opentdf
diff --git a/‎service/authorization/authorization.go‎
Lines changed: 65 additions & 67 deletions b/‎service/authorization/authorization.go‎
Lines changed: 65 additions & 67 deletions
diff --git a/‎service/entityresolution/claims/claims_entity_resolution.go‎
Lines changed: 6 additions & 5 deletions b/‎service/entityresolution/claims/claims_entity_resolution.go‎
Lines changed: 6 additions & 5 deletions
diff --git a/‎service/entityresolution/entityresolution.go‎
Lines changed: 26 additions & 16 deletions b/‎service/entityresolution/entityresolution.go‎
Lines changed: 26 additions & 16 deletions
diff --git a/‎service/entityresolution/keycloak/keycloak_entity_resolution.go‎
Lines changed: 5 additions & 5 deletions b/‎service/entityresolution/keycloak/keycloak_entity_resolution.go‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎service/go.mod‎
Lines changed: 1 addition & 0 deletions b/‎service/go.mod‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎service/go.sum‎
Lines changed: 2 additions & 0 deletions b/‎service/go.sum‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎service/health/health.go‎
Lines changed: 17 additions & 17 deletions b/‎service/health/health.go‎
Lines changed: 17 additions & 17 deletions
@@ -54,92 +54,90 @@ type CustomRego struct {
 	Query string `mapstructure:"query" json:"query" default:"data.opentdf.entitlements.attributes"`
 }
 
-func NewRegistration() serviceregistry.Registration {
-	return serviceregistry.Registration{
-		Namespace:   "authorization",
-		ServiceDesc: &authorization.AuthorizationService_ServiceDesc,
-		RegisterFunc: func(srp serviceregistry.RegistrationParams) (any, serviceregistry.HandlerServer) {
-			var (
-				err             error
-				entitlementRego []byte
-				authZCfg        = new(Config)
-			)
-
-			logger := srp.Logger
-
-			// default ERS endpoint
-			as := &AuthorizationService{sdk: srp.SDK, logger: logger}
-			if err := srp.RegisterReadinessCheck("authorization", as.IsReady); err != nil {
-				logger.Error("failed to register authorization readiness check", slog.String("error", err.Error()))
-			}
+func NewRegistration() *serviceregistry.Service[AuthorizationService] {
+	return &serviceregistry.Service[AuthorizationService]{
+		ServiceOptions: serviceregistry.ServiceOptions[AuthorizationService]{
+			Namespace:   "authorization",
+			ServiceDesc: &authorization.AuthorizationService_ServiceDesc,
+			RegisterFunc: func(srp serviceregistry.RegistrationParams) (*AuthorizationService, serviceregistry.HandlerServer) {
+				var (
+					err             error
+					entitlementRego []byte
+					authZCfg        = new(Config)
+				)
 
-			if err := defaults.Set(authZCfg); err != nil {
-				panic(fmt.Errorf("failed to set defaults for authorization service config: %w", err))
-			}
+				logger := srp.Logger
 
-			// Only decode config if it exists
-			if srp.Config != nil {
-				if err := mapstructure.Decode(srp.Config, &authZCfg); err != nil {
-					panic(fmt.Errorf("invalid auth svc cfg [%v] %w", srp.Config, err))
+				// default ERS endpoint
+				as := &AuthorizationService{sdk: srp.SDK, logger: logger}
+				if err := srp.RegisterReadinessCheck("authorization", as.IsReady); err != nil {
+					logger.Error("failed to register authorization readiness check", slog.String("error", err.Error()))
 				}
-			}
 
-			// Validate Config
-			validate := validator.New(validator.WithRequiredStructEnabled())
-			if err := validate.Struct(authZCfg); err != nil {
-				var invalidValidationError *validator.InvalidValidationError
-				if errors.As(err, &invalidValidationError) {
-					logger.Error("error validating authorization service config", slog.String("error", err.Error()))
-					panic(fmt.Errorf("error validating authorization service config: %w", err))
+				if err := defaults.Set(authZCfg); err != nil {
+					panic(fmt.Errorf("failed to set defaults for authorization service config: %w", err))
+				}
+
+				// Only decode config if it exists
+				if srp.Config != nil {
+					if err := mapstructure.Decode(srp.Config, &authZCfg); err != nil {
+						panic(fmt.Errorf("invalid auth svc cfg [%v] %w", srp.Config, err))
+					}
 				}
 
