grafana

Commit Graph

Author	SHA1	Message	Date
Claudiu Dragalina-Paraipan	e2435f92f1	[authn]: add GetIDClaims() to Requester (#91387 ) * authn: add GetIDClaims() to Requester Co-Authored-By: Gabriel MABILLE <gamab@users.noreply.github.com> * authn: update StaticRequester Co-Authored-By: Gabriel MABILLE <gamab@users.noreply.github.com> * update auth/idtest/mock Co-Authored-By: Gabriel MABILLE <gamab@users.noreply.github.com> * Fix test Co-authored-by: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabriel.mabille@grafana.com>	10 months ago
Charandas	a3d3f9a1e4	Revert "Identity: Remove id token from extra info (#91169 )" (#91350 ) This reverts commit `10170cb839`.	10 months ago
Ryan McKinley	10170cb839	Identity: Remove id token from extra info (#91169 )	10 months ago
Vardan Torosyan	e20f8c566d	RBAC sync: Fix removal of roles which need to be added (#91152 ) * RBAC sync: Fix removal of roles which need to be added * Optimize code * cleanup: appease the linter --------- Co-authored-by: Victor Cinaglia <victor@grafana.com>	10 months ago
Ryan McKinley	728150bdbd	Identity: extend k8s user.Info (#90937 )	10 months ago
Ryan McKinley	9db3bc926e	Identity: Rename "namespace" to "type" in the requester interface (#90567 )	10 months ago
Vardan Torosyan	82236976ae	Add support ticket fixed roles to cloud role sync (#90864 ) * Add support ticket fixed roles to cloud role sync * Adding tests * Fix the linter	10 months ago
Charandas	4abb4d1662	ExtJwt: don't log verify errors as they spam for grafana-agent (#90351 ) * ExtJwt: don't log verify errors as they spam for grafana-agent * remove dead code * revert unintended change * revert unintended change	11 months ago
Mihai Doarna	bbd1611265	SSO: Register LDAP service if LDAP is enabled in SSO settings (#90228 ) register LDAP service if LDAP is enabled in SSO settings	11 months ago
Charandas	c210617735	K8s: use contexthandler in standalone handler chain (#90102 )	11 months ago
Karl Persson	7a78ad3893	Authn: Remove response writer from auth req (#90110 ) Authn: Remove response writer from request	11 months ago
Misi	f337da8e57	Chore: Add more context to logs of OAuthToken and OAuthTokenSync (#90071 ) Chore: Add more context to oauth token sync	11 months ago
Jeff Levin	cfe8317d45	Add auth spans and remove deduplication code for scopes (#89804 ) Adds more spans for timing in accesscontrol and remove permission deduplicating code after benchmarking --------- Signed-off-by: Dave Henderson <dave.henderson@grafana.com> Co-authored-by: Dave Henderson <dave.henderson@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>	11 months ago
Jeff Levin	ed13959e33	Optimize memory allocations in permissions cache (#89645 ) This PR reduces the number of allocations made while caching permissions from the database, fixes the hierarchy of spans and adds new spans for tracing. --------- Signed-off-by: Dave Henderson <dave.henderson@grafana.com> Co-authored-by: Dave Henderson <dave.henderson@grafana.com>	11 months ago
Karl Persson	7f4faaa45b	ExtJWT: Remove test (#89665 ) Remove test	11 months ago
Ryan McKinley	99d8025829	Chore: Move identity and errutil to apimachinery module (#89116 )	12 months ago
Misi	2e811c5438	Chore: Use OrgRoleMapper in Grafana.com client (#89013 ) * Use OrgRoleMapper in Grafana.com client * Clean up	12 months ago
Misi	9a44296bc2	Auth: Add org to role mappings support to AzureAD/Entra integration (#88861 ) * Added implementation and tests * Add docs, simplify implementation * Remove unused func * Update docs	12 months ago
Karl Persson	f3efd95bb4	Auth: Add org to role mappings support to Google integration (#88891 ) * Auth: Implement org role mapping for google oauth provider * Update docs * Remove unused function Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>	12 months ago
