diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-05 12:16:04 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-05 12:16:04 -0600 |
| commit | a9be59c733e63b57bf872bdc82495a6d93308577 (patch) | |
| tree | ff1a5c165c49a12aad84e867e01fc6c17ce43526 /src/authorization/cedar_authorizer.rs | |
| parent | 836e6658fabdab957ab2ce7be973a5de31247750 (diff) | |
refactor: remove cedar aliases
Diffstat (limited to 'src/authorization/cedar_authorizer.rs')
| -rw-r--r-- | src/authorization/cedar_authorizer.rs | 30 |
1 files changed, 14 insertions, 16 deletions
diff --git a/src/authorization/cedar_authorizer.rs b/src/authorization/cedar_authorizer.rs index 4b697680..5fe0dd64 100644 --- a/src/authorization/cedar_authorizer.rs +++ b/src/authorization/cedar_authorizer.rs @@ -1,17 +1,13 @@ use super::authorizer::Authorizer; -use cedar_policy::{ - Authorizer as CedarAuth, Context, Entities, EntityId, EntityTypeName, EntityUid, PolicySet, - Request as CedarRequest, -}; -use envoy_types::ext_authz::v3::pb::CheckRequest; +use cedar_policy::{Context, Entities, EntityId, EntityTypeName, EntityUid}; use std::fs; use std::str::FromStr; #[derive(Debug)] pub struct CedarAuthorizer { - authorizer: CedarAuth, + authorizer: cedar_policy::Authorizer, entities: cedar_policy::Entities, - policies: PolicySet, + policies: cedar_policy::PolicySet, } impl CedarAuthorizer { @@ -22,30 +18,32 @@ impl CedarAuthorizer { CedarAuthorizer { policies, entities, - authorizer: CedarAuth::new(), + authorizer: cedar_policy::Authorizer::new(), } } pub fn new_from(path: &std::path::Path, entities: cedar_policy::Entities) -> CedarAuthorizer { Self::new( - Self::load_from(path).unwrap_or_else(|_| PolicySet::default()), + Self::load_from(path).unwrap_or_else(|_| cedar_policy::PolicySet::default()), entities, ) } - fn load_from(path: &std::path::Path) -> Result<PolicySet, Box<dyn std::error::Error>> { + fn load_from( + path: &std::path::Path, + ) -> Result<cedar_policy::PolicySet, Box<dyn std::error::Error>> { if !path.exists() || !path.is_dir() { - return Ok(PolicySet::default()); + return Ok(cedar_policy::PolicySet::default()); } - let mut policies = PolicySet::new(); + let mut policies = cedar_policy::PolicySet::new(); for entry in fs::read_dir(path)? { let file_path = entry?.path(); if let Some(extension) = file_path.extension() { if extension == "cedar" { let content = fs::read_to_string(&file_path)?; - let file_policies = PolicySet::from_str(&content)?; + let file_policies = cedar_policy::PolicySet::from_str(&content)?; for policy in file_policies.policies() { policies.add(policy.clone())?; @@ -60,13 +58,13 @@ impl CedarAuthorizer { fn map_from( &self, http_request: envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest, - ) -> Result<CedarRequest, Box<dyn std::error::Error>> { + ) -> Result<cedar_policy::Request, Box<dyn std::error::Error>> { let principal = self.principal_from(&http_request)?; let permission = self.permission_from(&http_request)?; let resource = self.resource_from(&http_request)?; let context = self.context_from(http_request)?; - Ok(CedarRequest::new( + Ok(cedar_policy::Request::new( principal, permission, resource, context, None, )?) } @@ -140,7 +138,7 @@ impl Default for CedarAuthorizer { } impl Authorizer for CedarAuthorizer { - fn authorize(&self, request: CheckRequest) -> bool { + fn authorize(&self, request: envoy_types::ext_authz::v3::pb::CheckRequest) -> bool { let http_request = match request .attributes .as_ref() |