All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
ValidationResult
methodsvalidation_errors
andvalidation_warnings
, along withconfusable_string_checker
, now return iterators with static lifetimes instead of custom lifetimes, fixing build for latest nightly Rust. (#712)- Validation for the
in
operator to no longer reports an error when comparing actions in different namespaces. (#704, resolving #642)
3.1.0 - 2024-03-08
Cedar Language Version: 3.1.0
- Implementation of the human-readable schema format proposed in
RFC 24.
New public APIs
SchemaFragment::from_*_natural
,SchemaFragment::as_natural
, andSchema::from_*_natural
(#557) PolicyId::new()
(#587, resolving #551)EntityId::new()
(#583, resolving #553)AsRef<str>
implementation forPolicyId
(#504, resolving #503)Policy::template_links()
to retrieve the linked values for a template-linked policy (#515, resolving #489)AuthorizationError::id()
to get the id of the policy associated with an authorization error (#589)- For the
partial-eval
experimental feature: addedAuthorizer::evaluate_policies_partial()
(#593, resolving #474) - For the
partial-eval
experimental feature: addedjson_is_authorized_partial()
(#571, resolving #570)
- Better integration with
miette
for various error types. If you have previously been just using theDisplay
trait to get the error message from a Cedar error type, you may want to consider also examining other data provided by themiette::Diagnostic
trait, for instance.help()
. Alternately, you can usemiette
and itsfancy
feature to format the error and all associated information in a pretty human-readable format or as JSON. For more details, seemiette
's documentation. (#477) - Cedar reserved words like
if
,has
, andtrue
are now allowed as policy annotation keys. (#634, resolving #623) - Add hints suggesting how to fix some type errors. (#513)
- The
ValidationResult
returned fromValidator::validate
now has a static lifetime, allowing it to be used in more contexts. The lifetime parameter will be removed in a future major version. (#512) - Improve parse error around invalid
is
expressions. (#491, resolving #409) - Improve parse error message when a policy includes an invalid template slot. The error now identifies that the policy used an invalid slot and suggests using one of the valid slots. (#487, resolving #451)
- Improve parse error messages to more reliably notice that a function or method does exist when it is called with an incorrect number of arguments or using the wrong call style. (#482)
- Include source spans on more parse error messages. (#471, resolving #465)
- Include source spans on more evaluation error messages. (#582)
- Changed error message on
SchemaError::UndeclaredCommonTypes
to report fully qualified type names. (#652, resolving #580) - For the
partial-eval
experimental feature: make the return values ofRequestBuilder
'sprincipal
,action
,resource
,context
andschema
functions#[must_use]
. (#502) - For the
partial-eval
experimental feature: makeRequestBuilder::schema
return aRequestBuilder<&Schema>
so theRequestBuilder<&Schema>::build
method checks the request against the schema provided and theRequestBuilder<UnsetSchema>::build
method becomes infallible. (#591, resolving #559) - For the
permissive-validate
experimental feature:X in []
is typedFalse
for allX
, including unspecifiedX
. (#615)
- Action entities in the store will pass schema-based validation without requiring the transitive closure to be pre-computed. (#581, resolving #285)
- Variables qualified by a namespace with a single element are correctly
rejected. E.g.,
foo::principal
is an error and is not parsed asprincipal
. Variables qualified by a namespace of any size comprised entirely of Cedar keywords are correctly rejected. E.g.,if::then::else::principal
is an error. (#594 and #597) - The entity type tested for by an
is
expression may be an identifier shared with a builtin variable. E.g.,... is principal
and... is action
are now accepted by the Cedar parser. (#595, resolving #558) - Policies containing the literal
i64::MIN
can now be properly converted to the JSON policy format. (#601, resolving #596) Policy::to_json
does not error on policies containing special identifiers such asprincipal
,then
, andtrue
. (#628, resolving #604)Template::from_json
errors when there are slots in template conditions. (#626, resolving #606)
3.0.1 - 2023-12-21
Cedar Language Version: 3.0.0
- Possible panic (when stack size limit reached) in
Context::empty()
(#524, fixed by #526)
3.0.0 - 2023-12-15
Cedar Language Version: 3.0.0
- The
is
operation as described in RFC 5. (#396) - Marked the
Template::from_json
andTemplate::to_json
apis as public (#458) - New APIs to
Entities
to make it easy to add a collection of entities to an existingEntities
structure. (#276) PolicySet::remove_static
,PolicySet::remove_template
andPolicySet::unlink
to remove policies from the policy set. (#337, resolving #328)PolicySet::get_linked_policies
to get the policies linked to aTemplate
. (#337)- Export the
cedar_policy_core::evaluator::{EvaluationError, EvaluationErrorKind}
andcedar_policy_core::authorizer::AuthorizationError
error types. (#260, #271) ParseError::primary_source_span
to get the primary source span locating an error. (#324)ValidationResult::validation_warnings
to access non-fatal warnings returned by the validator andValidationResult::validation_passed_without_warnings