Misi	4f2a9a47f3	Auth: Add org to role mappings support to Okta integration (#88770 ) * Add org mapping support to Okta * Update docs and configs * Prettier docs * Apply suggestions from code review Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Improve tests --------- Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>	12 months ago
Karl Persson	f28905f8c4	Auth: Add org to role mappings support to Gitlab integration (#88751 ) * Conf: Add org_mapping and org_attribute_path to github and gitlab conf * Gitlab: Implement org role mapping * Update docs --------- Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>	12 months ago
Misi	eacf6e0a4d	Auth: Add org to role mappings support to GitHub integration (#88537 ) * wip: add extra tests for verifying current logic * Add OrgRole mapping and tests * Update docs * Clean up * Update docs/sources/setup-grafana/configure-security/configure-authentication/github/index.md Co-authored-by: Mihai Doarna <mihai.doarna@grafana.com> * Update docs with None role * Apply suggestions from code review Co-authored-by: Jack Baldry <jack.baldry@grafana.com> * Fix * Prettier docs * Cleanup tests --------- Co-authored-by: Mihai Doarna <mihai.doarna@grafana.com> Co-authored-by: Jack Baldry <jack.baldry@grafana.com>	1 year ago
Misi	ed6b3e9e7c	Auth: Introduce pre-logout hooks + add GCOM LogoutHook (#88475 ) * Introduce preLogoutHooks in authn service * Add gcom_logout_hook * Config the api token from the Grafana config file * Simplify * Add tests for logout hook * Clean up * Update * Address PR comment * Fix	1 year ago
Carl Bergquist	6c79f63c04	Auth: Pass ctx when updating last seen (#88496 ) Signed-off-by: bergquist <carl.bergquist@gmail.com>	1 year ago
Mathieu Parent	b8c9ae0eb7	OIDC: Support Generic OAuth org to role mappings (#87394 ) * Social: link to OrgRoleMapper * OIDC: support Generic Oauth org to role mappings Fixes: #73448 Signed-off-by: Mathieu Parent <math.parent@gmail.com> * Handle when getAllOrgs fails in the org_role_mapper * Add more tests * OIDC: ensure orgs are evaluated from API when not from token Signed-off-by: Mathieu Parent <math.parent@gmail.com> * OIDC: ensure AutoAssignOrg is applied with OrgMapping without RoleAttributeStrict Signed-off-by: Mathieu Parent <math.parent@gmail.com> * Extend docs * Fix test, lint --------- Signed-off-by: Mathieu Parent <math.parent@gmail.com> Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>	1 year ago
Kristin Laemmert	16b1e285ea	Chore: Use cache for all signed in user lookups (#88133 ) * GetSignedInUser unexported (renamed to getSignedInUser) * GetSignedInUserWithCacheCtx renamed to GetSignedInUser * added a check for a nil cacheservice (as defensive programming / test convenience)	1 year ago
Karl Persson	78d1b2a250	Authn: Share key retriever between id and access token verifiers (#87978 )	1 year ago
Karl Persson	5c27f223af	Authn: Support access token wildcard namespace (#87816 ) * Authn+ExtJWT: allow wildcard namespace for access tokens and restructure validation	1 year ago
Karl Persson	9977258d04	AuthN: Set uid during authentication (#87797 ) * Identity: Remove GetNamespacedUID and use GetUID instead * Authn: Set uid for users and service accounts	1 year ago
Karl Persson	0f3080ecb8	AuthN: Fix signout redirect url (#87631 ) * Add missing return * Use sign out redirect url from auth config if configured * remove option from auth.jwt that is not used	1 year ago
Karl Persson	be5ced4287	Identity: Use typed version of namespace id (#87257 ) * Remove different constructors and only use NewNamespaceID * AdminUser: check typed namespace id * Identity: Add convinient function to parse valid user id when type is either user or service account * Annotations: Use typed namespace id instead	1 year ago
Charandas	a9da6ce1d5	ext_jwt: streamline expected aud in access tokens and id tokens (#87401 )	1 year ago
Dan Cech	41bee274fd	Chore: Fix error handling in postDashboard, remove UserDisplayDTO, fix live redis client initialization (#87206 ) * clean up error handling in postDashboard and remove UserDisplayDTO * replace GetUserUID with GetUID and GetNamespacedUID, enforce namespace constant type * lint fix * lint fix * more lint fixes	1 year ago
