refactor(jans-cedarling): handle recoverable errors gracefully in authorization

[rmarinn]

Is your feature request related to a problem? Please describe.

Currently, Cedarling returns an error for scenarios like failing to create certain entities or parsing a request, even if these errors are recoverable. While this approach provides clarity in Rust (via explicit error handling), it complicates error management in bindings for other languages where error handling may not be as robust or idiomatic.

Describe the solution you'd like

Update the authorize function to handle recoverable errors gracefully. Instead of returning an error, the function should:

1. Return a DENY decision in cases where recoverable errors occur.
2. Provide detailed feedback about the decision through structured fields:
   • Principal Name: Indicates the entity being authorized.
   • Decision Result: ALLOW or DENY.
   • Warnings: A list of messages for recoverable issues, e.g., failure to create a secondary entity like a Role that doesn’t block the primary authorization.
   • Errors: A list of critical issues that directly result in a DENY decision, e.g., failing to create the primary User entity.

An example for a serialized ALLOW result might be:

{
    "results": [{"principal": "Jans::Workload", "decision": "ALLOW"}],
    "decision": "ALLOW",
}

Then for a DENY result:

{
    "results": [{"principal": "Jans::User", "decision": "DENY"}],
    "decision": "DENY",
    "errors":  ["could not create User entity: could not get attribute value from payload: type mismatch for key 'email' expected: 'string' but found: 'number'"],
}

And for an ALLOW but with a warning:

{
    "results": [{"principal": "Jans::User", "decision": "DENY"}],
    "decision": "DENY",
    "warnings":  ["could not create Role entity: could not get attribute value from payload: type mismatch for key 'role' expected: 'string' but found: 'number'"],    
}

Handling Principal Combinations

To be able, to handle returning a decision result that is based on the combination of the authz result of different principals, we also return each of their results.

{
    "decisions": [
        {"principal": "Jans::User", "decision": "DENY"}, 
        {"principal": "Jans::Workload", "decision": "ALLOW"}
    ],
    "decision": "DENY",
    "principal_operator": { /* JSON logic here */ },
    "warnings":  ["could not create Role entity: could not get attribute value from payload: type mismatch for key 'role' expected: 'string' but found: 'number'"],    
}

Describe alternatives you've considered

An alternative approach would be to retain error returns for critical failures while ensuring that recoverable issues generate structured warnings or messages. However, Cedarling currently does not encounter critical errors that justify halting entirely.

EDIT: We now identified a potentially non-recoverable error (the logger failing).

Additional context

Here’s the updated function signature stays the same in Rust but the Error should now only be non-recoverable errors.

impl Cedarling {
    pub fn authorize(&self, request: Request) -> Result<AuthorizeResult, Error> {
        // ...
    }
} 

See #10590 for the proposed improvement on the "principal_operator".

[nynymike]

Completely agree...