refactor: move hard coded checks with cedar policy

author: mo khan <mo@mokhan.ca> 2025-07-04 18:39:27 -0600
committer: mo khan <mo@mokhan.ca> 2025-07-04 18:39:27 -0600
commit: 6c6f1a7225022ae285bd6603aa0a2a81afc8baf3 (patch)
tree: e6714168e8e0e9914893ea88a51a5d0a8dc2426f /etc/authzd/policy0.cedar
parent: 0ba8f6c8ecaa366afbb90fcddbc58fcd395fd03d (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/etc/authzd/policy0.cedar b/etc/authzd/policy0.cedar
index 034e81b5..56457622 100644
--- a/etc/authzd/policy0.cedar
+++ b/etc/authzd/policy0.cedar
@@ -18,3 +18,15 @@ when {
     context.path like "*.html"
   )
 };
+
+permit(principal, action, resource)
+when {
+  context has host && context has method && context has path && (
+    context.host == "sparkle.staging.runway.gitlab.net" &&
+      context.method == "GET" && (
+        context.path == "/" ||
+        context.path == "/app.js" ||
+        context.path == "/callback"
+      )
+  )
+};
author	mo khan <mo@mokhan.ca>	2025-07-04 18:39:27 -0600
committer	mo khan <mo@mokhan.ca>	2025-07-04 18:39:27 -0600
commit	6c6f1a7225022ae285bd6603aa0a2a81afc8baf3 (patch)
tree	e6714168e8e0e9914893ea88a51a5d0a8dc2426f /etc/authzd/policy0.cedar
parent	0ba8f6c8ecaa366afbb90fcddbc58fcd395fd03d (diff)