apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Zanzana: Remove capabilities (#97918)

Browse Source 
Remove capabilities
pull/97926/head
Karl Persson 7 months ago committed by GitHub
parent ec5239211f
commit 5c0cb09d27
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 39 additions and 410 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 244
      pkg/services/authz/proto/v1/extention.pb.go
  2. 16
      pkg/services/authz/proto/v1/extention.proto
  3. 38
      pkg/services/authz/proto/v1/extention_grpc.pb.go
  4. 72
      pkg/services/authz/zanzana/server/server_capabilities.go
  5. 67
      pkg/services/authz/zanzana/server/server_capabilities_test.go
  6. 4
      pkg/services/authz/zanzana/server/server_test.go

244
pkg/services/authz/proto/v1/extention.pb.go
Unescape View File

@ -1003,152 +1003,6 @@ func (x *BatchCheckGroupResource) GetItems() map[string]bool {
return nil return nil
} }
type CapabilitiesRequest struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Subject string `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"`
Group string `protobuf:"bytes,2,opt,name=group,proto3" json:"group,omitempty"`
Namespace string `protobuf:"bytes,3,opt,name=namespace,proto3" json:"namespace,omitempty"`
Resource string `protobuf:"bytes,4,opt,name=resource,proto3" json:"resource,omitempty"`
Name string `protobuf:"bytes,5,opt,name=name,proto3" json:"name,omitempty"`
Folder string `protobuf:"bytes,6,opt,name=folder,proto3" json:"folder,omitempty"`
Path string `protobuf:"bytes,7,opt,name=path,proto3" json:"path,omitempty"`
Subresource string `protobuf:"bytes,8,opt,name=subresource,proto3" json:"subresource,omitempty"`
}
func (x *CapabilitiesRequest) Reset() {
*x = CapabilitiesRequest{}
mi := &file_extention_proto_msgTypes[17]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *CapabilitiesRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*CapabilitiesRequest) ProtoMessage() {}
func (x *CapabilitiesRequest) ProtoReflect() protoreflect.Message {
mi := &file_extention_proto_msgTypes[17]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use CapabilitiesRequest.ProtoReflect.Descriptor instead.
func (*CapabilitiesRequest) Descriptor() ([]byte, []int) {
return file_extention_proto_rawDescGZIP(), []int{17}
}
func (x *CapabilitiesRequest) GetSubject() string {
if x != nil {
return x.Subject
}
return ""
}
func (x *CapabilitiesRequest) GetGroup() string {
if x != nil {
return x.Group
}
return ""
}
func (x *CapabilitiesRequest) GetNamespace() string {
if x != nil {
return x.Namespace
}
return ""
}
func (x *CapabilitiesRequest) GetResource() string {
if x != nil {
return x.Resource
}
return ""
}
func (x *CapabilitiesRequest) GetName() string {
if x != nil {
return x.Name
}
return ""
}
func (x *CapabilitiesRequest) GetFolder() string {
if x != nil {
return x.Folder
}
return ""
}
func (x *CapabilitiesRequest) GetPath() string {
if x != nil {
return x.Path
}
return ""
}
func (x *CapabilitiesRequest) GetSubresource() string {
if x != nil {
return x.Subresource
}
return ""
}
type CapabilitiesResponse struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Capabilities []string `protobuf:"bytes,1,rep,name=capabilities,proto3" json:"capabilities,omitempty"`
}
func (x *CapabilitiesResponse) Reset() {
*x = CapabilitiesResponse{}
mi := &file_extention_proto_msgTypes[18]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *CapabilitiesResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*CapabilitiesResponse) ProtoMessage() {}
func (x *CapabilitiesResponse) ProtoReflect() protoreflect.Message {
mi := &file_extention_proto_msgTypes[18]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use CapabilitiesResponse.ProtoReflect.Descriptor instead.
