remove the NamespaceAuthorizer

The NamespaceAuthorizer would fail in legacy mode. It will be added back in the future.
This commit is contained in:
Claudiu Dragalina-Paraipan 2024-10-14 18:37:22 +03:00
parent 4a03ed7d7d
commit ffdc301718
2 changed files with 0 additions and 36 deletions

View File

@ -1,30 +0,0 @@
package grpcutils
import (
authzlib "github.com/grafana/authlib/authz"
"github.com/grafana/authlib/claims"
"github.com/grafana/grafana/pkg/setting"
)
func NewNamespaceAuthorizer(cfg *setting.Cfg) authzlib.AuthorizeFunc {
var na authzlib.NamespaceAccessChecker
if cfg.StackID != "" {
na = authzlib.NewNamespaceAccessChecker(
claims.CloudNamespaceFormatter,
authzlib.WithIDTokenNamespaceAccessCheckerOption(true),
)
} else {
na = authzlib.NewNamespaceAccessChecker(
claims.OrgNamespaceFormatter,
authzlib.WithDisableAccessTokenNamespaceAccessCheckerOption(),
authzlib.WithIDTokenNamespaceAccessCheckerOption(true),
)
}
return authzlib.NamespaceAuthorizationFunc(
na,
authzlib.MetadataNamespaceExtractor(authzlib.DefaultNamespaceMetadataKey),
)
}

View File

@ -6,7 +6,6 @@ import (
"net"
"time"
authzlib "github.com/grafana/authlib/authz"
"github.com/grafana/dskit/instrument"
"github.com/grafana/dskit/middleware"
"github.com/grafana/grafana-plugin-sdk-go/backend"
@ -19,7 +18,6 @@ import (
"github.com/grafana/grafana/pkg/infra/log"
"github.com/grafana/grafana/pkg/infra/tracing"
"github.com/grafana/grafana/pkg/registry"
"github.com/grafana/grafana/pkg/services/authn/grpcutils"
"github.com/grafana/grafana/pkg/services/featuremgmt"
"github.com/grafana/grafana/pkg/services/grpcserver/interceptors"
"github.com/grafana/grafana/pkg/setting"
@ -71,8 +69,6 @@ func ProvideService(cfg *setting.Cfg, features featuremgmt.FeatureToggles, authe
}
}
namespaceAuthz := grpcutils.NewNamespaceAuthorizer(cfg)
// Default auth is admin token check, but this can be overridden by
// services which implement ServiceAuthFuncOverride interface.
// See https://github.com/grpc-ecosystem/go-grpc-middleware/blob/main/interceptors/auth/auth.go#L30.
@ -80,14 +76,12 @@ func ProvideService(cfg *setting.Cfg, features featuremgmt.FeatureToggles, authe
grpc.StatsHandler(otelgrpc.NewServerHandler()),
grpc.ChainUnaryInterceptor(
grpcAuth.UnaryServerInterceptor(authenticator.Authenticate),
authzlib.UnaryAuthorizeInterceptor(namespaceAuthz),
interceptors.LoggingUnaryInterceptor(s.cfg, s.logger), // needs to be registered after tracing interceptor to get trace id
middleware.UnaryServerInstrumentInterceptor(grpcRequestDuration),
),
grpc.ChainStreamInterceptor(
interceptors.TracingStreamInterceptor(tracer),
grpcAuth.StreamServerInterceptor(authenticator.Authenticate),
authzlib.StreamAuthorizeInterceptor(namespaceAuthz),
middleware.StreamServerInstrumentInterceptor(grpcRequestDuration),
),
}