Comments (1)
john-h-kastner-aws
commented on August 11, 2024
1
Thanks for submitting this request! I've tagged this requires-RFC because it would be a substantial change to the language which we wouldn't make without careful planning.
I think you're actually asking for a restricted version of the macro mechanism proposed in cedar-policy/rfcs#61. We're not actively considering that proposal at the moment, but we haven't rejected it completely either. Definitely restart discussion there if that proposal sounds useful. You could also write a fresh RFC proposing a more limited version of macros that work for you, potential avoiding some of the thornier issues identified in general macros.
Depending on your exact use case, we might be able to suggest a nicer alternative. In your example, the uuid appears in the principal constraint. If it only occurs there (or in the resource constraint), then you may be able to use policy templates as a safe alternative to find-and-replace. E.g., given a template permit(principal in ?principal, ...); the Cedar sdk provides a method to construct a template-linked-policy by replacing ?principal with a particular entity uid. If templates don't quite meet your needs, you could restart discussion on some extension to templates we previously considered but decided not to accept: templates groups, and template slots in policy conditions.
from cedar.
Related Issues (20)
- Validator should error on JSON schema containing unused, undeclared common type of type `Entity`
- Reserve `Set`, `Record`, `Entity`, `Extension` in schemas
- Additional APIs for manipulating schemas HOT 1
- Carry source info through schema structures HOT 1
- Generate schema warnings later in the process
- Allow reopening a namespace in human-syntax schemas
- Improve parse errors on parenthized "special" expressions
- Improve error message when forgetting `name` field of `Entity` or `EntityOrCommon` in schema JSON syntax
- Clarify `Template` vs. `Policy`
- `unknown` extension function is allowed without enabling `partial-evaluation` feature
- Implement RFC 68: Entity Attribute Maps
- Implement RFC 70: Disallow shadowing definitions in the empty namespace
- Make `Policy` and `Template` APIs consistent wrt annotations
- Some authorization errors do not have source locations attached
- Lossless schema fragments aren't lossless
- Add API to list entity literals in a policy
- API to substitute all occurences of an expr with another expr
- Add help messages for errors related to the Cedar schemas
- Various Schema APIs
- More restrictions on type shadowing / collisions
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cedar.