refactor: remove anything unrelated to the authz daemon

6 files changed, 50 insertions, 179 deletions

diff --git a/pkg/rpc/ability.pb.go b/pkg/rpc/ability.pb.go
index 48dd0b24..939719fc 100644
--- a/pkg/rpc/ability.pb.go
+++ b/pkg/rpc/ability.pb.go
@@ -129,7 +129,7 @@ var File_ability_proto protoreflect.FileDescriptor
 
 const file_ability_proto_rawDesc = "" +
 	"\n" +
-	"\rability.proto\x12\tauthx.rpc\"d\n" +
+	"\rability.proto\x12\tauthz.rpc\"d\n" +
 	"\fAllowRequest\x12\x18\n" +
 	"\asubject\x18\x01 \x01(\tR\asubject\x12\x1e\n" +
 	"\n" +
@@ -140,7 +140,7 @@ const file_ability_proto_rawDesc = "" +
 	"AllowReply\x12\x16\n" +
 	"\x06result\x18\x01 \x01(\bR\x06result2F\n" +
 	"\aAbility\x12;\n" +
-	"\aAllowed\x12\x17.authx.rpc.AllowRequest\x1a\x15.authx.rpc.AllowReply\"\x00B!Z\x1fgitlab.com/mokhax/spike/pkg/rpcb\x06proto3"
+	"\aAllowed\x12\x17.authz.rpc.AllowRequest\x1a\x15.authz.rpc.AllowReply\"\x00B\tZ\apkg/rpcb\x06proto3"
 
 var (
 	file_ability_proto_rawDescOnce sync.Once
@@ -156,12 +156,12 @@ func file_ability_proto_rawDescGZIP() []byte {
 
 var file_ability_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
 var file_ability_proto_goTypes = []any{
-	(*AllowRequest)(nil), // 0: authx.rpc.AllowRequest
-	(*AllowReply)(nil),   // 1: authx.rpc.AllowReply
+	(*AllowRequest)(nil), // 0: authz.rpc.AllowRequest
+	(*AllowReply)(nil),   // 1: authz.rpc.AllowReply
 }
 var file_ability_proto_depIdxs = []int32{
-	0, // 0: authx.rpc.Ability.Allowed:input_type -> authx.rpc.AllowRequest
-	1, // 1: authx.rpc.Ability.Allowed:output_type -> authx.rpc.AllowReply
+	0, // 0: authz.rpc.Ability.Allowed:input_type -> authz.rpc.AllowRequest
+	1, // 1: authz.rpc.Ability.Allowed:output_type -> authz.rpc.AllowReply
 	1, // [1:2] is the sub-list for method output_type
 	0, // [0:1] is the sub-list for method input_type
 	0, // [0:0] is the sub-list for extension type_name
diff --git a/pkg/rpc/gitlab.com/mokhax/spike/pkg/rpc/ability.twirp.go b/pkg/rpc/ability.twirp.go
index ea2c3d17..f5a33296 100644
--- a/pkg/rpc/gitlab.com/mokhax/spike/pkg/rpc/ability.twirp.go
+++ b/pkg/rpc/ability.twirp.go
@@ -68,7 +68,7 @@ func NewAbilityProtobufClient(baseURL string, client HTTPClient, opts ...twirp.C
 
 	// Build method URLs: <baseURL>[<prefix>]/<package>.<Service>/<Method>
 	serviceURL := sanitizeBaseURL(baseURL)
-	serviceURL += baseServicePath(pathPrefix, "authx.rpc", "Ability")
+	serviceURL += baseServicePath(pathPrefix, "authz.rpc", "Ability")
 	urls := [1]string{
 		serviceURL + "Allowed",
 	}
@@ -82,7 +82,7 @@ func NewAbilityProtobufClient(baseURL string, client HTTPClient, opts ...twirp.C
 }
 
 func (c *abilityProtobufClient) Allowed(ctx context.Context, in *AllowRequest) (*AllowReply, error) {
-	ctx = ctxsetters.WithPackageName(ctx, "authx.rpc")
+	ctx = ctxsetters.WithPackageName(ctx, "authz.rpc")
 	ctx = ctxsetters.WithServiceName(ctx, "Ability")
 	ctx = ctxsetters.WithMethodName(ctx, "Allowed")
 	caller := c.callAllowed
@@ -160,7 +160,7 @@ func NewAbilityJSONClient(baseURL string, client HTTPClient, opts ...twirp.Clien
 
