Improve Debug Messages for PolicySet #1254
Description
Category
User level API features/changes
Describe the feature you'd like to request
Right now, printing a debug formatted policy set looks like: PolicySet { ast: PolicySet { templates: {PolicyID("p-PLGRA7f4vobdGt8J9jS68M"): Template { body: TemplateBody { id: PolicyID("p-PLGRA7f4vobdGt8J9jS68M"), loc: Some(Loc { span: SourceSpan { offset: SourceOffset(0), length: 37 }, src: "forbid (principal, action, resource);" }), annotations: Annotations({}), effect: Forbid, principal_constraint: PrincipalConstraint { constraint: Any }, action_constraint: Any, resource_constraint: ResourceConstraint { constraint: Any }, non_scope_constraints: Expr { expr_kind: Lit(Bool(true)), source_loc: Some(Loc { span: SourceSpan{ offset: SourceOffset(0), length: 37 }, src: "forbid (principal, action, resource);" }), data: () } }, slots: [] }}, links: {PolicyID("p-PLGRA7f4vobdGt8J9jS68M"): Policy { template: Template { body: TemplateBody { id: PolicyID("p-PLGRA7f4vobdGt8J9jS68M"), loc: Some(Loc { span: SourceSpan { offset: SourceOffset(0), length: 37 }, src: "forbid (principal, action, resource);" }), annotations: Annotations({}), effect: Forbid, principal_constraint: PrincipalConstraint { constraint: Any }, action_constraint: Any, resource_constraint: ResourceConstraint { constraint: Any }, non_scope_constraints: Expr { expr_kind: Lit(Bool(true)), source_loc: Some(Loc { span: SourceSpan { offset: SourceOffset(0), length: 37 }, src: "forbid (principal, action, resource);" }), data: () } }, slots: [] }, link: None, values: {} }}, template_to_links_map: {PolicyID("p-PLGRA7f4vobdGt8J9jS68M"): {PolicyID("p-PLGRA7f4vobdGt8J9jS68M")}} }, policies: {PolicyId(PolicyID("p-PLGRA7f4vobdGt8J9jS68M")): Policy { ast: Policy { template: Template { body: TemplateBody { id: PolicyID("p-PLGRA7f4vobdGt8J9jS68M"), loc: Some(Loc { span: SourceSpan { offset: SourceOffset(0), length: 37 }, src: "forbid (principal, action, resource);" }), annotations: Annotations({}), effect: Forbid, principal_constraint: PrincipalConstraint { constraint: Any }, action_constraint: Any, resource_constraint: ResourceConstraint { constraint: Any }, non_scope_constraints: Expr { expr_kind: Lit(Bool(true)), source_loc: Some(Loc { span: SourceSpan { offset: SourceOffset(0), length: 37 }, src: "forbid (principal, action, resource);" }), data: () } }, slots: [] }, link: None, values: {} }, lossless: Text { text: "forbid (principal, action, resource);", slots: {} } }}, templates: {} } for an extremely simple policy set.
I'd prefer a shorter, easier to read version. I think simply printing a list of policy ids would be helpful. We don't use template linked policies, so I'm open to suggestions there.
Describe alternatives you've considered
We could print a display formatted policy set but that has three problems:
- We'd have to manually derive Debug on structs that include a PolicySet.
- Printing a policy set of 100+ policies is very verbose
- For our purposes, we can't expose the contents of a policy set. The policy ids are ok but the contents are PII.
You could also:
- You could print the contents of policies. I don't think this is as useful since the Display trait already does that.
- You could truncate the policy list after N policies.
Additional context
You might also want to create a Debug implementation for a single policy as part of the change.
Also, I want to open a similar issue for Entities and Context depending on the discussion here. For entities, I'm thinking of using the Entity uid. Not sure about Context.
Is this something that you'd be interested in working on?
- 👋 I may be able to implement this feature request
-
⚠️ This feature might incur a breaking change