* Add hook to validate access for users based on provisioning logic
* Wire the hook
* Add tests
* declare new variables for errors
* rework the authorization flow for provisioned users
* Add scim feature to testinfra opts
* Grant access if the identity doesn't have associated a user
* skip external uid check for subsequent calls
* Update tests
* Use authlib repo. Use otel
* Use interceptors on the provider level
* Create a new wire set with otel
* Lint
* Fix test
* make update-workflow
* make update-workspace
* make update-workspace. Try to add authlib as enterprise imports
* make update-workspace
* [Provisioning] Pay back some technical debt (#100720)
* Handle pagination in github client
* Add some unit test coverage
* Remove unknown repository
* Remove unknown leftover
* Revert "Add some unit test coverage"
This reverts commit 420c9674d2.
* Revert "Revert "Add some unit test coverage""
This reverts commit f7eca41957.
* Revert unit tests in github package
* Remove S3 case as it's now deprecated
* [Provisioning] Consolidate job status report in JobProgressRecorder (#100718)
* Log also successful operation
* Consolidate stop logic under TooManyErrors
* Use error for TooManyErrors
* Pass the progress recorder
* Define JobProgressRecorder interface
* Do not expect workers to return status
* Remove scenarios due to pointers
* Use recorder to manage the entire state
* Provisioning: Support rotating secrets (#100705)
* Provisioning: Refactor webhook to another interface (#100733)
* POC/Provisioning: Remove S3 references (#100734)
* Remove unused script
* Remove s3 references
* Provisioning: Keep the existing k8s name if it is specified in metadata (#100672)
* keep name
* keep name
* Revert "keep name"
This reverts commit 29f87bcaeb.
* Commit stale go.mod
* Keep name also for sync deletions
---------
Co-authored-by: Roberto Jimenez Sanchez <roberto.jimenez@grafana.com>
* Update preview banner copy
* Query Library: Move backend to enterprise (#100371)
* Fix wire
* Fix jobs table re-renders
* Provisioning: Refactor history to its own interface (#100735)
* Provisioning: Refactor history to its own interface
* refactor: use VersionedRepository
* Update API
* Provisioning: Test the GitHub client directly (#100808)
* Provisioning: Test the GitHub client directly
Instead of mocking the abstracted client, test it as well by mocking the underlying GitHub client. This also lets us
remove the mock for the abstracted client.
* refactor: move out helpers
* chore: set dependency owner
* Provisioning: Better clone/push error support (#100854)
* Provisioning: Replace searcher with one that knows about modes (#100857)
* Provisioning: Start in "mode5" when nothing exists in legacy (#100862)
* [Provisioning] Fix duplicate sync jobs triggered in controller (#100870)
* Improve logging on reasons why the controller triggered
* Fix messaging for sync job
* fix lint
* Provisioning: Move legacy export/import into a single migrate job (#100865)
* [Provisioning] Miscellanenous bug fixes and improvements (#100976)
* Error if found duplicate ID
* Fix issue with manual test button
* Fix issue with health errors not going away
* Display status in sync overview
* Use patch operations instead
* Trigger sync job after status update
* Convert Export Tab into modal
* Remove unused FieldSet import
* Only last 8 jobs
* Remove Links card
* Use button for Github Source Code
* Add actions to resources page
* Add resource column to Repository Resources
* Display Job Spec in RecentJobs
* Display dates in history page
* Display Avatar if available
* Improve styling of the avatar
* Update betterer
* Remove duplicate history header in history
* Commit betterer
* Address code styling issues
* update flags
* github v69
* v69
* POC/Provisioning: Add wizard (#100596)
* Chore: make update-workspace
* Chore: Fix lints (#101039)
* Provisioning: Workflows as write access (#101031)
* workflow as write access
* workflow as write access
* workflow as write access
* Update pkg/registry/apis/provisioning/repository/test.go
Co-authored-by: Mariell Hoversholm <mariell.hoversholm@grafana.com>
