Provide a mechanism to ignore malformed policy.

[yaphatak]

Category

User level API changes

Describe the feature you'd like to request

Provide a configuration on authorize API to Ignore malformed policy and return that malformed policyId in addition to authorization result.

Describe alternatives you've considered

Provide an API to validate the cedar policy. This is not schema validation, but simple syntax or grammar validation. This will help validate policy before storing or even running just before authorization.

Additional context

No response

Is this something that you'd be interested in working on?

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

[andrewmwells-amazon]

This seems like a fairly deep behavior change (i.e., you'd have to add a corresponding API to the Rust). Personally, I think adding an API to sanity-check the cedar policy is a better choice. Can you provide some more context on why you prefer a new configuration of is_authorized?

[yaphatak]

I agree that this is deep behavior change specially we would ideally want to do this in rust binding itself. And, that's why I added an alternate approach as beow. But, I wanted to explain root cause of the feature request.

Describe alternatives you've considered
Provide an API to validate the cedar policy. This is not schema validation, but simple syntax or grammar validation. This will help validate policy before storing or even running just before authorization.