EST allows annotation identifiers that are forbidden in human formated policies

[john-h-kastner-aws]

Before opening, please confirm:

• I have searched for duplicate or closed issues.
• I have read the guide for submitting bug reports.
• I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

Bug Category

Cedar Parser

Describe the bug

In this EST JSON, there is an annotation identifier if

{
  "annotations": {
    "if": ""
  },
  "effect": "permit",
  "principal": {
    "op": "All"
  },
  "action": {
    "op": "All"
  },
  "resource": {
    "op": "All"
  },
  "conditions": []
}

We can parse this and obtain a Policy object, but printing that policy to a string gives

@if("") 
permit(principal, action, resource);

Which does not parse because if is a reserved identifier.

    let est = serde_json::json!(
        {
            "annotations": {
              "if": ""
            },
            "effect": "permit",
            "principal": {
              "op": "All"
            },
            "action": {
              "op": "All"
            },
            "resource": {
              "op": "All"
            },
            "conditions": []
        }
    );
    let p = Policy::from_json(None, est).unwrap();
    let human_src = p.to_string();
    Policy::from_str(&human_src).unwrap(); // This panics

Expected behavior

.

Reproduction steps

.

Code Snippet

// Put your code below this line.

Log output

// Put your output below this line

Additional configuration

No response

Operating System

No response

Additional information and screenshots

No response

[john-h-kastner-aws]

See also #407 for general issues around special-cases for reserved identifiers

[shaobo-he-aws]

I think that any place where Id is required could have this issue.

[cdisselkoen]

#634 proposes to resolve this by just allowing Cedar reserved words as annotation keys, both in EST and human-format policies.