IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-16 18:34:52 -06:00
Code Issues Packages Projects Releases Wiki Activity

remove client side namespace extractor

Browse Source
This commit is contained in:
Claudiu Dragalina-Paraipan 2024-10-14 20:43:48 +03:00
parent 742295c89a
commit f5c2c79981
1 changed files with 0 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
pkg/storage/unified/resource/client.go
View File

@ -12,7 +12,6 @@ import (
"github.com/go-jose/go-jose/v3"
"github.com/go-jose/go-jose/v3/jwt"
authnlib "github.com/grafana/authlib/authn"
authzlib "github.com/grafana/authlib/authz"
"github.com/grafana/authlib/claims"
grpcAuth "github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/auth"
"google.golang.org/grpc"
@ -89,7 +88,6 @@ func NewGRPCResourceClient(conn *grpc.ClientConn) (ResourceClient, error) {
&authnlib.GrpcClientConfig{},
authnlib.WithDisableAccessTokenOption(),
authnlib.WithIDTokenExtractorOption(idTokenExtractor),
authnlib.WithMetadataExtractorOption(namespaceExtractor),
)
if err != nil {
return nil, err
@ -113,7 +111,6 @@ func NewCloudResourceClient(conn *grpc.ClientConn, cfg *setting.Cfg) (ResourceCl
opts := []authnlib.GrpcClientInterceptorOption{
authnlib.WithIDTokenExtractorOption(idTokenExtractor),
authnlib.WithMetadataExtractorOption(namespaceCloudExtractor(cfg.StackID)),
}
if cfg.Env == setting.Dev {
@ -160,26 +157,6 @@ func idTokenExtractor(ctx context.Context) (string, error) {
return "", fmt.Errorf("id-token not found")
}
func namespaceExtractor(ctx context.Context) (string, []string, error) {
// Using identity.Requester instead of claims.AuthInfo because Namespace() relies on AllowedKubernetesNamespace, which is empty.
caller, err := identity.GetRequester(ctx)
if err != nil {
return "", nil, err
}
namespace := caller.GetAllowedKubernetesNamespace()
if namespace == "" {
namespace = claims.OrgNamespaceFormatter(caller.GetOrgID())
}
return authzlib.DefaultNamespaceMetadataKey, []string{namespace}, nil
}
func namespaceCloudExtractor(stackID string) func(ctx context.Context) (key string, values []string, err error) {
return func(ctx context.Context) (key string, values []string, err error) {
return authzlib.DefaultNamespaceMetadataKey, []string{"stacks-" + stackID}, nil
}
}
func allowInsecureTransportOpt(grpcClientConfig *authnlib.GrpcClientConfig, opts []authnlib.GrpcClientInterceptorOption) []authnlib.GrpcClientInterceptorOption {
client := &http.Client{Transport: &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}}
tokenClient, _ := authnlib.NewTokenExchangeClient(*grpcClientConfig.TokenClientConfig, authnlib.WithHTTPClient(client))