diff options
| -rw-r--r-- | src/authorization/cedar/authorizer.rs | 18 | ||||
| -rw-r--r-- | src/bin/cli.rs | 2 | ||||
| -rw-r--r-- | src/lib.rs | 3 | ||||
| -rw-r--r-- | tests/authorization/cedar_authorizer_test.rs | 6 | ||||
| -rw-r--r-- | tests/support/factory_bot.rs | 4 |
5 files changed, 14 insertions, 19 deletions
diff --git a/src/authorization/cedar/authorizer.rs b/src/authorization/cedar/authorizer.rs index c207467f..a04a8e9f 100644 --- a/src/authorization/cedar/authorizer.rs +++ b/src/authorization/cedar/authorizer.rs @@ -1,27 +1,23 @@ -use crate::authorization::authorizer::Authorizer; use std::fs; use std::str::FromStr; #[derive(Debug)] -pub struct CedarAuthorizer { +pub struct Authorizer { authorizer: cedar_policy::Authorizer, entities: cedar_policy::Entities, policies: cedar_policy::PolicySet, } -impl CedarAuthorizer { - pub fn new( - policies: cedar_policy::PolicySet, - entities: cedar_policy::Entities, - ) -> CedarAuthorizer { - CedarAuthorizer { +impl Authorizer { + pub fn new(policies: cedar_policy::PolicySet, entities: cedar_policy::Entities) -> Authorizer { + Authorizer { policies, entities, authorizer: cedar_policy::Authorizer::new(), } } - pub fn new_from(path: &std::path::Path, entities: cedar_policy::Entities) -> CedarAuthorizer { + pub fn new_from(path: &std::path::Path, entities: cedar_policy::Entities) -> Authorizer { Self::new( Self::load_from(path).unwrap_or_else(|e| { tracing::error!( @@ -127,7 +123,7 @@ impl CedarAuthorizer { } } -impl Default for CedarAuthorizer { +impl Default for Authorizer { fn default() -> Self { Self::new_from( std::path::Path::new("./etc/authzd"), @@ -136,7 +132,7 @@ impl Default for CedarAuthorizer { } } -impl Authorizer for CedarAuthorizer { +impl crate::authorization::authorizer::Authorizer for Authorizer { fn authorize(&self, request: envoy_types::ext_authz::v3::pb::CheckRequest) -> bool { let http_request = match request .attributes diff --git a/src/bin/cli.rs b/src/bin/cli.rs index 5bc118b7..a6d2fa8a 100644 --- a/src/bin/cli.rs +++ b/src/bin/cli.rs @@ -85,7 +85,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> { tracing::info!(address = %addr, "Starting"); authzd::authorization::Server::new( - authzd::authorization::cedar::CedarAuthorizer::default(), + authzd::authorization::cedar::Authorizer::default(), )? .serve(addr.parse().unwrap()) .await?; @@ -1,5 +1,6 @@ pub mod authorization; pub mod gitlab; -pub use authorization::cedar::{CedarAuthorizer, CedarEntity, EntitiesRepository}; +pub use authorization::cedar::{Authorizer as CedarAuthorizer, CedarEntity, EntitiesRepository}; +pub use authorization::spice::Authorizer as SpiceAuthorizer; pub use authorization::{Authorizer, CheckService, Server}; diff --git a/tests/authorization/cedar_authorizer_test.rs b/tests/authorization/cedar_authorizer_test.rs index b169be7d..4938033c 100644 --- a/tests/authorization/cedar_authorizer_test.rs +++ b/tests/authorization/cedar_authorizer_test.rs @@ -6,14 +6,12 @@ mod tests { use envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest; use std::collections::HashMap; - fn subject() -> authzd::authorization::cedar::CedarAuthorizer { + fn subject() -> authzd::authorization::cedar::Authorizer { common::setup(); subject_with(cedar_policy::Entities::empty()) } - fn subject_with( - entities: cedar_policy::Entities, - ) -> authzd::authorization::cedar::CedarAuthorizer { + fn subject_with(entities: cedar_policy::Entities) -> authzd::authorization::cedar::Authorizer { build_cedar_authorizer(entities) } diff --git a/tests/support/factory_bot.rs b/tests/support/factory_bot.rs index c3ad781d..08deaa15 100644 --- a/tests/support/factory_bot.rs +++ b/tests/support/factory_bot.rs @@ -39,10 +39,10 @@ pub fn build_headers(headers: Vec<(String, String)>) -> HashMap<String, String> pub fn build_cedar_authorizer( entities: cedar_policy::Entities, -) -> authzd::authorization::cedar::CedarAuthorizer { +) -> authzd::authorization::cedar::Authorizer { let realpath = std::fs::canonicalize("./etc/authzd").unwrap(); let path = realpath.as_path(); - authzd::authorization::cedar::CedarAuthorizer::new_from(path, entities) + authzd::authorization::cedar::Authorizer::new_from(path, entities) } pub async fn build_channel(addr: SocketAddr) -> Channel { |