func (*CapabilitiesResponse) Descriptor() ([]byte, []int) {
return file_extention_proto_rawDescGZIP(), []int{18}
}
func (x *CapabilitiesResponse) GetCapabilities() []string {
if x != nil {
return x.Capabilities
}
return nil
}
var File_extention_proto protoreflect.FileDescriptor var File_extention_proto protoreflect.FileDescriptor
var file_extention_proto_rawDesc = []byte{ var file_extention_proto_rawDesc = []byte{
@ -1295,26 +1149,8 @@ var file_extention_proto_rawDesc = []byte{
0x69, 0x74, 0x65, 0x6d, 0x73, 0x1a, 0x38, 0x0a, 0x0a, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x45, 0x6e, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x1a, 0x38, 0x0a, 0x0a, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x45, 0x6e,
0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
0x20, 0x01, 0x28, 0x08, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x20, 0x01, 0x28, 0x08, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x32,
0xe1, 0x01, 0x0a, 0x13, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0xd8, 0x02, 0x0a, 0x15, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x69,
0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65,
0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63,
0x74, 0x12, 0x14, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
0x52, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73,
0x70, 0x61, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65,
0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52,
0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x6f, 0x6c, 0x64, 0x65, 0x72, 0x18,
0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x6f, 0x6c, 0x64, 0x65, 0x72, 0x12, 0x12, 0x0a,
0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74,
0x68, 0x12, 0x20, 0x0a, 0x0b, 0x73, 0x75, 0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x75, 0x62, 0x72, 0x65, 0x73, 0x6f, 0x75,
0x72, 0x63, 0x65, 0x22, 0x3a, 0x0a, 0x14, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74,
0x69, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x63,
0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28,
0x09, 0x52, 0x0c, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x32,
0xbb, 0x03, 0x0a, 0x15, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x69,
0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x49, 0x0a, 0x04, 0x4c, 0x69, 0x73, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x49, 0x0a, 0x04, 0x4c, 0x69, 0x73,
0x74, 0x12, 0x1f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x74, 0x12, 0x1f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74,
0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65,
@ -1326,26 +1162,20 @@ var file_extention_proto_rawDesc = []byte{
0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x61, 0x75, 0x74, 0x68,
0x7a, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x7a, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x42,
0x61, 0x74, 0x63, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x61, 0x74, 0x63, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
0x65, 0x12, 0x61, 0x0a, 0x0c, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x65, 0x12, 0x49, 0x0a, 0x04, 0x52, 0x65, 0x61, 0x64, 0x12, 0x1f, 0x2e, 0x61, 0x75, 0x74, 0x68,
0x73, 0x12, 0x27, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x7a, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x52,
0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x61, 0x75, 0x74,
0x69, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x61, 0x75, 0x74,
0x68, 0x7a, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e,
0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70,
0x6f, 0x6e, 0x73, 0x65, 0x12, 0x49, 0x0a, 0x04, 0x52, 0x65, 0x61, 0x64, 0x12, 0x1f, 0x2e, 0x61,
0x75, 0x74, 0x68, 0x7a, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76,
