IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

AuthN: Register flags for grpc_server_authentication configuration (#97063)

Browse Source 
* AuthZServer: Add authenticator

* Add flags
This commit is contained in:
Gabriel MABILLE 2024-11-27 10:35:35 +01:00 committed by GitHub
parent 722af820a5
commit 6e2d3cae5e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/services/authn/grpcutils/config.go
View File

@ -3,6 +3,8 @@ package grpcutils
import (
"fmt"
"github.com/spf13/pflag"
"github.com/grafana/grafana/pkg/setting"
)
@ -26,6 +28,11 @@ type GrpcServerConfig struct {
AllowedAudiences []string
Mode Mode
LegacyFallback bool
AllowInsecure bool
}
func (c *GrpcServerConfig) AddFlags(fs *pflag.FlagSet) {
fs.StringVar(&c.SigningKeysURL, "grpc-server-authentication.signing-keys-url", "", "gRPC server authentication signing keys URL")
}
func ReadGrpcServerConfig(cfg *setting.Cfg) (*GrpcServerConfig, error) {
@ -41,6 +48,7 @@ func ReadGrpcServerConfig(cfg *setting.Cfg) (*GrpcServerConfig, error) {
AllowedAudiences: section.Key("allowed_audiences").Strings(","),
Mode: mode,
LegacyFallback: section.Key("legacy_fallback").MustBool(true),
AllowInsecure: cfg.Env == setting.Dev,
}, nil
}

10
pkg/services/authn/grpcutils/grpc_authenticator.go
View File

@ -27,11 +27,7 @@ func NewInProcGrpcAuthenticator() *authnlib.GrpcAuthenticator {
)
}
func NewGrpcAuthenticator(cfg *setting.Cfg, tracer tracing.Tracer) (*authnlib.GrpcAuthenticator, error) {
authCfg, err := ReadGrpcServerConfig(cfg)
if err != nil {
return nil, err
}
func NewGrpcAuthenticator(authCfg *GrpcServerConfig, tracer tracing.Tracer) (*authnlib.GrpcAuthenticator, error) {
grpcAuthCfg := authnlib.GrpcAuthenticatorConfig{
KeyRetrieverConfig: authnlib.KeyRetrieverConfig{
SigningKeysURL: authCfg.SigningKeysURL,
@ -42,7 +38,7 @@ func NewGrpcAuthenticator(cfg *setting.Cfg, tracer tracing.Tracer) (*authnlib.Gr
}
client := http.DefaultClient
if cfg.Env == setting.Dev {
if authCfg.AllowInsecure {
// allow insecure connections in development mode to facilitate testing
client = &http.Client{Transport: &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}}
}
@ -87,7 +83,7 @@ func NewGrpcAuthenticatorWithFallback(cfg *setting.Cfg, reg prometheus.Registere
return nil, err
}
authenticator, err := NewGrpcAuthenticator(cfg, tracer)
authenticator, err := NewGrpcAuthenticator(authCfg, tracer)
if err != nil {
return nil, err
}