diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-05 12:30:04 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-05 12:30:04 -0600 |
| commit | 7a23f5256b861705b69405c690eead5b30df7775 (patch) | |
| tree | a6c218ab2b9778bc9703757dc7033c40a35b1266 | |
| parent | 3b6b2b3029e0b9ba185028db0eb77a3d46998a5c (diff) | |
feat: allow requests from localhost
| -rw-r--r-- | etc/authzd/policy0.cedar | 3 | ||||
| -rw-r--r-- | src/authorization/server.rs | 6 | ||||
| -rw-r--r-- | tests/authorization/check_service_test.rs | 3 |
3 files changed, 7 insertions, 5 deletions
diff --git a/etc/authzd/policy0.cedar b/etc/authzd/policy0.cedar index 12950df5..bc67afc3 100644 --- a/etc/authzd/policy0.cedar +++ b/etc/authzd/policy0.cedar @@ -23,8 +23,9 @@ permit(principal, action, resource) when { context has host && context has method && context has path && ( ( + context.host == "sparkle.runway.gitlab.net" || context.host == "sparkle.staging.runway.gitlab.net" || - context.host == "sparkle.runway.gitlab.net" + context.host like "localhost:*" ) && ( ( context.method == "GET" && ( diff --git a/src/authorization/server.rs b/src/authorization/server.rs index 23b7720e..feb89d52 100644 --- a/src/authorization/server.rs +++ b/src/authorization/server.rs @@ -40,9 +40,9 @@ impl Server { tracing::info!( method = %req.method(), path = %req.uri().path(), - content_type = ?req.headers().get("content-type").and_then(|v| v.to_str().ok()), - user_agent = ?req.headers().get("user-agent").and_then(|v| v.to_str().ok()), - x_request_id = ?req.headers().get("x-request-id").and_then(|v| v.to_str().ok()), + content_type = req.headers().get("content-type").map_or("unknown", |v| v.to_str().unwrap_or("unknown")), + user_agent = req.headers().get("user-agent").map_or("unknown", |v| v.to_str().unwrap_or("unknown")), + x_request_id = req.headers().get("x-request-id").map_or("none", |v| v.to_str().unwrap_or("none")), "gRPC request" ); diff --git a/tests/authorization/check_service_test.rs b/tests/authorization/check_service_test.rs index fc1ab75a..b50d3689 100644 --- a/tests/authorization/check_service_test.rs +++ b/tests/authorization/check_service_test.rs @@ -130,8 +130,9 @@ mod tests { // {status: tonic::Code::PermissionDenied, http: &HTTPRequest{Method: "GET", Path: "/dashboard", Headers: invalidHeaders}}, let hosts = vec![ - "sparkle.staging.runway.gitlab.net", + "localhost:10000", "sparkle.runway.gitlab.net", + "sparkle.staging.runway.gitlab.net", ]; let routes = vec![ |