RFC 53 implementation #1377
RFC 53 implementation #1377
Conversation
| pub struct ValidatorEntityType { | ||
| /// The name of the entity type. | ||
| pub(crate) name: EntityType, | ||
|
|
||
| /// The set of entity types that can be members of this entity type. When | ||
| /// this structure is initially constructed, the field will contain direct | ||
| /// children, but it will be updated to contain the closure of all | ||
| /// descendants before it is used in any validation. | ||
| pub descendants: HashSet<EntityType>, | ||
|
|
||
| /// The attributes associated with this entity. | ||
| pub(crate) attributes: Attributes, | ||
|
|
||
| /// Indicates that this entity type may have additional attributes | ||
| /// other than the declared attributes that may be accessed under partial | ||
| /// schema validation. We do not know if they are present, and do not know | ||
| /// their type when they are present. Attempting to access an undeclared | ||
| /// attribute under standard validation is an error regardless of this flag. | ||
| pub(crate) open_attributes: OpenTag, | ||
|
|
||
| /// Tag type for this entity type. `None` indicates that entities of this | ||
| /// type are not allowed to have tags. | ||
| #[serde(skip_serializing_if = "Option::is_none")] | ||
| pub(crate) tags: Option<Type>, | ||
| pub enum ValidatorEntityType { | ||
| Common { | ||
| /// The name of the entity type. | ||
| name: EntityType, | ||
|
|
||
| /// The set of entity types that can be members of this entity type. When | ||
| /// this structure is initially constructed, the field will contain direct | ||
| /// children, but it will be updated to contain the closure of all | ||
| /// descendants before it is used in any validation. | ||
| descendants: HashSet<EntityType>, | ||
|
|
||
| /// The attributes associated with this entity. | ||
| attributes: Attributes, | ||
|
|
||
| /// Indicates that this entity type may have additional attributes | ||
| /// other than the declared attributes that may be accessed under partial | ||
| /// schema validation. We do not know if they are present, and do not know | ||
| /// their type when they are present. Attempting to access an undeclared | ||
| /// attribute under standard validation is an error regardless of this flag. | ||
| open_attributes: OpenTag, | ||
|
|
||
| /// Tag type for this entity type. `None` indicates that entities of this | ||
| /// type are not allowed to have tags. | ||
| #[serde(skip_serializing_if = "Option::is_none")] | ||
| tags: Option<Type>, | ||
| }, |
There was a problem hiding this comment.
This change makes the fields pub instead of pub(crate), this is probably fine, just drawing attention to this in case someone thinks they shouldn't be pub
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com>
| @@ -202,6 +202,7 @@ impl Validator { | |||
| } else { | |||
| Some( | |||
| self.validate_entity_types(p) | |||
| .chain(self.validate_enum_entity(p)) | |||
There was a problem hiding this comment.
Noting that this will mean enum entity validation doesn't short-circuit, matching the current behavior for validating entity types and actions. This is a good design decision IMO, but might mean we run into some differences between the Rust and Lean impls in DRT, so I'll just leave a comment here so we don't forget that it's expected
There was a problem hiding this comment.
I was thinking if we should implement enum entity validity checking in the type checker. What's your thought on this?
There was a problem hiding this comment.
I wouldn't do that in this PR. Could consider moving it along with the entity-type check later
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com>
This reverts commit 77ec089.
Signed-off-by: Shaobo He <shaobohe@amazon.com>
| D: serde::Deserializer<'de>, | ||
| { | ||
| // A "real" option that does not accept `null` during deserialization | ||
| // TODO: we should be able to use `serde_as` or `serde_with` instead |
There was a problem hiding this comment.
We should open an issue to keep track of the work for this improvement, and paste it here.
| // I tried to apply the same idea to `EntityTypeKind` but serde allows | ||
| // unknown fields |
There was a problem hiding this comment.
And you can't use deny_unknown_fields there? Or what's the issue?
There was a problem hiding this comment.
I can't recall what the issue is. It seems deny_unknown_fields didn't work.
There was a problem hiding this comment.
deny_unknown_fields is generally problematic
| assert_matches!(&**element, Type::Type { ty: TypeVariant::String, loc: None }); // TODO: why is this `TypeVariant::String` in this case but `EntityOrCommon { "String" }` in all the other cases in this test? Do we accept common types as the element type for sets? | ||
| assert_matches!(frag.0.get(&None).unwrap().entity_types.get(&"User".parse().unwrap()).unwrap(), EntityType { kind: EntityTypeKind::Standard(user), ..} => { | ||
| assert_matches!(&user.tags, Some(Type::Type { ty: TypeVariant::Set { element }, ..}) => { | ||
| assert_matches!(&**element, Type::Type{ ty: TypeVariant::String, ..}); // TODO: why is this `TypeVariant::String` in this case but `EntityOrCommon { "String" }` in all the other cases in this test? Do we accept common types as the element type for sets? |
There was a problem hiding this comment.
Shouldn't we figure this out or at least have an issue for it?
There was a problem hiding this comment.
I think it's beyond the scope of this PR. We can create an issue for it.
|
Forgot to say that I'm also a little concerned about the amount of |
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com>
I don't think so. A Lean model is under development and we will use it for DRT. |
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com> Signed-off-by: Charlie Murphy <mutmoth@amazon.com>
Description of changes
Issue #, if available
Checklist for requesting a review
The change in this PR is (choose one, and delete the other options):
cedar-policy(e.g., addition of a new API).I confirm that this PR (choose one, and delete the other options):
I confirm that
cedar-spec(choose one, and delete the other options):cedar-spec, and how you have tested that your updates are correct.)I confirm that
docs.cedarpolicy.com(choose one, and delete the other options):cedar-docs. PRs should be targeted at astaging-X.Ybranch, notmain.)