feat: Add cerbosctl inspect policies command (#2101)

```
POLICY ID                                       ACTIONS              
resource.leave_request.vdefault                 *,create,submit,view    
resource.leave_request.vdefault/regional        *,create,submit,view    
principal.donald_duck.v20210210                 create,delete 
```

Signed-off-by: Oğuzhan Durgun <oguzhandurgun95@gmail.com>

Author: oguzhand95

cmd/cerbosctl/inspect/inspect.go

@@ -0,0 +1,8 @@
+// Copyright 2021-2024 Zenauth Ltd.
+// SPDX-License-Identifier: Apache-2.0
+
+package inspect
+
+type Cmd struct {
+	Policies PoliciesCmd `cmd:"" name:"policies" aliases:"p" help:"Inspect policies in the store"`
+}

cmd/cerbosctl/inspect/internal/flagset/filter.go

@@ -0,0 +1,11 @@
+// Copyright 2021-2024 Zenauth Ltd.
+// SPDX-License-Identifier: Apache-2.0
+
+package flagset
+
+type Filters struct {
+	NameRegexp      string `help:"Filter policies by name, using regular expression"`
+	VersionRegexp   string `help:"Filter policies by version, using regular expression"`
+	ScopeRegexp     string `help:"Filter policies by scope, using regular expression"`
+	IncludeDisabled bool   `help:"Include disabled policies"`
+}

cmd/cerbosctl/inspect/internal/flagset/format.go

@@ -0,0 +1,8 @@
+// Copyright 2021-2024 Zenauth Ltd.
+// SPDX-License-Identifier: Apache-2.0
+
+package flagset
+
+type Format struct {
+	NoHeaders bool `help:"Do not output headers"`
+}

cmd/cerbosctl/inspect/policies.go

@@ -0,0 +1,71 @@
+// Copyright 2021-2024 Zenauth Ltd.
+// SPDX-License-Identifier: Apache-2.0
+
+package inspect
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/alecthomas/kong"
+	"github.com/cerbos/cerbos-sdk-go/cerbos"
+
+	"github.com/cerbos/cerbos/cmd/cerbosctl/inspect/internal/flagset"
+	"github.com/cerbos/cerbos/cmd/cerbosctl/internal/client"
+	"github.com/cerbos/cerbos/cmd/cerbosctl/internal/printer"
+)
+
+const (
+	help = `# Inspect policies
+
+cerbosctl inspect policies
+
+# Inspect policies, print no headers
+
+cerbosctl inspect policies`
+	separator = ","
+)
+
+type PoliciesCmd struct {
+	flagset.Filters
+	flagset.Format
+}
+
+func (c *PoliciesCmd) Run(k *kong.Kong, cctx *client.Context) error {
+	var opts []cerbos.FilterOption
+	if c.Filters.IncludeDisabled {
+		opts = append(opts, cerbos.WithIncludeDisabled())
+	}
+	if c.Filters.NameRegexp != "" {
+		opts = append(opts, cerbos.WithNameRegexp(c.Filters.NameRegexp))
+	}
+	if c.Filters.ScopeRegexp != "" {
+		opts = append(opts, cerbos.WithScopeRegexp(c.Filters.ScopeRegexp))
+	}
+	if c.Filters.VersionRegexp != "" {
+		opts = append(opts, cerbos.WithVersionRegexp(c.Filters.VersionRegexp))
+	}
+
+	response, err := cctx.AdminClient.InspectPolicies(context.Background(), opts...)
+	if err != nil {
+		return fmt.Errorf("error while inspecting policies: %w", err)
+	}
+
+	tw := printer.NewTableWriter(k.Stdout)
+	if !c.Format.NoHeaders {
+		tw.SetHeader([]string{"POLICY ID", "ACTIONS"})
+	}
+
+	for policyKey, result := range response.Results {
+		actions := strings.Join(result.Actions, separator)
+		tw.Append([]string{policyKey, actions})
+	}
+
+	tw.Render()
+	return nil
+}
+
+func (c *PoliciesCmd) Help() string {
+	return help
+}

