apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
54409 Commits
2158 Branches
608 Tags
1.9 GiB
Tag: Branch: Tree: 50a635bc7e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '50a635bc7e'
${ noResults }
grafana/pkg/services/anonymous/anonimpl/client.go

123 lines
3.6 KiB
Raw Normal View History Unescape

Anon: Scaffold anon service (#74744) * remove API tagging method and authed tagging * add anonstore move debug to after cache change test order fix issue where mysql trims to second * add old device cleanup lint utc-ize everything trim whitespace * remove dangling setting * Add delete devices * Move anonymous authnclient to anonimpl * Add simple post login hook * move registration of Background Service cleanup * add updated_at index * do not untag device if login err * add delete device integration test
2 years ago
package anonimpl
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
3 years ago
import (
"context"
Anonymous: Add configurable device limit (#79265) * Anonymous: Add device limiter * break auth if limit reached * fix typo * refactored const to make it clearer with expiration * anon device limit for config --------- Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
2 years ago
"errors"
AnonymousAuth: Fix concurrent read-write crash (#68637) clone http req before tagging
2 years ago
"net/http"
Authn: Stat registration (#62934) * reorganize auth usage stats * usage stat privilege elevators * stat count of modified role * cfg related info * add authn anon client * kv store * ensure anon enabled is collected even if client is not registered * fix usage stats test
2 years ago
"strings"
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
3 years ago
Auth: use IdentityType from authlib (#91763)
11 months ago
"github.com/grafana/authlib/claims"
Chore: Move identity and errutil to apimachinery module (#89116)
1 year ago
"github.com/grafana/grafana/pkg/apimachinery/errutil"
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
3 years ago
"github.com/grafana/grafana/pkg/infra/log"
Authn: Anon session service (#63052) * add anon sessions package * add usage stat fn * implement count for cache * add anonservice to authn broker * lint * add tests for remote cache count * move anon service to services * wrap tagging in goroutine * make func used
2 years ago
"github.com/grafana/grafana/pkg/services/anonymous"
Anonymous: Add configurable device limit (#79265) * Anonymous: Add device limiter * break auth if limit reached * fix typo * refactored const to make it clearer with expiration * anon device limit for config --------- Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
2 years ago
"github.com/grafana/grafana/pkg/services/anonymous/anonimpl/anonstore"
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
3 years ago
"github.com/grafana/grafana/pkg/services/authn"
"github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/setting"
Anon: Add support to resolve anonymous identity (#87486)
1 year ago
)
var (
Anonymous: Fix anonymous cache ignoring device limit evaluation (#94218) * ensure cache contains the evaluation result for device limit * add device limit errors and warnings * fix lint
9 months ago
errInvalidOrg = errutil.Unauthorized("anonymous.invalid-org")
errInvalidID = errutil.Unauthorized("anonymous.invalid-id")
errDeviceLimit = errutil.Unauthorized("anonymous.device-limit-reached", errutil.WithPublicMessage("Anonymous device limit reached. Contact Administrator"))
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
3 years ago
)
Auth: Introduce authn.SSOClientConfig to get client config from SSOSettings service (#94618) * wip * possible solution * Separate interface for SSO settings clients * Rename interface * Fix tests * Rename * Change GetClientConfig to comma ok idiom
8 months ago
var (
_ authn.ContextAwareClient = new(Anonymous)
_ authn.IdentityResolverClient = new(Anonymous)
)
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
3 years ago
type Anonymous struct {
Auth: Rename Sessions to Devices in counting (#72432) * rename session to device * rename session to device
2 years ago
cfg *setting.Cfg
log log.Logger
orgService org.Service
anonDeviceService anonymous.Service
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
3 years ago
}
AuthN: Rebuild Authenticate so we only have to call it once in context handler (#61705) * API: Add reqSignedIn to router groups * AuthN: Add fall through in context handler * AuthN: Add IsAnonymous field * AuthN: add priority to context aware clients * ContextHandler: Add comment * AuthN: Add a simple priority queue * AuthN: Add Name to client interface * AuthN: register clients with function * AuthN: update mock and fake to implement interface * AuthN: rewrite test without reflection * AuthN: add comment * AuthN: fix queue insert * AuthN: rewrite tests * AuthN: make the queue generic so we can reuse it for hooks * ContextHandler: Add fixme for auth headers * AuthN: remove unused variable * AuthN: use multierror * AuthN: write proper tests for queue * AuthN: Add queue item that can store the value and priority Co-authored-by: Jo <joao.guerreiro@grafana.com>
