IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix trace

Browse Source
This commit is contained in:
gamab 2024-09-03 14:43:22 +02:00
parent d09e14c26a
commit 755485751e
No known key found for this signature in database
GPG Key ID: 88D8810B587562C1
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/services/authz/server.go
View File

@ -48,9 +48,12 @@ func newLegacyServer(
// AuthFuncOverride is a function that allows to override the default auth function. // AuthFuncOverride is a function that allows to override the default auth function.
// This override is only allowed in development mode as we skip all authentication checks. // This override is only allowed in development mode as we skip all authentication checks.
func (s *legacyServer) AuthFuncOverride(ctx context.Context, _ string) (context.Context, error) { func (s *legacyServer) AuthFuncOverride(ctx context.Context, _ string) (context.Context, error) {
ctx, span := s.tracer.Start(ctx, "authz.AuthFuncOverride")
defer span.End()
if !s.cfg.allowInsecure { if !s.cfg.allowInsecure {
s.logger.Error("AuthFuncOverride is not allowed in production mode") s.logger.Error("AuthFuncOverride is not allowed in production mode")
return nil, tracing.Errorf(nil, "AuthFuncOverride is not allowed in production mode") return nil, tracing.Errorf(span, "AuthFuncOverride is not allowed in production mode")
} }
return ctx, nil return ctx, nil
} }
@ -58,9 +61,12 @@ func (s *legacyServer) AuthFuncOverride(ctx context.Context, _ string) (context.
// AuthorizeFuncOverride is a function that allows to override the default authorize function that checks the namespace of the caller. // AuthorizeFuncOverride is a function that allows to override the default authorize function that checks the namespace of the caller.
// We skip all authorization checks in development mode. Once we have access tokens, we need to do namespace validation in the Read handler. // We skip all authorization checks in development mode. Once we have access tokens, we need to do namespace validation in the Read handler.
func (s *legacyServer) AuthorizeFuncOverride(ctx context.Context) error { func (s *legacyServer) AuthorizeFuncOverride(ctx context.Context) error {
_, span := s.tracer.Start(ctx, "authz.AuthorizeFuncOverride")
defer span.End()
if !s.cfg.allowInsecure { if !s.cfg.allowInsecure {
s.logger.Error("AuthorizeFuncOverride is not allowed in production mode") s.logger.Error("AuthorizeFuncOverride is not allowed in production mode")
return tracing.Errorf(nil, "AuthorizeFuncOverride is not allowed in production mode") return tracing.Errorf(span, "AuthorizeFuncOverride is not allowed in production mode")
} }
return nil return nil
} }