grafana

Commit Graph

Author	SHA1	Message	Date
Karl Persson	3a17d0c927	IAM: align AuthInfo interface (#97228 ) * Update to use updated interface	1 year ago
Georges Chaudy	f6124344ba	authnz: Fix panic in the authenticator and rename metric (#97150 ) * Fix: panic * suggestion	1 year ago
Misi	84b8296ffb	OAuth: Use the attached external session data in OAuthToken and OAuthTokenSync (#96655 ) * wip * wip + tests * wip * wip opt2 * Use authn.Identity struct's SessionToken * Merge fixes * Handle disabling the feature flag correctly * Fix test * Cleanup * Remove HasOAuthEntry from the OAuthTokenService interface * Remove unused function	1 year ago
Gabriel MABILLE	6e2d3cae5e	AuthN: Register flags for `grpc_server_authentication` configuration (#97063 ) * AuthZServer: Add authenticator * Add flags	1 year ago
Karl Persson	76f052e8de	Requester: Remove duplicated function (#97038 ) * Remove duplicated function * Remove GetDisplayName from interface * Use GetName	1 year ago
Karl Persson	3990637af9	IAM: remove duplicated functions (#96989 ) * Remove duplicated function and use the one provided by claims package	1 year ago
Misi	1061e4712f	OAuth: Refactor OAuthToken service to make it easier to use the new external sessions (#96667 ) * Refactor OAuthToken service * introduce user.SessionAwareIdentityRequester * replace login.UserAuth parameters with user.SessionAwareIdentityRequester * Add nosec G101 to fake ID tokens * Opt 2, min changes * Revert a change to the current version	1 year ago
Prem Saraswat	ca2c874161	authn: grpcutils: Mark ID Tokens optional in cloud mode in gRPC Authenticator (#96824 ) This patch marks ID tokens as not required when initalising a gRPC Authenticator to be used in `cloud` mode. ID Tokens are still enabled in `cloud` mode, but the `Required` option is set to `false`. This is needed for MT services like Cloud API Server to authenticate against gRPC services like Resource Store with only an Access Token. Signed-off-by: Prem Kumar <prem.saraswat@grafana.com>	1 year ago
Georges Chaudy	8bb59c64f0	unistore: handle auth when fallback is used (#96772 ) * handle auth when fallback is used * handle auth when fallback is used * add traces	1 year ago
colin-stuart	6abe99efd6	Auth: Passwordless Login Option Using Magic Links (#95436 ) * initial passwordless client * passwordless login page * Working basic e2e flow * Add todo comments * Improve the passwordless login flow * improved passwordless login, backend for passwordless signup * add expiration to emails * update email templates & render username & name fields on signup * improve email templates * change login page text while awaiting passwordless code * fix merge conflicts * use claims.TypeUser * add initial passwordless tests * better error messages * simplified error name * remove completed TODOs * linting & minor test improvements & rename passwordless routes * more linting fixes * move code generation to its own func, use locationService to get query params * fix ampersand in email templates & use passwordless api routes in LoginCtrl * txt emails more closely match html email copy * move passwordless auth behind experimental feature toggle * fix PasswordlessLogin property failing typecheck * make update-workspace * user correct placeholder * Update emails/templates/passwordless_verify_existing_user.txt Co-authored-by: Dan Cech <dcech@grafana.com> * Update emails/templates/passwordless_verify_existing_user.mjml Co-authored-by: Dan Cech <dcech@grafana.com> * Update emails/templates/passwordless_verify_new_user.txt Co-authored-by: Dan Cech <dcech@grafana.com> * Update emails/templates/passwordless_verify_new_user.txt Co-authored-by: Dan Cech <dcech@grafana.com> * Update emails/templates/passwordless_verify_new_user.mjml Co-authored-by: Dan Cech <dcech@grafana.com> * use & in email templates * Update emails/templates/passwordless_verify_existing_user.txt Co-authored-by: Dan Cech <dcech@grafana.com> * remove IP address validation * struct for passwordless settings * revert go.work.sum changes * mock locationService.getSearch in failing test --------- Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com> Co-authored-by: Dan Cech <dcech@grafana.com>	1 year ago
