From f94f79608393d4ab127db63cc41668445ef6b243 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Tue, 15 Jul 2025 14:44:57 -0600
Subject: chore: do not use --insecure option on TLS endpoints

---
 Makefile | 29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)

diff --git a/Makefile b/Makefile
index 96c93ce0..6f08a38d 100644
--- a/Makefile
+++ b/Makefile
@@ -3,6 +3,17 @@ GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD | sed 's/\//_/g')
 PROJECT_NAME := $(shell basename $(shell pwd))
 IMAGE_TAG := $(PROJECT_NAME):$(GIT_BRANCH)
 
+# SpiceDB configuration
+SPICEDB_ENDPOINT ?= localhost:20000
+SPICEDB_TOKEN ?= secret
+
+# Set ZED command with appropriate flags
+ifeq ($(findstring :443,$(SPICEDB_ENDPOINT)),:443)
+ZED_CMD = zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)"
+else
+ZED_CMD = zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" --insecure
+endif
+
 .PHONY: build check test run clean fmt lint doc vendor
 .PHONY: build-image run-image
 .PHONY: health-check list-services
@@ -84,17 +95,15 @@ production-entities: $(AUTHZD_BIN) check-gitlab-token
 # Usage: make run-spicedb-setup SPICEDB_ENDPOINT=localhost:20000
 #        make run-spicedb-setup SPICEDB_ENDPOINT=authzd.staging.runway.gitlab.net:443
 #        make run-spicedb-setup SPICEDB_ENDPOINT=authzd.runway.gitlab.net:443
-SPICEDB_ENDPOINT ?= localhost:20000
-SPICEDB_TOKEN ?= secret
 
 run-spicedb-setup:
-	@zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" --insecure schema write etc/authzd/spice.schema
-	@zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" --insecure schema read
-	@zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" --insecure relationship create project:1 maintainer user:mokhax
-	@zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" --insecure relationship create project:1 developer user:tanuki
+	@$(ZED_CMD) schema write etc/authzd/spice.schema
+	@$(ZED_CMD) schema read
+	@$(ZED_CMD) relationship create project:1 maintainer user:mokhax
+	@$(ZED_CMD) relationship create project:1 developer user:tanuki
 
 run-spicedb-permission-check:
-	@zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" --insecure permission check project:1 read user:mokhax
-	@zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" --insecure permission check project:1 write user:mokhax
-	@zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" --insecure permission check project:1 read user:tanuki
-	@zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" --insecure permission check project:1 write user:tanuki
+	@$(ZED_CMD) permission check project:1 read user:mokhax
+	@$(ZED_CMD) permission check project:1 write user:mokhax
+	@$(ZED_CMD) permission check project:1 read user:tanuki
+	@$(ZED_CMD) permission check project:1 write user:tanuki
-- 
cgit v1.2.3