public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
60,617 Commits 655 Branches 650 Tags
8eef17cb37fc3b56cab9b052d80b6ded998912c7
Commit Graph

20 Commits

Author SHA1 Message Date
Mihai Turdean 918c93ee4e Fix Zanzana Error "user field is malformed" (#107227) 
Fix Authentication: Add UID field to Identity in render service
 2025-06-26 09:14:44 -06:00
Ieva 723fa7ddf9 MT AuthZ: Resolve renderer permissions in MT authZ service (#99362) 
* resolve renderer permissions in MT authZ service

* also include DS read perms

* fix tests and linting
 2025-01-23 10:21:43 +00:00
Ryan McKinley 680e6bc1f8 Authlib: Use types package rather than claims (#99243) 2025-01-21 12:06:55 +03:00
Misi 50a635bc7e Auth: Introduce authn.SSOClientConfig to get client config from SSOSettings service (#94618) 
* wip

* possible solution

* Separate interface for SSO settings clients

* Rename interface

* Fix tests

* Rename

* Change GetClientConfig to comma ok idiom
 2024-10-16 16:27:44 +02:00
Karl Persson 8bcd9c2594 Identity: Remove typed id (#91801) 
* Refactor identity struct to store type in separate field

* Update ResolveIdentity to take string representation of typedID

* Add IsIdentityType to requester interface

* Use IsIdentityType from interface

* Remove usage of TypedID

* Remote typedID struct

* fix GetInternalID
 2024-08-13 10:18:28 +02:00
Ryan McKinley 21d4a4f49e Auth: use IdentityType from authlib (#91763) 2024-08-12 09:26:53 +03:00
Ryan McKinley 9db3bc926e Identity: Rename "namespace" to "type" in the requester interface (#90567) 2024-07-25 12:52:14 +03:00
Ryan McKinley 99d8025829 Chore: Move identity and errutil to apimachinery module (#89116) 2024-06-13 07:11:35 +03:00
Karl Persson be5ced4287 Identity: Use typed version of namespace id (#87257) 
* Remove different constructors and only use NewNamespaceID

* AdminUser: check typed namespace id

* Identity: Add convinient function to parse valid user id when type is either user or service account

* Annotations: Use typed namespace id instead
 2024-05-08 14:03:53 +02:00
Karl Persson 0fa983ad8e AuthN: Use typed namespace id inside authn package (#86048) 
* authn: Use typed namespace id inside package
 2024-04-24 09:57:34 +02:00
linoman 51da96d94e Auth: Add IsClientEnabled and IsEnabled for the authn.Service and authn.Client interfaces (#86034) 
* Add `Service. IsClientEnabled` and `Client.IsEnabled` functions

* Implement `IsEnabled` function for authn clients

* Implement `IsClientEnabled` function for authn services
 2024-04-15 10:54:50 +02:00
Karl Persson 6ea9f0c447 AuthN: Use fetch user sync hook for render keys connected to a user (#84080) 
* Use fetch user sync hook for render keys connected to a user
 2024-03-12 09:15:14 +01:00
Karl Persson 7a38090bc0 AuthN: Fix namespaces for anonymous and render (#75661) 
* AuthN: remove IsAnonymous from identity struct and set correct namespace for anonymous and render

* Don't parse user id for render namespace
 2023-09-29 09:10:33 +02:00
Marcus Efraimsson 040b7d2571 Chore: Add errutils helpers (#73577) 
Add helpers for the errutil package in favor of errutil.NewBase.
 2023-08-22 12:52:24 +02:00
Misi 5efc3386d3 AuthZ: Extend /api/search to work with self-contained permissions (#70749) 
* Search sql filter draft, unfinished

* Search works for empty roles

* Add current AuthModule to SignedInUser

* clean up, changes to the search

* Use constant prefixes

* Change AuthModule to AuthenticatedBy

* Add tests for using the permissions from the SignedInUser

* Refactor and simplify code

* Fix sql generation for pg and mysql

* Fixes, clean up

* Add test for empty permission list

* Fix

* Fix any vs all in case of edit permission

* Update pkg/services/authn/authn.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

* Update pkg/services/sqlstore/permissions/dashboard_test.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

* Fixes, changes based on the review

---------

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
 2023-07-12 12:31:36 +02:00
Misi 6543259a7d Auth: Add SyncPermissions post auth hook (#64205) 
* Add SyncPermissionsFromDB post auth hook

* Delete FromDB prefix

* Align tests

* Fixes

* Change SyncPermissionsHook prio
 2023-03-08 13:35:54 +01:00
Karl Persson 2a7fc3983b AuthN: cleanup logs (#63652) 
* AuthN: clean up logs
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
 2023-02-24 11:26:55 +01:00
Karl Persson 95ea4bad6f AuthN: Rebuild Authenticate so we only have to call it once in context handler (#61705) 
* API: Add reqSignedIn to router groups

* AuthN: Add fall through in context handler

* AuthN: Add IsAnonymous field

* AuthN: add priority to context aware clients

* ContextHandler: Add comment

* AuthN: Add a simple priority queue

* AuthN: Add Name to client interface

* AuthN: register clients with function

* AuthN: update mock and fake to implement interface

* AuthN: rewrite test without reflection

* AuthN: add comment

* AuthN: fix queue insert

* AuthN: rewrite tests

* AuthN: make the queue generic so we can reuse it for hooks

* ContextHandler: Add fixme for auth headers

* AuthN: remove unused variable

* AuthN: use multierror

* AuthN: write proper tests for queue

* AuthN: Add queue item that can store the value and priority

Co-authored-by: Jo <joao.guerreiro@grafana.com>
 2023-01-26 10:50:44 +01:00
Karl Persson cdd7392f68 AuthN: Make client params part of the identity (#61050) 
* AuthN: Change client params to be a return value of authenticate

* AuthN: move client params to be part of the identity
 2023-01-05 20:17:41 +01:00
Karl Persson da24a9d74e AuthN: Add render auth client (#60914) 
* AuthN: Add boilderplate for render auth client

* AuthN: Implement test function for render auth client

* AuthN: Implement Authenticate for render arender auth client

* ContextHandler: Perform render auth if flag is enabled
 2023-01-04 13:48:00 +01:00