mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00

History

Alexander Zobnin 5d724c2482 Zanzana: Initial dashboard search (#93093 ) * Zanzana: Search in a background and compare results * refactor * Search with check * instrument zanzana client * add single_read option * refactor * refactor move check into separate function * Fix tests * refactor * refactor getFindDashboardsFn * add resource type to span attributes * run ListObjects concurrently * Use list and search in less cases * adjust metrics buckets * refactor: move Check and ListObjects to AccessControl implementation * Revert "Fix tests" This reverts commit `b0c2f072a2`. * refactor: use own types for Check and ListObjects inside accesscontrol package * Fix search scenario with low limit and empty query string * more accurate search with checks * revert * fix linter * Revert "revert" This reverts commit `ee5f14eea8`. * add search errors metric * fix query performance under some conditions * simplify check strategy * fix pagination * refactor findDashboardsZanzanaList * Iterate over multiple pages while making check request * refactor listUserResources * avoid unnecessary db call * remove unused zclient * Add notes for SkipAccessControlFilter * use more accurate check loop * always use check for search with provided UIDs * rename single_read to zanzana_only_evaluation * refactor * update go workspace * fix linter * don't use deprecated fields * refactor * fail if no org specified * refactor * initial integration tests * Fix tests * fix linter errors * fix linter * Fix tests * review suggestions Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * fix limit * refactor * refactor tests * fix db config in tests * fix migrator (postgres) --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>		2024-10-04 12:27:10 +02:00
..
zanzana	Zanzana: Initial dashboard search (#93093 )	2024-10-04 12:27:10 +02:00
client.go	K8s: namespace mapper should use authlib's util (#92332 )	2024-08-27 15:01:42 -07:00
config.go	[authz]: use authlib client (#91205 )	2024-07-30 17:49:46 +03:00
README.md	AuthZ: GRPC client init and config options (#89161 )	2024-06-18 06:13:24 +02:00
server.go	Identity: Remove typed id (#91801 )	2024-08-13 10:18:28 +02:00
wireset.go	Zanzana: Initial work to run openFGA as embedded or standalone service (#89211 )	2024-06-18 10:04:18 +02:00
zanzana.go	Zanzana: Run OpenFGA HTTP server in standalone mode (#89914 )	2024-07-02 11:14:09 +02:00

README.md

Authorization

This package contains the authorization server implementation.

Feature toggles

The following feature toggles need to be activated:

[feature_toggles]
authZGRPCServer = true
grpcServer = true

Configuration

To configure the authorization server and client, use the "authorization" section of the configuration ini file.

The remote_address setting, specifies the address where the authorization server is located (ex: server.example.org:10000).

The mode setting can be set to either grpc or inproc. When set to grpc, the client will connect to the specified address. When set to inproc the client will use inprocgrpc (relying on go channels) to wrap a local instantiation of the server.

The listen setting determines whether the authorization server should listen for incoming requests. When set to true, the authorization service will be registered to the Grafana GRPC server.

The default configuration does not register the authorization service on the Grafana GRPC server and binds the client to it inproc:

[authorization]
remote_address = ""
listen = false
mode = "inproc"

Example

Here is an example to connect the authorization client to a remote grpc server.

[authorization]
remote_address = "server.example.org:10000"
mode = "grpc"

Here is an example to register the authorization service on the Grafana GRPC server and connect the client to it through grpc

[authorization]
remote_address = "localhost:10000"
listen = true
mode = "grpc"