From 2c46c12427c6ae44e6ca96e6cef7522e4435482d Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Sat, 5 Jul 2025 11:58:02 -0600
Subject: chore: log the decision and diagnostics

---
 src/authorization/cedar_authorizer.rs | 32 ++++++++++++++++++--------------
 1 file changed, 18 insertions(+), 14 deletions(-)

(limited to 'src')

diff --git a/src/authorization/cedar_authorizer.rs b/src/authorization/cedar_authorizer.rs
index 9fb7513a..db54aaed 100644
--- a/src/authorization/cedar_authorizer.rs
+++ b/src/authorization/cedar_authorizer.rs
@@ -10,13 +10,16 @@ use std::str::FromStr;
 #[derive(Debug)]
 pub struct CedarAuthorizer {
     policies: PolicySet,
+    entities: cedar_policy::Entities,
     authorizer: CedarAuth,
 }
 
 impl CedarAuthorizer {
     pub fn new(policies: cedar_policy::PolicySet) -> CedarAuthorizer {
+        let entities = Entities::empty();
         CedarAuthorizer {
             policies,
+            entities,
             authorizer: CedarAuth::new(),
         }
     }
@@ -31,7 +34,6 @@ impl CedarAuthorizer {
         }
 
         let mut policies = PolicySet::new();
-
         for entry in fs::read_dir(path)? {
             let file_path = entry?.path();
 
@@ -144,24 +146,26 @@ impl Authorizer for CedarAuthorizer {
             None => return false,
         };
 
-        tracing::info!(
-            method = %http_request.method,
-            host = %http_request.host,
-            path = %http_request.path,
-            scheme = %http_request.scheme,
-            protocol = %http_request.protocol,
-            "Processing HTTP request"
-        );
-
-        let entities = Entities::empty();
-
         match self.map_from(http_request.clone()) {
             Ok(cedar_request) => {
                 let response =
                     self.authorizer
-                        .is_authorized(&cedar_request, &self.policies, &entities);
+                        .is_authorized(&cedar_request, &self.policies, &self.entities);
+
+                let decision = response.decision();
+
+                tracing::info!(
+                    method = %http_request.method,
+                    host = %http_request.host,
+                    path = %http_request.path,
+                    scheme = %http_request.scheme,
+                    protocol = %http_request.protocol,
+                    decision = ?decision,
+                    diagnostics = ?response.diagnostics(),
+                    "Processing HTTP request"
+                );
 
-                matches!(response.decision(), cedar_policy::Decision::Allow)
+                matches!(decision, cedar_policy::Decision::Allow)
             }
             Err(e) => {
                 println!("error: {}", e);
-- 
cgit v1.2.3