Commit c851e7d

mo khan <mo@mokhan.ca>
2025-04-02 03:50:36
refactor: decouple authzd from cedar authorizer
main
1 parent 7f6dddc
Changed files (4)
cmd
authzd
main.go
pkg
rpc
ability_handler.go
server.go
server_test.go
cmd/authzd/main.go
@@ -6,12 +6,11 @@ import (
 
 	"github.com/xlgmokha/x/pkg/env"
 	"github.com/xlgmokha/x/pkg/x"
-	"gitlab.com/mokhax/spike/pkg/authz"
 	"gitlab.com/mokhax/spike/pkg/rpc"
 )
 
 func main() {
-	server := rpc.New(authz.WithCedar())
+	server := rpc.New()
 	log.Fatal(server.Serve(x.Must(net.Listen(
 		"tcp",
 		env.Fetch("BIND_ADDR", "localhost:50051"),
pkg/rpc/ability_handler.go
@@ -2,19 +2,14 @@ package rpc
 
 import (
 	context "context"
-	"net/http"
-
-	"github.com/xlgmokha/x/pkg/x"
-	"gitlab.com/mokhax/spike/pkg/authz"
 )
 
 type AbilityHandler struct {
-	authorizer authz.Authorizer
 	UnimplementedAbilityServer
 }
 
 func (h *AbilityHandler) Allowed(ctx context.Context, req *AllowRequest) (*AllowReply, error) {
-	// TODO:: Replace http.Request with authz.Request
-	request := x.Must(http.NewRequestWithContext(ctx, req.Permission, req.Resource, nil))
-	return &AllowReply{Result: h.authorizer.Authorize(request)}, nil
+	return &AllowReply{
+		Result: false,
+	}, nil
 }
pkg/rpc/server.go
@@ -1,14 +1,11 @@
 package rpc
 
 import (
-	"gitlab.com/mokhax/spike/pkg/authz"
 	grpc "google.golang.org/grpc"
 )
 
-func New(authorizer authz.Authorizer, options ...grpc.ServerOption) *grpc.Server {
+func New(options ...grpc.ServerOption) *grpc.Server {
 	server := grpc.NewServer(options...)
-	RegisterAbilityServer(server, &AbilityHandler{
-		authorizer: authorizer,
-	})
+	RegisterAbilityServer(server, &AbilityHandler{})
 	return server
 }
pkg/rpc/server_test.go
@@ -2,26 +2,20 @@ package rpc
 
 import (
 	"net"
-	"net/http"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"gitlab.com/mokhax/spike/pkg/authz"
 	grpc "google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
 )
 
 func TestServer(t *testing.T) {
-	authorizer := authz.AuthorizerFunc(func(r *http.Request) bool {
-		return true
-	})
-
 	listener, err := net.Listen("tcp", "localhost:0")
 	require.NoError(t, err)
 	defer listener.Close()
 
-	server := New(authorizer)
+	server := New()
 	defer server.Stop()
 
 	go func() {
@@ -44,6 +38,6 @@ func TestServer(t *testing.T) {
 			Resource:   "",
 		})
 		require.NoError(t, err)
-		assert.True(t, reply.Result)
+		assert.False(t, reply.Result)
 	})
 }