Files
Gabriel MABILLE 3d543a336f IAM: Register CoreRole apis (#106924)
* IAM: Register CoreRole apis

* one line store instantiation

* Small refactor for readability

* Add authorizer for CoreRole

* Nit

* Error strings should not end with punctiation

* Account for error

* Switch to use the local resource client

* error should not start with upper casing

* noopStorageErr should have a name starting with err

* Update workspace

* I don't know why I don't have the same output as the CI 🤷

* Dependency xOwnership

* imports

* Import order

* Rename alias to make it clear this is legacy
2025-06-26 10:11:28 +02:00

45 lines
1.5 KiB
Go

package iam
import (
"github.com/grafana/authlib/types"
"github.com/grafana/grafana/pkg/registry/apis/iam/legacy"
"github.com/grafana/grafana/pkg/registry/apis/iam/user"
"github.com/grafana/grafana/pkg/services/apiserver/builder"
"github.com/grafana/grafana/pkg/services/ssosettings"
"github.com/grafana/grafana/pkg/storage/unified/resource"
"github.com/prometheus/client_golang/prometheus"
"k8s.io/apiserver/pkg/authorization/authorizer"
)
var _ builder.APIGroupBuilder = (*IdentityAccessManagementAPIBuilder)(nil)
var _ builder.APIGroupRouteProvider = (*IdentityAccessManagementAPIBuilder)(nil)
// CoreRoleStorageBackend uses the resource.StorageBackend interface to provide storage for core roles.
// Used wire to identify the storage backend for core roles.
type CoreRoleStorageBackend interface{ resource.StorageBackend }
// This is used just so wire has something unique to return
type IdentityAccessManagementAPIBuilder struct {
// Stores
store legacy.LegacyIdentityStore
coreRolesStorage CoreRoleStorageBackend
// Access Control
authorizer authorizer.Authorizer
// legacyAccessClient is used for the identity apis, we need to migrate to the access client
legacyAccessClient types.AccessClient
// accessClient is used for the core role apis
accessClient types.AccessClient
reg prometheus.Registerer
// non-k8s api route
display *user.LegacyDisplayREST
// Not set for multi-tenant deployment for now
sso ssosettings.Service
// Toggle for enabling authz management apis
enableAuthZApis bool
}