policies/auth_policy.cedar


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

// Authorization policies for the authzd service

// Allow requests with valid Bearer tokens
permit(principal, action == Action::"check", resource)
when {
    context has bearer_token &&
    context.bearer_token == "valid-token"
};

// Allow static assets to pass through without authentication
permit(principal, action == Action::"check", resource)
when {
    context has path &&
    (context.path like "*.css" ||
     context.path like "*.js" ||
     context.path like "*.ico" ||
     context.path like "*.png" ||
     context.path like "*.jpg" ||
     context.path like "*.jpeg" ||
     context.path like "*.gif" ||
     context.path like "*.bmp" ||
     context.path like "*.html")
};