IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
3fa8df6b6244bb96f44b63467bc8161e0015871c
grafana/pkg/services/authz
History
Alexander Zobnin 1366197522 Zanzana: Search with check server side (#96268) 
* pass zclient into dashboard service

* Search then check implementation

* Use GetNamespace() for user

* remove unused orgID

* simple batch check

* refactor

* add tests

* fix batchCheckItem

* client implements batch check

* use batch check in search

* remove unused

* remove All field from response

* refactor: extract checkNamespace

* fix search result uniqueness

* comment fix

* Apply suggestions from code review

Co-authored-by: Karl Persson <kalle.persson@grafana.com>

* refactor

* cleanup

* remove unnecessary check

* fix tests

* fix protobuf def

* Fix query page

* fix type

---------

Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2024-11-18 14:01:28 +01:00
..
mappers
AuthZ: Implement Check (#95162)
2024-10-25 14:57:39 +02:00
proto/v1
Zanzana: Search with check server side (#96268)
2024-11-18 14:01:28 +01:00
zanzana
Zanzana: Search with check server side (#96268)
2024-11-18 14:01:28 +01:00
client.go
AuthZ: Implement Check (#95162)
2024-10-25 14:57:39 +02:00
config.go
AuthZ: Refactor authentication modes for the Authz package (#95120)
2024-10-22 13:38:59 +02:00
README.md
AuthZ: Refactor authentication modes for the Authz package (#95120)
2024-10-22 13:38:59 +02:00
server_test.go
AuthZ: Implement Check (#95162)
2024-10-25 14:57:39 +02:00
server.go
AuthZ: Implement Check (#95162)
2024-10-25 14:57:39 +02:00
wireset.go
Zanzana: Initial work to run openFGA as embedded or standalone service (#89211)
2024-06-18 10:04:18 +02:00
zanzana.go
Authz: Move extension proto up a layer (#96254)
2024-11-12 10:19:12 +01:00

README.md

Authorization

This package contains the authorization server implementation.

Feature toggles

The following feature toggles need to be activated:

[feature_toggles]
authZGRPCServer = true
grpcServer = true

Configuration

To configure the authorization server and client, use the "authorization" section of the configuration ini file.

The remote_address setting, specifies the address where the authorization server is located (ex: server.example.org:10000).

The mode setting can be set to either grpc or inproc. When set to grpc, the client will connect to the specified address. When set to inproc the client will use inprocgrpc (relying on go channels) to wrap a local instantiation of the server.

The listen setting determines whether the authorization server should listen for incoming requests. When set to true, the authorization service will be registered to the Grafana GRPC server.

The default configuration does not register the authorization service on the Grafana GRPC server and binds the client to it inproc:

[authorization]
remote_address = ""
listen = false
mode = "inproc"

Example

Here is an example to connect the authorization client to a remote grpc server.

[authorization]
remote_address = "server.example.org:10000"
listen = false
mode = "grpc"

Here is an example to register the authorization service on the Grafana GRPC server and connect the client to it through grpc.

app_mode = development

[authorization]
remote_address = "localhost:10000"
listen = true
mode = "grpc"

Here is an example to connect the authorization client to a remote grpc server and use access token authentication.

[environment]
stack_id = 11

[authorization]
remote_address = "server.example.org:10000"
mode = "grpc"
listen = false

[grpc_client_authentication]
token = "ReplaceWithToken"
token_exchange_url = "signing-server.example.org/path/to/signing"
token_namespace = "stacks-11"