Add source location to PrincipalConstraint, ActionConstraint and ResourceConstraint

[john-h-kastner-aws]

Category

Other

Describe the feature you'd like to request

We store source locations for Exprs, but not for TemplateBody, PrincipalConstraint, ActionConstraint, or ResourceConstraint. Adding source locations to these structs would allow us to include source locations in errors occurring in the policy scope or effecting a whole policy without a more specific location.

For example, the validator looks at scope constraints to for some specific errors. For example, we currently report this error:

  × policy set validation failed
  ╰─▶ validation error on policy `policy0`: unable to find an applicable action given the policy head constraints
  help: try replacing `==` with `in` in the principal clause

This error should be able to point to the principal clause, but we don't currently store that source location anywhere.

Describe alternatives you've considered

.

Additional context

.

Is this something that you'd be interested in working on?

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

[john-h-kastner-aws]

This was partially resolved by #808, which added source information to TemplateBody which is used to provide an imprecise source location for some validation errors that previous did not have one.

Some more work is needed to add source information to the individual scope constraints. Doing this will allow more precise errors messages in some cases.