Closed kevinmichaelchen closed 1 year ago
kevinmichaelchen
commented
1 year ago Perhaps an alternative approach is to use JSON.
All Cedar policies can compile down to JSON.
Cedar Core supports External Syntax Trees (ESTs) for Templates and for Policies. Their CLI doesn't support converting policies to JSON, but if it did, I could see that as being useful to Cedar Agent.
omer9564
commented
1 year ago Hey @kevinmichaelchen , the content in the json object for policy in cedar-agent is simply the cedar policy string. For example the following cedar policy
permit (
principal == User::"12UA45",
action == Action::"view",
resource in Folder::"abc"
) when {
context.tls_version == "1.3"
};will be
{
"id":"random_id",
"content":"permit (\nprincipal == User::\"12UA45\",\naction == Action::\"view\",\nresource in Folder::\"abc\"\n) when {\ncontext.tls_version == \"1.3\"\n};"
}As you can see it is simply wrapping it as a string ( and escaping double quotes ). We didn't use the "compiled json" because this crate intend to wrap the cedar crate and use the most simple interface.
Imagine you store your policy in a git repo, you would want to store the simple policy representation in the repo and not the compiled one.
Hope it answers your question 😄
kevinmichaelchen
commented
1 year ago Yeah, that makes sense. The AST doesn't exactly improve any ergonomics now that I think about it.
I did discover Rocket supports file uploads.
I guess doing it in Bash is kinda ugly, but I got it working 😅
Thanks for responding - I can close this 👍🏼
Hey, this is a wonderful library.
I actually just packaged it up into @teaxyz's ecosystem.
One thing I'm wondering is if there's a recommended workflow for formatting/stringifying real
.cedarfiles into something resemblingpolicies.json?(I can probably hack together some convoluted bash script, but I'm wondering if there's a known CLI or a better way).
(I'm also iterating on a real-life example here: https://github.com/kevinmichaelchen/cedar-learning/tree/main/examples/policies)