Charandas	0c59baf62d	ext_jwt: switch to new authlib (#87157 )	1 year ago
Gabriel MABILLE	8802282ebc	RBAC: fix panic role not found permission sync (#87217 )	1 year ago
Karl Persson	d8fbbdefea	Identity: Use typed namespace id (#87121 ) * Use typed namespace id	1 year ago
Karl Persson	c4cfee8d96	User: support setting org and help flags though update function (#86535 ) * User: Support setting active org through update function * User: add support to update help flags through update function	1 year ago
Karl Persson	cd724d74aa	Authn: move namespace id type (#86853 ) * Use RoleType from org package * Move to identity package and re-export from authn * Replace usage of top level functions for identity Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>	1 year ago
Charandas	d46b163810	Authn (jwt_auth): add tracing spans for validating newer use cases (#86812 )	1 year ago
Karl Persson	0fa983ad8e	AuthN: Use typed namespace id inside authn package (#86048 ) * authn: Use typed namespace id inside package	1 year ago
Ieva	036f826b87	AuthZ: Further protect admin endpoints (#86285 ) * only users with Grafana Admin role can grant/revoke Grafana Admin role * check permissions to user amdin endpoints globally * allow checking global permissions for service accounts * use a middleware for checking whether the caller is Grafana Admin	1 year ago
Karl Persson	0f06120b56	User: Clean up update functions (#86341 ) * User: remove unused function * User: Remove UpdatePermissions and support IsGrafanaAdmin flag in Update function instead * User: Remove Disable function and use Update instead	1 year ago
Karl Persson	8520892923	User: Fix GetByID (#86282 ) * Auth: Remove unused lookup param * Remove case sensitive lookup for GetByID	1 year ago
linoman	51da96d94e	Auth: Add `IsClientEnabled` and `IsEnabled` for the `authn.Service` and `authn.Client` interfaces (#86034 ) * Add `Service. IsClientEnabled` and `Client.IsEnabled` functions * Implement `IsEnabled` function for authn clients * Implement `IsClientEnabled` function for authn services	1 year ago
Karl Persson	73fecc8d80	Authn: Identity resolvers (#85930 ) * AuthN: Add NamespaceID struct. We should replace the usage of encoded namespaceID with this one * AuthN: Add optional interface that clients can implement to be able to resolve identity for a namespace * Authn: Implement IdentityResolverClient for api keys * AuthN: use idenity resolvers Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>	1 year ago
Karl Persson	895222725c	Session: set authID and authenticatedBy (#85806 ) * Authn: Resolve authenticate by and auth id when fethcing signed in user * Change logout client interface to only take Requester interface * Session: Fetch external auth info when authenticating sessions * Use authenticated by from identity * Move call to get auth-info into session client and use GetAuthenticatedBy in various places	1 year ago
Alexander Zobnin	3127566a20	Access control: Use ResolveIdentity() for authorizing in org (#85549 ) * Access control: Use ResolveIdentity() for authorizing in org * Fix tests * Fix middleware tests * Use ResolveIdentity in HasGlobalAccess() function * remove makeTmpUser * Cleanup * Fix linter errors * Fix test build * Remove GetUserPermissionsInOrg()	1 year ago
Karl Persson	ebb4bb859e	Authn: allow ResolveIdentity to authenticate in "global" scope (#85835 ) * Authn: allow ResolveIdentity to authenticate in "global" scope * Use constant	1 year ago
Karl Persson	46ee87a0fc	Authn: Ignore context.Canceled errors when logging auth errors (#85707 ) Ignore context.Canceled errors when logging auth errors	1 year ago
Misi	8796d2d307	Auth: Convert SetDefaultOrgHook to PostLoginHook (#85649 ) * Convert SetDefaultOrgHook to PostLoginHook	1 year ago

1 2 3 4 5

225 Commits (dc9dfb4c4b8a723b943dd0181a6ae2b579fa0043)