Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Key-only policy annotation #1031

Closed
2 tasks
0x00A5 opened this issue Jun 27, 2024 · 3 comments · Fixed by #1231
Closed
2 tasks

Key-only policy annotation #1031

0x00A5 opened this issue Jun 27, 2024 · 3 comments · Fixed by #1231
Assignees
@john-h-kastner-aws
Labels
feature-request This issue requets a substantial new feature help-wanted Community help desired. We have not scheduled time to fix this, but think it important.

Comments

@0x00A5
Copy link
Contributor

0x00A5 commented Jun 27, 2024
edited
Loading

Describe the improvement you'd like to request

As of writing, policy annotations are required to be key-value pairs. When using it as a tag or label for marking a policy, this becomes a bit awkward. For example, we'd like to write a policy like the following to mark a policy as shadow / dry-run mode.

@shadow_mode
permit(principal, action, resource);

This annotation is illegal and we have to write the annotation as @shadow_mode("").

Describe alternatives you've considered

Assign an empty string to the annotations that serve only as a tag.

Additional context

No response

Is this something that you'd be interested in working on?

  • 👋 I may be able to implement this internal improvement
  • ⚠️ This feature might incur a breaking change
@0x00A5 0x00A5 added internal-improvement Refactoring, minor performance improvement, or other changes that Cedar users may never notice pending-triage The cedar maintainers haven't looked at this yet. Automicaly added to all new issues. labels Jun 27, 2024
@aaronjeline aaronjeline added backlog feature-request This issue requets a substantial new feature and removed pending-triage The cedar maintainers haven't looked at this yet. Automicaly added to all new issues. labels Jun 27, 2024
@aaronjeline
Copy link
Contributor

This seems very reasonable

@khieta
Copy link
Contributor

khieta commented Jul 1, 2024
edited by shaobo-he-aws
Loading

Thanks for filing this issue! Agreed that this seems reasonable, but I don't think it's high on our priority list. I'll mark it as help-wanted to indicate that we'd accept a PR for this. I think the only code that would need to be edited is the policy parser.

Specifically, you want to add a new rule here.

@khieta khieta added the help-wanted Community help desired. We have not scheduled time to fix this, but think it important. label Jul 1, 2024
@aaronjeline aaronjeline moved this to Todo in Cedar 4.2 Sep 27, 2024
@john-h-kastner-aws john-h-kastner-aws linked a pull request Sep 30, 2024 that will close this issue
Add support for annotations without explicit value #1231
Merged
14 tasks
@github-project-automation github-project-automation bot moved this from In Progress to Done in Cedar 4.2 Oct 1, 2024
@john-h-kastner-aws
Copy link
Contributor

FYI, we've implemented this for release in an upcoming version 4.2. @shadow_mode will now be valid an equivalent to @shadow_mode("")

@john-h-kastner-aws john-h-kastner-aws removed the internal-improvement Refactoring, minor performance improvement, or other changes that Cedar users may never notice label Oct 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@john-h-kastner-aws john-h-kastner-aws

Labels
feature-request This issue requets a substantial new feature help-wanted Community help desired. We have not scheduled time to fix this, but think it important.
Projects
Cedar 4.2
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for annotations without explicit value cedar-policy/cedar
4 participants
@khieta @aaronjeline @0x00A5 @john-h-kastner-aws