2 years ago
func (a *Anonymous) Name() string {
return authn.ClientAnonymous
}
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
3 years ago
func (a *Anonymous) Authenticate(ctx context.Context, r *authn.Request) (*authn.Identity, error) {
o, err := a.orgService.GetByName(ctx, &org.GetOrgByNameQuery{Name: a.cfg.AnonymousOrgName})
if err != nil {
Chore: capitalise log message for auth packages (#74332)
2 years ago
a.log.FromContext(ctx).Error("Failed to find organization", "name", a.cfg.AnonymousOrgName, "error", err)
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
3 years ago
return nil, err
}
AnonymousAuth: Fix concurrent read-write crash (#68637) clone http req before tagging
2 years ago
httpReqCopy := &http.Request{}
if r.HTTPRequest != nil && r.HTTPRequest.Header != nil {
// avoid r.HTTPRequest.Clone(context.Background()) as we do not require a full clone
httpReqCopy.Header = r.HTTPRequest.Header.Clone()
httpReqCopy.RemoteAddr = r.HTTPRequest.RemoteAddr
}
Anonymous: Add configurable device limit (#79265) * Anonymous: Add device limiter * break auth if limit reached * fix typo * refactored const to make it clearer with expiration * anon device limit for config --------- Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
2 years ago
if err := a.anonDeviceService.TagDevice(ctx, httpReqCopy, anonymous.AnonDeviceUI); err != nil {
if errors.Is(err, anonstore.ErrDeviceLimitReached) {
Anonymous: Fix anonymous cache ignoring device limit evaluation (#94218) * ensure cache contains the evaluation result for device limit * add device limit errors and warnings * fix lint
9 months ago
return nil, errDeviceLimit.Errorf("limit reached for anonymous devices: %w", err)
Authn: Anon session service (#63052) * add anon sessions package * add usage stat fn * implement count for cache * add anonservice to authn broker * lint * add tests for remote cache count * move anon service to services * wrap tagging in goroutine * make func used
2 years ago
}
Anonymous: Add configurable device limit (#79265) * Anonymous: Add device limiter * break auth if limit reached * fix typo * refactored const to make it clearer with expiration * anon device limit for config --------- Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
2 years ago
a.log.Warn("Failed to tag anonymous session", "error", err)
}
Authn: Anon session service (#63052) * add anon sessions package * add usage stat fn * implement count for cache * add anonservice to authn broker * lint * add tests for remote cache count * move anon service to services * wrap tagging in goroutine * make func used
2 years ago
Anon: Add support to resolve anonymous identity (#87486)
1 year ago
return a.newAnonymousIdentity(o), nil
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
3 years ago
}
Authn: Add client for api keys (#60339) * AuthN: Add functionallity to test if auth client should be used * AuthN: Add bolierplate client for api keys and register it * AuthN: Add tests for api key client * Inject service * AuthN: Update client names * ContextHandler: Set authn service * AuthN: Implement authentication for api key client * ContextHandler: Use authn service for api keys if flag is enabled * AuthN: refactor authentication method to return additional value to indicate if client could perform authentication * update prefixes * Add namespaced id to identity * AuthN: Expand the Identity struct to include required fields from signed in user * Add error for disabled service account * Add function to write error response based on errutil.Error * Add error to log * Return errors based on errutil.Error * pass error * update log message * Fix namespaced ids * Add tests * Lint
3 years ago
Auth: Add `IsClientEnabled` and `IsEnabled` for the `authn.Service` and `authn.Client` interfaces (#86034) * Add `Service. IsClientEnabled` and `Client.IsEnabled` functions * Implement `IsEnabled` function for authn clients * Implement `IsClientEnabled` function for authn services
1 year ago
func (a *Anonymous) IsEnabled() bool {
return a.cfg.AnonymousEnabled
}
Authn: Add client for api keys (#60339) * AuthN: Add functionallity to test if auth client should be used * AuthN: Add bolierplate client for api keys and register it * AuthN: Add tests for api key client * Inject service * AuthN: Update client names * ContextHandler: Set authn service * AuthN: Implement authentication for api key client * ContextHandler: Use authn service for api keys if flag is enabled * AuthN: refactor authentication method to return additional value to indicate if client could perform authentication * update prefixes * Add namespaced id to identity * AuthN: Expand the Identity struct to include required fields from signed in user * Add error for disabled service account * Add function to write error response based on errutil.Error * Add error to log * Return errors based on errutil.Error * pass error * update log message * Fix namespaced ids * Add tests * Lint
3 years ago
func (a *Anonymous) Test(ctx context.Context, r *authn.Request) bool {
// If anonymous client is register it can always be used for authentication
