Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

inconsistent JSON-based schema validation results for actions #1471

Open
3 tasks done
hakanson opened this issue Feb 13, 2025 · 1 comment
Open
3 tasks done

inconsistent JSON-based schema validation results for actions #1471

hakanson opened this issue Feb 13, 2025 · 1 comment
Labels
bug Something isn't working. This is as high priority issue. pending-triage The cedar maintainers haven't looked at this yet. Automicaly added to all new issues.

Comments

@hakanson
Copy link
Contributor

Before opening, please confirm:

Bug Category

Schemas and Validation

Describe the bug

Both the cedar cli evaluate command and cedar_policy_validator::ValidatorSchema have a regression compared to 3.x behavior when validating actions in a JSON-based schema

For the schema below, Cedar 3.x would validate with

undeclared action(s): {"Action::"test2"", "Action::"test1""}

but Cedar 4.x has one of these help messages for the SchemaError:

undeclared action: Action::"test1"

undeclared action: Action::"test2"

Expected behavior

Either return both errors with provide a consistent (deterministic) output

Reproduction steps

  1. Save the schema in the code snippet as actions.cedarschema.json
  2. Run cedar evaluate -s actions.cedarschema.json --schema-format json -l 'Test::"1"' -a 'Action::"doTests"' -r 'Test::"1"' true

Code Snippet

Cedar schema in JSON format

{
  "": {
    "entityTypes": {
      "Test": {}
    },
    "actions": {
      "doTests": {
        "memberOf": [{ "id": "test1" }, { "type": "Action", "id": "test2" }]
      }
    }
  }
}

Log output

CLI output from 4.3.2 compared with 3.4.1

$ cedar --version
cedar-policy-cli 4.3.2

$ cedar evaluate -s actions.cedarschema.json --schema-format json -l 'Test::"1"' -a 'Action::"doTests"' -r 'Test::"1"' true

  × failed to parse schema from file actions.cedarschema.json
  ╰─▶ undeclared action: Action::"test2"
  help: any actions appearing as parents need to be declared as actions

$ cedar evaluate -s actions.cedarschema.json --schema-format json -l 'Test::"1"' -a 'Action::"doTests"' -r 'Test::"1"' true

  × failed to parse schema from file actions.cedarschema.json
  ╰─▶ undeclared action: Action::"test1"
  help: any actions appearing as parents need to be declared as actions

$ cedar --version
cedar-policy-cli 3.4.1

$ cedar evaluate -s actions.cedarschema.json --schema-format json -l 'Test::"1"' -a 'Action::"doTests"' -r 'Test::"1"' true

  × failed to parse schema from file actions.cedarschema.json
  ╰─▶ undeclared action(s): {"Action::\"test2\"", "Action::\"test1\""}

Additional configuration

No response

Operating System

MacOS

Additional information and screenshots

No response
@hakanson hakanson added bug Something isn't working. This is as high priority issue. pending-triage The cedar maintainers haven't looked at this yet. Automicaly added to all new issues. labels Feb 13, 2025
@B-Lorentz
Copy link
Contributor

Working on this

B-Lorentz added a commit to B-Lorentz/cedar that referenced this issue Feb 15, 2025
@B-Lorentz
Add unit test reproducing cedar-policy#1471
3702310 
Signed-off-by: Lőrinc Bódy <lorinc.body@devrev.ai>
@B-Lorentz B-Lorentz mentioned this issue Feb 15, 2025
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working. This is as high priority issue. pending-triage The cedar maintainers haven't looked at this yet. Automicaly added to all new issues.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hakanson @B-Lorentz