v3.1.0
·
25 commits
to release/3.1.x
since this release
Release 3.1.0, available on crates.io
Added
- Implementation of the human-readable schema format proposed in
RFC 24.
New public APIsSchemaFragment::from_*_natural,
SchemaFragment::as_natural, andSchema::from_*_natural(#557) PolicyId::new()(#587, resolving #551)EntityId::new()(#583, resolving #553)AsRef<str>implementation forPolicyId(#504, resolving #503)Policy::template_links()to retrieve the linked values for a
template-linked policy (#515, resolving #489)AuthorizationError::id()to get the id of the policy associated with an
authorization error (#589)- For the
partial-evalexperimental feature: added
Authorizer::evaluate_policies_partial()(#593, resolving #474) - For the
partial-evalexperimental feature: added
json_is_authorized_partial()(#571, resolving #570)
Changed
- Better integration with
miettefor various error types. If you have
previously been just using theDisplaytrait to get the error message from a
Cedar error type, you may want to consider also examining other data provided
by themiette::Diagnostictrait, for instance.help().
Alternately, you can usemietteand itsfancyfeature to format the error
and all associated information in a pretty human-readable format or as JSON.
For more details, seemiette's
documentation. (#477) - Cedar reserved words like
if,has, andtrueare now allowed as policy
annotation keys. (#634, resolving #623) - Add hints suggesting how to fix some type errors. (#513)
- The
ValidationResultreturned fromValidator::validatenow has a static
lifetime, allowing it to be used in more contexts. The lifetime parameter
will be removed in a future major version. (#512) - Improve parse error around invalid
isexpressions. (#491, resolving #409) - Improve parse error message when a policy includes an invalid template slot.
The error now identifies that the policy used an invalid slot and suggests using
one of the valid slots. (#487, resolving #451) - Improve parse error messages to more reliably notice that a function or
method does exist when it is called with an incorrect number of arguments or
using the wrong call style. (#482) - Include source spans on more parse error messages. (#471, resolving #465)
- Include source spans on more evaluation error messages. (#582)
- Changed error message on
SchemaError::UndeclaredCommonTypesto report
fully qualified type names. (#652, resolving #580) - For the
partial-evalexperimental feature: make the return values of
RequestBuilder'sprincipal,action,resource,contextand
schemafunctions#[must_use]. (#502) - For the
partial-evalexperimental feature: makeRequestBuilder::schema
return aRequestBuilder<&Schema>so theRequestBuilder<&Schema>::build
method checks the request against the schema provided and the
RequestBuilder<UnsetSchema>::buildmethod becomes infallible. (#591,
resolving #559) - For the
permissive-validateexperimental feature:X in []is typedFalse
for allX, including unspecifiedX. (#615)
Fixed
- Action entities in the store will pass schema-based validation without requiring
the transitive closure to be pre-computed. (#581, resolving #285) - Variables qualified by a namespace with a single element are correctly
rejected. E.g.,foo::principalis an error and is not parsed as
principal. Variables qualified by a namespace of any size comprised entirely
of Cedar keywords are correctly rejected. E.g.,if::then::else::principalis
an error. (#594 and #597) - The entity type tested for by an
isexpression may be an identifier shared
with a builtin variable. E.g.,... is principaland... is actionare now
accepted by the Cedar parser. (#595, resolving #558) - Policies containing the literal
i64::MINcan now be properly converted to
the JSON policy format. (#601, resolving #596) Policy::to_jsondoes not error on policies containing special identifiers
such asprincipal,then, andtrue. (#628, resolving #604)Template::from_jsonerrors when there are slots in template conditions.
(#626, resolving #606)
Full Changelog: v3.0.1...v3.1.0