Alexander Zobnin
0e0c877609
* model fixed roles for dashboards and folders * Correctly translate fixed role assignments * minor refactor * assign fixed roles to teams * fix linter errors * Migrate general folder permissions for fixed roles * fix dashboards:create permission
Authorization
This package contains the authorization server implementation.
Feature toggles
The following feature toggles need to be activated:
[feature_toggles]
authZGRPCServer = true
grpcServer = true
Configuration
To configure the authorization server and client, use the "authorization" section of the configuration ini file.
The remote_address setting, specifies the address where the authorization server is located (ex: server.example.org:10000).
The mode setting can be set to either grpc or inproc. When set to grpc, the client will connect to the specified address. When set to inproc the client will use inprocgrpc (relying on go channels) to wrap a local instantiation of the server.
The listen setting determines whether the authorization server should listen for incoming requests. When set to true, the authorization service will be registered to the Grafana GRPC server.
The default configuration does not register the authorization service on the Grafana GRPC server and binds the client to it inproc:
[authorization]
remote_address = ""
listen = false
mode = "inproc"
Example
Here is an example to connect the authorization client to a remote grpc server.
[authorization]
remote_address = "server.example.org:10000"
mode = "grpc"
Here is an example to register the authorization service on the Grafana GRPC server and connect the client to it through grpc
[authorization]
remote_address = "localhost:10000"
listen = true
mode = "grpc"