etc/authzd/policy0.cedar


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

permit (
  principal,
  action == Action::"check",
  resource
)
when { context has bearer_token && context.bearer_token == "valid-token" };

permit (principal, action, resource)
when
{
  context has path &&
  context has method &&
  context.method == "GET" &&
  (context.path like "*.css" ||
   context.path like "*.js" ||
   context.path like "*.ico" ||
   context.path like "*.png" ||
   context.path like "*.jpg" ||
   context.path like "*.jpeg" ||
   context.path like "*.gif" ||
   context.path like "*.bmp" ||
   context.path like "*.html")
};

permit (principal, action, resource)
when
{
  context has host &&
  context has method &&
  context has path &&
  ((context.host == "sparkle.runway.gitlab.net" ||
    context.host == "sparkle.staging.runway.gitlab.net" ||
    context.host like "localhost:*") &&
   ((context.method == "GET" &&
     (context.path == "/" ||
      context.path == "/callback" ||
      context.path == "/dashboard/nav" ||
      context.path == "/health" ||
      context.path == "/signout" ||
      context.path == "/sparkles")) ||
    (context.method == "POST" && (context.path == "/sparkles/restore"))))
};