IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-12-01 04:59:15 -06:00
Code Issues Packages Projects Releases Wiki Activity

AuthN: Use fetch user sync hook for render keys connected to a user (#84080)

Browse Source 
* Use fetch user sync hook for render keys connected to a user
This commit is contained in:
Karl Persson 2024-03-12 09:15:14 +01:00 committed by GitHub
parent f50624d257
commit 6ea9f0c447
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 20 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/services/authn/authnimpl/service.go
View File

@ -89,7 +89,7 @@ func ProvideService(
usageStats.RegisterMetricsFunc(s.getUsageStats) usageStats.RegisterMetricsFunc(s.getUsageStats)
s.RegisterClient(clients.ProvideRender(userService, renderService)) s.RegisterClient(clients.ProvideRender(renderService))
s.RegisterClient(clients.ProvideAPIKey(apikeyService)) s.RegisterClient(clients.ProvideAPIKey(apikeyService))
if cfg.LoginCookieName != "" { if cfg.LoginCookieName != "" {

37
pkg/services/authn/clients/render.go
View File

@ -8,7 +8,6 @@ import (
"github.com/grafana/grafana/pkg/services/login" "github.com/grafana/grafana/pkg/services/login"
"github.com/grafana/grafana/pkg/services/org" "github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/services/rendering" "github.com/grafana/grafana/pkg/services/rendering"
"github.com/grafana/grafana/pkg/services/user"
"github.com/grafana/grafana/pkg/util/errutil" "github.com/grafana/grafana/pkg/util/errutil"
) )
@ -22,12 +21,11 @@ const (
var _ authn.ContextAwareClient = new(Render) var _ authn.ContextAwareClient = new(Render)
func ProvideRender(userService user.Service, renderService rendering.Service) *Render { func ProvideRender(renderService rendering.Service) *Render {
return &Render{userService, renderService} return &Render{renderService}
} }
type Render struct { type Render struct {
userService user.Service
renderService rendering.Service renderService rendering.Service
} }
@ -42,26 +40,23 @@ func (c *Render) Authenticate(ctx context.Context, r *authn.Request) (*authn.Ide
return nil, errInvalidRenderKey.Errorf("found no render user for key: %s", key) return nil, errInvalidRenderKey.Errorf("found no render user for key: %s", key)
} }
var identity *authn.Identity
if renderUsr.UserID <= 0 { if renderUsr.UserID <= 0 {
identity = &authn.Identity{ return &authn.Identity{
ID: authn.NamespacedID(authn.NamespaceRenderService, 0), ID: authn.NamespacedID(authn.NamespaceRenderService, 0),
OrgID: renderUsr.OrgID, OrgID: renderUsr.OrgID,
OrgRoles: map[int64]org.RoleType{renderUsr.OrgID: org.RoleType(renderUsr.OrgRole)}, OrgRoles: map[int64]org.RoleType{renderUsr.OrgID: org.RoleType(renderUsr.OrgRole)},
ClientParams: authn.ClientParams{SyncPermissions: true}, ClientParams: authn.ClientParams{SyncPermissions: true},
} LastSeenAt: time.Now(),
} else { AuthenticatedBy: login.RenderModule,
usr, err := c.userService.GetSignedInUserWithCacheCtx(ctx, &user.GetSignedInUserQuery{UserID: renderUsr.UserID, OrgID: renderUsr.OrgID}) }, nil
if err != nil {
return nil, err
}
identity = authn.IdentityFromSignedInUser(authn.NamespacedID(authn.NamespaceUser, usr.UserID), usr, authn.ClientParams{SyncPermissions: true}, login.RenderModule)
} }
identity.LastSeenAt = time.Now() return &authn.Identity{
identity.AuthenticatedBy = login.RenderModule ID: authn.NamespacedID(authn.NamespaceUser, renderUsr.UserID),
return identity, nil LastSeenAt: time.Now(),
AuthenticatedBy: login.RenderModule,
ClientParams: authn.ClientParams{FetchSyncedUser: true, SyncPermissions: true},
}, nil
} }
func (c *Render) Test(ctx context.Context, r *authn.Request) bool { func (c *Render) Test(ctx context.Context, r *authn.Request) bool {

