🤮: add check_list_namespaces as a temporary hack while using spice

author: benj <benj@rse8.com> 2023-06-12 15:39:10 -0700
committer: benj <benj@rse8.com> 2023-06-12 15:39:10 -0700
commit: 3406b370fe290559ff2445097a380d6f48d0f9af (patch)
tree: 3e62ca57d6426fd2507950a4fe434fc06491fcd6 /crates/secd/src/client
parent: b3ba31a1572ecec38115385fafe4a4e87ca39361 (diff)
download: secdiam-3406b370fe290559ff2445097a380d6f48d0f9af.tar
secdiam-3406b370fe290559ff2445097a380d6f48d0f9af.tar.gz
secdiam-3406b370fe290559ff2445097a380d6f48d0f9af.tar.bz2
secdiam-3406b370fe290559ff2445097a380d6f48d0f9af.tar.lz
secdiam-3406b370fe290559ff2445097a380d6f48d0f9af.tar.xz
secdiam-3406b370fe290559ff2445097a380d6f48d0f9af.tar.zst
secdiam-3406b370fe290559ff2445097a380d6f48d0f9af.zip
1 files changed, 36 insertions, 2 deletions
diff --git a/crates/secd/src/client/spice/mod.rs b/crates/secd/src/client/spice/mod.rs
index 67965d7..f24a512 100644
--- a/crates/secd/src/client/spice/mod.rs
+++ b/crates/secd/src/client/spice/mod.rs
@@ -14,7 +14,7 @@ use spice::WriteSchemaRequest;
 use std::matches;
 use tonic::metadata::MetadataValue;
 use tonic::transport::Channel;
-use tonic::{Request, Status};
+use tonic::{Request, Response, Status, Streaming};
 
 use crate::auth::z::{self, Subject};
 use crate::client::spice::spice::{
@@ -22,7 +22,10 @@ use crate::client::spice::spice::{
 };
 
 use self::spice::check_permission_response::Permissionship;
-use self::spice::{consistency, CheckPermissionRequest, Consistency, WriteRelationshipsRequest};
+use self::spice::{
+    consistency, CheckPermissionRequest, Consistency, LookupResourcesRequest,
+    LookupResourcesResponse, WriteRelationshipsRequest,
+};
 
 #[derive(Debug, thiserror::Error, derive_more::Display)]
 pub enum SpiceError {
@@ -46,6 +49,37 @@ impl Spice {
         Spice { channel, secret }
     }
 
+    pub async fn lookup_resources(
+        &self,
+        ns: &str,
+        relation: &str,
+        subj: &Subject,
+    ) -> Result<Vec<String>, SpiceError> {
+        let mut client =
+            PermissionsServiceClient::with_interceptor(self.channel.clone(), |req: Request<()>| {
+                self.intercept(req)
+            });
+
+        let request = tonic::Request::new(LookupResourcesRequest {
+            consistency: Some(Consistency {
+                requirement: Some(consistency::Requirement::MinimizeLatency(true)),
+            }),
+            resource_object_type: ns.to_string(),
+            permission: relation.to_string(),
+            subject: Some(SubjectReference::from(subj)),
+            context: None,
+        });
+
+        let mut res = vec![];
+        let mut response: Streaming<LookupResourcesResponse> =
+            client.lookup_resources(request).await?.into_inner();
+        if let Some(d) = response.message().await? {
+            res.push(d.resource_object_id);
+        }
+
+        Ok(res)
+    }
+
     pub async fn check_permission(&self, r: &z::Relationship) -> Result<bool, SpiceError> {
         let mut client =
             PermissionsServiceClient::with_interceptor(self.channel.clone(), |req: Request<()>| {
author	benj <benj@rse8.com>	2023-06-12 15:39:10 -0700
committer	benj <benj@rse8.com>	2023-06-12 15:39:10 -0700
commit	3406b370fe290559ff2445097a380d6f48d0f9af (patch)
tree	3e62ca57d6426fd2507950a4fe434fc06491fcd6 /crates/secd/src/client
parent	b3ba31a1572ecec38115385fafe4a4e87ca39361 (diff)
download	secdiam-3406b370fe290559ff2445097a380d6f48d0f9af.tar secdiam-3406b370fe290559ff2445097a380d6f48d0f9af.tar.gz secdiam-3406b370fe290559ff2445097a380d6f48d0f9af.tar.bz2 secdiam-3406b370fe290559ff2445097a380d6f48d0f9af.tar.lz secdiam-3406b370fe290559ff2445097a380d6f48d0f9af.tar.xz secdiam-3406b370fe290559ff2445097a380d6f48d0f9af.tar.zst secdiam-3406b370fe290559ff2445097a380d6f48d0f9af.zip