diff options
Diffstat (limited to 'app')
| -rw-r--r-- | app/services/check.go | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/app/services/check.go b/app/services/check.go index d0004572..23deecb9 100644 --- a/app/services/check.go +++ b/app/services/check.go @@ -3,9 +3,12 @@ package services import ( "context" + "github.com/cedar-policy/cedar-go" core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" auth "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3" types "github.com/envoyproxy/go-control-plane/envoy/type/v3" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/authzd.git/pkg/gid" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/authzd.git/pkg/policies" status "google.golang.org/genproto/googleapis/rpc/status" "google.golang.org/grpc/codes" ) @@ -26,7 +29,15 @@ func (svc *CheckService) Check(ctx context.Context, request *auth.CheckRequest) } func (svc *CheckService) isAllowed(ctx context.Context, r *auth.CheckRequest) bool { - return true + return policies.Allowed(ctx, cedar.Request{ + Principal: gid.NewEntityUID("gid://gitlab/User/*"), + Action: cedar.NewEntityUID("HttpMethod", cedar.String(r.Attributes.Request.Http.Method)), + Resource: cedar.NewEntityUID("HttpPath", cedar.String(r.Attributes.Request.Http.Path)), + Context: cedar.NewRecord(cedar.RecordMap{ + "host": cedar.String(r.Attributes.Request.Http.Host), + }), + }) + } func (svc *CheckService) OK(ctx context.Context) *auth.CheckResponse { |