IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
cc1d3d0f8ddc7613c8342ff45aad86ff1bc885a4
grafana/pkg/services/authz/server.go
Gabriel MABILLE 5f83fdef2c AuthZ: GRPC client init and config options (#89161)
2024-06-18 06:13:24 +02:00

69 lines
2.0 KiB
Go
Raw Blame History

package authz
import (
"context"
authzv1 "github.com/grafana/authlib/authz/proto/v1"
"github.com/grafana/grafana/pkg/infra/log"
"github.com/grafana/grafana/pkg/infra/tracing"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/featuremgmt"
"github.com/grafana/grafana/pkg/services/grpcserver"
)
var _ authzv1.AuthzServiceServer = (*legacyServer)(nil)
type legacyServer struct {
authzv1.UnimplementedAuthzServiceServer
acSvc accesscontrol.Service
logger log.Logger
tracer tracing.Tracer
}
func newLegacyServer(
acSvc accesscontrol.Service, features featuremgmt.FeatureToggles,
grpcServer grpcserver.Provider, tracer tracing.Tracer, cfg *Cfg,
) (*legacyServer, error) {
if !features.IsEnabledGlobally(featuremgmt.FlagAuthZGRPCServer) {
return nil, nil
}
s := &legacyServer{
acSvc: acSvc,
logger: log.New("authz-grpc-server"),
tracer: tracer,
}
if cfg.listen {
grpcServer.GetServer().RegisterService(&authzv1.AuthzService_ServiceDesc, s)
}
return s, nil
}
func (s *legacyServer) Read(ctx context.Context, req *authzv1.ReadRequest) (*authzv1.ReadResponse, error) {
ctx, span := s.tracer.Start(ctx, "authz.grpc.Read")
defer span.End()
action := req.GetAction()
subject := req.GetSubject()
stackID := req.GetStackId() // TODO can we consider the stackID as the orgID?
ctxLogger := s.logger.FromContext(ctx)
ctxLogger.Debug("Read", "action", action, "subject", subject, "stackID", stackID)
permissions, err := s.acSvc.SearchUserPermissions(ctx, stackID, accesscontrol.SearchOptions{NamespacedID: subject, Action: action})
if err != nil {
ctxLogger.Error("failed to search user permissions", "error", err)
return nil, tracing.Errorf(span, "failed to search user permissions: %w", err)
}
data := make([]*authzv1.ReadResponse_Data, 0, len(permissions))
for _, perm := range permissions {
data = append(data, &authzv1.ReadResponse_Data{Object: perm.Scope})
}
return &authzv1.ReadResponse{Data: data}, nil
}
Reference in New Issue View Git Blame Copy Permalink