[pull] main from permitio:main

Makefile

@@ -1,4 +1,4 @@
-.PHONY: help build prepare
+.PHONY: help build prepare build-amd64 build-arm64
 
 .DEFAULT_GOAL := help
 

pdp-server/src/api/authn_middleware.rs

@@ -33,10 +33,7 @@ pub(super) async fn authentication_middleware(
             header_str[7..].to_string()
         }
         Ok(header_str) => {
-            warn!(
-                "Invalid Authorization header format, missing 'Bearer ' prefix: {}",
-                header_str
-            );
+            warn!("Invalid Authorization header format, missing 'Bearer ' prefix: {header_str}");
             return Response::builder()
                 .status(StatusCode::FORBIDDEN)
                 .body(
@@ -46,7 +43,7 @@ pub(super) async fn authentication_middleware(
                 .expect("Failed to create response");
         }
         Err(e) => {
-            warn!("Failed to parse Authorization header to string: {}", e);
+            warn!("Failed to parse Authorization header to string: {e}");
             return Response::builder()
                 .status(StatusCode::FORBIDDEN)
                 .body(

pdp-server/src/api/authz/allowed.rs

@@ -36,7 +36,7 @@ pub(super) async fn allowed_handler(
     match query_allowed_cached(&state, &query, &cache_control).await {
         Ok(result) => (StatusCode::OK, Json(result)).into_response(),
         Err(err) => {
-            log::error!("Failed to send request to OPA: {}", err);
+            log::error!("Failed to send request to OPA: {err}");
             ApiError::from(err).into_response()
         }
     }

pdp-server/src/api/authz/allowed_bulk.rs

@@ -36,7 +36,7 @@ pub(super) async fn allowed_bulk_handler(
     match query_allowed_bulk_cached(&state, &queries, &cache_control).await {
         Ok(result) => (StatusCode::OK, Json(result)).into_response(),
         Err(err) => {
-            log::error!("Failed to send request to OPA: {}", err);
+            log::error!("Failed to send request to OPA: {err}");
             ApiError::from(err).into_response()
         }
     }

pdp-server/src/api/authz/authorized_users.rs

@@ -39,7 +39,7 @@ pub(super) async fn authorized_users_handler(
     match query_authorized_users_cached(&state, &query, &cache_control).await {
         Ok(result) => (StatusCode::OK, Json(result)).into_response(),
         Err(err) => {
-            log::error!("Failed to send request to OPA: {}", err);
+            log::error!("Failed to send request to OPA: {err}");
             ApiError::from(err).into_response()
         }
     }

pdp-server/src/api/authz/user_permissions.rs

@@ -56,7 +56,7 @@ pub(super) async fn user_permissions_handler(
     let permissions = match query_user_permissions_cached(&state, &query, &cache_control).await {
         Ok(permissions) => permissions,
         Err(err) => {
-            log::error!("Failed to send request to OPA: {}", err);
+            log::error!("Failed to send request to OPA: {err}");
             return ApiError::from(err).into_response();
         }
     };

pdp-server/src/api/authzen/errors.rs

@@ -88,7 +88,7 @@ impl From<crate::errors::ApiError> for AuthZenError {
             StatusCode::FORBIDDEN => AuthZenError::forbidden("Access denied"),
             StatusCode::BAD_REQUEST => AuthZenError::invalid_request(err.detail),
             _ => {
-                log::error!("Internal error converted to AuthZen format: {:?}", err);
+                log::error!("Internal error converted to AuthZen format: {err:?}");
                 AuthZenError::internal_error("Internal server error")
             }
         }
@@ -98,7 +98,7 @@ impl From<crate::errors::ApiError> for AuthZenError {
 /// Convert OPA forwarding errors to AuthZen format
 impl From<crate::opa_client::ForwardingError> for AuthZenError {
     fn from(err: crate::opa_client::ForwardingError) -> Self {
-        log::error!("OPA forwarding error: {:?}", err);
+        log::error!("OPA forwarding error: {err:?}");
         // Use generic message to avoid leaking internal implementation details
         AuthZenError::internal_error("Internal server error")
     }

