apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
59749 Commits
642 Branches
650 Tags
2.3 GiB
Tag: Branch: Tree: aa92dc860b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'aa92dc860b'
${ noResults }
grafana/pkg/services/authz/zanzana/client/client.go

74 lines
2.2 KiB
Raw Normal View History Unescape

Zanzana: Initial schema loading (#89492) * Zanzana: Dummy schema loading * Load authorzation model for client --------- Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2 years ago
package client
import (
"context"
Zanzana: Use authz client (#104037) * Zanzana: use client from authzlib * update go.sum * use user UID for debugging * Remove unused function
9 months ago
authzlib "github.com/grafana/authlib/authz"
Authlib: Use types package rather than claims (#99243)
12 months ago
authzv1 "github.com/grafana/authlib/authz/proto/v1"
authlib "github.com/grafana/authlib/types"
Zanzana: Perform shadow requests (#103444) * Zanzana: Execute checks in the background * add metrics * collect metrics * cleanup * shadow compile checker * add time metrics for compiler * run compile in parallel * prevent deadlock
9 months ago
"go.opentelemetry.io/otel"
"google.golang.org/grpc"
Authlib: Use types package rather than claims (#99243)
12 months ago
Zanzana: Initial schema loading (#89492) * Zanzana: Dummy schema loading * Load authorzation model for client --------- Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2 years ago
"github.com/grafana/grafana/pkg/infra/log"
Authz: Move extension proto up a layer (#96254) * Authz: Move extension proto up a layer * Lint
1 year ago
authzextv1 "github.com/grafana/grafana/pkg/services/authz/proto/v1"
Zanzana: Initial schema loading (#89492) * Zanzana: Dummy schema loading * Load authorzation model for client --------- Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2 years ago
)
Authlib: Use types package rather than claims (#99243)
12 months ago
var _ authlib.AccessClient = (*Client)(nil)
Zanzana: reconcile generic schema (#95492) * Rename to CheckObject * Implement authz.AccessClient * Move folder tree to reconciler and use new schema * Move shared functionality to common package * Add reconciler for managed permissions and resource translations * Add support for folder resources
1 year ago
Zanzana: Initial dashboard search (#93093) * Zanzana: Search in a background and compare results * refactor * Search with check * instrument zanzana client * add single_read option * refactor * refactor move check into separate function * Fix tests * refactor * refactor getFindDashboardsFn * add resource type to span attributes * run ListObjects concurrently * Use list and search in less cases * adjust metrics buckets * refactor: move Check and ListObjects to AccessControl implementation * Revert "Fix tests" This reverts commit b0c2f072a25029905fdbd26625fdc7a243d4a308. * refactor: use own types for Check and ListObjects inside accesscontrol package * Fix search scenario with low limit and empty query string * more accurate search with checks * revert * fix linter * Revert "revert" This reverts commit ee5f14eea8c2f69e0b59f4a5094d708ac58b0169. * add search errors metric * fix query performance under some conditions * simplify check strategy * fix pagination * refactor findDashboardsZanzanaList * Iterate over multiple pages while making check request * refactor listUserResources * avoid unnecessary db call * remove unused zclient * Add notes for SkipAccessControlFilter * use more accurate check loop * always use check for search with provided UIDs * rename single_read to zanzana_only_evaluation * refactor * update go workspace * fix linter * don't use deprecated fields * refactor * fail if no org specified * refactor * initial integration tests * Fix tests * fix linter errors * fix linter * Fix tests * review suggestions Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * fix limit * refactor * refactor tests * fix db config in tests * fix migrator (postgres) --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
1 year ago
var tracer = otel.Tracer("github.com/grafana/grafana/pkg/services/authz/zanzana/client")
Zanzana: Initial schema loading (#89492) * Zanzana: Dummy schema loading * Load authorzation model for client --------- Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2 years ago
type Client struct {
Zanzana: Use authz client (#104037) * Zanzana: use client from authzlib * update go.sum * use user UID for debugging * Remove unused function
9 months ago
logger log.Logger
authz authzv1.AuthzServiceClient
authzext authzextv1.AuthzExtentionServiceClient
authzlibclient *authzlib.ClientImpl
Zanzana: Use separate store for each org (#96015) * Move server init into server package * map store name to id * refactor model loading * pass namespace into reconcilers and collectors * refactor * Extend authz server with Read and Write methods * use new read/write in reconciler * implement server side read and write * Sync permissions for every org * handle namespace in check and list * split read and write * provide conditions * Fix client implementation * fix nil conditions * remove unused client code * use lock for store access * move type translators to common package * fix folder collector * fix store creation * remove unused AuthorizationModelId * fix server tests * fix linter
1 year ago
}
Zanzana: Split up settings into client and server sections (#99066) * Split up zanzana settings into client and server sections * Update workspace
12 months ago
func New(cc grpc.ClientConnInterface) (*Client, error) {
Zanzana: Use authz client (#104037) * Zanzana: use client from authzlib * update go.sum * use user UID for debugging * Remove unused function
9 months ago
authzlibclient := authzlib.NewClient(cc, authzlib.WithTracerClientOption(tracer))
