IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

AuthZ: Introduce cloud mode (#96922)

Browse Source 
* AuthZ: Introduce cloud mode

* Update readme
This commit is contained in:
Gabriel MABILLE 2024-11-22 16:19:53 +01:00 committed by GitHub
parent c6848d4b68
commit 3c876f0208
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 14 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/services/authz/README.md
View File

@ -18,7 +18,7 @@ To configure the authorization server and client, use the "authorization" sectio
The `remote_address` setting, specifies the address where the authorization server is located (ex: `server.example.org:10000`).
The `mode` setting can be set to either `grpc` or `inproc`. When set to `grpc`, the client will connect to the specified address. When set to `inproc` the client will use inprocgrpc (relying on go channels) to wrap a local instantiation of the server.
The `mode` setting can be set to either `cloud`, `grpc` or `inproc`. When set to `cloud` (or `grpc`), the client will connect to the specified address. When set to `inproc` the client will use inprocgrpc (relying on go channels) to wrap a local instantiation of the server.
The `listen` setting determines whether the authorization server should listen for incoming requests. When set to `true`, the authorization service will be registered to the Grafana GRPC server.
@ -60,7 +60,7 @@ stack_id = 11
[authorization]
remote_address = "server.example.org:10000"
mode = "grpc"
mode = "cloud"
listen = false
[grpc_client_authentication]

20
pkg/services/authz/client.go
View File

@ -58,16 +58,14 @@ func ProvideAuthZClient(
return nil, err
}
case ModeGRPC:
if cfg.StackID == "" {
client, err = newGrpcLegacyClient(authCfg)
if err != nil {
return nil, err
}
} else {
client, err = newCloudLegacyClient(authCfg)
if err != nil {
return nil, err
}
client, err = newGrpcLegacyClient(authCfg)
if err != nil {
return nil, err
}
case ModeCloud:
client, err = newCloudLegacyClient(authCfg)
if err != nil {
return nil, err
}
}
@ -88,7 +86,7 @@ func ProvideStandaloneAuthZClient(
return nil, err
}
if cfg.StackID == "" {
if authCfg.mode == ModeGRPC {
return newGrpcLegacyClient(authCfg)
}
return newCloudLegacyClient(authCfg)

5
pkg/services/authz/config.go
View File

@ -10,13 +10,14 @@ type Mode string
func (s Mode) IsValid() bool {
switch s {
case ModeGRPC, ModeInProc:
case ModeGRPC, ModeInProc, ModeCloud:
return true
}
return false
}
const (
ModeCloud Mode = "cloud"
ModeGRPC Mode = "grpc"
ModeInProc Mode = "inproc"
)
@ -47,7 +48,7 @@ func ReadCfg(cfg *setting.Cfg) (*Cfg, error) {
tokenNamespace := grpcClientAuthSection.Key("token_namespace").MustString("stacks-" + cfg.StackID)
// When running in cloud mode, the token and tokenExchangeURL are required.
if mode == ModeGRPC && cfg.StackID != "" {
if mode == ModeCloud {
if token == "" || tokenExchangeURL == "" {
return nil, fmt.Errorf("authorization: missing token or tokenExchangeUrl")
}