Cedar Generalized Templates

cedar-language-server/src/policy/completion/provider/scope.rs

@@ -93,7 +93,7 @@ fn handle_principal_scope(policy: &Template, info: &ScopeVariableInfo) -> Comple
         PrincipalOrResourceConstraint::Eq(entity_reference) => create_binary_op_context(
             Op::eq(),
             principal_var,
-            entity_reference.into_expr(SlotId::principal()).into(),
+            entity_reference.into_expr(SlotId::resource()).into(),
         ),
 
         PrincipalOrResourceConstraint::Is(..) => create_is_context(principal_var),

cedar-language-server/src/schema/fold.rs

@@ -79,15 +79,15 @@ pub(crate) fn fold_schema(schema_info: &SchemaInfo) -> Option<Vec<FoldingRange>>
         .entity_types()
         .filter_map(|et| et.loc.as_loc_ref());
     let action_locs = validator.action_ids().filter_map(|a| a.loc());
-    let common_types = validator
-        .common_types()
+    let common_types_extended = validator
+        .common_types_extended()
         .filter_map(|ct| ct.type_loc.as_loc_ref());
 
     // Combine all locations and create folding ranges
     let ranges = namespace_locs
         .chain(entity_type_locs)
         .chain(action_locs)
-        .chain(common_types)
+        .chain(common_types_extended)
         .unique()
         .map(|loc| {
             let src_range = loc.to_range();

cedar-language-server/src/schema/symbols.rs

@@ -124,8 +124,8 @@ pub(crate) fn schema_symbols(schema_info: &SchemaInfo) -> Option<Vec<DocumentSym
         .collect();
 
     // Create common type symbols
-    let common_type_symbols: Vec<DocumentSymbol> = validator
-        .common_types()
+    let common_type_extended_symbols: Vec<DocumentSymbol> = validator
+        .common_types_extended()
         .filter_map(|ct| {
             ct.name_loc
                 .as_ref()
@@ -144,7 +144,7 @@ pub(crate) fn schema_symbols(schema_info: &SchemaInfo) -> Option<Vec<DocumentSym
     let mut all_other_symbols = Vec::new();
     all_other_symbols.extend(entity_type_symbols);
     all_other_symbols.extend(action_symbols);
-    all_other_symbols.extend(common_type_symbols);
+    all_other_symbols.extend(common_type_extended_symbols);
 
     // Assign symbols to namespaces based on range intersection
     let mut remaining_symbols = Vec::new();

cedar-policy-core/src/ast.rs

@@ -54,5 +54,7 @@ mod expr_iterator;
 pub use expr_iterator::*;
 mod annotation;
 pub use annotation::*;
+mod generalized_slots_annotation;
+pub use generalized_slots_annotation::*;
 mod expr_visitor;
 pub use expr_visitor::*;

cedar-policy-core/src/ast/expr.rs

@@ -293,13 +293,27 @@ impl<T> Expr<T> {
         self.subexpressions()
             .filter_map(|exp| match &exp.expr_kind {
                 ExprKind::Slot(slotid) => Some(Slot {
-                    id: *slotid,
+                    id: slotid.clone(),
                     loc: exp.source_loc().into_maybe_loc(),
                 }),
                 _ => None,
             })
     }
 
+    /// Iterate over all of the principal or resource slots in this policy AST
+    pub fn principal_or_resource_slots(&self) -> impl Iterator<Item = Slot> + '_ {
+        self.subexpressions()
+            .filter_map(|exp| match &exp.expr_kind {
+                ExprKind::Slot(slotid) if slotid.is_principal() || slotid.is_resource() => {
+                    Some(Slot {
+                        id: slotid.clone(),
+                        loc: exp.source_loc().into_maybe_loc(),
+                    })
+                }
+                _ => None,
+            })
+    }
+
     /// Determine if the expression is projectable under partial evaluation
     /// An expression is projectable if it's guaranteed to never error on evaluation
     /// This is true if the expression is entirely composed of values or unknowns
@@ -1842,7 +1856,7 @@ mod test {
         let e = Expr::slot(SlotId::principal());
         let p = SlotId::principal();
         let r = SlotId::resource();
-        let set: HashSet<SlotId> = HashSet::from_iter([p]);
+        let set: HashSet<SlotId> = HashSet::from_iter([p.clone()]);
         assert_eq!(set, e.slots().map(|slot| slot.id).collect::<HashSet<_>>());
         let e = Expr::or(
             Expr::slot(SlotId::principal()),

