From 8eb64aec1fc89a900dd2f3decaff86bf9097986c Mon Sep 17 00:00:00 2001 From: mo khan Date: Sat, 24 May 2025 00:53:06 -0600 Subject: refactor: do not make rpc call from authzd --- pkg/authz/check_service.go | 25 ++----------------------- pkg/authz/server.go | 9 +-------- 2 files changed, 3 insertions(+), 31 deletions(-) (limited to 'pkg/authz') diff --git a/pkg/authz/check_service.go b/pkg/authz/check_service.go index 13b4017..bb2e960 100644 --- a/pkg/authz/check_service.go +++ b/pkg/authz/check_service.go @@ -8,10 +8,8 @@ import ( core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" auth "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3" types "github.com/envoyproxy/go-control-plane/envoy/type/v3" - "github.com/xlgmokha/x/pkg/env" "github.com/xlgmokha/x/pkg/log" "github.com/xlgmokha/x/pkg/x" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/authzd.git/pkg/rpc" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls" status "google.golang.org/genproto/googleapis/rpc/status" "google.golang.org/grpc/codes" @@ -43,13 +41,10 @@ var permissions map[string]string = map[string]string{ type CheckService struct { auth.UnimplementedAuthorizationServer - ability rpc.Ability } -func NewCheckService(ability rpc.Ability) *CheckService { - return &CheckService{ - ability: ability, - } +func NewCheckService() *CheckService { + return &CheckService{} } func (svc *CheckService) Check(ctx context.Context, request *auth.CheckRequest) (*auth.CheckResponse, error) { @@ -107,22 +102,6 @@ func (svc *CheckService) isLoggedIn(ctx context.Context, r *auth.CheckRequest) b if x.IsZero(idToken) { return false } - - if env.Fetch("APP_ENV", "") == "development" { - permission := svc.permissionFor(r.Attributes.Request.Http) - if x.IsPresent(permission) { - reply, err := svc.ability.Allowed(ctx, &rpc.AllowRequest{ - Subject: idToken.Subject, - Permission: permission, - Resource: "gid://sparkled/" + r.Attributes.Request.Http.Path, - }) - if err != nil { - pls.LogError(ctx, err) - return false - } - return reply.Result - } - } return true } return false diff --git a/pkg/authz/server.go b/pkg/authz/server.go index b890387..e1b0669 100644 --- a/pkg/authz/server.go +++ b/pkg/authz/server.go @@ -2,15 +2,11 @@ package authz import ( "context" - "net/http" auth "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3" - "github.com/xlgmokha/x/pkg/env" "github.com/xlgmokha/x/pkg/log" "github.com/xlgmokha/x/pkg/x" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/authzd.git/pkg/rpc" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web" "google.golang.org/grpc" "google.golang.org/grpc/reflection" ) @@ -27,10 +23,7 @@ func New(ctx context.Context, options ...grpc.ServerOption) *Server { grpc.UnaryInterceptor(pls.LogGRPC(logger)), grpc.StreamInterceptor(pls.LogGRPCStream(logger)), )...) - auth.RegisterAuthorizationServer(server, NewCheckService(rpc.NewAbilityProtobufClient( - env.Fetch("AUTHZD_HOST", "https://authzd.staging.runway.gitlab.net"), - &http.Client{Transport: &web.Transport{Logger: logger}}, - ))) + auth.RegisterAuthorizationServer(server, NewCheckService()) reflection.Register(server) return &Server{ -- cgit v1.2.3