diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-22 17:35:49 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-22 17:35:49 -0600 |
| commit | 20ef0d92694465ac86b550df139e8366a0a2b4fa (patch) | |
| tree | 3f14589e1ce6eb9306a3af31c3a1f9e1af5ed637 /cmd/authzd/main.go | |
| parent | 44e0d272c040cdc53a98b9f1dc58ae7da67752e6 (diff) | |
feat: connect to spicedb
Diffstat (limited to 'cmd/authzd/main.go')
| -rw-r--r-- | cmd/authzd/main.go | 47 |
1 files changed, 11 insertions, 36 deletions
diff --git a/cmd/authzd/main.go b/cmd/authzd/main.go index 37d2cf5..a68d16c 100644 --- a/cmd/authzd/main.go +++ b/cmd/authzd/main.go @@ -2,7 +2,6 @@ package main import ( "context" - "crypto/x509" "net" "os" "os/signal" @@ -13,26 +12,25 @@ import ( "github.com/xlgmokha/x/pkg/x" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/authz" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls" - "google.golang.org/grpc" - "google.golang.org/grpc/credentials" - "google.golang.org/grpc/credentials/insecure" ) func main() { logger := log.New(os.Stdout, log.Fields{"app": "authzd"}) ctx := logger.WithContext(context.Background()) - host := env.Fetch("AUTHZD_HOST", "localhost:50051") - connection, err := grpc.NewClient( - host, - grpc.WithTransportCredentials(credentialsFor(ctx, host)), - ) - if err != nil { - pls.LogErrorNow(ctx, err) - } + connection := authz.NewGrpcConnection(ctx, env.Fetch("AUTHZD_HOST", ":20000")) defer connection.Close() - server := authz.New(authz.Connection.With(ctx, connection)) + client := authz.NewSpiceDBClient( + ctx, + env.Fetch("ZED_ENDPOINT", ":50051"), + env.Fetch("ZED_TOKEN", "secret"), + ) + defer client.Close() + + ctx = authz.Connection.With(ctx, connection) + ctx = authz.Client.With(ctx, client) + server := authz.New(ctx) c := make(chan os.Signal, 1) signal.Notify(c, syscall.SIGINT, syscall.SIGTERM) @@ -47,26 +45,3 @@ func main() { socket := x.Must(net.Listen("tcp", ":10003")) pls.LogErrorNow(ctx, server.Serve(socket)) } - -func credentialsFor(ctx context.Context, host string) credentials.TransportCredentials { - if host == "" { - return insecure.NewCredentials() - } - - _, port, err := net.SplitHostPort(host) - if err != nil { - pls.LogError(ctx, err) - return insecure.NewCredentials() - } - - if port != "443" { - return insecure.NewCredentials() - } - - pool, err := x509.SystemCertPool() - if err != nil { - return insecure.NewCredentials() - } - - return credentials.NewClientTLSFromCert(pool, "") -} |