grafana

Commit Graph

Author	SHA1	Message	Date
Alexander Zobnin	cbb688e910	Zanzana: Remove usage from legacy access control (#98883 ) * Zanzana: Remove usage from legacy access control * remove unused * remove zanzana client from services where it's not used * remove unused metrics * fix linter	4 months ago
John Naizer	79d565f285	OAuth: Support client_secret_jwt for oauth providers when doing token exchange (#95455 ) * added backend support for client_secret_jwt * added backend support for client_secret_jwt * added all logic to the exchange function (overloaded social exchange in azuread_oauth to handle managed identity client id) * ran yarn install to update lock file * added support for client_secret_jwt when managed_identity_client_id is null * added audience flag and changed exchange to directly access oauth config using .info * added logic in setting oauth.Config for supported client authentication values * added client_authentication, managed_identity_client_id, and audience to sample.ini file * using provided ctx in ManagedIdentityCallback function * added frontend support for federated identity credential auth * added client authentication field * added Azure AD documentation for Grafana * added bold font to "Add" keyword in documentation * minor wording change relating to previous commit * addressed changing audience to federated_credential_audience, moving validation, and changing managedIdentityCallback to private function * correction to audience name changing * fixed orgMappingClientAuthentication function name, and added in logic into validateFederatedCredentialAudience function * Change docs * Add iam team as owner of azcore pkg * added backend support for client_secret_jwt * added all logic to the exchange function (overloaded social exchange in azuread_oauth to handle managed identity client id) * ran yarn install to update lock file * added support for client_secret_jwt when managed_identity_client_id is null * added audience flag and changed exchange to directly access oauth config using .info * added logic in setting oauth.Config for supported client authentication values * added client_authentication, managed_identity_client_id, and audience to sample.ini file * using provided ctx in ManagedIdentityCallback function * added frontend support for federated identity credential auth * added client authentication field * added Azure AD documentation for Grafana * added bold font to "Add" keyword in documentation * minor wording change relating to previous commit * addressed changing audience to federated_credential_audience, moving validation, and changing managedIdentityCallback to private function * correction to audience name changing * fixed orgMappingClientAuthentication function name, and added in logic into validateFederatedCredentialAudience function * Change docs * Add iam team as owner of azcore pkg * updated yarn lock file * updated doc for correction * removed wrong changes in pkg directory * removed newline in dashboard-generate.yaml and unified.ts * updated yarn.lock to match upstream * Lint Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * removing unwanted changes * added back removed newline * fixed failing test in azuread_oauth_test.go * Update azuread_oauth.go removed unnecessary newline, fixed lint --------- Signed-off-by: Jack Baldry <jack.baldry@grafana.com> Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com> Co-authored-by: Jack Baldry <jack.baldry@grafana.com>	5 months ago
Misi	275ee55e8f	Auth: Extend the SAMLStrategy with entity_id (#96234 ) Add the ability to specify EntityID	7 months ago
Mariell Hoversholm	f15f6022de	fix: pass context into secrets logs (#95944 )	7 months ago
linoman	640bc0de97	SSO SAML: Remove SettingProvider settings from SSO interactions (#94900 ) * Remove SettingProvider settings from SSO interactions * Mock Settings Provider for SSO Settings test * Ignore error from SettingsProvider * Add test for backend	7 months ago
Misi	4eab10eaa1	Auth: Add missing Name property to SAML strategy (#94565 ) Add Name to SAML strategy	8 months ago