 	// Build method URLs: <baseURL>[<prefix>]/<package>.<Service>/<Method>
 	serviceURL := sanitizeBaseURL(baseURL)
-	serviceURL += baseServicePath(pathPrefix, "authx.rpc", "Ability")
+	serviceURL += baseServicePath(pathPrefix, "authz.rpc", "Ability")
 	urls := [1]string{
 		serviceURL + "Allowed",
 	}
@@ -174,7 +174,7 @@ func NewAbilityJSONClient(baseURL string, client HTTPClient, opts ...twirp.Clien
 }
 
 func (c *abilityJSONClient) Allowed(ctx context.Context, in *AllowRequest) (*AllowReply, error) {
-	ctx = ctxsetters.WithPackageName(ctx, "authx.rpc")
+	ctx = ctxsetters.WithPackageName(ctx, "authz.rpc")
 	ctx = ctxsetters.WithServiceName(ctx, "Ability")
 	ctx = ctxsetters.WithMethodName(ctx, "Allowed")
 	caller := c.callAllowed
@@ -281,11 +281,11 @@ func (s *abilityServer) handleRequestBodyError(ctx context.Context, resp http.Re
 // Should be used with caution, it only matches routes generated by Twirp Go clients,
 // with the default "/twirp" prefix and default CamelCase service and method names.
 // More info: https://twitchtv.github.io/twirp/docs/routing.html
-const AbilityPathPrefix = "/twirp/authx.rpc.Ability/"
+const AbilityPathPrefix = "/twirp/authz.rpc.Ability/"
 
 func (s *abilityServer) ServeHTTP(resp http.ResponseWriter, req *http.Request) {
 	ctx := req.Context()
-	ctx = ctxsetters.WithPackageName(ctx, "authx.rpc")
+	ctx = ctxsetters.WithPackageName(ctx, "authz.rpc")
 	ctx = ctxsetters.WithServiceName(ctx, "Ability")
 	ctx = ctxsetters.WithResponseWriter(ctx, resp)
 
@@ -304,7 +304,7 @@ func (s *abilityServer) ServeHTTP(resp http.ResponseWriter, req *http.Request) {
 
 	// Verify path format: [<prefix>]/<package>.<Service>/<Method>
 	prefix, pkgService, method := parseTwirpPath(req.URL.Path)
-	if pkgService != "authx.rpc.Ability" {
+	if pkgService != "authz.rpc.Ability" {
 		msg := fmt.Sprintf("no handler for path %q", req.URL.Path)
 		s.writeError(ctx, resp, badRouteError(msg, req.Method, req.URL.Path))
 		return
@@ -518,7 +518,7 @@ func (s *abilityServer) ProtocGenTwirpVersion() string {
 // that is everything in a Twirp route except for the <Method>. This can be used for routing,
 // for example to identify the requests that are targeted to this service in a mux.
 func (s *abilityServer) PathPrefix() string {
-	return baseServicePath(s.pathPrefix, "authx.rpc", "Ability")
+	return baseServicePath(s.pathPrefix, "authz.rpc", "Ability")
 }
 
 // =====
@@ -1087,19 +1087,18 @@ func callClientError(ctx context.Context, h *twirp.ClientHooks, err twirp.Error)
 }
 
