refactor: use remote service when it is available

author: mo khan <mo@mokhan.ca> 2025-07-11 17:05:54 -0600
committer: mo khan <mo@mokhan.ca> 2025-07-11 17:05:54 -0600
commit: 16c27cd885b9c0d1241dfead3120643f0e8c556c (patch)
tree: a5511fe2df6b5f9cd5eeccefc776a163c9412c51 /pkg/authz
parent: 00e0aa6b8adf1eab0b821aa26ec2f97d51d15dd8 (diff)
1 files changed, 14 insertions, 15 deletions
diff --git a/pkg/authz/server.go b/pkg/authz/server.go
index 6eedcca..4ab7c17 100644
--- a/pkg/authz/server.go
+++ b/pkg/authz/server.go
@@ -27,25 +27,24 @@ func New(ctx context.Context, options ...grpc.ServerOption) *Server {
 		grpc.StreamInterceptor(pls.LogGRPCStream(logger)),
 	)...)
 
-	connection := Connection.From(ctx)
+	auth.RegisterAuthorizationServer(server, authorizationServiceFor(ctx))
+	reflection.Register(server)
+
+	return &Server{
+		Server: server,
+	}
+}
 
-	if x.IsZero(connection) {
-		auth.RegisterAuthorizationServer(server, NewLocalCheckService())
-	} else {
+func authorizationServiceFor(ctx context.Context) auth.AuthorizationServer {
+	connection := Connection.From(ctx)
+	svcs := []auth.AuthorizationServer{}
+	if x.IsPresent(connection) {
 		pls.LogNow(ctx, log.Fields{"authzd": map[string]string{
 			"target": connection.CanonicalTarget(),
 			"state":  connection.GetState().String(),
 		}})
-		auth.RegisterAuthorizationServer(
-			server,
-			NewRemoteCheckService(
-				auth.NewAuthorizationClient(connection),
-			),
-		)
-	}
-	reflection.Register(server)
-
-	return &Server{
-		Server: server,
+		svcs = append(svcs, NewRemoteCheckService(auth.NewAuthorizationClient(connection)))
 	}
+	svcs = append(svcs, NewLocalCheckService())
+	return NewCheckService(svcs)
 }
author	mo khan <mo@mokhan.ca>	2025-07-11 17:05:54 -0600
committer	mo khan <mo@mokhan.ca>	2025-07-11 17:05:54 -0600
commit	16c27cd885b9c0d1241dfead3120643f0e8c556c (patch)
tree	a5511fe2df6b5f9cd5eeccefc776a163c9412c51 /pkg/authz
parent	00e0aa6b8adf1eab0b821aa26ec2f97d51d15dd8 (diff)