Mihai Doarna	b4db8bb967	LDAP: Remove omitempty flag from json annotation (#91843 ) * remove omitempty flag from json annotation * fix unit test	10 months ago
Alexander Zobnin	87d86e81ce	Zanzana: Evaluate permissions alongside with RBAC engine (#90064 ) * Zanzana: Evaluate permissions if feature flag enabled * Fix tests * adjust logs * fix spelling * remove unused * only evaluate implemented resources * refactor	11 months ago
Misi	b174c1310a	Auth: Add organization mapping configuration to the UI (#90003 ) * Add org_mapping and org_attribute_path to the UI * Add validators, allow setting org mapping to only Grafana Admins * comment * Address feedback, improve validation, fix FE test, lint	11 months ago
Jeff Levin	cfe8317d45	Add auth spans and remove deduplication code for scopes (#89804 ) Adds more spans for timing in accesscontrol and remove permission deduplicating code after benchmarking --------- Signed-off-by: Dave Henderson <dave.henderson@grafana.com> Co-authored-by: Dave Henderson <dave.henderson@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>	11 months ago
Mihai Doarna	4306d52353	SSO: Encrypt and decrypt secrets for LDAP settings (#89470 ) encrypt/decrypt secrets for LDAP	11 months ago
linoman	ccb22e5b24	SAML: graph api follow up (#89389 ) * add new graph api variables to saml strategy * add config variable	11 months ago
Mihai Doarna	d074cc7892	Auth: Implement reload function for LDAP (#89267 ) * keep config in a separate struct in LDAP * implement reload function for LDAP * remove param from sso service constructor * update unit tests * add feature flag * remove nil params * address feedback * add unit test for disabled config	11 months ago
Dave Henderson	6262c56132	chore(perf): Pre-allocate where possible (enable prealloc linter) (#88952 ) * chore(perf): Pre-allocate where possible (enable prealloc linter) Signed-off-by: Dave Henderson <dave.henderson@grafana.com> * fix TestAlertManagers_buildRedactedAMs Signed-off-by: Dave Henderson <dave.henderson@grafana.com> * prealloc a slice that appeared after rebase Signed-off-by: Dave Henderson <dave.henderson@grafana.com> --------- Signed-off-by: Dave Henderson <dave.henderson@grafana.com>	12 months ago
Ryan McKinley	99d8025829	Chore: Move identity and errutil to apimachinery module (#89116 )	12 months ago
Mihai Doarna	3d40caf819	SSO: Add LDAP fallback strategy for SSO settings service (#88905 ) * add root and client certificate value fields for LDAP * update error messages for connection error * add LDAP fallback strategy for SSO settings service * fix params for sso service provider * fix params for sso service provider * sort imports * sort imports * replace json.Number with int64 in config map * remove type assertions	12 months ago
Mihai Doarna	25c57f21cd	SSO: Add the new role value fields for SSO SAML strategy (#88561 ) added the new role value fields for SSO SAML strategy	12 months ago
Mihai Doarna	e1aedb65b3	SSO: Add oldSettings param to the Validate function from SSO settings (#88245 ) * add oldSettings param to the Validate function from SSO settings * update unit tests adding the missing param to Validate	1 year ago
Mihai Doarna	12e4a94d63	SSO: Use removeSecrets() instead of setting.RedactedValue() (#88180 ) * use removeSecrets() instead of setting.RedactedValue() * replace with redacted value only if secret is not empty	1 year ago
Mathieu Parent	b8c9ae0eb7	OIDC: Support Generic OAuth org to role mappings (#87394 ) * Social: link to OrgRoleMapper * OIDC: support Generic Oauth org to role mappings Fixes: #73448 Signed-off-by: Mathieu Parent <math.parent@gmail.com> * Handle when getAllOrgs fails in the org_role_mapper * Add more tests * OIDC: ensure orgs are evaluated from API when not from token Signed-off-by: Mathieu Parent <math.parent@gmail.com> * OIDC: ensure AutoAssignOrg is applied with OrgMapping without RoleAttributeStrict Signed-off-by: Mathieu Parent <math.parent@gmail.com> * Extend docs * Fix test, lint --------- Signed-off-by: Mathieu Parent <math.parent@gmail.com> Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>	1 year ago