cedar-policy-core/src/ast/expr_visitor.rs

@@ -55,7 +55,7 @@ pub trait ExprVisitor {
         match expr.expr_kind() {
             ExprKind::Lit(lit) => self.visit_literal(lit, loc),
             ExprKind::Var(var) => self.visit_var(*var, loc),
-            ExprKind::Slot(slot) => self.visit_slot(*slot, loc),
+            ExprKind::Slot(slot) => self.visit_slot(slot.clone(), loc),
             ExprKind::Unknown(unknown) => self.visit_unknown(unknown, loc),
             ExprKind::If {
                 test_expr,

cedar-policy-core/src/ast/generalized_slots_annotation.rs

@@ -0,0 +1,119 @@
+/*
+ * Copyright Cedar Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+use std::collections::BTreeMap;
+
+use crate::ast::SlotId;
+use crate::extensions::Extensions;
+use crate::validator::{
+    json_schema::Type as JSONSchemaType, types::Type as ValidatorType, RawName, SchemaError,
+    ValidatorSchema,
+};
+use serde::{Deserialize, Serialize};
+use serde_with::serde_as;
+
+/// Struct which holds the type & position of a generalized slot
+#[derive(Clone, Eq, PartialEq, PartialOrd, Ord, Debug, Hash, Serialize, Deserialize)]
+#[serde_as]
+pub struct GeneralizedSlotsAnnotation(BTreeMap<SlotId, JSONSchemaType<RawName>>);
+
+impl GeneralizedSlotsAnnotation {
+    /// Create a new empty `GeneralizedSlotsAnnotation` (with no slots)
+    pub fn new() -> Self {
+        Self(BTreeMap::new())
+    }
+
+    /// Get the type of the slot by key
+    pub fn get(&self, key: &SlotId) -> Option<&JSONSchemaType<RawName>> {
+        self.0.get(key)
+    }
+
+    /// Iterate over all pairs of slots and their types
+    pub fn iter(&self) -> impl Iterator<Item = (&SlotId, &JSONSchemaType<RawName>)> {
+        self.0.iter()
+    }
+
+    /// Tell if it's empty
+    pub fn is_empty(&self) -> bool {
+        self.0.is_empty()
+    }
+
+    pub(crate) fn into_validator_generalized_slots_annotation(
+        self,
+        schema: &ValidatorSchema,
+    ) -> Result<ValidatorGeneralizedSlotsAnnotation, SchemaError> {
+        let validator_generalized_slots_annotation: Result<BTreeMap<_, _>, SchemaError> = self
+            .0
+            .into_iter()
+            .map(|(k, ty)| -> Result<_, SchemaError> {
+                Ok((
+                    k,
+                    schema.json_schema_type_to_validator_type(ty, Extensions::all_available())?,
+                ))
+            })
+            .collect();
+        Ok(validator_generalized_slots_annotation?.into())
+    }
+}
+
+impl Default for GeneralizedSlotsAnnotation {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+impl FromIterator<(SlotId, JSONSchemaType<RawName>)> for GeneralizedSlotsAnnotation {
+    fn from_iter<T: IntoIterator<Item = (SlotId, JSONSchemaType<RawName>)>>(iter: T) -> Self {
+        Self(BTreeMap::from_iter(iter))
+    }
+}
+
+impl From<BTreeMap<SlotId, JSONSchemaType<RawName>>> for GeneralizedSlotsAnnotation {
+    fn from(value: BTreeMap<SlotId, JSONSchemaType<RawName>>) -> Self {
+        Self(value)
+    }
+}
+
+#[derive(Clone, Eq, PartialEq, PartialOrd, Ord, Debug, Hash)]
+pub(crate) struct ValidatorGeneralizedSlotsAnnotation(BTreeMap<SlotId, ValidatorType>);
+
+impl FromIterator<(SlotId, ValidatorType)> for ValidatorGeneralizedSlotsAnnotation {
+    fn from_iter<T: IntoIterator<Item = (SlotId, ValidatorType)>>(iter: T) -> Self {
+        Self(BTreeMap::from_iter(iter))
+    }
+}
+
+impl From<BTreeMap<SlotId, ValidatorType>> for ValidatorGeneralizedSlotsAnnotation {
+    fn from(value: BTreeMap<SlotId, ValidatorType>) -> Self {
+        Self(value)
+    }
+}
+
+impl Default for ValidatorGeneralizedSlotsAnnotation {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+impl ValidatorGeneralizedSlotsAnnotation {
+    pub(crate) fn new() -> Self {
+        Self(BTreeMap::new())
+    }
+
+    pub(crate) fn get(&self, slot: &SlotId) -> Option<&ValidatorType> {
+        self.0.get(slot)
+    }
+}

