-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Resolve types at fragment-combine time #1060
Conversation
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Partial review for now since I'll be OOTO tomorrow
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com> Co-authored-by: John Kastner <130772734+john-h-kastner-aws@users.noreply.github.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Just pushed a major overhaul involving merging in |
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Signed-off-by: Craig Disselkoen <cdiss@amazon.com>
Description of changes
Large change to typename resolution during schema construction.
Previously, typenames were always implicitly qualified with the current namespace. This applied to both typenames being defined, and typenames being referenced. Unfortunately, this prevented users from writing an unqualified typename
Foo
to refer to a definitionFoo
that appears in the empty namespace: the appearance of an unqualified typenameFoo
was assumed to refer toNS::Foo
instead (if the current namespace wasNS
), even if there was noFoo
defined inNS
, causing an error. This is #579.Now, an unqualified typename reference
Foo
may resolve to eitherNS::Foo
or empty-namespaceFoo
(assumingNS
is the current namespace), depending on which of these are defined, withNS::Foo
taking priority. Importantly, this means we cannot resolve the unqualified typename referenceFoo
until all fragments have been combined together, because eitherNS::Foo
or empty-namespaceFoo
could be defined in a different fragment.To support this, this PR introduces a new type
ConditionalName
representing a name that could resolve to any of a list of candidate fully-qualified names, in a priority order, depending on which of them exist at fragment-combine time. Full typename resolution is deferred until fragment-combine time, at which point theConditionalName
s are all resolved into fully-qualifiedName
s.Relatedly, human-syntax processing code currently (before this PR) has its own typename-resolution algorithm, for determining when an unqualified typename refers to an entity type, a common type, a primitive type, or an extension type. For entity and common types, it only considers types defined in the current namespace, not the empty namespace, so this equally suffers from #579. However, now (in this PR) this processing also cannot be done until all fragments have been combined together, because either entity or common types in either the current or empty namespace could be defined in other fragments, and the presence of those definitions could change how the typename resolves.
This PR removes the typename-resolution code that previously applied only to the human-syntax processing. Instead, both human-syntax and JSON-syntax schemas rely on the same typename resolution algorithm, which runs at fragment-combine time. This increases consistency between the two formats and hopefully avoids a class of bugs that could appear in the future if resolution were handled differently in the two formats.
Another consequence of unifying the typename-resolution algorithms used by the human syntax and JSON syntax is that
__cedar::String
,__cedar::ipaddr
, etc become valid aliases forString
,ipaddr
, etc (respectively) in the JSON syntax. (Previously, these were only valid aliases in the human syntax; they are not needed for expressiveness in the JSON syntax.). Consequently, this PR also lifts the restriction on defining common types namedLong
,String
, etc in the JSON syntax (before this PR, those were errors). (so now, after this PR, the__cedar::
aliases may actually be needed in the JSON syntax for any JSON schema that uses the newfound capability to define a common type likeLong
orString
.) I see no problem with any of the changes described in this paragraph, and they're all backward-compatible, but I'm calling these changes out for awareness and in case reviewers have other opinions.Another change in this PR worth calling out, is that in the new typename resolution code, the
__cedar
namespace is significantly less special: at fragment-combine time, we simply add a completely normal schema fragment containing the definitions in the__cedar
namespace. We also add aliases (completely normal common-type definitions) to the empty namespace that mapBool
to__cedar::Bool
, etc, but not overriding any user definition ofBool
etc in the empty namespace (in that case, they will need to use the__cedar
prefix to reference the primitive typeBool
). This seems like a much better organization to me, with typename resolution not needing to special-case primitive/extension types or the__cedar
namespace nearly as much.This PR includes a large number of tests, outlined in the comments on the new
test_579
module (and inspired by the discussion on #579). As of this writing, the PR contains only tests in groups A, B, and C. I believe the current code will fail tests in some of the other categories -- for instance, referring to an empty-namespace entity type in an entity parent list.I recommend reviewing the files in this PR in a different order than GitHub displays them: start with the changes to
raw_name.rs
(the definitions ofRawName
andConditionalName
) andschema.rs
(which contains the code for combining fragments into aValidatorSchema
). Then the other changes may make more sense in context.Issue #, if available
Fixes #579 and fixes #711
Checklist for requesting a review
The change in this PR is (choose one, and delete the other options):
cedar-policy
.I confirm that this PR (choose one, and delete the other options):
I confirm that
cedar-spec
(choose one, and delete the other options):cedar-spec
, and how you have tested that your updates are correct.)