0x31, 0x2e, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e,
0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x2e,
0x76, 0x31, 0x2e, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12,
0x4c, 0x0a, 0x05, 0x57, 0x72, 0x69, 0x74, 0x65, 0x12, 0x20, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a,
0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x72,
0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x21, 0x2e, 0x61, 0x75, 0x74,
0x68, 0x7a, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x68, 0x7a, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e,
0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x38, 0x5a, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4c, 0x0a, 0x05,
0x36, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x72, 0x61, 0x66, 0x57, 0x72, 0x69, 0x74, 0x65, 0x12, 0x20, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x65, 0x78,
0x61, 0x6e, 0x61, 0x2f, 0x67, 0x72, 0x61, 0x66, 0x61, 0x6e, 0x61, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65,
0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2f, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x21, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e,
0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x72, 0x69,
0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x38, 0x5a, 0x36, 0x67, 0x69,
0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x72, 0x61, 0x66, 0x61, 0x6e, 0x61,
0x2f, 0x67, 0x72, 0x61, 0x66, 0x61, 0x6e, 0x61, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x73, 0x65, 0x72,
0x76, 0x69, 0x63, 0x65, 0x73, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2f, 0x70, 0x72, 0x6f, 0x74,
0x6f, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
} }
var ( var (
@ -1360,7 +1190,7 @@ func file_extention_proto_rawDescGZIP() []byte {
return file_extention_proto_rawDescData return file_extention_proto_rawDescData
} }
var file_extention_proto_msgTypes = make([]protoimpl.MessageInfo, 21) var file_extention_proto_msgTypes = make([]protoimpl.MessageInfo, 19)
var file_extention_proto_goTypes = []any{ var file_extention_proto_goTypes = []any{
(*ListRequest)(nil), // 0: authz.extention.v1.ListRequest (*ListRequest)(nil), // 0: authz.extention.v1.ListRequest
(*ListResponse)(nil), // 1: authz.extention.v1.ListResponse (*ListResponse)(nil), // 1: authz.extention.v1.ListResponse
@ -1379,42 +1209,38 @@ var file_extention_proto_goTypes = []any{
(*BatchCheckItem)(nil), // 14: authz.extention.v1.BatchCheckItem (*BatchCheckItem)(nil), // 14: authz.extention.v1.BatchCheckItem
(*BatchCheckResponse)(nil), // 15: authz.extention.v1.BatchCheckResponse (*BatchCheckResponse)(nil), // 15: authz.extention.v1.BatchCheckResponse
(*BatchCheckGroupResource)(nil), // 16: authz.extention.v1.BatchCheckGroupResource (*BatchCheckGroupResource)(nil), // 16: authz.extention.v1.BatchCheckGroupResource
(*CapabilitiesRequest)(nil), // 17: authz.extention.v1.CapabilitiesRequest nil, // 17: authz.extention.v1.BatchCheckResponse.GroupsEntry
(*CapabilitiesResponse)(nil), // 18: authz.extention.v1.CapabilitiesResponse nil, // 18: authz.extention.v1.BatchCheckGroupResource.ItemsEntry
nil, // 19: authz.extention.v1.BatchCheckResponse.GroupsEntry (*timestamppb.Timestamp)(nil), // 19: google.protobuf.Timestamp
nil, // 20: authz.extention.v1.BatchCheckGroupResource.ItemsEntry (*structpb.Struct)(nil), // 20: google.protobuf.Struct
(*timestamppb.Timestamp)(nil), // 21: google.protobuf.Timestamp (*wrapperspb.Int32Value)(nil), // 21: google.protobuf.Int32Value
(*structpb.Struct)(nil), // 22: google.protobuf.Struct
(*wrapperspb.Int32Value)(nil), // 23: google.protobuf.Int32Value
} }
var file_extention_proto_depIdxs = []int32{ var file_extention_proto_depIdxs = []int32{
