K8s: remove standalone authenticator in favor of providing one through the factory (#85901)

2025-02-25 18:55:37 -06:00 · 2024-04-11 12:30:23 -07:00
parent 1031c2f1d2
commit a39fe593c2
9 changed files with 12 additions and 186 deletions
--- a/pkg/services/apiserver/options/options.go
+++ b/pkg/services/apiserver/options/options.go
@@ -12,6 +12,7 @@ import (

 type OptionsProvider interface {
 	AddFlags(fs *pflag.FlagSet)
+	ApplyTo(config *genericapiserver.RecommendedConfig) error
 	ValidateOptions() []error
 }

--- a/pkg/services/apiserver/standalone/factory.go
+++ b/pkg/services/apiserver/standalone/factory.go
@@ -8,6 +8,7 @@ import (
 	"github.com/prometheus/client_golang/prometheus"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	genericapiserver "k8s.io/apiserver/pkg/server"

 	"github.com/grafana/grafana/pkg/apis/datasource/v0alpha1"
 	"github.com/grafana/grafana/pkg/apiserver/builder"
@@ -62,6 +63,10 @@ func (p *DummyAPIFactory) GetEnabled(runtime []RuntimeConfig) ([]schema.GroupVer
 	return gv, nil
 }

+func (p *DummyAPIFactory) ApplyTo(config *genericapiserver.RecommendedConfig) error {
+	return nil
+}
+
 func (p *DummyAPIFactory) MakeAPIServer(tracer tracing.Tracer, gv schema.GroupVersion) (builder.APIGroupBuilder, error) {
 	if gv.Version != "v0alpha1" {
 		return nil, fmt.Errorf("only alpha supported now")
--- a/pkg/services/apiserver/standalone/options/authn.go
+++ b/pkg/services/apiserver/standalone/options/authn.go
@@ -1,9 +0,0 @@
-package options
-
-import "github.com/grafana/authlib/authn"
-
-func NewAuthnOptions() *AuthnOptions {
-	return &AuthnOptions{
-		IDVerifierConfig: &authn.IDVerifierConfig{},
-	}
-}
--- a/pkg/services/apiserver/standalone/options/options.go
+++ b/pkg/services/apiserver/standalone/options/options.go
@@ -7,8 +7,6 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	genericapiserver "k8s.io/apiserver/pkg/server"
 	genericoptions "k8s.io/apiserver/pkg/server/options"
-
-	"github.com/grafana/authlib/authn"
 )

 type Options struct {
@@ -17,7 +15,6 @@ type Options struct {
 	RecommendedOptions *genericoptions.RecommendedOptions
 	TracingOptions     *TracingOptions
 	MetricsOptions     *MetricsOptions
-	AuthnOptions       *AuthnOptions
 }

 func New(logger log.Logger, codec runtime.Codec) *Options {
@@ -27,7 +24,6 @@ func New(logger log.Logger, codec runtime.Codec) *Options {
 		RecommendedOptions: options.NewRecommendedOptions(codec),
 		TracingOptions:     NewTracingOptions(logger),
 		MetricsOptions:     NewMetrcicsOptions(logger),
-		AuthnOptions:       NewAuthnOptions(),
 	}
 }

@@ -37,7 +33,6 @@ func (o *Options) AddFlags(fs *pflag.FlagSet) {
 	o.RecommendedOptions.AddFlags(fs)
 	o.TracingOptions.AddFlags(fs)
 	o.MetricsOptions.AddFlags(fs)
-	o.AuthnOptions.AddFlags(fs)
 }

 func (o *Options) Validate() []error {
@@ -162,15 +157,3 @@ func (o *Options) ApplyTo(serverConfig *genericapiserver.RecommendedConfig) erro

 	return nil
 }
-
-type AuthnOptions struct {
-	IDVerifierConfig *authn.IDVerifierConfig
-}
-
-func (authOpts *AuthnOptions) AddFlags(fs *pflag.FlagSet) {
-	prefix := "grafana.authn"
-	fs.StringVar(&authOpts.IDVerifierConfig.SigningKeysURL, prefix+".signing-keys-url", "", "URL to jwks endpoint")
-
-	audience := fs.StringSlice(prefix+".allowed-audiences", []string{}, "Specifies a comma-separated list of allowed audiences.")
-	authOpts.IDVerifierConfig.AllowedAudiences = *audience
-}