mirror of
https://github.com/grafana/grafana.git
synced 2024-12-27 09:21:35 -06:00
0704ae734f
* AuthZ: Fix authentication modes for the Authz package Co-Authored-By: Claudiu Dragalina-Paraipan <drclau@users.noreply.github.com>
66 lines
1.6 KiB
Go
66 lines
1.6 KiB
Go
package authz
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/grafana/grafana/pkg/setting"
|
|
)
|
|
|
|
type Mode string
|
|
|
|
func (s Mode) IsValid() bool {
|
|
switch s {
|
|
case ModeGRPC, ModeInProc:
|
|
return true
|
|
}
|
|
return false
|
|
}
|
|
|
|
const (
|
|
ModeGRPC Mode = "grpc"
|
|
ModeInProc Mode = "inproc"
|
|
)
|
|
|
|
type Cfg struct {
|
|
remoteAddress string
|
|
listen bool
|
|
mode Mode
|
|
|
|
token string
|
|
tokenExchangeURL string
|
|
tokenNamespace string
|
|
|
|
allowInsecure bool
|
|
}
|
|
|
|
func ReadCfg(cfg *setting.Cfg) (*Cfg, error) {
|
|
authzSection := cfg.SectionWithEnvOverrides("authorization")
|
|
grpcClientAuthSection := cfg.SectionWithEnvOverrides("grpc_client_authentication")
|
|
|
|
mode := Mode(authzSection.Key("mode").MustString(string(ModeInProc)))
|
|
if !mode.IsValid() {
|
|
return nil, fmt.Errorf("authorization: invalid mode %q", mode)
|
|
}
|
|
|
|
token := grpcClientAuthSection.Key("token").MustString("")
|
|
tokenExchangeURL := grpcClientAuthSection.Key("token_exchange_url").MustString("")
|
|
tokenNamespace := grpcClientAuthSection.Key("token_namespace").MustString("stacks-" + cfg.StackID)
|
|
|
|
// When running in cloud mode, the token and tokenExchangeURL are required.
|
|
if mode == ModeGRPC && cfg.StackID != "" {
|
|
if token == "" || tokenExchangeURL == "" {
|
|
return nil, fmt.Errorf("authorization: missing token or tokenExchangeUrl")
|
|
}
|
|
}
|
|
|
|
return &Cfg{
|
|
remoteAddress: authzSection.Key("remote_address").MustString(""),
|
|
listen: authzSection.Key("listen").MustBool(false),
|
|
mode: mode,
|
|
token: token,
|
|
tokenExchangeURL: tokenExchangeURL,
|
|
tokenNamespace: tokenNamespace,
|
|
allowInsecure: cfg.Env == setting.Dev,
|
|
}, nil
|
|
}
|