From 2bb5b3ce0e618ab652159b986df252990f3d2f12 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Fri, 23 May 2025 17:26:45 -0600
Subject: feat: delegate to the remote authzd to check if the permission is
 granted

---
 pkg/authz/server.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'pkg/authz/server.go')

diff --git a/pkg/authz/server.go b/pkg/authz/server.go
index 49bcd3d..b890387 100644
--- a/pkg/authz/server.go
+++ b/pkg/authz/server.go
@@ -2,11 +2,15 @@ package authz
 
 import (
 	"context"
+	"net/http"
 
 	auth "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
+	"github.com/xlgmokha/x/pkg/env"
 	"github.com/xlgmokha/x/pkg/log"
 	"github.com/xlgmokha/x/pkg/x"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/authzd.git/pkg/rpc"
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/reflection"
 )
@@ -17,12 +21,16 @@ type Server struct {
 
 func New(ctx context.Context, options ...grpc.ServerOption) *Server {
 	logger := log.From(ctx)
+
 	server := grpc.NewServer(x.Prepend(
 		options,
 		grpc.UnaryInterceptor(pls.LogGRPC(logger)),
 		grpc.StreamInterceptor(pls.LogGRPCStream(logger)),
 	)...)
-	auth.RegisterAuthorizationServer(server, &CheckService{})
+	auth.RegisterAuthorizationServer(server, NewCheckService(rpc.NewAbilityProtobufClient(
+		env.Fetch("AUTHZD_HOST", "https://authzd.staging.runway.gitlab.net"),
+		&http.Client{Transport: &web.Transport{Logger: logger}},
+	)))
 	reflection.Register(server)
 
 	return &Server{
-- 
cgit v1.2.3