5, // 0: authz.extention.v1.TupleKey.condition:type_name -> authz.extention.v1.RelationshipCondition 5, // 0: authz.extention.v1.TupleKey.condition:type_name -> authz.extention.v1.RelationshipCondition
2, // 1: authz.extention.v1.Tuple.key:type_name -> authz.extention.v1.TupleKey 2, // 1: authz.extention.v1.Tuple.key:type_name -> authz.extention.v1.TupleKey
21, // 2: authz.extention.v1.Tuple.timestamp:type_name -> google.protobuf.Timestamp 19, // 2: authz.extention.v1.Tuple.timestamp:type_name -> google.protobuf.Timestamp
22, // 3: authz.extention.v1.RelationshipCondition.context:type_name -> google.protobuf.Struct 20, // 3: authz.extention.v1.RelationshipCondition.context:type_name -> google.protobuf.Struct
7, // 4: authz.extention.v1.ReadRequest.tuple_key:type_name -> authz.extention.v1.ReadRequestTupleKey 7, // 4: authz.extention.v1.ReadRequest.tuple_key:type_name -> authz.extention.v1.ReadRequestTupleKey
23, // 5: authz.extention.v1.ReadRequest.page_size:type_name -> google.protobuf.Int32Value 21, // 5: authz.extention.v1.ReadRequest.page_size:type_name -> google.protobuf.Int32Value
3, // 6: authz.extention.v1.ReadResponse.tuples:type_name -> authz.extention.v1.Tuple 3, // 6: authz.extention.v1.ReadResponse.tuples:type_name -> authz.extention.v1.Tuple
2, // 7: authz.extention.v1.WriteRequestWrites.tuple_keys:type_name -> authz.extention.v1.TupleKey 2, // 7: authz.extention.v1.WriteRequestWrites.tuple_keys:type_name -> authz.extention.v1.TupleKey
4, // 8: authz.extention.v1.WriteRequestDeletes.tuple_keys:type_name -> authz.extention.v1.TupleKeyWithoutCondition 4, // 8: authz.extention.v1.WriteRequestDeletes.tuple_keys:type_name -> authz.extention.v1.TupleKeyWithoutCondition
9, // 9: authz.extention.v1.WriteRequest.writes:type_name -> authz.extention.v1.WriteRequestWrites 9, // 9: authz.extention.v1.WriteRequest.writes:type_name -> authz.extention.v1.WriteRequestWrites
10, // 10: authz.extention.v1.WriteRequest.deletes:type_name -> authz.extention.v1.WriteRequestDeletes 10, // 10: authz.extention.v1.WriteRequest.deletes:type_name -> authz.extention.v1.WriteRequestDeletes
14, // 11: authz.extention.v1.BatchCheckRequest.items:type_name -> authz.extention.v1.BatchCheckItem 14, // 11: authz.extention.v1.BatchCheckRequest.items:type_name -> authz.extention.v1.BatchCheckItem
19, // 12: authz.extention.v1.BatchCheckResponse.groups:type_name -> authz.extention.v1.BatchCheckResponse.GroupsEntry 17, // 12: authz.extention.v1.BatchCheckResponse.groups:type_name -> authz.extention.v1.BatchCheckResponse.GroupsEntry
20, // 13: authz.extention.v1.BatchCheckGroupResource.items:type_name -> authz.extention.v1.BatchCheckGroupResource.ItemsEntry 18, // 13: authz.extention.v1.BatchCheckGroupResource.items:type_name -> authz.extention.v1.BatchCheckGroupResource.ItemsEntry
16, // 14: authz.extention.v1.BatchCheckResponse.GroupsEntry.value:type_name -> authz.extention.v1.BatchCheckGroupResource 16, // 14: authz.extention.v1.BatchCheckResponse.GroupsEntry.value:type_name -> authz.extention.v1.BatchCheckGroupResource
0, // 15: authz.extention.v1.AuthzExtentionService.List:input_type -> authz.extention.v1.ListRequest 0, // 15: authz.extention.v1.AuthzExtentionService.List:input_type -> authz.extention.v1.ListRequest
13, // 16: authz.extention.v1.AuthzExtentionService.BatchCheck:input_type -> authz.extention.v1.BatchCheckRequest 13, // 16: authz.extention.v1.AuthzExtentionService.BatchCheck:input_type -> authz.extention.v1.BatchCheckRequest
17, // 17: authz.extention.v1.AuthzExtentionService.Capabilities:input_type -> authz.extention.v1.CapabilitiesRequest 6, // 17: authz.extention.v1.AuthzExtentionService.Read:input_type -> authz.extention.v1.ReadRequest
