX3R5cGUiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sInZhbGlkYXRlZF9hdCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJMb25nIn19fSwidGFncyI6eyJ0eXBlIjoiU2V0IiwiZWxlbWVudCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiU3RyaW5nIn19fSwiQXBwbGljYXRpb24iOnsic2hhcGUiOnsidHlwZSI6IlJlY29yZCIsImF0dHJpYnV0ZXMiOnsiYXBwX2lkIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsIm5hbWUiOiJTdHJpbmcifSwibmFtZSI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiU3RyaW5nIn0sInVybCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiVXJsIn19fX0sIkhUVFBfUmVxdWVzdCI6eyJzaGFwZSI6eyJ0eXBlIjoiUmVjb3JkIiwiYXR0cmlidXRlcyI6eyJoZWFkZXIiOnsidHlwZSI6IlJlY29yZCIsImF0dHJpYnV0ZXMiOnsiQWNjZXB0Ijp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IlN0cmluZyJ9fX0sInVybCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiVXJsIn19fX0sImlkX3Rva2VuIjp7InNoYXBlIjp7InR5cGUiOiJSZWNvcmQiLCJhdHRyaWJ1dGVzIjp7ImFjciI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJTdHJpbmcifSwiYW1yIjp7InR5cGUiOiJTZXQiLCJyZXF1aXJlZCI6ZmFsc2UsImVsZW1lbnQiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwibmFtZSI6IlN0cmluZyJ9fSwiYXVkIjp7InR5cGUiOiJTZXQiLCJyZXF1aXJlZCI6ZmFsc2UsImVsZW1lbnQiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwibmFtZSI6IlN0cmluZyJ9fSwiYXpwIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IlN0cmluZyJ9LCJiaXJ0aGRhdGUiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sImVtYWlsIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6ImVtYWlsX2FkZHJlc3MifSwiZXhwIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IkxvbmcifSwiaWF0Ijp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IkxvbmcifSwiaXNzIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IlRydXN0ZWRJc3N1ZXIifSwianRpIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IlN0cmluZyJ9LCJuYW1lIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IlN0cmluZyJ9LCJwaG9uZV9udW1iZXIiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sInJvbGUiOnsidHlwZSI6IlNldCIsInJlcXVpcmVkIjpmYWxzZSwiZWxlbWVudCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiU3RyaW5nIn19LCJzdWIiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sInRva2VuX3R5cGUiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sInZhbGlkYXRlZF9hdCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJMb25nIn19fSwidGFncyI6eyJ0eXBlIjoiU2V0IiwiZWxlbWVudCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiU3RyaW5nIn19fSwiUm9sZSI6eyJzaGFwZSI6eyJ0eXBlIjoiUmVjb3JkIiwiYXR0cmlidXRlcyI6e319fSwiU2VjcmV0RG9jdW1lbnQiOnsic2hhcGUiOnsidHlwZSI6IlJlY29yZCIsImF0dHJpYnV0ZXMiOnt9fX0sIlRydXN0ZWRJc3N1ZXIiOnsic2hhcGUiOnsidHlwZSI6IlJlY29yZCIsImF0dHJpYnV0ZXMiOnsiaXNzdWVyX2VudGl0eV9pZCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiVXJsIn19fX0sIlVzZXIiOnsic2hhcGUiOnsidHlwZSI6IlJlY29yZCIsImF0dHJpYnV0ZXMiOnsiZW1haWwiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiZW1haWxfYWRkcmVzcyJ9LCJpZF90b2tlbiI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJpZF90b2tlbiJ9LCJwaG9uZV9udW1iZXIiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sInJvbGUiOnsidHlwZSI6IlNldCIsImVsZW1lbnQiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwibmFtZSI6IlN0cmluZyJ9fSwic3ViIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsIm5hbWUiOiJTdHJpbmcifSwidXNlcmluZm9fdG9rZW4iOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiVXNlcmluZm9fdG9rZW4ifSwidXNlcm5hbWUiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn19fSwibWVtYmVyT2ZUeXBlcyI6WyJSb2xlIl19LCJVc2VyaW5mb190b2tlbiI6eyJzaGFwZSI6eyJ0eXBlIjoiUmVjb3JkIiwiYXR0cmlidXRlcyI6eyJhdWQiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sImJpcnRoZGF0ZSI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJTdHJpbmcifSwiZW1haWwiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiZW1haWxfYWRkcmVzcyJ9LCJleHAiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiTG9uZyJ9LCJpYXQiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiTG9uZyJ9LCJpc3MiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiVHJ1c3RlZElzc3VlciJ9LCJqdGkiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sIm5hbWUiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sInBob25lX251bWJlciI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJTdHJpbmcifSwicm9sZSI6eyJ0eXBlIjoiU2V0IiwicmVxdWlyZWQiOmZhbHNlLCJlbGVtZW50Ijp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsIm5hbWUiOiJTdHJpbmcifX0sInN1YiI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJTdHJpbmcifSwidG9rZW5fdHlwZSI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJTdHJpbmcifSwidmFsaWRhdGVkX2F0Ijp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IkxvbmcifX19LCJ0YWdzIjp7InR5cGUiOiJTZXQiLCJlbGVtZW50Ijp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsIm5hbWUiOiJTdHJpbmcifX19LCJXb3JrbG9hZCI6eyJzaGFwZSI6eyJ0eXBlIjoiUmVjb3JkIiwiYXR0cmlidXRlcyI6eyJhY2Nlc3NfdG9rZW4iOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiQWNjZXNzX3Rva2VuIn0sImNsaWVudF9pZCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiU3RyaW5nIn0sImlzcyI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJUcnVzdGVkSXNzdWVyIn0sIm5hbWUiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sInJwX2lkIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IlN0cmluZyJ9LCJzcGlmZmVfaWQiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn19fX19LCJhY3Rpb25zIjp7IkNvbXBhcmUiOnsiYXBwbGllc1RvIjp7InByaW5jaXBhbFR5cGVzIjpbIlVzZXIiLCJXb3JrbG9hZCJdLCJyZXNvdXJjZVR5cGVzIjpbIkFwcGxpY2F0aW9uIl0sImNvbnRleHQiOnsidHlwZSI6IkNvbnRleHQifX19LCJERUxFVEUiOnsiYXBwbGllc1RvIjp7InByaW5jaXBhbFR5cGVzIjpbIldvcmtsb2FkIl0sInJlc291cmNlVHlwZXMiOlsiSFRUUF9SZXF1ZXN0Il0sImNvbnRleHQiOnsidHlwZSI6IkNvbnRleHQifX19LCJFeGVjdXRlIjp7ImFwcGxpZXNUbyI6eyJwcmluY2lwYWxUeXBlcyI6WyJVc2VyIiwiV29ya2xvYWQiXSwicmVzb3VyY2VUeXBlcyI6WyJBcHBsaWNhdGlvbiJdLCJjb250ZXh0Ijp7InR5cGUiOiJDb250ZXh0In19fSwiR0VUIjp7ImFwcGxpZXNUbyI6eyJwcmluY2lwYWxUeXBlcyI6WyJXb3JrbG9hZCJdLCJyZXNvdXJjZVR5cGVzIjpbIkhUVFBfUmVxdWVzdCJdLCJjb250ZXh0Ijp7InR5cGUiOiJDb250ZXh0In19fSwiSEVBRCI6eyJhcHBsaWVzVG8iOnsicHJpbmNpcGFsVHlwZXMiOlsiV29ya2xvYWQiXSwicmVzb3VyY2VUeXBlcyI6WyJIVFRQX1JlcXVlc3QiXSwiY29udGV4dCI6eyJ0eXBlIjoiQ29udGV4dCJ9fX0sIk1vbml0b3IiOnsiYXBwbGllc1RvIjp7InByaW5jaXBhbFR5cGVzIjpbIlVzZXIiLCJXb3JrbG9hZCJdLCJyZXNvdXJjZVR5cGVzIjpbIkFwcGxpY2F0aW9uIl0sImNvbnRleHQiOnsidHlwZSI6IkNvbnRleHQifX19LCJQQVRDSCI6eyJhcHBsaWVzVG8iOnsicHJpbmNpcGFsVHlwZXMiOlsiV29