Zanzana: Initial schema loading (#89492) * Zanzana: Dummy schema loading * Load authorzation model for client --------- Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2 years ago
c := &Client{
Zanzana: Use authz client (#104037) * Zanzana: use client from authzlib * update go.sum * use user UID for debugging * Remove unused function
9 months ago
authzlibclient: authzlibclient,
authz: authzv1.NewAuthzServiceClient(cc),
authzext: authzextv1.NewAuthzExtentionServiceClient(cc),
Zanzana: Improve server side error handling (#106378) * Zanzana: Split client and server logs * Zanzana: Improve error handling and logging * log internal error at the server side * refactor * improve errors for list request * update go modules * handle errors for read and write * refactor * reset go.mod changes
7 months ago
logger: log.New("zanzana.client"),
Zanzana: Initial schema loading (#89492) * Zanzana: Dummy schema loading * Load authorzation model for client --------- Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2 years ago
}
return c, nil
}
Authlib: Use types package rather than claims (#99243)
12 months ago
func (c *Client) Check(ctx context.Context, id authlib.AuthInfo, req authlib.CheckRequest) (authlib.CheckResponse, error) {
ctx, span := tracer.Start(ctx, "authlib.zanzana.client.Check")
Zanzana: Initial dashboard search (#93093) * Zanzana: Search in a background and compare results * refactor * Search with check * instrument zanzana client * add single_read option * refactor * refactor move check into separate function * Fix tests * refactor * refactor getFindDashboardsFn * add resource type to span attributes * run ListObjects concurrently * Use list and search in less cases * adjust metrics buckets * refactor: move Check and ListObjects to AccessControl implementation * Revert "Fix tests" This reverts commit b0c2f072a25029905fdbd26625fdc7a243d4a308. * refactor: use own types for Check and ListObjects inside accesscontrol package * Fix search scenario with low limit and empty query string * more accurate search with checks * revert * fix linter * Revert "revert" This reverts commit ee5f14eea8c2f69e0b59f4a5094d708ac58b0169. * add search errors metric * fix query performance under some conditions * simplify check strategy * fix pagination * refactor findDashboardsZanzanaList * Iterate over multiple pages while making check request * refactor listUserResources * avoid unnecessary db call * remove unused zclient * Add notes for SkipAccessControlFilter * use more accurate check loop * always use check for search with provided UIDs * rename single_read to zanzana_only_evaluation * refactor * update go workspace * fix linter * don't use deprecated fields * refactor * fail if no org specified * refactor * initial integration tests * Fix tests * fix linter errors * fix linter * Fix tests * review suggestions Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * fix limit * refactor * refactor tests * fix db config in tests * fix migrator (postgres) --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
1 year ago
defer span.End()
Zanzana: Use authz client (#104037) * Zanzana: use client from authzlib * update go.sum * use user UID for debugging * Remove unused function
9 months ago
return c.authzlibclient.Check(ctx, id, req)
Zanzana: reconcile generic schema (#95492) * Rename to CheckObject * Implement authz.AccessClient * Move folder tree to reconciler and use new schema * Move shared functionality to common package * Add reconciler for managed permissions and resource translations * Add support for folder resources
1 year ago
}
Authlib: Use types package rather than claims (#99243)
12 months ago
func (c *Client) Compile(ctx context.Context, id authlib.AuthInfo, req authlib.ListRequest) (authlib.ItemChecker, error) {
ctx, span := tracer.Start(ctx, "authlib.zanzana.client.Compile")
Zanzana: reconcile generic schema (#95492) * Rename to CheckObject * Implement authz.AccessClient * Move folder tree to reconciler and use new schema * Move shared functionality to common package * Add reconciler for managed permissions and resource translations * Add support for folder resources
1 year ago
defer span.End()
Zanzana: Use authz client (#104037) * Zanzana: use client from authzlib * update go.sum * use user UID for debugging * Remove unused function
9 months ago
return c.authzlibclient.Compile(ctx, id, req)
Zanzana: reconcile generic schema (#95492) * Rename to CheckObject * Implement authz.AccessClient * Move folder tree to reconciler and use new schema * Move shared functionality to common package * Add reconciler for managed permissions and resource translations * Add support for folder resources
1 year ago
}
Zanzana: Use separate store for each org (#96015) * Move server init into server package * map store name to id * refactor model loading * pass namespace into reconcilers and collectors * refactor * Extend authz server with Read and Write methods * use new read/write in reconciler * implement server side read and write * Sync permissions for every org * handle namespace in check and list * split read and write * provide conditions * Fix client implementation * fix nil conditions * remove unused client code * use lock for store access * move type translators to common package * fix folder collector * fix store creation * remove unused AuthorizationModelId * fix server tests * fix linter
1 year ago
func (c *Client) Read(ctx context.Context, req *authzextv1.ReadRequest) (*authzextv1.ReadResponse, error) {
Authlib: Use types package rather than claims (#99243)
12 months ago
ctx, span := tracer.Start(ctx, "authlib.zanzana.client.Read")
