adds validateWithLevel API for CedarJava#327
Conversation
Signed-off-by: Mudit Chaudhary <chmudit@amazon.com>
Signed-off-by: Mudit Chaudhary <chmudit@amazon.com>
Signed-off-by: Mudit Chaudhary <chmudit@amazon.com>
Signed-off-by: Mudit Chaudhary <chmudit@amazon.com>
| serde_json::to_string(&ans) | ||
| } | ||
|
|
||
| pub fn validate_with_level(call: LevelValidationCall) -> ValidationAnswer { |
There was a problem hiding this comment.
This should/will belong in cedar_policy::ffi. See Note in the PR description.
| @SuppressFBWarnings | ||
| public LevelValidationRequest(Schema schema, PolicySet policies, long maxDerefLevel) { | ||
| if (schema == null) { | ||
| throw new NullPointerException("schema"); |
There was a problem hiding this comment.
Nit as an aside: Looks like this is how we do it in most places, but here it looks like we print it differently.
I wonder what our appetite for using something like Lombok to improve boilerplate like this and getters/setters is: https://projectlombok.org/features/NonNull
There was a problem hiding this comment.
Yeah, there is some inconsistency in the message. I followed the message that we use in ValidationRequest constructor.
Maybe we can do a Lombok "campaign" to avoid inconsistency across CedarJava before the release.
Signed-off-by: Mudit Chaudhary <chmudit@amazon.com>
ac1d5e3 to
2ca8306
Compare
CedarJava/src/main/java/com/cedarpolicy/AuthorizationEngine.java
Outdated
Show resolved
Hide resolved
CedarJava/src/main/java/com/cedarpolicy/model/LevelValidationRequest.java
Outdated
Show resolved
Hide resolved
| policy_id: error.policy_id().clone(), | ||
| error: miette::Report::new(error.clone()).into(), |
There was a problem hiding this comment.
note: once moved into cedar_policy crate these clones should be avoidable
Signed-off-by: Mudit Chaudhary <chmudit@amazon.com>
Overview
Introduces
validateWithLevelAPI in CedarJava, matching the functionality of Cedar Policy's validate_with_level (RFC 76).Changes
CedarJava Layer
validateWithLevelAPI with comprehensive test coverageAuthorizationEngineand responses asValidationResponseCedarJavaFFI Layer
validate_with_levelFFI method insrc/helpers.rs(Ideally should belong incedar_policy::ffi. See Note below)cedar_policy::ffifor consistencyvalidatecalls fromcedar_policy::ffiExample Usage
Note
The
validate_with_levelFFI implementation currently resides in CedarJavaFFI to facilitate inclusion of this feature in the CedarJava 4.4 release. This approach avoids waiting for the next minor version release ofcedar_policy(likely 4.6). A near future PR will move this functionality tocedar_policy::ffi. Oncevalidate_with_levelAPI is exposed throughcedar_policy::ffiwe can remove its implementation from CedarJavaFFI in a subsequent release.Next Steps
validate_with_leveltocedar_policy::ffi(I'll do it)If review scope is too large, this PR can be split into separate FFI and Java contributions