public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
44,332 Commits 655 Branches 650 Tags
659a01903e3bf6963da17029cd2b4304f5554bd7
Commit Graph

73 Commits

Author SHA1 Message Date
Jo
932c24986d Auth: Resolve isGrafanaAdmin for debug logging (#71145) 
resolve isGrafanaAdmin for debug logging
 2023-07-10 11:14:51 +02:00
Ieva
4980b64274 RBAC: Remove legacy ac from authorization middleware (#68898) 
remove legacy AC fallback from RBAC middleware, and some unused auth logic
 2023-05-24 09:49:42 +01:00
venkatbvc
b9e53f628f HTTP: Add TLS version configurability for Grafana server (#67482) 
Co-authored-by: Rao B V Chalapathi <b_v_chalapathi.rao@nokia.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
 2023-05-08 17:11:36 +02:00
Ieva
94cc93cc83 LDAP: Always synchronize Server Admin role through role sync if role sync is enabled (#58820) 
fix a bug with role sync
 2023-03-31 15:39:23 +01:00
Serge Zaitsev
a38f230d37 Chore: Remove result fields from login (#65136) 
* remove result fields from login

* fix tests

* fix tests

* another shadowing
 2023-03-28 20:32:21 +02:00
Eric Leijonmarck
3cd952b8ba Auth: Fix orgrole picker disabled if isSynced user (#64033) 
* fix: disable orgrolepicker if externaluser is synced

* add disable to role picker

* just took me 2 hours to center the icon

* wip

* fix: check externallySyncedUser for API call

* remove check from store

* add: tests

* refactor authproxy and made tests run

* add: feature toggle

* set feature toggle for tests

* add: IsProviderEnabled

* refactor: featuretoggle name

* IsProviderEnabled tests

* add specific tests for isProviderEnabled

* fix: org_user tests

* add: owner to featuretoggle

* add missing authlabels

* remove fmt

* feature toggle

* change config

* add test for a different authmodule

* test refactor

* gen feature toggle again

* fix basic auth user able to change the org role

* test for basic auth role

* make err.base to error

* lowered lvl of log and input mesg
 2023-03-22 17:41:59 +00:00
Jo
7e97dbde65 LDAP: Allow setting minimum TLS version and accepted ciphers (#63646) 
* update ldap library and use go module path

* add TLS min version and accepted min TLS version

* set default min ver to library default

* set default min ver to library default

* add cipher list to toml

* Update pkg/services/ldap/settings.go

Co-authored-by: Karl Persson <kalle.persson@grafana.com>

* Apply suggestions from code review

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* lint

---------

Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
 2023-02-28 12:13:46 +01:00
Jo
d4cfbd9fd3 LDAP: Move LDAP globals to Config (#63255) 
* structure dtos and private methods

* add basic LDAP service

* use LDAP service in ldap debug API

* lower non fatal error

* remove unused globals

* wip

* remove final globals

* fix tests to use cfg enabled

* restructure errors

* remove logger from globals

* use ldap service in authn

* use ldap service in context handler

* fix failed tests

* fix ldap middleware provides

* fix provides in auth_test.go
 2023-02-10 19:01:55 +01:00
Jo
7862ae8abf SupportBundles: Add LDAP bundle collector (#63128) 
* fix non-cfg fields used in ldap

* fix non-cfg fields

* add ldap support bundle

* add note on match

* add censoring and docs
 2023-02-09 16:31:31 +01:00
Jo
6322fce725 LDAP: Move to single package cluster (#63035) 
* move multildap to ldap package

* move LDAP api and tests to ldap package

* register background service

* lint
 2023-02-08 09:32:59 +01:00
Serge Zaitsev
7dbd2cd139 Chore: Fix goimports grouping (#62426) 
fix goimports ordering
 2023-01-30 09:34:18 +01:00
Kristin Laemmert
9256a520a4 chore: move user_auth models to (mostly) login service (#62269) 
* chore: move user_auth models to (mostly) login service
 2023-01-27 13:36:54 -05:00
Marcos de Oliveira
91582ba03d LDAP: Make LDAP attribute mapping case-insensitive (#58992) 
* Make LDAP attribute mapping case-insensitive

* Add test case with attribute name different from schema's

* Add fix to getArrayAttribute also and add test with mismatched letter
case.

