From 8dcd2807ee81dc65e872e0d62273cdc7cee58ed2 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Thu, 10 Jul 2025 14:14:54 -0600
Subject: chore: validate the generated entities.json

---
 src/authorization/entities.rs | 15 ++++++++++++---
 src/bin/cli.rs                |  9 ++++++++-
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/src/authorization/entities.rs b/src/authorization/entities.rs
index c2e56bd7..a26cace2 100644
--- a/src/authorization/entities.rs
+++ b/src/authorization/entities.rs
@@ -3,6 +3,10 @@ use serde::Serialize;
 use std::collections::HashSet;
 
 // Cedar entity structures
+// Note: We define custom types instead of using cedar_policy::Entity directly because:
+// 1. Cedar's Entity type is for runtime use, not JSON serialization
+// 2. These types ensure our JSON output matches Cedar's expected format exactly
+// 3. The #[serde(rename)] attributes handle Cedar's specific field naming requirements
 #[derive(Debug, Serialize)]
 pub struct CedarEntity {
     pub uid: CedarUid,
@@ -62,9 +66,7 @@ impl EntitiesRepository {
             },
         });
 
-        let members = self.api.get_project_members(project.id).await?;
-
-        for member in members {
+        for member in self.api.get_project_members(project.id).await? {
             if member.state == "active" {
                 entities.push(CedarEntity {
                     uid: CedarUid {
@@ -89,6 +91,13 @@ impl EntitiesRepository {
         Ok(entities)
     }
 
+    /// Validates that the entities can be parsed by Cedar
+    pub fn is_valid(entities: &[CedarEntity]) -> Result<(), Box<dyn std::error::Error>> {
+        let json = serde_json::to_string(entities)?;
+        cedar_policy::Entities::from_json_str(&json, None)?;
+        Ok(())
+    }
+
     fn fetch_hierarchy<'a>(
         &'a self,
         group_id: u64,
diff --git a/src/bin/cli.rs b/src/bin/cli.rs
index 0751ed05..fc70ae82 100644
--- a/src/bin/cli.rs
+++ b/src/bin/cli.rs
@@ -53,8 +53,15 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         } => {
             let repository = EntitiesRepository::new(Api::new(token, host));
             let entities = repository.all(project).await?;
+            EntitiesRepository::is_valid(&entities)?;
             let json = serde_json::to_string_pretty(&entities)?;
-            std::fs::write(output, json)?;
+            std::fs::write(&output, json)?;
+
+            println!(
+                "Successfully generated {} entities to {}",
+                entities.len(),
+                output
+            );
         }
     }
 
-- 
cgit v1.2.3