DRT should use `cedar-policy::is_authorized` and `cedar-policy::validate`

[khieta]

Category

DRT infrastructure

Describe the feature you'd like to request

The DRT infrastructure currently tests the is_authorized function in cedar-policy-core and the validate function in cedar-policy-validator. I think it would be cleaner to use the APIs available in the public cedar-policy crate instead. This gives a more "end-to-end" feel to our tests and allows us to use the interfaces in cedar-policy/src/frontend for more consistent input/output formats.

Describe the solution you'd like

N/A

Describe alternatives you've considered

N/A

Additional context

No response

Is this something that you'd be interested in working on?

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

[cdisselkoen]

I think this is a good idea, but pointing out that one difficulty with implementing this issue is that the DRT currently generates (internal) ASTs for policies, which are not exposed from cedar-policy. My opinion is that the best way to proceed would be for DRT to instead generate ESTs and send them into cedar-policy via Policy::from_json().

[khieta]

I agree that generating ESTs would be preferable (I'll make another issue shortly), but that isn't a requirement for this PR (and I've changed the title to reflect this). We could still use internal APIs to convert an AST -> policy, and then use the public APIs for authorization and validation.

[khieta]

Opened #76. @cdisselkoen feel free to edit the issue description to add additional details/motivation.