Replace partial-validate with validation-mode in the CLI (#915)

memark · web-flow · commit 354c531432ad · 2024-05-28T10:26:48.000-04:00
Signed-off-by: Magnus Markling &lt;magnus@markling.com&gt;
diff --git a/cedar-policy-cli/CHANGELOG.md b/cedar-policy-cli/CHANGELOG.md
@@ -6,6 +6,9 @@
 
 - The default `--schema-format` is now `human` for all subcommands that take
   `--schema-format`.
+- The `--partial-validate` option has been replaced with `--validation-mode`,
+  taking the values `strict`, `permissive` (new) and `partial`.
+  The latter two are kept behind their respective feature flags.
 
 ## 3.2.0
 
@@ -50,6 +53,7 @@ Now uses Cedar language version 3.1.0.
 - The `evaluate` command now shows source spans on parse errors.
 
 ### Fixed
+
 - The `link` command now accepts templates in the Cedar JSON (EST) syntax.
 
 ## 3.0.1
diff --git a/cedar-policy-cli/Cargo.toml b/cedar-policy-cli/Cargo.toml
@@ -22,7 +22,8 @@ thiserror = "1.0"
 
 [features]
 default = []
-experimental = ["partial-validate"]
+experimental = ["permissive-validate", "partial-validate"]
+permissive-validate = ["cedar-policy/permissive-validate"]
 partial-validate = ["cedar-policy/partial-validate"]
 
 [dev-dependencies]
diff --git a/cedar-policy-cli/src/lib.rs b/cedar-policy-cli/src/lib.rs
@@ -135,6 +135,16 @@ impl Default for SchemaFormat {
     }
 }
 
+#[derive(Debug, Clone, Copy, ValueEnum)]
+pub enum ValidationMode {
+    /// Strict validation
+    Strict,
+    /// Permissive validation
+    Permissive,
+    /// Partial validation
+    Partial,
+}
+
 #[derive(Args, Debug)]
 pub struct ValidateArgs {
     /// File containing the schema
@@ -146,14 +156,15 @@ pub struct ValidateArgs {
     /// Report a validation failure for non-fatal warnings
     #[arg(long)]
     pub deny_warnings: bool,
-    /// Validate the policy using partial schema validation. This option is
-    /// experimental and will cause the CLI to exit if it was not built with the
-    /// experimental `partial-validate` feature enabled.
-    #[arg(long = "partial-validate")]
-    pub partial_validate: bool,
     /// Schema format (Human-readable or json)
     #[arg(long, value_enum, default_value_t = SchemaFormat::Human)]
     pub schema_format: SchemaFormat,
+    /// Validate the policy using this mode.
+    /// The options `permissive` and `partial` are experimental
+    /// and will cause the CLI to exit if it was not built with the
+    /// experimental feature `permissive-validate` and `partial-validate`, respectively, enabled.
+    #[arg(long, value_enum, default_value_t = ValidationMode::Strict)]
+    pub validation_mode: ValidationMode,
 }
 
 #[derive(Args, Debug)]
@@ -519,16 +530,26 @@ pub fn check_parse(args: &CheckParseArgs) -> CedarExitCode {
 }
 
 pub fn validate(args: &ValidateArgs) -> CedarExitCode {
-    let mode = if args.partial_validate {
-        #[cfg(not(feature = "partial-validate"))]
-        {
-            eprintln!("Error: arguments include the experimental option `--partial-validate`, but this executable was not built with `partial-validate` experimental feature enabled");
-            return CedarExitCode::Failure;
+    let mode = match args.validation_mode {
+        ValidationMode::Strict => cedar_policy::ValidationMode::Strict,
+        ValidationMode::Permissive => {
+            #[cfg(not(feature = "permissive-validate"))]
+            {
+                eprintln!("Error: arguments include the experimental option `--validation-mode permissive`, but this executable was not built with `permissive-validate` experimental feature enabled");
+                return CedarExitCode::Failure;
+            }
+            #[cfg(feature = "permissive-validate")]
+            cedar_policy::ValidationMode::Permissive
+        }
+        ValidationMode::Partial => {
+            #[cfg(not(feature = "partial-validate"))]
+            {
+                eprintln!("Error: arguments include the experimental option `--validation-mode partial`, but this executable was not built with `partial-validate` experimental feature enabled");
+                return CedarExitCode::Failure;
+            }
+            #[cfg(feature = "partial-validate")]
+            cedar_policy::ValidationMode::Partial
         }
-        #[cfg(feature = "partial-validate")]
-        ValidationMode::Partial
-    } else {
-        ValidationMode::default()
     };
 
     let pset = match args.policies.get_policy_set() {
diff --git a/cedar-policy-cli/tests/sample.rs b/cedar-policy-cli/tests/sample.rs
@@ -483,7 +483,7 @@ fn run_validate_test(
             template_linked_file: None,
         },
         deny_warnings: false,
-        partial_validate: false,
+        validation_mode: cedar_policy_cli::ValidationMode::Strict,
         schema_format: SchemaFormat::Json,
     };
     let output = validate(&cmd);
@@ -501,7 +501,7 @@ fn run_validate_test(
             template_linked_file: None,
         },
         deny_warnings: false,
-        partial_validate: false,
+        validation_mode: cedar_policy_cli::ValidationMode::Strict,
         schema_format: SchemaFormat::Human,
     };
     let output = validate(&cmd);