ya2xvYWQiXSwicmVzb3VyY2VUeXBlcyI6WyJIVFRQX1JlcXVlc3QiXSwiY29udGV4dCI6eyJ0eXBlIjoiQ29udGV4dCJ9fX0sIlBPU1QiOnsiYXBwbGllc1RvIjp7InByaW5jaXBhbFR5cGVzIjpbIldvcmtsb2FkIl0sInJlc291cmNlVHlwZXMiOlsiSFRUUF9SZXF1ZXN0Il0sImNvbnRleHQiOnsidHlwZSI6IkNvbnRleHQifX19LCJQVVQiOnsiYXBwbGllc1RvIjp7InByaW5jaXBhbFR5cGVzIjpbIldvcmtsb2FkIl0sInJlc291cmNlVHlwZXMiOlsiSFRUUF9SZXF1ZXN0Il0sImNvbnRleHQiOnsidHlwZSI6IkNvbnRleHQifX19LCJSZWFkIjp7ImFwcGxpZXNUbyI6eyJwcmluY2lwYWxUeXBlcyI6WyJVc2VyIiwiV29ya2xvYWQiXSwicmVzb3VyY2VUeXBlcyI6WyJBcHBsaWNhdGlvbiIsIlNlY3JldERvY3VtZW50Il0sImNvbnRleHQiOnsidHlwZSI6IkNvbnRleHQifX19LCJTZWFyY2giOnsiYXBwbGllc1RvIjp7InByaW5jaXBhbFR5cGVzIjpbIlVzZXIiLCJXb3JrbG9hZCJdLCJyZXNvdXJjZVR5cGVzIjpbIkFwcGxpY2F0aW9uIl0sImNvbnRleHQiOnsidHlwZSI6IkNvbnRleHQifX19LCJTaGFyZSI6eyJhcHBsaWVzVG8iOnsicHJpbmNpcGFsVHlwZXMiOlsiVXNlciIsIldvcmtsb2FkIl0sInJlc291cmNlVHlwZXMiOlsiQXBwbGljYXRpb24iXSwiY29udGV4dCI6eyJ0eXBlIjoiQ29udGV4dCJ9fX0sIlRhZyI6eyJhcHBsaWVzVG8iOnsicHJpbmNpcGFsVHlwZXMiOlsiVXNlciIsIldvcmtsb2FkIl0sInJlc291cmNlVHlwZXMiOlsiQXBwbGljYXRpb24iXSwiY29udGV4dCI6eyJ0eXBlIjoiQ29udGV4dCJ9fX0sIldyaXRlIjp7ImFwcGxpZXNUbyI6eyJwcmluY2lwYWxUeXBlcyI6WyJVc2VyIiwiV29ya2xvYWQiXSwicmVzb3VyY2VUeXBlcyI6WyJBcHBsaWNhdGlvbiIsIlNlY3JldERvY3VtZW50Il0sImNvbnRleHQiOnsidHlwZSI6IkNvbnRleHQifX19fX19" - } - } -} diff --git a/6d9f73b2d44ad4e7aa8f1182cde9f72dcbaa244f4327.json b/6d9f73b2d44ad4e7aa8f1182cde9f72dcbaa244f4327.json deleted file mode 100644 index d906c3e..0000000 --- a/6d9f73b2d44ad4e7aa8f1182cde9f72dcbaa244f4327.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "cedar_version": "4.3.0", - "policy_stores": { - "6d9f73b2d44ad4e7aa8f1182cde9f72dcbaa244f4327": { - "name": "tarpUnsignedDemo", - "description": "", - "policies": { - "a2d0458ac26b69e4b191193fa307d941e8ab0ca2d5b1": { - "description": "allow_teacher", - "creation_date": "2025-04-07T16:02:31.260907", - "policy_content": "QGlkKCJhbGxvd190ZWFjaGVyIikKcGVybWl0KAogIHByaW5jaXBhbCBpcyBKYW5zOjpVc2VyLAogIGFjdGlvbiwKICByZXNvdXJjZQopCndoZW4gewogIHByaW5jaXBhbCBoYXMgcm9sZSAmJgogIHByaW5jaXBhbC5yb2xlLmNvbnRhaW5zKCJUZWFjaGVyIikKfTs=" - } - }, - "trusted_issuers": {}, - "schema": "eyJKYW5zIjp7ImNvbW1vblR5cGVzIjp7IkNvbnRleHQiOnsidHlwZSI6IlJlY29yZCIsImF0dHJpYnV0ZXMiOnsiY3VycmVudF90aW1lIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IkxvbmcifSwiZGV2aWNlX2hlYWx0aCI6eyJ0eXBlIjoiU2V0IiwicmVxdWlyZWQiOmZhbHNlLCJlbGVtZW50Ijp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsIm5hbWUiOiJTdHJpbmcifX0sImZyYXVkX2luZGljYXRvcnMiOnsidHlwZSI6IlNldCIsInJlcXVpcmVkIjpmYWxzZSwiZWxlbWVudCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiU3RyaW5nIn19LCJnZW9sb2NhdGlvbiI6eyJ0eXBlIjoiU2V0IiwicmVxdWlyZWQiOmZhbHNlLCJlbGVtZW50Ijp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsIm5hbWUiOiJTdHJpbmcifX0sIm5ldHdvcmsiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sIm5ldHdvcmtfdHlwZSI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJTdHJpbmcifSwib3BlcmF0aW5nX3N5c3RlbSI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJTdHJpbmcifSwidG9rZW5zIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IlRva2Vuc0NvbnRleHQifSwidXNlcl9hZ2VudCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJTdHJpbmcifX19LCJlbWFpbF9hZGRyZXNzIjp7InR5cGUiOiJSZWNvcmQiLCJhdHRyaWJ1dGVzIjp7ImRvbWFpbiI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiU3RyaW5nIn0sInVpZCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiU3RyaW5nIn19fSwiVG9rZW5zQ29udGV4dCI6eyJ0eXBlIjoiUmVjb3JkIiwiYXR0cmlidXRlcyI6eyJ0b3RhbF90b2tlbl9jb3VudCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiTG9uZyJ9fX0sIlVybCI6eyJ0eXBlIjoiUmVjb3JkIiwiYXR0cmlidXRlcyI6eyJob3N0Ijp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsIm5hbWUiOiJTdHJpbmcifSwicGF0aCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiU3RyaW5nIn0sInByb3RvY29sIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsIm5hbWUiOiJTdHJpbmcifX19fSwiZW50aXR5VHlwZXMiOnsiQWNjZXNzX3Rva2VuIjp7InNoYXBlIjp7InR5cGUiOiJSZWNvcmQiLCJhdHRyaWJ1dGVzIjp7ImF1ZCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJTdHJpbmcifSwiZXhwIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IkxvbmcifSwiaWF0Ijp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IkxvbmcifSwiaXNzIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IlRydXN0ZWRJc3N1ZXIifSwianRpIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IlN0cmluZyJ9LCJuYmYiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiTG9uZyJ9LCJzY29wZSI6eyJ0eXBlIjoiU2V0IiwicmVxdWlyZWQiOmZhbHNlLCJlbGVtZW50Ijp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsIm5hbWUiOiJTdHJpbmcifX0sInRva2VuX3R5cGUiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sInZhbGlkYXRlZF9hdCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJMb25nIn19fSwidGFncyI6eyJ0eXBlIjoiU2V0IiwiZWxlbWVudCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiU3RyaW5nIn19fSwiQXBwbGljYXRpb24iOnsic2hhcGUiOnsidHlwZSI6IlJlY29yZCIsImF0dHJpYnV0ZXMiOnsiYXBwX2lkIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsIm5hbWUiOiJTdHJpbmcifSwibmFtZSI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiU3RyaW5nIn0sInVybCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiVXJsIn19fX0sIkhUVFBfUmVxdWVzdCI6eyJzaGFwZSI6eyJ0eXBlIjoiUmVjb3JkIiwiYXR0cmlidXRlcyI6eyJoZWFkZXIiOnsidHlwZSI6IlJlY29yZCIsImF0dHJpYnV0ZXMiOnsiQWNjZXB0Ijp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IlN0cmluZyJ9fX0sInVybCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiVXJsIn19fX0sImlkX3Rva2VuIjp7InNoYXBlIjp7InR5cGUiOiJSZWNvcmQiLCJhdHRyaWJ1dGVzIjp7ImFjciI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJTdHJpbmcifSwiYW1yIjp7InR5cGUiOiJTZXQiLCJyZXF1aXJlZCI6ZmFsc2UsImVsZW1lbnQiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwibmFtZSI6IlN0cmluZyJ9fSwiYXVkIjp7InR5cGUiOiJTZXQiLCJyZXF1aXJlZCI6ZmFsc2UsImVsZW1lbnQiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwibmFtZSI6IlN0cmluZyJ9fSwiYXpwIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IlN0cmluZyJ9LCJiaXJ0aGRhdGUiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sImVtYWlsIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6ImVtYWlsX2FkZHJlc3MifSwiZXhwIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IkxvbmcifSwiaWF0Ijp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IkxvbmcifSwiaXNzIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IlRydXN0ZWRJc3N1ZXIifSwianRpIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IlN0cmluZyJ9LCJuYW1lIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IlN0cmluZyJ9LCJwaG9uZV9udW1iZXIiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sInJvbGUiOnsidHlwZSI6IlNldCIsInJlcXVpcmVkIjpmYWxzZSwiZWxlbWVudCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiU3RyaW5nIn19LCJzdWIiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sInRva2VuX3R5cGUiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sInZhbGlkYXRlZF9hdCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJMb25nIn19fSwidGFncyI6eyJ0eXBlIjoiU2V0IiwiZWxlbWVudCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiU3RyaW5nIn19fSwiUm9sZSI6eyJzaGFwZSI6eyJ0eXBlIjoiUmVjb3JkIiwiYXR0cmlidXRlcyI6e319fSwiU2VjcmV0RG9jdW1lbnQiOnsic2hhcGUiOnsidHlwZSI6IlJlY29yZCIsImF0dHJpYnV0ZXMiOnt9fX0sIlRydXN0ZWRJc3N1ZXIiOnsic2hhcGUiOnsidHlwZSI6IlJlY29yZCIsImF0dHJpYnV0ZXMiOnsiaXNzdWVyX2VudGl0eV9pZCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiVXJsIn19fX0sIlVzZXIiOnsic2hhcGUiOnsidHlwZSI6IlJlY29yZCIsImF0dHJpYnV0ZXMiOnsiZW1haWwiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiZW1haWxfYWRkcmVzcyJ9LCJpZF90b2tlbiI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJpZF90b2tlbiJ9LCJwaG9uZV9udW1iZXIiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sInJvbGUiOnsidHlwZSI6IlNldCIsImVsZW1lbnQiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwibmFtZSI6IlN0cmluZyJ9fSwic3ViIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsIm5hbWUiOiJTdHJpbmcifSwidXNlcmluZm9fdG9rZW4iOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiVXNlcmluZm9fdG9rZW4ifSwidXNlcm5hbWUiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn19fSwibWVtYmVyT2ZUeXBlcyI6WyJSb2xlIl19LCJVc2VyaW5mb190b2tlbiI6eyJzaGFwZSI6eyJ0eXBlIjoiUmVjb3JkIiwiYXR0cmlidXRlcyI6eyJhdWQiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sImJpcnRoZGF0ZSI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJTdHJpbmcifSwiZW1haWwiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiZW1haWxfYWRkcmVzcyJ9LCJleHAiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiTG9uZyJ9LCJpYXQiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiTG9uZyJ9LCJpc3MiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiVHJ1c3RlZElzc3VlciJ9LCJqdGkiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sIm5hbWUiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sInBob25lX251bWJlciI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJTdHJpbmcifSwicm9sZSI6eyJ0eXBlIjoiU2V0IiwicmVxdWlyZWQiOmZhbHNlLCJlbGVtZW50Ijp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsIm5hbWUiOiJTdHJpbmcifX0sInN1YiI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJTdHJpbmcifSwidG9rZW5fdHlwZSI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJTdHJpbmcifSwidmFsaWRhdGVkX2F0Ijp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IkxvbmcifX19LCJ0YWdzIjp7InR5cGUiOiJTZXQiLCJlbGVtZW50Ijp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsIm5hbWUiOiJTdHJpbmcifX19LCJXb3JrbG9hZCI6eyJzaGFwZSI6eyJ0eXBlIjoiUmVjb3JkIiwiYXR0cmlidXRlcyI6eyJhY2Nlc3NfdG9rZW4iOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiQWNjZXNzX3Rva2VuIn0sImNsaWVudF9pZCI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJuYW1lIjoiU3RyaW5nIn0sImlzcyI6eyJ0eXBlIjoiRW50aXR5T3JDb21tb24iLCJyZXF1aXJlZCI6ZmFsc2UsIm5hbWUiOiJUcnVzdGVkSXNzdWVyIn0sIm5hbWUiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn0sInJwX2lkIjp7InR5cGUiOiJFbnRpdHlPckNvbW1vbiIsInJlcXVpcmVkIjpmYWxzZSwibmFtZSI6IlN0cmluZyJ9LCJzcGlmZmVfaWQiOnsidHlwZSI6IkVudGl0eU9yQ29tbW9uIiwicmVxdWlyZWQiOmZhbHNlLCJuYW1lIjoiU3RyaW5nIn19fX19LCJhY3Rpb25zIjp7IkNvbXBhcmUiOnsiYXBwbGllc1RvIjp7InByaW5jaXBhbFR5cGVzIjpbIlVzZXIiLCJXb3JrbG9hZCJdLCJyZXNvdXJjZVR5cGVzIjpbIkFwcGxpY2F0aW9uIl0sImNvbnRleHQiOnsidHlwZSI6IkNvbnRleHQifX19LCJERUxFVEUiOnsiYXBwbGllc1RvIjp7InByaW5jaXBhbFR5cGVzIjpbIldvcmtsb2FkIl0sInJlc291cmNlVHlwZXMiOlsiSFRUUF9SZXF1ZXN0Il0sImNvbnRleHQiOnsidHlwZSI6IkNvbnRleHQifX19LCJFeGVjdXRlIjp7ImFwcGxpZXNUbyI6eyJwcmluY2lwYWxUeXBlcyI6WyJVc2VyIiwiV29ya2xvYWQiXSwicmVzb3VyY2VUeXBlcyI6WyJBcHBsaWNhdGlvbiJdLCJjb250ZXh0Ijp7InR5cGUiOiJDb250ZXh0In19fSwiR0VUIjp7ImFwcGxpZXNUbyI6eyJwcmluY2lwYWxUeXBlcyI6WyJXb3JrbG9hZCJdLCJyZXNvdXJjZVR5cGVzIjpbIkhUVFBfUmVxdWVzdCJdLCJjb250ZXh0Ijp7InR5cGUiOiJDb250ZXh0In19fSwiSEVBRCI6eyJhcHBsaWVzVG8iOnsicHJpbmNpcGFsVHlwZXMiOlsiV29ya2xvYWQiXSwicmVzb3VyY2VUeXBlcyI6WyJIVFRQX1JlcXVlc3QiXSwiY29udGV4dCI6eyJ0eXBlIjoiQ29udGV4dCJ9fX0sIk1vbml0b3IiOnsiYXBwbGllc1RvIjp7InByaW5jaXBhbFR5cGVzIjpbIlVzZXIiLCJXb3JrbG9hZCJdLCJyZXNvdXJjZVR5cGVzIjpbIkFwcGxpY2F0aW9uIl0sImNvbnRleHQiOnsidHlwZSI6IkNvbnRleHQifX19LCJQQVRDSCI6eyJhcHBsaWVzVG8iOnsicHJpbmNpcGFsVHlwZXMiOlsiV29ya2xvYWQiXSwicmVzb3VyY2VUeXBlcyI6WyJIVFRQX1JlcXVlc3QiXSwiY29udGV4dCI6eyJ0eXBlIjoiQ29udGV4dCJ9fX0sIlBPU1QiOnsiYXBwbGllc1RvIjp7InByaW5jaXBhbFR5cGVzIjpbIldvcmtsb2FkIl0sInJlc291cmNlVHlwZXMiOlsiSFRUUF9SZXF1ZXN0Il0sImNvbnRleHQiOnsidHlwZSI6IkNvbnRleHQifX19LCJQVVQiOnsiYXBwbGllc1RvIjp7InByaW5jaXBhbFR5cGVzIjpbIldvcmtsb2FkIl0sInJlc291cmNlVHlwZXMiOlsiSFRUUF9SZXF1ZXN0Il0sImNvbnRleHQiOnsidHlwZSI6IkNvbnRleHQifX19LCJSZWFkIjp7ImFwcGxpZXNUbyI6eyJwcmluY2lwYWxUeXBlcyI6WyJVc2VyIiwiV29ya2xvYWQiXSwicmVzb3VyY2VUeXBlcyI6WyJBcHBsaWNhdGlvbiIsIlNlY3JldERvY3VtZW50Il0sImNvbnRleHQiOnsidHlwZSI6IkNvbnRleHQifX19LCJTZWFyY2giOnsiYXBwbGllc1RvIjp7InByaW5jaXBhbFR5cGVzIjpbIlVzZXIiLCJXb3JrbG9hZCJdLCJyZXNvdXJjZVR5cGVzIjpbIkFwcGxpY2F0aW9uIl0sImNvbnRleHQiOnsidHlwZSI6IkNvbnRleHQifX19LCJTaGFyZSI6eyJhcHBsaWVzVG8iOnsicHJpbmNpcGFsVHlwZXMiOlsiVXNlciIsIldvcmtsb2FkIl0sInJlc291cmNlVHlwZXMiOlsiQXBwbGljYXRpb24iXSwiY29udGV4dCI6eyJ0eXBlIjoiQ29udGV4dCJ9fX0sIlRhZyI6eyJhcHBsaWVzVG8iOnsicHJpbmNpcGFsVHlwZXMiOlsiVXNlciIsIldvcmtsb2FkIl0sInJlc291cmNlVHlwZXMiOlsiQXBwbGljYXRpb24iXSwiY29udGV4dCI6eyJ0eXBlIjoiQ29udGV4dCJ9fX0sIldyaXRlIjp7ImFwcGxpZXNUbyI6eyJwcmluY2lwYWxUeXBlcyI6WyJVc2VyIiwiV29ya2xvYWQiXSwicmVzb3VyY2VUeXBlcyI6WyJBcHBsaWNhdGlvbiIsIlNlY3JldERvY3VtZW50Il0sImNvbnRleHQiOnsidHlwZSI6IkNvbnRleHQifX19fX19" - } - } -} \ No newline at end of file diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 261eeb9..0000000 --- a/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/tarpDemo/13b34711a196f382ade96677cefd513a2a6deff1b949.policy b/tarpDemo/13b34711a196f382ade96677cefd513a2a6deff1b949.policy deleted file mode 100644 index d8e59de..0000000 --- a/tarpDemo/13b34711a196f382ade96677cefd513a2a6deff1b949.policy +++ /dev/null @@ -1,6 +0,0 @@ -@id("admin_can_write_to_application") -permit ( - principal in Jans::Role::"admin", - action == Jans::Action::"Write", - resource is Jans::Application -); \ No newline at end of file diff --git a/tarpDemo/50c0ea31a9ed25a575b7538dec38cb953431651e7bec.policy b/tarpDemo/50c0ea31a9ed25a575b7538dec38cb953431651e7bec.policy deleted file mode 100644 index c7cccc3..0000000 --- a/tarpDemo/50c0ea31a9ed25a575b7538dec38cb953431651e7bec.policy +++ /dev/null @@ -1,10 +0,0 @@ -@id("user_can_read_if_email_is_example") -permit ( - principal is Jans::User, - action == Jans::Action::"Read", - resource is Jans::SecretDocument -) -when { - principal has email && - principal.email.domain == "example.com" -}; \ No newline at end of file diff --git a/tarpDemo/76acfe86fb09731682f92c4fbf7d2e066813ce639404.policy b/tarpDemo/76acfe86fb09731682f92c4fbf7d2e066813ce639404.policy deleted file mode 100644 index b1f618f..0000000 --- a/tarpDemo/76acfe86fb09731682f92c4fbf7d2e066813ce639404.policy +++ /dev/null @@ -1,6 +0,0 @@ -@id("allow_teacher_secretdocument") -permit( - principal in Jans::Role::"Teacher", - action, - resource is Jans::SecretDocument -); \ No newline at end of file diff --git a/tarpDemo/870eaec25d9c8e9a642c4ed4d08b1ad480e6bc1348c7.policy b/tarpDemo/870eaec25d9c8e9a642c4ed4d08b1ad480e6bc1348c7.policy deleted file mode 100644 index 82440e5..0000000 --- a/tarpDemo/870eaec25d9c8e9a642c4ed4d08b1ad480e6bc1348c7.policy +++ /dev/null @@ -1,6 +0,0 @@ -@id("user_cannot_write_to_secretdocument") -forbid ( - principal is Jans::User, - action == Jans::Action::"Write", - resource is Jans::SecretDocument -); \ No newline at end of file diff --git a/tarpDemo/9e2f1520bd292765609e8ce57add8d3c134e3a91759d.policy b/tarpDemo/9e2f1520bd292765609e8ce57add8d3c134e3a91759d.policy deleted file mode 100644 index 8fce2dc..0000000 --- a/tarpDemo/9e2f1520bd292765609e8ce57add8d3c134e3a91759d.policy +++ /dev/null @@ -1,6 +0,0 @@ -@id("security_admin_can_write_to_secretdocument") -permit ( - principal in Jans::Role::"security-admin", - action == Jans::Action::"Write", - resource is Jans::SecretDocument -); \ No newline at end of file diff --git a/tarpDemo/README.md b/tarpDemo/README.md deleted file mode 100644 index f2a2ba0..0000000 --- a/tarpDemo/README.md +++ /dev/null @@ -1 +0,0 @@ -### tarpDemo \ No newline at end of file diff --git a/tarpDemo/a6f9c66ddcadeeec9e0f65420c89715b00a835ffdaec.policy b/tarpDemo/a6f9c66ddcadeeec9e0f65420c89715b00a835ffdaec.policy deleted file mode 100644 index 191c794..0000000 --- a/tarpDemo/a6f9c66ddcadeeec9e0f65420c89715b00a835ffdaec.policy +++ /dev/null @@ -1,6 +0,0 @@ -@id("allow_student_read") -permit ( - principal in Jans::Role::"Student", - action in [Jans::Action::"Read"], - resource -); \ No newline at end of file diff --git a/tarpDemo/e459eba6691d141497dd1317e44d3d5b3bdd9fd65150.policy b/tarpDemo/e459eba6691d141497dd1317e44d3d5b3bdd9fd65150.policy deleted file mode 100644 index a9a8a9f..0000000 --- a/tarpDemo/e459eba6691d141497dd1317e44d3d5b3bdd9fd65150.policy +++ /dev/null @@ -1,6 +0,0 @@ -@id("user_can_read_if_confidential_role") -permit ( - principal in Jans::Role::"confidential", - action == Jans::Action::"Read", - resource is Jans::SecretDocument -); \ No newline at end of file diff --git a/tarpDemo/f38f10e80c6f429153cf97781a4c6bcf29761a04259f.policy b/tarpDemo/f38f10e80c6f429153cf97781a4c6bcf29761a04259f.policy deleted file mode 100644 index 1b62876..0000000 --- a/tarpDemo/f38f10e80c6f429153cf97781a4c6bcf29761a04259f.policy +++ /dev/null @@ -1,9 +0,0 @@ -@id("cannot_write_if_not_admin") -forbid ( - principal is Jans::User, - action == Jans::Action::"Write", - resource is Jans::Application -) when { - principal has role && - !principal.role.contains("admin") -}; \ No newline at end of file diff --git a/tarpDemo/fe84f983188f1639a03ed77c0753fc893fbe0d4cf155.policy b/tarpDemo/fe84f983188f1639a03ed77c0753fc893fbe0d4cf155.policy deleted file mode 100644 index 1da6c83..0000000 --- a/tarpDemo/fe84f983188f1639a03ed77c0753fc893fbe0d4cf155.policy +++ /dev/null @@ -1,6 +0,0 @@ -@id("editor_can_share") -permit ( - principal in Jans::Role::"Editor", - action == Jans::Action::"Share", - resource is Jans::Application -); \ No newline at end of file diff --git a/tarpDemo/manifest.json b/tarpDemo/manifest.json new file mode 100644 index 0000000..31afe31 --- /dev/null +++ b/tarpDemo/manifest.json @@ -0,0 +1,94 @@ +{ + "policy_store_id": "449805c83e13f332b1b35eac6ffa93187fbd1c648085", + "generated_date": "2026-03-13T04:39:44.053309+00:00", + "files": { + "metadata.json": { + "size": 325, + "checksum": "sha1:7e7534ce4b7ca6dd69fac397b1059b57ff2caa2c" + }, + "policies/admin_can_write_to_application.cedar": { + "size": 307, + "checksum": "sha1:557516498e371c2771b92d04b97dea4eacb7181f" + }, + "policies/allow_student_read.cedar": { + "size": 277, + "checksum": "sha1:ee59049ff450163333c6b1e29d96059ea5190239" + }, + "policies/allow_teacher_secretdocument.cedar": { + "size": 284, + "checksum": "sha1:72fbfbc0bfdcbd7e9649d2527e81560e2f4bab69" + }, + "policies/cannot_write_if_not_admin.cedar": { + "size": 303, + "checksum": "sha1:60698b65b41f3ec01ce3d8fdef3f9886368391f5" + }, + "policies/editor_can_share.cedar": { + "size": 294, + "checksum": "sha1:e8eff337ce68d0612a9b86adeb0d36d253a3140c" + }, + "policies/security_admin_can_write_to_secretdocument.cedar": { + "size": 331, + "checksum": "sha1:1a36f2551c7044b5e89ca5af0b0a14dc198ea25f" + }, + "policies/user_can_compare.cedar": { + "size": 167, + "checksum": "sha1:9f11aea60b0dd3f85cb721303cec06bd13c97159" + }, + "policies/user_can_execute.cedar": { + "size": 167, + "checksum": "sha1:cfcb731c852e03f7e718367bf8a25c71848abc97" + }, + "policies/user_can_monitor.cedar": { + "size": 167, + "checksum": "sha1:6aec722807dbb0ef6c2351a490c1a113240f1057" + }, + "policies/user_can_read.cedar": { + "size": 161, + "checksum": "sha1:4176092cc6f8e8f34c845752b740e9998be33ea1" + }, + "policies/user_can_read_if_confidential_role.cedar": { + "size": 320, + "checksum": "sha1:da798dd4a1983901776a1d3b16d7e59a01fac4eb" + }, + "policies/user_can_read_if_email_is_example.cedar": { + "size": 