nono-cli 0.47.1

CLI for nono capability-based sandbox
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

//! Embedded configuration loading
//!
//! Loads policy data compiled into the binary at build time.

/// Embedded policy JSON (compiled into binary by build.rs)
const EMBEDDED_POLICY_JSON: &str = include_str!(concat!(env!("OUT_DIR"), "/policy.json"));

/// Get the embedded policy JSON string
///
/// This is the raw JSON for the group-based policy file, compiled into the binary.
/// Used by the policy resolver to parse and resolve groups at runtime.
pub fn embedded_policy_json() -> &'static str {
    EMBEDDED_POLICY_JSON
}

/// Embedded network policy JSON (compiled into binary by build.rs)
const EMBEDDED_NETWORK_POLICY_JSON: &str =
    include_str!(concat!(env!("OUT_DIR"), "/network-policy.json"));

/// Get the embedded network policy JSON string
///
/// This is the raw JSON for the network filtering policy, compiled into the binary.
/// Used by the network policy resolver to parse and resolve network groups at runtime.
pub fn embedded_network_policy_json() -> &'static str {
    EMBEDDED_NETWORK_POLICY_JSON
}

/// Embedded profile JSON Schema (compiled into binary by build.rs)
const EMBEDDED_PROFILE_SCHEMA: &str =
    include_str!(concat!(env!("OUT_DIR"), "/nono-profile.schema.json"));

/// Get the embedded profile JSON Schema
pub fn embedded_profile_schema() -> &'static str {
    EMBEDDED_PROFILE_SCHEMA
}

/// Embedded profile authoring guide (compiled into binary by build.rs)
const EMBEDDED_PROFILE_GUIDE: &str =
    include_str!(concat!(env!("OUT_DIR"), "/profile-authoring-guide.md"));

/// Get the embedded profile authoring guide
pub fn embedded_profile_guide() -> &'static str {
    EMBEDDED_PROFILE_GUIDE
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_load_embedded_policy() {
        let json = embedded_policy_json();
        assert!(!json.is_empty());
        // Verify it's valid JSON
        let policy: serde_json::Value =
            serde_json::from_str(json).expect("Failed to parse embedded policy.json");
        assert!(policy.get("groups").is_some());
    }

    #[test]
    fn test_load_embedded_network_policy() {
        let json = embedded_network_policy_json();
        assert!(!json.is_empty());
        let policy: serde_json::Value =
            serde_json::from_str(json).expect("Failed to parse network-policy.json");
        assert!(policy.get("groups").is_some());
        assert!(policy.get("profiles").is_some());
    }
}