Object store: get user from context (#56346)

* GRPC Server: Add signedInUser to context after auth * add permissions to signedInUser * add access control permissions test * add additional signedInUser checks * get user from context * move `UserFromContext` to object/auth.go Co-authored-by: Todd Treece <todd.treece@grafana.com>
3 years ago · a94acb7f61
parent 4a14d75086
commit a94acb7f61
4 changed files with 42 additions and 17 deletions
--- a/pkg/services/store/object/auth.go
+++ b/pkg/services/store/object/auth.go
@ -0,0 +1,26 @@
+package object
+
+import (
+	"context"
+
+	"github.com/grafana/grafana/pkg/models"
+	"github.com/grafana/grafana/pkg/services/contexthandler/ctxkey"
+	grpccontext "github.com/grafana/grafana/pkg/services/grpcserver/context"
+	"github.com/grafana/grafana/pkg/services/user"
+)
+
+// UserFromContext ** Experimental **
+// TODO: move to global infra package / new auth service
+func UserFromContext(ctx context.Context) *user.SignedInUser {
+	grpcCtx := grpccontext.FromContext(ctx)
+	if grpcCtx != nil {
+		return grpcCtx.SignedInUser
+	}
+
+	c, ok := ctxkey.Get(ctx).(*models.ReqContext)
+	if !ok || c == nil || c.SignedInUser == nil {
+		return nil
+	}
+
+	return c.SignedInUser
+}
--- a/pkg/services/store/object/dummy/dummy_server.go
+++ b/pkg/services/store/object/dummy/dummy_server.go
@ -13,7 +13,6 @@ import (
 	"github.com/grafana/grafana/pkg/infra/x/persistentcollection"
 	"github.com/grafana/grafana/pkg/services/grpcserver"
 	"github.com/grafana/grafana/pkg/services/store/object"
-	"github.com/grafana/grafana/pkg/services/user"
 	"github.com/grafana/grafana/pkg/setting"
 )

@ -52,15 +51,6 @@ func namespaceFromUID(uid string) string {
 	return "orgId-1"
 }

-func userFromContext(ctx context.Context) *user.SignedInUser {
-	// TODO implement in GRPC server
-	return &user.SignedInUser{
-		UserID: 1,
-		OrgID:  1,
-		Login:  "fake",
-	}
-}
-
 func (i dummyObjectServer) findObject(ctx context.Context, uid string, kind string, version string) (*RawObjectWithHistory, *object.RawObject, error) {
 	if uid == "" {
 		return nil, nil, errors.New("UID must not be empty")
@ -161,7 +151,7 @@ func (i dummyObjectServer) update(ctx context.Context, r *object.WriteObjectRequ
 			return false, nil, err
 		}

-		modifier := userFromContext(ctx)
+		modifier := object.UserFromContext(ctx)

 		updated := &object.RawObject{
 			UID:       r.UID,
@ -218,7 +208,7 @@ func (i dummyObjectServer) update(ctx context.Context, r *object.WriteObjectRequ
 }

 func (i dummyObjectServer) insert(ctx context.Context, r *object.WriteObjectRequest, namespace string) (*object.WriteObjectResponse, error) {
-	modifier := userFromContext(ctx)
+	modifier := object.UserFromContext(ctx)
 	rawObj := &object.RawObject{
 		UID:      r.UID,
 		Kind:     r.Kind,
--- a/pkg/services/store/object/tests/common.go
+++ b/pkg/services/store/object/tests/common.go
@ -9,13 +9,14 @@ import (
 	saAPI "github.com/grafana/grafana/pkg/services/serviceaccounts/api"
 	saTests "github.com/grafana/grafana/pkg/services/serviceaccounts/tests"
 	"github.com/grafana/grafana/pkg/services/store/object"
+	"github.com/grafana/grafana/pkg/services/user"
 	"github.com/grafana/grafana/pkg/tests/testinfra"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
 )

-func createServiceAccountAdminToken(t *testing.T, env *server.TestEnv) string {
+func createServiceAccountAdminToken(t *testing.T, env *server.TestEnv) (string, *user.SignedInUser) {
 	t.Helper()

 	account := saTests.SetupUserServiceAccount(t, env.SQLStore, saTests.TestUser{
@ -37,12 +38,19 @@ func createServiceAccountAdminToken(t *testing.T, env *server.TestEnv) string {
 		ServiceAccountID: &account.ID,
 	})

-	return keyGen.ClientSecret
+	return keyGen.ClientSecret, &user.SignedInUser{
+		UserID: account.ID,
+		Email:  account.Email,
+		Name:   account.Name,
+		Login:  account.Login,
+		OrgID:  account.OrgID,
+	}
 }

 type testContext struct {
 	authToken string
 	client    object.ObjectStoreClient
+	user      *user.SignedInUser
 }

 func createTestContext(t *testing.T) testContext {
@ -54,7 +62,7 @@ func createTestContext(t *testing.T) testContext {
 	})
 	_, env := testinfra.StartGrafanaEnv(t, dir, path)

-	authToken := createServiceAccountAdminToken(t, env)
+	authToken, serviceAccountUser := createServiceAccountAdminToken(t, env)

 	conn, err := grpc.Dial(
 		env.GRPCServer.GetAddress(),
@ -67,5 +75,6 @@ func createTestContext(t *testing.T) testContext {
 	return testContext{
 		authToken: authToken,
 		client:    client,
+		user:      serviceAccountUser,
 	}
 }
--- a/pkg/services/store/object/tests/server_integration_test.go
+++ b/pkg/services/store/object/tests/server_integration_test.go
@ -149,8 +149,8 @@ func TestObjectServer(t *testing.T) {
 	ctx = metadata.AppendToOutgoingContext(ctx, "authorization", fmt.Sprintf("Bearer %s", testCtx.authToken))

 	fakeUser := &object.UserInfo{
-		Login: "fake",
-		Id:    1,
+		Login: testCtx.user.Login,
+		Id:    testCtx.user.UserID,
 	}
 	firstVersion := "1"
 	kind := "dashboard"