Commit 27e5b88

mo khan <mo@mokhan.ca>
2025-03-06 18:24:42
refactor: use protobuf3 and define twirp service
main
1 parent 0fb8fe9
Changed files (10)
bin
api
idp
rpc
ui
lib
ability_pb.rb
ability_services_pb.rb
ability_twirp.rb
protos
ability.proto
go.sum
magefile.go
bin/api
@@ -79,8 +79,8 @@ class API
   def authorized?(request, permission)
     # TODO:: Check the JWT for the appropriate claim
     # Connect to the Authz RPC endpoint Ability.allowed?(subject, permission, resource)
-    client = ::Ability::Stub.new('localhost:50051', :this_channel_is_insecure) # TODO:: memorize client
-    reply = client.allowed(AllowRequest.new(subject: "", permission: permission, resource: ""))
+    client = ::Authx::Ability::Stub.new('localhost:50051', :this_channel_is_insecure) # TODO:: memorize client
+    reply = client.allowed(::Authx::AllowRequest.new(subject: "", permission: permission, resource: ""))
     puts "***" * 10
     puts reply.inspect
     puts "***" * 10
@@ -119,6 +119,7 @@ end
 
 if __FILE__ == $0
   app = Rack::Builder.new do
+    use Rack::CommonLogger
     use Rack::Reloader
     run API.new
   end.to_app
bin/idp
@@ -328,6 +328,7 @@ end
 
 if __FILE__ == $0
   app = Rack::Builder.new do
+    use Rack::CommonLogger
     use Rack::Reloader
     run IdentityProvider.new
   end.to_app
bin/rpc
@@ -22,12 +22,12 @@ class ProjectPolicy < DeclarativePolicy::Base
   rule { owner }.enable :create_project
 end
 
-class AbilityHandler < ::Ability::Service
+class AbilityHandler < ::Authx::Ability::Service
   def allowed(request, _call)
     puts [request, _call].inspect
     GRPC.logger.info([request, _call].inspect)
 
-    AllowReply.new(result: true)
+    ::Authx::AllowReply.new(result: true)
     # TODO:: entrypoint to declarative policies
     # AllowReply.new(result: policy_for(request).can?(request.permission))
   end
bin/ui
@@ -156,6 +156,7 @@ end
 
 if __FILE__ == $0
   app = Rack::Builder.new do
+    use Rack::CommonLogger
     use Rack::Reloader
     run UI.new
   end.to_app
lib/ability_pb.rb
@@ -5,10 +5,12 @@
 require 'google/protobuf'
 
 
-descriptor_data = "\n\rability.proto\"E\n\x0c\x41llowRequest\x12\x0f\n\x07subject\x18\x01 \x02(\t\x12\x12\n\npermission\x18\x02 \x02(\t\x12\x10\n\x08resource\x18\x03 \x02(\t\"\x1c\n\nAllowReply\x12\x0e\n\x06result\x18\x01 \x02(\x08\x32\x32\n\x07\x41\x62ility\x12\'\n\x07\x41llowed\x12\r.AllowRequest\x1a\x0b.AllowReply\"\x00"
+descriptor_data = "\n\rability.proto\x12\x05\x61uthx\"E\n\x0c\x41llowRequest\x12\x0f\n\x07subject\x18\x01 \x01(\t\x12\x12\n\npermission\x18\x02 \x01(\t\x12\x10\n\x08resource\x18\x03 \x01(\t\"\x1c\n\nAllowReply\x12\x0e\n\x06result\x18\x01 \x01(\x08\x32>\n\x07\x41\x62ility\x12\x33\n\x07\x41llowed\x12\x13.authx.AllowRequest\x1a\x11.authx.AllowReply\"\x00\x62\x06proto3"
 
 pool = Google::Protobuf::DescriptorPool.generated_pool
 pool.add_serialized_file(descriptor_data)
 
-AllowRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("AllowRequest").msgclass
-AllowReply = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("AllowReply").msgclass
+module Authx
+  AllowRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authx.AllowRequest").msgclass
+  AllowReply = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authx.AllowReply").msgclass
+end
lib/ability_services_pb.rb
@@ -1,20 +1,22 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
-# Source: ability.proto for package ''
+# Source: ability.proto for package 'authx'
 
 require 'grpc'
 require 'ability_pb'
 
-module Ability
-  class Service
+module Authx
+  module Ability
+    class Service
 
-    include ::GRPC::GenericService
+      include ::GRPC::GenericService
 
-    self.marshal_class_method = :encode
-    self.unmarshal_class_method = :decode
-    self.service_name = 'Ability'
+      self.marshal_class_method = :encode
+      self.unmarshal_class_method = :decode
+      self.service_name = 'authx.Ability'
 
-    rpc :Allowed, ::AllowRequest, ::AllowReply
-  end
+      rpc :Allowed, ::Authx::AllowRequest, ::Authx::AllowReply
+    end
 
-  Stub = Service.rpc_stub_class
+    Stub = Service.rpc_stub_class
+  end
 end
lib/ability_twirp.rb
@@ -0,0 +1,15 @@
+# Code generated by protoc-gen-twirp_ruby 1.11.0, DO NOT EDIT.
+require 'twirp'
+require_relative 'ability_pb.rb'
+
+module Authx
+  class AbilityService < ::Twirp::Service
+    package 'authx'
+    service 'Ability'
+    rpc :Allowed, AllowRequest, AllowReply, :ruby_method => :allowed
+  end
+
+  class AbilityClient < ::Twirp::Client
+    client_for AbilityService
+  end
+end
protos/ability.proto
@@ -1,13 +1,17 @@
+syntax = "proto3";
+
+package authx;
+
 service Ability {
   rpc Allowed (AllowRequest) returns (AllowReply) {}
 }
 
 message AllowRequest {
-  required string subject = 1;
-  required string permission = 2;
-  required string resource = 3;
+  string subject = 1;
+  string permission = 2;
+  string resource = 3;
 }
 
 message AllowReply {
-  required bool result = 1;
+  bool result = 1;
 }
go.sum
@@ -13,6 +13,7 @@ github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/magefile/mage v1.15.0 h1:BvGheCMAsG3bWUDbZ8AyXXpCNwU9u5CB6sM+HNb9HYg=
 github.com/magefile/mage v1.15.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
@@ -30,6 +31,7 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
magefile.go
@@ -80,7 +80,17 @@ func Browser() error {
 func Protos() error {
 	files := x.Must(filepath.Glob("./protos/*.proto"))
 	for _, file := range files {
-		if err := sh.RunV(
+		var err error
+		if err = sh.RunV(
+			"protoc",
+			"--proto_path=./protos",
+			"--ruby_out=lib",
+			"--twirp_ruby_out=lib",
+			file,
+		); err != nil {
+			return err
+		}
+		if err = sh.RunV(
 			"grpc_tools_ruby_protoc",
 			"--proto_path=./protos",
 			"--ruby_out=lib",