panic on permission request failures

nitrictech · Oct 2, 2024 · 093f19f · 093f19f
1 parent c10b43f
commit 093f19f
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 30 deletions.
diff --git a/nitric/keyvalue/keyvalue.go b/nitric/keyvalue/keyvalue.go
@@ -33,7 +33,7 @@ var KvStoreEverything []KvStorePermission = []KvStorePermission{KvStoreSet, KvSt
 
 type KvStore interface {
 	// Allow requests the given permissions to the key/value store.
-	Allow(KvStorePermission, ...KvStorePermission) (KvStoreClientIface, error)
+	Allow(KvStorePermission, ...KvStorePermission) KvStoreClientIface
 }
 
 type kvstore struct {
@@ -63,7 +63,7 @@ func NewKv(name string) *kvstore {
 	return kvstore
 }
 
-func (k *kvstore) Allow(permission KvStorePermission, permissions ...KvStorePermission) (KvStoreClientIface, error) {
+func (k *kvstore) Allow(permission KvStorePermission, permissions ...KvStorePermission) KvStoreClientIface {
 	allPerms := append([]KvStorePermission{permission}, permissions...)
 
 	actions := []v1.Action{}
@@ -76,20 +76,25 @@ func (k *kvstore) Allow(permission KvStorePermission, permissions ...KvStorePerm
 		case KvStoreDelete:
 			actions = append(actions, v1.Action_KeyValueStoreDelete)
 		default:
-			return nil, fmt.Errorf("KvStorePermission %s unknown", perm)
+			panic(fmt.Sprintf("KvStorePermission %s unknown", perm))
 		}
 	}
 
 	registerResult := <-k.registerChan
 
 	if registerResult.Err != nil {
-		return nil, registerResult.Err
+		panic(registerResult.Err)
 	}
 
 	err := k.manager.RegisterPolicy(registerResult.Identifier, actions...)
 	if err != nil {
-		return nil, err
+		panic(err)
 	}
 
-	return NewKvStoreClient(k.name)
+	client, err := NewKvStoreClient(k.name)
+	if err != nil {
+		panic(err)
+	}
+
+	return client
 }
diff --git a/nitric/queues/queue.go b/nitric/queues/queue.go
@@ -32,7 +32,7 @@ var QueueEverything []QueuePermission = []QueuePermission{QueueEnqueue, QueueDeq
 
 type Queue interface {
 	// Allow requests the given permissions to the queue.
-	Allow(QueuePermission, ...QueuePermission) (*QueueClient, error)
+	Allow(QueuePermission, ...QueuePermission) *QueueClient
 }
 
 type queue struct {
@@ -62,7 +62,7 @@ func NewQueue(name string) *queue {
 	return queue
 }
 
-func (q *queue) Allow(permission QueuePermission, permissions ...QueuePermission) (*QueueClient, error) {
+func (q *queue) Allow(permission QueuePermission, permissions ...QueuePermission) *QueueClient {
 	allPerms := append([]QueuePermission{permission}, permissions...)
 
 	actions := []v1.Action{}
@@ -73,19 +73,24 @@ func (q *queue) Allow(permission QueuePermission, permissions ...QueuePermission
 		case QueueEnqueue:
 			actions = append(actions, v1.Action_QueueEnqueue)
 		default:
-			return nil, fmt.Errorf("QueuePermission %s unknown", perm)
+			panic(fmt.Sprintf("QueuePermission %s unknown", perm))
 		}
 	}
 
 	registerResult := <-q.registerChan
 	if registerResult.Err != nil {
-		return nil, registerResult.Err
+		panic(registerResult.Err)
 	}
 
 	err := q.manager.RegisterPolicy(registerResult.Identifier, actions...)
 	if err != nil {
-		return nil, err
+		panic(err)
 	}
 
-	return NewQueueClient(q.name)
+	client, err := NewQueueClient(q.name)
+	if err != nil {
+		panic(err)
+	}
+
+	return client
 }
diff --git a/nitric/secrets/secret.go b/nitric/secrets/secret.go
@@ -32,7 +32,7 @@ var SecretEverything []SecretPermission = []SecretPermission{SecretAccess, Secre
 
 type Secret interface {
 	// Allow requests the given permissions to the secret.
-	Allow(SecretPermission, ...SecretPermission) (*SecretClient, error)
+	Allow(SecretPermission, ...SecretPermission) *SecretClient
 }
 
 type secret struct {
@@ -61,7 +61,7 @@ func NewSecret(name string) *secret {
 	return secret
 }
 
-func (s *secret) Allow(permission SecretPermission, permissions ...SecretPermission) (*SecretClient, error) {
+func (s *secret) Allow(permission SecretPermission, permissions ...SecretPermission) *SecretClient {
 	allPerms := append([]SecretPermission{permission}, permissions...)
 
