v3.2.1

Release 3.2.1, available on crates.io

Fixed

• Fixed policy formatter dropping newlines in string literals. (#870, #910, resolving #862)
• Fixed a performance issue when constructing an error for accessing
  a non-existent attribute on sufficiently large records (#887, resolving #754)
• Fixed identifier parsing in human-readable schemas (#914, resolving #913)
• Fixed the typescript generated type for ffi::AuthorizationCall to remove
  unsupported string option (#939)
• Fixed Wasm build script to be multi-target in JS ecosystem (#933)

v2.4.7

Release v2.4.7, available on crates.io.

Fixed

• Fixed policy formatter reordering some comments around if-then-else and
  entity identifier expressions. (#861, resolving #787)
• Fixed policy formatter dropping newlines in string literals. (#870, #910, resolving #862)

v3.2.0

Release 3.2.0, available on crates.io

Added

• Expression::new_ip, Expression::new_decimal, RestrictedExpression::new_ip,
  and RestrictedExpression::new_decimal (#661, resolving #659)
• Entities::into_iter (#713, resolving #680)
• Entity::into_inner (#685, resolving #636)
• New ffi module with an improved FFI interface. This will replace the
  frontend module in the 4.0 release, but is available now for early adopters;
  the frontend module is now deprecated.
  This should be considered a preview-release of ffi; more API breaking
  changes are anticipated for Cedar 4.0. (#852)
• wasm Cargo feature for targeting Wasm (and the cedar-wasm crate was added
  to this repo).
  This should be considered a preview-release of cedar-wasm; more API
  breaking changes are anticipated for Cedar 4.0. (#858)

Changed

• Common type definitions in both human-readable and JSON schemas may now
  reference other common type definitions. There may not be any cycles formed by
  these references. (#766, resolving #154)
• Improved validation error messages when incompatible types appear in
  if, ==, contains, containsAll, and containsAny expressions. (#809, resolving #346)
• Deprecated error TypeErrorKind::ImpossiblePolicy in favor of warning
  ValidationWarningKind::ImpossiblePolicy so future improvements to Cedar
  typing precision will not result in breaking changes. (#716, resolving #539)
• Rework API for the partial-eval experimental feature (#714, #817, #838).
• Validation errors for unknown entity types and action entities now
  report the precise source location where the unknown type was encountered.
  Error for invalid use of an action now includes a source location containing
  the offending policy. (#802, #808, resolving #522)
• Deprecated the frontend module in favor of the new ffi module. The
  frontend module will be removed from cedar-policy in the next major version.
  See notes above about ffi. (#852)
• Deprecated the integration testing harness code. It will be removed from the
  cedar-policy crate in the next major version. (#707)

Fixed

• Validation error message for an invalid attribute access now reports the
  correct attribute and entity type when accessing an optional attribute that is
  itself an entity. (#811)
• The error message returned when parsing an invalid action scope constraint
  action == ?action no longer suggests that action == [...] would be a
  valid scope constraint. (#818, resolving #563)
• Fixed policy formatter reordering some comments around if-then-else and
  entity identifier expressions. (#861, resolving #787)

Full Changelog: v3.1.4...v3.2.0

v3.1.4

Release 3.1.4, available on crates.io

Fixed

• The formatter will now fail with an error if it changes a policy's semantics. (#865)

Full Changelog: v3.1.3...v3.1.4

v2.4.6

Release 2.4.6, available on crates.io

Fixed

• The formatter will now fail with an error if it changes a policy's semantics. (#865)

Full Changelog: v2.4.5...v2.4.6

v3.1.3

Release 3.1.3, available on crates.io

Changed

• Improve parser errors on unexpected tokens. (#698, partially resolving #176)
• Validation error messages render types in the new, more readable, schema
  syntax. (#708, resolving #242)
• Improved error messages when null occurs in entity json data. (#751,
  resolving #530)
• Improved source location reporting for error found template slot in a when clause.
  (#758, resolving #736)
• Improved Display implementation for Cedar schemas, both JSON and human
  syntax. (#780)
• The CLI translate-schema command now produces prettier output.

Fixed

• Support identifiers in context declarations in the human-readable schema
  format. (#734, resolving #681)

Full Changelog: v3.1.2...v3.1.3

v2.4.5

Changed

• Implement RFC 57: policies can now include multiplication of arbitrary expressions, not just multiplication of an expression and a constant.

