IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity
02a61f4046
grafana/pkg/services/authz/server.go
Karl Persson 8bcd9c2594
Identity: Remove typed id (#91801) 
* Refactor identity struct to store type in separate field

* Update ResolveIdentity to take string representation of typedID

* Add IsIdentityType to requester interface

* Use IsIdentityType from interface

* Remove usage of TypedID

* Remote typedID struct

* fix GetInternalID
2024-08-13 10:18:28 +02:00

78 lines
2.1 KiB
Go
Raw Blame History

package authz
import (
"context"
authzv1 "github.com/grafana/authlib/authz/proto/v1"
"github.com/grafana/grafana/pkg/infra/log"
"github.com/grafana/grafana/pkg/infra/tracing"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/featuremgmt"
"github.com/grafana/grafana/pkg/services/grpcserver"
)
var _ authzv1.AuthzServiceServer = (*legacyServer)(nil)
type legacyServer struct {
authzv1.UnimplementedAuthzServiceServer
acSvc accesscontrol.Service
logger log.Logger
tracer tracing.Tracer
}
func newLegacyServer(
acSvc accesscontrol.Service, features featuremgmt.FeatureToggles,
grpcServer grpcserver.Provider, tracer tracing.Tracer, cfg *Cfg,
) (*legacyServer, error) {
if !features.IsEnabledGlobally(featuremgmt.FlagAuthZGRPCServer) {
return nil, nil
}
s := &legacyServer{
acSvc: acSvc,
logger: log.New("authz-grpc-server"),
tracer: tracer,
}
if cfg.listen {
grpcServer.GetServer().RegisterService(&authzv1.AuthzService_ServiceDesc, s)
}
return s, nil
}
func (s *legacyServer) Read(ctx context.Context, req *authzv1.ReadRequest) (*authzv1.ReadResponse, error) {
ctx, span := s.tracer.Start(ctx, "authz.grpc.Read")
defer span.End()
// FIXME: once we have access tokens, we need to do namespace validation here
action := req.GetAction()
subject := req.GetSubject()
stackID := req.GetStackId() // TODO can we consider the stackID as the orgID?
ctxLogger := s.logger.FromContext(ctx)
ctxLogger.Debug("Read", "action", action, "subject", subject, "stackID", stackID)
permissions, err := s.acSvc.SearchUserPermissions(
ctx,
stackID,
accesscontrol.SearchOptions{Action: action, TypedID: subject},
)
if err != nil {
ctxLogger.Error("failed to search user permissions", "error", err)
return nil, tracing.Errorf(span, "failed to search user permissions: %w", err)
}
data := make([]*authzv1.ReadResponse_Data, 0, len(permissions))
for _, perm := range permissions {
data = append(data, &authzv1.ReadResponse_Data{Object: perm.Scope})
}
return &authzv1.ReadResponse{
Data: data,
Found: len(data) > 0,
}, nil
}
Reference in New Issue View Git Blame Copy Permalink