apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
60711 Commits
2296 Branches
613 Tags
1.8 GiB
Tag: Branch: Tree: 3e29ca786d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3e29ca786d'
${ noResults }
grafana/pkg/registry/apis/iam/common/common.go

127 lines
3.0 KiB
Raw Normal View History Unescape

Teams: Add apis for team membership (#92204) * Add TeamBinding resource * Implement read api:s for TeamBindings
11 months ago
package common
import (
RBAC: Add legacy authorization checks to service accounts (#93753) * Extract a helper funtion to perform list with authorization checks * Add k8s verb to utils package * Construct default mapping when no custom mapping is passed * Configure authorization checks for service accounts * Fix helper and add filtering to service accounts
10 months ago
"context"
Teams: Add apis for team membership (#92204) * Add TeamBinding resource * Implement read api:s for TeamBindings
11 months ago
"strconv"
User: Add sub resource and api for user teams (#92649) * Add sub resource for user teams * Add test snapshots * Update to use ref:s
11 months ago
Authlib: Use types package rather than claims (#99243)
6 months ago
authlib "github.com/grafana/authlib/types"
IAM: Move resource definitions to apps/iam step 1 (#107389) * wip * Use serviceaccount model from /apps/iam * revert version update * Add tembinding, userteam, other improvements * Change serviceaccounttoken spec * Revert the change of ServiceAccountToken * Revert the change of UserTeam * Clean up * Remove files that are not needed for now * Lint * Update sql query's integration tests * Fix tests * update openapi spec * Move LastSeenAt to the annotations * Updte openapi_snapshots * Change lastSeenAt annotation name
2 weeks ago
iamv0alpha1 "github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1"
RBAC: Add legacy authorization checks to service accounts (#93753) * Extract a helper funtion to perform list with authorization checks * Add k8s verb to utils package * Construct default mapping when no custom mapping is passed * Configure authorization checks for service accounts * Fix helper and add filtering to service accounts
10 months ago
"github.com/grafana/grafana/pkg/apimachinery/identity"
IAM: Move resource definitions to apps/iam step 1 (#107389) * wip * Use serviceaccount model from /apps/iam * revert version update * Add tembinding, userteam, other improvements * Change serviceaccounttoken spec * Revert the change of ServiceAccountToken * Revert the change of UserTeam * Clean up * Remove files that are not needed for now * Lint * Update sql query's integration tests * Fix tests * update openapi spec * Move LastSeenAt to the annotations * Updte openapi_snapshots * Change lastSeenAt annotation name
2 weeks ago
legacyiamv0 "github.com/grafana/grafana/pkg/apis/iam/v0alpha1"
RBAC: Add legacy authorization checks to service accounts (#93753) * Extract a helper funtion to perform list with authorization checks * Add k8s verb to utils package * Construct default mapping when no custom mapping is passed * Configure authorization checks for service accounts * Fix helper and add filtering to service accounts
10 months ago
"github.com/grafana/grafana/pkg/services/apiserver/endpoints/request"
User: Add sub resource and api for user teams (#92649) * Add sub resource for user teams * Add test snapshots * Update to use ref:s
11 months ago
"github.com/grafana/grafana/pkg/services/team"
Teams: Add apis for team membership (#92204) * Add TeamBinding resource * Implement read api:s for TeamBindings
11 months ago
)
// OptonalFormatInt formats num as a string. If num is less or equal than 0
// an empty string is returned.
func OptionalFormatInt(num int64) string {
if num > 0 {
return strconv.FormatInt(num, 10)
}
return ""
}
User: Add sub resource and api for user teams (#92649) * Add sub resource for user teams * Add test snapshots * Update to use ref:s
11 months ago
IAM: Move resource definitions to apps/iam step 1 (#107389) * wip * Use serviceaccount model from /apps/iam * revert version update * Add tembinding, userteam, other improvements * Change serviceaccounttoken spec * Revert the change of ServiceAccountToken * Revert the change of UserTeam * Clean up * Remove files that are not needed for now * Lint * Update sql query's integration tests * Fix tests * update openapi spec * Move LastSeenAt to the annotations * Updte openapi_snapshots * Change lastSeenAt annotation name
2 weeks ago
func MapTeamPermission(p team.PermissionType) iamv0alpha1.TeamBindingTeamPermission {
User: Add sub resource and api for user teams (#92649) * Add sub resource for user teams * Add test snapshots * Update to use ref:s
11 months ago
if p == team.PermissionTypeAdmin {
IAM: Move resource definitions to apps/iam step 1 (#107389) * wip * Use serviceaccount model from /apps/iam * revert version update * Add tembinding, userteam, other improvements * Change serviceaccounttoken spec * Revert the change of ServiceAccountToken * Revert the change of UserTeam * Clean up * Remove files that are not needed for now * Lint * Update sql query's integration tests * Fix tests * update openapi spec * Move LastSeenAt to the annotations * Updte openapi_snapshots * Change lastSeenAt annotation name
2 weeks ago
return iamv0alpha1.TeamBindingTeamPermissionAdmin
User: Add sub resource and api for user teams (#92649) * Add sub resource for user teams * Add test snapshots * Update to use ref:s
11 months ago
} else {
IAM: Move resource definitions to apps/iam step 1 (#107389) * wip * Use serviceaccount model from /apps/iam * revert version update * Add tembinding, userteam, other improvements * Change serviceaccounttoken spec * Revert the change of ServiceAccountToken * Revert the change of UserTeam * Clean up * Remove files that are not needed for now * Lint * Update sql query's integration tests * Fix tests * update openapi spec * Move LastSeenAt to the annotations * Updte openapi_snapshots * Change lastSeenAt annotation name
2 weeks ago
return iamv0alpha1.TeamBindingTeamPermissionMember
}
}
func MapUserTeamPermission(p team.PermissionType) legacyiamv0.TeamPermission {
if p == team.PermissionTypeAdmin {
return legacyiamv0.TeamPermissionAdmin
} else {
return legacyiamv0.TeamPermissionMember
User: Add sub resource and api for user teams (#92649) * Add sub resource for user teams * Add test snapshots * Update to use ref:s
11 months ago
}
}
RBAC: Add legacy authorization checks to service accounts (#93753) * Extract a helper funtion to perform list with authorization checks * Add k8s verb to utils package * Construct default mapping when no custom mapping is passed * Configure authorization checks for service accounts * Fix helper and add filtering to service accounts
10 months ago
// Resource is required to be implemented for list return types so we can
// perform authorization.
