diff options
| -rw-r--r-- | src/authorization/cedar_authorizer.rs | 9 | ||||
| -rw-r--r-- | tests/authorization/cedar_authorizer_test.rs | 2 |
2 files changed, 8 insertions, 3 deletions
diff --git a/src/authorization/cedar_authorizer.rs b/src/authorization/cedar_authorizer.rs index c6b886ec..ceaee51c 100644 --- a/src/authorization/cedar_authorizer.rs +++ b/src/authorization/cedar_authorizer.rs @@ -74,11 +74,16 @@ impl CedarAuthorizer { fn principal_from( &self, - _http_request: &envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest, + http_request: &envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest, ) -> Result<cedar_policy::EntityUid, Box<dyn std::error::Error>> { + let subject = http_request + .headers + .get("x-jwt-claim-sub") + .map_or("", |v| v); + Ok(cedar_policy::EntityUid::from_type_name_and_id( cedar_policy::EntityTypeName::from_str("User")?, - cedar_policy::EntityId::from_str("client")?, + cedar_policy::EntityId::from_str(subject)?, )) } diff --git a/tests/authorization/cedar_authorizer_test.rs b/tests/authorization/cedar_authorizer_test.rs index 8add9868..0cffeb13 100644 --- a/tests/authorization/cedar_authorizer_test.rs +++ b/tests/authorization/cedar_authorizer_test.rs @@ -74,7 +74,7 @@ mod tests { #[test] fn test_authenticated_create_sparkle() { let request = build_request(|item: &mut HttpRequest| { - item.method = "GET".to_string(); + item.method = "POST".to_string(); item.path = "/sparkles".to_string(); item.host = "sparkle.staging.runway.gitlab.net".to_string(); item.headers = build_headers(vec![ |