6, // 18: authz.extention.v1.AuthzExtentionService.Read:input_type -> authz.extention.v1.ReadRequest 11, // 18: authz.extention.v1.AuthzExtentionService.Write:input_type -> authz.extention.v1.WriteRequest
11, // 19: authz.extention.v1.AuthzExtentionService.Write:input_type -> authz.extention.v1.WriteRequest 1, // 19: authz.extention.v1.AuthzExtentionService.List:output_type -> authz.extention.v1.ListResponse
1, // 20: authz.extention.v1.AuthzExtentionService.List:output_type -> authz.extention.v1.ListResponse 15, // 20: authz.extention.v1.AuthzExtentionService.BatchCheck:output_type -> authz.extention.v1.BatchCheckResponse
15, // 21: authz.extention.v1.AuthzExtentionService.BatchCheck:output_type -> authz.extention.v1.BatchCheckResponse 8, // 21: authz.extention.v1.AuthzExtentionService.Read:output_type -> authz.extention.v1.ReadResponse
18, // 22: authz.extention.v1.AuthzExtentionService.Capabilities:output_type -> authz.extention.v1.CapabilitiesResponse 12, // 22: authz.extention.v1.AuthzExtentionService.Write:output_type -> authz.extention.v1.WriteResponse
8, // 23: authz.extention.v1.AuthzExtentionService.Read:output_type -> authz.extention.v1.ReadResponse 19, // [19:23] is the sub-list for method output_type
12, // 24: authz.extention.v1.AuthzExtentionService.Write:output_type -> authz.extention.v1.WriteResponse 15, // [15:19] is the sub-list for method input_type
20, // [20:25] is the sub-list for method output_type
15, // [15:20] is the sub-list for method input_type
15, // [15:15] is the sub-list for extension type_name 15, // [15:15] is the sub-list for extension type_name
15, // [15:15] is the sub-list for extension extendee 15, // [15:15] is the sub-list for extension extendee
0, // [0:15] is the sub-list for field type_name 0, // [0:15] is the sub-list for field type_name
@ -1431,7 +1257,7 @@ func file_extention_proto_init() {
GoPackagePath: reflect.TypeOf(x{}).PkgPath(), GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: file_extention_proto_rawDesc, RawDescriptor: file_extention_proto_rawDesc,
NumEnums: 0, NumEnums: 0,
NumMessages: 21, NumMessages: 19,
NumExtensions: 0, NumExtensions: 0,
NumServices: 1, NumServices: 1,
}, },

16
pkg/services/authz/proto/v1/extention.proto
Unescape View File

@ -11,7 +11,6 @@ import "google/protobuf/wrappers.proto";
service AuthzExtentionService { service AuthzExtentionService {
rpc List(ListRequest) returns (ListResponse); rpc List(ListRequest) returns (ListResponse);
rpc BatchCheck(BatchCheckRequest) returns (BatchCheckResponse); rpc BatchCheck(BatchCheckRequest) returns (BatchCheckResponse);
rpc Capabilities(CapabilitiesRequest) returns (CapabilitiesResponse);
rpc Read(ReadRequest) returns (ReadResponse); rpc Read(ReadRequest) returns (ReadResponse);
rpc Write(WriteRequest) returns (WriteResponse); rpc Write(WriteRequest) returns (WriteResponse);
@ -110,18 +109,3 @@ message BatchCheckResponse {
message BatchCheckGroupResource { message BatchCheckGroupResource {
map<string, bool> items = 1; map<string, bool> items = 1;
} }
message CapabilitiesRequest {
string subject = 1;
string group = 2;
string namespace = 3;
string resource = 4;
string name = 5;
string folder = 6;
string path = 7;
string subresource = 8;
}
message CapabilitiesResponse {
repeated string capabilities = 1;
}

38
pkg/services/authz/proto/v1/extention_grpc.pb.go
Unescape View File

@ -21,7 +21,6 @@ const _ = grpc.SupportPackageIsVersion8
const ( const (
AuthzExtentionService_List_FullMethodName = "/authz.extention.v1.AuthzExtentionService/List" AuthzExtentionService_List_FullMethodName = "/authz.extention.v1.AuthzExtentionService/List"
AuthzExtentionService_BatchCheck_FullMethodName = "/authz.extention.v1.AuthzExtentionService/BatchCheck" AuthzExtentionService_BatchCheck_FullMethodName = "/authz.extention.v1.AuthzExtentionService/BatchCheck"
