allow using the legacy resource client via

This commit is contained in:
Claudiu Dragalina-Paraipan 2024-10-14 15:59:08 +03:00
parent a2c30f5328
commit 4a03ed7d7d
4 changed files with 20 additions and 7 deletions

View File

@ -90,6 +90,7 @@ func NewGrpcAuthenticatorWithFallback(cfg *setting.Cfg, reg prometheus.Registere
}
func (f *AuthenticatorWithFallback) Authenticate(ctx context.Context) (context.Context, error) {
origCtx := ctx
// Try to authenticate with the new authenticator first
ctx, err := f.authenticator.Authenticate(ctx)
if err == nil {
@ -97,7 +98,7 @@ func (f *AuthenticatorWithFallback) Authenticate(ctx context.Context) (context.C
return ctx, nil
} else if f.fallbackEnabled {
// If the new authenticator failed and the fallback is enabled, try the legacy authenticator
ctx, err = f.legacyAuthenticator.Authenticate(ctx)
ctx, err = f.legacyAuthenticator.Authenticate(origCtx)
f.metrics.fallbackCounter.WithLabelValues(fmt.Sprintf("%t", err == nil)).Inc()
}
return ctx, err

View File

@ -71,14 +71,12 @@ func ProvideService(cfg *setting.Cfg, features featuremgmt.FeatureToggles, authe
}
}
var opts []grpc.ServerOption
namespaceAuthz := grpcutils.NewNamespaceAuthorizer(cfg)
// Default auth is admin token check, but this can be overridden by
// services which implement ServiceAuthFuncOverride interface.
// See https://github.com/grpc-ecosystem/go-grpc-middleware/blob/main/interceptors/auth/auth.go#L30.
opts = append(opts, []grpc.ServerOption{
opts := []grpc.ServerOption{
grpc.StatsHandler(otelgrpc.NewServerHandler()),
grpc.ChainUnaryInterceptor(
grpcAuth.UnaryServerInterceptor(authenticator.Authenticate),
@ -92,7 +90,7 @@ func ProvideService(cfg *setting.Cfg, features featuremgmt.FeatureToggles, authe
authzlib.StreamAuthorizeInterceptor(namespaceAuthz),
middleware.StreamServerInstrumentInterceptor(grpcRequestDuration),
),
}...)
}
if s.cfg.GRPCServerTLSConfig != nil {
opts = append(opts, grpc.Creds(credentials.NewTLS(cfg.GRPCServerTLSConfig)))

View File

@ -77,7 +77,7 @@ func ProvideUnifiedStorageClient(
}
// Create a client instance
client, err := newResourceClient(conn, cfg)
client, err := newResourceClient(ctx, conn, cfg, features)
if err != nil {
return nil, err
}
@ -93,7 +93,11 @@ func ProvideUnifiedStorageClient(
}
}
func newResourceClient(conn *grpc.ClientConn, cfg *setting.Cfg) (resource.ResourceClient, error) {
func newResourceClient(ctx context.Context, conn *grpc.ClientConn, cfg *setting.Cfg, features featuremgmt.FeatureToggles) (resource.ResourceClient, error) {
if features.IsEnabled(ctx, featuremgmt.FlagAppPlatformGrpcClientAuth) {
return resource.NewLegacyResourceClient(conn), nil
}
clientConfig, err := grpcutils.ReadGrpcClientConfig(cfg)
if err != nil {
return nil, err

View File

@ -21,6 +21,7 @@ import (
"github.com/grafana/grafana/pkg/services/auth"
"github.com/grafana/grafana/pkg/services/authn/grpcutils"
"github.com/grafana/grafana/pkg/setting"
grpcUtils "github.com/grafana/grafana/pkg/storage/unified/resource/grpc"
)
// TODO(drclau): decide on the audience for the resource store
@ -39,6 +40,15 @@ type resourceClient struct {
DiagnosticsClient
}
func NewLegacyResourceClient(channel *grpc.ClientConn) ResourceClient {
cc := grpchan.InterceptClientConn(channel, grpcUtils.UnaryClientInterceptor, grpcUtils.StreamClientInterceptor)
return &resourceClient{
ResourceStoreClient: NewResourceStoreClient(cc),
ResourceIndexClient: NewResourceIndexClient(cc),
DiagnosticsClient: NewDiagnosticsClient(cc),
}
}
func NewLocalResourceClient(server ResourceServer) ResourceClient {
// scenario: local in-proc
channel := &inprocgrpc.Channel{}