* Zanzana: Remove usage from legacy access control
* remove unused
* remove zanzana client from services where it's not used
* remove unused metrics
* fix linter
* add user ID API translation
* add uid to user frontend
* use users' UIDs in admin pages
* fix ldapSync page
* use global user search for user by UID
* remove active org filtering
* remove orgID params
* Implement uidToResourceID
* add middleware
* Move uidToResourceID to alerting package
* Only hash uid if it's too long
* Use hashed uid in access control
* Move ReceiverUidToResourceId to ScopeProvider
* resolve uid in middleware only if param exists
* Tests
* Linting
---------
Co-authored-by: Yuri Tseretyan <yuriy.tseretyan@grafana.com>
* Revert "chore: add replDB to team service (#91799)"
This reverts commit c6ae2d7999.
* Revert "experiment: use read replica for Get and Find Dashboards (#91706)"
This reverts commit 54177ca619.
* Revert "QuotaService: refactor to use ReplDB for Get queries (#91333)"
This reverts commit 299c142f6a.
* Revert "refactor replCfg to look more like plugins/plugin config (#91142)"
This reverts commit ac0b4bb34d.
* Revert "chore (replstore): fix registration with multiple sql drivers, again (#90990)"
This reverts commit daedb358dd.
* Revert "Chore (sqlstore): add validation and testing for repl config (#90683)"
This reverts commit af19f039b6.
* Revert "ReplStore: Add support for round robin load balancing between multiple read replicas (#90530)"
This reverts commit 27b52b1507.
* Revert "DashboardStore: Use ReplDB and get dashboard quotas from the ReadReplica (#90235)"
This reverts commit 8a6107cd35.
* Revert "accesscontrol service read replica (#89963)"
This reverts commit 77a4869fca.
* Revert "Fix: add mapping for the new mysqlRepl driver (#89551)"
This reverts commit ab5a079bcc.
* Revert "fix: sql instrumentation dual registration error (#89508)"
This reverts commit d988f5c3b0.
* Revert "Experimental Feature Toggle: databaseReadReplica (#89232)"
This reverts commit 50244ed4a1.
* Cfg: Move rbac settings to own struct
* Cfg: Add setting to control if resource should generate managed permissions when created
* Dashboards: Check if we should generate default permissions when dashboard is created
* Folders: Check if we should generate default permissions when folder is created
* Datasource: Check if we should generate default permissions when datasource is created
* ServiceAccount: Check if we should generate default permissions when service account is created
* Cfg: Add option to specify resources for wich we should default seed
* ManagedPermissions: Move providers to their own files
* Dashboards: Default seed all possible managed permissions if configured
* Folders: Default seed all possible managed permissions if configured
* Cfg: Remove service account from list
* RBAC: Move utility function
* remove managed permission settings from the config file examples, change the setting names
* remove ini file changes from the PR
* fix setting reading
* fix linting errors
* fix tests
* fix wildcard role seeding
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: jguer <me@jguer.space>
* initial commit
* Action sets stored
remove the dependancy for actionsets
got the actionsets registered
storing the permissions
* fix golanglinting
* remove unused struct field
* wip
* actionset registry for a plugin from the actionsetservice
* update to make declareactionset the primary way of plugin registration and modification
* declare actually extends actionsets
* tests fixed
* tests skipped
* skip tests
* skip tests
* skip tests
* skip tests
* change to warning instead
* remove step from pipeline to see if it fails due to plugin not registering
* reintroduce step but remove features dependancy
* add back the tests that were failing
* remove comments and another skip test
* fix a comment and remove unneeded changes
* fix and clean up, put the behaviour behind a feature toggle
* clean up
* fixing tests
* hard-code allowed action sets for plugins
* Apply suggestions from code review
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* small cleanup
---------
Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* resolve action sets when GetPermissions is called
* a fix to ensure that dashboard permissions that override parent folder permissions are displayed on top of the inherited permission
* linting
* linting pt2
* include and resolve action sets when fetching user's permissions
* expand both action and action prefix (returns an empty set for the one that isn't specified)
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* if action is specified, check for exact match; also extend tests
* remove unused action set code, refactor the existing code
* fix import ordering
* use a separate interface for permission expansion after all, to avoid circular dependencies
* add comments, fix a test
* logic to expand action set to the underlying actions when permissions are fetched from the DB
* updates needed for dependency injection
* clean up some code, also deduplicate scopes when grouping scopes and actions
* expand on a comment
* rename a method
* add action set resolver
* rename variables
* some fixes and some tests
* more tests
* more tests, and put action set storing behind a feature toggle
* undo change from cfg to feature mgmt - will cover it in a separate PR due to the amount of test changes
* fix dependency cycle, update some tests
* add one more test
* fix for feature toggle check not being set on test configs
* linting fixes
* check that action set name can be split nicely
* clean up tests by turning GetActionSetNames into a function
* undo accidental change
* test fix
* more test fixes
* make cfg private in sqlstore
* fix db init in tests
* fix case
* fix folder test init
* fix imports
* make another Cfg private
* remove another Cfg
* remove unused variable
* use store cfg, it has side-effects
* fix mutated cfg in tests
* IAM: fix many error messages in access-related code to provide more information
* Remove debug statement
* Refactor resourcepermissions package to use errutil
* Replace a few more errors with errutil and wrap errors found in users and teams services
* Apply diff of openAPI spec
* replace sqlstore with db interface in a few packages
* remove from stats
* remove sqlstore in admin test
* remove sqlstore from api plugin tests
* fix another createUser
* remove sqlstore in publicdashboards
* remove sqlstore from orgs
* clean up orguser test
* more clean up in sso
* clean up service accounts
* further cleanup
* more cleanup in accesscontrol
* last cleanup in accesscontrol
* clean up teams
* more removals
* split cfg from db in testenv
* few remaining fixes
* fix test with bus
* pass cfg for testing inside db as an option
* set query retries when no opts provided
* revert golden test data
* rebase and rollback
* Add user uid migration to run on every startup to protect against empty values in a upgrade downgrade scenario
* Add team uid migration to run on every startup to protect against empty values in a upgrade downgrade scenario
* Run team uid migration
* streamline initialization of test databases, support on-disk sqlite test db
* clean up test databases
* introduce testsuite helper
* use testsuite everywhere we use a test db
* update documentation
* improve error handling
* disable entity integration test until we can figure out locking error
There were a few errors that prevented these endpoints (which are the most up-to-date ones) from being present in the openapi spec:
- The `enterprise` tag excluded the endpoints from being generated
- `okRespoonse` typo
- Invalid templating on the parameters
- Missing parameter structs
