diff options
Diffstat (limited to 'src/authorization')
| -rw-r--r-- | src/authorization/cedar_authorizer.rs | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/src/authorization/cedar_authorizer.rs b/src/authorization/cedar_authorizer.rs index 9fb7513a..db54aaed 100644 --- a/src/authorization/cedar_authorizer.rs +++ b/src/authorization/cedar_authorizer.rs @@ -10,13 +10,16 @@ use std::str::FromStr; #[derive(Debug)] pub struct CedarAuthorizer { policies: PolicySet, + entities: cedar_policy::Entities, authorizer: CedarAuth, } impl CedarAuthorizer { pub fn new(policies: cedar_policy::PolicySet) -> CedarAuthorizer { + let entities = Entities::empty(); CedarAuthorizer { policies, + entities, authorizer: CedarAuth::new(), } } @@ -31,7 +34,6 @@ impl CedarAuthorizer { } let mut policies = PolicySet::new(); - for entry in fs::read_dir(path)? { let file_path = entry?.path(); @@ -144,24 +146,26 @@ impl Authorizer for CedarAuthorizer { None => return false, }; - tracing::info!( - method = %http_request.method, - host = %http_request.host, - path = %http_request.path, - scheme = %http_request.scheme, - protocol = %http_request.protocol, - "Processing HTTP request" - ); - - let entities = Entities::empty(); - match self.map_from(http_request.clone()) { Ok(cedar_request) => { let response = self.authorizer - .is_authorized(&cedar_request, &self.policies, &entities); + .is_authorized(&cedar_request, &self.policies, &self.entities); + + let decision = response.decision(); + + tracing::info!( + method = %http_request.method, + host = %http_request.host, + path = %http_request.path, + scheme = %http_request.scheme, + protocol = %http_request.protocol, + decision = ?decision, + diagnostics = ?response.diagnostics(), + "Processing HTTP request" + ); - matches!(response.decision(), cedar_policy::Decision::Allow) + matches!(decision, cedar_policy::Decision::Allow) } Err(e) => { println!("error: {}", e); |