type Resource interface {
AuthID() string
}
type ListResponse[T Resource] struct {
Items []T
RV int64
Continue int64
}
Authlib: Use types package rather than claims (#99243)
6 months ago
type ListFunc[T Resource] func(ctx context.Context, ns authlib.NamespaceInfo, p Pagination) (*ListResponse[T], error)
RBAC: Add legacy authorization checks to service accounts (#93753) * Extract a helper funtion to perform list with authorization checks * Add k8s verb to utils package * Construct default mapping when no custom mapping is passed * Configure authorization checks for service accounts * Fix helper and add filtering to service accounts
10 months ago
// List is a helper function that will perform access check on resources if
Authlib: Use types package rather than claims (#99243)
6 months ago
// prvovided with a authlib.AccessClient.
RBAC: Add legacy authorization checks to service accounts (#93753) * Extract a helper funtion to perform list with authorization checks * Add k8s verb to utils package * Construct default mapping when no custom mapping is passed * Configure authorization checks for service accounts * Fix helper and add filtering to service accounts
10 months ago
func List[T Resource](
ctx context.Context,
resourceName string,
Authlib: Use types package rather than claims (#99243)
6 months ago
ac authlib.AccessClient,
RBAC: Add legacy authorization checks to service accounts (#93753) * Extract a helper funtion to perform list with authorization checks * Add k8s verb to utils package * Construct default mapping when no custom mapping is passed * Configure authorization checks for service accounts * Fix helper and add filtering to service accounts
10 months ago
p Pagination,
fn ListFunc[T],
) (*ListResponse[T], error) {
ns, err := request.NamespaceInfoFrom(ctx, true)
if err != nil {
return nil, err
}
ident, err := identity.GetRequester(ctx)
if err != nil {
return nil, err
}
Authn: Sync authlib and update how we construct authn client interceptor (#101124) * Sync authlib and update how we construct authn client interceptor * Remove namespace from checker
5 months ago
check := func(_, _ string) bool { return true }
RBAC: Add legacy authorization checks to service accounts (#93753) * Extract a helper funtion to perform list with authorization checks * Add k8s verb to utils package * Construct default mapping when no custom mapping is passed * Configure authorization checks for service accounts * Fix helper and add filtering to service accounts
10 months ago
if ac != nil {
var err error
Authlib: Use types package rather than claims (#99243)
6 months ago
check, err = ac.Compile(ctx, ident, authlib.ListRequest{
RBAC: Add legacy authorization checks to service accounts (#93753) * Extract a helper funtion to perform list with authorization checks * Add k8s verb to utils package * Construct default mapping when no custom mapping is passed * Configure authorization checks for service accounts * Fix helper and add filtering to service accounts
10 months ago
Resource: resourceName,
Namespace: ns.Value,
})
if err != nil {
return nil, err
}
}
res := &ListResponse[T]{Items: make([]T, 0, p.Limit)}
first, err := fn(ctx, ns, p)
if err != nil {
return nil, err
}
for _, item := range first.Items {
Authn: Sync authlib and update how we construct authn client interceptor (#101124) * Sync authlib and update how we construct authn client interceptor * Remove namespace from checker
5 months ago
if !check(item.AuthID(), "") {
RBAC: Add legacy authorization checks to service accounts (#93753) * Extract a helper funtion to perform list with authorization checks * Add k8s verb to utils package * Construct default mapping when no custom mapping is passed * Configure authorization checks for service accounts * Fix helper and add filtering to service accounts
10 months ago
continue
}
res.Items = append(res.Items, item)
}
res.Continue = first.Continue
res.RV = first.RV
outer:
for len(res.Items) < int(p.Limit) && res.Continue != 0 {
// FIXME: it is not optimal to reduce the amout we look for here but it is the easiest way to
// correctly handle pagination and continue tokens
r, err := fn(ctx, ns, Pagination{Limit: p.Limit - int64(len(res.Items)), Continue: res.Continue})
if err != nil {
return nil, err
}
for _, item := range r.Items {
if len(res.Items) == int(p.Limit) {
res.Continue = r.Continue
break outer
}
Authn: Sync authlib and update how we construct authn client interceptor (#101124) * Sync authlib and update how we construct authn client interceptor * Remove namespace from checker
5 months ago
if !check(item.AuthID(), "") {
RBAC: Add legacy authorization checks to service accounts (#93753) * Extract a helper funtion to perform list with authorization checks * Add k8s verb to utils package * Construct default mapping when no custom mapping is passed * Configure authorization checks for service accounts * Fix helper and add filtering to service accounts
10 months ago
continue
}
res.Items = append(res.Items, item)
}
}
return res, nil
}