chore: use cedar policy cli to format and lint cedar policies

author: mo khan <mo@mokhan.ca> 2025-07-05 13:05:24 -0600
committer: mo khan <mo@mokhan.ca> 2025-07-05 13:05:24 -0600
commit: f399f108259602d4337167ab58876504a00f83a6 (patch)
tree: 59b85623902f742c8702cb3fee602c3b4542da51 /etc/authzd
parent: 172ccab744de1fcb10e8b1dbf71f706866175b0f (diff)
1 files changed, 38 insertions, 42 deletions
diff --git a/etc/authzd/policy0.cedar b/etc/authzd/policy0.cedar
index e67f0db5..9410eced 100644
--- a/etc/authzd/policy0.cedar
+++ b/etc/authzd/policy0.cedar
@@ -1,46 +1,42 @@
-permit(principal, action == Action::"check", resource)
-when {
-  context has bearer_token &&
-    context.bearer_token == "valid-token"
-};
+permit (
+  principal,
+  action == Action::"check",
+  resource
+)
+when { context has bearer_token && context.bearer_token == "valid-token" };
 
-permit(principal, action, resource)
-when {
-  context has path && context has method && context.method == "GET" && (
-    context.path like "*.css" ||
-    context.path like "*.js" ||
-    context.path like "*.ico" ||
-    context.path like "*.png" ||
-    context.path like "*.jpg" ||
-    context.path like "*.jpeg" ||
-    context.path like "*.gif" ||
-    context.path like "*.bmp" ||
-    context.path like "*.html"
-  )
+permit (principal, action, resource)
+when
+{
+  context has path &&
+  context has method &&
+  context.method == "GET" &&
+  (context.path like "*.css" ||
+   context.path like "*.js" ||
+   context.path like "*.ico" ||
+   context.path like "*.png" ||
+   context.path like "*.jpg" ||
+   context.path like "*.jpeg" ||
+   context.path like "*.gif" ||
+   context.path like "*.bmp" ||
+   context.path like "*.html")
 };
 
-permit(principal, action, resource)
-when {
-  context has host && context has method && context has path && (
-    (
-      context.host == "sparkle.runway.gitlab.net" ||
-      context.host == "sparkle.staging.runway.gitlab.net" ||
-      context.host like "localhost:*"
-    ) && (
-      (
-        context.method == "GET" && (
-          context.path == "/" ||
-          context.path == "/callback" ||
-          context.path == "/dashboard/nav" ||
-          context.path == "/health" ||
-          context.path == "/signout" ||
-          context.path == "/sparkles"
-        )
-      ) || (
-        context.method == "POST" && (
-          context.path == "/sparkles/restore"
-        )
-      )
-    )
-  )
+permit (principal, action, resource)
+when
+{
+  context has host &&
+  context has method &&
+  context has path &&
+  ((context.host == "sparkle.runway.gitlab.net" ||
+    context.host == "sparkle.staging.runway.gitlab.net" ||
+    context.host like "localhost:*") &&
+   ((context.method == "GET" &&
+     (context.path == "/" ||
+      context.path == "/callback" ||
+      context.path == "/dashboard/nav" ||
+      context.path == "/health" ||
+      context.path == "/signout" ||
+      context.path == "/sparkles")) ||
+    (context.method == "POST" && (context.path == "/sparkles/restore"))))
 };
author	mo khan <mo@mokhan.ca>	2025-07-05 13:05:24 -0600
committer	mo khan <mo@mokhan.ca>	2025-07-05 13:05:24 -0600
commit	f399f108259602d4337167ab58876504a00f83a6 (patch)
tree	59b85623902f742c8702cb3fee602c3b4542da51 /etc/authzd
parent	172ccab744de1fcb10e8b1dbf71f706866175b0f (diff)