feat: scan directory for all policy files

author: mo khan <mo@mokhan.ca> 2025-06-27 10:40:44 -0600
committer: mo khan <mo@mokhan.ca> 2025-06-27 10:40:44 -0600
commit: afd9729146a7e90bd97bf36f9d2081e29de9da35 (patch)
tree: 0251e024592fd10c2d6eb1d1580c69371c4586da /tests/authorization
parent: 9f4bf84825c5a725b0ea36d4474d4fa2cec916fd (diff)
2 files changed, 19 insertions, 13 deletions
diff --git a/tests/authorization/cedar_authorizer_test.rs b/tests/authorization/cedar_authorizer_test.rs
index d6742995..3073417d 100644
--- a/tests/authorization/cedar_authorizer_test.rs
+++ b/tests/authorization/cedar_authorizer_test.rs
@@ -6,9 +6,14 @@ mod tests {
     use envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest;
     use std::collections::HashMap;
 
+    fn authorizer() -> CedarAuthorizer {
+        CedarAuthorizer::new_from(
+            "/home/mokhax/src/gitlab.com/gitlab-org/software-supply-chain-security/authorization/authzd/etc/authzd",
+        )
+    }
+
     #[test]
     fn test_cedar_authorizer_allows_valid_token() {
-        let authorizer = CedarAuthorizer::default();
         let request = create_request(|item: &mut HttpRequest| {
             item.headers = build_with(|item: &mut HashMap<String, String>| {
                 item.insert(
@@ -18,12 +23,11 @@ mod tests {
             });
         });
 
-        assert!(authorizer.authorize(request));
+        assert!(authorizer().authorize(request));
     }
 
     #[test]
     fn test_cedar_authorizer_denies_invalid_token() {
-        let authorizer = CedarAuthorizer::default();
         let request = create_request(|item: &mut HttpRequest| {
             item.headers = build_with(|item: &mut HashMap<String, String>| {
                 item.insert(
@@ -33,40 +37,37 @@ mod tests {
             });
         });
 
-        assert!(!authorizer.authorize(request));
+        assert!(!authorizer().authorize(request));
     }
 
     #[test]
     fn test_cedar_authorizer_denies_missing_header() {
-        let authorizer = CedarAuthorizer::default();
         let request = create_request(|item: &mut HttpRequest| {
             item.headers = HashMap::new();
         });
 
-        assert!(!authorizer.authorize(request));
+        assert!(!authorizer().authorize(request));
     }
 
     #[test]
     fn test_cedar_authorizer_allows_static_assets() {
-        let authorizer = CedarAuthorizer::default();
         let request = create_request(|item: &mut HttpRequest| {
             item.headers = build_with(|item: &mut HashMap<String, String>| {
                 item.insert(String::from(":path"), String::from("/public/style.css"));
             });
         });
 
-        assert!(authorizer.authorize(request));
+        assert!(authorizer().authorize(request));
     }
 
     #[test]
     fn test_cedar_authorizer_allows_js_assets() {
-        let authorizer = CedarAuthorizer::default();
         let mut headers = HashMap::new();
         headers.insert(":path".to_string(), "/app.js".to_string());
         let request = create_request(|item: &mut HttpRequest| {
             item.headers = headers;
         });
 
-        assert!(authorizer.authorize(request));
+        assert!(authorizer().authorize(request));
     }
 }
diff --git a/tests/authorization/check_service_test.rs b/tests/authorization/check_service_test.rs
index a739b16a..c101850c 100644
--- a/tests/authorization/check_service_test.rs
+++ b/tests/authorization/check_service_test.rs
@@ -8,10 +8,16 @@ mod tests {
     use std::collections::HashMap;
     use std::sync::Arc;
 
+    fn authorizer() -> Arc<dyn authzd::Authorizer + Send + Sync> {
+        Arc::new(CedarAuthorizer::new_from(
+            "/home/mokhax/src/gitlab.com/gitlab-org/software-supply-chain-security/authorization/authzd/etc/authzd",
+        ))
+    }
+
     #[tokio::test]
     async fn test_check_allows_valid_bearer_token() {
         let token = create_token();
-        let server = CheckService::new(Arc::new(CedarAuthorizer::default()));
+        let server = CheckService::new(authorizer());
 
         let mut headers = HashMap::new();
         headers.insert("authorization".to_string(), format!("Bearer {}", token));
@@ -30,8 +36,7 @@ mod tests {
 
     #[tokio::test]
     async fn test_check_denies_invalid_bearer_token() {
-        let authorizer = Arc::new(CedarAuthorizer::default());
-        let server = CheckService::new(authorizer);
+        let server = CheckService::new(authorizer());
         let request = tonic::Request::new(create_request(|item: &mut HttpRequest| {
             item.headers = HashMap::new();
         }));
author	mo khan <mo@mokhan.ca>	2025-06-27 10:40:44 -0600
committer	mo khan <mo@mokhan.ca>	2025-06-27 10:40:44 -0600
commit	afd9729146a7e90bd97bf36f9d2081e29de9da35 (patch)
tree	0251e024592fd10c2d6eb1d1580c69371c4586da /tests/authorization
parent	9f4bf84825c5a725b0ea36d4474d4fa2cec916fd (diff)