* POC/Provisioning: Add wizard (#100596)
* update refs
* update refs
* lint fix
* lint fix
* lint fix
* default everythign to read only
* reuse form components
* remove main
---------
Co-authored-by: Mariell Hoversholm <mariell.hoversholm@grafana.com>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* merge main
* Fix workflow types
* Betterer
* [Provisioning] Fix webhook and finalizer issues (#101052)
Fix webhook and finalizer issue
The maximum number of webhooks per repository is 20
* [Provisioning] Fix issue with last ref (#101056)
* Fix issue with last ref
* Update frontend code
* Fix the local tmp test
* Use lastRef
* POC/Provisioning: Simplify connect step (#101064)
* Fix sending workflows
* Use write for local
* Move connect action to the next step
* Remove wizard props
* Typo
* Redirect to wizard
* Show repo link after successful export
* Provisioning: Avoid starting sync jobs when using legacy storage (#101114)
* avoid starting sync jobs on legacy
* newlines
* Provisioning: Onboarding landing page (#101112)
* add landing page before wizard
* Update onboarding page
* Update URL
* Remove unused
* Add deleteAll button
* Improved text
* betterer
---------
Co-authored-by: Clarity-89 <homes89@ukr.net>
* Provisioning: use the sync job to finish the migrate job (#101107)
* Provisioning: Show progress more often (#101128)
* show progress bar earlier
* show progress bar earlier
* update wording to be less specific
* POC/Provisioning: Enable sync (#101131)
* update preview banner
* actualy remove and don't crash without provisioning flag
* Update db banner
* Provisioning: Export oldest items first (#101189)
* Provisioning: better branch handling (#101188)
* add missing file
* Provisioning: Fix tests (#101197)
* Provisioning: Refactor tests to be multiple functions
* Provisioning: Fix tests
* fix: make github-example sync
* fix misspell
* Provisioning: avoid migration wizard if things are already in unified storage (#101204)
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* more lint
* POC/Provisioning: Handle connect step errors (#101192)
* Provisioning: Unify status handling in repository and migrate steps
* Refactor: Move WorkflowsField outside RepositoryStep and use proper type
* Refactor: Improve repository verification error handling and UI
* Refactor: Simplify repository verification error handling
* Refactor: Simplify RepositoryStep component structure
* Refactor: Improve error handling in RepositoryStep
* Refactor: Remove redundant repository creation logic from ProvisioningWizard
* Refactor: Simplify RequestErrorAlert component
* show github error
* now will verify
* test .git
* recover from bad config
* Update error handling
* Remove unused prop
* merge upstream
* Show migration summary
* Update text
* Improve text
* Betterer
* [Provisioning] Review controller changes (#101216)
* Review health check conditions
* Move down the logic to set up the sync status
* Skip if it's only a health check rerun
* Fix health check conditions
* Preserve last ref
* Format code
* Rename to shouldSkipSync
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
Co-authored-by: Roberto Jiménez Sánchez <roberto.jimenez@grafana.com>
* fix promotion step
* In the promotion pipeline, publish should depend on build
* fix promotion pipeline
* [Provisioning] Use smaller methods to process repository events (#101240)
* update codegen
* merge main
* Provisioning: Avoid localhost error loop (#101253)
* Provisioning: Update the recent jobs formatting (#101250)
format history
* [Provisioning] Refactor Pull Request & Lint worker (#101273)
* Refactor the code
* Refactor into separate files
* Consolidate linter flag in one spot
* Use global feature flags
* Commit betterer
* Remove from JSON the intermidiate flag
* Use again spec
* Clean up
* Revert changes in test
* POC/Provisioning: Remove sync confirm modal (#101281)
* [Provisioning] Remove linting from MVP (#101286)
* Remove Linting backend
* Re-generate client
* POC/Provisioning: Unify tags (#101218)
* Unify tags
* add both tags
* add tag types
* Check for the redirect only once
