Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Policy eval Attribute is Private #3

Open
tpaulus opened this issue Mar 8, 2024 · 1 comment
Open

Policy eval Attribute is Private #3

tpaulus opened this issue Mar 8, 2024 · 1 comment

Comments

@tpaulus
Copy link

tpaulus commented Mar 8, 2024

In order to enforce constraint policies, a policy needs to be "inverted" from a Permit When, to a Forbid Unless. This is currently not possible with policy ast in cedar-go, as the policy evaluation condition in cedar.Policy is private. This also cannot be done at Parse time, as the evaler of a Policy cannot instantiated outside of the cedar module.

Ideally, the conditions (when or unless) are exposed as attributes of a cedar.Policy to enable simple policy mutations without needing to resort to string processing, which can be problematic.
@philhassey
Copy link
Collaborator

Right now the shape of our AST is not stable yet (which is why it is living inside the x/exp/parser parser package.)

Once we have a stabilized AST shape (likely when we work on supporting partial evaluation), we'll be able to expose the ability to change an AST and recompile it.

We'll leave this issue open and update it once we know more about the timeline for partial evaluation and a stable AST.

@caiorcferreira caiorcferreira mentioned this issue Jun 18, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@philhassey @tpaulus