public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
64,379 Commits 655 Branches 650 Tags
17459fe1f4f49ca81f57afa54c1f58a217841cb7
Commit Graph

30 Commits

Author SHA1 Message Date
Charandas e525b529a8 fix: Add panic for nil authorizer in installer (#115186) 2025-12-12 05:01:03 -08:00
Charandas da14be859e Authorization: panic when specific authorizer returns nil (#114982) 2025-12-10 13:01:34 -08:00
Todd Treece ac55fad1ba Plugins App: Switch to resource authorizer (#115019) 2025-12-10 09:12:26 -05:00
Gabriel MABILLE 1e82f99b12 grafana-iam: use apiserver errors (#114850) 
* `grafana-iam`: Use api server errors

* A bit more verbose
 2025-12-04 16:47:06 +01:00
Gabriel MABILLE 8998b1fde4 grafana-iam: Implement api level user authorization (#114498) 
* OnGoing

comment

* WIP on the wrapper

* Get before Delete

* WIP: add an unimplemented storage authorizer

* WIP implementing the resource permission authorize

* Implement beforeCreate

* Create, Delete, Update

* List

* Use a resource permissions wrapper

* Switch the main authorizer to service

* Add namespace

* Use compile for list

* Comment

* Remove unecessary comments

* fix bug with folder permissions

* Implement tests for List

* Test get

* List test small refactor

* Delete test

* Reorganize code

* imports

* Start splitting the tests

* test AfterDelete

* actually test beforeWrite

* Implement tests for wrapper create

* Test delete

* Test List and Get

* Fix List

* Remaining tests

* simplify

* Remove comments

* Reorder

* Change authorizer to allow access
 2025-12-03 17:06:26 +01:00
Daniele Stefano Ferru 7299651a32 Hotfix: Granting None role Viewer access for a fixed API group list (#114310) 2025-11-21 17:50:25 +01:00
Alexander Zobnin f6a1d4a14e Revert Auth: Add None role to Viewer case (#114224) 2025-11-20 14:02:15 +01:00
Ryan McKinley 2f2289f226 Chore: Update authlib (foder as top level argument) (#111800) 2025-10-01 14:40:28 +00:00
Ryan McKinley a4dabc31ed Folders: let unified storage handle authorization (#110825) 2025-09-24 16:26:47 +03:00
Eric Leijonmarck aa0f8caa35 Authorizer: rename and enforce only once for NewGrafanaAuthorizer (#108294) 
* renaming of GrafanaAuthorizer to make it less confusing

* enforce only once by runtime

* comment only
 2025-07-18 15:40:34 +01:00
Karl Persson 5d94293305 Authz: Fix namespace authorization when calling a cluster resource (#102110) 2025-03-13 14:54:35 +01:00
Karl Persson 43f56c5ca1 Apiserver: Refactor authenticator and authorizers (#101449) 
* Clean up authenticator

* Cleanup authorizers and replace org_id and stack_id with namespace authorizer

* Remove dependency on org service

* Extract orgID from /apis/ urls and validate stack id
 2025-03-06 16:01:12 +01:00
Ryan McKinley 66932600ec K8s: DecisionNoOpinion for claims.TypeAnonymous (#100880) 2025-02-18 13:49:54 -08:00
Ryan McKinley 680e6bc1f8 Authlib: Use types package rather than claims (#99243) 2025-01-21 12:06:55 +03:00
linoman 8b7100a9aa Auth: Add None role to Viewer case (#96624) 
Add None role to Viewer case
 2024-11-19 11:29:58 +01:00
Karl Persson a82d01214d Auth: Update authlib (#94947) 
* Update authlib
 2024-10-18 13:36:21 +02:00
Karl Persson 2e38329026 RBAC: Add required component to perform access control checks for user api when running single tenant (#93104) 
* Unexport store and create new constructor function

* Add ResourceAuthorizer and LegacyAccessClient

* Configure checks for user store

* List with checks if AccessClient is configured

* Allow system user service account to read all users

---------

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
 2024-09-23 11:26:44 +02:00
Ryan McKinley a0cd89860e Identity: Add endpoint to get display info for an identifier (#91828) 2024-08-15 14:38:43 +03:00
Ryan McKinley 243c0935fc Auth: Use claims.AuthInfo in requester (#91739) 2024-08-09 19:46:56 +03:00
Charandas a3d3f9a1e4 Revert "Identity: Remove id token from extra info (#91169)" (#91350) 
This reverts commit 10170cb839.
 2024-07-31 21:27:46 +03:00
Ryan McKinley 10170cb839 Identity: Remove id token from extra info (#91169) 2024-07-31 09:14:13 +03:00
Ryan McKinley 728150bdbd Identity: extend k8s user.Info (#90937) 2024-07-30 08:27:23 +03:00
Ryan McKinley be7b1ce2df Chore: Replace appcontext.User(ctx) with identity.GetRequester(ctx) (#91030) 2024-07-26 16:39:23 +03:00
Ryan McKinley 27e800768e K8s: Improve identity mapping setup (#89450) 2024-06-20 17:53:07 +03:00
Daniele Stefano Ferru fbda55316d K8s: Set X-Remote-Extra-User-Instance-Role header for SignedInUser (#87958) 2024-05-16 12:57:49 +03:00
Todd Treece de438eae2e K8s: Prevent the use of arbitrary namespaces (#83636) 2024-05-08 09:30:08 -07:00
Todd Treece 8f0431ba46 K8s: Pass ID token in X-Extra-id-token header (#82893) 2024-02-16 17:07:37 +02:00
Todd Treece f593161ef6 K8s: Set X-Remote- headers for SignedInUser (#82543) 2024-02-15 12:29:36 -05:00
Todd Treece d6e6298103 K8s: Add Aggregation to Backend Service (#81591) 
Co-authored-by: Charandas Batra <charandas.batra@grafana.com>
 2024-02-12 22:59:35 +02:00
Todd Treece 67b6be5515 K8s: Refactor config/options for aggregation (#81739) 2024-02-01 17:27:30 -05:00