etc/authzd/policy1.cedar


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

permit (principal, action, resource)
when
{
  context has host &&
  context has method &&
  context has path &&
  ((context.host == "sparkle.runway.gitlab.net" ||
    context.host == "sparkle.staging.runway.gitlab.net" ||
    context.host like "localhost:*") &&
   ((context.method == "GET" &&
     (context.path == "/" ||
      context.path == "/callback" ||
      context.path == "/dashboard/nav" ||
      context.path == "/health" ||
      context.path == "/signout" ||
      context.path == "/sparkles")) ||
    (context.method == "POST" && (context.path == "/sparkles/restore"))))
};

permit (
  principal is User,
  action == Action::"POST",
  resource == Resource::"/sparkles"
)
when
{
  context has host &&
  context.host == "sparkle.staging.runway.gitlab.net" &&
  principal has username
};