From 093f19f1275a487c63c129ef2c5da667705b3ca5 Mon Sep 17 00:00:00 2001
From: Jye Cusch <jye.cusch@nitric.io>
Date: Wed, 2 Oct 2024 13:24:17 +1000
Subject: [PATCH] panic on permission request failures

---
 nitric/keyvalue/keyvalue.go | 17 +++++++++++------
 nitric/queues/queue.go      | 17 +++++++++++------
 nitric/secrets/secret.go    | 17 +++++++++++------
 nitric/storage/bucket.go    | 17 +++++++++++------
 nitric/topics/topic.go      | 17 +++++++++++------
 5 files changed, 55 insertions(+), 30 deletions(-)

diff --git a/nitric/keyvalue/keyvalue.go b/nitric/keyvalue/keyvalue.go
index 3ed5f0c..846dc5e 100644
--- a/nitric/keyvalue/keyvalue.go
+++ b/nitric/keyvalue/keyvalue.go
@@ -33,7 +33,7 @@ var KvStoreEverything []KvStorePermission = []KvStorePermission{KvStoreSet, KvSt
 
 type KvStore interface {
 	// Allow requests the given permissions to the key/value store.
-	Allow(KvStorePermission, ...KvStorePermission) (KvStoreClientIface, error)
+	Allow(KvStorePermission, ...KvStorePermission) KvStoreClientIface
 }
 
 type kvstore struct {
@@ -63,7 +63,7 @@ func NewKv(name string) *kvstore {
 	return kvstore
 }
 
-func (k *kvstore) Allow(permission KvStorePermission, permissions ...KvStorePermission) (KvStoreClientIface, error) {
+func (k *kvstore) Allow(permission KvStorePermission, permissions ...KvStorePermission) KvStoreClientIface {
 	allPerms := append([]KvStorePermission{permission}, permissions...)
 
 	actions := []v1.Action{}
@@ -76,20 +76,25 @@ func (k *kvstore) Allow(permission KvStorePermission, permissions ...KvStorePerm
 		case KvStoreDelete:
 			actions = append(actions, v1.Action_KeyValueStoreDelete)
 		default:
-			return nil, fmt.Errorf("KvStorePermission %s unknown", perm)
+			panic(fmt.Sprintf("KvStorePermission %s unknown", perm))
 		}
 	}
 
 	registerResult := <-k.registerChan
 
 	if registerResult.Err != nil {
-		return nil, registerResult.Err
+		panic(registerResult.Err)
 	}
 
 	err := k.manager.RegisterPolicy(registerResult.Identifier, actions...)
 	if err != nil {
-		return nil, err
+		panic(err)
 	}
 
-	return NewKvStoreClient(k.name)
+	client, err := NewKvStoreClient(k.name)
+	if err != nil {
+		panic(err)
+	}
+
+	return client
 }
diff --git a/nitric/queues/queue.go b/nitric/queues/queue.go
index d380b95..3dc5acf 100644
--- a/nitric/queues/queue.go
+++ b/nitric/queues/queue.go
@@ -32,7 +32,7 @@ var QueueEverything []QueuePermission = []QueuePermission{QueueEnqueue, QueueDeq
 
 type Queue interface {
 	// Allow requests the given permissions to the queue.
-	Allow(QueuePermission, ...QueuePermission) (*QueueClient, error)
+	Allow(QueuePermission, ...QueuePermission) *QueueClient
 }
 
 type queue struct {
@@ -62,7 +62,7 @@ func NewQueue(name string) *queue {
 	return queue
 }
 
-func (q *queue) Allow(permission QueuePermission, permissions ...QueuePermission) (*QueueClient, error) {
+func (q *queue) Allow(permission QueuePermission, permissions ...QueuePermission) *QueueClient {
 	allPerms := append([]QueuePermission{permission}, permissions...)
 
 	actions := []v1.Action{}
@@ -73,19 +73,24 @@ func (q *queue) Allow(permission QueuePermission, permissions ...QueuePermission
 		case QueueEnqueue:
 			actions = append(actions, v1.Action_QueueEnqueue)
 		default:
-			return nil, fmt.Errorf("QueuePermission %s unknown", perm)
+			panic(fmt.Sprintf("QueuePermission %s unknown", perm))
 		}
 	}
 
 	registerResult := <-q.registerChan
 	if registerResult.Err != nil {
-		return nil, registerResult.Err
+		panic(registerResult.Err)
 	}
 
 	err := q.manager.RegisterPolicy(registerResult.Identifier, actions...)
 	if err != nil {
-		return nil, err
+		panic(err)
 	}
 
-	return NewQueueClient(q.name)
+	client, err := NewQueueClient(q.name)
+	if err != nil {
+		panic(err)
+	}
+
+	return client
 }
diff --git a/nitric/secrets/secret.go b/nitric/secrets/secret.go
index db4f953..ece6d15 100644
--- a/nitric/secrets/secret.go
+++ b/nitric/secrets/secret.go
@@ -32,7 +32,7 @@ var SecretEverything []SecretPermission = []SecretPermission{SecretAccess, Secre
 
 type Secret interface {
 	// Allow requests the given permissions to the secret.
-	Allow(SecretPermission, ...SecretPermission) (*SecretClient, error)
+	Allow(SecretPermission, ...SecretPermission) *SecretClient
 }
 
 type secret struct {
@@ -61,7 +61,7 @@ func NewSecret(name string) *secret {
 	return secret
 }
 
