summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormo khan <mo@mokhan.ca>2025-07-05 12:49:18 -0600
committermo khan <mo@mokhan.ca>2025-07-05 12:49:18 -0600
commit2a56b8fa13aef71493959ca9e50b48d806082f33 (patch)
treef58067b9e95e8fc621cea4e8073879d74671f36a
parentc23770fe752b7cdd92de4af5dd5b65f57da80709 (diff)
refactor: pass the PaC autorizer to the server to allow trying different ones
Diffstat
-rw-r--r--src/authorization/authorizer.rs2
-rw-r--r--src/authorization/server.rs6
-rw-r--r--src/main.rs3
3 files changed, 6 insertions, 5 deletions
diff --git a/src/authorization/authorizer.rs b/src/authorization/authorizer.rs
index 14a7df27..62733585 100644
--- a/src/authorization/authorizer.rs
+++ b/src/authorization/authorizer.rs
@@ -1,5 +1,5 @@
use envoy_types::ext_authz::v3::pb::CheckRequest;
-pub trait Authorizer: std::fmt::Debug {
+pub trait Authorizer: std::fmt::Debug + std::marker::Sync + std::marker::Send + 'static {
fn authorize(&self, request: CheckRequest) -> bool;
}
diff --git a/src/authorization/server.rs b/src/authorization/server.rs
index feb89d52..759a550d 100644
--- a/src/authorization/server.rs
+++ b/src/authorization/server.rs
@@ -8,13 +8,13 @@ pub struct Server {
}
impl Server {
- pub fn new() -> Result<Server, Box<dyn std::error::Error>> {
+ pub fn new<T: super::Authorizer>(authorizer: T) -> Result<Server, Box<dyn std::error::Error>> {
let (health_reporter, health_service) = tonic_health::server::health_reporter();
std::mem::drop(
health_reporter.set_service_status("", tonic_health::ServingStatus::Serving),
);
let authorization_service =
- AuthorizationServer::new(CheckService::new(Arc::new(CedarAuthorizer::default())));
+ AuthorizationServer::new(CheckService::new(Arc::new(authorizer)));
let reflection_service = tonic_reflection::server::Builder::configure()
.register_encoded_file_descriptor_set(tonic_health::pb::FILE_DESCRIPTOR_SET)
@@ -64,6 +64,6 @@ impl Server {
impl Default for Server {
fn default() -> Self {
- Self::new().unwrap()
+ Self::new(CedarAuthorizer::default()).unwrap()
}
}
diff --git a/src/main.rs b/src/main.rs
index 511d3d04..add0d88d 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -17,7 +17,8 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
.parse()?;
tracing::info!(address = %addr, "Starting authorization server");
- let server = authzd::authorization::Server::new()?;
+ let cedar = authzd::authorization::CedarAuthorizer::default();
+ let server = authzd::authorization::Server::new(cedar)?;
server.serve(addr).await?;
Ok(())
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 18:51:32 +0000