AuthzExtentionService_Capabilities_FullMethodName = "/authz.extention.v1.AuthzExtentionService/Capabilities"
AuthzExtentionService_Read_FullMethodName = "/authz.extention.v1.AuthzExtentionService/Read" AuthzExtentionService_Read_FullMethodName = "/authz.extention.v1.AuthzExtentionService/Read"
AuthzExtentionService_Write_FullMethodName = "/authz.extention.v1.AuthzExtentionService/Write" AuthzExtentionService_Write_FullMethodName = "/authz.extention.v1.AuthzExtentionService/Write"
) )
@ -32,7 +31,6 @@ const (
type AuthzExtentionServiceClient interface { type AuthzExtentionServiceClient interface {
List(ctx context.Context, in *ListRequest, opts ...grpc.CallOption) (*ListResponse, error) List(ctx context.Context, in *ListRequest, opts ...grpc.CallOption) (*ListResponse, error)
BatchCheck(ctx context.Context, in *BatchCheckRequest, opts ...grpc.CallOption) (*BatchCheckResponse, error) BatchCheck(ctx context.Context, in *BatchCheckRequest, opts ...grpc.CallOption) (*BatchCheckResponse, error)
Capabilities(ctx context.Context, in *CapabilitiesRequest, opts ...grpc.CallOption) (*CapabilitiesResponse, error)
Read(ctx context.Context, in *ReadRequest, opts ...grpc.CallOption) (*ReadResponse, error) Read(ctx context.Context, in *ReadRequest, opts ...grpc.CallOption) (*ReadResponse, error)
Write(ctx context.Context, in *WriteRequest, opts ...grpc.CallOption) (*WriteResponse, error) Write(ctx context.Context, in *WriteRequest, opts ...grpc.CallOption) (*WriteResponse, error)
} }
@ -65,16 +63,6 @@ func (c *authzExtentionServiceClient) BatchCheck(ctx context.Context, in *BatchC
return out, nil return out, nil
} }
func (c *authzExtentionServiceClient) Capabilities(ctx context.Context, in *CapabilitiesRequest, opts ...grpc.CallOption) (*CapabilitiesResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(CapabilitiesResponse)
err := c.cc.Invoke(ctx, AuthzExtentionService_Capabilities_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *authzExtentionServiceClient) Read(ctx context.Context, in *ReadRequest, opts ...grpc.CallOption) (*ReadResponse, error) { func (c *authzExtentionServiceClient) Read(ctx context.Context, in *ReadRequest, opts ...grpc.CallOption) (*ReadResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(ReadResponse) out := new(ReadResponse)
@ -101,7 +89,6 @@ func (c *authzExtentionServiceClient) Write(ctx context.Context, in *WriteReques
type AuthzExtentionServiceServer interface { type AuthzExtentionServiceServer interface {
List(context.Context, *ListRequest) (*ListResponse, error) List(context.Context, *ListRequest) (*ListResponse, error)
BatchCheck(context.Context, *BatchCheckRequest) (*BatchCheckResponse, error) BatchCheck(context.Context, *BatchCheckRequest) (*BatchCheckResponse, error)
Capabilities(context.Context, *CapabilitiesRequest) (*CapabilitiesResponse, error)
Read(context.Context, *ReadRequest) (*ReadResponse, error) Read(context.Context, *ReadRequest) (*ReadResponse, error)
Write(context.Context, *WriteRequest) (*WriteResponse, error) Write(context.Context, *WriteRequest) (*WriteResponse, error)
} }
@ -116,9 +103,6 @@ func (UnimplementedAuthzExtentionServiceServer) List(context.Context, *ListReque
func (UnimplementedAuthzExtentionServiceServer) BatchCheck(context.Context, *BatchCheckRequest) (*BatchCheckResponse, error) { func (UnimplementedAuthzExtentionServiceServer) BatchCheck(context.Context, *BatchCheckRequest) (*BatchCheckResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method BatchCheck not implemented") return nil, status.Errorf(codes.Unimplemented, "method BatchCheck not implemented")
} }
