From bc7e90bc281a1666a8b80a625427fb351a1c46d8 Mon Sep 17 00:00:00 2001
From: Gabriel MABILLE <gamab@users.noreply.github.com>
Date: Fri, 10 Jan 2025 17:41:56 +0100
Subject: [PATCH] AuthZ: Fix client dial options (#98827)

---
 pkg/services/authz/client.go | 21 ++++++---------------
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/pkg/services/authz/client.go b/pkg/services/authz/client.go
index 5095706ce8f..c6cf6525803 100644
--- a/pkg/services/authz/client.go
+++ b/pkg/services/authz/client.go
@@ -130,7 +130,9 @@ func newGrpcLegacyClient(authCfg *Cfg, tracer tracing.Tracer) (authzlib.AccessCh
 	cfg := authzlib.ClientConfig{RemoteAddress: authCfg.remoteAddress}
 	client, err := authzlib.NewClient(&cfg,
 		authzlib.WithGrpcDialOptionsClientOption(
-			getDialOpts(clientInterceptor, authCfg.allowInsecure)...,
+			grpc.WithTransportCredentials(insecure.NewCredentials()),
+			grpc.WithUnaryInterceptor(clientInterceptor.UnaryClientInterceptor),
+			grpc.WithStreamInterceptor(clientInterceptor.StreamClientInterceptor),
 		),
 		authzlib.WithTracerClientOption(tracer),
 		// TODO: remove this once access tokens are supported on-prem
@@ -163,7 +165,9 @@ func newCloudLegacyClient(authCfg *Cfg, tracer tracing.Tracer) (authzlib.AccessC
 	clientCfg := authzlib.ClientConfig{RemoteAddress: authCfg.remoteAddress}
 	client, err := authzlib.NewClient(&clientCfg,
 		authzlib.WithGrpcDialOptionsClientOption(
-			getDialOpts(clientInterceptor, authCfg.allowInsecure)...,
+			grpc.WithTransportCredentials(insecure.NewCredentials()),
+			grpc.WithUnaryInterceptor(clientInterceptor.UnaryClientInterceptor),
+			grpc.WithStreamInterceptor(clientInterceptor.StreamClientInterceptor),
 		),
 		authzlib.WithTracerClientOption(tracer),
 	)
@@ -173,16 +177,3 @@ func newCloudLegacyClient(authCfg *Cfg, tracer tracing.Tracer) (authzlib.AccessC
 
 	return client, nil
 }
-
-func getDialOpts(interceptor *authnlib.GrpcClientInterceptor, allowInsecure bool) []grpc.DialOption {
-	dialOpts := []grpc.DialOption{
-		grpc.WithUnaryInterceptor(interceptor.UnaryClientInterceptor),
-		grpc.WithStreamInterceptor(interceptor.StreamClientInterceptor),
-	}
-	if allowInsecure {
-		// allow insecure connections in development mode to facilitate testing
-		dialOpts = append(dialOpts, grpc.WithTransportCredentials(insecure.NewCredentials()))
-	}
-
-	return dialOpts
-}