 	actions := []v1.Action{}
@@ -72,19 +72,24 @@ func (s *secret) Allow(permission SecretPermission, permissions ...SecretPermiss
 		case SecretPut:
 			actions = append(actions, v1.Action_SecretPut)
 		default:
-			return nil, fmt.Errorf("secretPermission %s unknown", perm)
+			panic(fmt.Sprintf("secretPermission %s unknown", perm))
 		}
 	}
 
 	registerResult := <-s.registerChan
 	if registerResult.Err != nil {
-		return nil, registerResult.Err
+		panic(registerResult.Err)
 	}
 
 	err := s.manager.RegisterPolicy(registerResult.Identifier, actions...)
 	if err != nil {
-		return nil, err
+		panic(err)
 	}
 
-	return NewSecretClient(s.name)
+	client, err := NewSecretClient(s.name)
+	if err != nil {
+		panic(err)
+	}
+
+	return client
 }
diff --git a/nitric/storage/bucket.go b/nitric/storage/bucket.go
@@ -34,7 +34,7 @@ type bucket struct {
 
 type Bucket interface {
 	// Allow requests the given permissions to the bucket.
-	Allow(BucketPermission, ...BucketPermission) (*BucketClient, error)
+	Allow(BucketPermission, ...BucketPermission) *BucketClient
 
 	// On registers a handler for a specific event type on the bucket.
 	// Valid function signatures for handler are:
@@ -75,7 +75,7 @@ func NewBucket(name string) Bucket {
 	return bucket
 }
 
-func (b *bucket) Allow(permission BucketPermission, permissions ...BucketPermission) (*BucketClient, error) {
+func (b *bucket) Allow(permission BucketPermission, permissions ...BucketPermission) *BucketClient {
 	allPerms := append([]BucketPermission{permission}, permissions...)
 
 	actions := []v1.Action{}
@@ -88,21 +88,26 @@ func (b *bucket) Allow(permission BucketPermission, permissions ...BucketPermiss
 		case BucketDelete:
 			actions = append(actions, v1.Action_BucketFileDelete)
 		default:
-			return nil, fmt.Errorf("bucketPermission %s unknown", perm)
+			panic(fmt.Sprintf("bucketPermission %s unknown", perm))
 		}
 	}
 
 	registerResult := <-b.registerChan
 	if registerResult.Err != nil {
-		return nil, registerResult.Err
+		panic(registerResult.Err)
 	}
 
 	err := b.manager.RegisterPolicy(registerResult.Identifier, actions...)
 	if err != nil {
-		return nil, err
+		panic(err)
+	}
+
+	client, err := NewBucketClient(b.name)
+	if err != nil {
+		panic(err)
 	}
 
-	return NewBucketClient(b.name)
+	return client
 }
 
 func (b *bucket) On(eventType EventType, notificationPrefixFilter string, handler interface{}) {

diff --git a/nitric/topics/topic.go b/nitric/topics/topic.go
@@ -33,7 +33,7 @@ const (
 
 type SubscribableTopic interface {
 	// Allow requests the given permissions to the topic.
-	Allow(TopicPermission, ...TopicPermission) (*TopicClient, error)
+	Allow(TopicPermission, ...TopicPermission) *TopicClient
 
 	// Subscribe will register and start a subscription handler that will be called for all events from this topic.
 	// Valid function signatures for handler are:
@@ -72,7 +72,7 @@ func NewTopic(name string) SubscribableTopic {
 	return topic
 }
 
-func (t *subscribableTopic) Allow(permission TopicPermission, permissions ...TopicPermission) (*TopicClient, error) {
+func (t *subscribableTopic) Allow(permission TopicPermission, permissions ...TopicPermission) *TopicClient {
 	allPerms := append([]TopicPermission{permission}, permissions...)
 
 	actions := []v1.Action{}
@@ -81,21 +81,26 @@ func (t *subscribableTopic) Allow(permission TopicPermission, permissions ...Top
 		case TopicPublish:
 			actions = append(actions, v1.Action_TopicPublish)
 		default:
-			return nil, fmt.Errorf("TopicPermission %s unknown", perm)
+			panic(fmt.Sprintf("TopicPermission %s unknown", perm))
 		}
 	}
 
 	registerResult := <-t.registerChan
 	if registerResult.Err != nil {
-		return nil, registerResult.Err
+		panic(registerResult.Err)
 	}
 
 	err := t.manager.RegisterPolicy(registerResult.Identifier, actions...)
 	if err != nil {
-		return nil, err
+		panic(err)
+	}
+
+	client, err := NewTopicClient(t.name)
+	if err != nil {
+		panic(err)
 	}
 
-	return NewTopicClient(t.name)
+	return client
 }
 
 func (t *subscribableTopic) Subscribe(handler interface{}) {