diff options
| author | mo khan <mo@mokhan.ca> | 2025-05-02 16:05:53 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-05-02 16:05:53 -0600 |
| commit | a3d5ee1225e2ce0b6cf3b90525a6876ca8f5ef8c (patch) | |
| tree | 429faf79855a2614b4c18bb286f94f474caf7e5c /pkg | |
| parent | 649b71d7fd2d6768460a37ed0d9e6ce7a1202a4f (diff) | |
refactor: connect logging to http requests
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/rpc/ability_service.go | 26 | ||||
| -rw-r--r-- | pkg/rpc/server.go | 25 | ||||
| -rw-r--r-- | pkg/rpc/server_test.go | 61 |
3 files changed, 0 insertions, 112 deletions
diff --git a/pkg/rpc/ability_service.go b/pkg/rpc/ability_service.go deleted file mode 100644 index db2e8fab..00000000 --- a/pkg/rpc/ability_service.go +++ /dev/null @@ -1,26 +0,0 @@ -package rpc - -import ( - context "context" - - "github.com/cedar-policy/cedar-go" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/authz.d/pkg/gid" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/authz.d/pkg/policies" -) - -type AbilityService struct { -} - -func NewAbilityService() *AbilityService { - return &AbilityService{} -} - -func (h *AbilityService) Allowed(ctx context.Context, req *AllowRequest) (*AllowReply, error) { - ok := policies.Allowed(cedar.Request{ - Principal: gid.NewEntityUID(req.Subject), - Action: cedar.NewEntityUID("Permission", cedar.String(req.Permission)), - Resource: gid.NewEntityUID(req.Resource), - Context: cedar.NewRecord(cedar.RecordMap{}), - }) - return &AllowReply{Result: ok}, nil -} diff --git a/pkg/rpc/server.go b/pkg/rpc/server.go deleted file mode 100644 index a71ed8ca..00000000 --- a/pkg/rpc/server.go +++ /dev/null @@ -1,25 +0,0 @@ -package rpc - -import ( - fmt "fmt" - http "net/http" -) - -func New() http.Handler { - mux := http.NewServeMux() - for _, handler := range handlers() { - fmt.Printf("Registering : %v\n", handler.PathPrefix()) - mux.Handle(handler.PathPrefix(), handler) - } - - mux.Handle("/health", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.WriteHeader(http.StatusOK) - })) - return mux -} - -func handlers() []TwirpServer { - return []TwirpServer{ - NewAbilityServer(NewAbilityService()), - } -} diff --git a/pkg/rpc/server_test.go b/pkg/rpc/server_test.go deleted file mode 100644 index f026480b..00000000 --- a/pkg/rpc/server_test.go +++ /dev/null @@ -1,61 +0,0 @@ -package rpc - -import ( - http "net/http" - "net/http/httptest" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -func TestServer(t *testing.T) { - handler := New() - srv := httptest.NewServer(handler) - defer srv.Close() - - t.Run("Ability.Allowed", func(t *testing.T) { - client := NewAbilityProtobufClient(srv.URL, &http.Client{}) - - t.Run("forbids", func(t *testing.T) { - reply, err := client.Allowed(t.Context(), &AllowRequest{ - Subject: "", - Permission: "", - Resource: "", - }) - require.NoError(t, err) - assert.False(t, reply.Result) - }) - - t.Run("allows alice:view:jane_vacation", func(t *testing.T) { - reply, err := client.Allowed(t.Context(), &AllowRequest{ - Subject: "gid://example/User/alice", - Permission: "view", - Resource: "gid://example/Album/jane_vacation", - }) - require.NoError(t, err) - assert.True(t, reply.Result) - }) - - t.Run("allows gid://User/1 read gid://Organization/2", func(t *testing.T) { - reply, err := client.Allowed(t.Context(), &AllowRequest{ - Subject: "gid://example/User/1", - Permission: "read", - Resource: "gid://example/Organization/2", - }) - require.NoError(t, err) - assert.True(t, reply.Result) - }) - }) - - t.Run("GET /health", func(t *testing.T) { - t.Run("returns OK", func(t *testing.T) { - r := httptest.NewRequest("GET", "/health", nil) - w := httptest.NewRecorder() - - handler.ServeHTTP(w, r) - - assert.Equal(t, http.StatusOK, w.Code) - }) - }) -} |