Skip to content

Upgrade Cedar Policy engine from v4.7.0 to v4.8.2 #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
skuenzli merged 1 commit into from
Dec 17, 2025
Merged

Upgrade Cedar Policy engine from v4.7.0 to v4.8.2 #38

skuenzli merged 1 commit into from
Dec 17, 2025

Conversation

@Iamrodos
Copy link
Contributor

@Iamrodos Iamrodos commented Dec 13, 2025

Upgrades Cedar Policy engine from v4.7.0 to v4.8.2.

Closes #36

Changes

  • Update cedar-policy dependencies to ~4.8.0 in Cargo.toml
  • Update integration test submodule to v4.8.2
  • Update .gitmodules branch to release/4.8.x
  • Update README version mapping table

Breaking Change

format_policies() output has changed. Cedar 4.8 formatter now outputs dot notation instead of bracket notation:

Before (4.7) After (4.8)
resource["account"] resource.account
resource has "account" resource has account

Both syntaxes are valid Cedar input - only the formatter output changed. Users comparing or storing formatted policy strings may need to update their expected values.

Bug Fixes from Cedar 4.8.x

  • Fixed parsing of small negative decimal literals (4.8.1)
  • Improved error message diagnostics (4.8.2)

Testing

  • All 51 unit tests pass
  • All 69 integration tests pass (5 skipped, same as before)

@skuenzli
Copy link
Contributor

skuenzli commented Dec 15, 2025
edited
Loading

Thank you @Iamrodos - I will review this soon. I also want to impl #37 and rebase this PR after that.

@skuenzli skuenzli self-assigned this Dec 17, 2025
@skuenzli
Copy link
Contributor

skuenzli commented Dec 17, 2025

Overall, this looks good to me. Thank you!

Can you please:

  1. Specify the cedarpy version as 4.8.0
    • I'm only trying to sync the cedarpy major.minor version number with the cedar-policy engine
  2. Pin the cedar-policy dependencies to 4.8.2 so we have explicit control over engine upgrades
  3. Rebase against main so that we can check for performance regressions with make benchmark-compare (see BENCHMARKS.md)
    • Feel free to add your own benchmark results from 4.7 and 4.8
    • I will run the benchmark for 4.8 as well

If you prefer, I can do the above and push to your PR branch if you give me permissions (docs).

@Iamrodos
Upgrade Cedar Policy engine from v4.7.0 to v4.8.2
8c29de4 
Changes:
- Update cedar-policy dependencies to ~4.8.0 in Cargo.toml
- Update integration test submodule to v4.8.2
- Update .gitmodules branch to release/4.8.x
- Update README version mapping table

Breaking change for users of format_policies():
- Cedar 4.8 formatter now outputs dot notation (resource.account)
  instead of bracket notation (resource["account"])
- Both syntaxes are valid Cedar input; only formatter output changed
- Update test expectations to match new formatter output

Bug fixes included from Cedar 4.8.x:
- Fixed parsing of small negative decimal literals (4.8.1)
- Improved error message diagnostics (4.8.2)

Testing:
- All 51 unit tests pass
- All 69 integration tests pass (5 skipped, same as before)
@Iamrodos Iamrodos force-pushed the upgrade-cedar-4.8.2 branch from dbbe387 to 8c29de4 Compare December 17, 2025 21:36
@Iamrodos
Copy link
Contributor Author

Iamrodos commented Dec 17, 2025

Done.

@skuenzli
Copy link
Contributor

skuenzli commented Dec 17, 2025

Thank you!

The performance looks good.

@skuenzli skuenzli merged commit 62ccb75 into k9securityio:main Dec 17, 2025
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@skuenzli skuenzli

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Update to Cedar 4.8.2

2 participants

@Iamrodos @skuenzli