Zanzana: Add config options for Check and ListObjects queries (#94619)

* Zanzana: Add config options for Check and ListObjects queries * remove fixme * pass only zanzana settings
2025-02-25 18:55:37 -06:00 · 2024-10-14 13:44:47 +02:00 · 2024-10-14 13:44:47 +02:00 · fcfa4aa777
commit fcfa4aa777
parent 981aad6b77
5 changed files with 25 additions and 9 deletions
--- a/pkg/services/authz/zanzana.go
+++ b/pkg/services/authz/zanzana.go
@ -49,7 +49,7 @@ func ProvideZanzana(cfg *setting.Cfg, db db.DB, features featuremgmt.FeatureTogg
 			return nil, fmt.Errorf("failed to start zanzana: %w", err)
 		}

-		srv, err := zanzana.NewServer(store, logger)
+		srv, err := zanzana.NewServer(cfg, store, logger)
 		if err != nil {
 			return nil, fmt.Errorf("failed to start zanzana: %w", err)
 		}
@ -104,7 +104,7 @@ func (z *Zanzana) start(ctx context.Context) error {
 		return fmt.Errorf("failed to initilize zanana store: %w", err)
 	}

-	srv, err := zanzana.NewServer(store, z.logger)
+	srv, err := zanzana.NewServer(z.cfg, store, z.logger)
 	if err != nil {
 		return fmt.Errorf("failed to start zanzana: %w", err)
 	}
--- a/pkg/services/authz/zanzana/client/client_test.go
+++ b/pkg/services/authz/zanzana/client/client_test.go
@ -107,7 +107,7 @@ func zanzanaServerIntegrationTest(tb testing.TB) *inprocgrpc.Channel {
 	store, err := zstore.NewEmbeddedStore(cfg, db, logger)
 	require.NoError(tb, err)

-	srv, err := zserver.New(store, logger)
+	srv, err := zserver.New(&cfg.Zanzana, store, logger)
 	require.NoError(tb, err)

 	channel := &inprocgrpc.Channel{}
--- a/pkg/services/authz/zanzana/server.go
+++ b/pkg/services/authz/zanzana/server.go
@ -11,8 +11,8 @@ import (
 	zserver "github.com/grafana/grafana/pkg/services/authz/zanzana/server"
 )

-func NewServer(store storage.OpenFGADatastore, logger log.Logger) (*server.Server, error) {
-	return zserver.New(store, logger)
+func NewServer(cfg *setting.Cfg, store storage.OpenFGADatastore, logger log.Logger) (*server.Server, error) {
+	return zserver.New(&cfg.Zanzana, store, logger)
 }

 func StartOpenFGAHttpSever(cfg *setting.Cfg, srv grpcserver.Provider, logger log.Logger) error {
--- a/pkg/services/authz/zanzana/server/server.go
+++ b/pkg/services/authz/zanzana/server/server.go
@ -27,11 +27,14 @@ import (
 	zlogger "github.com/grafana/grafana/pkg/services/authz/zanzana/logger"
 )

-func New(store storage.OpenFGADatastore, logger log.Logger) (*server.Server, error) {
-	// FIXME(kalleep): add support for more options, tracing etc
+func New(cfg *setting.ZanzanaSettings, store storage.OpenFGADatastore, logger log.Logger) (*server.Server, error) {
 	opts := []server.OpenFGAServiceV1Option{
 		server.WithDatastore(store),
 		server.WithLogger(zlogger.New(logger)),
+		server.WithCheckQueryCacheEnabled(cfg.CheckQueryCache),
+		server.WithCheckQueryCacheTTL(cfg.CheckQueryCacheTTL),
+		server.WithListObjectsMaxResults(cfg.ListObjectsMaxResults),
+		server.WithListObjectsDeadline(cfg.ListObjectsDeadline),
 	}

 	// FIXME(kalleep): Interceptors
--- a/pkg/setting/settings_zanzana.go
+++ b/pkg/setting/settings_zanzana.go
@ -2,6 +2,7 @@ package setting

 import (
 	"slices"
+	"time"
 )

 type ZanzanaMode string
@ -20,11 +21,19 @@ type ZanzanaSettings struct {
 	ListenHTTP bool
 	// OpenFGA http server address which allows to connect with fga cli
 	HttpAddr string
-	// Number of check requests running concurrently
-	ConcurrentChecks int64
 	// If enabled, authorization cheks will be only performed by zanzana.
 	// This bypasses the performance comparison with the legacy system.
 	ZanzanaOnlyEvaluation bool
+	// Number of concurrent check requests running by Grafana.
+	ConcurrentChecks int64
+	// Enable cache for Check() requests
+	CheckQueryCache bool
+	// TTL for cached requests. Default is 10 seconds.
+	CheckQueryCacheTTL time.Duration
+	// Max number of results returned by ListObjects() query. Default is 1000.
+	ListObjectsMaxResults uint32
+	// Deadline for the ListObjects() query. Default is 3 seconds.
+	ListObjectsDeadline time.Duration
 }

 func (cfg *Cfg) readZanzanaSettings() {
@ -45,6 +54,10 @@ func (cfg *Cfg) readZanzanaSettings() {
 	s.HttpAddr = sec.Key("http_addr").MustString("127.0.0.1:8080")
 	s.ConcurrentChecks = sec.Key("concurrent_checks").MustInt64(10)
 	s.ZanzanaOnlyEvaluation = sec.Key("zanzana_only_evaluation").MustBool(false)
+	s.CheckQueryCache = sec.Key("check_query_cache").MustBool(true)
+	s.CheckQueryCacheTTL = sec.Key("check_query_cache_ttl").MustDuration(10 * time.Second)
+	s.ListObjectsDeadline = sec.Key("list_objects_deadline").MustDuration(3 * time.Second)
+	s.ListObjectsMaxResults = uint32(sec.Key("list_objects_max_results").MustUint(1000))

 	cfg.Zanzana = s
 }