func (UnimplementedAuthzExtentionServiceServer) Capabilities(context.Context, *CapabilitiesRequest) (*CapabilitiesResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Capabilities not implemented")
}
func (UnimplementedAuthzExtentionServiceServer) Read(context.Context, *ReadRequest) (*ReadResponse, error) { func (UnimplementedAuthzExtentionServiceServer) Read(context.Context, *ReadRequest) (*ReadResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Read not implemented") return nil, status.Errorf(codes.Unimplemented, "method Read not implemented")
} }
@ -173,24 +157,6 @@ func _AuthzExtentionService_BatchCheck_Handler(srv interface{}, ctx context.Cont
return interceptor(ctx, in, info, handler) return interceptor(ctx, in, info, handler)
} }
func _AuthzExtentionService_Capabilities_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(CapabilitiesRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(AuthzExtentionServiceServer).Capabilities(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: AuthzExtentionService_Capabilities_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(AuthzExtentionServiceServer).Capabilities(ctx, req.(*CapabilitiesRequest))
}
return interceptor(ctx, in, info, handler)
}
func _AuthzExtentionService_Read_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { func _AuthzExtentionService_Read_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(ReadRequest) in := new(ReadRequest)
if err := dec(in); err != nil { if err := dec(in); err != nil {
@ -242,10 +208,6 @@ var AuthzExtentionService_ServiceDesc = grpc.ServiceDesc{
MethodName: "BatchCheck", MethodName: "BatchCheck",
Handler: _AuthzExtentionService_BatchCheck_Handler, Handler: _AuthzExtentionService_BatchCheck_Handler,
}, },
{
MethodName: "Capabilities",
Handler: _AuthzExtentionService_Capabilities_Handler,
},
{ {
MethodName: "Read", MethodName: "Read",
Handler: _AuthzExtentionService_Read_Handler, Handler: _AuthzExtentionService_Read_Handler,

72
pkg/services/authz/zanzana/server/server_capabilities.go
Unescape View File

@ -1,72 +0,0 @@
package server
import (
"context"
authzextv1 "github.com/grafana/grafana/pkg/services/authz/proto/v1"
"github.com/grafana/grafana/pkg/services/authz/zanzana/common"
)
func (s *Server) Capabilities(ctx context.Context, r *authzextv1.CapabilitiesRequest) (*authzextv1.CapabilitiesResponse, error) {
store, err := s.getStoreInfo(ctx, r.GetNamespace())
if err != nil {
return nil, err
}
if info, ok := common.GetTypeInfo(r.Group, r.Resource); ok {
return s.capabilitiesTyped(ctx, r, info, store)
}
return s.capabilitiesGeneric(ctx, r, store)
}
func (s *Server) capabilitiesTyped(ctx context.Context, r *authzextv1.CapabilitiesRequest, info common.TypeInfo, store *storeInfo) (*authzextv1.CapabilitiesResponse, error) {
out := make([]string, 0, len(common.RelationsResource))
for _, relation := range info.Relations {
res, err := s.checkGroupResource(ctx, r.GetSubject(), relation, r.GetGroup(), r.GetResource(), store)
if err != nil {
return nil, err
}
if res.GetAllowed() {
out = append(out, relation)
continue
}
res, err = s.checkTyped(ctx, r.GetSubject(), relation, r.GetName(), info, store)
if err != nil {
return nil, err
}
if res.GetAllowed() {
out = append(out, relation)
}
}
return &authzextv1.CapabilitiesResponse{Capabilities: out}, nil
}
func (s *Server) capabilitiesGeneric(ctx context.Context, r *authzextv1.CapabilitiesRequest, store *storeInfo) (*authzextv1.CapabilitiesResponse, error) {
out := make([]string, 0, len(common.RelationsResource))
for _, relation := range common.RelationsResource {
res, err := s.checkGroupResource(ctx, r.GetSubject(), relation, r.GetGroup(), r.GetResource(), store)
if err != nil {
return nil, err
}
if res.GetAllowed() {
out = append(out, relation)
continue
}
res, err = s.checkGeneric(ctx, r.GetSubject(), relation, r.GetGroup(), r.GetResource(), r.GetName(), r.GetFolder(), store)
