Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Level validation Rust implementation (RFC 76) #1146

Merged
merged 17 commits into from
Oct 3, 2024
Merged

Level validation Rust implementation (RFC 76) #1146

merged 17 commits into from
Oct 3, 2024

Conversation

andrewmwells-amazon
Copy link
Contributor

@andrewmwells-amazon andrewmwells-amazon commented Aug 16, 2024
edited
Loading

Description of changes

Rust implementation of Level validation (RFC 76: cedar-policy/rfcs#76)

@aaronjeline is working on Lean changes.

Example error messages:
Screenshot 2024-08-16 at 3 23 47 PM

Issue #, if available

RFC 76 (cedar-policy/rfcs#76)

Checklist for requesting a review

The change in this PR is (choose one, and delete the other options):

  • A backwards-compatible change requiring a minor version bump to cedar-policy (e.g., addition of a new API).

I confirm that this PR (choose one, and delete the other options):

  • Updates the "Unreleased" section of the CHANGELOG with a description of my change (required for major/minor version bumps).

I confirm that cedar-spec (choose one, and delete the other options):

  • Requires updates, and I have made / will make these updates myself. (Please include in your description a timeline or link to the relevant PR in cedar-spec, and how you have tested that your updates are correct.)

@andrewmwells-amazon andrewmwells-amazon mentioned this pull request Aug 19, 2024
Merged
@andrewmwells-amazon
Add level validation (RFC #76)
3daa6b3 
Signed-off-by: Andrew Wells <anmwells@amazon.com>
@andrewmwells-amazon andrewmwells-amazon force-pushed the andrewmwells/level_validation branch from a3049c7 to 3daa6b3 Compare September 30, 2024 20:57
@andrewmwells-amazon
remove moved file kept due to git merge
8f4c19f 
Signed-off-by: Andrew Wells <anmwells@amazon.com>
@andrewmwells-amazon
level-validate feature flag for imports
09a0eaa 
Signed-off-by: Andrew Wells <anmwells@amazon.com>
@andrewmwells-amazon
cleanup
94de923 
Signed-off-by: Andrew Wells <anmwells@amazon.com>
@andrewmwells-amazon
cleanup
6fae095 
Signed-off-by: Andrew Wells <anmwells@amazon.com>
aaronjeline
aaronjeline requested changes Oct 1, 2024
View reviewed changes
Copy link
Contributor

@aaronjeline aaronjeline left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is slightly different the lean impl. In the lean impl Level 0 is the level that can't be de-referenced. I think they should align on that. Otherwise, looks good. Very different algorithm to the lean, but I think you said that was so you can get better error messages.

cedar-policy-validator/src/diagnostics/validation_errors.rs Outdated Show resolved Hide resolved
cedar-policy-validator/src/diagnostics/validation_errors.rs Outdated Show resolved Hide resolved
cedar-policy-validator/src/lib.rs Outdated Show resolved Hide resolved
cedar-policy-validator/src/lib.rs Outdated Show resolved Hide resolved
@andrewmwells-amazon
Address review comments
af1c77d 
Signed-off-by: Andrew Wells <anmwells@amazon.com>
john-h-kastner-aws
john-h-kastner-aws reviewed Oct 1, 2024
View reviewed changes
cedar-policy-validator/src/diagnostics/validation_errors.rs Outdated Show resolved Hide resolved
cedar-policy-validator/src/diagnostics/validation_errors.rs Outdated Show resolved Hide resolved
cedar-policy-validator/src/lib.rs Outdated Show resolved Hide resolved
cedar-policy-validator/src/lib.rs Outdated Show resolved Hide resolved
cedar-policy-validator/src/lib.rs Outdated Show resolved Hide resolved
cedar-policy-validator/src/lib.rs Outdated Show resolved Hide resolved
cedar-policy-validator/src/lib.rs Outdated Show resolved Hide resolved
cedar-policy-validator/src/lib.rs Outdated Show resolved Hide resolved
@andrewmwells-amazon
Copy link
Contributor Author

This is slightly different the lean impl. In the lean impl Level 0 is the level that can't be de-referenced. I think they should align on that.

That's my understanding too. Each node's level gives the number of allowable dereferences. 0 means no dereferences are allowed. A negative number means we've already done more dereferences than allowed. None means infinite dereferences allowed. Is there a place where I'm not following this?

@andrewmwells-amazon
address review comments
8462d73 
Signed-off-by: Andrew Wells <anmwells@amazon.com>
@andrewmwells-amazon
Add tests
be71916 
Signed-off-by: Andrew Wells <anmwells@amazon.com>
@andrewmwells-amazon
Increase precision for records
e30522b 
Signed-off-by: Andrew Wells <anmwells@amazon.com>
@andrewmwells-amazon
Store Expr in PolicyCheck::Irrelevant case
cd37ba4 
Signed-off-by: Andrew Wells <anmwells@amazon.com>
@andrewmwells-amazon
Fix comment on implications of is_false
cda8ae1 
Signed-off-by: Andrew Wells <anmwells@amazon.com>
@andrewmwells-amazon
Fix comment on implications of is_false
eba08d4 
Signed-off-by: Andrew Wells <anmwells@amazon.com>
john-h-kastner-aws
john-h-kastner-aws approved these changes Oct 2, 2024
View reviewed changes
cedar-policy/src/api.rs Outdated Show resolved Hide resolved
cedar-policy-validator/src/lib.rs Show resolved Hide resolved
@andrewmwells-amazon
Remove infinite level
168f021 
Signed-off-by: Andrew Wells <anmwells@amazon.com>
aaronjeline
aaronjeline approved these changes Oct 2, 2024
View reviewed changes
cedar-policy-validator/src/lib.rs Outdated Show resolved Hide resolved
cedar-policy-validator/src/lib.rs Outdated Show resolved Hide resolved
@andrewmwells-amazon
Add test for error message on RHS of in op
add106a 
Signed-off-by: Andrew Wells <anmwells@amazon.com>
@andrewmwells-amazon
Move level validation to separate file
d0b6a62 
Signed-off-by: Andrew Wells <anmwells@amazon.com>
@andrewmwells-amazon
Remove level-validate from default features
a837a31 
Signed-off-by: Andrew Wells <anmwells@amazon.com>
@andrewmwells-amazon
remove redundant deny configs
359d8e2 
Signed-off-by: Andrew Wells <anmwells@amazon.com>
@andrewmwells-amazon andrewmwells-amazon merged commit 2de6db8 into main Oct 3, 2024
19 checks passed
@andrewmwells-amazon andrewmwells-amazon deleted the andrewmwells/level_validation branch October 3, 2024 16:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aaronjeline aaronjeline aaronjeline approved these changes

@shaobo-he-aws shaobo-he-aws shaobo-he-aws approved these changes

@john-h-kastner-aws john-h-kastner-aws john-h-kastner-aws approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Cedar 4.2
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@andrewmwells-amazon @aaronjeline @shaobo-he-aws @john-h-kastner-aws