From 89499df2932ce2a62ed8606d4ef967175914f204 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Wed, 9 Jul 2025 15:29:31 -0600
Subject: chore: split sparkle policies into separate file

---
 etc/authzd/policy0.cedar | 21 +--------------------
 etc/authzd/policy1.cedar | 22 ++++++++++++++++++++++
 2 files changed, 23 insertions(+), 20 deletions(-)
 create mode 100644 etc/authzd/policy1.cedar

(limited to 'etc')

diff --git a/etc/authzd/policy0.cedar b/etc/authzd/policy0.cedar
index 9410eced..10ad622f 100644
--- a/etc/authzd/policy0.cedar
+++ b/etc/authzd/policy0.cedar
@@ -10,7 +10,7 @@ when
 {
   context has path &&
   context has method &&
-  context.method == "GET" &&
+  (context.method == "GET" || context.method == "HEAD") &&
   (context.path like "*.css" ||
    context.path like "*.js" ||
    context.path like "*.ico" ||
@@ -21,22 +21,3 @@ when
    context.path like "*.bmp" ||
    context.path like "*.html")
 };
-
-permit (principal, action, resource)
-when
-{
-  context has host &&
-  context has method &&
-  context has path &&
-  ((context.host == "sparkle.runway.gitlab.net" ||
-    context.host == "sparkle.staging.runway.gitlab.net" ||
-    context.host like "localhost:*") &&
-   ((context.method == "GET" &&
-     (context.path == "/" ||
-      context.path == "/callback" ||
-      context.path == "/dashboard/nav" ||
-      context.path == "/health" ||
-      context.path == "/signout" ||
-      context.path == "/sparkles")) ||
-    (context.method == "POST" && (context.path == "/sparkles/restore"))))
-};
diff --git a/etc/authzd/policy1.cedar b/etc/authzd/policy1.cedar
new file mode 100644
index 00000000..507ef3ed
--- /dev/null
+++ b/etc/authzd/policy1.cedar
@@ -0,0 +1,22 @@
+permit (principal, action, resource)
+when
+{
+  context has host &&
+  context has method &&
+  context has path &&
+  (
+    (
+      context.host == "sparkle.runway.gitlab.net" ||
+      context.host == "sparkle.staging.runway.gitlab.net" ||
+      context.host like "localhost:*"
+    ) && (
+      (
+      context.method == "GET" &&
+     (context.path == "/" ||
+      context.path == "/callback" ||
+      context.path == "/dashboard/nav" ||
+      context.path == "/health" ||
+      context.path == "/signout" ||
+      context.path == "/sparkles")) ||
+    (context.method == "POST" && (context.path == "/sparkles/restore"))))
+};
-- 
cgit v1.2.3