grafana-iam: enable dual writing for resource permissions (#112793)
* `grafana-iam`: enable dual writing for resource permissions Co-authored-by: jguer <joao.guerreiro@grafana.com> * copy paste mistake * Reduce complexity * nits to make the code easy to review * Forgot to check the error --------- Co-authored-by: jguer <joao.guerreiro@grafana.com>
This commit is contained in:
Gabriel MABILLE
GitHub
@@ -350,23 +350,59 @@ func (b *IdentityAccessManagementAPIBuilder) UpdateAPIGroupInfo(apiGroupInfo *ge
|
||||
}
|
||||
//nolint:staticcheck // not yet migrated to OpenFeature
|
||||
if b.features.IsEnabledGlobally(featuremgmt.FlagKubernetesAuthzResourcePermissionApis) {
|
||||
resourcePermissionStore, err := NewLocalStore(iamv0.ResourcePermissionInfo, apiGroupInfo.Scheme, opts.OptsGetter, b.reg, b.accessClient, b.resourcePermissionsStorage)
|
||||
if err != nil {
|
||||
if err := b.UpdateResourcePermissionsAPIGroup(apiGroupInfo, opts, storage, b.enableDualWriter, enableZanzanaSync); err != nil {
|
||||
return err
|
||||
}
|
||||
if enableZanzanaSync {
|
||||
b.logger.Info("Enabling AfterCreate, BeginUpdate, and AfterDelete hooks for ResourcePermission to sync to Zanzana")
|
||||
resourcePermissionStore.AfterCreate = b.AfterResourcePermissionCreate
|
||||
resourcePermissionStore.BeginUpdate = b.BeginResourcePermissionUpdate
|
||||
resourcePermissionStore.AfterDelete = b.AfterResourcePermissionDelete
|
||||
}
|
||||
storage[iamv0.ResourcePermissionInfo.StoragePath()] = resourcePermissionStore
|
||||
}
|
||||
|
||||
apiGroupInfo.VersionedResourcesStorageMap[legacyiamv0.VERSION] = storage
|
||||
return nil
|
||||
}
|
||||
|
||||
func (b *IdentityAccessManagementAPIBuilder) UpdateResourcePermissionsAPIGroup(
|
||||
apiGroupInfo *genericapiserver.APIGroupInfo,
|
||||
opts builder.APIGroupOptions,
|
||||
storage map[string]rest.Storage,
|
||||
enableDualWriter bool,
|
||||
enableZanzanaSync bool,
|
||||
) error {
|
||||
var store rest.Storage
|
||||
// Create the legacy store first
|
||||
legacyStore, err := NewLocalStore(iamv0.ResourcePermissionInfo, apiGroupInfo.Scheme, opts.OptsGetter, b.reg, b.accessClient, b.resourcePermissionsStorage)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Register the hooks for Zanzana sync
|
||||
// FIXME: The hooks are registered on the legacy store
|
||||
// Once we fully migrate to unified storage, we can move these hooks to the unified store
|
||||
if enableZanzanaSync {
|
||||
b.logger.Info("Enabling AfterCreate, BeginUpdate, and AfterDelete hooks for ResourcePermission to sync to Zanzana")
|
||||
legacyStore.AfterCreate = b.AfterResourcePermissionCreate
|
||||
legacyStore.BeginUpdate = b.BeginResourcePermissionUpdate
|
||||
legacyStore.AfterDelete = b.AfterResourcePermissionDelete
|
||||
}
|
||||
|
||||
// Set the default store to the legacy store
|
||||
store = legacyStore
|
||||
|
||||
if enableDualWriter {
|
||||
// Create the dual write store (UniStore + LegacyStore)
|
||||
uniStore, err := grafanaregistry.NewRegistryStore(apiGroupInfo.Scheme, iamv0.ResourcePermissionInfo, opts.OptsGetter)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
store, err = opts.DualWriteBuilder(iamv0.ResourcePermissionInfo.GroupResource(), legacyStore, uniStore)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
storage[iamv0.ResourcePermissionInfo.StoragePath()] = store
|
||||
return nil
|
||||
}
|
||||
|
||||
func (b *IdentityAccessManagementAPIBuilder) GetOpenAPIDefinitions() common.GetOpenAPIDefinitions {
|
||||
return func(rc common.ReferenceCallback) map[string]common.OpenAPIDefinition {
|
||||
dst := legacyiamv0.GetOpenAPIDefinitions(rc)
|
||||
|
||||
Reference in New Issue
Block a user