 var twirpFileDescriptor0 = []byte{
-	// 216 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x64, 0x90, 0xbd, 0x4e, 0xc3, 0x30,
-	0x14, 0x46, 0x29, 0x48, 0x4d, 0x7b, 0x05, 0x8b, 0x25, 0xc0, 0xea, 0xc0, 0x4f, 0xc4, 0xc0, 0x64,
-	0x4b, 0x30, 0x32, 0x95, 0x81, 0x07, 0xc8, 0xc8, 0x66, 0xbb, 0x57, 0xad, 0x89, 0x83, 0x2f, 0xfe,
-	0x11, 0xcd, 0xdb, 0x23, 0x39, 0x21, 0x8a, 0xd4, 0xf1, 0xf8, 0xc8, 0xfa, 0x8e, 0x2e, 0x5c, 0x29,
-	0x6d, 0x9d, 0x4d, 0xbd, 0xa0, 0xe0, 0x93, 0x67, 0x6b, 0x95, 0xd3, 0xe1, 0x28, 0x02, 0x99, 0x7a,
-	0x07, 0x97, 0x5b, 0xe7, 0xfc, 0x6f, 0x83, 0x3f, 0x19, 0x63, 0x62, 0x1c, 0xaa, 0x98, 0xf5, 0x17,
-	0x9a, 0xc4, 0x17, 0x0f, 0x8b, 0xe7, 0x75, 0xf3, 0x8f, 0xec, 0x0e, 0x80, 0x30, 0x74, 0x36, 0x46,
-	0xeb, 0xbf, 0xf9, 0x79, 0x91, 0xb3, 0x17, 0xb6, 0x81, 0x55, 0xc0, 0xe8, 0x73, 0x30, 0xc8, 0x2f,
-	0x8a, 0x9d, 0xb8, 0x7e, 0x02, 0x18, 0x57, 0xc8, 0xf5, 0xec, 0x06, 0x96, 0x01, 0x63, 0x76, 0xc3,
-	0xc4, 0xaa, 0x19, 0xe9, 0xe5, 0x03, 0xaa, 0xed, 0xd0, 0xc9, 0xde, 0xa0, 0x2a, 0x1f, 0x70, 0xc7,
-	0x6e, 0xc5, 0x54, 0x2b, 0xe6, 0xa9, 0x9b, 0xeb, 0x53, 0x41, 0xae, 0xaf, 0xcf, 0xde, 0x1f, 0x3f,
-	0xef, 0xf7, 0x36, 0x39, 0xa5, 0x85, 0xf1, 0x9d, 0xec, 0x7c, 0x7b, 0x50, 0x47, 0x19, 0xc9, 0xb6,
-	0x28, 0xa9, 0xdd, 0xcb, 0x40, 0x46, 0x2f, 0xcb, 0x21, 0x5e, 0xff, 0x02, 0x00, 0x00, 0xff, 0xff,
-	0xe2, 0x96, 0x42, 0xb1, 0x19, 0x01, 0x00, 0x00,
+	// 196 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4d, 0x4c, 0xca, 0xcc,
+	0xc9, 0x2c, 0xa9, 0xd4, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x4c, 0x2c, 0x2d, 0xc9, 0xa8,
+	0xd2, 0x2b, 0x2a, 0x48, 0x56, 0x4a, 0xe1, 0xe2, 0x71, 0xcc, 0xc9, 0xc9, 0x2f, 0x0f, 0x4a, 0x2d,
+	0x2c, 0x4d, 0x2d, 0x2e, 0x11, 0x92, 0xe0, 0x62, 0x2f, 0x2e, 0x4d, 0xca, 0x4a, 0x4d, 0x2e, 0x91,
+	0x60, 0x54, 0x60, 0xd4, 0xe0, 0x0c, 0x82, 0x71, 0x85, 0xe4, 0xb8, 0xb8, 0x0a, 0x52, 0x8b, 0x72,
+	0x33, 0x8b, 0x8b, 0x33, 0xf3, 0xf3, 0x24, 0x98, 0xc0, 0x92, 0x48, 0x22, 0x42, 0x52, 0x5c, 0x1c,
+	0x45, 0xa9, 0xc5, 0xf9, 0xa5, 0x45, 0xc9, 0xa9, 0x12, 0xcc, 0x60, 0x59, 0x38, 0x5f, 0x49, 0x85,
+	0x8b, 0x0b, 0x6a, 0x4b, 0x41, 0x4e, 0xa5, 0x90, 0x18, 0x17, 0x5b, 0x51, 0x6a, 0x71, 0x69, 0x0e,
+	0xc4, 0x0a, 0x8e, 0x20, 0x28, 0xcf, 0xc8, 0x8d, 0x8b, 0xdd, 0x11, 0xe2, 0x4e, 0x21, 0x6b, 0x2e,
+	0x76, 0xb0, 0x86, 0xd4, 0x14, 0x21, 0x71, 0x3d, 0xb8, 0x6b, 0xf5, 0x90, 0x9d, 0x2a, 0x25, 0x8a,
+	0x29, 0x51, 0x90, 0x53, 0xa9, 0xc4, 0xe0, 0xc4, 0x19, 0xc5, 0x5e, 0x90, 0x9d, 0xae, 0x5f, 0x54,
+	0x90, 0x9c, 0xc4, 0x06, 0xf6, 0xb0, 0x31, 0x20, 0x00, 0x00, 0xff, 0xff, 0x72, 0x35, 0x46, 0x7c,
+	0x01, 0x01, 0x00, 0x00,
 }
diff --git a/pkg/rpc/ability_grpc.pb.go b/pkg/rpc/ability_grpc.pb.go
deleted file mode 100644
index 4d74cc41..00000000
--- a/pkg/rpc/ability_grpc.pb.go
+++ /dev/null
@@ -1,121 +0,0 @@
-// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
-// versions:
-// - protoc-gen-go-grpc v1.5.1
-// - protoc             v3.19.6
-// source: ability.proto
-
-package rpc
-
-import (
-	context "context"
-	grpc "google.golang.org/grpc"
-	codes "google.golang.org/grpc/codes"
-	status "google.golang.org/grpc/status"
-)
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the grpc package it is being compiled against.
-// Requires gRPC-Go v1.64.0 or later.
-const _ = grpc.SupportPackageIsVersion9
-
-const (
-	Ability_Allowed_FullMethodName = "/authx.rpc.Ability/Allowed"
-)
-
-// AbilityClient is the client API for Ability service.
-//
-// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
