public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

IAM: Use the new way to authorize resources (#116061)

Browse Source 
* Use name for authz for User, SA, Team

* Use VerbList
This commit is contained in:
Misi
2026-01-09 14:21:20 +01:00
committed by GitHub
parent ccdafc3fb2
commit 98453fbcff
8 changed files with 234 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/iam/pkg/apis/iam/v0alpha1/extensions.go
-43
View File
@@ -1,43 +0,0 @@
package v0alpha1
import (
"fmt"
"github.com/grafana/grafana/pkg/apimachinery/utils"
)
func (u User) AuthID() string {
meta, err := utils.MetaAccessor(&u)
if err != nil {
return ""
}
// TODO: Workaround until we move all definitions
// After having all resource definitions here in the app, we can remove this
// and we need to change the List authorization to use the MetaAccessor and the GetDeprecatedInternalID method
//nolint:staticcheck
return fmt.Sprintf("%d", meta.GetDeprecatedInternalID())
}
func (s ServiceAccount) AuthID() string {
meta, err := utils.MetaAccessor(&s)
if err != nil {
return ""
}
// TODO: Workaround until we move all definitions
// After having all resource definitions here in the app, we can remove this
// and we need to change the List authorization to use the MetaAccessor and the GetDeprecatedInternalID method
//nolint:staticcheck
return fmt.Sprintf("%d", meta.GetDeprecatedInternalID())
}
func (t Team) AuthID() string {
meta, err := utils.MetaAccessor(&t)
if err != nil {
return ""
}
// TODO: Workaround until we move all definitions
// After having all resource definitions here in the app, we can remove this
// and we need to change the List authorization to use the MetaAccessor and the GetDeprecatedInternalID method
//nolint:staticcheck
return fmt.Sprintf("%d", meta.GetDeprecatedInternalID())
}