refactor: make Statement.Value a json.RawMessage to get rid of custom (un)marshallers

[dschmidt]

Proposed Changes

• add a custom json Marshaler for sdk.Statement that works similar to the Unmarshaler and handles json structured values

If you agree with this change, I'm happy to add tests.

I assume it's a good idea to try to decode the value to make sure it's actual json. I just wasn't sure whether we should return an error if not or if we should just use the value as string.
Opinions?

Checklist

• I have added or updated unit tests
• I have added or updated integration tests (if appropriate)
• I have added or updated documentation

Testing Instructions

[dschmidt]

I've updated the PR with a change to Assertion.GetHash()` because after an update of the SDK the verification of the assertion signing failed.

Tbh it feels even messier now than before.
Why don't we just make Statement.Value a json.RawMessage?
That should simplify everything a lot...

[jrschumacher]

/gemini review

[jrschumacher]

I've updated the PR with a change to Assertion.GetHash()` because after an update of the SDK the verification of the assertion signing failed.

Tbh it feels even messier now than before. Why don't we just make Statement.Value a json.RawMessage? That should simplify everything a lot...

This makes a lot of sense. Do you want to take that change otherwise I'll add it to our backlog.

[gemini-code-assist]

Code Review

This pull request introduces a custom MarshalJSON for sdk.Statement to handle structured JSON values, improving consistency with the existing UnmarshalJSON. I've suggested removing the redundant "deep patch" in GetHash and refactoring the logic in MarshalJSON to be more concise. The approach of falling back to treating the value as a string if it's not valid JSON is a good, robust choice. Remember to add unit tests to cover the new marshaling logic.

[gemini-code-assist]

This "deep patch" in GetHash might be redundant given the new MarshalJSON implementation for Statement.

The GetHash function starts by calling json.Marshal(a). This will invoke the custom MarshalJSON for the a.Statement field. The new marshaler is designed to handle the json-structured format by outputting the value as a JSON object if it's a valid JSON string.

As a result, when assertionJSON is unmarshaled into jsonObject, jsonObject["statement"]["value"] should already be a map[string]interface{}, not a string. This means the condition if valueStr, ok := statement["value"].(string); ok will likely be false, and this block of code will not be executed.

Consider removing this patch to simplify the code. If it's intended as a safeguard, add a comment explaining the specific scenario it covers. Otherwise, it may be unnecessary.

[gemini-code-assist]

The logic can be simplified to reduce redundancy and improve readability. The else branch for a failed JSON unmarshal and the else branch for a non-json-structured format both perform the same action: aux.Value = s.Value.

Consider setting s.Value as the default for aux.Value, and then conditionally overriding it with a json.RawMessage only if the format is json-structured and the value is valid JSON.

aux.Value = s.Value
if s.Format == "json-structured" {
	var tmp interface{}
	// If Value is a valid JSON, marshal it as a raw JSON object.
	if json.Unmarshal([]byte(s.Value), &tmp) == nil {
		aux.Value = json.RawMessage(s.Value)
	}
}

[dschmidt]

@jrschumacher ping? :)

[jrschumacher]

@dschmidt we're reviewing this with some additional changes to assertions that are coming. We should be ready for a decision this week.

[dschmidt]

Alright, sounds perfect!

Happy this isn't forgotten :)

[dschmidt]

So .. any update?

[pflynn-virtru]

Draft PR here: #2687

There is a WIP ADR. It will hold the decision on this refactor.

We are heavily considering keeping the Statement.Value a string in all SDK implementations.