-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cedar Schema Annotations #48
Changes from 1 commit
979278e
6a93700
4c4d61a
632931f
06dad75
f124024
53180e2
8ddb486
f6da7c1
6b5f4ea
b1fbe74
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,8 @@ | ||
# Annotations for Cedar Schemas | ||
# Annotations for Cedar Schemas | ||
|
||
## Related issues and PRs | ||
|
||
- Reference Issues: | ||
- Reference Issues: | ||
- Implementation PR(s): https://github.com/cedar-policy/cedar/tree/feature/shaobo/rfc48 | ||
|
||
## Timeline | ||
|
@@ -24,6 +24,7 @@ Here is a basic example for doc comments. | |
namespace TinyTodo { | ||
@doc("a common type representing a task") | ||
type Task = { | ||
@doc("task id") | ||
"id": Long, | ||
"name": String, | ||
"state": String, | ||
|
@@ -32,7 +33,7 @@ namespace TinyTodo { | |
type Tasks = Set<Task>; | ||
|
||
@doc("an entity type representing a list") | ||
@doc("any entity type is a child of type `Application`") | ||
@docComment("any entity type is a child of type `Application`") | ||
entity List in [Application] = { | ||
@doc("editors of a list") | ||
"editors": Team, | ||
|
@@ -56,15 +57,15 @@ The `@id("...")` notation is similar to the notation used for policy annotations | |
|
||
Users should be allowed to associate machine readable metadata with objects in a Schema. | ||
While we could create special syntax for associating particular kinds of metadata, we cannot | ||
predict all of the metadata uses that users will have. | ||
predict all of the metadata uses that users will have. | ||
Thus providing a flexible system that users can adapt to their needs is preferable. | ||
This proposal re-uses the same syntax from Cedar Policies, creating a unified syntax. | ||
|
||
|
||
## Detailed design | ||
|
||
### Semantics | ||
Attributes have **no** impact on validation decisions. | ||
Attributes have **no** impact on validation decisions. | ||
Attributes are arbitrary key/value pairs where: | ||
* 'key' is a valid Cedar identifier | ||
* 'value' is a Cedar string | ||
|
@@ -75,7 +76,7 @@ The interpretation is entirely up to users of Cedar. | |
|
||
### Cedar Schema Syntax | ||
Attributes in Cedar Schemas will mirror the syntax used for attributes in a policy: informally that's `@<key>("value")`. | ||
Formally the following rule is added to the Cedar grammar: | ||
Formally the following rule is added to the Cedar grammar: | ||
``` | ||
Annotation := '@' IDENT '(' STR ')' | ||
Annotations := {Annotations} | ||
|
@@ -122,6 +123,92 @@ The same fact also applies to entity attribute declarations. | |
This proposal reserves the `annotations` key at the top level of each of those constructs, which contains an Object, containing each annotation key as an Object key, associated with the annotation string. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Maybe we could use There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Maybe we can also use reserved |
||
The only oddness here is Common Types, whose toplevel is a regular type. While this should still be backwards compatible, it will look a little odd to have annotations in some types and not in others. | ||
|
||
A corresponding JSON schema for the above example is as follows. | ||
```JSON | ||
{ | ||
"": { | ||
"annotations": { | ||
"doc": "this is the namespace" | ||
}, | ||
"commonTypes": { | ||
"Task": { | ||
"annotations": { | ||
shaobo-he-aws marked this conversation as resolved.
Show resolved
Hide resolved
|
||
"doc": "a common type representing a task" | ||
}, | ||
"type": "Record", | ||
"attributes": { | ||
"id": { | ||
"type": "Long", | ||
"annotations": { | ||
"doc": "task id" | ||
}, | ||
}, | ||
"name": { | ||
"type": "String" | ||
}, | ||
"state": { | ||
"type": "String" | ||
} | ||
} | ||
}, | ||
"Tasks": { | ||
"type": "Set", | ||
"element": { | ||
"type": "Task" | ||
} | ||
} | ||
}, | ||
"entityTypes": { | ||
"Application": {}, | ||
"List": { | ||
"annotations": { | ||
"doc": "an entity type representing a list", | ||
"docComment": "any entity type is a child of type `Application`" | ||
}, | ||
"memberOfTypes": [ | ||
"Application" | ||
], | ||
"shape": { | ||
"type": "Record", | ||
"attributes": { | ||
"editors": { | ||
"type": "Team" | ||
}, | ||
"name": { | ||
"type": "String" | ||
}, | ||
"owner": { | ||
"type": "User" | ||
}, | ||
"readers": { | ||
"type": "Team" | ||
}, | ||
"tasks": { | ||
"type": "Tasks" | ||
} | ||
} | ||
} | ||
} | ||
}, | ||
"actions": { | ||
"CreateList": { | ||
"annotations": { | ||
"doc": "actions that a user can operate on a list" | ||
}, | ||
"appliesTo": { | ||
"resourceTypes": [ | ||
"Application" | ||
], | ||
"principalTypes": [ | ||
"User" | ||
] | ||
} | ||
} | ||
} | ||
} | ||
} | ||
``` | ||
|
||
## Drawbacks | ||
|
||
1. Complexity: adds more complexity to schema | ||
|
@@ -133,7 +220,7 @@ The only oddness here is Common Types, whose toplevel is a regular type. While t | |
|
||
### Take a stance | ||
Reverse our decision around annotations and start taking stances on what annotations mean. | ||
aaronjeline marked this conversation as resolved.
Show resolved
Hide resolved
|
||
This lets us standardize certain annotations, like `doc`. | ||
This lets us standardize certain annotations, like `doc`. | ||
This probably can't happen unless we also do this for policies, which we've said we don't want to do. | ||
### Doc Strings as comments | ||
Instead of annotations, we could add "doc-strings" as a first class feature. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch. Will update it.