19
pkg/services/authn/clients/render_test.go
View File

@ -13,8 +13,6 @@ import (
"github.com/grafana/grafana/pkg/services/login" "github.com/grafana/grafana/pkg/services/login"
"github.com/grafana/grafana/pkg/services/org" "github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/services/rendering" "github.com/grafana/grafana/pkg/services/rendering"
"github.com/grafana/grafana/pkg/services/user"
"github.com/grafana/grafana/pkg/services/user/usertest"
) )
func TestRender_Authenticate(t *testing.T) { func TestRender_Authenticate(t *testing.T) {
@ -23,7 +21,6 @@ func TestRender_Authenticate(t *testing.T) {
renderKey string renderKey string
req *authn.Request req *authn.Request
expectedErr error expectedErr error
expectedUsr *user.SignedInUser
expectedIdentity *authn.Identity expectedIdentity *authn.Identity
expectedRenderUsr *rendering.RenderUser expectedRenderUsr *rendering.RenderUser
} }
@ -60,23 +57,13 @@ func TestRender_Authenticate(t *testing.T) {
}, },
expectedIdentity: &authn.Identity{ expectedIdentity: &authn.Identity{
ID: "user:1", ID: "user:1",
OrgID: 1,
OrgName: "test",
OrgRoles: map[int64]org.RoleType{1: org.RoleAdmin},
IsGrafanaAdmin: boolPtr(false),
AuthenticatedBy: login.RenderModule, AuthenticatedBy: login.RenderModule,
ClientParams: authn.ClientParams{SyncPermissions: true}, ClientParams: authn.ClientParams{FetchSyncedUser: true, SyncPermissions: true},
}, },
expectedRenderUsr: &rendering.RenderUser{ expectedRenderUsr: &rendering.RenderUser{
OrgID: 1, OrgID: 1,
UserID: 1, UserID: 1,
}, },
expectedUsr: &user.SignedInUser{
UserID: 1,
OrgID: 1,
OrgName: "test",
OrgRole: "Admin",
},
}, },
{ {
desc: "expect error when render key is invalid", desc: "expect error when render key is invalid",
@ -97,7 +84,7 @@ func TestRender_Authenticate(t *testing.T) {
renderService := rendering.NewMockService(ctrl) renderService := rendering.NewMockService(ctrl)
renderService.EXPECT().GetRenderUser(gomock.Any(), tt.renderKey).Return(tt.expectedRenderUsr, tt.expectedRenderUsr != nil) renderService.EXPECT().GetRenderUser(gomock.Any(), tt.renderKey).Return(tt.expectedRenderUsr, tt.expectedRenderUsr != nil)
c := ProvideRender(&usertest.FakeUserService{ExpectedSignedInUser: tt.expectedUsr}, renderService) c := ProvideRender(renderService)
identity, err := c.Authenticate(context.Background(), tt.req) identity, err := c.Authenticate(context.Background(), tt.req)
if tt.expectedErr != nil { if tt.expectedErr != nil {
assert.ErrorIs(t, tt.expectedErr, err) assert.ErrorIs(t, tt.expectedErr, err)
@ -141,7 +128,7 @@ func TestRender_Test(t *testing.T) {
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.desc, func(t *testing.T) { t.Run(tt.desc, func(t *testing.T) {
c := ProvideRender(&usertest.FakeUserService{}, &rendering.MockService{}) c := ProvideRender(&rendering.MockService{})
assert.Equal(t, tt.expected, c.Test(context.Background(), tt.req)) assert.Equal(t, tt.expected, c.Test(context.Background(), tt.req))
}) })
} }