feat: delegate to the remote authzd to check if the permission is granted

1 files changed, 9 insertions, 1 deletions

diff --git a/pkg/authz/server.go b/pkg/authz/server.go
index 49bcd3d..b890387 100644
--- a/pkg/authz/server.go
+++ b/pkg/authz/server.go
@@ -2,11 +2,15 @@ package authz
 
 import (
 	"context"
+	"net/http"
 
 	auth "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
+	"github.com/xlgmokha/x/pkg/env"
 	"github.com/xlgmokha/x/pkg/log"
 	"github.com/xlgmokha/x/pkg/x"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/authzd.git/pkg/rpc"
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/reflection"
 )
@@ -17,12 +21,16 @@ type Server struct {
 
 func New(ctx context.Context, options ...grpc.ServerOption) *Server {
 	logger := log.From(ctx)
+
 	server := grpc.NewServer(x.Prepend(
 		options,
 		grpc.UnaryInterceptor(pls.LogGRPC(logger)),
 		grpc.StreamInterceptor(pls.LogGRPCStream(logger)),
 	)...)
-	auth.RegisterAuthorizationServer(server, &CheckService{})
+	auth.RegisterAuthorizationServer(server, NewCheckService(rpc.NewAbilityProtobufClient(
+		env.Fetch("AUTHZD_HOST", "https://authzd.staging.runway.gitlab.net"),
+		&http.Client{Transport: &web.Transport{Logger: logger}},
+	)))
 	reflection.Register(server)
 
 	return &Server{