From 2e6d541b2d182f3750dd7033d0e60b849b3e23f8 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 14 Jul 2025 14:02:17 -0600 Subject: chore: run authzd on 50052 instead of 50051 to prevent port collision --- src/bin/cli.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/bin/cli.rs b/src/bin/cli.rs index 837ef80f..78aa1ba1 100644 --- a/src/bin/cli.rs +++ b/src/bin/cli.rs @@ -40,7 +40,7 @@ enum Commands { }, Server { /// Address to bind to - #[arg(short, long, env = "BIND_ADDR", default_value = "127.0.0.1:50051")] + #[arg(short, long, env = "BIND_ADDR", default_value = "127.0.0.1:50052")] addr: String, }, } -- cgit v1.2.3 From debf8403c595c98213bf17913824b081262c15e2 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 14 Jul 2025 14:32:53 -0600 Subject: chore: handle health checks in envoy rather than authzd --- Cargo.toml | 2 -- etc/envoy/envoy.yaml | 3 +++ src/authorization/server.rs | 16 +--------------- 3 files changed, 4 insertions(+), 17 deletions(-) (limited to 'src') diff --git a/Cargo.toml b/Cargo.toml index c99f5625..0a3f3483 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -22,8 +22,6 @@ serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" tokio = { version = "1.0.0", features = ["macros", "rt-multi-thread"] } tonic = "0.13.1" -tonic-health = "0.13.1" -tonic-reflection = "0.13.1" tracing = "0.1" tracing-subscriber = { version = "0.3", features = ["json"] } urlencoding = "2.1" diff --git a/etc/envoy/envoy.yaml b/etc/envoy/envoy.yaml index bfe2ce16..62f8345b 100644 --- a/etc/envoy/envoy.yaml +++ b/etc/envoy/envoy.yaml @@ -131,6 +131,9 @@ static_resources: - name: ":path" string_match: exact: "/health" + cluster_min_healthy_percentages: + authzd: 100.0 + spicedb: 100.0 - name: envoy.filters.http.router typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router diff --git a/src/authorization/server.rs b/src/authorization/server.rs index 90d3edf6..31bf2af8 100644 --- a/src/authorization/server.rs +++ b/src/authorization/server.rs @@ -9,25 +9,11 @@ pub struct Server { impl Server { pub fn new(authorizer: T) -> Result> { - let (health_reporter, health_service) = tonic_health::server::health_reporter(); - std::mem::drop( - health_reporter.set_service_status("", tonic_health::ServingStatus::Serving), - ); let authorization_service = AuthorizationServer::new(CheckService::new(Arc::new(authorizer))); - let reflection_service = tonic_reflection::server::Builder::configure() - .register_encoded_file_descriptor_set(tonic_health::pb::FILE_DESCRIPTOR_SET) - .register_encoded_file_descriptor_set(include_bytes!( - "../../vendor/envoy-types/src/generated/types.bin" - )) - .build_v1()?; - Ok(Self::new_with(|mut builder| { - builder - .add_service(authorization_service) - .add_service(health_service) - .add_service(reflection_service) + builder.add_service(authorization_service) })) } -- cgit v1.2.3 From 1221acc75b7589f719c0157f239726d5bf270efc Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 14 Jul 2025 16:02:44 -0600 Subject: chore: fix linter error with type complexity --- src/authorization/entities.rs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/authorization/entities.rs b/src/authorization/entities.rs index ec1a7a1b..050f6f26 100644 --- a/src/authorization/entities.rs +++ b/src/authorization/entities.rs @@ -1,6 +1,10 @@ use crate::gitlab::Api; use serde::Serialize; use std::collections::HashSet; +use std::future::Future; +use std::pin::Pin; + +type BoxFuture<'a, T> = Pin + 'a>>; // Cedar entity structures // Note: We define custom types instead of using cedar_policy::Entity directly because: @@ -102,9 +106,7 @@ impl EntitiesRepository { group_id: u64, entities: &'a mut Vec, groups: &'a mut HashSet, - ) -> std::pin::Pin< - Box>> + 'a>, - > { + ) -> BoxFuture<'a, Result<(), Box>> { Box::pin(async move { if groups.contains(&group_id) { return Ok(()); -- cgit v1.2.3