root
/
grafana
mirror of https://github.com/grafana/grafana.git
1
0
Fork 0
Code Issues Actions 250 Packages Projects Releases Wiki Activity

Introduce kubernetesAuthZHandlerRedirect toggle (#111582) 

* introduce kubernetesAuthzEndpoints toggle

* rename to kubernetesAuthZHandlerRedirect
This commit is contained in:
mohammad-hamid 2025-09-25 13:42:52 -04:00 committed by GitHub
parent 1fad7e7a0a
commit b85aa5f681
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 60 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
packages/grafana-data/src/types/featureToggles.gen.ts
View File

@ -1013,6 +1013,10 @@ export interface FeatureToggles {
*/ */
kubernetesAuthzApis?: boolean; kubernetesAuthzApis?: boolean;
/** /**
* Redirects the traffic from the legacy access control endpoints to the new K8s AuthZ endpoints
*/
kubernetesAuthZHandlerRedirect?: boolean;
/**
* Registers AuthZ resource permission /apis endpoints * Registers AuthZ resource permission /apis endpoints
*/ */
kubernetesAuthzResourcePermissionApis?: boolean; kubernetesAuthzResourcePermissionApis?: boolean;

8
pkg/services/featuremgmt/registry.go
View File

@ -1750,6 +1750,14 @@ var (
HideFromAdminPage: true, HideFromAdminPage: true,
HideFromDocs: true, HideFromDocs: true,
}, },
{
Name: "kubernetesAuthZHandlerRedirect",
Description: "Redirects the traffic from the legacy access control endpoints to the new K8s AuthZ endpoints",
Stage: FeatureStageExperimental,
Owner: identityAccessTeam,
HideFromAdminPage: true,
HideFromDocs: true,
},
{ {
Name: "kubernetesAuthzResourcePermissionApis", Name: "kubernetesAuthzResourcePermissionApis",
Description: "Registers AuthZ resource permission /apis endpoints", Description: "Registers AuthZ resource permission /apis endpoints",

1
pkg/services/featuremgmt/toggles_gen.csv
View File

@ -227,6 +227,7 @@ alertingListViewV2PreviewToggle,privatePreview,@grafana/alerting-squad,false,fal
alertRuleUseFiredAtForStartsAt,experimental,@grafana/alerting-squad,false,false,false alertRuleUseFiredAtForStartsAt,experimental,@grafana/alerting-squad,false,false,false
alertingBulkActionsInUI,GA,@grafana/alerting-squad,false,false,true alertingBulkActionsInUI,GA,@grafana/alerting-squad,false,false,true
kubernetesAuthzApis,experimental,@grafana/identity-access-team,false,false,false kubernetesAuthzApis,experimental,@grafana/identity-access-team,false,false,false
kubernetesAuthZHandlerRedirect,experimental,@grafana/identity-access-team,false,false,false
kubernetesAuthzResourcePermissionApis,experimental,@grafana/identity-access-team,false,false,false kubernetesAuthzResourcePermissionApis,experimental,@grafana/identity-access-team,false,false,false
kubernetesAuthnMutation,experimental,@grafana/identity-access-team,false,false,false kubernetesAuthnMutation,experimental,@grafana/identity-access-team,false,false,false
restoreDashboards,experimental,@grafana/grafana-frontend-platform,false,false,false restoreDashboards,experimental,@grafana/grafana-frontend-platform,false,false,false

1 Name Stage Owner requiresDevMode RequiresRestart FrontendOnly
227 alertRuleUseFiredAtForStartsAt experimental @grafana/alerting-squad false false false
228 alertingBulkActionsInUI GA @grafana/alerting-squad false false true
229 kubernetesAuthzApis experimental @grafana/identity-access-team false false false
230 kubernetesAuthZHandlerRedirect experimental @grafana/identity-access-team false false false
231 kubernetesAuthzResourcePermissionApis experimental @grafana/identity-access-team false false false
232 kubernetesAuthnMutation experimental @grafana/identity-access-team false false false
233 restoreDashboards experimental @grafana/grafana-frontend-platform false false false

4
pkg/services/featuremgmt/toggles_gen.go
View File

@ -919,6 +919,10 @@ const (
// Registers AuthZ /apis endpoint // Registers AuthZ /apis endpoint
FlagKubernetesAuthzApis = "kubernetesAuthzApis" FlagKubernetesAuthzApis = "kubernetesAuthzApis"
// FlagKubernetesAuthZHandlerRedirect
// Redirects the traffic from the legacy access control endpoints to the new K8s AuthZ endpoints
FlagKubernetesAuthZHandlerRedirect = "kubernetesAuthZHandlerRedirect"
// FlagKubernetesAuthzResourcePermissionApis // FlagKubernetesAuthzResourcePermissionApis
// Registers AuthZ resource permission /apis endpoints // Registers AuthZ resource permission /apis endpoints
FlagKubernetesAuthzResourcePermissionApis = "kubernetesAuthzResourcePermissionApis" FlagKubernetesAuthzResourcePermissionApis = "kubernetesAuthzResourcePermissionApis"

43
pkg/services/featuremgmt/toggles_gen.json
View File

@ -1986,6 +1986,20 @@
"requiresRestart": true "requiresRestart": true
} }
}, },
{
"metadata": {
"name": "kubernetesAuthZHandlerRedirect",
"resourceVersion": "1758820248165",
"creationTimestamp": "2025-09-25T17:10:48Z"
},
"spec": {
"description": "Redirects the traffic from the legacy access control endpoints to the new K8s AuthZ endpoints",
"stage": "experimental",
"codeowner": "@grafana/identity-access-team",
"hideFromAdminPage": true,
"hideFromDocs": true
}
},
{ {
"metadata": { "metadata": {
"name": "kubernetesAuthnMutation", "name": "kubernetesAuthnMutation",
@ -2017,6 +2031,21 @@
"hideFromDocs": true "hideFromDocs": true
} }
}, },
{
"metadata": {
"name": "kubernetesAuthzEndpoints",
"resourceVersion": "1758779666607",
"creationTimestamp": "2025-09-25T05:54:26Z",
"deletionTimestamp": "2025-09-25T17:10:48Z"
},
"spec": {
"description": "Enables K8s AuthZ endpoints",
"stage": "experimental",
"codeowner": "@grafana/identity-access-team",
"hideFromAdminPage": true,
"hideFromDocs": true
}
},
{ {
"metadata": { "metadata": {
"name": "kubernetesAuthzResourcePermissionApis", "name": "kubernetesAuthzResourcePermissionApis",
@ -3716,6 +3745,20 @@
"hideFromDocs": true "hideFromDocs": true
} }
}, },
{
"metadata": {
"name": "unifiedStorageUseFullNgram",
"resourceVersion": "1758820248165",
"creationTimestamp": "2025-09-25T17:10:48Z"
},
"spec": {
"description": "Use full n-gram indexing instead of edge n-gram for unified storage search",
"stage": "experimental",
"codeowner": "@grafana/search-and-storage",
"hideFromAdminPage": true,
"hideFromDocs": true
}
},
{ {
"metadata": { "metadata": {
"name": "useKubernetesShortURLsAPI", "name": "useKubernetesShortURLsAPI",