Simple policy slicing

[shaobo-he-aws]

Description of changes

Issue #, if available

Checklist for requesting a review

The change in this PR is (choose one, and delete the other options):

• A change (breaking or otherwise) that only impacts unreleased or experimental code.

I confirm that this PR (choose one, and delete the other options):

• Updates the "Unreleased" section of the CHANGELOG with a description of my change (required for major/minor version bumps).

I confirm that cedar-spec (choose one, and delete the other options):

• Does not require updates because my change does not impact the Cedar formal model or DRT infrastructure.

[michelbieleveld]

Hi looking forward to seeing this merged somewhere in the future. Was wondering if you have considered and perhaps benchmarked the unrolling of the actions and building a key <p,a,r> mapped to the <p,r> key. It will likely cost a bit more memory, but the slicer would no longer select and evaluate policies that do not match the action. Although likely the evaluation is already fast in memory.

[shaobo-he-aws]

Hi looking forward to seeing this merged somewhere in the future. Was wondering if you have considered and perhaps benchmarked the unrolling of the actions and building a key <p,a,r> mapped to the <p,r> key. It will likely cost a bit more memory, but the slicer would no longer select and evaluate policies that do not match the action. Although likely the evaluation is already fast in memory.

@michelbieleveld thanks for your interest in this feature. After discussion, we concluded that this feature may not buy you much performance improvement if your policy set already fits into memory. Could you please share more info about why you want this feature?