refactor(core): reduce number of parameters (#1571)

opentdf · Sep 25, 2024 · dd518a7 · dd518a7
1 parent 7dc0b91
commit dd518a7
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 11 deletions.
diff --git a/service/kas/access/accessPdp.go b/service/kas/access/accessPdp.go
@@ -6,8 +6,6 @@ import (
 
  "github.com/opentdf/platform/protocol/go/authorization"
  "github.com/opentdf/platform/protocol/go/policy"
- otdf "github.com/opentdf/platform/sdk"
- "github.com/opentdf/platform/service/logger"
 )
 
 const (
@@ -16,13 +14,13 @@ const (
  ErrDecisionCountUnexpected = Error("authorization decision count unexpected")
 )
 
-func canAccess(ctx context.Context, token *authorization.Token, policy Policy, sdk *otdf.SDK, logger logger.Logger) (bool, error) {
+func (p *Provider) canAccess(ctx context.Context, token *authorization.Token, policy Policy) (bool, error) {
  if len(policy.Body.Dissem) > 0 {
  // TODO: Move dissems check to the getdecisions endpoint
- logger.Error("Dissems check is not enabled in v2 platform kas")
+ p.Logger.Error("Dissems check is not enabled in v2 platform kas")
  }
  if policy.Body.DataAttributes != nil {
- attrAccess, err := checkAttributes(ctx, policy.Body.DataAttributes, token, sdk, logger)
+ attrAccess, err := p.checkAttributes(ctx, policy.Body.DataAttributes, token)
  if err != nil {
  return false, err
  }
@@ -32,10 +30,11 @@ func canAccess(ctx context.Context, token *authorization.Token, policy Policy, s
  return true, nil
 }
 
-func checkAttributes(ctx context.Context, dataAttrs []Attribute, ent *authorization.Token, sdk *otdf.SDK, logger logger.Logger) (bool, error) {
+func (p *Provider) checkAttributes(ctx context.Context, dataAttrs []Attribute, ent *authorization.Token) (bool, error) {
  ras := []*authorization.ResourceAttribute{{
  AttributeValueFqns: make([]string, 0),
  }}
+
  for _, attr := range dataAttrs {
  ras[0].AttributeValueFqns = append(ras[0].GetAttributeValueFqns(), attr.URI)
  }
@@ -50,13 +49,13 @@ func checkAttributes(ctx context.Context, dataAttrs []Attribute, ent *authorizat
  },
  },
  }
- dr, err := sdk.Authorization.GetDecisionsByToken(ctx, &in)
+ dr, err := p.SDK.Authorization.GetDecisionsByToken(ctx, &in)
  if err != nil {
- logger.ErrorContext(ctx, "Error received from GetDecisionsByToken", "err", err)
+ p.Logger.ErrorContext(ctx, "Error received from GetDecisionsByToken", "err", err)
  return false, errors.Join(ErrDecisionUnexpected, err)
  }
  if len(dr.GetDecisionResponses()) != 1 {
- logger.ErrorContext(ctx, ErrDecisionCountUnexpected.Error(), "count", len(dr.GetDecisionResponses()))
+ p.Logger.ErrorContext(ctx, ErrDecisionCountUnexpected.Error(), "count", len(dr.GetDecisionResponses()))
  return false, ErrDecisionCountUnexpected
  }
  if dr.GetDecisionResponses()[0].GetDecision() == authorization.DecisionResponse_DECISION_PERMIT {

diff --git a/service/kas/access/rewrap.go b/service/kas/access/rewrap.go
@@ -346,7 +346,7 @@ func (p *Provider) tdf3Rewrap(ctx context.Context, body *RequestBody, entity *en
  Jwt: entity.Token,
  }
 
- access, err := canAccess(ctx, tok, *policy, p.SDK, *p.Logger)
+ access, err := p.canAccess(ctx, tok, *policy)
 
  // Audit the TDF3 Rewrap
  kasPolicy := ConvertToAuditKasPolicy(*policy)
@@ -444,7 +444,7 @@ func (p *Provider) nanoTDFRewrap(ctx context.Context, body *RequestBody, entity
  Jwt: entity.Token,
  }
 
- access, err := canAccess(ctx, tok, *policy, p.SDK, *p.Logger)
+ access, err := p.canAccess(ctx, tok, *policy)
 
  // Audit the rewrap
  kasPolicy := ConvertToAuditKasPolicy(*policy)