diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/authorization/cedar_authorizer.rs | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/src/authorization/cedar_authorizer.rs b/src/authorization/cedar_authorizer.rs index 568bafbc..4ec3b34d 100644 --- a/src/authorization/cedar_authorizer.rs +++ b/src/authorization/cedar_authorizer.rs @@ -5,6 +5,8 @@ use cedar_policy::{ }; use envoy_types::ext_authz::v3::pb::CheckRequest; use std::collections::HashMap; +use std::fs; +use std::path::Path; use std::str::FromStr; #[derive(Debug)] @@ -20,10 +22,40 @@ impl CedarAuthorizer { authorizer: CedarAuth::new(), } } + + pub fn new_from(dir_path: &str) -> CedarAuthorizer { + Self::new(Self::load_from(dir_path).unwrap_or_else(|_| PolicySet::default())) + } + + fn load_from(dir_path: &str) -> Result<PolicySet, Box<dyn std::error::Error>> { + let path = Path::new(dir_path); + if !path.exists() || !path.is_dir() { + return Ok(PolicySet::default()); + } + + let mut policies = PolicySet::new(); + + for entry in fs::read_dir(path)? { + let file_path = entry?.path(); + + if let Some(extension) = file_path.extension() { + if extension == "cedar" { + let content = fs::read_to_string(&file_path)?; + let file_policies = PolicySet::from_str(&content)?; + + for policy in file_policies.policies() { + policies.add(policy.clone())?; + } + } + } + } + + Ok(policies) + } } impl Default for CedarAuthorizer { fn default() -> Self { - Self::new(PolicySet::default()) + Self::new_from("/etc/authzd") } } |