3 files changed, 33 insertions, 22 deletions

diff --git a/pkg/policies/allowed.go b/pkg/policies/allowed.go
new file mode 100644
index 00000000..328ecdbc
--- /dev/null
+++ b/pkg/policies/allowed.go
@@ -0,0 +1,29 @@
+package policies
+
+import (
+	"context"
+
+	"github.com/cedar-policy/cedar-go"
+	"github.com/cedar-policy/cedar-go/types"
+	"github.com/xlgmokha/x/pkg/log"
+)
+
+func Allowed(ctx context.Context, request cedar.Request) bool {
+	ok, diagnostic := All.IsAuthorized(Entities, request)
+
+	log.WithFields(ctx, log.Fields{
+		"ok":        "ok",
+		"principal": request.Principal,
+		"action":    request.Action,
+		"context":   request.Context,
+		"resource":  request.Resource,
+	})
+
+	if len(diagnostic.Errors) > 0 {
+		log.WithFields(ctx, log.Fields{"errors": diagnostic.Errors})
+	}
+	if len(diagnostic.Reasons) > 0 {
+		log.WithFields(ctx, log.Fields{"reasons": diagnostic.Reasons})
+	}
+	return ok == types.Allow
+}
diff --git a/pkg/policies/init.go b/pkg/policies/init.go
index f5225a91..bc270763 100644
--- a/pkg/policies/init.go
+++ b/pkg/policies/init.go
@@ -1,16 +1,13 @@
 package policies
 
 import (
+	"context"
 	"embed"
 	_ "embed"
-	"fmt"
 	"io/fs"
-	"os"
 	"strings"
 
 	"github.com/cedar-policy/cedar-go"
-	"github.com/cedar-policy/cedar-go/types"
-	"github.com/rs/zerolog"
 	"github.com/xlgmokha/x/pkg/log"
 )
 
@@ -19,7 +16,6 @@ var files embed.FS
 
 var All *cedar.PolicySet = cedar.NewPolicySet()
 var Entities cedar.EntityMap = cedar.EntityMap{}
-var Logger *zerolog.Logger = log.New(os.Stderr, log.Fields{"pkg": "policies"})
 
 func init() {
 	err := fs.WalkDir(files, ".", func(path string, d fs.DirEntry, err error) error {
@@ -59,20 +55,6 @@ func init() {
 	})
 
 	if err != nil {
-		Logger.Err(err)
+		log.WithFields(context.Background(), log.Fields{"error": err})
 	}
 }
-
-func Allowed(request cedar.Request) bool {
-	ok, diagnostic := All.IsAuthorized(Entities, request)
-	fmt.Printf("%v: %v -> %v %v%v\n", ok, request.Principal, request.Action.ID, request.Context.Map(), request.Resource.ID)
-
-	if len(diagnostic.Errors) > 0 {
-		log.New(os.Stderr, log.Fields{"errors": diagnostic.Errors})
-		Logger.Error().Fields(log.Fields{"errors": diagnostic.Errors}.ToMap())
-	}
-	if len(diagnostic.Reasons) > 0 {
-		Logger.Warn().Fields(log.Fields{"reasons": diagnostic.Reasons}.ToMap())
-	}
-	return ok == types.Allow
-}
diff --git a/pkg/policies/policies_test.go b/pkg/policies/policies_test.go
index 9dc98bcd..d44d049d 100644
--- a/pkg/policies/policies_test.go
+++ b/pkg/policies/policies_test.go
@@ -107,7 +107,7 @@ func TestAllowed(t *testing.T) {
 
 	for _, tt := range allowed {
 		t.Run(fmt.Sprintf("allows: %v/%v %v %v%v", tt.Principal.Type, tt.Principal.ID, tt.Action.ID, tt.Context.Map()["host"], tt.Resource.ID), func(t *testing.T) {
-			assert.True(t, Allowed(*tt))
+			assert.True(t, Allowed(t.Context(), *tt))
 		})
 	}
 
@@ -140,7 +140,7 @@ func TestAllowed(t *testing.T) {
 
 	for _, tt := range denied {
 		t.Run(fmt.Sprintf("denies: %v/%v %v %v%v", tt.Principal.Type, tt.Principal.ID, tt.Action.ID, tt.Context.Map()["host"], tt.Resource.ID), func(t *testing.T) {
-			assert.False(t, Allowed(*tt))
+			assert.False(t, Allowed(t.Context(), *tt))
 		})
 	}
 }