Skip to content

Add 2.5.0 schema compatibility parsing functions #1600

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
May 8, 2025
Merged

Add 2.5.0 schema compatibility parsing functions #1600

merged 10 commits into from
May 8, 2025

Conversation

john-h-kastner-aws
Copy link
Contributor

@john-h-kastner-aws john-h-kastner-aws commented May 6, 2025
edited
Loading

Description of changes

Tn the 3.0 and 4.0 release we made some breaking changes to the JSON schema format. One which is causing particular problems for customers is disallowing unrecognized attributes in some positions in type definitions where they previously were allowed. This PR copies the structures used to define the JSON schema format from 2.5.0 into main branch and uses them to implement a more compatible schema parsing mode.

Note that this does not provide full backwards compatibility. Specifically:

  • appliesTo specifications disallow unspecified entities
  • Extension type references cannot reference unknown extension types
  • Common type definition shadowing is not allowed

Issue #, if available

Checklist for requesting a review

The change in this PR is (choose one, and delete the other options):

  • A breaking change requiring a major version bump to cedar-policy (e.g., changes to the signature of an existing API).
  • A backwards-compatible change requiring a minor version bump to cedar-policy (e.g., addition of a new API).
  • A bug fix or other functionality change requiring a patch to cedar-policy.
  • A change "invisible" to users (e.g., documentation, changes to "internal" crates like cedar-policy-core, cedar-validator, etc.)
  • A change (breaking or otherwise) that only impacts unreleased or experimental code.

I confirm that this PR (choose one, and delete the other options):

  • Updates the "Unreleased" section of the CHANGELOG with a description of my change (required for major/minor version bumps).
  • Does not update the CHANGELOG because my change does not significantly impact released code.

I confirm that cedar-spec (choose one, and delete the other options):

  • Does not require updates because my change does not impact the Cedar formal model or DRT infrastructure.
  • Requires updates, and I have made / will make these updates myself. (Please include in your description a timeline or link to the relevant PR in cedar-spec, and how you have tested that your updates are correct.)
  • Requires updates, but I do not plan to make them in the near future. (Make sure that your changes are hidden behind a feature flag to mark them as experimental.)
  • I'm not sure how my change impacts cedar-spec. (Post your PR anyways, and we'll discuss in the comments.)

I confirm that docs.cedarpolicy.com (choose one, and delete the other options):

  • Does not require updates because my change does not impact the Cedar language specification.
  • Requires updates, and I have made / will make these updates myself. (Please include in your description a timeline or link to the relevant PR in cedar-docs. PRs should be targeted at a staging-X.Y branch, not main.)
  • I'm not sure how my change impacts the documentation. (Post your PR anyways, and we'll discuss in the comments.)

@john-h-kastner-aws
Add 2.5.x schema compatibility parsing functions
09b8392 
Signed-off-by: John Kastner <jkastner@amazon.com>
@john-h-kastner-aws
Changelog
3890467 
Signed-off-by: John Kastner <jkastner@amazon.com>
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@john-h-kastner-aws
Copy link
Contributor Author

john-h-kastner-aws commented May 6, 2025
edited
Loading

Might need to update CI scripts or make the new feature experimental. I didn't want to make it experimental since this isn't something we're experimenting with and looking to stabilize long-term, but our scripts use --features "experimental" rather than --all-features (this explains some of the supposedly uncovered lines the coverage report)

@github-actions GitHub Actions

This comment was marked as duplicate.

Sign in to view
@github-actions GitHub Actions

This comment was marked as duplicate.

Sign in to view
@john-h-kastner-aws
Add compat feature to experimental
4f6b6f0 
Signed-off-by: John Kastner <jkastner@amazon.com>
@john-h-kastner-aws john-h-kastner-aws force-pushed the back-compat-schema-parsing branch from 609c1d6 to 4f6b6f0 Compare May 7, 2025 16:33
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@john-h-kastner-aws
add tests for &str functions
bf21d39 
Signed-off-by: John Kastner <jkastner@amazon.com>
@john-h-kastner-aws
fix
8d52159 
Signed-off-by: John Kastner <jkastner@amazon.com>
cdisselkoen
cdisselkoen approved these changes May 7, 2025
View reviewed changes
cedar-policy-validator/src/deprecated_schema_compat/json_schema.rs Outdated
#[serde(with = "::serde_with::rust::maps_duplicate_key_is_error")]
#[serde(rename = "commonTypes")]
pub common_types: HashMap<CommonTypeId, SchemaType>,
// Key changed from `SmolStr` in 2.5.0 to `UnreserveId` to avoid excess code duplication
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// Key changed from `SmolStr` in 2.5.0 to `UnreserveId` to avoid excess code duplication
// Key changed from `SmolStr` in 2.5.0 to `UnreservedId` to avoid excess code duplication