-				var validationErrors validator.ValidationErrors
-				if errors.As(err, &validationErrors) {
-					for _, err := range validationErrors {
+				// Validate Config
+				validate := validator.New(validator.WithRequiredStructEnabled())
+				if err := validate.Struct(authZCfg); err != nil {
+					var invalidValidationError *validator.InvalidValidationError
+					if errors.As(err, &invalidValidationError) {
 						logger.Error("error validating authorization service config", slog.String("error", err.Error()))
 						panic(fmt.Errorf("error validating authorization service config: %w", err))
 					}
+
+					var validationErrors validator.ValidationErrors
+					if errors.As(err, &validationErrors) {
+						for _, err := range validationErrors {
+							logger.Error("error validating authorization service config", slog.String("error", err.Error()))
+							panic(fmt.Errorf("error validating authorization service config: %w", err))
+						}
+					}
 				}
-			}
 
-			logger.Debug("authorization service config", slog.Any("config", *authZCfg))
+				logger.Debug("authorization service config", slog.Any("config", *authZCfg))
 
-			// Build Rego PreparedEvalQuery
+				// Build Rego PreparedEvalQuery
 
-			// Load rego from embedded file or custom path
-			if authZCfg.Rego.Path != "" {
-				entitlementRego, err = os.ReadFile(authZCfg.Rego.Path)
-				if err != nil {
-					panic(fmt.Errorf("failed to read custom entitlements.rego file: %w", err))
-				}
-			} else {
-				entitlementRego, err = policies.EntitlementsRego.ReadFile("entitlements/entitlements.rego")
-				if err != nil {
-					panic(fmt.Errorf("failed to read entitlements.rego file: %w", err))
+				// Load rego from embedded file or custom path
+				if authZCfg.Rego.Path != "" {
+					entitlementRego, err = os.ReadFile(authZCfg.Rego.Path)
+					if err != nil {
+						panic(fmt.Errorf("failed to read custom entitlements.rego file: %w", err))
+					}
+				} else {
+					entitlementRego, err = policies.EntitlementsRego.ReadFile("entitlements/entitlements.rego")
+					if err != nil {
+						panic(fmt.Errorf("failed to read entitlements.rego file: %w", err))
+					}
 				}
-			}
 
-			// Register builtin
-			subjectmappingbuiltin.SubjectMappingBuiltin()
+				// Register builtin
+				subjectmappingbuiltin.SubjectMappingBuiltin()
 
-			as.eval, err = rego.New(
-				rego.Query(authZCfg.Rego.Query),
-				rego.Module("entitlements.rego", string(entitlementRego)),
-				rego.StrictBuiltinErrors(true),
-			).PrepareForEval(context.Background())
-			if err != nil {
-				panic(fmt.Errorf("failed to prepare entitlements.rego for eval: %w", err))
-			}
+				as.eval, err = rego.New(
+					rego.Query(authZCfg.Rego.Query),
+					rego.Module("entitlements.rego", string(entitlementRego)),
+					rego.StrictBuiltinErrors(true),
+				).PrepareForEval(context.Background())
+				if err != nil {
+					panic(fmt.Errorf("failed to prepare entitlements.rego for eval: %w", err))
+				}
 
-			as.config = *authZCfg
+				as.config = *authZCfg
 
-			return as, func(ctx context.Context, mux *runtime.ServeMux, server any) error {
-				authServer, okAuth := server.(authorization.AuthorizationServiceServer)
-				if !okAuth {
-					return fmt.Errorf("failed to assert server type to authorization.AuthorizationServiceServer")
+				return as, func(ctx context.Context, mux *runtime.ServeMux) error {
+					return authorization.RegisterAuthorizationServiceHandlerServer(ctx, mux, as)
 				}
-				return authorization.RegisterAuthorizationServiceHandlerServer(ctx, mux, authServer)
-			}
+			},
 		},
 	}
 }
 
@@ -22,10 +22,11 @@ type ClaimsEntityResolutionService struct {
 	logger *logger.Logger
 }
 
-func RegisterClaimsERS(_ serviceregistry.ServiceConfig, logger *logger.Logger) (any, serviceregistry.HandlerServer) {
-	return &ClaimsEntityResolutionService{logger: logger},
-		func(ctx context.Context, mux *runtime.ServeMux, server any) error {
-			return entityresolution.RegisterEntityResolutionServiceHandlerServer(ctx, mux, server.(entityresolution.EntityResolutionServiceServer)) //nolint:forcetypeassert // allow type assert, following other services
+func RegisterClaimsERS(_ serviceregistry.ServiceConfig, logger *logger.Logger) (ClaimsEntityResolutionService, serviceregistry.HandlerServer) {
+	claimsSVC := ClaimsEntityResolutionService{logger: logger}
+	return claimsSVC,
+		func(ctx context.Context, mux *runtime.ServeMux) error {
+			return entityresolution.RegisterEntityResolutionServiceHandlerServer(ctx, mux, claimsSVC)
 		}
 }
 
