You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some policies parse in JSON format, but converting them to the Cedar format results in policies that fail to parse. Additional validation should be done when parsing JSON, or at least when converting JSON policies to Cedar policy.
extend the 'has' relation in EST and JSON policy format #2154 introduces the extended has operator in the JSON format. However, in Cedar format, the attributes in the extended form must be identifiers. This is not validated in the JSON format, and therefore can result in Cedar like e has attr."not identifier".attr2. This problem is currently mitigated by the fact that the conversion desugars, and therefore this is not an issue in the CLI's conversion tools.
Describe alternatives you've considered
No response
Additional context
No response
Is this something that you'd be interested in working on?
👋 I may be able to implement this internal improvement
Describe the improvement you'd like to request
Some policies parse in JSON format, but converting them to the Cedar format results in policies that fail to parse. Additional validation should be done when parsing JSON, or at least when converting JSON policies to Cedar policy.
There are two examples of this for Policies:
hasoperator in the JSON format. However, in Cedar format, the attributes in the extended form must be identifiers. This is not validated in the JSON format, and therefore can result in Cedar likee has attr."not identifier".attr2. This problem is currently mitigated by the fact that the conversion desugars, and therefore this is not an issue in the CLI's conversion tools.Describe alternatives you've considered
No response
Additional context
No response
Is this something that you'd be interested in working on?