grafana

Commit Graph

Author	SHA1	Message	Date
Eric Leijonmarck	8057b9298d	Revert "RBAC: remove dashboard ACL logic from dash store, service #78130 (#78198 ) Revert "RBAC: remove dashboard ACL logic from dash store and service (#78130)" This reverts commit `dd54931147`.	2 years ago
Ieva	dd54931147	RBAC: remove dashboard ACL logic from dash store and service (#78130 ) remove dashboard ACL logic from dash store and service	2 years ago
Karl Persson	87eba34745	User: remove empty email / username check from update in service (#77347 ) User: remove empty email / username check from update in service	2 years ago
Karl Persson	1528d6f5c4	Authn: Prevent empty username and email during sync (#76330 ) * Move errors to error file * Move check for both empty username and email to user service * Move check for empty email and username to user service Update * Wrap inner error * Set username in test	2 years ago
Gabriel MABILLE	96cbe70b14	User: Support `sort` query param for user and org user, search endpoints (#75229 ) * User: Add sort option to user search * Switch to an approach that uses the dashboard search options * Cable user sort on the org endpoint * Alias user table with u in org store * Add test and cover orgs/:orgID/users/search endpoint * Add test to userimpl store * Simplify the store_test with sortopts.ParseSortQueryParam * Account for PR feedback * Positive check * Update docs * Update docs * Switch to ErrOrFallback Co-authored-by: Karl Persson <kalle.persson@grafana.com> --------- Co-authored-by: Karl Persson <kalle.persson@grafana.com>	2 years ago
Karl Persson	b9b4246432	IDForwarding: Add auth hook to generate id token (#75555 ) * AuthN: Move identity struct to its own file * IDForwarding: Add IDToken property to usr and identity structs and add GetIDToken to requester interface * Inject IDService into background services * IDForwarding: Register post auth hook when feature toggle is enabled	2 years ago
Karl Persson	cebae4fb9a	Requester: Update GetCacheKey (#74834 ) * AuthN: re-export all namespaces * Identity: Change signature of GetCacheKey * User: check HasUniqueID * Default to org role None if role is empty	2 years ago
linoman	0e8f19ca6a	Auth: Reduce restriction with non-user accounts (#74397 ) * Reduce restrictions with non-user accounts * Revert restrictions on anonymous accounts * Change log level from warning to debug * Change log messages to upper case	2 years ago
linoman	13f4382214	Auth: Implement requester interface in access control module (#74289 ) * Implement requester interface in the access control module	2 years ago
Ryan McKinley	025b2f3011	Chore: use any rather than interface{} (#74066 )	2 years ago
linoman	1b8e9b51b2	Replace signed in user for identity.requester (#74048 ) * Make identity.Requester available at Context * Clean pkg/services/guardian/guardian.go * Clean guardian provider and guardian AC * Clean pkg/api/team.go * Clean ctxhandler, datasources, plugin and live * Clean dashboards and guardian * Implement NewUserDisplayDTOFromRequester * Change status code numbers for http constants * Upgrade signature of ngalert services * log parsing errors instead of throwing error	2 years ago
Jo	fe1563882a	Chore: Port oauth token service to identity requester (#73988 ) * port oauth token service to identity requester * fix broken test * no need to check for render	2 years ago
Jo	a307582212	Revert "Replace signed in user for identity.requester (#73750 )" (#73962 ) This reverts commit `9b9c9e83dc`.	2 years ago
linoman	9b9c9e83dc	Replace signed in user for identity.requester (#73750 ) * Make identity.Requester available at Context * Clean pkg/services/guardian/guardian.go * Clean guardian provider and guardian AC * Clean pkg/api/team.go * Clean ctxhandler, datasources, plugin and live * Question: what to do with the UserDisplayDTO? * Clean dashboards and guardian * Remove identity.Requester from ReqContext * Implement NewUserDisplayDTOFromRequester * Fix tests * Change status code numbers for http constants * Upgrade signature of ngalert services * log parsing errors instead of throwing error * Fix tests and add logs * linting	2 years ago
Ieva	6885b3d577	Chore: remove checks for whether RBAC is disabled (#73812 ) * remove checks for whether access control is disabled, as it is always enabled now * linting	2 years ago
Karl Persson	124e0efe1f	Authn: external identity sync (#73461 ) * Authn: Add interface for external identity sync This interface is implemented by authnimpl.Service and just triggers PostAuthHooks and skipping last seen update by default * Authn: Add SyncIdentity to fake and add a new mock	2 years ago
linoman	2e050f25bf	Auth: Allow to auto-assign empty role (#73326 ) Allow to auto-assign empty role	2 years ago