. The main validation entry point now checks for warnings previously only available throughconfusable_string_checker
. (#404)Entity::new_no_attrs()
which provides an infallible constructor forEntity
in the case that there are no attributes. (See changes toEntity::new()
below.) (#430)RestrictedExpression::new_entity_uid()
(#442, resolving #350)- Experimental API
PolicySet::unknown_entities
to collect unknown entity UIDs from aPartialResponse
. (#353, resolving #321)
- Implement RFC 19, making validation slightly more strict, but more explainable. (#282)
- Implement RFC 20,
disallowing duplicate keys in record values (including record literals in
policies, request
context
, and records in entity attributes). (#375) Request::new()
now takes an optional schema argument, and validates the request against that schema. To signal validation errors, it now returns aResult
. (#393, resolving #191)Entities::from_*()
methods now automatically add action entities present in theschema
to the constructedEntities
, if aschema
is provided. (#360)Entities::from_*()
methods now validate the entities against theschema
, if aschema
is provided. (#360)Entities::from_entities()
andEntities::add_entities()
now take an optional schema argument. (#360)Diagnostics::errors()
now returns an iterator overAuthorizationError
s. (#260)Response::new()
now expects aVec<AuthorizationError>
as its third argument. (#260)- Change the semantics of equality for IP ranges. For example,
ip("192.168.0.1/24") == ip("192.168.0.3/24")
was previouslytrue
and is nowfalse
. The behavior of equality on single IP addresses is unchanged, and so is the behavior of.isInRange()
. (#348) - Standardize on duplicates being errors instead of last-write-wins in the
JSON-based APIs in the
frontend
module. This also means some error types have changed. (#365, #448) Entity::new()
now eagerly evaluates entity attributes, leading to performance improvements (particularly when entity data is reused across multipleis_authorized
calls). As a result, it returnsResult
, because attribute evaluation can fail. (#430)Entities::from_json_*()
also now eagerly evaluates entity attributes, and as a result returns errors when attribute evaluation fails. (#430)Entity::attr()
now returns errors in many fewer cases (because the attribute is stored in already-evaluated form), and its error type has changed. (#430)Context::from_*()
methods also now eagerly evaluate theContext
, and as a result return errors when evaluation fails. (#430)- Rename
cedar_policy_core::est::EstToAstError
tocedar_policy_core::est::FromJsonError
. (#197) - Rename
cedar_policy_core::entities::JsonDeserializationError::ExtensionsError
tocedar_policy_core::entities::JsonDeserializationError::ExtensionFunctionLookup
. (#360) - Rename variants in
SchemaError
. (#231) SchemaError
has a new variant corresponding to errors evaluating action attributes. (#430)- Improve schema parsing error messages when a cycle exists in the action hierarchy to includes an action which is part of the cycle (#436, resolving #416).
<EntityId as FromStr>::Error
is nowInfallible
instead ofParseErrors
. (#372)- Improve the
Display
impls forPolicy
andPolicySet
, and add aDisplay
impl forTemplate
. The displayed representations now more closely match the original input, whether the input was in string or JSON form. (#167, resolving #125) ValidationWarning::location
andValidationWarning::to_kind_and_location
now return&SourceLocation<'a>
instead of&'a PolicyID
, matchingValidationError::location
. (#405)ValidationWarningKind
is nownon_exhaustive
, allowing future warnings to be added without a breaking change. (#404)
- Evaluation order of operand to
>
and>=
. They now evaluate left to right, matching all other operators. This affects what error is reported when there is an evaluation error in both operands, but does not otherwise change the result of evaluation. (#402, resolving #112) - Updated
PolicySet::link
to not mutate internal state when failing to link a static policy. With this fix it is possible to create a link with a policy id after previously failing to create that link with the same id from a static policy. (#412) - Fixed schema-based parsing of entity data that includes unknowns (for the
partial-eval
experimental feature). (#419, resolving #418)
- Removed
__expr
escape from Cedar JSON formats, which has been deprecated since Cedar 1.2. (#333) - Move
ValidationMode::Permissive
behind an experimental feature flag. To continue using this feature you must enable thepermissive-validate
feature flag. (#428)
2.4.3 - 2023-12-21
Cedar Language Version: 2.1.3
- Reverted accidental breaking change to schema format introduced in the 2.3.2 release. Attribute types in schema files may now contain unexpected keys (as they could before 2.3.2). As a side effect, schema parsing error messages are less useful when an attribute type is missing a required key. The 2.4.2 behavior, including the more useful error messages, remain available in all 3.x versions of Cedar. (#520)
2.4.2 - 2023-10-23
Cedar Language Version: 2.1.2
- Issue #370 related to how the validator handles template-linked policies. The validator will now produce the same result for an equivalent static and template-linked policy. (#371, resolving #370)
2.4.1 - 2023-10-12
Cedar Language Version: 2.1.1
- Experimental API to construct queries with
Unknown
fields for partial evaluation.