-type AbilityClient interface {
-	Allowed(ctx context.Context, in *AllowRequest, opts ...grpc.CallOption) (*AllowReply, error)
-}
-
-type abilityClient struct {
-	cc grpc.ClientConnInterface
-}
-
-func NewAbilityClient(cc grpc.ClientConnInterface) AbilityClient {
-	return &abilityClient{cc}
-}
-
-func (c *abilityClient) Allowed(ctx context.Context, in *AllowRequest, opts ...grpc.CallOption) (*AllowReply, error) {
-	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
-	out := new(AllowReply)
-	err := c.cc.Invoke(ctx, Ability_Allowed_FullMethodName, in, out, cOpts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-// AbilityServer is the server API for Ability service.
-// All implementations must embed UnimplementedAbilityServer
-// for forward compatibility.
-type AbilityServer interface {
-	Allowed(context.Context, *AllowRequest) (*AllowReply, error)
-	mustEmbedUnimplementedAbilityServer()
-}
-
-// UnimplementedAbilityServer must be embedded to have
-// forward compatible implementations.
-//
-// NOTE: this should be embedded by value instead of pointer to avoid a nil
-// pointer dereference when methods are called.
-type UnimplementedAbilityServer struct{}
-
-func (UnimplementedAbilityServer) Allowed(context.Context, *AllowRequest) (*AllowReply, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method Allowed not implemented")
-}
-func (UnimplementedAbilityServer) mustEmbedUnimplementedAbilityServer() {}
-func (UnimplementedAbilityServer) testEmbeddedByValue()                 {}
-
-// UnsafeAbilityServer may be embedded to opt out of forward compatibility for this service.
-// Use of this interface is not recommended, as added methods to AbilityServer will
-// result in compilation errors.
-type UnsafeAbilityServer interface {
-	mustEmbedUnimplementedAbilityServer()
-}
-
-func RegisterAbilityServer(s grpc.ServiceRegistrar, srv AbilityServer) {
-	// If the following call pancis, it indicates UnimplementedAbilityServer was
-	// embedded by pointer and is nil.  This will cause panics if an
-	// unimplemented method is ever invoked, so we test this at initialization
-	// time to prevent it from happening at runtime later due to I/O.
-	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
-		t.testEmbeddedByValue()
-	}
-	s.RegisterService(&Ability_ServiceDesc, srv)
-}
-
-func _Ability_Allowed_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(AllowRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(AbilityServer).Allowed(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: Ability_Allowed_FullMethodName,
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(AbilityServer).Allowed(ctx, req.(*AllowRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-// Ability_ServiceDesc is the grpc.ServiceDesc for Ability service.
-// It's only intended for direct use with grpc.RegisterService,
-// and not to be introspected or modified (even as a copy)
-var Ability_ServiceDesc = grpc.ServiceDesc{
-	ServiceName: "authx.rpc.Ability",
-	HandlerType: (*AbilityServer)(nil),
-	Methods: []grpc.MethodDesc{
-		{
-			MethodName: "Allowed",
-			Handler:    _Ability_Allowed_Handler,
-		},
-	},
-	Streams:  []grpc.StreamDesc{},
-	Metadata: "ability.proto",
-}
diff --git a/pkg/rpc/ability_service.go b/pkg/rpc/ability_service.go
index 18327d52..db2e8fab 100644
--- a/pkg/rpc/ability_service.go
+++ b/pkg/rpc/ability_service.go
@@ -4,12 +4,11 @@ import (
 	context "context"
 