linoman	1c7f89c41b	Auth: Add empty role usage metrics for service and user accounts (#73108 ) * Add tests for service accounts metrics usage * Add service account store implementation * Add service account service implementation * Add tests for org metrics usage * Add org implementation * Add service implementation	2 years ago
Jo	5d8e6aa162	Auth: Org Invite and Team API SignedInUser interfacing (#73085 ) * fix ngalert Evaluate sig change * interface for teams and org invites * Update pkg/api/org_invite.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> --------- Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>	2 years ago
Jo	bd1a856d33	Auth: Add SignedIn user interface NamespacedID (#72944 ) * wip * scope active user to 1 org * remove TODOs * add render auth namespace * import cycle fix * make condition more readable * convert Evaluate to user Requester * only use active OrgID for SearchUserPermissions * add cache key to interface definition * change final SignedInUsers to interface * fix api key managed roles fetch * fix anon auth id parsing * Update pkg/services/accesscontrol/acimpl/accesscontrol.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> --------- Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>	2 years ago
Ryan McKinley	7431c0ddb1	UserSync: Avoid UpdateLastSeenAt with invalid user ids (#72776 ) * avoid user zero * more errors * more tests * split	2 years ago
Jo	30274a4f88	Auth: Move Team service to SignedInUserInterface (#72674 ) * move SignedInUser to specific file * add primitive interface for signedInUser	2 years ago
Ieva	d3b481dac8	Auth: Lock down Grafana admin role updates if the role is externally synced (#72677 ) * lock down server admin role updates on the frontend if the user is externally synced * add tests * lock Grafana Server admin role updates from the backend * rename variables * check that the user has auth info * add LDAP to providers for which Grafana Server admin role can be synced * linting	2 years ago
Jo	7d347cd428	Auth: remove org count from signedInUser (#72661 ) * tweaks * remove org count from signedinUser * remove org count from signedinUser store * fix broken tests * restore frontend interface	2 years ago
Jo	ed780ce0e9	Auth: Fix Last Seen being updated on every request (#72036 ) * make sure LastSeen hook has information to decide if update is necessary * make user service check if it should update the user's last seen * do not run last seen hook if is a login request * make service return error when last seen is up to date * fix err * Update pkg/services/contexthandler/contexthandler.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * fix golint --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>	2 years ago
Misi	5efc3386d3	AuthZ: Extend /api/search to work with self-contained permissions (#70749 ) * Search sql filter draft, unfinished * Search works for empty roles * Add current AuthModule to SignedInUser * clean up, changes to the search * Use constant prefixes * Change AuthModule to AuthenticatedBy * Add tests for using the permissions from the SignedInUser * Refactor and simplify code * Fix sql generation for pg and mysql * Fixes, clean up * Add test for empty permission list * Fix * Fix any vs all in case of edit permission * Update pkg/services/authn/authn.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/sqlstore/permissions/dashboard_test.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Fixes, changes based on the review --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>	2 years ago
Jo	5ec0f82baa	Separate authn flow from analytics (#68327 ) * separate authn flow from analytics * lint fix	2 years ago
Jo	8df54a6daa	Users: Enable case insensitive login by default (#66134 ) * enable case insensitive by default * fix missing case-insensitive query * fix missing case insensitive query * fix missing case insensitive query in temp_user * skip integration testing in mysql * skip integration testing in mysql * use t.cleanup * lowercase only once * aligned to only using sql as that is what we do in other parts --------- Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>	2 years ago
Eric Leijonmarck	6b8c77c70c	Usagestats: Add interface for stats for user.Service and add Usagestats for `case_insensitive_login` (#66742 ) * add interface for stats * add user service to registry	2 years ago
Ieva	ed11c32c1d	Support bundles: fix user collector permissions and format collector output (#64531 ) * fix user collector permissions and format collector output * lint	2 years ago
Ieva	1d1f58f0ed	Service accounts: fix usage of `errutil` errors and convert more errors to `errutil` (#64299 ) * fix usage of errutil errors and convert more errors to errutil * fix tests	2 years ago
Sofia Papagiannaki	e6e8351ee9	Chore: Remove CreateUserForTests() (#64125 ) * Chore: Remove CreateUserForTests * Apply suggestion from code review	2 years ago