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is another change from the 2.5.x behavior I think? We will now reject some reserved words in this position which weren't rejected in 2.5.x

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, probably slightly different

cedar-policy-validator/src/deprecated_schema_compat/json_schema.rs
Comment on lines +99 to +106
// Key changed from `SmolStr` in 2.5.0 to `RawName` to avoid excess code duplication
#[serde(default)]
#[serde(rename = "resourceTypes")]
pub resource_types: Option<Vec<RawName>>,
// Key changed from `SmolStr` in 2.5.0 to `RawName` to avoid excess code duplication
#[serde(default)]
#[serde(rename = "principalTypes")]
pub principal_types: Option<Vec<RawName>>,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is that also a change from 2.5.x behavior? 2.5.x accepted any string, now we only accept RawName (e.g. no interior whitespace)? I guess presumably 2.5.x was rejecting non-valid-names somewhere later in the pipeline?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These shouldn't be since RFC 9 was released in 2.3.0

@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
john-h-kastner-aws and others added 2 commits May 7, 2025 18:26
@john-h-kastner-aws
fix header
ec60424 
Signed-off-by: John Kastner <jkastner@amazon.com>
@john-h-kastner-aws @cdisselkoen
Apply suggestions from code review
30a72b5 
Co-authored-by: Craig Disselkoen <cdiss@amazon.com>
@github-actions GitHub Actions

This comment was marked as duplicate.

Sign in to view
@github-actions GitHub Actions

This comment was marked as duplicate.

Sign in to view
@github-actions GitHub Actions

This comment was marked as duplicate.

Sign in to view
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@github-actions GitHub Actions
Copy link

github-actions bot commented May 7, 2025

Coverage Report

Head Commit: 62047b6f164a4d3234caf53fc51bdfb3b2479124

Base Commit: 48a4b7a081f67e3c2ee50508b083339a2340bc6a

Download the full coverage report.

Coverage of Added or Modified Lines of Rust Code

Required coverage: 80.00%

Actual coverage: 81.45%

Status: PASSED ✅

Details
File Status Covered Coverage Missed Lines
cedar-policy-validator/src/deprecated_schema_compat/conversion.rs 🟢 171/193 88.60% 61-62, 68-75, 77, 98-100, 104-111
cedar-policy-validator/src/deprecated_schema_compat/json_schema.rs 🟢 14/16 87.50% 42, 132
cedar-policy/src/api/deprecated_schema_compat.rs 🔴 17/39 43.59% 39-41, 43-44, 46, 53, 56-57, 66-68, 70-71, 73, 107-112, 114

Coverage of All Lines of Rust Code

Required coverage: 80.00%

Actual coverage: 81.77%

Status: PASSED ✅

Details
Package Status Covered Coverage Base Coverage
cedar-policy 🔴 3111/4528 68.71% 68.92%
cedar-policy-cli 🔴 571/972 58.74% 58.74%
cedar-policy-core 🟢 11905/14113 84.35% 84.31%
cedar-policy-formatter 🟢 914/1043 87.63% 87.63%
cedar-policy-validator 🟢 8745/10191 85.81% 85.69%
cedar-wasm 🔴 0/29 0.00% 0.00%

@john-h-kastner-aws john-h-kastner-aws merged commit 693b8d6 into main May 8, 2025
20 checks passed
@john-h-kastner-aws john-h-kastner-aws deleted the back-compat-schema-parsing branch May 14, 2025 13:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cdisselkoen cdisselkoen cdisselkoen approved these changes

@shaobo-he-aws shaobo-he-aws shaobo-he-aws approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@john-h-kastner-aws @cdisselkoen @shaobo-he-aws