Karl Persson	8d74296b6c	Authn: Always set namespace (#96230 ) * Rename from AllowedKubernetesNamespace to Namespace * Use a sync hook to always set namespace for Identity. * format * Don't set uid when authenticating as user	1 year ago
Gabriel MABILLE	df8b6e6862	Fix: Close grpc_authenticator fallback trace (#96009 ) Fix: Close grpc_authenticator trace	1 year ago
Gabriel MABILLE	5a0ef46280	Add tracing to the gRPC Authentication flow (#94466 ) commit ad4df4b3f63bdf3e16423ac8c3fdb1a7fae5582e Author: gamab <gabriel.mabille@grafana.com> Date: Thu Oct 24 10:24:04 2024 +0200 nit commit eb8b9cf2f3e27cae258b3ae310f1584da5ba36b5 Author: gamab <gabriel.mabille@grafana.com> Date: Thu Oct 24 10:23:25 2024 +0200 miss commit aab1aed204a5dedcc6dd187b2f636995bbe2c5c6 Merge: 5aafdec9233 `7fe710b141` Author: gamab <gabriel.mabille@grafana.com> Date: Thu Oct 24 10:22:05 2024 +0200 Merge remote-tracking branch 'origin/main' into gamab/resourcestore/tracing commit 5aafdec9233d6824cba977b069d71eabc3d21a8d Author: gamab <gabriel.mabille@grafana.com> Date: Wed Oct 16 18:03:56 2024 +0200 Did not fix the issue commit 20522a7f64222fad27268ac640d4b4fb9259c748 Author: gamab <gabriel.mabille@grafana.com> Date: Wed Oct 16 17:42:35 2024 +0200 Test commit b45199a341b6a57e93927c9eb7de8d7758ed7619 Merge: c0fbbdb95d4 `e9e2b11ba2` Author: gamab <gabriel.mabille@grafana.com> Date: Wed Oct 16 17:31:59 2024 +0200 Merge remote-tracking branch 'origin/drclau/unistor/replace-authenticators-3' into gamab/resourcestore/tracing commit `e9e2b11ba2` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Wed Oct 16 18:28:31 2024 +0300 PR feedback: simplified fallback implementation Co-Authored-By: Gabriel MABILLE <gamab@users.noreply.github.com> commit `b5209dba64` Author: Claudiu Dragalina-Paraipan <drclau@users.noreply.github.com> Date: Wed Oct 16 18:03:06 2024 +0300 Update pkg/services/authn/grpcutils/grpc_authenticator.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> commit c0fbbdb95d4605f349b902ca8698e7b560433867 Author: gamab <gabriel.mabille@grafana.com> Date: Wed Oct 16 10:32:52 2024 +0200 Add traces to fallback commit 75aa8dcbd49288f1dca53cdf6e9a7b41688dff38 Merge: d92fafcaf0d `562d499e85` Author: gamab <gabriel.mabille@grafana.com> Date: Wed Oct 16 10:29:41 2024 +0200 Merge remote-tracking branch 'origin/drclau/unistor/replace-authenticators-3' into gamab/resourcestore/tracing commit `562d499e85` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Wed Oct 16 11:05:01 2024 +0300 switched to features.IsEnabledGlobally() commit `addc6aaca4` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Wed Oct 16 10:21:31 2024 +0300 imports cleanup commit `7c6d80f6aa` Merge: `64a5e55d61` `9dc2ccdbfd` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Wed Oct 16 10:18:54 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit `64a5e55d61` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Tue Oct 15 11:01:54 2024 +0300 cleanup commit `4fe2c03457` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Tue Oct 15 10:31:06 2024 +0300 always enable FlagAppPlatformGrpcClientAuth for k8s int tests commit `c7e36759cd` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Tue Oct 15 10:30:43 2024 +0300 use sync.Once as it's more idiomatic commit `f5c2c79981` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Mon Oct 14 20:43:48 2024 +0300 remove client side namespace extractor commit `742295c89a` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Mon Oct 14 20:04:11 2024 +0300 avoid double registration of metrics (fallbackCounter) commit `a45998c8d3` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Mon Oct 14 19:03:41 2024 +0300 use FlagAppPlatformGrpcClientAuth to enable new behavior, instead of legacy commit `ffdc301718` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Mon Oct 14 18:37:22 2024 +0300 remove the NamespaceAuthorizer The NamespaceAuthorizer would fail in legacy mode. It will be added back in the future. commit `4a03ed7d7d` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Mon Oct 14 15:59:08 2024 +0300 allow using the legacy resource client via commit `a2c30f5328` Merge: `ead390f608` `2f3c539d9b` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Mon Oct 14 14:08:32 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit `ead390f608` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Fri Oct 11 09:38:49 2024 +0300 added server side gRPC authn fallback-to-legacy mechanism - brought back the old gRPC authenticator - added `grpc_server_authentication.legacy_fallback` config option - introduced `AuthenticatorWithFallback` - added telemetry to track fallbacks commit d92fafcaf0db9c8d97a5d071759fc21ede7d8848 Author: gamab <gabriel.mabille@grafana.com> Date: Wed Oct 9 14:58:25 2024 +0200 Fix test commit 54f05ff0fecf3d696a0e98621db6991282503917 Author: gamab <gabriel.mabille@grafana.com> Date: Wed Oct 9 14:42:18 2024 +0200 Forgot the tracer 😁 commit 3948048880c7a0eb2360a35b0cc9f3686f2edfef Author: gamab <gabriel.mabille@grafana.com> Date: Wed Oct 9 14:02:41 2024 +0200 Add traces to NamespaceAuthorizer commit cc695bb77c37a097174556303721fbc48b9464a0 Author: gamab <gabriel.mabille@grafana.com> Date: Wed Oct 9 13:56:48 2024 +0200 Add traces to authentication flow commit `8686c46be5` Merge: `08c3d237dc` `4a3ce66193` Author: gamab <gabriel.mabille@grafana.com> Date: Wed Oct 9 13:56:26 2024 +0200 Merge remote-tracking branch 'origin/main' into drclau/unistor/replace-authenticators-3 commit `08c3d237dc` Merge: `33fd104cfd` `84d580179d` Author: gamab <gabriel.mabille@grafana.com> Date: Wed Oct 9 12:41:57 2024 +0200 Merge remote-tracking branch 'origin/main' into drclau/unistor/replace-authenticators-3 commit `33fd104cfd` Merge: `68af25fbc3` `38f57d270a` Author: gamab <gabriel.mabille@grafana.com> Date: Wed Oct 9 12:13:25 2024 +0200 Merge remote-tracking branch 'origin/main' into drclau/unistor/replace-authenticators-3 commit `68af25fbc3` Author: Gabriel MABILLE <gamab@users.noreply.github.com> Date: Mon Oct 7 16:31:09 2024 +0200 Update pkg/services/authz/config.go commit `4fba5c9b32` Author: gamab <gabriel.mabille@grafana.com> Date: Fri Oct 4 15:17:41 2024 +0200 PR Feedback commit `86867a14ca` Author: Gabriel MABILLE <gamab@users.noreply.github.com> Date: Fri Oct 4 15:13:06 2024 +0200 Update pkg/services/authn/grpcutils/config.go Co-authored-by: Dan Cech <dcech@grafana.com> commit `c591631135` Merge: `c80c46ca6a` `e37b43117b` Author: gamab <gabriel.mabille@grafana.com> Date: Fri Oct 4 13:07:48 2024 +0200 Merge remote-tracking branch 'origin/main' into drclau/unistor/replace-authenticators-3 commit `c80c46ca6a` Merge: `3acada9d47` `4224d05934` Author: gamab <gabriel.mabille@grafana.com> Date: Thu Oct 3 14:58:51 2024 +0200 Merge remote-tracking branch 'origin/main' into drclau/unistor/replace-authenticators-3 commit `3acada9d47` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Fri Sep 27 17:39:59 2024 +0300 introducing `mode` config for gRPC auth server & client side commit `914ca237e2` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Thu Sep 26 20:47:57 2024 +0300 Fixed integration tests commit `71c33dcbe3` Merge: `52f248eebb` `920d79680d` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Thu Sep 26 19:25:33 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit `52f248eebb` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Tue Sep 24 18:44:38 2024 +0300 updated namespace extractor usage commit `a6c977ba4d` Merge: `fb7bbf743b` `8da1d78c92` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Tue Sep 24 17:35:03 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit `fb7bbf743b` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Tue Sep 24 17:34:36 2024 +0300 unistor client side