* Add fetch settings with delay hook
* Refetch settings
* Split hooks into separate files
* Cleanup
* Prettier
* Prettier
* Remove lint code
* Betterer
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* Provisioning: Update token instructions (#101280)
* Provisioning: Use blob storage rather than local file system to save images (#101298)
* [Provisioning] Add more explicit setup warnings if webhook integration and image rendering are disabled (#101304)
* Setup warnings if renders or webhooks are not possible
* Improve display
* Use a single Alert
* Make design more compact
* Only display local config is missing critical feature toggles
* Improve styling of required flags
* Add file name to the custom ini itself
* Add copy button
* Add FeatureSection Component
* Commit betterer
* Use an interactive table
* Use a modal for instructions
* Use the same modal for example config
* Improve setup steps
* Improve stepper
* Copy code ctrl + c
* Make it more compact
* Select feature to enable
* Improve the height of alerts
* Separate components
* Better warnings
* Improve the page
* Improve the cards
* Improve cards even more
* Improve cards
* Improve cards
* Optional copy in code block
* Add side bar with steps
* Improve styling
* Style modal
* Clean up Code
* Remove index file
* Simplify Step Component
* Commit betterer
* Simplify components
* Use CodeEditor and Clipboard components
* Do not show scrollback on minimum size
* Fix positioning of footer
* Separate Component for Feature
* Use different styling
* Commit betterer
* Use more Grafana components in the FeatureCard
* Separate sidebar into own components
* Simplify sidebar code
* Commit betterer
* Remove connector
* Simplify styling further
* Use cards
* Improve code
* Use more grafana component in InstructionsModal
* Further simplify
* Simplify the code
* Simplify style
* Clean up
* Simplify the Wizard
* Use little icons
* Improve feature cards
* Improve cards
* Commit betterer
* Add description to feature setup
* Improve instructions for snapshot preview
* Move all files into Setup folder
* Commit betterer
* Clean up the warnings code
* Improve coding
* Move sidebar item to separate fiel
* Rename components
* Fix issues
* Use stack instead
* Improve style
* Don't show setup button if configured already
* Simplify again CSS
* Use secondary actions
* Style a bit more
* Improve wording
* Update warning
* Refer to docs in Image Renderer
* More clean up
* Revert changes in generated client
* Fix typos and imports
* Fix lint errors
* Provisioning: better error support (#101490)
* update openapi snapshot
* fix build
* Provisioning: Only show setup page when feature toggles are missing (#101502)
* form fixing
* form fixing
* always send UID
* Same onboarding page regarless of migration (#101557)
* backend building... frontend still broken
* rename sync with main
* Provisioning: Update dashboard badge (#101599)
* Rename to push / pull everything user-facing (#101577)
* Rename to push / pull all everything user-facing
* Use automatic pulling wording
* Provisioning: Migrate when using unified storage (#101572)
* migrate when not unified
* Update pkg/registry/apis/provisioning/register.go
Co-authored-by: Roberto Jiménez Sánchez <roberto.jimenez@grafana.com>
* variables
* merge main
---------
Co-authored-by: Roberto Jiménez Sánchez <roberto.jimenez@grafana.com>
* Add tabs and features tab to listing page (#101570)
* List features in onboarding page (#101558)
* merge main
* POC/Provisioning: Check if the instance is provisioned (#101601)
* Check if the instance is provisioned
* Fix lints
* Fix getting config for new dashboard
* Fixes after merge
* More fixes
* Show success message
* Fix default value
* Add test
* Fix lints
* Provisioning: Include URLs in ResourceWrapper response (#101511)
* Convert Migrate wizard into a Connection Wizard (#101575)
* Convert Migrate wizard into a Connection Wizard
* Remove duplicate empty state
* Allow users to select target in the first step
* Remove file created by merge
* Select target based on existing connections
* Default option for targets and explainatory alert