pdp-server/src/api/authzen/evaluation.rs

@@ -108,7 +108,7 @@ pub async fn access_evaluation_handler(
             (StatusCode::OK, Json(authzen_response)).into_response()
         }
         Err(err) => {
-            log::error!("Failed to process AuthZen request: {}", err);
+            log::error!("Failed to process AuthZen request: {err}");
             let authzen_error = AuthZenError::from(err);
             authzen_error.into_response()
         }
@@ -700,13 +700,11 @@ mod tests {
         // Verify it's a plain string, not JSON
         assert!(
             !error_response_text.starts_with("{"),
-            "AuthZen errors must be plain strings per spec section 12.1.11, got: {}",
-            error_response_text
+            "AuthZen errors must be plain strings per spec section 12.1.11, got: {error_response_text}"
         );
         assert!(
             !error_response_text.contains("\"error\""),
-            "AuthZen errors must not be structured JSON, got: {}",
-            error_response_text
+            "AuthZen errors must not be structured JSON, got: {error_response_text}"
         );
 
         // The error message should be our generic internal server error message

pdp-server/src/api/authzen/evaluations.rs

@@ -215,7 +215,7 @@ pub async fn access_evaluations_handler(
         }
 
         error_msg.push_str("\nPlease provide all required fields (subject, resource, action) either in individual evaluations or at the request level.");
-        log::warn!("{}", error_msg);
+        log::warn!("{error_msg}");
         let authzen_error = AuthZenError::invalid_request(&error_msg);
         return authzen_error.into_response();
     }
@@ -234,7 +234,7 @@ pub async fn access_evaluations_handler(
             (StatusCode::OK, Json(response)).into_response()
         }
         Err(err) => {
-            log::error!("Failed to process AuthZen evaluations request: {:?}", err);
+            log::error!("Failed to process AuthZen evaluations request: {err:?}");
             let authzen_error = AuthZenError::from(err);
             authzen_error.into_response()
         }

pdp-server/src/api/authzen/metadata.rs

@@ -47,15 +47,15 @@ pub async fn authzen_metadata_handler(request: Request<Body>) -> Response {
         .or_else(|| uri_parts.authority.as_ref().map(|auth| auth.to_string()))
         .unwrap_or_else(|| "localhost:7766".to_string());
 
-    let base_url = format!("{}://{}", scheme, authority);
+    let base_url = format!("{scheme}://{authority}");
 
     let metadata = AuthZenMetadataResponse {
         policy_decision_point: base_url.clone(),
-        access_evaluation_endpoint: format!("{}/access/v1/evaluation", base_url),
-        access_evaluations_endpoint: format!("{}/access/v1/evaluations", base_url),
-        search_subject_endpoint: format!("{}/access/v1/search/subject", base_url),
-        search_resource_endpoint: format!("{}/access/v1/search/resource", base_url),
-        search_action_endpoint: format!("{}/access/v1/search/action", base_url),
+        access_evaluation_endpoint: format!("{base_url}/access/v1/evaluation"),
+        access_evaluations_endpoint: format!("{base_url}/access/v1/evaluations"),
+        search_subject_endpoint: format!("{base_url}/access/v1/search/subject"),
+        search_resource_endpoint: format!("{base_url}/access/v1/search/resource"),
+        search_action_endpoint: format!("{base_url}/access/v1/search/action"),
     };
     (StatusCode::OK, Json(metadata)).into_response()
 }
@@ -140,23 +140,23 @@ mod tests {
         assert_eq!(metadata.policy_decision_point, expected_base);
         assert_eq!(
             metadata.access_evaluation_endpoint,
-            format!("{}/access/v1/evaluation", expected_base)
+            format!("{expected_base}/access/v1/evaluation")
         );
         assert_eq!(
             metadata.access_evaluations_endpoint,
-            format!("{}/access/v1/evaluations", expected_base)
+            format!("{expected_base}/access/v1/evaluations")
         );
         assert_eq!(
             metadata.search_subject_endpoint,
-            format!("{}/access/v1/search/subject", expected_base)
+            format!("{expected_base}/access/v1/search/subject")
         );
         assert_eq!(
             metadata.search_action_endpoint,
-            format!("{}/access/v1/search/action", expected_base)
+            format!("{expected_base}/access/v1/search/action")
         );
         assert_eq!(
             metadata.search_resource_endpoint,
-            format!("{}/access/v1/search/resource", expected_base)
+            format!("{expected_base}/access/v1/search/resource")
         );
     }
 }

