* name field must match either k8s regex or grafana legacy uid regex. Adds tests.
* moves invalid test to being valid
* uses new US naming validation for kv store validation
* fix function name and update key regex
* fix comment
* use correct errs var
* updates kv key tests
* Chore: Update authlib
* exclude incompatible version of github.com/grafana/gomemcache
* Update go-jose to v4
* fix jose imports
* remove jose v3 from go.mod
* fix tests
* fix serialize
* fix failing live tests
* add v1 of ES256 testkeys. Port tests to use ES256 instead of HS256
* accept more signature algs for okta and azuread
* azure social graph token sig
* accept more signature algs for oauth refresh and jwt auth
* update workspace
* add a static signer for inproc
* rebase and fix ext_jwt
* fix jwt tests
* apply alex patch on gomemcache
* update linting
* fix ext_jwt panic
* update workspaces
---------
Co-authored-by: Jo Garnier <git@jguer.space>
* remove drone & dead code in pkg/build; update go modules
* remove .drone.star
* Remove drone scripts and drone references in Makefile
* make update-workspace
* remove deadcode tool
* Remove daggerbuild/scripts: deadcode
* Remove drone files / folders in CODEOWNERS
* make update-workspace
* remove more dead code
* Auth: Add functional option for static requester methods
Initially supporting WithServiceIdentityName to set a ServiceIdentity
inside the Claims.Rest object, so that Secrets Manager can parse
the service requesting secret decryption.
On Secret creation, the service will have to pass its identity
(which is a freeform string) to the SecureValues' Decrypters object.
This field gates which services are allowed to decrypt the SecureValue.
And upon decryption, the service should build a static identity with
that same service identity name when calling the decrypt service.
* StaticRequester: Put secret decrypt permission in access token claims
* StaticRequester: Inline getTokenPermissions function
* wip
* Use serviceaccount model from /apps/iam
* revert version update
* Add tembinding, userteam, other improvements
* Change serviceaccounttoken spec
* Revert the change of ServiceAccountToken
* Revert the change of UserTeam
* Clean up
* Remove files that are not needed for now
* Lint
* Update sql query's integration tests
* Fix tests
* update openapi spec
* Move LastSeenAt to the annotations
* Updte openapi_snapshots
* Change lastSeenAt annotation name
* IAM: Register CoreRole apis
* one line store instantiation
* Small refactor for readability
* Add authorizer for CoreRole
* Nit
* Error strings should not end with punctiation
* Account for error
* Switch to use the local resource client
* error should not start with upper casing
* noopStorageErr should have a name starting with err
* Update workspace
* I don't know why I don't have the same output as the CI 🤷
* Dependency xOwnership
* imports
* Import order
* Rename alias to make it clear this is legacy
Todd Treece
Ryan McKinley
dependabot[bot]
Matheus Macabu
owensmallwood
Austin Pond
maicon
Tobias Skarhed
Alexander Zobnin
Kevin Minehart
Mariell Hoversholm
Andreas Christou
Michael Mandrus
mohammad-hamid
Ivan Ortega Alba
Misi
Victor Cinaglia
Gabriel MABILLE
Jean-Philippe Quéméner