* Do not display connect button if single connection
* Display target as tag in repository card
* Add Pull Step
* Fix linting
* User decides if migrate or connect
* Improve style based based on review
* Provisioning: Return upsert resource when writing (#101574)
* [Provisioning] Getting Started Page and Tab (#101701)
* merge main
* fix go.mod
* Provisioning: Redirect to the new URL after save (#101757)
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* POC/Provisioning: create folder (#101619)
* Add NewProvisionedFolderForm
* Cleanup
* Add folder api
* Register API
* Do not show provisioned badge for instances
* Enable saving
* Show saved alert
* Fixes
* Fix deps
* Cleanup
* Add test
* Add test
* Updates
* Fix test
* Fix import
* [Provisioning] Display instance connection directly in home (#101720)
* Show tabs directly in home page for instance sync
* Display actions also in the home page
* Add delete button to actions
* Fix issue with files tab
* Display tabs also in instant sync
* Generate connection name for instance sync
* Fix issues when no repositories
* Set active tab
* Remove leftover
* Rename component for listing folder repository
* Fix linting issues
* Fix merge error
* Rename to HomePage
* Split folder list into separate component
* Create own component for repository card
* Improve RepositoryCard readability
* Improve RepositoryCard styling
* Make view primary button
* Fix syntax
* Fix generateName
* merge main
* Provisioning: Move folder management into its own helper (#101864)
* folder
* update folder links
* Fix test
* update
* cleanup
---------
Co-authored-by: Clarity-89 <homes89@ukr.net>
* fixed folder issue
* POC/Provisioning: Create folder from root (#101921)
* Enable creating folder at the root
* Fix test
* Add interceptor
* Provisioning: Expose stats (#101927)
* [Provisioning] Unified onboarding wizard (#101952)
* Spike the solution
* More work
* Add more situations
* Attempt to display count of dashboards and folders
* Attempt with file count
* Do not display options if not possible
* Improve styling resources
* Use another API
* Fix issue with selection
* Style a bit
* Fix more issues
* Make the sync step work
* Improve links
* Use LinkButton
* Start pull automatically
* Start migration automatically
* Fix issue with options
* Fix issues
* Fix loading error
* Improve more things
* Improve styling
* Improve messaging
* Set the autofocus
* Fix some issues
* Fix issue with disabled options
* Only resources
* Finish settings depending on configuration
* Move title to wizard
* Fix title
* Improve styling
* Badge
* Explain on hover
* Improve styling
* Disabled at the bottom
* History & identifiers
* Improve wording
* Add padding left and right disable options
* Delete repository
* Improve buttons
* Give index time to catch up
* Improve buttons
* Handle steps with only forms
* Fix issue with initial migrate or pull
* Commit betterer
* Error messages
* Use memo
* Revampt that a bit
* Attempt to simplify the state and components
* Improve the component for Migrate
* Commit betterer
* Fix issue in next button
* Clean up more
* Start for boostrap step
* Fix issue with running status
* Fix issue with loading bootstrapping
* Improve loading
* Improve more the loading
* Fix issue with loading
* Empty tree
* Handle error
* Fix issue with looping
* Remove commented out lines
* Add comment
* Remove accidental file
* Fix imports
* Improve MigrateStep and PullStep
* Use hook for step status
* JobStep component
* Refactor data fetching
* Validate with Github
* Fix issue with failed error
* Fix next on success
* Address small comments
* Separate file for WizardContent
* Fix linting
* Use step approach also for bootstrap
* Make the logic for moving between steps clearer
* Fix navigation issue
* Clean up some logic
* Use useAsync for JobStep steps
* Revert "Use useAsync for JobStep steps"
This reverts commit 242a275cc9.
* Provisioning: use service to get counts (#101972)
counts
* must migrate when using legacy storage
* Revert "Revert "Use useAsync for JobStep steps""
This reverts commit a420d0ac36.
