Implement RFC 55

[aaronjeline]

Description of changes

(partially) Implements RFC 55
This does not implement the backwards compatibility functions, saving that for a second PR as this one is already large.

Issue #, if available

N/A

Checklist for requesting a review

The change in this PR is (choose one, and delete the other options):

• A breaking change requiring a major version bump to cedar-policy (e.g., changes to the signature of an existing API).

I confirm that this PR (choose one, and delete the other options):

• Updates the "Unreleased" section of the CHANGELOG with a description of my change (required for major/minor version bumps).

I confirm that cedar-spec (choose one, and delete the other options):

• Does not require updates because my change does not impact the Cedar formal model or DRT infrastructure.

[aaronjeline]

Note: one integration test will need change

[khieta]

Added a couple comments -- more will come later. I've decided to work on this review in parts.

[khieta]

A few more comments. I'll wait until Monday to look at the rest of the validator code 😅 Great to see all this special casing for unspecified entities disappear!

[khieta]

Is this going to work with RFC52?

[aaronjeline]

Why wouldn't it?

[john-h-kastner-aws]

It uses __cedar?

[cdisselkoen]

Did we decide the interactions of those RFCs? I.e., whether __cedar::Default will be one of the allowed uses of the __cedar namespace (like __cedar::Long)?

[aaronjeline]

It has to be or we need to change the RFC. I was assuming it was because otherwise that part of the RFC doesn't make sense in the context of 52

[khieta]

The __cedar syntax if only mentioned in the Alternatives section of RFC 55, not in the main proposal. But the intention in the alternatives was that __cedar::Default would be builtin the same way as __cedar::Long.

[khieta]

(Regardless, I think it should be removed from the tests here since we decided not to support it as part of RFC 55.)

[khieta]

This test also makes it seem like __cedar::"Default" is something special. Are these tests really testing something interesting? I suspect they could be removed in favor of existing tests.

[aaronjeline]

Eh, I think it's nice to have a confirmation our migration suggestion is breaking anything

[khieta]

Final batch of comments from me! I'll approve once my comments are addressed & you have a draft of the corresponding cedar-spec PR to fix DRT.

[aaronjeline]

Draft pr for cedar-integration-tests: cedar-policy/cedar-integration-tests#6

[john-h-kastner-aws]

Tagging @shaobo-he-aws to review the changes to this file and other human-schema related files.

[john-h-kastner-aws]

Might be nice to split this white space fix into a separate PR.

[aaronjeline]

Uh I think my editor did that automatically

[john-h-kastner-aws]

It uses __cedar?

[john-h-kastner-aws]

We should fold this in with the other schema parsing tests. It's doesn't test typechecking at all anymore

[aaronjeline]

There will be tests that do when I add the backwards compat methods

[cdisselkoen]

Love this PR and RFC, from the implementation perspective. So many of these changes make things simpler.

[cdisselkoen]

Did we decide the interactions of those RFCs? I.e., whether __cedar::Default will be one of the allowed uses of the __cedar namespace (like __cedar::Long)?

[aaronjeline]

DRT PR: cedar-policy/cedar-spec#366

[khieta]

Only remaining comment from me is that you're using __cedar::Default in some tests. This will not be supported with the implementation of RFC52 -- these can be added as tests when implementing that RFC. I don't think they should be added here.

[shaobo-he-aws]

LGTM

[shaobo-he-aws]

Only remaining comment from me is that you're using __cedar::Default in some tests. This will not be supported with the implementation of RFC52 -- these can be added as tests when implementing that RFC. I don't think they should be added here.

I think we can keep these tests. I'll add them to my PR implementing RFC 52 when I sync it with main.