pdp-server/src/api/authzen/schema.rs

@@ -360,7 +360,7 @@ mod tests {
                 println!("✅ Deserialization successful - resource.id defaulted to empty string");
             }
             Err(e) => {
-                println!("❌ Deserialization failed: {}", e);
+                println!("❌ Deserialization failed: {e}");
                 println!(
                     "Payload: {}",
                     serde_json::to_string_pretty(&json_payload).unwrap()

pdp-server/src/api/authzen/search_action.rs

@@ -96,7 +96,7 @@ pub async fn search_action_handler(
     let permissions_map = match query_user_permissions(&state, &user_permissions_query).await {
         Ok(permissions_map) => permissions_map,
         Err(err) => {
-            log::error!("Failed to process AuthZen action search request: {:?}", err);
+            log::error!("Failed to process AuthZen action search request: {err:?}");
             let authzen_error = AuthZenError::from(err);
             return authzen_error.into_response();
         }
@@ -189,7 +189,7 @@ mod tests {
         let search_response: ActionSearchResponse = response.json_as();
 
         // Print the search response for debugging
-        println!("Search response: {:?}", search_response);
+        println!("Search response: {search_response:?}");
 
         // Check the response - should have 2 actions
         assert_eq!(search_response.results.len(), 2);
@@ -307,7 +307,7 @@ mod tests {
         let search_response: ActionSearchResponse = response.json_as();
 
         // Print the search response for debugging
-        println!("Search response: {:?}", search_response);
+        println!("Search response: {search_response:?}");
 
         // Check the response (should have 1 action)
         assert_eq!(search_response.results.len(), 1);

pdp-server/src/api/authzen/search_resource.rs

@@ -86,10 +86,7 @@ pub async fn search_resource_handler(
     let permissions = match query_user_permissions(&state, &query).await {
         Ok(permissions) => permissions,
         Err(err) => {
-            log::error!(
-                "Failed to process AuthZen resource search request: {:?}",
-                err
-            );
+            log::error!("Failed to process AuthZen resource search request: {err:?}");
             let authzen_error = AuthZenError::from(err);
             return authzen_error.into_response();
         }

pdp-server/src/api/authzen/search_subject.rs

@@ -80,10 +80,7 @@ pub async fn search_subject_handler(
     let result = match query_authorized_users(&state, &query).await {
         Ok(result) => result,
         Err(err) => {
-            log::error!(
-                "Failed to process AuthZen subject search request: {:?}",
-                err
-            );
+            log::error!("Failed to process AuthZen subject search request: {err:?}");
             let authzen_error = AuthZenError::from(err);
             return authzen_error.into_response();
         }

pdp-server/src/api/health/checkers.rs

@@ -76,7 +76,7 @@ pub fn check_opa_health<'a>(
             }
             Err(err) => ComponentStatus {
                 status: HealthStatusType::Error,
-                error: Some(format!("Failed to connect to OPA: {}", err)),
+                error: Some(format!("Failed to connect to OPA: {err}")),
                 details: None,
             },
         }
@@ -96,7 +96,7 @@ pub fn check_cache_health<'a>(
             },
             Err(err) => ComponentStatus {
                 status: HealthStatusType::Error,
-                error: Some(format!("Cache health check failed: {}", err)),
+                error: Some(format!("Cache health check failed: {err}")),
                 details: None,
             },
         }
@@ -148,7 +148,7 @@ async fn check_horizon_health_directly(state: &AppState) -> ComponentStatus {
         }
         Err(err) => ComponentStatus {
             status: HealthStatusType::Error,
-            error: Some(format!("Failed to connect to Horizon: {}", err)),
+            error: Some(format!("Failed to connect to Horizon: {err}")),
             details: None,
         },
     }

pdp-server/src/api/health/handlers.rs

@@ -35,7 +35,7 @@ async fn check_all_health(state: &AppState, check_cache: bool) -> HealthResponse
     };
 
     let horizon_status = horizon_handle.await.unwrap_or_else(|e| {
-        log::error!("Horizon check task panicked: {:?}", e);
+        log::error!("Horizon check task panicked: {e:?}");
         ComponentStatus {
             status: HealthStatusType::Error,
             error: Some("Horizon check task failed".to_string()),
@@ -44,7 +44,7 @@ async fn check_all_health(state: &AppState, check_cache: bool) -> HealthResponse
     });
 