cmd/cerbosctl/root/root.go

@@ -11,6 +11,7 @@ import (
 	"github.com/cerbos/cerbos/cmd/cerbosctl/enable"
 	"github.com/cerbos/cerbos/cmd/cerbosctl/get"
 	"github.com/cerbos/cerbos/cmd/cerbosctl/hub"
+	"github.com/cerbos/cerbos/cmd/cerbosctl/inspect"
 	"github.com/cerbos/cerbos/cmd/cerbosctl/internal/flagset"
 	"github.com/cerbos/cerbos/cmd/cerbosctl/put"
 	"github.com/cerbos/cerbos/cmd/cerbosctl/store"
@@ -21,6 +22,7 @@ type Cli struct {
 	Get get.Cmd `cmd:"" help:"List or view policies and schemas"`
 	Hub hub.Cmd `cmd:"" help:"Cerbos Hub operations"`
 	flagset.Globals
+	Inspect   inspect.Cmd   `cmd:"" help:"Inspect policies"`
 	Store     store.Cmd     `cmd:"" help:"Store operations"`
 	Delete    del.Cmd       `cmd:"" help:"Delete schemas"`
 	Disable   disable.Cmd   `cmd:"" help:"Disable policies"`

docs/modules/cli/pages/cerbosctl.adoc

@@ -372,6 +372,16 @@ embedded PDP bundle. If none of the policies in the repo are annotated, they are
 cerbosctl hub epdp list-candidates ./path/to/repository
 ----
 
+[#inspect-policies]
+== `inspect policies`
+
+This command is to inspect policies in the store. Currently, it lists actions defined in the policies.
+
+.Inspect policies
+----
+cerbosctl inspect policies
+----
+
 [#put]
 == `put`
 

go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/bluele/gcache v0.0.2
 	github.com/bufbuild/protovalidate-go v0.6.1
 	github.com/cenkalti/backoff/v4 v4.3.0
-	github.com/cerbos/cerbos-sdk-go v0.2.4
+	github.com/cerbos/cerbos-sdk-go v0.2.5-0.20240415074433-be5e6dca0cce
 	github.com/cerbos/cerbos/api/genpb v0.35.1
 	github.com/cerbos/cloud-api v0.1.18
 	github.com/cespare/xxhash v1.1.0

go.sum

@@ -157,6 +157,10 @@ github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMr
 github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
 github.com/cerbos/cerbos-sdk-go v0.2.4 h1:OE0T6728Ry4acFd9pb8vRxizBGDJFvluwxxIHPjLQQg=
 github.com/cerbos/cerbos-sdk-go v0.2.4/go.mod h1:q+ORcpV5KLvubtRlPFB39hi5b+pvDE3lC6ZEgNks6rw=
+github.com/cerbos/cerbos-sdk-go v0.2.5-0.20240408141506-00afe19d074b h1:a2fSjB/48GDJPZA+qDIP0NHfEUrTiIlVqsGYac/qFEk=
+github.com/cerbos/cerbos-sdk-go v0.2.5-0.20240408141506-00afe19d074b/go.mod h1:E5rynfR0AHdvdz69CEk1/LbUH7apq/a3ybjjK65TXw4=
+github.com/cerbos/cerbos-sdk-go v0.2.5-0.20240415074433-be5e6dca0cce h1:Bmn1LQpcZklykycAmSE+Bv62lECPBXoLQaAUAB3BcxM=
+github.com/cerbos/cerbos-sdk-go v0.2.5-0.20240415074433-be5e6dca0cce/go.mod h1:Utzg7mpDNkJ01MG6pdlinsgwrzU/XIzuQ9MFvYQskcs=
 github.com/cerbos/cerbos/api/genpb v0.35.1 h1:IgmvEUg+FXachWUT9f2b7NQ650kogwAEoeyMpx8kQYg=
 github.com/cerbos/cerbos/api/genpb v0.35.1/go.mod h1:DcozdAIUztxXwtVs88gGgdyCITru7WCTF9vGA6j+H8k=
 github.com/cerbos/cloud-api v0.1.18 h1:psD9psLgNq/u1IEOsp8L2mwwvB4umGeA4C4YHw19G9g=