public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bf2f2540da7a4e4b8d80e1fa4ae3d05868cf7b69
grafana/pkg/services/pluginsintegration/serviceregistration/serviceregistration.go
T
Gabriel MABILLE e902d8fd10 AuthN: New service to support multiple authentication providers for plugins (#75979) 
* OnGoing

* Continue migrating structure

* Comment

* Add intermediary service

* Remove unused error so far

* no need for fmt use errors

* use RoleNone

* Docs

* Fix test

* Accounting for review feedback

* Rename oauthserver.ExternalService to OAuthClient

* Revert as the interface looks weird

* Update pluginintegration

* Rename oauthserver.ExternalService

* closer to what it was before
2023-10-05 18:13:06 +02:00

86 lines
2.2 KiB
Go
Raw Blame History

package serviceregistration
import (
"context"
"github.com/grafana/grafana/pkg/plugins/auth"
"github.com/grafana/grafana/pkg/plugins/plugindef"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/extsvcauth"
)
type Service struct {
os extsvcauth.ExternalServiceRegistry
}
func ProvideService(os extsvcauth.ExternalServiceRegistry) *Service {
s := &Service{
os: os,
}
return s
}
// RegisterExternalService is a simplified wrapper around SaveExternalService for the plugin use case.
func (s *Service) RegisterExternalService(ctx context.Context, svcName string, svc *plugindef.ExternalServiceRegistration) (*auth.ExternalService, error) {
impersonation := extsvcauth.ImpersonationCfg{}
if svc.Impersonation != nil {
impersonation.Permissions = toAccessControlPermissions(svc.Impersonation.Permissions)
if svc.Impersonation.Enabled != nil {
impersonation.Enabled = *svc.Impersonation.Enabled
} else {
impersonation.Enabled = true
}
if svc.Impersonation.Groups != nil {
impersonation.Groups = *svc.Impersonation.Groups
} else {
impersonation.Groups = true
}
}
self := extsvcauth.SelfCfg{}
if svc.Self != nil {
self.Permissions = toAccessControlPermissions(svc.Self.Permissions)
if svc.Self.Enabled != nil {
self.Enabled = *svc.Self.Enabled
} else {
self.Enabled = true
}
}
extSvc, err := s.os.SaveExternalService(ctx, &extsvcauth.ExternalServiceRegistration{
Name: svcName,
Impersonation: impersonation,
Self: self,
AuthProvider: extsvcauth.OAuth2Server,
OAuthProviderCfg: &extsvcauth.OAuthProviderCfg{Key: &extsvcauth.KeyOption{Generate: true}},
})
if err != nil {
return nil, err
}
privateKey := ""
if extSvc.OAuthExtra != nil {
privateKey = extSvc.OAuthExtra.KeyResult.PrivatePem
}
return &auth.ExternalService{
ClientID: extSvc.ID,
ClientSecret: extSvc.Secret,
PrivateKey: privateKey}, nil
}
func toAccessControlPermissions(ps []plugindef.Permission) []accesscontrol.Permission {
res := make([]accesscontrol.Permission, 0, len(ps))
for _, p := range ps {
scope := ""
if p.Scope != nil {
scope = *p.Scope
}
res = append(res, accesscontrol.Permission{
Action: p.Action,
Scope: scope,
})
}
return res
}
Reference in New Issue View Git Blame Copy Permalink