* Zanzana: Setup GRPC authentication in client/server mode
* don't use grpcutils
* refactor
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Add a namespace stub for in-proc mode
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Read parameters from config
* authorize server requests
* add namespace to the tests context
* use stack id from config
* simplify authorize func
* properly format namespace
* return Unauthenticated if namespace is empty
* use insecure cred only in dev env
* check request namespace
* Use CallCredentials API for client auth
* provide config
* fail if stack id is missing
* improve error message
* use insecure connection by default
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Create and use common ResourceInfo struct
* Add support for formatting group resource with subresource
* Add initial support for handling subresource
* Add test for checking subresource for generic resource
* Bump authlib
Remove create relation from generic resources.
We cant have a create relation to a resource because they don't exist yet. So
in oder to check create we either have to have that permissions on a folder or the namespace
* Move server init into server package
* map store name to id
* refactor model loading
* pass namespace into reconcilers and collectors
* refactor
* Extend authz server with Read and Write methods
* use new read/write in reconciler
* implement server side read and write
* Sync permissions for every org
* handle namespace in check and list
* split read and write
* provide conditions
* Fix client implementation
* fix nil conditions
* remove unused client code
* use lock for store access
* move type translators to common package
* fix folder collector
* fix store creation
* remove unused AuthorizationModelId
* fix server tests
* fix linter
* Implement initial check with schema for generic resources
* Implement List and add tests
* Add namespace type and change to folder_resource name
* Handle namespace grants for typed resources
* Run tests as integration tests
* Add support for verb in list requests
Alexander Zobnin
Karl Persson
Georges Chaudy