updates commit `a28440c40b` Merge: `79d9969aa8` `a8b07b0c81` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Tue Sep 24 10:45:09 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit `79d9969aa8` Author: gamab <gabriel.mabille@grafana.com> Date: Mon Sep 9 16:14:02 2024 +0200 Rename NewResourceClient funcs commit `36b3752490` Merge: `8ce354bb06` `b89f3f8115` Author: gamab <gabriel.mabille@grafana.com> Date: Mon Sep 9 16:00:54 2024 +0200 Merge remote-tracking branch 'origin/main' into drclau/unistor/replace-authenticators-3 commit `8ce354bb06` Author: gamab <gabriel.mabille@grafana.com> Date: Mon Sep 9 10:40:06 2024 +0200 Align commit `bdf79f3b2f` Merge: `8f4df8973d` `8eb7e55f8f` Author: gamab <gabriel.mabille@grafana.com> Date: Mon Sep 9 10:38:45 2024 +0200 Merge remote-tracking branch 'origin/main' into drclau/unistor/replace-authenticators-3 commit `8f4df8973d` Merge: `2441cd8d53` `9338e40dc3` Author: gamab <gabriel.mabille@grafana.com> Date: Thu Sep 5 11:26:39 2024 +0200 Merge remote-tracking branch 'origin/main' into drclau/unistor/replace-authenticators-3 commit `2441cd8d53` Merge: `2904074a2f` `2bbce8a7f7` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Tue Sep 3 17:31:36 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit `2904074a2f` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Tue Sep 3 16:35:25 2024 +0300 refactoring Co-Authored-By: Gabriel MABILLE <gamab@users.noreply.github.com> commit `125cb3c834` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Tue Sep 3 16:34:18 2024 +0300 refactoring (aesthetics) Co-Authored-By: Gabriel MABILLE <gamab@users.noreply.github.com> commit `499a31df53` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Tue Sep 3 15:59:09 2024 +0300 update usage of ReadGprcServerConfig() commit `f5d383644d` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Tue Sep 3 15:44:09 2024 +0300 make update-workspace commit `755485751e` Author: gamab <gabriel.mabille@grafana.com> Date: Tue Sep 3 14:43:22 2024 +0200 Fix trace commit `d09e14c26a` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Tue Sep 3 15:42:50 2024 +0300 removed WithIDTokenExtractorOption, and other PR feedback commit `21220c2cca` Author: gamab <gabriel.mabille@grafana.com> Date: Tue Sep 3 14:36:59 2024 +0200 Else statement commit `6cf1efdcc4` Author: gamab <gabriel.mabille@grafana.com> Date: Tue Sep 3 14:35:02 2024 +0200 Mod update commit `4b73a93883` Author: gamab <gabriel.mabille@grafana.com> Date: Tue Sep 3 14:32:20 2024 +0200 Add Auth func overrides commit `6032ab3ae1` Author: gamab <gabriel.mabille@grafana.com> Date: Tue Sep 3 14:26:18 2024 +0200 Use NamespaceAuthorizer commit `601beb5327` Author: gamab <gabriel.mabille@grafana.com> Date: Tue Sep 3 14:20:47 2024 +0200 Update authlib commit `a1b6408127` Merge: `0d70225c1a` `1128c417d8` Author: gamab <gabriel.mabille@grafana.com> Date: Tue Sep 3 14:18:49 2024 +0200 Merge remote-tracking branch 'origin/main' into drclau/unistor/replace-authenticators-3 commit `0d70225c1a` Author: Claudiu Dragalina-Paraipan <drclau@users.noreply.github.com> Date: Tue Sep 3 15:15:54 2024 +0300 Update pkg/services/authn/grpcutils/grpc_authenticator.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> commit `62f165f6f9` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Tue Sep 3 10:55:45 2024 +0300 refactoring NamespaceAccessChecker usage and use CloudNamespaceFormatter in Cloud Co-Authored-By: Gabriel MABILLE <gamab@users.noreply.github.com> commit `bb5ee88d4f` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Tue Sep 3 10:39:11 2024 +0300 added stackIdExtractor for cloud mode Co-Authored-By: Gabriel MABILLE <gamab@users.noreply.github.com> commit `84866a8a51` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Tue Sep 3 10:38:19 2024 +0300 authz client cfg changes - removed ModeCloud, relying on ModeGrpc and stackID instead to discover if we're running in Cloud - reusing settings from "grpc_client_authentication", instead of duplicating