* Use the new authorizer for the User resource
* Use accessClient
* Update pkg/services/authz/rbac/mapper.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Chore: Update authlib
* exclude incompatible version of github.com/grafana/gomemcache
* Update go-jose to v4
* fix jose imports
* remove jose v3 from go.mod
* fix tests
* fix serialize
* fix failing live tests
* add v1 of ES256 testkeys. Port tests to use ES256 instead of HS256
* accept more signature algs for okta and azuread
* azure social graph token sig
* accept more signature algs for oauth refresh and jwt auth
* update workspace
* add a static signer for inproc
* rebase and fix ext_jwt
* fix jwt tests
* apply alex patch on gomemcache
* update linting
* fix ext_jwt panic
* update workspaces
---------
Co-authored-by: Jo Garnier <git@jguer.space>
* AuthZ: Create without scope for resources outside of folders
* Make it explicit that create requires a scope check
* Update pkg/services/authz/rbac/service.go
* Use skipScope instead of ReqScope
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Explain why there is no need to skip scope for roles
---------
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* IAM: Register CoreRole apis
* one line store instantiation
* Small refactor for readability
* Add authorizer for CoreRole
* Nit
* Error strings should not end with punctiation
* Account for error
* Switch to use the local resource client
* error should not start with upper casing
* noopStorageErr should have a name starting with err
* Update workspace
* I don't know why I don't have the same output as the CI 🤷
* Dependency xOwnership
* imports
* Import order
* Rename alias to make it clear this is legacy
* feat(add): datasources:query support for using the authlib/authzservice
* added test for datasources
* refactor to create the translation right away
* Update pkg/services/authz/rbac/mapper.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* fix tests
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* SQLTemplates: Add helper to ensure all templates have a test-case associated
* UnifiedStorage: Add missing sql template test case
* LegacyDashboards: Add sql templates fs to test cases for exhaustiveness check
* RBACStore: Add sql templates fs to test cases for exhaustiveness check
* LegacyIAM: Add missing sql template test cases
* Anonymous access: Allow setting org role in new authz service
* back out change that is not needed; rename struct
* cleanup
* Fix tests
---------
Co-authored-by: Gabriel Mabille <gabriel.mabille@grafana.com>
* Authz: Test List
* Anonymous case
* Cover rendering
* Authz: Check namespace is set in the context
* Explicitly request a namespace check in the storage functions
* Revert logic
* Add FolderStore interface
* Authz: add implementation to use folders api and use it inproc with loopback config
* Add tracing and add rest.Config for talking with folder api using access tokens
* Restructure test to get rid of circular dependencies in tests
* use correct group version kind
---------
Co-authored-by: gamab <gabriel.mabille@grafana.com>
* Refactor folder tree to its own structure
* Make it possible to json encode the tree
* Use iterations for Ancestors and Children
---------
Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>
* add metrics for authZ MT service
* remove metrics that are already tracked by the GRPC server metrics
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* undo unneeded change
* test fix
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Extract "PermissionStore" from general store interface
* Add static and union permission stores
* Add GetStaticRoles
* Use accesscontrol.Service for inproc to provide static permissions
Alexander Zobnin
Gabriel MABILLE
Misi
Ryan McKinley
Andres Torres
mohammad-hamid
Jean-Philippe Quéméner
Matheus Macabu
Eric Leijonmarck
Stephanie Hingtgen
Ieva
Karl Persson
Todd Treece