Full Changelog: v2.4.4...v2.4.5

v3.1.2

Changed

• Implement RFC 57: policies can now include multiplication of arbitrary expressions, not just multiplication of an expression and a constant.

Full Changelog: v3.1.1...v3.1.2

v3.1.1

Release 3.1.1, available on crates.io

Fixed

• ValidationResult methods validation_errors and validation_warnings, along with
  confusable_string_checker, now return iterators with static lifetimes instead of
  custom lifetimes, fixing build for latest nightly Rust. (#712)
• Validation for the in operator to no longer reports an error when comparing actions
  in different namespaces. (#704, resolving #642)

Full Changelog: v3.1.0...v3.1.1

v3.1.0

Release 3.1.0, available on crates.io

Added

• Implementation of the human-readable schema format proposed in
  RFC 24.
  New public APIs SchemaFragment::from_*_natural,
  SchemaFragment::as_natural, and Schema::from_*_natural (#557)
• PolicyId::new() (#587, resolving #551)
• EntityId::new() (#583, resolving #553)
• AsRef<str> implementation for PolicyId (#504, resolving #503)
• Policy::template_links() to retrieve the linked values for a
  template-linked policy (#515, resolving #489)
• AuthorizationError::id() to get the id of the policy associated with an
  authorization error (#589)
• For the partial-eval experimental feature: added
  Authorizer::evaluate_policies_partial() (#593, resolving #474)
• For the partial-eval experimental feature: added
  json_is_authorized_partial() (#571, resolving #570)

Changed

• Better integration with miette for various error types. If you have
  previously been just using the Display trait to get the error message from a
  Cedar error type, you may want to consider also examining other data provided
  by the miette::Diagnostic trait, for instance .help().
  Alternately, you can use miette and its fancy feature to format the error
  and all associated information in a pretty human-readable format or as JSON.
  For more details, see miette's
  documentation. (#477)
• Cedar reserved words like if, has, and true are now allowed as policy
  annotation keys. (#634, resolving #623)
• Add hints suggesting how to fix some type errors. (#513)
• The ValidationResult returned from Validator::validate now has a static
  lifetime, allowing it to be used in more contexts. The lifetime parameter
  will be removed in a future major version. (#512)
• Improve parse error around invalid is expressions. (#491, resolving #409)
• Improve parse error message when a policy includes an invalid template slot.
  The error now identifies that the policy used an invalid slot and suggests using
  one of the valid slots. (#487, resolving #451)
• Improve parse error messages to more reliably notice that a function or
  method does exist when it is called with an incorrect number of arguments or
  using the wrong call style. (#482)
• Include source spans on more parse error messages. (#471, resolving #465)
• Include source spans on more evaluation error messages. (#582)
• Changed error message on SchemaError::UndeclaredCommonTypes to report
  fully qualified type names. (#652, resolving #580)
• For the partial-eval experimental feature: make the return values of
  RequestBuilder's principal, action, resource, context and
  schema functions #[must_use]. (#502)
• For the partial-eval experimental feature: make RequestBuilder::schema
  return a RequestBuilder<&Schema> so the RequestBuilder<&Schema>::build
  method checks the request against the schema provided and the
  RequestBuilder<UnsetSchema>::build method becomes infallible. (#591,
  resolving #559)
• For the permissive-validate experimental feature: X in [] is typed False
  for all X, including unspecified X. (#615)

Fixed

• Action entities in the store will pass schema-based validation without requiring
  the transitive closure to be pre-computed. (#581, resolving #285)
• Variables qualified by a namespace with a single element are correctly
  rejected. E.g., foo::principal is an error and is not parsed as
  principal. Variables qualified by a namespace of any size comprised entirely
  of Cedar keywords are correctly rejected. E.g., if::then::else::principal is
  an error. (#594 and #597)
• The entity type tested for by an is expression may be an identifier shared
  with a builtin variable. E.g., ... is principal and ... is action are now
  accepted by the Cedar parser. (#595, resolving #558)
• Policies containing the literal i64::MIN can now be properly converted to
  the JSON policy format. (#601, resolving #596)
• Policy::to_json does not error on policies containing special identifiers
  such as principal, then, and true. (#628, resolving #604)
• Template::from_json errors when there are slots in template conditions.
  (#626, resolving #606)

Full Changelog: v3.0.1...v3.1.0