- Improve validation error messages for access to undeclared attributes and unsafe access to optional attributes to report the target of the access. (#295)
EntityUid
's impl ofFromStr
is no longer marked as deprecated. (#319)
- Issue #299 related to how partial evaluation handled conditions of
if
, resulting in a panic on some inputs. Request::principal()
,Request::action()
, andRequest::resource()
will now returnNone
if the entities are unspecified (i.e., constructed by passingNone
toRequest::new()
). (#339)
2.4.0 - 2023-09-21
Cedar Language Version: 2.1.1
- New methods for
EntityTypeName
.basename
to get the basename (without namespaces).namespace_components
to get the namespace as an iterator over its components.namespace
to get the namespace as a single string.
- Some error types now carry more information about the error, with error
messages updated appropriately. For instance, the
RecordAttrDoesNotExist
error message now contains a list of attributes that do exist. - Improve error messages for some schema parsing errors.
- When an entity type shape or action context is declared with type other than
Record
, the error message will indicated the affected entity type or action.
- When an entity type shape or action context is declared with type other than
- Various other improvements to error messages and documentation for errors raised during policy parsing, validation, and evaluation.
- Increase precision for validating records. Previously,
permit(principal, action, resource) when {{"foo": 5} has bar};
would validate. Now it will not, since we know{"foo": 5} has bar
isFalse
, and the validator will return an error for a policy that can never fire.
- Uses of deprecated
__expr
escapes from integration tests.
2.3.3 - 2023-08-29
Cedar Language Version: 2.1.0
- Re-export
cedar_policy_core::entities::EntitiesError
.
- Improve error messages and documentation for some errors raised during policy parsing, validation, and evaluation.
- More precise "expected tokens" lists in some parse errors.
- Issue #150 related to implicit namespaces for actions in
memberOf
lists in schemas. An action without an explicit namespace in amemberOf
now correctly uses the default namespace. (#151)
2.3.2 - 2023-08-04
Cedar Language Version: 2.1.0
- Improve error messages for some validation errors
- Improve error messages for some schema parsing errors.
- Parsing a schema type without the
"type"
field will generate an error stating that"type"
is a required field instead of an inscrutable error complaining about the untagged enumSchemaType
. - Parsing a schema type with a
"type"
field corresponding to one of the builtin types but missing a required field for that type will generate an error stating that a required field is missing instead of claiming that it could not find "common types" definition for that builtin type.
- Parsing a schema type without the
- Issues #73 and #74 related to schema-based parsing.
- Detect entities with parents of an incorrect entity type.
- Detect entities with an undeclared entity type.
- Move public API for partial evaluation behind experimental feature flag. To
continue using this feature you must enable the
partial-eval
feature flag.
2.3.1 - 2023-07-20
Cedar Language Version: 2.1.0
- Panic in
PolicySet::link()
that could occur when the function was called with a policy id corresponding to a static policy. (#203)
2.3.0 - 2023-06-29
Cedar Language Version: 2.1.0
- Implement
RFC 9
which disallows embedded whitespace, comments, and control characters in the
inputs to several Rust API functions including
EntityTypeName::from_str()
andEntityNamespace::from_str()
, as well as in some fields of the Cedar JSON schema format (e.g., namespace declarations, entity type names), Cedar JSON entities format (e.g., entity type names, extension function names) and the Cedar JSON policy format used byPolicy::from_json()
(e.g., entity type names, extension function names). The risk that this may be a breaking change for some Cedar users was accepted due to the potential security ramifications; see discussion in the RFC.
Cedar Language Version: 2.0.0
Entities::write_to_json
function to api.rs.
Cedar Language Version: 2.0.0
Schema::action_entities
to provide access to action entities defined in a schema.
- Update
cedar-policy-core
dependency.
- Resolve warning in
Cargo.toml
due to having bothlicense
andlicense-file
metadata entries.
Cedar Language Version: 2.0.0
- Update
Cargo.toml
metadata to correctly represent this crate as Apache-2.0 licensed.
Cedar Language Version: 2.0.0
Cedar Language Version: 2.0.0
Cedar Language Version: 2.0.0
- Initial release of
cedar-policy
.