chore: split sparkle policies into separate file

author: mo khan <mo@mokhan.ca> 2025-07-09 15:29:31 -0600
committer: mo khan <mo@mokhan.ca> 2025-07-09 15:29:31 -0600
commit: 89499df2932ce2a62ed8606d4ef967175914f204 (patch)
tree: d7cc4bdecfd6d5be4d3d0cd3d3c0a2f562d06aee /etc/authzd/policy1.cedar
parent: d729c26ad1ffeda197b4747930a8135e972978e6 (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/etc/authzd/policy1.cedar b/etc/authzd/policy1.cedar
new file mode 100644
index 00000000..507ef3ed
--- /dev/null
+++ b/etc/authzd/policy1.cedar
@@ -0,0 +1,22 @@
+permit (principal, action, resource)
+when
+{
+  context has host &&
+  context has method &&
+  context has path &&
+  (
+    (
+      context.host == "sparkle.runway.gitlab.net" ||
+      context.host == "sparkle.staging.runway.gitlab.net" ||
+      context.host like "localhost:*"
+    ) && (
+      (
+      context.method == "GET" &&
+     (context.path == "/" ||
+      context.path == "/callback" ||
+      context.path == "/dashboard/nav" ||
+      context.path == "/health" ||
+      context.path == "/signout" ||
+      context.path == "/sparkles")) ||
+    (context.method == "POST" && (context.path == "/sparkles/restore"))))
+};
author	mo khan <mo@mokhan.ca>	2025-07-09 15:29:31 -0600
committer	mo khan <mo@mokhan.ca>	2025-07-09 15:29:31 -0600
commit	89499df2932ce2a62ed8606d4ef967175914f204 (patch)
tree	d7cc4bdecfd6d5be4d3d0cd3d3c0a2f562d06aee /etc/authzd/policy1.cedar
parent	d729c26ad1ffeda197b4747930a8135e972978e6 (diff)