* Update pkg/services/ldap/helpers.go

Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
 2022-11-22 13:47:53 +01:00
Jo
77437f2c89 Add multi-auth devenv (#57609) 
* add authentik devenv

* remove direct dependency on spew

* use cn

* add authentik instructions

* add backup instructions
 2022-10-26 13:46:50 +02:00
Gabriel MABILLE
5fcec05695 LDAP: log that organization mapping is skipped (#56796) 2022-10-12 08:41:11 -04:00
Gabriel MABILLE
10c080dad1 LDAP: Add skip_org_role_sync configuration option (#56679) 
* LDAP: Add skip_org_role_sync option

* Document the new config option

* Nit on docs

* Update docs/sources/setup-grafana/configure-security/configure-authentication/ldap.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Docs suggestions

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>

* Add test, Fix disabled user when no role

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
 2022-10-12 13:33:33 +02:00
Jo
062d255124 Handle ioutil deprecations (#53526) 
* replace ioutil.ReadFile -> os.ReadFile

* replace ioutil.ReadAll -> io.ReadAll

* replace ioutil.TempFile -> os.CreateTemp

* replace ioutil.NopCloser -> io.NopCloser

* replace ioutil.WriteFile -> os.WriteFile

* replace ioutil.TempDir -> os.MkdirTemp

* replace ioutil.Discard -> io.Discard
 2022-08-10 15:37:51 +02:00
idafurjes
6afad51761 Move SignedInUser to user service and RoleType and Roles to org (#53445) 
* Move SignedInUser to user service and RoleType and Roles to org

* Use go naming convention for roles

* Fix some imports and leftovers

* Fix ldap debug test

* Fix lint

* Fix lint 2

* Fix lint 3

* Fix type and not needed conversion

* Clean up messages in api tests

* Clean up api tests 2
 2022-08-10 11:56:48 +02:00
Jo
1f8b1eef75 SAML: Do not SAML SLO if user is not SAML authenticated (#53418) 
* Only SLO user if the user is using SAML

* only one source of truth for auth module info

* ensure SAML is also enabled and not only SLO

* move auth module naming to auth module login package

* use constants in other previously unused spots
 2022-08-10 10:21:33 +02:00
Jo
09c95bc31f TeamSync: Fix team syncing out of orgs mapped by auth method (#53257) 2022-08-10 10:20:23 +02:00
Jo
c9c4fc604e LDAP: Improve errors and documentation (#52111) 2022-07-12 11:11:09 -04:00
hannes-256
62b0a8bae6 LDAP: Allow specifying LDAP timeout (#48870) 
* Allow specifying LDAP timeout

* Update docs/sources/auth/ldap.md

Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com>

* LDAP timeout: Add annotations; Make functions "private"

* Setting the default timeout if unspecified

* fix goimports lint issue

Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: jguer <joao.guerreiro@grafana.com>
 2022-07-08 08:52:54 +02:00
Kat Yang
3c3039f5b3 Chore: Remove Wrap (#50048) 
* Chore: Remove Wrap and Wrapf

* Fix: Add error check
 2022-06-03 09:24:24 +02:00
sh0rez
3d5d8c785b pkg/web: restrict handler types (#48495) 
Makes `pkg/web` only accept handles from the following set:

```go
	handlerStd       = func(http.ResponseWriter, *http.Request)
	handlerStdCtx    = func(http.ResponseWriter, *http.Request, *web.Context)
	handlerStdReqCtx = func(http.ResponseWriter, *http.Request, *models.ReqContext)
	handlerReqCtx    = func(*models.ReqContext)
	handlerReqCtxRes = func(*models.ReqContext) Response
	handlerCtx       = func(*web.Context)
```

This is a first step to reducing above set to only `http.Handler`.

---

Due to a cyclic import situation between `pkg/models` and `pkg/web`, parts of this PR were put into `pkg/api/response`, even though they definitely do not belong there. This however is _temporary_ until we untangle `models.ReqContext`.
 2022-05-20 12:45:18 -04:00
Krzysztof Dąbrowski
5be23b40b6 LDAP: allow Grafana Admin mapping without org_role field (#37189) 2022-05-06 12:12:42 +02:00
Krzysztof Dąbrowski
c41397a6e7 LDAP: validate organization role during parsing (#37188) 
* LDAP: validate organization role during parsing

* Trigger a new build

* Check if grafana_admin is present
 2022-05-04 09:35:10 +02:00
Gabriel MABILLE
94fd03f44f LDAP: Fix debug view to display the actual computed mapping in ldap.go (#48103) 
* LDAP debug fix with Org role inheritance

Co-authored-by: Jguer <joao.guerreiro@grafana.com>

* ldap debug coherent with ldap.go

Co-authored-by: Jguer <joao.guerreiro@grafana.com>

Co-authored-by: Jguer <joao.guerreiro@grafana.com>
 2022-04-22 15:45:54 +02:00
Selene
875e0736ec LDAP: Use an interface instead of a bus to get group teams (#42165) 
* Remove bus for GetTeams for LDAP

