From fc4bbd8efd805411239406c6323a37537d4534f2 Mon Sep 17 00:00:00 2001 From: mo khan Date: Sat, 5 Jul 2025 11:29:37 -0600 Subject: fix: fix typo in cedar policy file --- src/authorization/cedar_authorizer.rs | 110 +++++++++++++++++----------------- 1 file changed, 55 insertions(+), 55 deletions(-) (limited to 'src/authorization') diff --git a/src/authorization/cedar_authorizer.rs b/src/authorization/cedar_authorizer.rs index 96a406d8..9fb7513a 100644 --- a/src/authorization/cedar_authorizer.rs +++ b/src/authorization/cedar_authorizer.rs @@ -49,58 +49,7 @@ impl CedarAuthorizer { Ok(policies) } -} - -impl Default for CedarAuthorizer { - fn default() -> Self { - Self::new_from(std::path::Path::new("/etc/authzd")) - } -} - -impl Authorizer for CedarAuthorizer { - fn authorize(&self, request: CheckRequest) -> bool { - let http_request = match request - .attributes - .as_ref() - .and_then(|attr| attr.request.as_ref()) - .and_then(|req| req.http.as_ref()) - { - Some(http) => http, - None => return false, - }; - - tracing::info!( - method = %http_request.method, - host = %http_request.host, - path = %http_request.path, - scheme = %http_request.scheme, - protocol = %http_request.protocol, - "Processing HTTP request" - ); - match self.map_from(http_request.clone()) { - Ok(cedar_request) => { - let entities = Entities::empty(); - let response = - self.authorizer - .is_authorized(&cedar_request, &self.policies, &entities); - - matches!(response.decision(), cedar_policy::Decision::Allow) - } - Err(e) => { - println!("error: {}", e); - tracing::error!( - error = %e, - path = %http_request.path, - "Failed to create Cedar request" - ); - false - } - } - } -} - -impl CedarAuthorizer { fn map_from( &self, http_request: envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest, @@ -110,8 +59,9 @@ impl CedarAuthorizer { let resource = self.resource_from(&http_request)?; let context = self.context_from(http_request)?; - CedarRequest::new(principal, permission, resource, context, None) - .map_err(|e| Box::new(e) as Box) + Ok(CedarRequest::new( + principal, permission, resource, context, None, + )?) } fn principal_from( @@ -147,7 +97,7 @@ impl CedarAuthorizer { fn context_from( &self, http_request: envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest, - ) -> Result { + ) -> Result> { let mut items = std::collections::HashMap::new(); items.insert("bearer_token".to_string(), self.token_from(&http_request)); @@ -155,7 +105,7 @@ impl CedarAuthorizer { items.insert("method".to_string(), self.safe_string(&http_request.method)); items.insert("path".to_string(), self.safe_string(&http_request.path)); - Context::from_pairs(items.into_iter().collect::>()) + Ok(Context::from_pairs(items.into_iter().collect::>())?) } fn token_from( @@ -175,3 +125,53 @@ impl CedarAuthorizer { cedar_policy::RestrictedExpression::new_string(item.to_string()) } } + +impl Default for CedarAuthorizer { + fn default() -> Self { + Self::new_from(std::path::Path::new("/etc/authzd")) + } +} + +impl Authorizer for CedarAuthorizer { + fn authorize(&self, request: CheckRequest) -> bool { + let http_request = match request + .attributes + .as_ref() + .and_then(|attr| attr.request.as_ref()) + .and_then(|req| req.http.as_ref()) + { + Some(http) => http, + None => return false, + }; + + tracing::info!( + method = %http_request.method, + host = %http_request.host, + path = %http_request.path, + scheme = %http_request.scheme, + protocol = %http_request.protocol, + "Processing HTTP request" + ); + + let entities = Entities::empty(); + + match self.map_from(http_request.clone()) { + Ok(cedar_request) => { + let response = + self.authorizer + .is_authorized(&cedar_request, &self.policies, &entities); + + matches!(response.decision(), cedar_policy::Decision::Allow) + } + Err(e) => { + println!("error: {}", e); + tracing::error!( + error = %e, + path = %http_request.path, + "Failed to create Cedar request" + ); + false + } + } + } +} -- cgit v1.2.3