Zanzana: periodic sync of team members (#94752) * Rewrite zanzana collector to fetch all available pages * Register access control as a background service * If zanzana is enabled we run Syncs and start Reconciliation job * Update pkg/services/authz/zanzana/client/client.go Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com> * Use server lock when doing performing reconciliation
1 year ago
defer span.End()
Zanzana: Use separate store for each org (#96015) * Move server init into server package * map store name to id * refactor model loading * pass namespace into reconcilers and collectors * refactor * Extend authz server with Read and Write methods * use new read/write in reconciler * implement server side read and write * Sync permissions for every org * handle namespace in check and list * split read and write * provide conditions * Fix client implementation * fix nil conditions * remove unused client code * use lock for store access * move type translators to common package * fix folder collector * fix store creation * remove unused AuthorizationModelId * fix server tests * fix linter
1 year ago
return c.authzext.Read(ctx, req)
Zanzana: Initial schema loading (#89492) * Zanzana: Dummy schema loading * Load authorzation model for client --------- Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2 years ago
}
Zanzana: Use separate store for each org (#96015) * Move server init into server package * map store name to id * refactor model loading * pass namespace into reconcilers and collectors * refactor * Extend authz server with Read and Write methods * use new read/write in reconciler * implement server side read and write * Sync permissions for every org * handle namespace in check and list * split read and write * provide conditions * Fix client implementation * fix nil conditions * remove unused client code * use lock for store access * move type translators to common package * fix folder collector * fix store creation * remove unused AuthorizationModelId * fix server tests * fix linter
1 year ago
func (c *Client) Write(ctx context.Context, req *authzextv1.WriteRequest) error {
Authlib: Use types package rather than claims (#99243)
12 months ago
ctx, span := tracer.Start(ctx, "authlib.zanzana.client.Write")
Zanzana: Use separate store for each org (#96015) * Move server init into server package * map store name to id * refactor model loading * pass namespace into reconcilers and collectors * refactor * Extend authz server with Read and Write methods * use new read/write in reconciler * implement server side read and write * Sync permissions for every org * handle namespace in check and list * split read and write * provide conditions * Fix client implementation * fix nil conditions * remove unused client code * use lock for store access * move type translators to common package * fix folder collector * fix store creation * remove unused AuthorizationModelId * fix server tests * fix linter
1 year ago
defer span.End()
Zanzana: Initial schema loading (#89492) * Zanzana: Dummy schema loading * Load authorzation model for client --------- Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2 years ago
Zanzana: Use separate store for each org (#96015) * Move server init into server package * map store name to id * refactor model loading * pass namespace into reconcilers and collectors * refactor * Extend authz server with Read and Write methods * use new read/write in reconciler * implement server side read and write * Sync permissions for every org * handle namespace in check and list * split read and write * provide conditions * Fix client implementation * fix nil conditions * remove unused client code * use lock for store access * move type translators to common package * fix folder collector * fix store creation * remove unused AuthorizationModelId * fix server tests * fix linter
1 year ago
_, err := c.authzext.Write(ctx, req)
return err
Zanzana: Initial schema loading (#89492) * Zanzana: Dummy schema loading * Load authorzation model for client --------- Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2 years ago
}
Zanzana: Search with check server side (#96268) * pass zclient into dashboard service * Search then check implementation * Use GetNamespace() for user * remove unused orgID * simple batch check * refactor * add tests * fix batchCheckItem * client implements batch check * use batch check in search * remove unused * remove All field from response * refactor: extract checkNamespace * fix search result uniqueness * comment fix * Apply suggestions from code review Co-authored-by: Karl Persson <kalle.persson@grafana.com> * refactor * cleanup * remove unnecessary check * fix tests * fix protobuf def * Fix query page * fix type --------- Co-authored-by: Karl Persson <kalle.persson@grafana.com>
1 year ago
func (c *Client) BatchCheck(ctx context.Context, req *authzextv1.BatchCheckRequest) (*authzextv1.BatchCheckResponse, error) {
Authlib: Use types package rather than claims (#99243)
12 months ago
ctx, span := tracer.Start(ctx, "authlib.zanzana.client.Check")
Zanzana: Search with check server side (#96268) * pass zclient into dashboard service * Search then check implementation * Use GetNamespace() for user * remove unused orgID * simple batch check * refactor * add tests * fix batchCheckItem * client implements batch check * use batch check in search * remove unused * remove All field from response * refactor: extract checkNamespace * fix search result uniqueness * comment fix * Apply suggestions from code review Co-authored-by: Karl Persson <kalle.persson@grafana.com> * refactor * cleanup * remove unnecessary check * fix tests * fix protobuf def * Fix query page * fix type --------- Co-authored-by: Karl Persson <kalle.persson@grafana.com>
1 year ago
defer span.End()
return c.authzext.BatchCheck(ctx, req)
}