feat: scan directory for all policy files

1 files changed, 33 insertions, 1 deletions

diff --git a/src/authorization/cedar_authorizer.rs b/src/authorization/cedar_authorizer.rs
index 568bafbc..4ec3b34d 100644
--- a/src/authorization/cedar_authorizer.rs
+++ b/src/authorization/cedar_authorizer.rs
@@ -5,6 +5,8 @@ use cedar_policy::{
 };
 use envoy_types::ext_authz::v3::pb::CheckRequest;
 use std::collections::HashMap;
+use std::fs;
+use std::path::Path;
 use std::str::FromStr;
 
 #[derive(Debug)]
@@ -20,10 +22,40 @@ impl CedarAuthorizer {
             authorizer: CedarAuth::new(),
         }
     }
+
+    pub fn new_from(dir_path: &str) -> CedarAuthorizer {
+        Self::new(Self::load_from(dir_path).unwrap_or_else(|_| PolicySet::default()))
+    }
+
+    fn load_from(dir_path: &str) -> Result<PolicySet, Box<dyn std::error::Error>> {
+        let path = Path::new(dir_path);
+        if !path.exists() || !path.is_dir() {
+            return Ok(PolicySet::default());
+        }
+
+        let mut policies = PolicySet::new();
+
+        for entry in fs::read_dir(path)? {
+            let file_path = entry?.path();
+
+            if let Some(extension) = file_path.extension() {
+                if extension == "cedar" {
+                    let content = fs::read_to_string(&file_path)?;
+                    let file_policies = PolicySet::from_str(&content)?;
+
+                    for policy in file_policies.policies() {
+                        policies.add(policy.clone())?;
+                    }
+                }
+            }
+        }
+
+        Ok(policies)
+    }
 }
 impl Default for CedarAuthorizer {
     fn default() -> Self {
-        Self::new(PolicySet::default())
+        Self::new_from("/etc/authzd")
     }
 }