-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FFI nits #837
FFI nits #837
Conversation
Signed-off-by: Kesha Hietala <[email protected]>
Signed-off-by: Kesha Hietala <[email protected]>
Signed-off-by: Kesha Hietala <[email protected]>
#[derive(Default, Eq, PartialEq, Copy, Clone, Debug, Serialize, Deserialize)] | ||
#[cfg_attr(feature = "wasm", derive(tsify::Tsify))] | ||
#[cfg_attr(feature = "wasm", tsify(into_wasm_abi, from_wasm_abi))] | ||
#[serde(rename_all = "camelCase")] | ||
#[non_exhaustive] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This makes the experimental modes visible in the ffi api where they weren't before. That probably a good thing, but worth thinking about whether that could go wrong.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This shouldn't break anything since the WASM code directly uses the Rust FFI definitions. It should just silently add support for the new validation modes if the cedar_policy
crate is compiled with the appropriate flags. What other complications were you thinking of?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think they should be visible in the FFI.
@@ -444,18 +446,18 @@ pub enum PartialAuthorizationAnswer { | |||
pub struct AuthorizationCall { | |||
/// The principal taking action | |||
#[cfg_attr(feature = "wasm", tsify(type = "string|{type: string, id: string}"))] | |||
principal: Option<JsonValueWithNoDuplicateKeys>, | |||
principal: Option<serde_json::Value>, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure I like this. We went through some effort previously to catch this duplicate key case, and I think that was the right thing to do.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My thinking was that we want the FFI to use simple types where possible, and users can decide how to handle duplicates when they construct the serde_json::Value
.
The other option is to move JsonValueWithNoDuplicateKeys
from core to the public API -- would you prefer that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IIRC, we decided downstream users should handle duplicates as they see fit. So in principle I'm fine with moving JsonValueWithNoDuplicateKeys
to the public API. I'm not sure this will help anyone using the FFI though because they'll still likely use an equivalent of serde_json::Value
on the other side of the interface.
Co-authored-by: Craig Disselkoen <[email protected]>
Returning to working on this PR! 😄 The latest commit re-exports the |
Slightly prefer |
Latest version standardizes on using |
Description of changes
A variety of small updates to the FFI to move us closer to completing #757. Downstream breaks expected.
policy_set
topolicies
for consistency with the authorization FFI.PolicyId
for policy ids instead ofSmolStr
.JsonValueWithNoDuplicateKeys
in the public FFI API.ValidationMode
andDecision
. This will impact the current serialization of decisions & will likely lead to downstream breaks.ValidationSettings
to match the proposal in Cedar FFI Overhaul #757. Also updated the logic so that the "enabled" flag is actually used for something.Issue #, if available
#757
Checklist for requesting a review
The change in this PR is (choose one, and delete the other options):
cedar-policy
(e.g., changes to the signature of an existing API).I confirm that this PR (choose one, and delete the other options):
I confirm that
cedar-spec
(choose one, and delete the other options):cedar-spec
, and how you have tested that your updates are correct.)Note: Also require updates to
cedar-java
andcedar-integration-tests
.