mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
authz client cfg changes
- removed ModeCloud, relying on ModeGrpc and stackID instead to discover if we're running in Cloud - reusing settings from "grpc_client_authentication", instead of duplicating in "authorization" section Co-Authored-By: Gabriel MABILLE <gamab@users.noreply.github.com>
This commit is contained in:
parent
14a1021605
commit
84866a8a51
@ -57,14 +57,16 @@ func ProvideAuthZClient(
|
||||
return nil, err
|
||||
}
|
||||
case ModeGRPC:
|
||||
client, err = newGrpcLegacyClient(authCfg)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
case ModeCloud:
|
||||
client, err = newCloudLegacyClient(authCfg)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
if cfg.StackID == "" {
|
||||
client, err = newGrpcLegacyClient(authCfg)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
} else {
|
||||
client, err = newCloudLegacyClient(authCfg)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -10,7 +10,7 @@ type Mode string
|
||||
|
||||
func (s Mode) IsValid() bool {
|
||||
switch s {
|
||||
case ModeGRPC, ModeInProc, ModeCloud:
|
||||
case ModeGRPC, ModeInProc:
|
||||
return true
|
||||
}
|
||||
return false
|
||||
@ -19,7 +19,6 @@ func (s Mode) IsValid() bool {
|
||||
const (
|
||||
ModeGRPC Mode = "grpc"
|
||||
ModeInProc Mode = "inproc"
|
||||
ModeCloud Mode = "cloud"
|
||||
)
|
||||
|
||||
type Cfg struct {
|
||||
@ -35,28 +34,30 @@ type Cfg struct {
|
||||
}
|
||||
|
||||
func ReadCfg(cfg *setting.Cfg) (*Cfg, error) {
|
||||
section := cfg.SectionWithEnvOverrides("authorization")
|
||||
authorizationSection := cfg.SectionWithEnvOverrides("authorization")
|
||||
grpcClientAuthSection := cfg.SectionWithEnvOverrides("grpc_client_authentication")
|
||||
|
||||
mode := Mode(section.Key("mode").MustString(string(ModeInProc)))
|
||||
mode := Mode(authorizationSection.Key("mode").MustString(string(ModeInProc)))
|
||||
if !mode.IsValid() {
|
||||
return nil, fmt.Errorf("authorization: invalid mode %q", mode)
|
||||
}
|
||||
|
||||
token := section.Key("token").MustString("")
|
||||
tokenExchangeURL := section.Key("token_exchange_url").MustString("")
|
||||
tokenNamespace := section.Key("token_namespace").MustString("stack-" + cfg.StackID)
|
||||
token := grpcClientAuthSection.Key("token").MustString("")
|
||||
tokenExchangeURL := grpcClientAuthSection.Key("token_exchange_url").MustString("")
|
||||
tokenNamespace := grpcClientAuthSection.Key("token_namespace").MustString("stack-" + cfg.StackID)
|
||||
|
||||
if mode == ModeCloud && token == "" && tokenExchangeURL == "" {
|
||||
return nil, fmt.Errorf("authorization: missing token or tokenExchangeUrl")
|
||||
// When running in cloud mode, the token and tokenExchangeURL are required.
|
||||
if cfg.StackID != "" && token == "" && tokenExchangeURL == "" {
|
||||
return nil, fmt.Errorf("authorization: missing token or tokenExchangeUrl")
|
||||
}
|
||||
|
||||
return &Cfg{
|
||||
remoteAddress: section.Key("remote_address").MustString(""),
|
||||
listen: section.Key("listen").MustBool(false),
|
||||
remoteAddress: authorizationSection.Key("remote_address").MustString(""),
|
||||
listen: authorizationSection.Key("listen").MustBool(false),
|
||||
mode: mode,
|
||||
token: token,
|
||||
tokenExchangeURL: tokenExchangeURL,
|
||||
tokenNamespace: tokenNamespace,
|
||||
allowInsecure: cfg.Env == "development",
|
||||
allowInsecure: cfg.Env == setting.Dev,
|
||||
}, nil
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user