* Fix async conditions
* Organize imports
* Separate component for BootstrapOptionCard
* BootstrapOptionsList
* Remove duplicate definitions
---------
Co-authored-by: Clarity-89 <homes89@ukr.net>
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* Merge
* Fix utils
* POC/Provisioning: Fix folder path for dashboard (#101997)
* Provisioning: Fix folder path for dashboards
* Fix isNew
* Update test
* Fix any error
* Betterer
* [Provisioning] Improve progress recording and updates (#102035)
* do not validate on delete
* Provisioning: Implement authorizer for remaining resources (#101945)
* feat: implement authorizer for remaining resources
* fix: don't allow viewers to write files
* security: harden blob id fetching
* add integration test for admin vs viewer
* feat: only Get is a valid verb for reads in our subresources
Co-Authored-By: Ryan McKinley <ryantxu@gmail.com>
* feat: allow render for all requests
* refactor: use guards
Not changing code that goes `if a { } else if b { } else { }` as the semantic meaning of the different branches is
easier to parse.
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* POC/Provisioning: Improve wizard setup (#102066)
* wizard actions
* workign better
* remove more memo
* show polling interval
* cleanup
* finalizers
* Update public/app/features/provisioning/Wizard/BootstrapStep.tsx
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Update public/app/features/provisioning/Wizard/BootstrapStep.tsx
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Update public/app/features/provisioning/Wizard/BootstrapStep.tsx
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Update public/app/features/provisioning/Wizard/BootstrapStep.tsx
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Update public/app/features/provisioning/Wizard/BootstrapStep.tsx
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Update public/app/features/provisioning/Wizard/WizardContent.tsx
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Update public/app/features/provisioning/Wizard/WizardContent.tsx
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Update public/app/features/provisioning/Wizard/BootstrapStep.tsx
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* updates from alex
* updates from alex
* Simplify actions
* Extract props
* history supported form legacy only (for now)
* More refactor
* change order
* Fix cleanup finalizer
* show kinds
* fix lint
---------
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Clarity-89 <homes89@ukr.net>
Co-authored-by: Roberto Jimenez Sanchez <roberto.jimenez@grafana.com>
* Fix resource condition (#102086)
* Fix job summary stats issue (#102084)
* merge main
* Repository link should point to configured branch (#102092)
* Add getRepoHref
* Fix random string generation
* Redirect to Home on repository deletion (#102096)
* Fix extra commas in pull request comment (#102108)
* Fix image rendering endpoint (#102107)
* POC/Provisioning: Support migrate... when starting with unified storage (#102097)
* use same clone
* now using upsert
* Fix lint
---------
Co-authored-by: Roberto Jimenez Sanchez <roberto.jimenez@grafana.com>
* Clean up unprovisioned resources after unified storage migration (#102126)
* Clean up unprovisioned resources after migrate
* Clean up unprovisioned resources after migrate
* Update pkg/registry/apis/provisioning/jobs/migrate/resources.go
* Reset summary between export and pull (#102101)
* Reset summary between export and pull
* Add reset results to unified storage migration
* Provisioning: always dirty (#102151)
* fix test version
* log the watch line
* POC/Provisioning: Disable repository list watch (#102169)
* Disable watch for repo list endpoint
* Add comment
* Remove another watch
* Provisioning: Avoid calling test on every update (#102161)
test less often
* Provisioning: Support prefixes in GitHub repositories (#101969)
* feat: add a Prefix property to GitHub repo spec
* feat: make nested folders work properly
* feat: use subdir for go-git export
* fix: placeholder for prefix should be grafana/
* feat: rename prefix to path
* fix: json name should be path, too
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* chore: regen apis
* fix: copy 'path'
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* Merge
* Fix duplicate type
* Provisioning: Test export functionality (#101336)
* Provisioning: Test export functionality
* fix: use context.Background
* test: add more cases for local repo path resolving
* test: rework test inputs
