From 784e0740a6ca7684feba3fb4f26d68e098b5c826 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Fri, 4 Jul 2025 16:39:37 -0600
Subject: refactor: map from http request to cedar request

---
 src/authorization/cedar_authorizer.rs        |  8 ++++----
 tests/authorization/cedar_authorizer_test.rs | 20 ++++++++------------
 tests/authorization/check_service_test.rs    | 17 +++++++----------
 3 files changed, 19 insertions(+), 26 deletions(-)

diff --git a/src/authorization/cedar_authorizer.rs b/src/authorization/cedar_authorizer.rs
index 17867aba..4eeaf645 100644
--- a/src/authorization/cedar_authorizer.rs
+++ b/src/authorization/cedar_authorizer.rs
@@ -85,7 +85,7 @@ impl Authorizer for CedarAuthorizer {
             return true;
         }
 
-        match self.create_cedar_request(http_request.clone()) {
+        match self.map_from(http_request.clone()) {
             Ok(cedar_request) => {
                 let entities = Entities::empty();
                 let response =
@@ -107,7 +107,7 @@ impl Authorizer for CedarAuthorizer {
 }
 
 impl CedarAuthorizer {
-    fn create_cedar_request(
+    fn map_from(
         &self,
         http_request: envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest,
     ) -> Result<CedarRequest, Box<dyn std::error::Error>> {
@@ -136,13 +136,13 @@ impl CedarAuthorizer {
         if !bearer_token.is_empty() {
             context_map.insert(
                 "bearer_token".to_string(),
-                cedar_policy::RestrictedExpression::from_str(bearer_token)?,
+                cedar_policy::RestrictedExpression::new_string(bearer_token.to_string()),
             );
         }
         if !http_request.path.is_empty() {
             context_map.insert(
                 "path".to_string(),
-                cedar_policy::RestrictedExpression::from_str(&http_request.path.to_string())?,
+                cedar_policy::RestrictedExpression::new_string(http_request.path.clone()),
             );
         }
 
diff --git a/tests/authorization/cedar_authorizer_test.rs b/tests/authorization/cedar_authorizer_test.rs
index 79f83c00..317ef67f 100644
--- a/tests/authorization/cedar_authorizer_test.rs
+++ b/tests/authorization/cedar_authorizer_test.rs
@@ -8,12 +8,10 @@ mod tests {
     #[test]
     fn test_cedar_authorizer_allows_valid_token() {
         let request = build_request(|item: &mut HttpRequest| {
-            item.headers = build_with(|item: &mut HashMap<String, String>| {
-                item.insert(
-                    String::from("authorization"),
-                    String::from("Bearer valid-token"),
-                );
-            });
+            item.headers = build_headers(vec![(
+                "authorization".to_string(),
+                "Bearer valid-token".to_string(),
+            )]);
         });
 
         assert!(build_cedar_authorizer().authorize(request));
@@ -22,12 +20,10 @@ mod tests {
     #[test]
     fn test_cedar_authorizer_denies_invalid_token() {
         let request = build_request(|item: &mut HttpRequest| {
-            item.headers = build_with(|item: &mut HashMap<String, String>| {
-                item.insert(
-                    String::from("authorization"),
-                    String::from("Bearer invalid-token"),
-                );
-            });
+            item.headers = build_headers(vec![(
+                "authorization".to_string(),
+                "Bearer invalid-token".to_string(),
+            )]);
         });
 
         assert!(!build_cedar_authorizer().authorize(request));
diff --git a/tests/authorization/check_service_test.rs b/tests/authorization/check_service_test.rs
index a4b8f2ee..fe45712d 100644
--- a/tests/authorization/check_service_test.rs
+++ b/tests/authorization/check_service_test.rs
@@ -14,6 +14,7 @@ mod tests {
     #[tokio::test]
     async fn test_check_allows_valid_bearer_token() {
         let request = tonic::Request::new(build_request(|item: &mut HttpRequest| {
+            item.path = String::from("/");
             item.headers = build_headers(vec![(
                 "authorization".to_string(),
                 format!("Bearer {}", String::from("valid-token")),
@@ -100,13 +101,13 @@ mod tests {
     #[tokio::test]
     async fn test_table() {
         let test_cases = vec![
-            ("Bearer valid-token", true),
-            ("Bearer invalid-token", false),
-            ("Basic valid-token", false),
-            ("", false),
+            ("Bearer valid-token", tonic::Code::Ok),
+            ("Bearer invalid-token", tonic::Code::Unauthenticated),
+            ("Basic valid-token", tonic::Code::Unauthenticated),
+            ("", tonic::Code::Unauthenticated),
         ];
 
-        for (auth_value, should_succeed) in test_cases {
+        for (auth_value, expected_status_code) in test_cases {
             let request = tonic::Request::new(build_request(|item: &mut HttpRequest| {
                 item.headers =
                     build_headers(vec![("authorization".to_string(), auth_value.to_string())]);
@@ -118,11 +119,7 @@ mod tests {
             let check_response = response.unwrap().into_inner();
             let status = check_response.status.unwrap();
 
-            if should_succeed {
-                assert_eq!(status.code, tonic::Code::Ok as i32);
-            } else {
-                assert_eq!(status.code, tonic::Code::Unauthenticated as i32);
-            }
+            assert_eq!(status.code, expected_status_code as i32);
         }
     }
 
-- 
cgit v1.2.3