in "authorization" section Co-Authored-By: Gabriel MABILLE <gamab@users.noreply.github.com> commit `14a1021605` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Mon Sep 2 21:44:35 2024 +0300 make update-workspace commit `84f8c9be94` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Mon Sep 2 21:36:10 2024 +0300 cleanup: refactoring leftover commit `7fe8d62304` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Mon Sep 2 19:30:51 2024 +0300 update authlib version (small fix) commit `7c2353ae25` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Mon Sep 2 19:17:11 2024 +0300 cleanup: remove unused `GrpcServerConfig.Mode` commit `52b7cf8550` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Mon Sep 2 19:06:59 2024 +0300 make update-workspace commit `14ddfbd8fb` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Mon Sep 2 19:02:40 2024 +0300 finalize authlib grpc interceptors usage commit `884c4a8c24` Merge: `0fd1988bed` `a1190b165b` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Mon Sep 2 19:00:07 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit `0fd1988bed` Merge: `b766bfb24f` `e0950a1283` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Fri Aug 30 10:45:51 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit `b766bfb24f` Merge: `6993f108a2` `68751ed310` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Wed Aug 28 15:46:04 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit `6993f108a2` Merge: `5f073b04d0` `f1ba609b34` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Tue Aug 27 12:51:07 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit `5f073b04d0` Merge: `0620891d45` `ac5ebe6e4d` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Mon Aug 19 21:09:44 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit `0620891d45` Merge: `6a272e8e2a` `15f2b08f00` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Mon Aug 12 14:14:44 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit `6a272e8e2a` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Thu Aug 8 18:53:43 2024 +0300 allow insecure conns in dev mode + refactoring commit `31c7b030ba` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Thu Aug 8 10:31:13 2024 +0300 allow insecure connections (for testing purposes); remove audience checks audience checks will still need to be done for Access tokens, but not for ID tokens commit `0fdd2ff802` Merge: `763961210c` `f384759ad1` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Wed Aug 7 14:42:39 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit `763961210c` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Fri Aug 2 18:54:29 2024 +0300 wip commit `c46b42a595` Merge: `92aba937a9` `0145b0fe70` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Fri Aug 2 14:44:06 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit `92aba937a9` Author: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> Date: Thu Aug 1 18:32:19 2024 +0300 authn: client side updates Co-Authored-By: Gabriel MABILLE <gamab@users.noreply.github.com>	1 year ago
Claudiu Dragalina-Paraipan	830600dab0	AuthN: Optionally use tokens for unified storage client authentication (#91665 ) * extracted in-proc mode to #93124 * allow insecure conns in dev mode + refactoring * removed ModeCloud, relying on ModeGrpc and stackID instead to discover if we're running in Cloud * remove the NamespaceAuthorizer would fail in legacy mode. It will be added back in the future. * use FlagAppPlatformGrpcClientAuth to enable new behavior, instead of legacy * extracted authz package changes in #95120 * extracted server side changes in #95086 --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabriel.mabille@grafana.com> Co-authored-by: Dan Cech <dcech@grafana.com>	1 year ago
Gabriel MABILLE	b68b69c2b4	AuthN: Use tokens for unified storage server authentication (#95086 ) * Extract server code --------- Co-authored-by: Claudiu Dragalina-Paraipan <drclau@users.noreply.github.com>	1 year ago