* test: try to make github test work
* fix: clear global state
* Update api client imports
* Fix import
* Fix test
* Update codegen
* Provisioning: Make it green (#102271)
* chore: remove unused functions
* chore: update betterer results
* chore: update openapi spec
* chore: yarn generate-apis
* fix: specify default false if undefined
* Use AnnoKeyManagerIdentity
* Add manager kind
* POC/Provisioning: Update component structure (#102297)
* Update project structure
* Update imports
* Remove unused components
* Copy fixes
* Typo
* More copy fixes
* Betterer
* Update test
* merge main
* Provisioning: Replace hardcoded clients with discovery client (#101918)
* disco client
* discovery client
* merge main
* merge main
* keep factory
* keep factory
* find preffered version for delete factory
* use same folders request
* merge main
* with integration test
* POC/Provisioning: Compare spec in test rather than raw JSON (#102352)
* compare spec not json
* compare spec not json
* [Provisioning] Add in-code TODOs in API Server area (#102360)
* Add TODOs for files endpoint
* Add TODO history endpoint
* Add TODO to move files logic to resource package
* Add TODO to not use private fields directly
* Remove unnecessary checks in list connector
* Add pagination TODO in lister
* Add TODO to rename resources
* Add todo about cloning too early
* Add TODO to propose to merge sync and migrate endpoints
* Add TODOs in register
* Add more TODOs in connectors & routes
* Add TODOs about prefix
* Change it to remove
* Update pkg/registry/apis/provisioning/test.go
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* POC/Provisioning: Switch folders to use managedBy (#102362)
* Folders: Switch to managedBy
* Fix create folder
* Fix tests
* Do not allow changing folder from dashboard settings
* Update imports
* Update provisioned meta
* Do not show provisioned badge for child folders
* Fix folder title
* Update folder actions
* Update new provisioned folder form
* Remove unused code
* Fix condition
* Reset default values on change
* Remove duplicate nav item
* Add managedBy to DashboardQueryResult
* Provisioning: support watch over live (in feature branch) (#102408)
* Provisioning: watch cleanup (#102424)
* fix lint
* Provisioning: Add basic usage stats (#102405)
* [Provisioning] Add limitations to Github Repository (#102451)
* Put limits to Github
* File is too large
* Move constants
* Embed ListOptions again
* Remove TODO
* Provisioning: Pick a better default title (#102516)
better title
* Provisioning: sanitize pull request urls (#102517)
* [Provisioning] Clean up clone after export and migrate (#102467)
* Remove clone directory on clone failure
* Defer remove clones
* Log error if removal fails
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* [Provisioning] Limit path length and depth in APIs (#102472)
* Limit filepath length in files API calls
* Add common utility to deal with paths
* Use the existing function
* Fix import
* Update pkg/registry/apis/provisioning/safepath/limit.go
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* Fix issue after website commit
* Fix linting issue in test
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* Add timeout, JSON check and max body size to endpoints (#102443)
* Add timeout, JSON check and max body size to endpoints
* Use http.MaxBytesReader instead
* Use MaxBytesReader also for reading the entire body
* Add empty line
* Add unit tests
* Fix integration tests
* Update pkg/registry/apis/provisioning/render.go
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* Do not use utils :)
* Fix comment on unmarshalJSON
* 25MB for webhook events
* Remove content type check for files write
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* fix imports
* Provisioning: Remove export option from the UI (#102511)
* [Provisioning] Remove unused checkout method in go-git (#102460)
* [Provisioning] Limit max number of repositories to 10 (#102542)
* Limit to maximum 10 repositories in backend
* Change messaging
* Do not display connect button if more than 10
* Only fetch settings once
* watch repos
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* [Provisioning] Limit size and time to git clone and push in go-git (#102458)
* Limit git clone and push time and size
* Fix linting
* Use transport instead to limit
* Remove not supported
* Add TODO to make timeout configurable
* chore: make update-workspace
* Provisioning: Implement a new job queue (#102446)
* feat: implement a new job queue
Outstanding problems:
* Status isn't saved.
