RFC 53 implementation #1377
Open
RFC 53 implementation #1377
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Shaobo He <[email protected]>
cdisselkoen
reviewed
Jan 2, 2025
Comment on lines
37
to
62
| pub struct ValidatorEntityType { | ||
| /// The name of the entity type. | ||
| pub(crate) name: EntityType, | ||
|
|
||
| /// The set of entity types that can be members of this entity type. When | ||
| /// this structure is initially constructed, the field will contain direct | ||
| /// children, but it will be updated to contain the closure of all | ||
| /// descendants before it is used in any validation. | ||
| pub descendants: HashSet<EntityType>, | ||
|
|
||
| /// The attributes associated with this entity. | ||
| pub(crate) attributes: Attributes, | ||
|
|
||
| /// Indicates that this entity type may have additional attributes | ||
| /// other than the declared attributes that may be accessed under partial | ||
| /// schema validation. We do not know if they are present, and do not know | ||
| /// their type when they are present. Attempting to access an undeclared | ||
| /// attribute under standard validation is an error regardless of this flag. | ||
| pub(crate) open_attributes: OpenTag, | ||
|
|
||
| /// Tag type for this entity type. `None` indicates that entities of this | ||
| /// type are not allowed to have tags. | ||
| #[serde(skip_serializing_if = "Option::is_none")] | ||
| pub(crate) tags: Option<Type>, | ||
| pub enum ValidatorEntityType { | ||
| Common { | ||
| /// The name of the entity type. | ||
| name: EntityType, | ||
|
|
||
| /// The set of entity types that can be members of this entity type. When | ||
| /// this structure is initially constructed, the field will contain direct | ||
| /// children, but it will be updated to contain the closure of all | ||
| /// descendants before it is used in any validation. | ||
| descendants: HashSet<EntityType>, | ||
|
|
||
| /// The attributes associated with this entity. | ||
| attributes: Attributes, | ||
|
|
||
| /// Indicates that this entity type may have additional attributes | ||
| /// other than the declared attributes that may be accessed under partial | ||
| /// schema validation. We do not know if they are present, and do not know | ||
| /// their type when they are present. Attempting to access an undeclared | ||
| /// attribute under standard validation is an error regardless of this flag. | ||
| open_attributes: OpenTag, | ||
|
|
||
| /// Tag type for this entity type. `None` indicates that entities of this | ||
| /// type are not allowed to have tags. | ||
| #[serde(skip_serializing_if = "Option::is_none")] | ||
| tags: Option<Type>, | ||
| }, |
There was a problem hiding this comment.
This change makes the fields pub instead of pub(crate), this is probably fine, just drawing attention to this in case someone thinks they shouldn't be pub
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
|
|
||
| /// Return valid EID choices if the entity type is enumerated otherwise | ||
| /// return `None` | ||
| fn choices(&self) -> Option<Vec<SmolStr>>; |
There was a problem hiding this comment.
Might be better off returning slice or an iterator?
| @@ -202,6 +202,7 @@ impl Validator { | |||
| } else { | |||
| Some( | |||
| self.validate_entity_types(p) | |||
| .chain(self.validate_enum_entity(p)) | |||
There was a problem hiding this comment.
Noting that this will mean enum entity validation doesn't short-circuit, matching the current behavior for validating entity types and actions. This is a good design decision IMO, but might mean we run into some differences between the Rust and Lean impls in DRT, so I'll just leave a comment here so we don't forget that it's expected
There was a problem hiding this comment.
I was thinking if we should implement enum entity validity checking in the type checker. What's your thought on this?
There was a problem hiding this comment.
I wouldn't do that in this PR. Could consider moving it along with the entity-type check later
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
| @@ -202,6 +202,7 @@ impl Validator { | |||
| } else { | |||
| Some( | |||
| self.validate_entity_types(p) | |||
| .chain(self.validate_enum_entity(p)) | |||
There was a problem hiding this comment.
I wouldn't do that in this PR. Could consider moving it along with the entity-type check later
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Signed-off-by: Shaobo He <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes
Issue #, if available
Checklist for requesting a review
The change in this PR is (choose one, and delete the other options):
cedar-policy(e.g., addition of a new API).I confirm that this PR (choose one, and delete the other options):
I confirm that
cedar-spec(choose one, and delete the other options):cedar-spec, and how you have tested that your updates are correct.)I confirm that
docs.cedarpolicy.com(choose one, and delete the other options):cedar-docs. PRs should be targeted at astaging-X.Ybranch, notmain.)