CLI command to convert between Human and JSON policy formats

[max2me]

Category

CLI features/changes

Describe the feature you'd like to request

CLI should let users convert policy to/from JSON.

Describe alternatives you've considered

Doing it in Rust, as it's done today.

Additional context

No response

Is this something that you'd be interested in working on?

• [ ] 👋 I may be able to implement this feature request
• [ ] ⚠️ This feature might incur a breaking change

[khieta]

Thanks for filing this issue @max2me! We agree that this would be useful, but it's not a priority for us right now. Marked as "good first issue" in case someone is interested in contributing! This should be a fairly small feature to add to cedar-policy-cli.

[cdisselkoen]

^ related to the name change above -- the CLI already accepts policies in JSON format everywhere it accepts policies in human format (except for the format command, because, obviously). so all that remains to "support JSON policy format in CLI" is to add a command to convert between human and JSON formats.

[memark]

Could you give me some pointers on how to do this?

For SchemaFragment there is as_json_string() and as_natural().

For PolicySet there is from_str() and from_json_str(). But I'm not sure how to convert TO json or human form?

[cdisselkoen]

To json: On main (not in any release as of this writing), there is a PolicySet::to_json(). To human: The Display trait for PolicySet is probably what should be used I think

[john-h-kastner-aws]

I looked at this a couple weeks ago and found that we don't have a public API for converting json policies to human. Display prints the lossless repr, which for a JSON policy is the JSON.

That extends the scope of this issue to adding a public to_human (maybe not the best name, see https://github.com/cedar-policy/cedar/issues/842) function to policies and policy sets before using that function to implement the CLI feature.

[memark]

Would it make sense to implement only the translation from human to json for now?

I'm not sure I'm well enough versed with the code to implement the missing to_human myself.

[john-h-kastner-aws]

Would it make sense to implement only the translation from human to json for now?

That would be enough to be useful for seeding the corpus in cedar-policy/cedar-spec#343, so yeah, I think it would make sense

[john-h-kastner-aws]

With #987 we can convert to JSON. As discussed above, we need to implement json-to-human before we can add it to the CLI.

[memark]

That would be enough to be useful for seeding the corpus in https://github.com/cedar-policy/cedar-spec/pull/343, so yeah, I think it would make sense

Given that the translation capability now exists, I'd love to take a look at using it for seeding the corpus, as mentioned above. Could you give me some pointers on what needs to be done in that repo?

[john-h-kastner-aws]

Fuzz target corpus are initialized here: https://github.com/cedar-policy/cedar-spec/blob/main/cedar-drt/initialize_corpus.sh

The change would just be to add another step into the convert-policy-json-to-cedar case to find all *.cedar files add *.cedar.json files to the corpus dir with the output of the CLI conversion.