chore: split sparkle policies into separate file

2 files changed, 23 insertions, 20 deletions

diff --git a/etc/authzd/policy0.cedar b/etc/authzd/policy0.cedar
index 9410eced..10ad622f 100644
--- a/etc/authzd/policy0.cedar
+++ b/etc/authzd/policy0.cedar
@@ -10,7 +10,7 @@ when
 {
   context has path &&
   context has method &&
-  context.method == "GET" &&
+  (context.method == "GET" || context.method == "HEAD") &&
   (context.path like "*.css" ||
    context.path like "*.js" ||
    context.path like "*.ico" ||
@@ -21,22 +21,3 @@ when
    context.path like "*.bmp" ||
    context.path like "*.html")
 };
-
-permit (principal, action, resource)
-when
-{
-  context has host &&
-  context has method &&
-  context has path &&
-  ((context.host == "sparkle.runway.gitlab.net" ||
-    context.host == "sparkle.staging.runway.gitlab.net" ||
-    context.host like "localhost:*") &&
-   ((context.method == "GET" &&
-     (context.path == "/" ||
-      context.path == "/callback" ||
-      context.path == "/dashboard/nav" ||
-      context.path == "/health" ||
-      context.path == "/signout" ||
-      context.path == "/sparkles")) ||
-    (context.method == "POST" && (context.path == "/sparkles/restore"))))
-};
diff --git a/etc/authzd/policy1.cedar b/etc/authzd/policy1.cedar
new file mode 100644
index 00000000..507ef3ed
--- /dev/null
+++ b/etc/authzd/policy1.cedar
@@ -0,0 +1,22 @@
+permit (principal, action, resource)
+when
+{
+  context has host &&
+  context has method &&
+  context has path &&
+  (
+    (
+      context.host == "sparkle.runway.gitlab.net" ||
+      context.host == "sparkle.staging.runway.gitlab.net" ||
+      context.host like "localhost:*"
+    ) && (
+      (
+      context.method == "GET" &&
+     (context.path == "/" ||
+      context.path == "/callback" ||
+      context.path == "/dashboard/nav" ||
+      context.path == "/health" ||
+      context.path == "/signout" ||
+      context.path == "/sparkles")) ||
+    (context.method == "POST" && (context.path == "/sparkles/restore"))))
+};