apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
55628 Commits
6009 Branches
596 Tags
1.8 GiB
 
 
 
 
 
 
Tag: Branch: Tree: 87ba9c60b2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '87ba9c60b2'
${ noResults }
grafana/pkg/services/authz
History
Karl Persson 87ba9c60b2
Zanzana: change type name from namespace to group_resource (#97741) 		6 months ago
..
mappers unistore: wire the authz client (#96632) 6 months ago
proto/v1 UnifiedSearch: Use ResourceIndex from dashboards apiserver (v0alpha1 only) (#96939) 6 months ago
rbac AuthZ: Launch service within IAM app (#96421) 6 months ago
zanzana Zanzana: change type name from namespace to group_resource (#97741) 6 months ago
README.md AuthZ: Introduce cloud mode (#96922) 6 months ago
client.go AuthZ client: Add tracing (#96983) 6 months ago
config.go AuthZ: Introduce cloud mode (#96922) 6 months ago
server.go AuthZ: Launch service within IAM app (#96421) 6 months ago
server_test.go unistore: wire the authz client (#96632) 6 months ago
wireset.go Zanzana: Initial work to run openFGA as embedded or standalone service (#89211) 11 months ago
zanzana.go Authz: Move extension proto up a layer (#96254) 7 months ago

README.md

Authorization

This package contains the authorization server implementation.

Feature toggles

The following feature toggles need to be activated:

[feature_toggles]
authZGRPCServer = true
grpcServer = true

Configuration

To configure the authorization server and client, use the "authorization" section of the configuration ini file.

The remote_address setting, specifies the address where the authorization server is located (ex: server.example.org:10000).

The mode setting can be set to either cloud, grpc or inproc. When set to cloud (or grpc), the client will connect to the specified address. When set to inproc the client will use inprocgrpc (relying on go channels) to wrap a local instantiation of the server.

The listen setting determines whether the authorization server should listen for incoming requests. When set to true, the authorization service will be registered to the Grafana GRPC server.

The default configuration does not register the authorization service on the Grafana GRPC server and binds the client to it inproc:

[authorization]
remote_address = ""
listen = false
mode = "inproc"

Example

Here is an example to connect the authorization client to a remote grpc server.

[authorization]
remote_address = "server.example.org:10000"
listen = false
mode = "grpc"

Here is an example to register the authorization service on the Grafana GRPC server and connect the client to it through grpc.

app_mode = development

[authorization]
remote_address = "localhost:10000"
listen = true
mode = "grpc"

Here is an example to connect the authorization client to a remote grpc server and use access token authentication.

[environment]
stack_id = 11

[authorization]
remote_address = "server.example.org:10000"
mode = "cloud"
listen = false

[grpc_client_authentication]
token = "ReplaceWithToken"
token_exchange_url = "signing-server.example.org/path/to/signing"
token_namespace = "stacks-11"