 	"github.com/cedar-policy/cedar-go"
-	"gitlab.com/mokhax/spike/pkg/gid"
-	"gitlab.com/mokhax/spike/pkg/policies"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/authz.d/pkg/gid"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/authz.d/pkg/policies"
 )
 
 type AbilityService struct {
-	UnimplementedAbilityServer
 }
 
 func NewAbilityService() *AbilityService {
diff --git a/pkg/rpc/server.go b/pkg/rpc/server.go
index 08246b5b..a37df9fc 100644
--- a/pkg/rpc/server.go
+++ b/pkg/rpc/server.go
@@ -1,11 +1,21 @@
 package rpc
 
 import (
-	grpc "google.golang.org/grpc"
+	fmt "fmt"
+	http "net/http"
 )
 
-func New(options ...grpc.ServerOption) *grpc.Server {
-	server := grpc.NewServer(options...)
-	RegisterAbilityServer(server, NewAbilityService())
-	return server
+func New() http.Handler {
+	mux := http.NewServeMux()
+	for _, handler := range handlers() {
+		fmt.Printf("Registering : %v\n", handler.PathPrefix())
+		mux.Handle(handler.PathPrefix(), handler)
+	}
+	return mux
+}
+
+func handlers() []TwirpServer {
+	return []TwirpServer{
+		NewAbilityServer(NewAbilityService()),
+	}
 }
diff --git a/pkg/rpc/server_test.go b/pkg/rpc/server_test.go
index da60f86a..fd6e6237 100644
--- a/pkg/rpc/server_test.go
+++ b/pkg/rpc/server_test.go
@@ -1,35 +1,19 @@
 package rpc
 
 import (
-	"net"
+	http "net/http"
+	"net/http/httptest"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	grpc "google.golang.org/grpc"
-	"google.golang.org/grpc/credentials/insecure"
 )
 
 func TestServer(t *testing.T) {
-	listener, err := net.Listen("tcp", "localhost:0")
-	require.NoError(t, err)
-	defer listener.Close()
+	srv := httptest.NewServer(New())
+	defer srv.Close()
 
-	server := New()
-	defer server.Stop()
-
-	go func() {
-		require.NoError(t, server.Serve(listener))
-	}()
-
-	connection, err := grpc.NewClient(
-		listener.Addr().String(),
-		grpc.WithTransportCredentials(insecure.NewCredentials()),
-	)
-	require.NoError(t, err)
-
-	defer connection.Close()
-	client := NewAbilityClient(connection)
+	client := NewAbilityProtobufClient(srv.URL, &http.Client{})
 
 	t.Run("forbids", func(t *testing.T) {
 		reply, err := client.Allowed(t.Context(), &AllowRequest{