4115a67a42
Zanzana: Evaluate dashboard and folder permissions (#91539)
* Zanzana: basic folder permissions checks
* Fix managed permissions for teams
* fix sync batch size
* add dashboards actions translations
* migrate folder tree
* migrate dashboard folders
* remove action sets from schema
* Adding more dashboard and folder-related permissions
* refactor
* Correctly translate dashboard permissions in folders
* fix dashboard parent permissions
(cherry picked from commit 1cc438a56c)
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
Authorization
This package contains the authorization server implementation.
Feature toggles
The following feature toggles need to be activated:
[feature_toggles]
authZGRPCServer = true
grpcServer = true
Configuration
To configure the authorization server and client, use the "authorization" section of the configuration ini file.
The remote_address setting, specifies the address where the authorization server is located (ex: server.example.org:10000).
The mode setting can be set to either grpc or inproc. When set to grpc, the client will connect to the specified address. When set to inproc the client will use inprocgrpc (relying on go channels) to wrap a local instantiation of the server.
The listen setting determines whether the authorization server should listen for incoming requests. When set to true, the authorization service will be registered to the Grafana GRPC server.
The default configuration does not register the authorization service on the Grafana GRPC server and binds the client to it inproc:
[authorization]
remote_address = ""
listen = false
mode = "inproc"
Example
Here is an example to connect the authorization client to a remote grpc server.
[authorization]
remote_address = "server.example.org:10000"
mode = "grpc"
Here is an example to register the authorization service on the Grafana GRPC server and connect the client to it through grpc
[authorization]
remote_address = "localhost:10000"
listen = true
mode = "grpc"