return true
}
AuthN: Rebuild Authenticate so we only have to call it once in context handler (#61705) * API: Add reqSignedIn to router groups * AuthN: Add fall through in context handler * AuthN: Add IsAnonymous field * AuthN: add priority to context aware clients * ContextHandler: Add comment * AuthN: Add a simple priority queue * AuthN: Add Name to client interface * AuthN: register clients with function * AuthN: update mock and fake to implement interface * AuthN: rewrite test without reflection * AuthN: add comment * AuthN: fix queue insert * AuthN: rewrite tests * AuthN: make the queue generic so we can reuse it for hooks * ContextHandler: Add fixme for auth headers * AuthN: remove unused variable * AuthN: use multierror * AuthN: write proper tests for queue * AuthN: Add queue item that can store the value and priority Co-authored-by: Jo <joao.guerreiro@grafana.com>
2 years ago
Auth: use IdentityType from authlib (#91763)
11 months ago
func (a *Anonymous) IdentityType() claims.IdentityType {
return claims.TypeAnonymous
Anon: Add support to resolve anonymous identity (#87486)
1 year ago
}
Identity: Remove typed id (#91801) * Refactor identity struct to store type in separate field * Update ResolveIdentity to take string representation of typedID * Add IsIdentityType to requester interface * Use IsIdentityType from interface * Remove usage of TypedID * Remote typedID struct * fix GetInternalID
11 months ago
func (a *Anonymous) ResolveIdentity(ctx context.Context, orgID int64, typ claims.IdentityType, id string) (*authn.Identity, error) {
Anon: Add support to resolve anonymous identity (#87486)
1 year ago
o, err := a.orgService.GetByName(ctx, &org.GetOrgByNameQuery{Name: a.cfg.AnonymousOrgName})
if err != nil {
return nil, err
}
if o.ID != orgID {
return nil, errInvalidOrg.Errorf("anonymous user cannot authenticate in org %d", o.ID)
}
// Anonymous identities should always have the same namespace id.
Identity: Remove typed id (#91801) * Refactor identity struct to store type in separate field * Update ResolveIdentity to take string representation of typedID * Add IsIdentityType to requester interface * Use IsIdentityType from interface * Remove usage of TypedID * Remote typedID struct * fix GetInternalID
11 months ago
if !claims.IsIdentityType(typ, claims.TypeAnonymous) || id != "0" {
Anon: Add support to resolve anonymous identity (#87486)
1 year ago
return nil, errInvalidID
}
return a.newAnonymousIdentity(o), nil
AuthN: Rebuild Authenticate so we only have to call it once in context handler (#61705) * API: Add reqSignedIn to router groups * AuthN: Add fall through in context handler * AuthN: Add IsAnonymous field * AuthN: add priority to context aware clients * ContextHandler: Add comment * AuthN: Add a simple priority queue * AuthN: Add Name to client interface * AuthN: register clients with function * AuthN: update mock and fake to implement interface * AuthN: rewrite test without reflection * AuthN: add comment * AuthN: fix queue insert * AuthN: rewrite tests * AuthN: make the queue generic so we can reuse it for hooks * ContextHandler: Add fixme for auth headers * AuthN: remove unused variable * AuthN: use multierror * AuthN: write proper tests for queue * AuthN: Add queue item that can store the value and priority Co-authored-by: Jo <joao.guerreiro@grafana.com>
2 years ago
}
Authn: Stat registration (#62934) * reorganize auth usage stats * usage stat privilege elevators * stat count of modified role * cfg related info * add authn anon client * kv store * ensure anon enabled is collected even if client is not registered * fix usage stats test
2 years ago
Chore: use any rather than interface{} (#74066)
2 years ago
func (a *Anonymous) UsageStatFn(ctx context.Context) (map[string]any, error) {
m := map[string]any{}
Authn: Stat registration (#62934) * reorganize auth usage stats * usage stat privilege elevators * stat count of modified role * cfg related info * add authn anon client * kv store * ensure anon enabled is collected even if client is not registered * fix usage stats test
2 years ago
// Add stats about anonymous auth
m["stats.anonymous.customized_role.count"] = 0
if !strings.EqualFold(a.cfg.AnonymousOrgRole, "Viewer") {
m["stats.anonymous.customized_role.count"] = 1
}
return m, nil
}
Anon: Add support to resolve anonymous identity (#87486)
1 year ago
func (a *Anonymous) Priority() uint {
return 100
}
func (a *Anonymous) newAnonymousIdentity(o *org.Org) *authn.Identity {
return &authn.Identity{
Identity: Remove typed id (#91801) * Refactor identity struct to store type in separate field * Update ResolveIdentity to take string representation of typedID * Add IsIdentityType to requester interface * Use IsIdentityType from interface * Remove usage of TypedID * Remote typedID struct * fix GetInternalID
11 months ago
ID: "0",
Type: claims.TypeAnonymous,
Anon: Add support to resolve anonymous identity (#87486)
1 year ago
OrgID: o.ID,
OrgName: o.Name,
OrgRoles: map[int64]org.RoleType{o.ID: org.RoleType(a.cfg.AnonymousOrgRole)},
ClientParams: authn.ClientParams{SyncPermissions: true},
}
}