Ieva	167151b211	Chore: Remove use of deprecated method in AC code (#87541 ) * switch from using cfg to using featuremgmt for checking a feature toggle in AC code * merge test fixes	1 year ago
Mihai Doarna	76d94b35c9	SSO: fix settings merge for SAML fields (#86970 ) * fix sso settings merge for saml fields * change func name	1 year ago
Mihai Doarna	4bf9405ce4	SSO: add SSO settings to secrets migrator (#86913 ) * add sso settings to secrets migrator * unify SSO settings in all log lines	1 year ago
Kristin Laemmert	9553923eb7	Chore: Fix failing ssosettingimpl test (#86792 ) Chore: Fix failing ssosetting test	1 year ago
Mihai Doarna	bf15329492	SSO: run the validation on upsert with all secrets in settings (#86579 ) * run the validation on upsert with all secrets in settings * rename social to reloadable	1 year ago
Mihai Doarna	4d9e35ba57	SSO: add configurableProviders list to SSO service (#86622 ) * add configurableProviders list to sso service * address feedback	1 year ago
Mihai Doarna	57848bbe23	Auth: encrypt/decrypt SAML secrets in SSO settings service (#85253 ) encrypt/decrypt saml secrets in sso settings service	1 year ago
Dave Henderson	5687243d0b	Feature Flags: use FeatureToggles interface where possible (#85131 ) * Feature Flags: use FeatureToggles interface where possible Signed-off-by: Dave Henderson <dave.henderson@grafana.com> * Replace TestFeatureToggles with existing WithFeatures Signed-off-by: Dave Henderson <dave.henderson@grafana.com> --------- Signed-off-by: Dave Henderson <dave.henderson@grafana.com>	1 year ago
Serge Zaitsev	faa1244518	Chore: Replace sqlstore with db interface (#85366 ) * replace sqlstore with db interface in a few packages * remove from stats * remove sqlstore in admin test * remove sqlstore from api plugin tests * fix another createUser * remove sqlstore in publicdashboards * remove sqlstore from orgs * clean up orguser test * more clean up in sso * clean up service accounts * further cleanup * more cleanup in accesscontrol * last cleanup in accesscontrol * clean up teams * more removals * split cfg from db in testenv * few remaining fixes * fix test with bus * pass cfg for testing inside db as an option * set query retries when no opts provided * revert golden test data * rebase and rollback	1 year ago
Mihai Doarna	fad6dc4db1	SSO: fix reloading settings when a provider contains empty settings (#85102 ) * fix reloading settings when a provider contains empty settings * do not increment reloadFailures if settings are empty	1 year ago
linoman	fc205db466	samlsettings: api integration (#84300 ) * add strategy and tests * use settings provider service and remove multiple providers strategy * Move SAML strategy to ssosettings service * Update codeowners file * reload from settings provider * add saml as configurable provider * Add new SAML strategy * rename old saml settings interface * update saml string references * use OSS license * validate saml provider depends on license for List * add tests for list rendering including saml * change the licensing validation to service init * replace service struct for provider	1 year ago
Mihai Doarna	2acd48d1c2	SSO: fix mergeSettings() in case the DB contains empty URLs (#84290 ) * fix mergeSettings() in case the db contains empty strings * use correct github urls in test * overwrite only urls * update comment for mergeSettings()	1 year ago
linoman	66fa310fba	SAMLSettings: implement settings strategy (#84191 ) * add strategy and tests * use settings provider service and remove multiple providers strategy * update codeowners file * reload from settings provider	1 year ago
Misi	07e26226b7	Auth: Add all settings to Azure AD SSO config UI (#83618 ) * Add all settings to AzureAD UI * prettify * Fixes * Load extra keys with type assertion	1 year ago
linoman	b02ae375ba	Chore: Query oauth info from a new instance (#83229 ) * query OAuth info from a new instance * add `hd` validation flag * add `disable_hd_validation` to settings map * update documentation --------- Co-authored-by: Jo <joao.guerreiro@grafana.com>	1 year ago