if err != nil {
return nil, err
}
if res.GetAllowed() {
out = append(out, relation)
}
}
return &authzextv1.CapabilitiesResponse{Capabilities: out}, nil
}

67
pkg/services/authz/zanzana/server/server_capabilities_test.go
Unescape View File

@ -1,67 +0,0 @@
package server
import (
"context"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
authzextv1 "github.com/grafana/grafana/pkg/services/authz/proto/v1"
"github.com/grafana/grafana/pkg/services/authz/zanzana/common"
)
func testCapabilities(t *testing.T, server *Server) {
newReq := func(subject, group, resource, folder, name string) *authzextv1.CapabilitiesRequest {
return &authzextv1.CapabilitiesRequest{
Namespace: namespace,
Subject: subject,
Group: group,
Resource: resource,
Name: name,
Folder: folder,
}
}
t.Run("user:1 should only be able to read and write resource:dashboards.grafana.app/dashboards/1", func(t *testing.T) {
res, err := server.Capabilities(context.Background(), newReq("user:1", dashboardGroup, dashboardResource, "1", "1"))
require.NoError(t, err)
assert.Equal(t, []string{common.RelationGet, common.RelationUpdate}, res.GetCapabilities())
})
t.Run("user:2 should be able to read and write resource:dashboards.grafana.app/dashboards/1 through group_resource", func(t *testing.T) {
res, err := server.Capabilities(context.Background(), newReq("user:2", dashboardGroup, dashboardResource, "1", "1"))
require.NoError(t, err)
assert.Equal(t, []string{common.RelationGet, common.RelationUpdate}, res.GetCapabilities())
})
t.Run("user:3 should be able to read resource:dashboards.grafana.app/dashboards/1 with set relation", func(t *testing.T) {
res, err := server.Capabilities(context.Background(), newReq("user:3", dashboardGroup, dashboardResource, "1", "1"))
require.NoError(t, err)
assert.Equal(t, []string{common.RelationGet}, res.GetCapabilities())
})
t.Run("user:4 should be able to read dashboards.grafana.app/dashboards in folder 1", func(t *testing.T) {
res, err := server.Capabilities(context.Background(), newReq("user:4", dashboardGroup, dashboardResource, "1", "1"))
require.NoError(t, err)
assert.Equal(t, []string{common.RelationGet}, res.GetCapabilities())
})
t.Run("user:5 should be able to read, write, create and delete resource:dashboards.grafana.app/dashboards/1 through folder with set relation", func(t *testing.T) {
res, err := server.Capabilities(context.Background(), newReq("user:5", dashboardGroup, dashboardResource, "1", "1"))
require.NoError(t, err)
assert.Equal(t, []string{common.RelationGet, common.RelationUpdate, common.RelationDelete}, res.GetCapabilities())
})
t.Run("user:6 should be able to read folder 1", func(t *testing.T) {
res, err := server.Capabilities(context.Background(), newReq("user:6", folderGroup, folderResource, "", "1"))
require.NoError(t, err)
assert.Equal(t, []string{common.RelationGet}, res.GetCapabilities())
})
t.Run("user:7 should be able to read folder one through group_resource access", func(t *testing.T) {
res, err := server.Capabilities(context.Background(), newReq("user:7", folderGroup, folderResource, "", "1"))
require.NoError(t, err)
assert.Equal(t, []string{common.RelationGet}, res.GetCapabilities())
})
}

4
pkg/services/authz/zanzana/server/server_test.go
Unescape View File

@ -55,10 +55,6 @@ func TestIntegrationServer(t *testing.T) {
t.Run("test batch check", func(t *testing.T) { t.Run("test batch check", func(t *testing.T) {
testBatchCheck(t, srv) testBatchCheck(t, srv)
}) })
t.Run("test capabilities", func(t *testing.T) {
testCapabilities(t, srv)
})
} }
func setup(t *testing.T, testDB db.DB, cfg *setting.Cfg) *Server { func setup(t *testing.T, testDB db.DB, cfg *setting.Cfg) *Server {

Write Preview
Loading…
Cancel
Save