Misi	50a635bc7e	Auth: Introduce authn.SSOClientConfig to get client config from SSOSettings service (#94618 ) * wip * possible solution * Separate interface for SSO settings clients * Rename interface * Fix tests * Rename * Change GetClientConfig to comma ok idiom	1 year ago
linoman	21d26de4d8	Session Refactor: Add SAMLSession (#94490 ) * add saml session struct * resolve saml session * Add NameID --------- Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>	1 year ago
Misi	c872cad879	OrgSync: Do not set default Organization for a user to a non-existent Organization (#94537 ) Do not set default org for a user to a missing org Co-authored-by: Karl Persson <kalle.persson@grafana.com>	1 year ago
Karl Persson	ace177f20a	AuthN: Set access token name (#94471 ) * Set access token name	1 year ago
Misi	bd7850853e	Auth: Attach external session info to Grafana session (#93849 ) * initial from poc changes * wip * Remove public external session service * Update swagger * Fix merge * Cleanup * Add backgroud service for cleanup * Add auth_module to user_external_session * Add tests for token revocation functions * Add secret migration capabilities for user_external_session fields * Cleanup, refactor to address feedback * Fix test	1 year ago
Misi	0539ccf10d	Auth: Fix redirection when auto_login is enabled (#94311 ) * Fix for SAML auto login * Fix for OAuth auto login	1 year ago
Misi	d411ce2664	Auth: Use sessionStorage instead of cookie for automatic redirection (#92759 ) * WIP: working as expected, has to be tested * Rename query param, small changes * Remove unused code * Address feedback * Cleanup * Use the feature toggle to control the behaviour * Use the toggle on the FE too * Prevent the extra redirect/reload Co-authored-by: Josh Hunt <joshhunt@users.noreply.github.com> * Return to login if user is not authenticated * Add tracking issue * Align BE redirect constructor to locationSvc	1 year ago
Claudiu Dragalina-Paraipan	a8b07b0c81	[authn] use authlib client+interceptors for in-proc mode (#93124 ) * Add authlib gRPC authenticators for in-proc mode * implement `StaticRequester` signing in the unified resource client - [x] when the `claims.AuthInfo` value type is `identity.StaticRequester`, and there's no ID token set, create an internal token and sign it with symmetrical key. This is a workaround for `go-jose` not offering the possibility to create an unsigned token. - [x] update `IDClaimsWrapper` to support the scenario above - [x] Switch to using `claims.From()` in `dashboardSqlAccess.SaveDashboard()` --------- Co-authored-by: gamab <gabriel.mabille@grafana.com>	1 year ago
Gabriel MABILLE	7714b65f32	Cfg: Deduplicate `DefaultOrgID` code (#93588 ) Cfg: Expose DefaultOrgID function	1 year ago
Gabriel MABILLE	7ef13497a8	AuthN: Ext JWT support actions (#92486 )	1 year ago
Karl Persson	56487d37db	Authn: No longer hash service account token twice during authentication (#92598 ) * APIKey: Only decode and hash token once during authentication * Only update last used every 5 minutes	1 year ago
Charandas	4f024d94d8	Authn: resolve issues with setting up a nil identity (#92620 )	1 year ago
Charandas	af2e79aa83	K8s: namespace mapper should use authlib's util (#92332 )	1 year ago
Ryan McKinley	2e60f28044	Auth: remove id token flag (#92209 )	1 year ago
Dan Cech	9020eb4b17	Auth: Update oauthtoken service to use remote cache and server lock (#90572 ) * update oauthtoken service to use remote cache and server lock * remove token cache * retry is lock is held by an in-flight refresh * refactor token renewal to avoid race condition * re-add refresh token expiry cache, but in SyncOauthTokenHook * Add delta to the cache ttl * Fix merge * Change lockTimeConfig * Always set the token from within the server lock * Improvements * early return when user is not authed by OAuth or refresh is disabled * Allow more time for token refresh, tracing * Retry on Mysql Deadlock error 1213 * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Add settings for configuring min wait time between retries * Add docs for the new setting * Clean up * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> --------- Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>	1 year ago
