From 944ef4ca499fe27a57d4cd3c21bccb99508526ca Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Wed, 23 Jul 2025 11:50:42 -0600
Subject: refactor: Update RequirePermission middleware to connect to spicedb
 CheckPermission API

---
 pkg/authz/grpc.go  | 12 ------------
 pkg/authz/spice.go | 26 ++++++++++++++++++++++++++
 2 files changed, 26 insertions(+), 12 deletions(-)
 create mode 100644 pkg/authz/spice.go

(limited to 'pkg')

diff --git a/pkg/authz/grpc.go b/pkg/authz/grpc.go
index 9851db4..ad5cc04 100644
--- a/pkg/authz/grpc.go
+++ b/pkg/authz/grpc.go
@@ -26,18 +26,6 @@ func NewGrpcConnection(ctx context.Context, host string) *grpc.ClientConn {
 	return connection
 }
 
-func NewSpiceDBClient(ctx context.Context, host string, presharedKey string) *authzed.Client {
-	client, err := authzed.NewClient(
-		host,
-		grpc.WithTransportCredentials(credentialsFor(ctx, host)),
-		grpc.WithPerRPCCredentials(NewBearerToken(presharedKey)),
-	)
-	if err != nil {
-		pls.LogErrorNow(ctx, err)
-	}
-	return client
-}
-
 func credentialsFor(ctx context.Context, host string) credentials.TransportCredentials {
 	if host == "" {
 		return insecure.NewCredentials()
diff --git a/pkg/authz/spice.go b/pkg/authz/spice.go
new file mode 100644
index 0000000..a45a732
--- /dev/null
+++ b/pkg/authz/spice.go
@@ -0,0 +1,26 @@
+package authz
+
+import (
+	"context"
+
+	v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"
+	"github.com/authzed/authzed-go/v1"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls"
+	"google.golang.org/grpc"
+)
+
+func NewSpiceDBClient(ctx context.Context, host string, presharedKey string) *authzed.Client {
+	client, err := authzed.NewClient(
+		host,
+		grpc.WithTransportCredentials(credentialsFor(ctx, host)),
+		grpc.WithPerRPCCredentials(NewBearerToken(presharedKey)),
+	)
+	if err != nil {
+		pls.LogErrorNow(ctx, err)
+	}
+	return client
+}
+
+type CheckPermission interface {
+	CheckPermission(ctx context.Context, in *v1.CheckPermissionRequest, opts ...grpc.CallOption) (*v1.CheckPermissionResponse, error)
+}
-- 
cgit v1.2.3