* Progress updates don't work (due to status not being saved probably?).
* feat: properly save status
* chore: document label
* chore: assumptions do hold
* fix: support multi-tenant job drivers
* fix: use namespace=*
* fix: set resource back to pointer when updating job progress
If we don't do this, we start rejecting job progress updates as the version falls out of sync.
* feat: make job APIs read-only
* fix: complete job when worker returns
* fix: set namespace on requests from controller
* test: check historic jobs
* chore: regen apis
* feat: start augmenting frontend
* feat: add jobs to authorizer
* feat: use watch from input
* fix: make frontend subscribe to historic jobs
* fix: lint
* chore: yarn prettier:write
* fix: frontend lints
* test: allow for empty state in historicjobs
* test: set content type for export request
* fix: always set job name on insert
* fix: import
* fix: use dashes not colons
* fix: job status should expect a historic job transition
* fix: allow PR jobs from multiple PRs
* feat: same name for sync and migrate jobs
* feat: generate a job name in the store
* refactor: rename to persistentStore
* feat: remove status subresources on jobs
* feat: join jobs into one card
* chore: regen openapi snapshot
---------
Co-authored-by: Roberto Jimenez Sanchez <roberto.jimenez@grafana.com>
* Provisioning: Use a complete storage for jobs (#102605)
* feat: add a complete strategy to apiserver
* feat: use the complete storage strategy for jobs
* test: behaviour changed in main
* [Provisioning] Consolidate file path handling (#102617)
* Add more cases for validation
* Call the method dir
* Clean files endpoint
* Simplify further
* Fix issues with folder
* Add Dir function
* Use walk function in folders
* Move things from ID
* Fix some tests
* Add tree
* Sync worker and changes
* Add more TODOs
* Add normal join
* Remove things in local
* Consolidate single Join
* Call it safe
* Add new IsPathSupported action
* Move the depth to resources
* Add more cases
* Improve trie implementation
* Add tests trie
* Fix trie tests
* Improve trie tests
* Add tests for walk
* Fix linting
* Add unit tests filepath
* Remove TODO
* Remove another TODO
* Unsupported file extension error
* Add documentation for IsPathSupported
* Filepath unit tests
* Use safepath to validate github path
* Remove TODO in wrapper
* Use trailing slash in folder internal object
* Fix changes test
* Include dot
* Add TODO to explore own type for path
* Fix frontend lint
* Fix unit tests
* Fix provisioning integration tests
---------
Co-authored-by: Roberto Jiménez Sánchez <roberto.jimenez@grafana.com>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
Co-authored-by: Clarity-89 <homes89@ukr.net>
Co-authored-by: Andrej Ocenas <mr.ocenas@gmail.com>
Co-authored-by: Kevin Minehart <kmineh0151@gmail.com>
* Validate authID when user is provisioned
* Add new `user_unique_id` to `user_auth` table
* Validate provisioned user with saml assertion
* Rework `ExternalUID`
* Validate for ExternalUID only
* Enhance verbosity
* Move ExternalUID to saml config
* Rename db variable for externalUID
* Add verbosity to debug ExternalUID
* Assign new error for ExternalUID mismatch
* Add `GetByLoginFn`
* Add new configuration to saml tests
* add validation for empty externalUID
* check namespace in unistore
* fix tests
* fix trace status
* Use capital letter
---------
Co-authored-by: Karl Persson <23356117+kalleep@users.noreply.github.com>
* Clean up authenticator
* Cleanup authorizers and replace org_id and stack_id with namespace authorizer
* Remove dependency on org service
* Extract orgID from /apis/ urls and validate stack id
* Add isProvisioned field to model
* Add new isProvisioned column to migration
* Disable auto assignment to organization if the user is provisioned
* add annotation to user model
* add annotation to user models
* Remove IsProvisioned field from Identity
* Move new field assignenment and add default value
* Update annotations for user query results
* Remove isProvisioned from identity
* Add new column to test
* Resolve user from identity at SyncOrgHook
* Auth: Add IP address login attempt validation
* LoginAttempt struct IpAddress field must be camelCase to match db ip_address column
* add setting DisableIPAddressLoginProtection
