search

cedar-policy / cedar

Implementation of the Cedar Policy Language
https://www.cedarpolicy.com
Apache License 2.0
899 stars 80 forks source link

Formatter for schemas #682

Open khieta opened 9 months ago

khieta commented 9 months ago

Category

Other

Describe the feature you'd like to request

The current Display trait for Cedar schemas sometimes produces ugly output (see example below). I think we should build a formatter for schemas, akin to the formatter we have for policies.

Some ideas for improving:

Example

Here is the CLI output of converting the this JSON schema to the new syntax:

entity AccountGroup;
entity Administrator;
entity Video in [Account, Album];
entity UserGroup;
entity User in [UserGroup];
entity Photo in [Account, Album];
entity Album in [Account, Album];
entity Account;
action "listPhotos" appliesTo {
  principal: [User],
  resource: [Album],
  context: {"authenticated": __cedar::Bool, "confidence_score": __cedar::decimal, "source_ip": __cedar::ipaddr}
};
action "view" appliesTo {
  principal: [User, Administrator],
  resource: [Photo, Video],
  context: {"authenticated": __cedar::Bool, "confidence_score": __cedar::decimal, "source_ip": __cedar::ipaddr}
};
action "comment" appliesTo {
  principal: [User],
  resource: [Photo],
  context: {"authenticated": __cedar::Bool, "confidence_score": __cedar::decimal, "source_ip": __cedar::ipaddr}
};
action "edit" appliesTo {
  principal: [User],
  resource: [Photo],
  context: {"authenticated": __cedar::Bool, "confidence_score": __cedar::decimal, "source_ip": __cedar::ipaddr}
};
action "delete" appliesTo {
  principal: [User],
  resource: [Photo],
  context: {"authenticated": __cedar::Bool, "confidence_score": __cedar::decimal, "source_ip": __cedar::ipaddr}
};
action "listAlbums" appliesTo {
  principal: [User],
  resource: [Account],
  context: {"authenticated": __cedar::Bool, "confidence_score": __cedar::decimal, "source_ip": __cedar::ipaddr}
};
action "addPhoto" appliesTo {
  principal: [User],
  resource: [Album],
  context: {"authenticated": __cedar::Bool, "confidence_score": __cedar::decimal, "source_ip": __cedar::ipaddr}
};

Here is the (manually) prettified form:

entity Account, AccountGroup, Administrator, UserGroup;
entity Album, Photo, Video in [Account, Album];
entity User in [UserGroup];

action addPhoto, listPhotos appliesTo {
    principal: [User], 
    resource: [Album], 
    context: {
        authenticated: Bool,
        confidence_score: decimal,
        source_ip: ipaddr,
    }
};
action comment, delete, edit appliesTo {
    principal: [User], 
    resource: [Photo], 
    context: {
        authenticated: Bool,
        confidence_score: decimal,
        source_ip: ipaddr,
    }
};
action listAlbums appliesTo {
    principal: [User], 
    resource: [Account], 
    context: {
        authenticated: Bool,
        confidence_score: decimal,
        source_ip: ipaddr,
    }
};
action view appliesTo {
    principal: [User, Administrator], 
    resource: [Photo, Video], 
    context: {
        authenticated: Bool,
        confidence_score: decimal,
        source_ip: ipaddr,
    }
};

Describe alternatives you've considered

No response

Additional context

No response

Is this something that you'd be interested in working on?

shaobo-he-aws commented 9 months ago

I think we want a formatter like the Cedar policy formatter. That being said, I think there is a lot of room for improvement.

khieta commented 7 months ago

Removed the "papercut" label since the easy issues were addressed by #780 (and the issue text has been updated to reflect this). Remaining issues are best addressed by a standalone formatter, rather than the Display trait.

hakanson commented 7 months ago

An item that #780 missed relates to multiple namespaces

namespace NS2 {
}namespace NS1 {
}

was generated from

{
  "NS1": {
    "entityTypes": {},
    "actions": {}
  },
  "NS2": {
    "entityTypes": {},
    "actions": {}
  }
}
khieta commented 3 months ago

Thanks for pointing that out @hakanson (and sorry for the delayed reply!!) I added this fix to #1160, which will be released as part of 4.0.