Cherry-pick PRs to 3.2.x

cedar-policy-formatter/src/pprint/utils.rs

@@ -166,7 +166,7 @@ pub fn remove_empty_lines(text: &str) -> String {
     let comment_regex = Regex::new(r"//[^\n]*").unwrap();
     // PANIC SAFETY: this regex pattern is valid
     #[allow(clippy::unwrap_used)]
-    let string_regex = Regex::new(r#""(\\.|[^"\\])*"[^\n]*"#).unwrap();
+    let string_regex = Regex::new(r#""(\\.|[^"\\])*""#).unwrap();
 
     let mut index = 0;
     let mut final_text = String::new();

cedar-policy-formatter/tests/blank_lines.cedar

@@ -31,4 +31,23 @@ with a newline") when // trailing comment
 
 // shouldn't matter "
 
+};
+
+// A fuzzer-generated policy that wasn't correctly formatter with the original fix
+permit(
+  principal is User in Group::"friends",
+  action,
+  resource is Photo in Album::"vacation"
+) when {
+(User::"alice" is User) && (User::"alice" in
+Group::"
+
+
+
+
+
+
+
+
+friends")
 };

cedar-policy-formatter/tests/snapshots/cedar_policy_formatter__pprint__fmt__tests__format_files@blank_lines.cedar.snap

@@ -29,3 +29,21 @@ when // trailing comment
 // Quotes in comments "
 // shouldn't matter "
 };
+
+// A fuzzer-generated policy that wasn't correctly formatter with the original fix
+permit (
+  principal is User in Group::"friends",
+  action,
+  resource is Photo in Album::"vacation"
+)
+when
+{ (User::"alice" is User) && (User::"alice" in Group::"
+
+
+
+
+
+
+
+
+friends") };

cedar-policy-validator/src/human_schema/grammar.lalrpop

@@ -226,6 +226,12 @@ Ident: Node<Id> = {
         => Node::with_source_loc("Long".parse().unwrap(), Loc::new(l..r, Arc::clone(src))),
     <l:@L> STRING <r:@R> 
         => Node::with_source_loc("String".parse().unwrap(), Loc::new(l..r, Arc::clone(src))),
+    <l:@L> TYPE <r:@R> 
+        => Node::with_source_loc("type".parse().unwrap(), Loc::new(l..r, Arc::clone(src))),
+    <l:@L> IN <r:@R>
+        =>? Err(ParseError::User {
+            error: Node::with_source_loc(UserError::ReservedIdentifierUsed("in".into()), Loc::new(l..r, Arc::clone(src)))
+        }),
     <l:@L> <i:IDENTIFIER> <r:@R>
         =>? Id::from_str(i)
         .map(|id : Id| Node::with_source_loc(id, Loc::new(l..r, Arc::clone(src))))

cedar-policy/CHANGELOG.md

@@ -5,51 +5,15 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Unreleased]
 
-### Added
-
-- JSON representation for Policy Sets, along with methods like
-  `::from_json_value/file/str` and `::to_json` for `PolicySet`. (#783,
-  resolving #549)
-
-### Changed
-
-- Significantly reworked all public-facing error types to address some issues
-  and improve consistency. See issue #745.
-- Finalized the `ffi` module which was preview-released in 3.2.0.
-  This involved a few additional API breaking changes in `ffi`. See #757.
-- Moved `<PolicyId as FromStr>::Err` to `Infallible` (#588, resolving #551)
-- Removed unnecessary lifetimes from some validation related structs (#715)
-- Changed policy validation to reject comparisons and conditionals between
-  record types that differ in whether an attribute is required or optional.
-- Fixed a performance issue when constructing an error for accessing
-  a non-existent attribute on sufficiently large records/entities
-
-### Removed
-
-- Reduced precision of partial evaluation for `||`, `&&`, and conditional expressions. `if { foo : <unknown> }.foo then 1 + "hi" else false` now evaluates to `if <unknown> then 1 + "hi" else false`
-- Removed the `error` extension function, which was previously used during partial evaluation.
-- Removed integration testing harness from the `cedar-policy` crate. It is now
-  in an internal crate, allowing us to make semver incompatible changes. (#857)
-- Removed the (deprecated) `frontend` module in favor of the new `ffi` module
-  introduced in 3.2.0. See #757.
-- Removed `ParseErrors::errors_as_strings`. Callers should consider examining
-  the rich data provided by `miette::Diagnostic`, for instance `.help()` and
-  `labels()`. Callers can continue using the same behavior by calling
-  `.iter().map(ToString::to_string)`. (#882, resolving #543)
-  > > > > > > > 076b4f1b (Improve performance on a record error case (#887))
+## [3.2.1] - Coming Soon
 
 ### Fixed
 
-- Fixed policy formatter dropping newlines in string literals. (#870, resolving #862)
-
-## [3.2.1] -
-
-### Changed
-
+- Fixed policy formatter dropping newlines in string literals. (#870, #910, resolving #862)
 - Fixed a performance issue when constructing an error for accessing
-  a non-existent attribute on sufficiently large records
+  a non-existent attribute on sufficiently large records (#887, resolving #754)
+- Fixed identifier parsing of human-readable schemas (#914, resolving #913)
 
 ## [3.2.0] - 2024-05-17
 

cedar-wasm/build-wasm.sh

@@ -17,7 +17,7 @@
 # Without this, the built wasm still works, but the Typescript definitions made by tsify don't.
 set -e
 cargo build
-wasm-pack build --scope amzn --target bundler
+wasm-pack build --scope cedar-policy --target bundler
 
 sed -i "s/[{]\s*!: /{ \"!\": /g" pkg/cedar_wasm.d.ts
 sed -i "s/[{]\s*==: /{ \"==\": /g" pkg/cedar_wasm.d.ts
@@ -40,4 +40,4 @@ echo "type Name = string;" >> pkg/cedar_wasm.d.ts
 echo "type Id = string;" >> pkg/cedar_wasm.d.ts
 echo "export type TypeOfAttribute = SchemaType & { required?: boolean };" >> pkg/cedar_wasm.d.ts
 echo "export type Context = Record<string, CedarValueJson>;" >> pkg/cedar_wasm.d.ts
-echo "Finished post-processing types file"
+echo "Finished post-processing types file"