@@ -64,7 +65,7 @@ func EntityResolution(_ context.Context,
 	var resolvedEntities []*entityresolution.EntityRepresentation
 
 	for idx, ident := range payload {
-		var entityStruct = &structpb.Struct{}
+		entityStruct := &structpb.Struct{}
 		switch ident.GetEntityType().(type) {
 		case *authorization.Entity_Claims:
 			claims := ident.GetClaims()
 
@@ -12,25 +12,35 @@ type ERSConfig struct {
 	Mode string `mapstructure:"mode" json:"mode"`
 }
 
-const KeycloakMode = "keycloak"
-const ClaimsMode = "claims"
+const (
+	KeycloakMode = "keycloak"
+	ClaimsMode   = "claims"
+)
+
+type EntityResolution struct {
+	entityresolution.EntityResolutionServiceServer
+}
 
-func NewRegistration() serviceregistry.Registration {
-	return serviceregistry.Registration{
-		Namespace:   "entityresolution",
-		ServiceDesc: &entityresolution.EntityResolutionService_ServiceDesc,
-		RegisterFunc: func(srp serviceregistry.RegistrationParams) (any, serviceregistry.HandlerServer) {
-			var inputConfig ERSConfig
+func NewRegistration() *serviceregistry.Service[EntityResolution] {
+	return &serviceregistry.Service[EntityResolution]{
+		ServiceOptions: serviceregistry.ServiceOptions[EntityResolution]{
+			Namespace:   "entityresolution",
+			ServiceDesc: &entityresolution.EntityResolutionService_ServiceDesc,
+			RegisterFunc: func(srp serviceregistry.RegistrationParams) (*EntityResolution, serviceregistry.HandlerServer) {
+				var inputConfig ERSConfig
 
-			if err := mapstructure.Decode(srp.Config, &inputConfig); err != nil {
-				panic(err)
-			}
-			if inputConfig.Mode == ClaimsMode {
-				return claims.RegisterClaimsERS(srp.Config, srp.Logger)
-			}
+				if err := mapstructure.Decode(srp.Config, &inputConfig); err != nil {
+					panic(err)
+				}
+				if inputConfig.Mode == ClaimsMode {
+					claimsSVC, claimsHandler := claims.RegisterClaimsERS(srp.Config, srp.Logger)
+					return &EntityResolution{EntityResolutionServiceServer: claimsSVC}, claimsHandler
+				}
 
-			// Default to keyclaok ERS
-			return keycloak.RegisterKeycloakERS(srp.Config, srp.Logger)
+				// Default to keycloak ERS
+				kcSVC, kcHandler := keycloak.RegisterKeycloakERS(srp.Config, srp.Logger)
+				return &EntityResolution{EntityResolutionServiceServer: kcSVC}, kcHandler
+			},
 		},
 	}
 }
@@ -52,16 +52,16 @@ type KeycloakConfig struct {
 	InferID        InferredIdentityConfig `mapstructure:"inferid,omitempty" json:"inferid,omitempty"`
 }
 
-func RegisterKeycloakERS(config serviceregistry.ServiceConfig, logger *logger.Logger) (any, serviceregistry.HandlerServer) {
+func RegisterKeycloakERS(config serviceregistry.ServiceConfig, logger *logger.Logger) (*KeycloakEntityResolutionService, serviceregistry.HandlerServer) {
 	var inputIdpConfig KeycloakConfig
 	if err := mapstructure.Decode(config, &inputIdpConfig); err != nil {
 		panic(err)
 	}
 	logger.Debug("entity_resolution configuration", "config", inputIdpConfig)
-
-	return &KeycloakEntityResolutionService{idpConfig: inputIdpConfig, logger: logger},
-		func(ctx context.Context, mux *runtime.ServeMux, server any) error {
-			return entityresolution.RegisterEntityResolutionServiceHandlerServer(ctx, mux, server.(entityresolution.EntityResolutionServiceServer)) //nolint:forcetypeassert // allow type assert, following other services
+	keycloakSVC := &KeycloakEntityResolutionService{idpConfig: inputIdpConfig, logger: logger}
+	return keycloakSVC,
+		func(ctx context.Context, mux *runtime.ServeMux) error {
+			return entityresolution.RegisterEntityResolutionServiceHandlerServer(ctx, mux, keycloakSVC)
 		}
 }
 
 
@@ -3,6 +3,7 @@ module github.com/opentdf/platform/service
 go 1.22
 
 require (
+	connectrpc.com/connect v1.17.0
 	github.com/Masterminds/squirrel v1.5.4
 	github.com/Nerzal/gocloak/v13 v13.9.0
 	github.com/bmatcuk/doublestar v1.3.4
 
