* update oauthtoken service to use remote cache and server lock
* remove token cache
* retry is lock is held by an in-flight refresh
* refactor token renewal to avoid race condition
* re-add refresh token expiry cache, but in SyncOauthTokenHook
* Add delta to the cache ttl
* Fix merge
* Change lockTimeConfig
* Always set the token from within the server lock
* Improvements
* early return when user is not authed by OAuth or refresh is disabled
* Allow more time for token refresh, tracing
* Retry on Mysql Deadlock error 1213
* Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* Add settings for configuring min wait time between retries
* Add docs for the new setting
* Clean up
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
---------
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Refactor identity struct to store type in separate field
* Update ResolveIdentity to take string representation of typedID
* Add IsIdentityType to requester interface
* Use IsIdentityType from interface
* Remove usage of TypedID
* Remote typedID struct
* fix GetInternalID
* RBAC sync: Fix removal of roles which need to be added
* Optimize code
* cleanup: appease the linter
---------
Co-authored-by: Victor Cinaglia <victor@grafana.com>
This PR reduces the number of allocations made while caching permissions from the database, fixes the hierarchy of spans and adds new spans for tracing.
---------
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
Co-authored-by: Dave Henderson <dave.henderson@grafana.com>
* Auth: Implement org role mapping for google oauth provider
* Update docs
* Remove unused function
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Conf: Add org_mapping and org_attribute_path to github and gitlab conf
* Gitlab: Implement org role mapping
* Update docs
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Introduce preLogoutHooks in authn service
* Add gcom_logout_hook
* Config the api token from the Grafana config file
* Simplify
* Add tests for logout hook
* Clean up
* Update
* Address PR comment
* Fix
* Social: link to OrgRoleMapper
* OIDC: support Generic Oauth org to role mappings
Fixes: #73448
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
* Handle when getAllOrgs fails in the org_role_mapper
* Add more tests
* OIDC: ensure orgs are evaluated from API when not from token
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
* OIDC: ensure AutoAssignOrg is applied with OrgMapping without RoleAttributeStrict
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
* Extend docs
* Fix test, lint
---------
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
* GetSignedInUser unexported (renamed to getSignedInUser)
* GetSignedInUserWithCacheCtx renamed to GetSignedInUser
* added a check for a nil cacheservice (as defensive programming / test convenience)
* Remove different constructors and only use NewNamespaceID
* AdminUser: check typed namespace id
* Identity: Add convinient function to parse valid user id when type is either user or service account
* Annotations: Use typed namespace id instead
* clean up error handling in postDashboard and remove UserDisplayDTO
* replace GetUserUID with GetUID and GetNamespacedUID, enforce namespace constant type
* lint fix
* lint fix
* more lint fixes
* Use RoleType from org package
* Move to identity package and re-export from authn
* Replace usage of top level functions for identity
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
Karl Persson
Charandas
Ryan McKinley
Dan Cech
Claudiu Dragalina-Paraipan
Vardan Torosyan
Mihai Doarna
Misi
Jeff Levin
Jeff Levin
Carl Bergquist
Mathieu Parent
Kristin Laemmert
Charandas
Gabriel MABILLE