search

cedar-policy / cedar-java

Java bindings for the Cedar language
https://www.cedarpolicy.com
Apache License 2.0
42 stars 19 forks source link

Provide a mechanism to ignore malformed policy. #68

Open yaphatak opened 10 months ago

yaphatak commented 10 months ago

Category

User level API changes

Describe the feature you'd like to request

Provide a configuration on authorize API to Ignore malformed policy and return that malformed policyId in addition to authorization result.

Describe alternatives you've considered

Provide an API to validate the cedar policy. This is not schema validation, but simple syntax or grammar validation. This will help validate policy before storing or even running just before authorization.

Additional context

No response

Is this something that you'd be interested in working on?

andrewmwells-amazon commented 10 months ago

This seems like a fairly deep behavior change (i.e., you'd have to add a corresponding API to the Rust). Personally, I think adding an API to sanity-check the cedar policy is a better choice. Can you provide some more context on why you prefer a new configuration of is_authorized?

yaphatak commented 10 months ago

I agree that this is deep behavior change specially we would ideally want to do this in rust binding itself. And, that's why I added an alternate approach as beow. But, I wanted to explain root cause of the feature request.

Describe alternatives you've considered Provide an API to validate the cedar policy. This is not schema validation, but simple syntax or grammar validation. This will help validate policy before storing or even running just before authorization.