     let opa_status = opa_handle.await.unwrap_or_else(|e| {
-        log::error!("OPA check task panicked: {:?}", e);
+        log::error!("OPA check task panicked: {e:?}");
         ComponentStatus {
             status: HealthStatusType::Error,
             error: Some("OPA check task failed".to_string()),
@@ -54,7 +54,7 @@ async fn check_all_health(state: &AppState, check_cache: bool) -> HealthResponse
 
     let cache_status = if let Some(cache_handle) = cache_handle_opt {
         Some(cache_handle.await.unwrap_or_else(|e| {
-            log::error!("Cache check task panicked: {:?}", e);
+            log::error!("Cache check task panicked: {e:?}");
             ComponentStatus {
                 status: HealthStatusType::Error,
                 error: Some("Cache check task failed".to_string()),
@@ -425,8 +425,7 @@ mod test {
 
         assert!(
             duration_with_cache < Duration::from_millis(750),
-            "Concurrent check took too long: {:?}",
-            duration_with_cache
+            "Concurrent check took too long: {duration_with_cache:?}"
         );
     }
 
@@ -469,8 +468,7 @@ mod test {
 
         assert!(
             duration_success < Duration::from_millis(1500),
-            "Concurrent successful check took too long: {:?}",
-            duration_success
+            "Concurrent successful check took too long: {duration_success:?}"
         );
     }
 

pdp-server/src/api/horizon_fallback.rs

@@ -73,7 +73,7 @@ pub(super) async fn fallback_to_horizon(
             let bytes = match response.bytes().await {
                 Ok(bytes) => bytes,
                 Err(e) => {
-                    log::error!("Failed to read response body: {}", e);
+                    log::error!("Failed to read response body: {e}");
                     return (StatusCode::BAD_GATEWAY, "Failed to read response body")
                         .into_response();
                 }
@@ -112,12 +112,12 @@ pub(super) async fn fallback_to_horizon(
                     StatusCode::from_u16(status.as_u16()).unwrap_or(StatusCode::BAD_GATEWAY);
                 return (
                     status_code,
-                    format!("Error response from horizon server: {}", e),
+                    format!("Error response from horizon server: {e}"),
                 )
                     .into_response();
             } else {
                 // Generic error message for other types of errors
-                format!("Failed to send request: {}", e)
+                format!("Failed to send request: {e}")
             };
 
             (StatusCode::BAD_GATEWAY, error_message).into_response()
@@ -501,8 +501,7 @@ mod tests {
         let body_text = String::from_utf8_lossy(&body_bytes);
         assert!(
             body_text.contains("Connection"),
-            "Expected connection error message, got: {}",
-            body_text
+            "Expected connection error message, got: {body_text}"
         );
     }
 
@@ -569,8 +568,7 @@ mod tests {
         let body_text = String::from_utf8_lossy(&body_bytes);
         assert!(
             body_text.contains("timeout") || body_text.contains("timed out"),
-            "Expected timeout error message, got: {}",
-            body_text
+            "Expected timeout error message, got: {body_text}"
         );
 
         // We don't verify the mock expectations as the request might time out

pdp-server/src/cache/memory.rs

@@ -101,7 +101,7 @@ mod tests {
     async fn test_health_check() {
         let cache = InMemoryCache::new(1, 128).unwrap();
         let result = cache.health_check().await;
-        assert!(result.is_ok(), "health check failed: {:?}", result);
+        assert!(result.is_ok(), "health check failed: {result:?}");
     }
 
     #[tokio::test]
@@ -115,7 +115,7 @@ mod tests {
 
         // Insert entries to fill the cache beyond capacity
         for i in 0..10 {
-            let key = format!("key_{}", i);
+            let key = format!("key_{i}");
             cache.set(&key, &data).await.unwrap();
             // Sleep for 100ms to allow moka to process the insertion
             // and the eviction to happen
@@ -128,7 +128,7 @@ mod tests {
         // Verify that at least some items were evicted due to capacity limits
         let mut found_items = 0;
         for i in 0..10 {
-            let key = format!("key_{}", i);
+            let key = format!("key_{i}");
             if cache.get::<String>(&key).await.unwrap().is_some() {
                 found_items += 1;
             }
@@ -138,8 +138,7 @@ mod tests {
         // we expect some items to be evicted, but we can't guarantee exactly how many
         assert!(
             found_items < 10,
-            "Expected some items to be evicted, but found {} items",
-            found_items
+            "Expected some items to be evicted, but found {found_items} items"
         );
     }
 }