refactor: Update RequirePermission middleware to connect to spicedb CheckPermission API

2 files changed, 26 insertions, 12 deletions

diff --git a/pkg/authz/grpc.go b/pkg/authz/grpc.go
index 9851db4..ad5cc04 100644
--- a/pkg/authz/grpc.go
+++ b/pkg/authz/grpc.go
@@ -26,18 +26,6 @@ func NewGrpcConnection(ctx context.Context, host string) *grpc.ClientConn {
 	return connection
 }
 
-func NewSpiceDBClient(ctx context.Context, host string, presharedKey string) *authzed.Client {
-	client, err := authzed.NewClient(
-		host,
-		grpc.WithTransportCredentials(credentialsFor(ctx, host)),
-		grpc.WithPerRPCCredentials(NewBearerToken(presharedKey)),
-	)
-	if err != nil {
-		pls.LogErrorNow(ctx, err)
-	}
-	return client
-}
-
 func credentialsFor(ctx context.Context, host string) credentials.TransportCredentials {
 	if host == "" {
 		return insecure.NewCredentials()
diff --git a/pkg/authz/spice.go b/pkg/authz/spice.go
new file mode 100644
index 0000000..a45a732
--- /dev/null
+++ b/pkg/authz/spice.go
@@ -0,0 +1,26 @@
+package authz
+
+import (
+	"context"
+
+	v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"
+	"github.com/authzed/authzed-go/v1"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls"
+	"google.golang.org/grpc"
+)
+
+func NewSpiceDBClient(ctx context.Context, host string, presharedKey string) *authzed.Client {
+	client, err := authzed.NewClient(
+		host,
+		grpc.WithTransportCredentials(credentialsFor(ctx, host)),
+		grpc.WithPerRPCCredentials(NewBearerToken(presharedKey)),
+	)
+	if err != nil {
+		pls.LogErrorNow(ctx, err)
+	}
+	return client
+}
+
+type CheckPermission interface {
+	CheckPermission(ctx context.Context, in *v1.CheckPermissionRequest, opts ...grpc.CallOption) (*v1.CheckPermissionResponse, error)
+}