* lint
* add DisableIPAddressLoginProtection setting to tests
* add request object to authenticate password test
* nit suggestions & rename tests
* add login attempt on failed password authentication
* dont need to reset login attempts if successful
* don't change error message
* revert go.work.sum
* Update pkg/services/authn/clients/password.go
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Auth: disable passwordless auth if any SAML/OAuth is enabled
* Update pkg/services/authn/authnimpl/registration.go
Co-authored-by: Victor Cinaglia <victor@grafana.com>
* simplify check if any auth providers are enabled
* add accidentally removed break statement, use IsEnabled with empty context to check if PasswordlessMagicLinkAuth enabled
* use IsClientEnabled
* Update pkg/api/frontendsettings.go
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
---------
Co-authored-by: Victor Cinaglia <victor@grafana.com>
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Refactor OAuthToken service
* introduce user.SessionAwareIdentityRequester
* replace login.UserAuth parameters with user.SessionAwareIdentityRequester
* Add nosec G101 to fake ID tokens
* Opt 2, min changes
* Revert a change to the current version
This patch marks ID tokens as not required when initalising a gRPC
Authenticator to be used in `cloud` mode. ID Tokens are still enabled in
`cloud` mode, but the `Required` option is set to `false`.
This is needed for MT services like Cloud API Server to authenticate
against gRPC services like Resource Store with only an Access Token.
Signed-off-by: Prem Kumar <prem.saraswat@grafana.com>
* initial passwordless client
* passwordless login page
* Working basic e2e flow
* Add todo comments
* Improve the passwordless login flow
* improved passwordless login, backend for passwordless signup
* add expiration to emails
* update email templates & render username & name fields on signup
* improve email templates
* change login page text while awaiting passwordless code
* fix merge conflicts
* use claims.TypeUser
* add initial passwordless tests
* better error messages
* simplified error name
* remove completed TODOs
* linting & minor test improvements & rename passwordless routes
* more linting fixes
* move code generation to its own func, use locationService to get query params
* fix ampersand in email templates & use passwordless api routes in LoginCtrl
* txt emails more closely match html email copy
* move passwordless auth behind experimental feature toggle
* fix PasswordlessLogin property failing typecheck
* make update-workspace
* user correct placeholder
* Update emails/templates/passwordless_verify_existing_user.txt
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update emails/templates/passwordless_verify_existing_user.mjml
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update emails/templates/passwordless_verify_new_user.txt
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update emails/templates/passwordless_verify_new_user.txt
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update emails/templates/passwordless_verify_new_user.mjml
Co-authored-by: Dan Cech <dcech@grafana.com>
* use & in email templates
* Update emails/templates/passwordless_verify_existing_user.txt
Co-authored-by: Dan Cech <dcech@grafana.com>
* remove IP address validation
* struct for passwordless settings
* revert go.work.sum changes
* mock locationService.getSearch in failing test
---------
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
* Rename from AllowedKubernetesNamespace to Namespace
* Use a sync hook to always set namespace for Identity.
* format
* Don't set uid when authenticating as user
* extracted in-proc mode to #93124
* allow insecure conns in dev mode + refactoring
* removed ModeCloud, relying on ModeGrpc and stackID instead to discover if we're running in Cloud
* remove the NamespaceAuthorizer would fail in legacy mode. It will be added back in the future.
* use FlagAppPlatformGrpcClientAuth to enable new behavior, instead of legacy
* extracted authz package changes in #95120
* extracted server side changes in #95086
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: gamab <gabriel.mabille@grafana.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
