diff --git a/pkg/services/accesscontrol/dualwrite/reconciler.go b/pkg/services/accesscontrol/dualwrite/reconciler.go index 0850a5a33d8..beb7af9ac26 100644 --- a/pkg/services/accesscontrol/dualwrite/reconciler.go +++ b/pkg/services/accesscontrol/dualwrite/reconciler.go @@ -27,9 +27,10 @@ type TupleCollector func(ctx context.Context, tuples map[string][]*openfgav1.Tup // We should rewrite the migration after we have "migrated" all possible actions // into our schema. type ZanzanaReconciler struct { - lock *serverlock.ServerLockService - log log.Logger - client zanzana.Client + lock *serverlock.ServerLockService + log log.Logger + client zanzana.Client + extclient zanzana.ExtensionClient // collectors are one time best effort migrations that gives up on first conflict. // These are deprecated and everything should move be resourceReconcilers that are periodically synced // between grafana db and zanzana store. @@ -39,7 +40,7 @@ type ZanzanaReconciler struct { reconcilers []resourceReconciler } -func NewZanzanaReconciler(client zanzana.Client, store db.DB, lock *serverlock.ServerLockService, collectors ...TupleCollector) *ZanzanaReconciler { +func NewZanzanaReconciler(client zanzana.Client, extclient zanzana.ExtensionClient, store db.DB, lock *serverlock.ServerLockService, collectors ...TupleCollector) *ZanzanaReconciler { // Append shared collectors that is used by both enterprise and oss collectors = append( collectors, @@ -55,6 +56,7 @@ func NewZanzanaReconciler(client zanzana.Client, store db.DB, lock *serverlock.S return &ZanzanaReconciler{ client: client, + extclient: extclient, lock: lock, log: log.New("zanzana.reconciler"), collectors: collectors, diff --git a/pkg/services/authz/zanzana/client.go b/pkg/services/authz/zanzana/client.go index cd63995e89c..0e65d85742e 100644 --- a/pkg/services/authz/zanzana/client.go +++ b/pkg/services/authz/zanzana/client.go @@ -6,10 +6,12 @@ import ( "google.golang.org/grpc" + authzlib "github.com/grafana/authlib/authz" openfgav1 "github.com/openfga/api/proto/openfga/v1" "github.com/grafana/grafana/pkg/infra/log" "github.com/grafana/grafana/pkg/services/authz/zanzana/client" + authzextv1 "github.com/grafana/grafana/pkg/services/authz/zanzana/proto/v1" "github.com/grafana/grafana/pkg/setting" ) @@ -21,6 +23,11 @@ type Client interface { Write(ctx context.Context, in *openfgav1.WriteRequest) error } +type ExtensionClient interface { + authzlib.AccessChecker + Write(ctx context.Context, req *authzextv1.WriteRequest) (*authzextv1.WriteResponse, error) +} + func NewClient(ctx context.Context, cc grpc.ClientConnInterface, cfg *setting.Cfg) (*client.Client, error) { return client.New( ctx, diff --git a/pkg/services/authz/zanzana/client/extension_client.go b/pkg/services/authz/zanzana/client/extension_client.go new file mode 100644 index 00000000000..4e57589d357 --- /dev/null +++ b/pkg/services/authz/zanzana/client/extension_client.go @@ -0,0 +1,28 @@ +package client + +import ( + "context" + + "google.golang.org/grpc" + + "github.com/grafana/grafana/pkg/infra/log" + authzextv1 "github.com/grafana/grafana/pkg/services/authz/zanzana/proto/v1" +) + +type ExtensionClient struct { + logger log.Logger + client authzextv1.AuthzExtentionServiceClient +} + +func NewExtensionAuthzClient(ctx context.Context, cc grpc.ClientConnInterface) (*ExtensionClient, error) { + c := &ExtensionClient{ + client: authzextv1.NewAuthzExtentionServiceClient(cc), + } + + return c, nil +} + +func (c *ExtensionClient) Write(ctx context.Context, req *authzextv1.WriteRequest) (*authzextv1.WriteResponse, error) { + res, err := c.client.Write(ctx, req) + return res, err +} diff --git a/pkg/services/authz/zanzana/server/authz_server.go b/pkg/services/authz/zanzana/server/authz_server.go index c20a3dfaece..fbe1cf0d954 100644 --- a/pkg/services/authz/zanzana/server/authz_server.go +++ b/pkg/services/authz/zanzana/server/authz_server.go @@ -3,8 +3,9 @@ package server import ( "context" - authzextv1 "github.com/grafana/grafana/pkg/services/authz/zanzana/proto/v1" openfgav1 "github.com/openfga/api/proto/openfga/v1" + + authzextv1 "github.com/grafana/grafana/pkg/services/authz/zanzana/proto/v1" ) var _ authzextv1.AuthzExtentionServiceServer = (*Server)(nil) @@ -14,12 +15,18 @@ func NewAuthz(openfga openfgav1.OpenFGAServiceServer) *Server { } type Server struct { - authzextv1.UnsafeAuthzExtentionServiceServer + authzextv1.UnimplementedAuthzExtentionServiceServer openfga openfgav1.OpenFGAServiceServer } // Write implements v1.AuthzExtentionServiceServer. -func (s *Server) Write(context.Context, *authzextv1.WriteRequest) (*authzextv1.WriteResponse, error) { - panic("unimplemented") +func (s *Server) Write(ctx context.Context, req *authzextv1.WriteRequest) (*authzextv1.WriteResponse, error) { + // TODO: Construct OpenFGA write request + writeReq := &openfgav1.WriteRequest{} + _, err := s.openfga.Write(ctx, writeReq) + if err != nil { + return nil, err + } + return &authzextv1.WriteResponse{}, nil }