-func (s *secret) Allow(permission SecretPermission, permissions ...SecretPermission) (*SecretClient, error) {
+func (s *secret) Allow(permission SecretPermission, permissions ...SecretPermission) *SecretClient {
 	allPerms := append([]SecretPermission{permission}, permissions...)
 
 	actions := []v1.Action{}
@@ -72,19 +72,24 @@ func (s *secret) Allow(permission SecretPermission, permissions ...SecretPermiss
 		case SecretPut:
 			actions = append(actions, v1.Action_SecretPut)
 		default:
-			return nil, fmt.Errorf("secretPermission %s unknown", perm)
+			panic(fmt.Sprintf("secretPermission %s unknown", perm))
 		}
 	}
 
 	registerResult := <-s.registerChan
 	if registerResult.Err != nil {
-		return nil, registerResult.Err
+		panic(registerResult.Err)
 	}
 
 	err := s.manager.RegisterPolicy(registerResult.Identifier, actions...)
 	if err != nil {
-		return nil, err
+		panic(err)
 	}
 
-	return NewSecretClient(s.name)
+	client, err := NewSecretClient(s.name)
+	if err != nil {
+		panic(err)
+	}
+
+	return client
 }
diff --git a/nitric/storage/bucket.go b/nitric/storage/bucket.go
index 41ff8e0..04304fe 100644
--- a/nitric/storage/bucket.go
+++ b/nitric/storage/bucket.go
@@ -34,7 +34,7 @@ type bucket struct {
 
 type Bucket interface {
 	// Allow requests the given permissions to the bucket.
-	Allow(BucketPermission, ...BucketPermission) (*BucketClient, error)
+	Allow(BucketPermission, ...BucketPermission) *BucketClient
 
 	// On registers a handler for a specific event type on the bucket.
 	// Valid function signatures for handler are:
@@ -75,7 +75,7 @@ func NewBucket(name string) Bucket {
 	return bucket
 }
 
-func (b *bucket) Allow(permission BucketPermission, permissions ...BucketPermission) (*BucketClient, error) {
+func (b *bucket) Allow(permission BucketPermission, permissions ...BucketPermission) *BucketClient {
 	allPerms := append([]BucketPermission{permission}, permissions...)
 
 	actions := []v1.Action{}
@@ -88,21 +88,26 @@ func (b *bucket) Allow(permission BucketPermission, permissions ...BucketPermiss
 		case BucketDelete:
 			actions = append(actions, v1.Action_BucketFileDelete)
 		default:
-			return nil, fmt.Errorf("bucketPermission %s unknown", perm)
+			panic(fmt.Sprintf("bucketPermission %s unknown", perm))
 		}
 	}
 
 	registerResult := <-b.registerChan
 	if registerResult.Err != nil {
-		return nil, registerResult.Err
+		panic(registerResult.Err)
 	}
 
 	err := b.manager.RegisterPolicy(registerResult.Identifier, actions...)
 	if err != nil {
-		return nil, err
+		panic(err)
+	}
+
+	client, err := NewBucketClient(b.name)
+	if err != nil {
+		panic(err)
 	}
 
-	return NewBucketClient(b.name)
+	return client
 }
 
 func (b *bucket) On(eventType EventType, notificationPrefixFilter string, handler interface{}) {
diff --git a/nitric/topics/topic.go b/nitric/topics/topic.go
index f6e15b4..5cd4314 100644
--- a/nitric/topics/topic.go
+++ b/nitric/topics/topic.go
@@ -33,7 +33,7 @@ const (
 
 type SubscribableTopic interface {
 	// Allow requests the given permissions to the topic.
-	Allow(TopicPermission, ...TopicPermission) (*TopicClient, error)
+	Allow(TopicPermission, ...TopicPermission) *TopicClient
 
 	// Subscribe will register and start a subscription handler that will be called for all events from this topic.
 	// Valid function signatures for handler are:
@@ -72,7 +72,7 @@ func NewTopic(name string) SubscribableTopic {
 	return topic
 }
 
-func (t *subscribableTopic) Allow(permission TopicPermission, permissions ...TopicPermission) (*TopicClient, error) {
+func (t *subscribableTopic) Allow(permission TopicPermission, permissions ...TopicPermission) *TopicClient {
 	allPerms := append([]TopicPermission{permission}, permissions...)
 
 	actions := []v1.Action{}
@@ -81,21 +81,26 @@ func (t *subscribableTopic) Allow(permission TopicPermission, permissions ...Top
 		case TopicPublish:
 			actions = append(actions, v1.Action_TopicPublish)
 		default:
-			return nil, fmt.Errorf("TopicPermission %s unknown", perm)
+			panic(fmt.Sprintf("TopicPermission %s unknown", perm))
 		}
 	}
 
 	registerResult := <-t.registerChan
 	if registerResult.Err != nil {
-		return nil, registerResult.Err
+		panic(registerResult.Err)
 	}
 
 	err := t.manager.RegisterPolicy(registerResult.Identifier, actions...)
 	if err != nil {
-		return nil, err
+		panic(err)
+	}
+
+	client, err := NewTopicClient(t.name)
+	if err != nil {
+		panic(err)
 	}
 
-	return NewTopicClient(t.name)
+	return client
 }
 
 func (t *subscribableTopic) Subscribe(handler interface{}) {