v4.0.0

Added

• Additional functionality to the JSON FFI including parsing utilities (#1079)
  and conversion between the Cedar and JSON formats (#1087)
• (*) Schema JSON syntax now accepts a type EntityOrCommon representing a
  typename that can resolve to either an entity or common type, matching the
  behavior of typenames written in the human-readable (Cedar) syntax. (#1060, as
  part of resolving #579)

Changed

• (*) Implemented RFC 70.
  In both the Cedar and JSON schema syntaxes, it is now illegal to define the
  same entity name, common type name, or action name in both the empty namespace
  and a nonempty namespace.
• (*) Implemented RFC 52.
  Names containing __cedar (e.g., __cedar, A::__cedar, __cedar::A, and
  A::__cedar::B) are now invalid. (#969)
• The API around Request::new has changed to remove the Options
  around the entity type arguments. See RFC 55.
• Replaced uses of "natural", "human", "human-readable", and "custom" with "Cedar" (#1114).
  APIs with these names are changed accordingly. E.g., Schema::from_str_natural to Schema::from_cedarschema_str.
  Moreover, the FromStr implementations of Schema and SchemaFragment
  now parse strings in the Cedar schema format. Use Schema::from_json_str and SchemaFragment::from_json_str
  to parse strings in the JSON schema format.
• Significantly reworked all public-facing error types to address some issues
  and improve consistency. See issue #745.
• Finalized the ffi module and cedar-wasm crate which were preview-released
  in 3.2.0. This involved API breaking changes in both. See #757 and #854.
• (*) Changed policy validation to reject comparisons and conditionals between
  record types that differ in whether an attribute is required or optional. (#769)
• (*) Improved consistency between JSON and Cedar schema formats. Both now
  forbid using Bool, Boolean, Entity, Extension, Long, Record, Set,
  and String as common type names. (#1150, resolving #1139)
• Changed the FFI to error on typos or unexpected fields in the input JSON (#1041)
• Changed Policy::parse and Template::parse to accept an Option<PolicyId>
  instead of Option<String> to set the policy id (#1055, resolving #1049)
• PolicySet::template_annotation now returns Option<&str> as opposed to
  Option<String> in the previous version (#1131, resolving #1116)
• Moved <PolicyId as FromStr>::Err to Infallible (#588, resolving #551)
• Removed unnecessary lifetimes from some validation related structs (#715)
• Marked errors/warnings related to parsing and validation as non_exhaustive,
  allowing future variants to be added without a breaking change. (#1137, #1169)

Removed

• (*) Removed unspecified entity type. See RFC 55.
• Removed integration testing harness from the cedar-policy crate. It is now
  in an internal crate, allowing us to make semver incompatible changes. (#857)
• Removed the (deprecated) frontend module in favor of the new ffi module
  introduced in 3.2.0. See #757.
• Removed ParseErrors::errors_as_strings. Callers should consider examining
  the rich data provided by miette::Diagnostic, for instance .help() and
  labels(). Callers can continue using the same behavior by calling
  .iter().map(ToString::to_string). (#882, resolving #543)
• Removed ParseError::primary_source_span. Callers should use the location
  information provided by miette::Diagnostic via .labels() and
  .source_code() instead. (#908)
• Removed Display impl for EntityId in favor of explicit .escaped() and
  .as_ref() for escaped and unescaped representations (respectively) of the
  EntityId; see note there (#921, resolving #884)

Fixed

• (*) JSON format Cedar schemas will now fail to parse if they reference an unknown
  extension type. This was already an error for human-readable schema syntax. (#890, resolving #875)
• (*) Schemas can now reference entity and common types defined in the empty namespace,
  even in contexts occurring in a non-empty namespace. (#1060, resolving #579)

v3.4.0

Added

• Convenience methods num_of_policies() and num_of_templates() to see how
  many policies and templates a policy set has (#1180)
• Entity is now Hash. The hash implementation compares the hash of
  the entity UID (#1186)

Fixed

• (*) Entities::from_entities() will now correctly reject record
  attributes with superfluous attributes. (#1177, resolving #1176)

v2.5.0

Added

• Convenience methods num_of_policies() and num_of_templates() to see how many policies and templates a policy set has (#1180)

v3.3.0

Release 3.3.0, available on crates.io

Added

• JSON representation for Policy Sets, along with methods like
  ::from_json_value/file/str and ::to_json for PolicySet. (#783,
  resolving #549)
• Methods for reading and writing individual Entitys as JSON (#924,
  resolving #807)
• Context::into_iter to get the contents of a Context and Context::merge
  to combine Contexts, returning an error on duplicate keys (#1027,
  resolving #1013)
• Several new APIs for schemas to allow accessing principal and resource
  types, action entity uids, etc. (#1141, resolving #1134)

