fix: fix typo in cedar policy file

author: mo khan <mo@mokhan.ca> 2025-07-05 11:29:37 -0600
committer: mo khan <mo@mokhan.ca> 2025-07-05 11:29:37 -0600
commit: fc4bbd8efd805411239406c6323a37537d4534f2 (patch)
tree: c40010635a00efdad4d9d8f5be1e56c83f9ec03d /src/authorization
parent: a45c159dac5893c7214e18a59c8a6d5115472e44 (diff)
1 files changed, 55 insertions, 55 deletions
diff --git a/src/authorization/cedar_authorizer.rs b/src/authorization/cedar_authorizer.rs
index 96a406d8..9fb7513a 100644
--- a/src/authorization/cedar_authorizer.rs
+++ b/src/authorization/cedar_authorizer.rs
@@ -49,58 +49,7 @@ impl CedarAuthorizer {
 
         Ok(policies)
     }
-}
-
-impl Default for CedarAuthorizer {
-    fn default() -> Self {
-        Self::new_from(std::path::Path::new("/etc/authzd"))
-    }
-}
-
-impl Authorizer for CedarAuthorizer {
-    fn authorize(&self, request: CheckRequest) -> bool {
-        let http_request = match request
-            .attributes
-            .as_ref()
-            .and_then(|attr| attr.request.as_ref())
-            .and_then(|req| req.http.as_ref())
-        {
-            Some(http) => http,
-            None => return false,
-        };
-
-        tracing::info!(
-            method = %http_request.method,
-            host = %http_request.host,
-            path = %http_request.path,
-            scheme = %http_request.scheme,
-            protocol = %http_request.protocol,
-            "Processing HTTP request"
-        );
 
-        match self.map_from(http_request.clone()) {
-            Ok(cedar_request) => {
-                let entities = Entities::empty();
-                let response =
-                    self.authorizer
-                        .is_authorized(&cedar_request, &self.policies, &entities);
-
-                matches!(response.decision(), cedar_policy::Decision::Allow)
-            }
-            Err(e) => {
-                println!("error: {}", e);
-                tracing::error!(
-                    error = %e,
-                    path = %http_request.path,
-                    "Failed to create Cedar request"
-                );
-                false
-            }
-        }
-    }
-}
-
-impl CedarAuthorizer {
     fn map_from(
         &self,
         http_request: envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest,
@@ -110,8 +59,9 @@ impl CedarAuthorizer {
         let resource = self.resource_from(&http_request)?;
         let context = self.context_from(http_request)?;
 
-        CedarRequest::new(principal, permission, resource, context, None)
-            .map_err(|e| Box::new(e) as Box<dyn std::error::Error>)
+        Ok(CedarRequest::new(
+            principal, permission, resource, context, None,
+        )?)
     }
 
     fn principal_from(
@@ -147,7 +97,7 @@ impl CedarAuthorizer {
     fn context_from(
         &self,
         http_request: envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest,
-    ) -> Result<cedar_policy::Context, cedar_policy::ContextCreationError> {
+    ) -> Result<cedar_policy::Context, Box<dyn std::error::Error>> {
         let mut items = std::collections::HashMap::new();
 
         items.insert("bearer_token".to_string(), self.token_from(&http_request));
@@ -155,7 +105,7 @@ impl CedarAuthorizer {
         items.insert("method".to_string(), self.safe_string(&http_request.method));
         items.insert("path".to_string(), self.safe_string(&http_request.path));
 
-        Context::from_pairs(items.into_iter().collect::<Vec<_>>())
+        Ok(Context::from_pairs(items.into_iter().collect::<Vec<_>>())?)
     }
 
     fn token_from(
@@ -175,3 +125,53 @@ impl CedarAuthorizer {
         cedar_policy::RestrictedExpression::new_string(item.to_string())
     }
 }
+
+impl Default for CedarAuthorizer {
+    fn default() -> Self {
+        Self::new_from(std::path::Path::new("/etc/authzd"))
+    }
+}
+
+impl Authorizer for CedarAuthorizer {
+    fn authorize(&self, request: CheckRequest) -> bool {
+        let http_request = match request
+            .attributes
+            .as_ref()
+            .and_then(|attr| attr.request.as_ref())
+            .and_then(|req| req.http.as_ref())
+        {
+            Some(http) => http,
+            None => return false,
+        };
+
+        tracing::info!(
+            method = %http_request.method,
+            host = %http_request.host,
+            path = %http_request.path,
+            scheme = %http_request.scheme,
+            protocol = %http_request.protocol,
+            "Processing HTTP request"
+        );
+
+        let entities = Entities::empty();
+
+        match self.map_from(http_request.clone()) {
+            Ok(cedar_request) => {
+                let response =
+                    self.authorizer
+                        .is_authorized(&cedar_request, &self.policies, &entities);
+
+                matches!(response.decision(), cedar_policy::Decision::Allow)
+            }
+            Err(e) => {
+                println!("error: {}", e);
+                tracing::error!(
+                    error = %e,
+                    path = %http_request.path,
+                    "Failed to create Cedar request"
+                );
+                false
+            }
+        }
+    }
+}
author	mo khan <mo@mokhan.ca>	2025-07-05 11:29:37 -0600
committer	mo khan <mo@mokhan.ca>	2025-07-05 11:29:37 -0600
commit	fc4bbd8efd805411239406c6323a37537d4534f2 (patch)
tree	c40010635a00efdad4d9d8f5be1e56c83f9ec03d /src/authorization
parent	a45c159dac5893c7214e18a59c8a6d5115472e44 (diff)