3 files changed, 80 insertions, 0 deletions

diff --git a/tests/authorization/cedar_authorizer_test.rs b/tests/authorization/cedar_authorizer_test.rs
new file mode 100644
index 00000000..2ed3dd68
--- /dev/null
+++ b/tests/authorization/cedar_authorizer_test.rs
@@ -0,0 +1,78 @@
+#[cfg(test)]
+mod tests {
+    use crate::common::create_request;
+    use authzd::Authorizer;
+    use authzd::CedarAuthorizer;
+    use envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest;
+    use std::collections::HashMap;
+
+    #[test]
+    fn test_cedar_authorizer_allows_valid_token() {
+        let authorizer = CedarAuthorizer::new();
+        let mut headers = HashMap::new();
+        headers.insert(
+            "authorization".to_string(),
+            "Bearer valid-token".to_string(),
+        );
+        let request = create_request(|item: &mut HttpRequest| {
+            item.headers = headers;
+        });
+
+        let result = authorizer.authorize(request);
+        assert!(result);
+    }
+
+    #[test]
+    fn test_cedar_authorizer_denies_invalid_token() {
+        let authorizer = CedarAuthorizer::new();
+        let mut headers = HashMap::new();
+        headers.insert(
+            "authorization".to_string(),
+            "Bearer invalid-token".to_string(),
+        );
+        let request = create_request(|item: &mut HttpRequest| {
+            item.headers = headers;
+        });
+
+        let result = authorizer.authorize(request);
+        assert!(!result);
+    }
+
+    #[test]
+    fn test_cedar_authorizer_denies_missing_header() {
+        let authorizer = CedarAuthorizer::new();
+        let headers = HashMap::new();
+        let request = create_request(|item: &mut HttpRequest| {
+            item.headers = headers;
+        });
+
+        let result = authorizer.authorize(request);
+        assert!(!result);
+    }
+
+    #[test]
+    fn test_cedar_authorizer_allows_static_assets() {
+        let authorizer = CedarAuthorizer::new();
+        let mut headers = HashMap::new();
+        headers.insert(":path".to_string(), "/public/style.css".to_string());
+        let request = create_request(|item: &mut HttpRequest| {
+            item.headers = headers;
+        });
+
+        let result = authorizer.authorize(request);
+        assert!(result);
+    }
+
+    #[test]
+    fn test_cedar_authorizer_allows_js_assets() {
+        let authorizer = CedarAuthorizer::new();
+        let mut headers = HashMap::new();
+        headers.insert(":path".to_string(), "/app.js".to_string());
+        let request = create_request(|item: &mut HttpRequest| {
+            item.headers = headers;
+        });
+
+        let result = authorizer.authorize(request);
+        assert!(result);
+    }
+}
diff --git a/tests/authorization/mod.rs b/tests/authorization/mod.rs
new file mode 100644
index 00000000..a8aab73a
--- /dev/null
+++ b/tests/authorization/mod.rs
@@ -0,0 +1 @@
+mod cedar_authorizer_test;
diff --git a/tests/integration_tests.rs b/tests/integration_tests.rs
index 9bbeaea5..2269c7f7 100644
--- a/tests/integration_tests.rs
+++ b/tests/integration_tests.rs
@@ -2,6 +2,7 @@ use authzd::{CedarAuthorizer, CheckService};
 use envoy_types::ext_authz::v3::pb::Authorization;
 use std::sync::Arc;
 
+mod authorization;
 mod common;
 
 #[tokio::test]