-
Notifications
You must be signed in to change notification settings - Fork 119
docs(jans-cedarling): shorten conditional #10812
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like you don't need to remove attribute has
because it can cause error in evaluating this rule
docs/cedarling/cedarling-krakend.md
Outdated
) | ||
when { | ||
((principal has "access_token") && ((principal["access_token"]) has "scope")) && (((principal["access_token"])["scope"]).contains("profile")) | ||
((principal["access_token"])["scope"]).contains("profile") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You must check for presence of nested, optional attributes one layer at a time. For example, to check for the presence of principal.custom.project where both custom and project are optional, you must first check if principal has a custom attribute and then check that it principal.custom has a project attribute:
https://docs.cedarpolicy.com/policies/syntax-operators.html#operator-has
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't agree to make the rule shorten, but approve if Michael agree
Let's consider ergonomic syntax... is your policy more readible? Is it much faster? If so, how much? If it's not more readible, or faster, what is the advantage? Please don't just say "I don't like it"--give me a reason please. |
|
Ok, I'm going to post this to the Cedar slack. It seems like we're sacrificing ergonomic syntax. |
According to cedar developers, the ergonomic way to do this is to use dot notation instead of square bracket syntax. By using the extended RHS syntax of the
On cedar-policy-cli 4.3.1:
|
Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com>
Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks better!
Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com>
Prepare
Description
Target issue
closes #10810
Implementation Details
Test and Document the changes
N/A
Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with
docs:
to indicate documentation changes or if the below checklist is not selected.