Merge branch 'the-spice-must-flow' into 'main'

Add SpiceDB Integration with Service-based Routing See merge request gitlab-org/software-supply-chain-security/authorization/authzd!9
author: mo khan <mo@mokhan.ca> 2025-07-14 16:29:33 -0600
committer: mo khan <mo@mokhan.ca> 2025-07-14 16:29:33 -0600
commit: 0432cfbbb07f234dd2cd294cfe7dfa065b113182 (patch)
tree: cab9f759b7d656dab92eab48694e5924c54b9644 /etc/authzd
parent: 5a74d3988d8a029f1c879da709db623611aa545a (diff)
parent: e0b38f6ca22b28a0c4fe4192d642fceb48030737 (diff)
2 files changed, 14 insertions, 0 deletions
diff --git a/etc/authzd/policy1.cedar b/etc/authzd/policy1.cedar
index 15776ab7..966bbcfb 100644
--- a/etc/authzd/policy1.cedar
+++ b/etc/authzd/policy1.cedar
@@ -28,3 +28,10 @@ when
   context.host == "sparkle.staging.runway.gitlab.net" &&
   principal has username
 };
+
+permit (
+  principal == User::"1",
+  action == Action::"GET",
+  resource == Resource::"/dashboard"
+)
+when { context has host && context.host == "localhost:10000" };
diff --git a/etc/authzd/spice.schema b/etc/authzd/spice.schema
new file mode 100644
index 00000000..0d6a6482
--- /dev/null
+++ b/etc/authzd/spice.schema
@@ -0,0 +1,7 @@
+definition user {}
+definition project {
+  relation developer: user
+  relation maintainer: user
+  permission read = developer + maintainer
+  permission write = maintainer
+}
author	mo khan <mo@mokhan.ca>	2025-07-14 16:29:33 -0600
committer	mo khan <mo@mokhan.ca>	2025-07-14 16:29:33 -0600
commit	0432cfbbb07f234dd2cd294cfe7dfa065b113182 (patch)
tree	cab9f759b7d656dab92eab48694e5924c54b9644 /etc/authzd
parent	5a74d3988d8a029f1c879da709db623611aa545a (diff)
parent	e0b38f6ca22b28a0c4fe4192d642fceb48030737 (diff)