Policy nested rule fix

PiperOrigin-RevId: 905187056

Author: l46kok

policy/src/main/java/dev/cel/policy/BUILD.bazel

@@ -247,19 +247,19 @@ java_library(
     visibility = ["//visibility:private"],
     deps = [
         ":compiled_rule",
-        "//:auto_value",
         "//bundle:cel",
         "//common:cel_ast",
         "//common:compiler_common",
         "//common:mutable_ast",
+        "//common:mutable_source",
         "//common:operator",
         "//common/ast",
+        "//common/ast:mutable_expr",
         "//common/formats:value_string",
         "//common/navigation:mutable_navigation",
         "//extensions:optional_library",
         "//optimizer:ast_optimizer",
         "//optimizer:mutable_ast",
-        "@maven//:com_google_errorprone_error_prone_annotations",
         "@maven//:com_google_guava_guava",
     ],
 )

policy/src/main/java/dev/cel/policy/RuleComposer.java

@@ -266,8 +266,8 @@ public void evaluateYamlPolicy_nestedRuleProducesOptionalOutput() throws Excepti
         CelPolicyCompilerFactory.newPolicyCompiler(cel).build().compile(policy);
     Optional<Object> evalResult = (Optional<Object>) cel.createProgram(compiledPolicyAst).eval();
 
-    // Result is Optional<Optional<Object>>
-    assertThat(evalResult).hasValue(Optional.of(true));
+    // Result is Optional<Object> containing true
+    assertThat(evalResult).hasValue(true);
   }
 
   @Test

policy/src/test/java/dev/cel/policy/CelPolicyCompilerImplTest.java

@@ -40,11 +40,11 @@ final class PolicyTestHelper {
   enum TestYamlPolicy {
     NESTED_RULE(
         "nested_rule",
-        true,
+        false,
         "cel.@block([resource.origin, @index0 in [\"us\", \"uk\", \"es\"], {\"banned\": true}],"
             + " ((@index0 in {\"us\": false, \"ru\": false, \"ir\": false} && !@index1) ?"
-            + " optional.of(@index2) : optional.none()).or(optional.of(@index1 ? {\"banned\":"
-            + " false} : @index2)))"),
+            + " optional.of(@index2) : optional.none()).orValue(@index1 ? {\"banned\":"
+            + " false} : @index2))"),
     NESTED_RULE2(
         "nested_rule2",
         false,
@@ -61,6 +61,22 @@ enum TestYamlPolicy {
             + " false, \"ru\": false, \"ir\": false} && @index1) ? {\"banned\":"
             + " \"restricted_region\"} : {\"banned\": \"bad_actor\"}) : (@index1 ?"
             + " optional.of({\"banned\": \"unconfigured_region\"}) : optional.none()))"),
+    NESTED_RULE4("nested_rule4", false, "(x > 0) ? true : false"),
+    NESTED_RULE5(
+        "nested_rule5",
+        true,
+        "cel.@block([optional.of(true), optional.none()], (x > 0) ? ((x > 2) ? @index0 : @index1) :"
+            + " ((x > 1) ? ((x >= 2) ? @index0 : @index1) : optional.of(false)))"),
+    NESTED_RULE6(
+        "nested_rule6",
+        false,
+        "cel.@block([optional.of(true), optional.none()], ((x > 2) ? @index0 : @index1).orValue(((x"
+            + " > 3) ? @index0 : @index1).orValue(false)))"),
+    NESTED_RULE7(
+        "nested_rule7",
+        true,
+        "cel.@block([optional.of(true), optional.none()], ((x > 2) ? @index0 : @index1).or(((x > 3)"
+            + " ? @index0 : @index1).or((x > 1) ? optional.of(false) : @index1)))"),
     REQUIRED_LABELS(
         "required_labels",
         true,

policy/src/test/java/dev/cel/policy/PolicyTestHelper.java

@@ -0,0 +1,19 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: "nested_rule4"
+variables:
+  - name: x
+    type:
+      type_name: int

testing/src/test/resources/policy/nested_rule4/config.yaml

@@ -0,0 +1,24 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: nested_rule4
+rule:
+  match:
+    - condition: x > 0
+      rule:
+        match:
+          - rule:
+              match:
+                - output: "true"
+    - output: "false"

testing/src/test/resources/policy/nested_rule4/policy.yaml

@@ -0,0 +1,28 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+description: "Nested rule tests which explore optional vs non-optional returns"
+section:
+  - name: "valid"
+    tests:
+      - name: "x=0"
+        input:
+          x:
+            value: 0
+        output: "false"
+      - name: "x=2"
+        input:
+          x:
+            value: 2
+        output: "true"

testing/src/test/resources/policy/nested_rule4/tests.yaml

@@ -0,0 +1,19 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: "nested_rule5"
+variables:
+  - name: x
+    type:
+      type_name: int

testing/src/test/resources/policy/nested_rule5/config.yaml

@@ -0,0 +1,30 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: nested_rule5
+rule:
+  match:
+    - condition: x > 0
+      rule:
+        match:
+          - rule:
+              match:
+                - condition: "x > 2"
+                  output: "true"
+    - condition: x > 1
+      rule:
+        match:
+          - condition: "x >= 2"
+            output: "true"
+    - output: "false"

testing/src/test/resources/policy/nested_rule5/policy.yaml

@@ -0,0 +1,38 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+description: "Nested rule tests which explore optional vs non-optional returns"
+section:
+  - name: "valid"
+    tests:
+      - name: "x=0"
+        input:
+          x:
+            value: 0
+        output: "false"
+      - name: "x=1"
+        input:
+          x:
+            value: 1
+        output: "optional.none()"
+      - name: "x=2"
+        input:
+          x:
+            value: 2
+        output: "optional.none()"
+      - name: "x=3"
+        input:
+          x:
+            value: 3
+        output: "true"