* Fix lint
 2022-02-01 12:03:21 +01:00
Emil Tullstedt
ad971cc9be LDAP: Search all DNs for users (#38891) 2021-09-14 10:49:37 +02:00
Arve Knudsen
d27a72f859 IPv6: Support host address configured with enclosing square brackets (#31226) 
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
 2021-02-15 17:55:41 +01:00
Arve Knudsen
116809ed7f services/provisioning: Various cleanup (#30396) 
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
 2021-01-19 18:57:09 +01:00
Arve Knudsen
c2cad26ca9 Chore: Disable default golangci-lint filter (#29751) 
* Disable default golangci-lint filter

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Chore: Fix linter warnings

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
 2020-12-15 09:32:06 +01:00
Arve Knudsen
12661e8a9d Move middleware context handler logic to service (#29605) 
* middleware: Move context handler to own service

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

Co-authored-by: Emil Tullsted <sakjur@users.noreply.github.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
 2020-12-11 11:44:44 +01:00
Arve Knudsen
f326b79cc1 Security: Add gosec G304 auditing annotations (#29578) 
* Security: Add gosec G304 auditing annotations

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* Add gosec annotations

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* Add gosec annotations

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* Add gosec annotations

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* space

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* Add gosec annotations

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

Co-authored-by: bergquist <carl.bergquist@gmail.com>
 2020-12-03 22:13:06 +01:00
Arve Knudsen
752a424e1f Auth proxy: Return standard error type (#29502) 
* Rewrite auth proxy tests to use standard lib

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Auth proxy: Use standard error type

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
 2020-12-02 16:57:16 +01:00
Arve Knudsen
9593d57914 Chore: Enable errorlint linter (#29227) 
* Enable errorlint linter
* Handle wrapped errors

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
 2020-11-19 14:47:17 +01:00
Arve Knudsen
7897c6b7d5 Chore: Fix staticcheck issues (#28854) 
* Chore: Fix issues reported by staticcheck

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Undo changes

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
 2020-11-05 11:57:20 +01:00
Arve Knudsen
077eab1b24 Chore: Use net.JoinHostPort (#28421) 
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
 2020-10-22 07:34:26 +02:00
Arve Knudsen
a5d9196a53 Chore/fix lint issues (#27704) 
* Chore: Fix linting issues

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
 2020-09-22 16:22:19 +02:00
Leonard Gram
c266f45858 LDAP: users without org mappings are marked as disabled (#26650) 
* LDAP: users without org mappings are marked as disabled

* Update pkg/services/ldap/ldap.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* LDAP: verifies that unmapped users are tagged as isDisabled

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
 2020-07-31 14:41:31 +02:00
Arve Knudsen
16c185c3b9 Chore: Drop xerrors dependency (#26718) 
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
 2020-07-31 09:45:20 +02:00
Arve Knudsen
d4e4cb4c71 Chore: Enable Go linter gocritic (#26224) 
* Chore: Enable gocritic linter

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
 2020-07-16 14:39:01 +02:00
Arve Knudsen
41d432b5ae Chore: Enable whitespace linter (#25903) 
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
 2020-07-06 20:17:28 +02:00
annegies
a2737c0896 Remove break from ldap, get all groups from all the group base searches specified (#25825) 
Signed-off-by: Annegies van 't Zand <ace.vtzand@gmail.com>
 2020-07-06 12:02:39 +02:00
Emil Tullstedt
e8b5f2330d Settings: Expand variables in configuration (#25075) 2020-06-10 14:58:42 +02:00
Arve Knudsen
07582a8e85 Chore: Fix various spelling errors in back-end code (#25241) 
* Chore: Fix various spelling errors in back-end code
Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>>
 2020-06-01 17:11:25 +02:00
Mario Trangoni
5116420e9a Fix misspell issues (#23905) 
* Fix misspell issues

See,
$ golangci-lint run --timeout 10m --disable-all -E misspell ./...

Signed-off-by: Mario Trangoni <mjtrangoni@gmail.com>

* Fix codespell issues

See,
$ codespell -S './.git*' -L 'uint,thru,pres,unknwon,serie,referer,uptodate,durationm'

Signed-off-by: Mario Trangoni <mjtrangoni@gmail.com>

* ci please?

* non-empty commit - ci?

* Trigger build

Co-authored-by: bergquist <carl.bergquist@gmail.com>
Co-authored-by: Kyle Brandt <kyle@grafana.com>
 2020-04-29 21:37:21 +02:00
Omar Nahhas Sanchez
cf23f15a08 Adding debug line to search ldap. (#23824) 2020-04-24 09:53:42 +02:00
Ricardo
c3884abf62 Add fallback to search_base_dns if group_search_base_dns is undefined. (#21263) 
* Add fallback to search_base_dns if group_search_base_dns is undefined.

refs: #20862

* removed newline to make lint-go happy

* Added requested changes on ldap.md for last commit

Refs: #21263
 2020-03-03 09:11:16 -08:00
Carl Bergquist
f9962eabff chore: avoid aliasing imports in services (#22499) 2020-02-29 13:35:15 +01:00