Changed

• Added deprecation warnings to APIs that will be removed in the upcoming 4.0
  release, as well as wrapper methods with the new names, where appropriate.
  See the notes under that release for more details. (#1128)
• Reduced precision of partial evaluation for ||, &&, and conditional
  expressions. if { foo : <unknown> }.foo then 1 + "hi" else false now
  evaluates to if <unknown> then 1 + "hi" else false. (#874)
• Removed the error extension function, which was previously used during
  partial evaluation. (#874)

Fixed

• (*) JSON format Cedar policies will now fail to parse if the action scope
  constraint contains a non-action entity type, matching the behavior for
  human-readable Cedar policies. (#943, resolving #925)
• Template parsing functions (e.g., Template::parse()) will now fail when
  passed a static policy as input. Use the Policy parsing functions instead.
  (#1108, resolving #1095)

v3.2.4

Release 3.2.4, available on crates.io

Fixed

• JSON format Cedar policies will now fail to parse if any annotations are not
  valid Cedar identifiers. (#1004, resolving #994)
• unknown() is no longer a valid extension function if partial-eval
  is not enabled as a feature. (#1101, resolving #1096)

v3.2.1

Release 3.2.1, available on crates.io

Fixed

• Fixed policy formatter dropping newlines in string literals. (#870, #910, resolving #862)
• Fixed a performance issue when constructing an error for accessing
  a non-existent attribute on sufficiently large records (#887, resolving #754)
• Fixed identifier parsing in human-readable schemas (#914, resolving #913)
• Fixed the typescript generated type for ffi::AuthorizationCall to remove
  unsupported string option (#939)
• Fixed Wasm build script to be multi-target in JS ecosystem (#933)

v2.4.7

Release v2.4.7, available on crates.io.

Fixed

• Fixed policy formatter reordering some comments around if-then-else and
  entity identifier expressions. (#861, resolving #787)
• Fixed policy formatter dropping newlines in string literals. (#870, #910, resolving #862)

v3.2.0

Release 3.2.0, available on crates.io

Added

• Expression::new_ip, Expression::new_decimal, RestrictedExpression::new_ip,
  and RestrictedExpression::new_decimal (#661, resolving #659)
• Entities::into_iter (#713, resolving #680)
• Entity::into_inner (#685, resolving #636)
• New ffi module with an improved FFI interface. This will replace the
  frontend module in the 4.0 release, but is available now for early adopters;
  the frontend module is now deprecated.
  This should be considered a preview-release of ffi; more API breaking
  changes are anticipated for Cedar 4.0. (#852)
• wasm Cargo feature for targeting Wasm (and the cedar-wasm crate was added
  to this repo).
  This should be considered a preview-release of cedar-wasm; more API
  breaking changes are anticipated for Cedar 4.0. (#858)

Changed

• Common type definitions in both human-readable and JSON schemas may now
  reference other common type definitions. There may not be any cycles formed by
  these references. (#766, resolving #154)
• Improved validation error messages when incompatible types appear in
  if, ==, contains, containsAll, and containsAny expressions. (#809, resolving #346)
• Deprecated error TypeErrorKind::ImpossiblePolicy in favor of warning
  ValidationWarningKind::ImpossiblePolicy so future improvements to Cedar
  typing precision will not result in breaking changes. (#716, resolving #539)
• Rework API for the partial-eval experimental feature (#714, #817, #838).
• Validation errors for unknown entity types and action entities now
  report the precise source location where the unknown type was encountered.
  Error for invalid use of an action now includes a source location containing
  the offending policy. (#802, #808, resolving #522)
• Deprecated the frontend module in favor of the new ffi module. The
  frontend module will be removed from cedar-policy in the next major version.
  See notes above about ffi. (#852)
• Deprecated the integration testing harness code. It will be removed from the
  cedar-policy crate in the next major version. (#707)

Fixed

• Validation error message for an invalid attribute access now reports the
  correct attribute and entity type when accessing an optional attribute that is
  itself an entity. (#811)
• The error message returned when parsing an invalid action scope constraint
  action == ?action no longer suggests that action == [...] would be a
  valid scope constraint. (#818, resolving #563)
• Fixed policy formatter reordering some comments around if-then-else and
  entity identifier expressions. (#861, resolving #787)

Full Changelog: v3.1.4...v3.2.0

v3.1.4

Release 3.1.4, available on crates.io

Fixed

• The formatter will now fail with an error if it changes a policy's semantics. (#865)

Full Changelog: v3.1.3...v3.1.4

v2.4.6

Release 2.4.6, available on crates.io

Fixed

• The formatter will now fail with an error if it changes a policy's semantics. (#865)

Full Changelog: v2.4.5...v2.4.6