-
Notifications
You must be signed in to change notification settings - Fork 137
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve supported entitlements and entitlements inferrence in migration #3266
Conversation
this also improves the inferrence of entitlements in the entitlement migration
41e5b14
to
552f09f
Compare
Cadence Benchstat comparisonThis branch with compared with the base branch onflow:master commit aff3148 Collapsed results for better readability
|
@onflow/cadence PTAL 🙏 |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #3266 +/- ##
==========================================
+ Coverage 80.77% 80.83% +0.06%
==========================================
Files 380 383 +3
Lines 93663 93887 +224
==========================================
+ Hits 75656 75894 +238
+ Misses 15306 15289 -17
- Partials 2701 2704 +3
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
Closes #3253
Description
Introduce a new Go type
EntitlementSet
(maybe needs a more descriptive name, suggestions very welcome), which is a conjunction of entitlement types, and disjunctions of entitlements. For example, it can represent{A, B, (C | D)}
. This allows representing more complex entitlement sets than access/auth entitlement sets can (only conjunction or disjunction of entitlements, e.g.{A, B}
OR{A | B}
)Switch
EntitlementSupportingType.SupportedEntitlements
to returnEntitlementSet
.Implementations of the function combine sub-sets – for example, composite type's implementation merges the entitlement sets of all members, and intersection type's implementation merges the entitlement sets of all interface types' supported entitlements. Switching the return type to a set type which is able to represent more complex sets results in less "information loss" in recursive calls.
As a result, when translating the resulting entitlement set to an access, it is possible to get a disjunction now, which was not previously possible.
Given
EntitlementSupportingType.SupportedEntitlements
is used in the entitlements migration and the contract update checker to infer the entitlements/auth, these changes should hopefully result in authorizations that are less permissive than before.master
branchFiles changed
in the Github PR explorer