* Auth: Add functional option for static requester methods
Initially supporting WithServiceIdentityName to set a ServiceIdentity
inside the Claims.Rest object, so that Secrets Manager can parse
the service requesting secret decryption.
On Secret creation, the service will have to pass its identity
(which is a freeform string) to the SecureValues' Decrypters object.
This field gates which services are allowed to decrypt the SecureValue.
And upon decryption, the service should build a static identity with
that same service identity name when calling the decrypt service.
* StaticRequester: Put secret decrypt permission in access token claims
* StaticRequester: Inline getTokenPermissions function
* wip
* Use serviceaccount model from /apps/iam
* revert version update
* Add tembinding, userteam, other improvements
* Change serviceaccounttoken spec
* Revert the change of ServiceAccountToken
* Revert the change of UserTeam
* Clean up
* Remove files that are not needed for now
* Lint
* Update sql query's integration tests
* Fix tests
* update openapi spec
* Move LastSeenAt to the annotations
* Updte openapi_snapshots
* Change lastSeenAt annotation name
* IAM: Register CoreRole apis
* one line store instantiation
* Small refactor for readability
* Add authorizer for CoreRole
* Nit
* Error strings should not end with punctiation
* Account for error
* Switch to use the local resource client
* error should not start with upper casing
* noopStorageErr should have a name starting with err
* Update workspace
* I don't know why I don't have the same output as the CI 🤷
* Dependency xOwnership
* imports
* Import order
* Rename alias to make it clear this is legacy
* feat: remove kube-aggregator for OSS and provide injection points with runner iface
* upgrade authlib to support expiresIn
* new FT
* new FT again
* update go.mod
* get rid of the slice implementation
* reconcile conflicts
* gracefully handle enterprise not being linked situation with kubeAggregator FT true
* allow dataplane agg and kube agg to both be added to delegate chain
* make update-workspace
* address feedback
* revert go.mod changes
* go.mod updates
* elaborate on why and how of skipping the Ready channel handling
* after rebase and make run
* Dependencies: Bump github.com/openfga/openfga from v1.8.6 to v1.8.12
* Linter: Replace x/exp/rand with math/rand/v2
* NGAlert: Fix test after linter fixes
* feat(add): datasources:query support for using the authlib/authzservice
* added test for datasources
* refactor to create the translation right away
* Update pkg/services/authz/rbac/mapper.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* fix tests
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* WIP: Separate signature package
* Add some unit tests
* Test factory
* Finish unit test coverage signature package
* Fix register
* Add FIXME
* Add more coverage
* Add more coverage
* Fix migrate tests
* Fix unit tests
* Activate schema validation and align underlying systems
* update to save as v0 if not the right schema version
* Resolve merge conflicts
* Move RequireApiErrorStatus to tests package
* Add mutation tests
* Fix lint
* Only do min version check if dashboard is v1
* Fix lint and disable provisioning test
* Revert provisioning changes
* Revert more tests and add schema test
* Reran gen
* SQL Dashboard save
* Adjust APIVERSION
* Fixed mutation test
* Add logging on downgrade
---------
Co-authored-by: Marco de Abreu <18629099+marcoabreu@users.noreply.github.com>
Co-authored-by: Stephanie Hingtgen <stephanie.hingtgen@grafana.com>
* create permissions
* add key
* lint
* structure as a delayed callback
* legacy API hook
* merge main
* wired up
* and folders
* watch repos
* missing return statement
* Set the correct permissions
* add TestAfterCreatePermissionCreator
* do not add perms on folder create
* fix tests
* add annotation on create
* lint
* lint
* ensure we set permissions when the FT is disabled
* remove custom folder_storage
* fix lint
* change default
* lint
* lint
* fix: annotation
* ensure permissions are added on folder legacy
* remove folderstorage again
* fix tests
* add FT
* undo change to folder
* dashboard on create
* remove annotation for folder
* fix tests
* fix prepare after rebase
* fix tests
* fix tests
* fix tests
* lint
* address comments
* add test for prepareObjectForStorage
* add again skipIfMode as per comment
---------
Co-authored-by: Georges Chaudy <chaudyg@gmail.com>
* Use authlib repo. Use otel
* Use interceptors on the provider level
* Create a new wire set with otel
* Lint
* Fix test
* make update-workflow
* make update-workspace
* make update-workspace. Try to add authlib as enterprise imports
* make update-workspace
* Add e2e dagger pipeline
* various-suite not various suite
* upload videos dir
* produce e2e videos even on failure
* nil ref
* sync doesn't return container
* fix quotes
* try without flags first?
* try without quoting?
* use two dashes in flags
* update CODEOWNERS
* make update-workspace
* go work sync
* make update-workspace
* add newline
* Convert pkg/apis to a module
* Update apistore module to use apis go module
* Add module to dependabot
* Group go dependencies
* Add guidelines for adding a new gomod
* Prettier
* Only convert apis/folder to a module for now
* Add replace directive
* Add missing go mod
* Update dashboard app to use app SDK v0.35.0
What
This change updates dashboard app to use app SDK v0.35.0 and adds new
Makefile target for running codegen for all apps, in opt-in manner.
Currently only dashboards app is opted in.
Additionally, this changes dashboard app Makefile to properly install
and update app SDK versions when generating code, with app SDK version
pinned in the Makefile itself.
Why
The upgrade addresses issues with `DeepCopy` methods, while the Makefile
targets ensure that codegen is easy to run and uses reproducible
environments.
Signed-off-by: Igor Suleymanov <igor.suleymanov@grafana.com>
* Run make update-workspace
Signed-off-by: Igor Suleymanov <igor.suleymanov@grafana.com>
* Fix deepcopy methods
Signed-off-by: Igor Suleymanov <igor.suleymanov@grafana.com>
* Re-run CUE codegen to satisfy the CI
Signed-off-by: Igor Suleymanov <igor.suleymanov@grafana.com>
* Run make update-workspace
Signed-off-by: Igor Suleymanov <igor.suleymanov@grafana.com>
* Update to v0.35.1
Signed-off-by: Igor Suleymanov <igor.suleymanov@grafana.com>
---------
Signed-off-by: Igor Suleymanov <igor.suleymanov@grafana.com>
maicon
Ryan McKinley
Mariell Hoversholm
Matheus Macabu
Andreas Christou
Todd Treece
Michael Mandrus
mohammad-hamid
Ivan Ortega Alba
Misi
Victor Cinaglia
Gabriel MABILLE
Jean-Philippe Quéméner
Kevin Minehart
Charandas
Eric Leijonmarck
Alexander Zobnin
Stephanie Hingtgen
Roberto Jiménez Sánchez
Gábor Farkas
Marco de Abreu
Leonor Oliveira
Igor Suleymanov