mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
allow using the legacy resource client via
This commit is contained in:
parent
a2c30f5328
commit
4a03ed7d7d
@ -90,6 +90,7 @@ func NewGrpcAuthenticatorWithFallback(cfg *setting.Cfg, reg prometheus.Registere
|
||||
}
|
||||
|
||||
func (f *AuthenticatorWithFallback) Authenticate(ctx context.Context) (context.Context, error) {
|
||||
origCtx := ctx
|
||||
// Try to authenticate with the new authenticator first
|
||||
ctx, err := f.authenticator.Authenticate(ctx)
|
||||
if err == nil {
|
||||
@ -97,7 +98,7 @@ func (f *AuthenticatorWithFallback) Authenticate(ctx context.Context) (context.C
|
||||
return ctx, nil
|
||||
} else if f.fallbackEnabled {
|
||||
// If the new authenticator failed and the fallback is enabled, try the legacy authenticator
|
||||
ctx, err = f.legacyAuthenticator.Authenticate(ctx)
|
||||
ctx, err = f.legacyAuthenticator.Authenticate(origCtx)
|
||||
f.metrics.fallbackCounter.WithLabelValues(fmt.Sprintf("%t", err == nil)).Inc()
|
||||
}
|
||||
return ctx, err
|
||||
|
@ -71,14 +71,12 @@ func ProvideService(cfg *setting.Cfg, features featuremgmt.FeatureToggles, authe
|
||||
}
|
||||
}
|
||||
|
||||
var opts []grpc.ServerOption
|
||||
|
||||
namespaceAuthz := grpcutils.NewNamespaceAuthorizer(cfg)
|
||||
|
||||
// Default auth is admin token check, but this can be overridden by
|
||||
// services which implement ServiceAuthFuncOverride interface.
|
||||
// See https://github.com/grpc-ecosystem/go-grpc-middleware/blob/main/interceptors/auth/auth.go#L30.
|
||||
opts = append(opts, []grpc.ServerOption{
|
||||
opts := []grpc.ServerOption{
|
||||
grpc.StatsHandler(otelgrpc.NewServerHandler()),
|
||||
grpc.ChainUnaryInterceptor(
|
||||
grpcAuth.UnaryServerInterceptor(authenticator.Authenticate),
|
||||
@ -92,7 +90,7 @@ func ProvideService(cfg *setting.Cfg, features featuremgmt.FeatureToggles, authe
|
||||
authzlib.StreamAuthorizeInterceptor(namespaceAuthz),
|
||||
middleware.StreamServerInstrumentInterceptor(grpcRequestDuration),
|
||||
),
|
||||
}...)
|
||||
}
|
||||
|
||||
if s.cfg.GRPCServerTLSConfig != nil {
|
||||
opts = append(opts, grpc.Creds(credentials.NewTLS(cfg.GRPCServerTLSConfig)))
|
||||
|
@ -77,7 +77,7 @@ func ProvideUnifiedStorageClient(
|
||||
}
|
||||
|
||||
// Create a client instance
|
||||
client, err := newResourceClient(conn, cfg)
|
||||
client, err := newResourceClient(ctx, conn, cfg, features)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -93,7 +93,11 @@ func ProvideUnifiedStorageClient(
|
||||
}
|
||||
}
|
||||
|
||||
func newResourceClient(conn *grpc.ClientConn, cfg *setting.Cfg) (resource.ResourceClient, error) {
|
||||
func newResourceClient(ctx context.Context, conn *grpc.ClientConn, cfg *setting.Cfg, features featuremgmt.FeatureToggles) (resource.ResourceClient, error) {
|
||||
if features.IsEnabled(ctx, featuremgmt.FlagAppPlatformGrpcClientAuth) {
|
||||
return resource.NewLegacyResourceClient(conn), nil
|
||||
}
|
||||
|
||||
clientConfig, err := grpcutils.ReadGrpcClientConfig(cfg)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -21,6 +21,7 @@ import (
|
||||
"github.com/grafana/grafana/pkg/services/auth"
|
||||
"github.com/grafana/grafana/pkg/services/authn/grpcutils"
|
||||
"github.com/grafana/grafana/pkg/setting"
|
||||
grpcUtils "github.com/grafana/grafana/pkg/storage/unified/resource/grpc"
|
||||
)
|
||||
|
||||
// TODO(drclau): decide on the audience for the resource store
|
||||
@ -39,6 +40,15 @@ type resourceClient struct {
|
||||
DiagnosticsClient
|
||||
}
|
||||
|
||||
func NewLegacyResourceClient(channel *grpc.ClientConn) ResourceClient {
|
||||
cc := grpchan.InterceptClientConn(channel, grpcUtils.UnaryClientInterceptor, grpcUtils.StreamClientInterceptor)
|
||||
return &resourceClient{
|
||||
ResourceStoreClient: NewResourceStoreClient(cc),
|
||||
ResourceIndexClient: NewResourceIndexClient(cc),
|
||||
DiagnosticsClient: NewDiagnosticsClient(cc),
|
||||
}
|
||||
}
|
||||
|
||||
func NewLocalResourceClient(server ResourceServer) ResourceClient {
|
||||
// scenario: local in-proc
|
||||
channel := &inprocgrpc.Channel{}
|
||||
|
Loading…
Reference in New Issue
Block a user