feat(jans-cedarling): Implement python bindings for the authorize method

[olehbozhok]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

link

closes #9706

Implementation Details

added all entities for authorize method, including errors

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

• I confirm that there is no impact on the docs due to the code changes in this PR.

[dryrunsecurity]

DryRun Security Summary

The pull request covers a wide range of updates to the Cedarling project, with a focus on improving the authorization-related functionality, including policy store configuration, authorization request handling, error handling, and documentation and examples.

Expand for full summary

Summary:

The code changes in this pull request cover a wide range of updates to the Cedarling project, with a focus on the authorization-related functionality. The key changes include:

1. Policy Store Configuration: The policy store configuration has been updated to use a new "simple policy example" policy, which allows Workload principals to perform the "Update" action on Issue resources if the Workload's org_id matches the Issue's org_id.

2. Authorization Request Handling: New modules and structs have been introduced to handle authorization requests, including Request, AuthorizeResult, AuthorizeResultResponse, Decision, and Diagnostics. These changes aim to provide a more robust and secure authorization process.

3. Error Handling: The project has introduced new error handling mechanisms, such as the PolicyEvaluationError struct, to capture and communicate errors that occur during the policy evaluation process.

4. Documentation and Examples: The changes include updates to the project's documentation, including the addition of new types and methods, as well as the introduction of example code to demonstrate the usage of the Cedarling Python bindings.

From an application security perspective, these changes appear to be focused on improving the overall security and reliability of the Cedarling project. The introduction of more granular and context-aware policies, the handling of authorization requests, and the robust error handling mechanisms are all positive steps towards a secure authorization system.

However, it's important to review the implementation details of these changes, especially in areas like input validation, data handling, and the use of external libraries, to ensure that there are no unintended security vulnerabilities introduced.

Files Changed:

• jans-cedarling/bindings/cedarling_python/example_files/policy-store.json: The policy store configuration has been updated to use a new "simple policy example" policy.
• jans-cedarling/bindings/cedarling_python/Cargo.toml: The project dependencies have been updated to include the serde library.
• jans-cedarling/bindings/cedarling_python/PYTHON_TYPES.md: The documentation has been updated to include new types and methods related to the authorization functionality.
• jans-cedarling/bindings/cedarling_python/example.py: The example code demonstrates the usage of the Cedarling Python bindings, including the authorization process.
• jans-cedarling/bindings/cedarling_python/print_documentation.py: The script has been updated to print the documentation and signatures of new types introduced in the Cedarling Python bindings.
• Various files in jans-cedarling/bindings/cedarling_python/src/authorize/: New modules and structs have been introduced to handle authorization-related functionality, such as AuthorizeResult, AuthorizeResultResponse, Decision, Diagnostics, and PolicyEvaluationError.
• jans-cedarling/bindings/cedarling_python/src/cedarling.rs: A new authorize method has been added to the Cedarling class, which is responsible for handling authorization requests.
• jans-cedarling/cedarling/src/lib.rs: The bindings module has been updated to re-export some types from the models::log_entry module and the cedar_policy crate.
• jans-cedarling/cedarling/src/authz/mod.rs: The code has been updated to improve the handling of access token data and the logging of authorization decisions.
• jans-cedarling/cedarling/src/models/authorize_result.rs: The documentation for the is_allowed() method has been updated.
• jans-cedarling/cedarling/examples/authorize.rs: The example code demonstrates the usage of the Cedarling library for authorization checks.
• jans-cedarling/cedarling/src/models/log_entry.rs: The Decision enum and related structs have been updated to improve logging and diagnostics functionality.
• jans-cedarling/cedarling/src/models/request.rs: The Request struct has been updated to remove the lifetime parameter from certain fields.

Code Analysis

We ran 9 analyzers against 22 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[olehbozhok]

Waiting to close
#9725

After that, I will add type hints for current changes