infratographer · jacobsee · Apr 5, 2024 · Apr 4, 2024 · Apr 4, 2024 · Apr 4, 2024
@@ -85,10 +85,10 @@ func createRole(ctx context.Context, cfg *config.AppConfig) {
 
 	var policy iapl.Policy
 
-	if cfg.SpiceDB.PolicyFile != "" {
-		policy, err = iapl.NewPolicyFromFile(cfg.SpiceDB.PolicyFile)
+	if len(cfg.SpiceDB.PolicyFiles) > 0 {
+		policy, err = iapl.NewPolicyFromFiles(cfg.SpiceDB.PolicyFiles)
 		if err != nil {
-			logger.Fatalw("unable to load new policy from schema file", "policy_file", cfg.SpiceDB.PolicyFile, "error", err)
+			logger.Fatalw("unable to load new policy from schema files", "policy_files", cfg.SpiceDB.PolicyFiles, "error", err)
 		}
 	} else {
 		logger.Warn("no spicedb policy file defined, using default policy")

@@ -49,10 +49,10 @@ func writeSchema(ctx context.Context, dryRun bool, cfg *config.AppConfig) {
 		policy iapl.Policy
 	)
 
-	if cfg.SpiceDB.PolicyFile != "" {
-		policy, err = iapl.NewPolicyFromFile(cfg.SpiceDB.PolicyFile)
+	if len(cfg.SpiceDB.PolicyFiles) > 0 {
+		policy, err = iapl.NewPolicyFromFiles(cfg.SpiceDB.PolicyFiles)
 		if err != nil {
-			logger.Fatalw("unable to load new policy from schema file", "policy_file", cfg.SpiceDB.PolicyFile, "error", err)
+			logger.Fatalw("unable to load new policy from schema files", "policy_files", cfg.SpiceDB.PolicyFiles, "error", err)
 		}
 	} else {
 		logger.Warn("no spicedb policy file defined, using default policy")
@@ -70,7 +70,7 @@ func writeSchema(ctx context.Context, dryRun bool, cfg *config.AppConfig) {
 	}
 
 	if viper.GetBool("mermaid") || viper.GetBool("mermaid-markdown") {
-		outputPolicyMermaid(cfg.SpiceDB.PolicyFile, viper.GetBool("mermaid-markdown"))
+		outputPolicyMermaid(cfg.SpiceDB.PolicyFiles, viper.GetBool("mermaid-markdown"))
 
 		return
 	}

@@ -57,19 +57,24 @@ type mermaidContext struct {
 	RelatedActions map[string]map[string][]string
 }
 
-func outputPolicyMermaid(filePath string, markdown bool) {
-	var policy iapl.PolicyDocument
+func outputPolicyMermaid(filePaths []string, markdown bool) {
+	policy := iapl.PolicyDocument{}
+
+	if len(filePaths) > 0 {
+		for _, filePath := range filePaths {
+			file, err := os.Open(filePath)
+			if err != nil {
+				logger.Fatalw("failed to open policy document file", "error", err)
+			}
+			defer file.Close()
 
-	if filePath != "" {
-		file, err := os.Open(filePath)
-		if err != nil {
-			logger.Fatalw("failed to open policy document file", "error", err)
-		}
+			var filePolicy iapl.PolicyDocument
 
-		defer file.Close()
+			if err := yaml.NewDecoder(file).Decode(&filePolicy); err != nil {
+				logger.Fatalw("failed to open policy document file", "error", err)
+			}
 
-		if err := yaml.NewDecoder(file).Decode(&policy); err != nil {
-			logger.Fatalw("failed to load policy document file", "error", err)
+			policy = policy.MergeWithPolicyDocument(filePolicy)
 		}
 	} else {
 		policy = iapl.DefaultPolicyDocument()

@@ -74,10 +74,10 @@ func serve(ctx context.Context, cfg *config.AppConfig) {
 
 	var policy iapl.Policy
 
-	if cfg.SpiceDB.PolicyFile != "" {
-		policy, err = iapl.NewPolicyFromFile(cfg.SpiceDB.PolicyFile)
+	if len(cfg.SpiceDB.PolicyFiles) > 0 {
+		policy, err = iapl.NewPolicyFromFiles(cfg.SpiceDB.PolicyFiles)
 		if err != nil {
-			logger.Fatalw("unable to load new policy from schema file", "policy_file", cfg.SpiceDB.PolicyFile, "error", err)
+			logger.Fatalw("unable to load new policy from schema files", "policy_files", cfg.SpiceDB.PolicyFiles, "error", err)
 		}
 	} else {
 		logger.Warn("no spicedb policy file defined, using default policy")

@@ -73,10 +73,10 @@ func worker(ctx context.Context, cfg *config.AppConfig) {
 
 	var policy iapl.Policy
 
-	if cfg.SpiceDB.PolicyFile != "" {
-		policy, err = iapl.NewPolicyFromFile(cfg.SpiceDB.PolicyFile)
+	if len(cfg.SpiceDB.PolicyFiles) > 0 {
+		policy, err = iapl.NewPolicyFromFiles(cfg.SpiceDB.PolicyFiles)
 		if err != nil {
-			logger.Fatalw("unable to load new policy from schema file", "policy_file", cfg.SpiceDB.PolicyFile, "error", err)
+			logger.Fatalw("unable to load new policy from schema files", "policy_files", cfg.SpiceDB.PolicyFiles, "error", err)
 		}
 	} else {
 		logger.Warn("no spicedb policy file defined, using default policy")