* extracted in-proc mode to #93124
* allow insecure conns in dev mode + refactoring
* removed ModeCloud, relying on ModeGrpc and stackID instead to discover if we're running in Cloud
* remove the NamespaceAuthorizer would fail in legacy mode. It will be added back in the future.
* use FlagAppPlatformGrpcClientAuth to enable new behavior, instead of legacy
* extracted authz package changes in #95120
* extracted server side changes in #95086
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: gamab <gabriel.mabille@grafana.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
* fix: Change users permissions search to use a consistent key without collisions
* Move HashString to cacheutils
* Change error handling logic for what to do with a cache key
* Add a test that confirms search cache key consistency
* add admin permissions upon creation of a folder w. SA
* Update pkg/services/folder/folderimpl/folder.go
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Grant service account permissions for creation of dashboards
* Grant service account admin permissions upon creating a datasource
* fetch user using the userservice with the userid
* Revert "fetch user using the userservice with the userid"
This reverts commit 23cba78752.
* revert back to original datasource creation
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Previously all receiver modifications were denied with alertingApiServer
enabled. This allows pure creates and deletes through as these specific
cases can be handled simply and without risk of rbac shenanigans.
* Fix: Fix panic when json data are nil
* Use Interface()
* Feedback
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
* Need to check inside the if statement
---------
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
* Implement uidToResourceID
* add middleware
* Move uidToResourceID to alerting package
* Only hash uid if it's too long
* Use hashed uid in access control
* Move ReceiverUidToResourceId to ScopeProvider
* resolve uid in middleware only if param exists
* Tests
* Linting
---------
Co-authored-by: Yuri Tseretyan <yuriy.tseretyan@grafana.com>
* Remove SettingProvider settings from SSO interactions
* Mock Settings Provider for SSO Settings test
* Ignore error from SettingsProvider
* Add test for backend
* start on tokens
* more error messages
* more handling
* rephrased with suggestions from Daniel
* separate gms parse method
* use translation
* refactor initial idea to use error obj
* use error dto result
* handle gms client
* clean logs and comments
* fix tests
* tests for gms
* test and lint
* lint
* one more handling from gms
* typing in fe
* use error interface
* use validation error
* remove unused gms error
* use errorlib and helper function in fe
* regen api
* use same error util
* one more error to handle
* Also validate folder on provisioning update
* Move folder check before auth check
When checking for the existence of a folder we go through the folder
service which requires auth. Doing so prevents an unprivileged user from
accessing information about whether a particular folder exists or not.
* Rewrite zanzana collector to fetch all available pages
* Register access control as a background service
* If zanzana is enabled we run Syncs and start Reconciliation job
* Update pkg/services/authz/zanzana/client/client.go
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* Use server lock when doing performing reconciliation
* start on loading the error code
* error code to message mapping
* use resource code type
* use defined error code
* partial updates from comments
* i18nKey gen
* fixed t
* fixed translations
* typing
* CloudMigrations: create snapshot for Notification Policy
* CloudMigrations: add notification policy constants and components
* CloudMigrations: add uid to resources that have it
* run service account creation DB queries in transaction
* extract the signed in user from the context
* undo unneeded change
* don't error out if a user is not found
* Update pkg/services/serviceaccounts/manager/service.go
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Update pkg/services/serviceaccounts/manager/service.go
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Matheus Macabu
Andreas Christou
Will Browne
Claudiu Dragalina-Paraipan
Aaron Godin
Gabriel MABILLE
Eric Leijonmarck
Matias Chomicki
Josh Hunt
Torkel Ödegaard
Gábor Farkas
Karl Persson
Matthew Jacobson
Alexander Zobnin
Andrej Ocenas
Tito Lins
linoman
Alexander Akhmetov
Santiago
Yuri Tseretyan
Dana Axinte
William Wernert
lean.dev
Charandas
Ryan McKinley
Ashley Harrison
Misi
Ieva
Arati R.
Igor