Karl Persson	5105fb7f3a	Identity: remove GetIDClaims (#91901 ) remove GetIDClaims	1 year ago
Karl Persson	8bcd9c2594	Identity: Remove typed id (#91801 ) * Refactor identity struct to store type in separate field * Update ResolveIdentity to take string representation of typedID * Add IsIdentityType to requester interface * Use IsIdentityType from interface * Remove usage of TypedID * Remote typedID struct * fix GetInternalID	1 year ago
Ryan McKinley	21d4a4f49e	Auth: use IdentityType from authlib (#91763 )	1 year ago
Ryan McKinley	243c0935fc	Auth: Use claims.AuthInfo in requester (#91739 )	1 year ago
Karl Persson	bcfb66b416	Identity: remove GetTypedID (#91745 )	1 year ago
Claudiu Dragalina-Paraipan	e2435f92f1	[authn]: add GetIDClaims() to Requester (#91387 ) * authn: add GetIDClaims() to Requester Co-Authored-By: Gabriel MABILLE <gamab@users.noreply.github.com> * authn: update StaticRequester Co-Authored-By: Gabriel MABILLE <gamab@users.noreply.github.com> * update auth/idtest/mock Co-Authored-By: Gabriel MABILLE <gamab@users.noreply.github.com> * Fix test Co-authored-by: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabriel.mabille@grafana.com>	1 year ago
Charandas	a3d3f9a1e4	Revert "Identity: Remove id token from extra info (#91169 )" (#91350 ) This reverts commit `10170cb839`.	1 year ago
Ryan McKinley	10170cb839	Identity: Remove id token from extra info (#91169 )	1 year ago
Vardan Torosyan	e20f8c566d	RBAC sync: Fix removal of roles which need to be added (#91152 ) * RBAC sync: Fix removal of roles which need to be added * Optimize code * cleanup: appease the linter --------- Co-authored-by: Victor Cinaglia <victor@grafana.com>	1 year ago
Ryan McKinley	728150bdbd	Identity: extend k8s user.Info (#90937 )	1 year ago
Ryan McKinley	9db3bc926e	Identity: Rename "namespace" to "type" in the requester interface (#90567 )	1 year ago
Vardan Torosyan	82236976ae	Add support ticket fixed roles to cloud role sync (#90864 ) * Add support ticket fixed roles to cloud role sync * Adding tests * Fix the linter	1 year ago
Charandas	4abb4d1662	ExtJwt: don't log verify errors as they spam for grafana-agent (#90351 ) * ExtJwt: don't log verify errors as they spam for grafana-agent * remove dead code * revert unintended change * revert unintended change	2 years ago
Mihai Doarna	bbd1611265	SSO: Register LDAP service if LDAP is enabled in SSO settings (#90228 ) register LDAP service if LDAP is enabled in SSO settings	2 years ago
Charandas	c210617735	K8s: use contexthandler in standalone handler chain (#90102 )	2 years ago
Karl Persson	7a78ad3893	Authn: Remove response writer from auth req (#90110 ) Authn: Remove response writer from request	2 years ago
Misi	f337da8e57	Chore: Add more context to logs of OAuthToken and OAuthTokenSync (#90071 ) Chore: Add more context to oauth token sync	2 years ago
Jeff Levin	cfe8317d45	Add auth spans and remove deduplication code for scopes (#89804 ) Adds more spans for timing in accesscontrol and remove permission deduplicating code after benchmarking --------- Signed-off-by: Dave Henderson <dave.henderson@grafana.com> Co-authored-by: Dave Henderson <dave.henderson@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>	2 years ago
Jeff Levin	ed13959e33	Optimize memory allocations in permissions cache (#89645 ) This PR reduces the number of allocations made while caching permissions from the database, fixes the hierarchy of spans and adds new spans for tracing. --------- Signed-off-by: Dave Henderson <dave.henderson@grafana.com> Co-authored-by: Dave Henderson <dave.henderson@grafana.com>	2 years ago
Karl Persson	7f4faaa45b	ExtJWT: Remove test (#89665 ) Remove test	2 years ago

1 2 3 4 5 ...

260 Commits (c440bd2bdaec8fed13f47fdfe76dda63e7d0008a)