cedar-policy-core/src/ast/name.rs

@@ -21,6 +21,7 @@ use miette::Diagnostic;
 use ref_cast::RefCast;
 use regex::Regex;
 use serde::{Deserialize, Deserializer, Serialize, Serializer};
+use serde_with::{serde_as, DisplayFromStr};
 use smol_str::ToSmolStr;
 use std::collections::HashSet;
 use std::fmt::Display;
@@ -283,9 +284,10 @@ impl<'de> Deserialize<'de> for InternalName {
 /// Clone is O(1).
 // This simply wraps a separate enum -- currently [`ValidSlotId`] -- in case we
 // want to generalize later
-#[derive(Debug, Clone, Copy, Eq, PartialEq, PartialOrd, Ord, Hash, Serialize, Deserialize)]
+#[serde_as]
+#[derive(Debug, Clone, Eq, PartialEq, PartialOrd, Ord, Hash, Serialize, Deserialize)]
 #[serde(transparent)]
-pub struct SlotId(pub(crate) ValidSlotId);
+pub struct SlotId(#[serde_as(as = "DisplayFromStr")] pub(crate) ValidSlotId);
 
 impl SlotId {
     /// Get the slot for `principal`
@@ -298,6 +300,11 @@ impl SlotId {
         Self(ValidSlotId::Resource)
     }
 
+    /// Create a `generalized slot`
+    pub fn generalized_slot(id: Id) -> Self {
+        Self(ValidSlotId::GeneralizedSlot(id))
+    }
+
     /// Check if a slot represents a principal
     pub fn is_principal(&self) -> bool {
         matches!(self, Self(ValidSlotId::Principal))
@@ -307,6 +314,11 @@ impl SlotId {
     pub fn is_resource(&self) -> bool {
         matches!(self, Self(ValidSlotId::Resource))
     }
+
+    /// Check if a slot represents a generalized slot
+    pub fn is_generalized_slot(&self) -> bool {
+        matches!(self, Self(ValidSlotId::GeneralizedSlot(_)))
+    }
 }
 
 impl From<PrincipalOrResource> for SlotId {
@@ -318,31 +330,47 @@ impl From<PrincipalOrResource> for SlotId {
     }
 }
 
+impl FromStr for SlotId {
+    type Err = ParseErrors;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        crate::parser::parse_slot(s).map(SlotId)
+    }
+}
+
 impl std::fmt::Display for SlotId {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         write!(f, "{}", self.0)
     }
 }
 
-/// Two possible variants for Slots
-#[derive(Debug, Clone, Copy, Eq, PartialEq, PartialOrd, Ord, Hash, Serialize, Deserialize)]
+/// Three possible variants for Slots
+#[derive(Debug, Clone, Eq, PartialEq, PartialOrd, Ord, Hash, Serialize, Deserialize)]
 pub(crate) enum ValidSlotId {
-    #[serde(rename = "?principal")]
     Principal,
-    #[serde(rename = "?resource")]
     Resource,
+    GeneralizedSlot(Id), // Slots for generalized templates, for more info see [RFC 98](https://github.com/cedar-policy/rfcs/pull/98).
 }
 
 impl std::fmt::Display for ValidSlotId {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         let s = match self {
             ValidSlotId::Principal => "principal",
             ValidSlotId::Resource => "resource",
+            ValidSlotId::GeneralizedSlot(id) => id.as_ref(),
         };
         write!(f, "?{s}")
     }
 }
 
+impl FromStr for ValidSlotId {
+    type Err = ParseErrors;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        crate::parser::parse_slot(s)
+    }
+}
+
 /// [`SlotId`] plus a source location
 #[derive(Educe, Debug, Clone)]
 #[educe(PartialEq, Eq, Hash)]