From fa6fdb029d86139067c6d33e69939d0c7c8af824 Mon Sep 17 00:00:00 2001
From: fran moore <franmoore05@gmail.com>
Date: Thu, 11 Dec 2025 15:45:04 +0000
Subject: [PATCH 1/2] Only set auth and permissions clients when private
 endpoints are enabled

---
 service/service.go      | 29 +++++++++++++++--------------
 service/service_test.go | 21 +++++++++++----------
 2 files changed, 26 insertions(+), 24 deletions(-)

diff --git a/service/service.go b/service/service.go
index 25c6d290..5236a51e 100644
--- a/service/service.go
+++ b/service/service.go
@@ -281,9 +281,24 @@ func (svc *Service) Run(ctx context.Context, buildTime, gitCommit, version strin
 		models.Filterable:                  downloadGeneratorCMD,
 	}
 
+	var authorisation auth.Middleware
+	var permissionChecker *permissions.Checker
 	// Get Identity Client (only if private endpoints are enabled)
 	if svc.config.EnablePrivateEndpoints {
 		svc.identityClient = clientsidentity.New(svc.config.ZebedeeURL)
+		// Get Permissions
+		authorisation, err = svc.serviceList.Init.DoGetAuthorisationMiddleware(ctx, svc.config.AuthConfig)
+		if err != nil {
+			log.Fatal(ctx, "could not instantiate authorisation middleware", err)
+			return err
+		}
+
+		permissionChecker = permissions.NewChecker(
+			ctx,
+			svc.config.AuthConfig.PermissionsAPIURL,
+			svc.config.AuthConfig.PermissionsCacheUpdateInterval,
+			svc.config.AuthConfig.PermissionsMaxCacheTime,
+		)
 	}
 
 	// Get HealthCheck
@@ -319,20 +334,6 @@ func (svc *Service) Run(ctx context.Context, buildTime, gitCommit, version strin
 		log.Info(ctx, "URL rewriting enabled")
 	}
 
-	// Get Permissions
-	authorisation, err := svc.serviceList.Init.DoGetAuthorisationMiddleware(ctx, svc.config.AuthConfig)
-	if err != nil {
-		log.Fatal(ctx, "could not instantiate authorisation middleware", err)
-		return err
-	}
-
-	permissionChecker := permissions.NewChecker(
-		ctx,
-		svc.config.AuthConfig.PermissionsAPIURL,
-		svc.config.AuthConfig.PermissionsCacheUpdateInterval,
-		svc.config.AuthConfig.PermissionsMaxCacheTime,
-	)
-
 	// Log kafka producer errors in parallel go-routine
 	if svc.config.EnablePrivateEndpoints {
 		svc.generateCMDDownloadsProducer.LogErrors(ctx)
diff --git a/service/service_test.go b/service/service_test.go
index 17bf8687..0379304d 100644
--- a/service/service_test.go
+++ b/service/service_test.go
@@ -221,11 +221,12 @@ func TestRun(t *testing.T) {
 
 		Convey("Given that initialising Healthcheck returns an error", func() {
 			initMock := &serviceMock.InitialiserMock{
-				DoGetMongoDBFunc:        funcDoGetMongoDBOk,
-				DoGetGraphDBFunc:        funcDoGetGraphDBOk,
-				DoGetFilesAPIClientFunc: funcDoGetFilesAPIClientOk,
-				DoGetKafkaProducerFunc:  funcDoGetKafkaProducerOk,
-				DoGetHealthCheckFunc:    funcDoGetHealthcheckErr,
+				DoGetMongoDBFunc:                 funcDoGetMongoDBOk,
+				DoGetGraphDBFunc:                 funcDoGetGraphDBOk,
+				DoGetFilesAPIClientFunc:          funcDoGetFilesAPIClientOk,
+				DoGetKafkaProducerFunc:           funcDoGetKafkaProducerOk,
+				DoGetHealthCheckFunc:             funcDoGetHealthcheckErr,
+				DoGetAuthorisationMiddlewareFunc: funcDoGetAuthOk,
 			}
 			svcErrors := make(chan error, 1)
 			svcList := service.NewServiceList(initMock)
@@ -257,6 +258,7 @@ func TestRun(t *testing.T) {
 				DoGetHealthCheckFunc: func(*config.Configuration, string, string, string) (service.HealthChecker, error) {
 					return hcMockAddFail, nil
 				},
+				DoGetAuthorisationMiddlewareFunc: funcDoGetAuthOk,
 			}
 			svcErrors := make(chan error, 1)
 			svcList := service.NewServiceList(initMock)
@@ -326,11 +328,10 @@ func TestRun(t *testing.T) {
 		Convey("Given that all dependencies are successfully initialised, private endpoints are disabled", func() {
 			cfg.EnablePrivateEndpoints = false
 			initMock := &serviceMock.InitialiserMock{
-				DoGetMongoDBFunc:                 funcDoGetMongoDBOk,
-				DoGetKafkaProducerFunc:           funcDoGetKafkaProducerOk,
-				DoGetHealthCheckFunc:             funcDoGetHealthcheckOk,
-				DoGetHTTPServerFunc:              funcDoGetHTTPServer,
-				DoGetAuthorisationMiddlewareFunc: funcDoGetAuthOk,
+				DoGetMongoDBFunc:       funcDoGetMongoDBOk,
+				DoGetKafkaProducerFunc: funcDoGetKafkaProducerOk,
+				DoGetHealthCheckFunc:   funcDoGetHealthcheckOk,
+				DoGetHTTPServerFunc:    funcDoGetHTTPServer,
 			}
 			svcErrors := make(chan error, 1)
 			svcList := service.NewServiceList(initMock)

From 4035556f895273b33012aa78b39796b7db3ff666 Mon Sep 17 00:00:00 2001
From: fran moore <franmoore05@gmail.com>
Date: Thu, 11 Dec 2025 17:03:23 +0000
Subject: [PATCH 2/2] Amending how auth client is instantiated

---
 service/service.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/service/service.go b/service/service.go
index 5236a51e..295b796e 100644
--- a/service/service.go
+++ b/service/service.go
@@ -287,7 +287,7 @@ func (svc *Service) Run(ctx context.Context, buildTime, gitCommit, version strin
 	if svc.config.EnablePrivateEndpoints {
 		svc.identityClient = clientsidentity.New(svc.config.ZebedeeURL)
 		// Get Permissions
-		authorisation, err = svc.serviceList.Init.DoGetAuthorisationMiddleware(ctx, svc.config.AuthConfig)
+		authorisation, err = svc.serviceList.GetAuthorisationMiddleware(ctx, svc.config.AuthConfig)
 		if err != nil {
 			log.Fatal(ctx, "could not instantiate authorisation middleware", err)
 			return err