public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
03e33cd7947e87fcb445aae193b14322b87f9d2a
grafana/pkg/services/authz
History
Matheus Macabu 7b7b37359f [release-11.2.8] Chore: Bump dependencies to address security issues (#101648) 
* Chore: Bump github.com/rs/cors to v1.11.1

* Chore: Bump github.com/golang/glog to v1.2.4

* Chore: Bump filippo.io/age to v1.2.1

* Chore: Bump github.com/ua-parser/uap-go to v0.0.0-20250213224047-9c035f085b90

* Chore: Bump github.com/go-jose/go-jose/v3 to v3.0.4

* Chore: Bump golang.org/x/net to v0.36.0

* Chore: Bump golang.org/x/oauth2 to v0.28.0

* Chore: Bump github.com/moby/moby to v27.5.1

* Chore: Bump github.com/elazarl/goproxy to v1.7.1

* Zanzana: bump openfga version (#94485)

* Bump openfga

* Remove internall sqlite implementation for openfga

* Use sqlite implementation from openfga

(cherry picked from commit 9ece88d585)

* Chore: Bump github.com/openfga/openfga to v1.8.5

---------

Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2025-03-07 10:14:08 +01:00
..
zanzana
[release-11.2.8] Chore: Bump dependencies to address security issues (#101648)
2025-03-07 10:14:08 +01:00
client.go
Authz: Fix on-prem grpc authentication (#91341)
2024-08-01 16:30:13 +03:00
config.go
[authz]: use authlib client (#91205)
2024-07-30 17:49:46 +03:00
README.md
AuthZ: GRPC client init and config options (#89161)
2024-06-18 06:13:24 +02:00
server.go
authz: set authzv1.ReadResponse.Found (#91212)
2024-07-30 18:26:54 +03:00
wireset.go
Zanzana: Initial work to run openFGA as embedded or standalone service (#89211)
2024-06-18 10:04:18 +02:00
zanzana.go
Zanzana: Run OpenFGA HTTP server in standalone mode (#89914)
2024-07-02 11:14:09 +02:00

README.md

Authorization

This package contains the authorization server implementation.

Feature toggles

The following feature toggles need to be activated:

[feature_toggles]
authZGRPCServer = true
grpcServer = true

Configuration

To configure the authorization server and client, use the "authorization" section of the configuration ini file.

The remote_address setting, specifies the address where the authorization server is located (ex: server.example.org:10000).

The mode setting can be set to either grpc or inproc. When set to grpc, the client will connect to the specified address. When set to inproc the client will use inprocgrpc (relying on go channels) to wrap a local instantiation of the server.

The listen setting determines whether the authorization server should listen for incoming requests. When set to true, the authorization service will be registered to the Grafana GRPC server.

The default configuration does not register the authorization service on the Grafana GRPC server and binds the client to it inproc:

[authorization]
remote_address = ""
listen = false
mode = "inproc"

Example

Here is an example to connect the authorization client to a remote grpc server.

[authorization]
remote_address = "server.example.org:10000"
mode = "grpc"

Here is an example to register the authorization service on the Grafana GRPC server and connect the client to it through grpc

[authorization]
remote_address = "localhost:10000"
listen = true
mode = "grpc"
Reference in New Issue View Git Blame Copy Permalink