308, + "checksum": "sha1:709cc56403e9e6664106a9e6c39ed663558bd14a" + }, + "policies/user_can_read_in_corp_network.cedar": { + "size": 236, + "checksum": "sha1:a2c271e52da828d1a58778eb8e5ddb11bd11768e" + }, + "policies/user_can_search.cedar": { + "size": 165, + "checksum": "sha1:9632a82fa98c5844c77b52f2fd47f4dd43ed986c" + }, + "policies/user_can_tag.cedar": { + "size": 159, + "checksum": "sha1:4361e3bff33ce403ce9f188815ff79e58a2f72af" + }, + "policies/user_cannot_execute_on_public_network.cedar": { + "size": 256, + "checksum": "sha1:4cf94d94531a62dc33e77726ac74e574902adb34" + }, + "policies/user_cannot_read_if_compromised.cedar": { + "size": 266, + "checksum": "sha1:ccbb35dc20f1c01c449d096ac2d6a6d63245eb9e" + }, + "policies/user_cannot_read_if_fraudulent.cedar": { + "size": 267, + "checksum": "sha1:2fdfa89f60e64e34efb9be550c602db5e0fd66a3" + }, + "policies/user_cannot_write_from_restricted_country.cedar": { + "size": 270, + "checksum": "sha1:af3a66a7011c8588e9af0461be57a766dae74baf" + }, + "schema.cedarschema": { + "size": 3875, + "checksum": "sha1:49939290b8ad6745f79a067d4ce7ca200f68c6ff" + }, + "trusted-issuers/jans.json": { + "size": 1432, + "checksum": "sha1:e3d8bc023006e626a9dd7df6f44449d0d9527471" + } + } +} diff --git a/tarpDemo/metadata.json b/tarpDemo/metadata.json new file mode 100644 index 0000000..7e7534c --- /dev/null +++ b/tarpDemo/metadata.json @@ -0,0 +1,11 @@ +{ + "cedar_version": "4.9.0", + "policy_store": { + "id": "449805c83e13f332b1b35eac6ffa93187fbd1c648085", + "name": "tarpDemo", + "description": "", + "version": "0.1.4", + "created_date": "2026-03-13T02:28:08.460796+00:00", + "updated_date": "2026-03-13T03:13:50.628190+00:00" + } +} \ No newline at end of file diff --git a/tarpDemo/policies/admin_can_write_to_application.cedar b/tarpDemo/policies/admin_can_write_to_application.cedar new file mode 100644 index 0000000..5575164 --- /dev/null +++ b/tarpDemo/policies/admin_can_write_to_application.cedar @@ -0,0 +1,11 @@ +@id("admin_can_write_to_application") +permit ( + principal, + action == Jans::Action::"Write", + resource is Jans::Application +) +when { + context has tokens.jans_userinfo_token && + context.tokens.jans_userinfo_token.hasTag("role") && + context.tokens.jans_userinfo_token.getTag("role").contains("admin") +}; \ No newline at end of file diff --git a/tarpDemo/policies/allow_student_read.cedar b/tarpDemo/policies/allow_student_read.cedar new file mode 100644 index 0000000..ee59049 --- /dev/null +++ b/tarpDemo/policies/allow_student_read.cedar @@ -0,0 +1,11 @@ +@id("allow_student_read") +permit ( + principal, + action in [Jans::Action::"Read"], + resource +) +when { + context has tokens.jans_userinfo_token && + context.tokens.jans_userinfo_token.hasTag("role") && + context.tokens.jans_userinfo_token.getTag("role").contains("Student") +}; \ No newline at end of file diff --git a/tarpDemo/policies/allow_teacher_secretdocument.cedar b/tarpDemo/policies/allow_teacher_secretdocument.cedar new file mode 100644 index 0000000..72fbfbc --- /dev/null +++ b/tarpDemo/policies/allow_teacher_secretdocument.cedar @@ -0,0 +1,11 @@ +@id("allow_teacher_secretdocument") +permit( + principal, + action, + resource is Jans::SecretDocument +) +when { + context has tokens.jans_userinfo_token && + context.tokens.jans_userinfo_token.hasTag("role") && + context.tokens.jans_userinfo_token.getTag("role").contains("Teacher") +}; \ No newline at end of file diff --git a/tarpDemo/policies/cannot_write_if_not_admin.cedar b/tarpDemo/policies/cannot_write_if_not_admin.cedar new file mode 100644 index 0000000..60698b6 --- /dev/null +++ b/tarpDemo/policies/cannot_write_if_not_admin.cedar @@ -0,0 +1,11 @@ +@id("cannot_write_if_not_admin") +forbid ( + principal, + action == Jans::Action::"Write", + resource is Jans::Application +) +when { + context has tokens.jans_userinfo_token && + context.tokens.jans_userinfo_token.hasTag("role") && + !context.tokens.jans_userinfo_token.getTag("role").contains("admin") +}; \ No newline at end of file diff --git a/tarpDemo/policies/editor_can_share.cedar b/tarpDemo/policies/editor_can_share.cedar new file mode 100644 index 0000000..e8eff33 --- /dev/null +++ b/tarpDemo/policies/editor_can_share.cedar @@ -0,0 +1,11 @@ +@id("editor_can_share") +permit ( + principal, + action == Jans::Action::"Share", + resource is Jans::Application +) +when { + context has tokens.jans_userinfo_token && + context.tokens.jans_userinfo_token.hasTag("role") && + context.tokens.jans_userinfo_token.getTag("role").contains("Editor") +}; \ No newline at end of file diff --git a/tarpDemo/policies/security_admin_can_write_to_secretdocument.cedar b/tarpDemo/policies/security_admin_can_write_to_secretdocument.cedar new file mode 100644 index 0000000..1a36f25 --- /dev/null +++ b/tarpDemo/policies/security_admin_can_write_to_secretdocument.cedar @@ -0,0 +1,11 @@ +@id("security_admin_can_write_to_secretdocument") +permit ( + principal, + action == Jans::Action::"Write", + resource is Jans::SecretDocument +) +when { + context has tokens.jans_userinfo_token && + context.tokens.jans_userinfo_token.hasTag("role") && + context.tokens.jans_userinfo_token.getTag("role").contains("security-admin") +}; \ No newline at end of file diff --git a/tarpDemo/c4729e4ab456b4c8e74102593e5b32e04176bc837cc5.policy b/tarpDemo/policies/user_can_compare.cedar similarity index 61% rename from tarpDemo/c4729e4ab456b4c8e74102593e5b32e04176bc837cc5.policy rename to tarpDemo/policies/user_can_compare.cedar index 056b1cb..9f11aea 100644 --- a/tarpDemo/c4729e4ab456b4c8e74102593e5b32e04176bc837cc5.policy +++ b/tarpDemo/policies/user_can_compare.cedar @@ -1,6 +1,8 @@ @id("user_can_compare") permit ( - principal is Jans::User, + principal, action == Jans::Action::"Compare", resource is Jans::Application -); \ No newline at end of file +) when { + context has tokens.jans_userinfo_token +}; \ No newline at end of file diff --git a/tarpDemo/e76eb1853f0c6a199ca383cd9714e0113dfd851e079a.policy b/tarpDemo/policies/user_can_execute.cedar similarity index 61% rename from tarpDemo/e76eb1853f0c6a199ca383cd9714e0113dfd851e079a.policy rename to tarpDemo/policies/user_can_execute.cedar index b16dd9e..cfcb731 100644 --- a/tarpDemo/e76eb1853f0c6a199ca383cd9714e0113dfd851e079a.policy +++ b/tarpDemo/policies/user_can_execute.cedar @@ -1,6 +1,8 @@ @id("user_can_execute") permit ( - principal is Jans::User, + principal, action == Jans::Action::"Execute", resource is Jans::Application -); \ No newline at end of file +) when { + context has tokens.jans_userinfo_token +}; \ No newline at end of file diff --git a/tarpDemo/b5111ecf0d218da2cdbece83aeb77cb6b479d3b5d85c.policy b/tarpDemo/policies/user_can_monitor.cedar similarity index 61% rename from tarpDemo/b5111ecf0d218da2cdbece83aeb77cb6b479d3b5d85c.policy rename to tarpDemo/policies/user_can_monitor.cedar index a96a71b..6aec722 100644 --- a/tarpDemo/b5111ecf0d218da2cdbece83aeb77cb6b479d3b5d85c.policy +++ b/tarpDemo/policies/user_can_monitor.cedar @@ -1,6 +1,8 @@ @id("user_can_monitor") permit ( - principal is Jans::User, + principal, action == Jans::Action::"Monitor", resource is Jans::Application -); \ No newline at end of file +) when { + context has tokens.jans_userinfo_token +}; \ No newline at end of file diff --git a/tarpDemo/91b2611a1ea9859cb7ce780ca16adf3b2a68f892786a.policy b/tarpDemo/policies/user_can_read.cedar similarity index 59% rename from tarpDemo/91b2611a1ea9859cb7ce780ca16adf3b2a68f892786a.policy rename to tarpDemo/policies/user_can_read.cedar index 50cec10..4176092 100644 --- a/tarpDemo/91b2611a1ea9859cb7ce780ca16adf3b2a68f892786a.policy +++ b/tarpDemo/policies/user_can_read.cedar @@ -1,6 +1,8 @@ @id("user_can_read") permit ( - principal is Jans::User, + principal, action == Jans::Action::"Read", resource is Jans::Application -); \ No newline at end of file +) when { + context has tokens.jans_userinfo_token +}; \ No newline at end of file diff --git a/tarpDemo/policies/user_can_read_if_confidential_role.cedar b/tarpDemo/policies/user_can_read_if_confidential_role.cedar new file mode 100644 index 0000000..da798dd --- /dev/null +++ b/tarpDemo/policies/user_can_read_if_confidential_role.cedar @@ -0,0 +1,11 @@ +@id("user_can_read_if_confidential_role") +permit ( + principal, + action == Jans::Action::"Read", + resource is Jans::SecretDocument +) +when { + context has tokens.jans_userinfo_token && + context.tokens.jans_userinfo_token.hasTag("role") && + context.tokens.jans_userinfo_token.getTag("role").contains("confidential") +}; \ No newline at end of file diff --git a/tarpDemo/policies/user_can_read_if_email_is_example.cedar b/tarpDemo/policies/user_can_read_if_email_is_example.cedar new file mode 100644 index 0000000..709cc56 --- /dev/null +++ b/tarpDemo/policies/user_can_read_if_email_is_example.cedar @@ -0,0 +1,11 @@ +@id("user_can_read_if_email_is_example") +permit ( + principal, + action == Jans::Action::"Read", + resource is Jans::SecretDocument +) +when { + context has tokens.jans_id_token && + context.tokens.jans_id_token.hasTag("email") && + context.tokens.jans_id_token.getTag("email").contains("admin@example.com") +}; \ No newline at end of file diff --git a/tarpDemo/fe83e4b2338614b970559ce4141b6d3e60559d79282c.policy b/tarpDemo/policies/user_can_read_in_corp_network.cedar similarity index 72% rename from tarpDemo/fe83e4b2338614b970559ce4141b6d3e60559d79282c.policy rename to tarpDemo/policies/user_can_read_in_corp_network.cedar index f0502fb..a2c271e 100644 --- a/tarpDemo/fe83e4b2338614b970559ce4141b6d3e60559d79282c.policy +++ b/tarpDemo/policies/user_can_read_in_corp_network.cedar @@ -1,9 +1,11 @@ @id("user_can_read_in_corp_network") permit ( - principal is Jans::User, + principal, action == Jans::Action::"Read", resource is Jans::SecretDocument -) when { +) +when { + context has tokens.jans_userinfo_token && context has network && context.network == "corp" }; \ No newline at end of file diff --git a/tarpDemo/6e46e36071466cc37c0e9bbd65f16c51ea2ab152c6fc.policy b/tarpDemo/policies/user_can_search.cedar similarity index 60% rename from tarpDemo/6e46e36071466cc37c0e9bbd65f16c51ea2ab152c6fc.policy rename to tarpDemo/policies/user_can_search.cedar index ba70df5..9632a82 100644 --- a/tarpDemo/6e46e36071466cc37c0e9bbd65f16c51ea2ab152c6fc.policy +++ b/tarpDemo/policies/user_can_search.cedar @@ -1,6 +1,8 @@ @id("user_can_search") permit ( - principal is Jans::User, + principal, action == Jans::Action::"Search", resource is Jans::Application -); \ No newline at end of file +) when { + context has tokens.jans_userinfo_token +}; \ No newline at end of file diff --git a/tarpDemo/4ab79a92feac06a1a005373b741ed50e07d23d98f9a5.policy b/tarpDemo/policies/user_can_tag.cedar similarity index 59% rename from tarpDemo/4ab79a92feac06a1a005373b741ed50e07d23d98f9a5.policy rename to tarpDemo/policies/user_can_tag.cedar index a473034..4361e3b 100644 --- a/tarpDemo/4ab79a92feac06a1a005373b741ed50e07d23d98f9a5.policy +++ b/tarpDemo/policies/user_can_tag.cedar @@ -1,6 +1,8 @@ @id("user_can_tag") permit ( - principal is Jans::User, + principal, action == Jans::Action::"Tag", resource is Jans::Application -); \ No newline at end of file +) when { + context has tokens.jans_userinfo_token +}; \ No newline at end of file diff --git a/tarpDemo/420184da127304d1b2898761893a974096f6dbade45a.policy b/tarpDemo/policies/user_cannot_execute_on_public_network.cedar similarity index 73% rename from tarpDemo/420184da127304d1b2898761893a974096f6dbade45a.policy rename to tarpDemo/policies/user_cannot_execute_on_public_network.cedar index da536ec..4cf94d9 100644 --- a/tarpDemo/420184da127304d1b2898761893a974096f6dbade45a.policy +++ b/tarpDemo/policies/user_cannot_execute_on_public_network.cedar @@ -1,9 +1,11 @@ @id("user_cannot_execute_on_public_network") forbid ( - principal is Jans::User, + principal, action == Jans::Action::"Execute", resource is Jans::Application -) when { +) +when { + context has tokens.jans_userinfo_token && context has network_type && context.network_type == "public" -}; +}; \ No newline at end of file diff --git a/tarpDemo/689edd369c276afb5a163119dcd92c74196a4e0c7bdb.policy b/tarpDemo/policies/user_cannot_read_if_compromised.cedar similarity index 74% rename from tarpDemo/689edd369c276afb5a163119dcd92c74196a4e0c7bdb.policy rename to tarpDemo/policies/user_cannot_read_if_compromised.cedar index 0951e86..ccbb35d 100644 --- a/tarpDemo/689edd369c276afb5a163119dcd92c74196a4e0c7bdb.policy +++ b/tarpDemo/policies/user_cannot_read_if_compromised.cedar @@ -1,9 +1,11 @@ @id("user_cannot_read_if_compromised") forbid ( - principal is Jans::User, + principal, action == Jans::Action::"Read", resource is Jans::SecretDocument -) when { +) +when { + context has tokens.jans_userinfo_token && context has device_health && context.device_health.contains("compromised") }; \ No newline at end of file diff --git a/tarpDemo/c367d06f19af8db1ec69354044334c799ff4cd2021ae.policy b/tarpDemo/policies/user_cannot_read_if_fraudulent.cedar similarity index 75% rename from tarpDemo/c367d06f19af8db1ec69354044334c799ff4cd2021ae.policy rename to tarpDemo/policies/user_cannot_read_if_fraudulent.cedar index eb63ca9..2fdfa89 100644 --- a/tarpDemo/c367d06f19af8db1ec69354044334c799ff4cd2021ae.policy +++ b/tarpDemo/policies/user_cannot_read_if_fraudulent.cedar @@ -1,9 +1,11 @@ @id("user_cannot_read_if_fraudulent") forbid ( - principal is Jans::User, + principal, action == Jans::Action::"Read", resource is Jans::SecretDocument -) when { +) +when { + context has tokens.jans_userinfo_token && context has fraud_indicators && context.fraud_indicators.contains("high_risk") }; \ No newline at end of file diff --git a/tarpDemo/28e83add6e203af0d3814f06228e45a0eeb5c1269b08.policy b/tarpDemo/policies/user_cannot_write_from_restricted_country.cedar similarity index 75% rename from tarpDemo/28e83add6e203af0d3814f06228e45a0eeb5c1269b08.policy rename to tarpDemo/policies/user_cannot_write_from_restricted_country.cedar index 15b9f4e..af3a66a 100644 --- a/tarpDemo/28e83add6e203af0d3814f06228e45a0eeb5c1269b08.policy +++ b/tarpDemo/policies/user_cannot_write_from_restricted_country.cedar @@ -1,9 +1,11 @@ @id("user_cannot_write_from_restricted_country") forbid ( - principal is Jans::User, + principal, action == Jans::Action::"Write", resource is Jans::SecretDocument -) when { +) +when { + context has tokens.jans_userinfo_token && context has geolocation && context.geolocation.contains("restricted") }; \ No newline at end of file diff --git a/tarpDemo/schema.cedarschema b/tarpDemo/schema.cedarschema new file mode 100644 index 0000000..4993929 --- /dev/null +++ b/tarpDemo/schema.cedarschema @@ -0,0 +1,202 @@ +namespace Jans { + type Context = { + current_time?: Long, + device_health?: Set, + fraud_indicators?: Set, + geolocation?: Set, + network?: String, + network_type?: String, + operating_system?: String, + tokens?: TokensContext, + user_agent?: String + }; + + type TokensContext = { + jans_access_token?: Access_token, + jans_id_token?: id_token, + jans_userinfo_token?: Userinfo_token, + total_token_count: Long + }; + + type Url = { + host: String, + path: String, + protocol: String + }; + + type email_address = { + domain: String, + uid: String + }; + + entity Access_token = { + aud?: String, + exp?: Long, + iat?: Long, + iss?: TrustedIssuer, + jti?: String, + nbf?: Long, + scope?: Set, + token_type?: String, + validated_at?: Long + } tags Set; + + entity Application = { + app_id: String, + name: String, + url: Url + }; + + entity HTTP_Request = { + header: { + Accept?: String + }, + url: Url + }; + + entity Role; + + entity SecretDocument; + + entity TrustedIssuer = { + issuer_entity_id: Url + }; + + entity User in [Role] = { + email?: email_address, + id_token?: id_token, + phone_number?: String, + role: Set, + sub: String, + userinfo_token?: Userinfo_token, + username?: String + }; + + entity Userinfo_token = { + aud?: String, + birthdate?: String, + email?: email_address, + exp?: Long, + iat?: Long, + iss?: TrustedIssuer, + jti?: String, + name?: String, + phone_number?: String, + role?: Set, + sub?: String, + token_type?: String, + validated_at?: Long + } tags Set; + + entity Workload = { + access_token?: Access_token, + client_id: String, + iss?: TrustedIssuer, + name?: String, + rp_id?: String, + spiffe_id?: String + }; + + entity id_token = { + acr?: String, + amr?: Set, + aud?: Set, + azp?: String, + birthdate?: String, + email?: email_address, + exp?: Long, + iat?: Long, + iss?: TrustedIssuer, + jti?: String, + name?: String, + phone_number?: String, + role?: Set, + sub?: String, + token_type?: String, + validated_at?: Long + } tags Set; + + action "Compare" appliesTo { + principal: [User, Workload], + resource: [Application], + context: Context + }; + + action "DELETE" appliesTo { + principal: [Workload], + resource: [HTTP_Request], + context: Context + }; + + action "Execute" appliesTo { + principal: [User, Workload], + resource: [Application], + context: Context + }; + + action "GET" appliesTo { + principal: [Workload], + resource: [HTTP_Request], + context: Context + }; + + action "HEAD" appliesTo { + principal: [Workload], + resource: [HTTP_Request], + context: Context + }; + + action "Monitor" appliesTo { + principal: [User, Workload], + resource: [Application], + context: Context + }; + + action "PATCH" appliesTo { + principal: [Workload], + resource: [HTTP_Request], + context: Context + }; + + action "POST" appliesTo { + principal: [Workload], + resource: [HTTP_Request], + context: Context + }; + + action "PUT" appliesTo { + principal: [Workload], + resource: [HTTP_Request], + context: Context + }; + + action "Read" appliesTo { + principal: [User, Workload], + resource: [Application, SecretDocument], + context: Context + }; + + action "Search" appliesTo { + principal: [User, Workload], + resource: [Application], + context: Context + }; + + action "Share" appliesTo { + principal: [User, Workload], + resource: [Application], + context: Context + }; + + action "Tag" appliesTo { + principal: [User, Workload], + resource: [Application], + context: Context + }; + + action "Write" appliesTo { + principal: [User, Workload], + resource: [Application, SecretDocument], + context: Context + }; +} diff --git a/tarpDemo/trusted-issuers/jans.json b/tarpDemo/trusted-issuers/jans.json new file mode 100644 index 0000000..e3d8bc0 --- /dev/null +++ b/tarpDemo/trusted-issuers/jans.json @@ -0,0 +1,50 @@ +{ + "id": "1985d6d8767b87d752035c9f9c0078daf057ad2cd5ea", + "name": "Jans", + "description": "", + "configuration_endpoint": "https://test-jans.gluu.info/.well-known/openid-configuration", + "token_metadata": { + "access_token": { + "trusted": true, + "entity_type_name": "Jans::Access_token", + "user_id": "sub", + "token_id": "jti", + "workload_id": "rp_id", + "claim_mapping": {}, + "required_claims": [ + "jti", + "iss", + "aud", + "sub", + "exp", + "nbf" + ], + "role_mapping": "role", + "principal_mapping": [ + "Jans::Workload" + ] + }, + "id_token": { + "trusted": true, + "entity_type_name": "Jans::id_token", + "user_id": "sub", + "token_id": "jti", + "role_mapping": "role", + "claim_mapping": {}, + "principal_mapping": [ + "Jans::User" + ] + }, + "userinfo_token": { + "trusted": true, + "entity_type_name": "Jans::Userinfo_token", + "user_id": "sub", + "token_id": "jti", + "role_mapping": "role", + "claim_mapping": {}, + "principal_mapping": [ + "Jans::User" + ] + } + } +} \ No newline at end of file diff --git a/tarpUnsignedDemo/README.md b/tarpUnsignedDemo/README.md deleted file mode 100644 index 10a9af2..0000000 --- a/tarpUnsignedDemo/README.md +++ /dev/null @@ -1 +0,0 @@ -### tarpUnsignedDemo \ No newline at end of file diff --git a/tarpUnsignedDemo/manifest.json b/tarpUnsignedDemo/manifest.json new file mode 100644 index 0000000..09b22c3 --- /dev/null +++ b/tarpUnsignedDemo/manifest.json @@ -0,0 +1,18 @@ +{ + "policy_store_id": "6d9f73b2d44ad4e7aa8f1182cde9f72dcbaa244f4327", + "generated_date": "2026-03-13T02:28:22.283762+00:00", + "files": { + "metadata.json": { + "size": 333, + "checksum": "sha1:775ee637a9578c56e46f1a5c6e8a29987720bc03" + }, + "policies/a2d0458ac26b69e4b191193fa307d941e8ab0ca2d5b1.cedar": { + "size": 149, + "checksum": "sha1:3865fc8acb05bf0c464aaefabd5225e03d41ade3" + }, + "schema.cedarschema": { + "size": 3765, + "checksum": "sha1:9ab5e508c9209fbd74447b57900075ec6826a411" + } + } +} diff --git a/tarpUnsignedDemo/metadata.json b/tarpUnsignedDemo/metadata.json new file mode 100644 index 0000000..306039a --- /dev/null +++ b/tarpUnsignedDemo/metadata.json @@ -0,0 +1,11 @@ +{ + "cedar_version": "4.9.0", + "policy_store": { + "id": "6d9f73b2d44ad4e7aa8f1182cde9f72dcbaa244f4327", + "name": "tarpUnsignedDemo", + "description": "", + "version": "0.1.0", + "created_date": "2026-03-13T02:28:08.461238+00:00", + "updated_date": "2026-03-13T02:28:08.461238+00:00" + } +} \ No newline at end of file diff --git a/tarpUnsignedDemo/a2d0458ac26b69e4b191193fa307d941e8ab0ca2d5b1.policy b/tarpUnsignedDemo/policies/a2d0458ac26b69e4b191193fa307d941e8ab0ca2d5b1.cedar similarity index 100% rename from tarpUnsignedDemo/a2d0458ac26b69e4b191193fa307d941e8ab0ca2d5b1.policy rename to tarpUnsignedDemo/policies/a2d0458ac26b69e4b191193fa307d941e8ab0ca2d5b1.cedar diff --git a/tarpUnsignedDemo/schema.cedarschema b/tarpUnsignedDemo/schema.cedarschema new file mode 100644 index 0000000..9ab5e50 --- /dev/null +++ b/tarpUnsignedDemo/schema.cedarschema @@ -0,0 +1,199 @@ +namespace Jans { + type Context = { + current_time?: Long, + device_health?: Set, + fraud_indicators?: Set, + geolocation?: Set, + network?: String, + network_type?: String, + operating_system?: String, + tokens?: TokensContext, + user_agent?: String + }; + + type TokensContext = { + total_token_count: Long + }; + + type Url = { + host: String, + path: String, + protocol: String + }; + + type email_address = { + domain: String, + uid: String + }; + + entity Access_token = { + aud?: String, + exp?: Long, + iat?: Long, + iss?: TrustedIssuer, + jti?: String, + nbf?: Long, + scope?: Set, + token_type?: String, + validated_at?: Long + } tags Set; + + entity Application = { + app_id: String, + name: String, + url: Url + }; + + entity HTTP_Request = { + header: { + Accept?: String + }, + url: Url + }; + + entity Role; + + entity SecretDocument; + + entity TrustedIssuer = { + issuer_entity_id: Url + }; + + entity User in [Role] = { + email?: email_address, + id_token?: id_token, + phone_number?: String, + role: Set, + sub: String, + userinfo_token?: Userinfo_token, + username?: String + }; + + entity Userinfo_token = { + aud?: String, + birthdate?: String, + email?: email_address, + exp?: Long, + iat?: Long, + iss?: TrustedIssuer, + jti?: String, + name?: String, + phone_number?: String, + role?: Set, + sub?: String, + token_type?: String, + validated_at?: Long + } tags Set; + + entity Workload = { + access_token?: Access_token, + client_id: String, + iss?: TrustedIssuer, + name?: String, + rp_id?: String, + spiffe_id?: String + }; + + entity id_token = { + acr?: String, + amr?: Set, + aud?: Set, + azp?: String, + birthdate?: String, + email?: email_address, + exp?: Long, + iat?: Long, + iss?: TrustedIssuer, + jti?: String, + name?: String, + phone_number?: String, + role?: Set, + sub?: String, + token_type?: String, + validated_at?: Long + } tags Set; + + action "Compare" appliesTo { + principal: [User, Workload], + resource: [Application], + context: Context + }; + + action "DELETE" appliesTo { + principal: [Workload], + resource: [HTTP_Request], + context: Context + }; + + action "Execute" appliesTo { + principal: [User, Workload], + resource: [Application], + context: Context + }; + + action "GET" appliesTo { + principal: [Workload], + resource: [HTTP_Request], + context: Context + }; + + action "HEAD" appliesTo { + principal: [Workload], + resource: [HTTP_Request], + context: Context + }; + + action "Monitor" appliesTo { + principal: [User, Workload], + resource: [Application], + context: Context + }; + + action "PATCH" appliesTo { + principal: [Workload], + resource: [HTTP_Request], + context: Context + }; + + action "POST" appliesTo { + principal: [Workload], + resource: [HTTP_Request], + context: Context + }; + + action "PUT" appliesTo { + principal: [Workload], + resource: [HTTP_Request], + context: Context + }; + + action "Read" appliesTo { + principal: [User, Workload], + resource: [Application, SecretDocument], + context: Context + }; + + action "Search" appliesTo { + principal: [User, Workload], + resource: [Application], + context: Context + }; + + action "Share" appliesTo { + principal: [User, Workload], + resource: [Application], + context: Context + }; + + action "Tag" appliesTo { + principal: [User, Workload], + resource: [Application], + context: Context + }; + + action "Write" appliesTo { + principal: [User, Workload], + resource: [Application, SecretDocument], + context: Context + }; +}