Merge branch 'rs' into 'main'

Re-write the authorization daemon in rust

See merge request gitlab-org/software-supply-chain-security/authorization/authzd!1

1 files changed, 35 insertions, 0 deletions

diff --git a/src/authorization/check_service.rs b/src/authorization/check_service.rs
new file mode 100644
index 00000000..57f7b5d5
--- /dev/null
+++ b/src/authorization/check_service.rs
@@ -0,0 +1,35 @@
+use envoy_types::ext_authz::v3::CheckResponseExt;
+use envoy_types::ext_authz::v3::pb::{CheckRequest, CheckResponse};
+use std::sync::Arc;
+use tonic::{Request, Response, Status};
+
+use super::authorizer::Authorizer;
+
+#[derive(Debug)]
+pub struct CheckService {
+    authorizer: Arc<dyn Authorizer + Send + Sync>,
+}
+
+impl CheckService {
+    pub fn new(authorizer: Arc<dyn Authorizer + Send + Sync>) -> Self {
+        Self { authorizer }
+    }
+}
+
+#[tonic::async_trait]
+impl envoy_types::ext_authz::v3::pb::Authorization for CheckService {
+    async fn check(
+        &self,
+        request: Request<CheckRequest>,
+    ) -> Result<Response<CheckResponse>, Status> {
+        if self.authorizer.authorize(request.into_inner()) {
+            log::info!("OK");
+            Ok(Response::new(CheckResponse::with_status(Status::ok("OK"))))
+        } else {
+            log::info!("Unauthorized");
+            Ok(Response::new(CheckResponse::with_status(
+                Status::unauthenticated("Unauthorized"),
+            )))
+        }
+    }
+}