@@ -1,5 +1,7 @@
 buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.34.1-20240508200655-46a4cf4ba109.1 h1:LEXWFH/xZ5oOWrC3oOtHbUyBdzRWMCPpAQmKC9v05mA=
 buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.34.1-20240508200655-46a4cf4ba109.1/go.mod h1:XF+P8+RmfdufmIYpGUC+6bF7S+IlmHDEnCrO3OXaUAQ=
+connectrpc.com/connect v1.17.0 h1:W0ZqMhtVzn9Zhn2yATuUokDLO5N+gIuBWMOnsQrfmZk=
+connectrpc.com/connect v1.17.0/go.mod h1:0292hj1rnx8oFrStN7cB4jjVBeqs+Yx5yDIC2prWDO8=
 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
 
@@ -12,29 +12,29 @@ import (
 	"google.golang.org/grpc/status"
 )
 
-var (
-	serviceHealthChecks = make(map[string]func(context.Context) error)
-)
+var serviceHealthChecks = make(map[string]func(context.Context) error)
 
 type HealthService struct { //nolint:revive // HealthService is a valid name for this struct
 	healthpb.UnimplementedHealthServer
 	logger *logger.Logger
 }
 
-func NewRegistration() serviceregistry.Registration {
-	return serviceregistry.Registration{
-		Namespace:   "health",
-		ServiceDesc: &healthpb.Health_ServiceDesc,
-		RegisterFunc: func(srp serviceregistry.RegistrationParams) (any, serviceregistry.HandlerServer) {
-			err := srp.WellKnownConfig("health", map[string]any{
-				"endpoint": "/healthz",
-			})
-			if err != nil {
-				srp.Logger.Error("failed to set well-known config", slog.String("error", err.Error()))
-			}
-			return &HealthService{logger: srp.Logger}, func(_ context.Context, _ *runtime.ServeMux, _ any) error {
-				return nil
-			}
+func NewRegistration() *serviceregistry.Service[HealthService] {
+	return &serviceregistry.Service[HealthService]{
+		ServiceOptions: serviceregistry.ServiceOptions[HealthService]{
+			Namespace:   "health",
+			ServiceDesc: &healthpb.Health_ServiceDesc,
+			RegisterFunc: func(srp serviceregistry.RegistrationParams) (*HealthService, serviceregistry.HandlerServer) {
+				err := srp.WellKnownConfig("health", map[string]any{
+					"endpoint": "/healthz",
+				})
+				if err != nil {
+					srp.Logger.Error("failed to set well-known config", slog.String("error", err.Error()))
+				}
+				return &HealthService{logger: srp.Logger}, func(_ context.Context, _ *runtime.ServeMux) error {
+					return nil
+				}
+			},
 		},
 	}
 }
Original file line number	Diff line number	Diff line change
`@@ -52,16 +52,16 @@ type KeycloakConfig struct {`
`52`	`52`	InferID InferredIdentityConfig `mapstructure:"inferid,omitempty" json:"inferid,omitempty"`
`53`	`53`	`}`
`54`	`54`
`55`		`-func RegisterKeycloakERS(config serviceregistry.ServiceConfig, logger *logger.Logger) (any, serviceregistry.HandlerServer) {`
	`55`	`+func RegisterKeycloakERS(config serviceregistry.ServiceConfig, logger logger.Logger) (KeycloakEntityResolutionService, serviceregistry.HandlerServer) {`
`56`	`56`	`var inputIdpConfig KeycloakConfig`
`57`	`57`	`if err := mapstructure.Decode(config, &inputIdpConfig); err != nil {`
`58`	`58`	`panic(err)`
`59`	`59`	`}`
`60`	`60`	`logger.Debug("entity_resolution configuration", "config", inputIdpConfig)`
`61`		`-`
`62`		`- return &KeycloakEntityResolutionService{idpConfig: inputIdpConfig, logger: logger},`
`63`		`- func(ctx context.Context, mux *runtime.ServeMux, server any) error {`
`64`		`- return entityresolution.RegisterEntityResolutionServiceHandlerServer(ctx, mux, server.(entityresolution.EntityResolutionServiceServer)) //nolint:forcetypeassert // allow type assert, following other services`
	`61`	`+ keycloakSVC := &KeycloakEntityResolutionService{idpConfig: inputIdpConfig, logger: logger}`
	`62`	`+ return keycloakSVC,`
	`63`	`+ func(ctx context.Context, mux *runtime.ServeMux) error {`
	`64`	`+ return entityresolution.RegisterEntityResolutionServiceHandlerServer(ctx, mux, keycloakSVC)`
`65`	`65`	`}`
`66`	`66`	`}`
`67`	`67`