Ashley Harrison	d61bcdf4ca	Chore: Pass signed `user_hash` to Intercom via Rudderstack (#63921 ) * move analytics identifiers to backend * implement hash function * grab secret from env * expose and retrieve intercom secret from config * concat email with appUrl to ensure uniqueness * revert to just using email * Revert "revert to just using email" This reverts commit `8f10f9b1bc`. * add docstring	2 years ago
Ieva	3fb1894739	Service accounts: Creation logic simplification (#63884 ) * SA creation improvements * PR feedback - put salt and rand back in and remove an unneeded line:	2 years ago
Jo	c8db771939	Users: Fix org user always getting org id = 1 on auto assign false (#63708 ) * fix org user always getting org id = 1 on auto assign false * make tests explicit * use correct cfg in service accounts * fix api tests * fix database test of ac * fix InsertOrgUser returning affected rows as orgID	2 years ago
Karl Persson	16b416b88b	AuthN: Extract enable disabled users logic to its own hook (#63628 )	2 years ago
Eric Leijonmarck	c1c0daa13d	Service accounts: Fix err message suppressed (#63406 ) fix: err message suppresed fix	2 years ago
Eric Leijonmarck	91b5337600	Auth: Refactoring of frontend skipOrgRoleSync logic to backend (#62921 ) * WIP * refactor: add function in login for externSynced * refactor: make function to make ExternalSyncedInfo - adds tests - refactors strings into consts * remove: console.log * remove: unnessecary comment * added exhaustive tests * refactor: labelname * removed unused code * missspelling * refactor: based on review comments * add: comment to functions about authinfo behavior * Update pkg/services/login/authinfo.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update pkg/services/login/authinfo.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * fix: tests --------- Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>	2 years ago
Jo	f9163351fd	Support bundles: Refactor registry into separate service (#62945 ) * add bundle registry service to avoid dependency cycles * move user support bundle collector to user service * move usage stat bundle implementation to usage stats * add info for background service * fix remaining imports * whitespace	2 years ago
idafurjes	cbc10f9c5d	Chore: Delete password and search from models package (#62482 ) * Chore: Delete password and search from models package * Rename model to AdminCreateUserResponse	2 years ago
Serge Zaitsev	bc2813ef06	Chore: Fix goimports grouping in pkg/services (#62420 ) * fix goimports * fix goimports order	2 years ago
Kristin Laemmert	e8b8a9e276	chore: move dashboard_acl models into dashboard service (#62151 )	2 years ago
idafurjes	b54b80f473	Chore: Remove Result from dashboard models (#61997 ) * Chore: Remove Result from dashboard models * Fix lint tests * Fix dashboard service tests * Fix API tests * Remove commented out code * Chore: Merge main - cleanup	2 years ago
idafurjes	68445a7c77	Chore: Remove dashboard ACL from models (#61749 ) * Remove dashboard ACL from models * Remove unused comment	2 years ago
idafurjes	b573b19ca3	Chore: Remove dashboards from models pkg (#61578 ) * Copy dashboard models to dashboard pkg * Use some models from current pkg instead of models * Adjust api pkg * Adjust pkg services * Fix lint * Chore: Remove dashboards models * Remove dashboards from models pkg * Fix lint in tests * Fix lint in tests 2 * Fix for import in auth * Remove newline * Revert unused fix	2 years ago
idafurjes	f2ffce4351	Chore: Move team models to models pkg (#61262 ) * Chore: Move team models to models pkg * Fix ACL tests * More ACL tests * Change Id to ID in conflict user command test * Remove team from models * Fix ac test lint	2 years ago
Jo	0c8ad80575	Authn: JWT client (#61157 ) * add jwt client * alias JWT verifier * debug implementation * add tests for jwt client * add constant for JWT module * Feedback Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>	2 years ago
idafurjes	bb35f37b66	Chore: Delete org model duplicates (#60940 ) * Delete org model duplicates * Fix lint * Move OrgDetailsDTO to org pkg	2 years ago
Jo	a553040441	Authn: Refactor user sync and org sync as post auth hooks (#60504 ) * add user sync * add org user sync * add client params * merge remaining conflicts * remove change to report.go * update comments * add basic tests for user ID population * add tests for auth ID find * add tests for user sync create and update * add tests for orgsync * satisfy lint * add userID guards	2 years ago
Kristin Laemmert	ceb3d8d295	feature (user service): Add a validation check after the user record is created in the sqlstore. (#59968 ) Add a validation check after the user record is created in the sqlstore.	3 years ago

1 2

96 Commits (3a2e96b0dbe6a26ed340764957c141834bb6aef0)