Misi	3b7e7483c8	Auth: Align loading the legacy auth.grafananet section to the current behaviour in OAuthStrategy (#83479 ) * Align oauth_strategy to the current behaviour * lint * Address feedback	1 year ago
Misi	9709ac8b84	Auth: Revert provider list change (#83435 ) * Load auth.grafananet as the last provider * skip test	1 year ago
Misi	617adb137c	Auth: OAuth strategy load extra fields separately (#83408 ) Load extra fields separately	1 year ago
Misi	12b1170631	Auth: Validation fixes for SSO Settings (#82252 ) * Validation fixes * Add URL validations + tests * Add ApiUrl validation * Refactor validators * lint * Clean up * Improvements	1 year ago
Dan Cech	790e1feb93	Chore: Update test database initialization (#81673 ) * streamline initialization of test databases, support on-disk sqlite test db * clean up test databases * introduce testsuite helper * use testsuite everywhere we use a test db * update documentation * improve error handling * disable entity integration test until we can figure out locking error	1 year ago
Misi	b1dc505a2b	Auth: Validate admin assignment in SSO Settings (#82233 ) * Add validation for allowAssignGrafanaAdmin * Update default values * Do not render hidden fields * Change error message * Improve tests --------- Co-authored-by: Clarity-89 <homes89@ukr.net>	1 year ago
Diego Augusto Molina	a6342fa576	Chore: Fix data race within tests and enable a few parallel tests in ssosettingsimpl (#81837 ) * Chore: Fix data race within tests of SSO Setting implementation * Chore: fix data race within tests to allow parallel testing * Chore: rollback changes runtime code to test a different approach * Chore: Fix data race in SSO Setting implementation Upsert method * Chore: fix typo in comment	1 year ago
Mihai Doarna	395a06ab86	Auth: fix swagger responses for the SSO settings API (#81639 ) fix swagger responses for the sso settings API	1 year ago
Misi	bcc2409564	Auth: Add validation to Generic OAuth API and UI (#81345 ) * wip * Update validation * Chore: Remove InputControl usage * Fixes, validation * Remove empty option * Validation changes * Add tests, rename * lint --------- Co-authored-by: Clarity-89 <homes89@ukr.net>	1 year ago
Misi	7e96a2be56	Auth: Reload OAuth provider after deletion of the current settings (#81374 ) * Reload after deletion of the current settings * Add grafana_ssosettings_setting_reload_failure_total counter * Returns successfully if data reload failed	1 year ago
Misi	c47b55ae10	Auth: Add SSO settings usage stats (#81143 ) * Add usage stats * UsageStats test + svc rename * Fix test	1 year ago
Misi	8246d97587	Auth: Introduce `configurable_providers` config option for SSO settings (#80911 ) * Add SSOSettingsConfigurableProviders config option * Add check to Delete and ListWithRedactedSecrets * Add check to GET, small improvements	1 year ago
Misi	20bb0a3ab1	AuthN: Support reloading SSO config after the sso settings have changed (#80734 ) * Add AuthNSvc reload handling * Working, need to add test * Remove commented out code * Add Reload implementation to connectors * Align and add tests, refactor * Add more tests, linting * Add extra checks + tests to oauth client * Clean up based on reviews * Move config instantiation into newSocialBase * Use specific error	1 year ago
colin-stuart	e241188f00	Auth: Implement the SSO Settings List endpoint (#80769 ) * add list endpoint & initial tests * add tests and ETag * format service_test.go * add list swagger param, generate openAPI, remove ETag, use RedactedPassword * correct swagger param name * Align tests to latest changes * use setting.RedactedValue() * add string assertion * lint & require no error on res.Body.Close() * add custom response type --------- Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>	1 year ago
Mihai Doarna	b8cf8ec8d7	Auth: fix swagger response for get SSO settings endpoint (#80817 ) fix swagger response for get SSO settings endpoint	1 year ago

1 2

84 Commits (55aaf4aac0db76bba135ea5e4b91e231b99bbeaa)