grafana

Author	SHA1	Message	Date
Karl Persson	b4366ebed2	Zanzana: bootstrap authz server (#95036 ) Bootstrap authz extended server	2024-10-21 14:58:57 +02:00
Alexander Zobnin	2baf4883cc	Zanzana: add action sets to dashboard and folder schema (#94602 )	2024-10-18 16:58:30 +02:00
Karl Persson	a82d01214d	Auth: Update authlib (#94947 ) * Update authlib	2024-10-18 13:36:21 +02:00
Karl Persson	4083b2208e	Zanzana: periodic sync of team members (#94752 ) * Rewrite zanzana collector to fetch all available pages * Register access control as a background service * If zanzana is enabled we run Syncs and start Reconciliation job * Update pkg/services/authz/zanzana/client/client.go Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com> * Use server lock when doing performing reconciliation	2024-10-17 15:28:33 +02:00
Alexander Zobnin	9f1b584c85	Chore: Update authlib version (#94714 ) * Chore: Update authlib version * update workspace * use ParseNamespace()	2024-10-15 16:58:46 +02:00
Alexander Zobnin	fcfa4aa777	Zanzana: Add config options for Check and ListObjects queries (#94619 ) * Zanzana: Add config options for Check and ListObjects queries * remove fixme * pass only zanzana settings	2024-10-14 14:44:47 +03:00
Alexander Zobnin	e642e1a804	Zanzana: Pass parent folder for the checks in search queries (#94541 ) * Pass parent folder as a contextual tuple in Check request * Search by listing folders and dashboards * skip dashboards listing if limit reached * remove unused * add some comments * only add ContextualTuples if parent provided * Remove parent relation for dashboards from schema and perform separate checks	2024-10-10 17:38:15 +02:00
Karl Persson	9ece88d585	Zanzana: bump openfga version (#94485 ) * Bump openfga * Remove internall sqlite implementation for openfga * Use sqlite implementation from openfga	2024-10-10 09:07:40 +02:00
Alexander Zobnin	5d724c2482	Zanzana: Initial dashboard search (#93093 ) * Zanzana: Search in a background and compare results * refactor * Search with check * instrument zanzana client * add single_read option * refactor * refactor move check into separate function * Fix tests * refactor * refactor getFindDashboardsFn * add resource type to span attributes * run ListObjects concurrently * Use list and search in less cases * adjust metrics buckets * refactor: move Check and ListObjects to AccessControl implementation * Revert "Fix tests" This reverts commit `b0c2f072a2`. * refactor: use own types for Check and ListObjects inside accesscontrol package * Fix search scenario with low limit and empty query string * more accurate search with checks * revert * fix linter * Revert "revert" This reverts commit `ee5f14eea8`. * add search errors metric * fix query performance under some conditions * simplify check strategy * fix pagination * refactor findDashboardsZanzanaList * Iterate over multiple pages while making check request * refactor listUserResources * avoid unnecessary db call * remove unused zclient * Add notes for SkipAccessControlFilter * use more accurate check loop * always use check for search with provided UIDs * rename single_read to zanzana_only_evaluation * refactor * update go workspace * fix linter * don't use deprecated fields * refactor * fail if no org specified * refactor * initial integration tests * Fix tests * fix linter errors * fix linter * Fix tests * review suggestions Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * fix limit * refactor * refactor tests * fix db config in tests * fix migrator (postgres) --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>	2024-10-04 12:27:10 +02:00
Charandas	af2e79aa83	K8s: namespace mapper should use authlib's util (#92332 )	2024-08-27 15:01:42 -07:00
Alexander Zobnin	0e0c877609	Zanzana: Model fixed roles as a part of schema (#92364 ) * model fixed roles for dashboards and folders * Correctly translate fixed role assignments * minor refactor * assign fixed roles to teams * fix linter errors * Migrate general folder permissions for fixed roles * fix dashboards:create permission	2024-08-27 15:39:22 +02:00
Dave Henderson	df3d8915ba	Chore: Bump Go to 1.23.0 (#92105 ) * chore: Bump Go to 1.23.0 Signed-off-by: Dave Henderson <dave.henderson@grafana.com> * update swagger files Signed-off-by: Dave Henderson <dave.henderson@grafana.com> * chore: update .bingo/README.md formatting to satisfy prettier Signed-off-by: Dave Henderson <dave.henderson@grafana.com> * chore(lint): Fix new lint errors found by golangci-lint 1.60.1 and Go 1.23 Signed-off-by: Dave Henderson <dave.henderson@grafana.com> * keep golden file * update openapi * add name to expected output * chore(lint): rearrange imports to a sensible order Signed-off-by: Dave Henderson <dave.henderson@grafana.com> --------- Signed-off-by: Dave Henderson <dave.henderson@grafana.com> Co-authored-by: Ryan McKinley <ryantxu@gmail.com>	2024-08-21 11:40:42 -04:00
Alexander Zobnin	87c4f2448c	Zanzana: Use modular schema (#92001 ) * Zanzana: Use modular schema * Fix tests * Add module transform tests	2024-08-19 11:10:51 +02:00
Alexander Zobnin	aaf33c7923	Zanzana: Migrate basic, fixed and custom roles (#91814 ) * Zanzana: Migrate basic roles permissions * add basic roles assignments * refactor * Sync basic roles permissions in all orgs * migrate fixed roles * map root folders to orgs * fix basic role assignments in orgs * migrate other roles * migrate team roles assignments * add notes about authorization schema * don't migrate fixed roles	2024-08-15 16:13:27 +02:00
Karl Persson	8bcd9c2594	Identity: Remove typed id (#91801 ) * Refactor identity struct to store type in separate field * Update ResolveIdentity to take string representation of typedID * Add IsIdentityType to requester interface * Use IsIdentityType from interface * Remove usage of TypedID * Remote typedID struct * fix GetInternalID	2024-08-13 10:18:28 +02:00
Ryan McKinley	243c0935fc	Auth: Use claims.AuthInfo in requester (#91739 )	2024-08-09 19:46:56 +03:00
Alexander Zobnin	1cc438a56c	Zanzana: Evaluate dashboard and folder permissions (#91539 ) * Zanzana: basic folder permissions checks * Fix managed permissions for teams * fix sync batch size * add dashboards actions translations * migrate folder tree * migrate dashboard folders * remove action sets from schema * Adding more dashboard and folder-related permissions * refactor * Correctly translate dashboard permissions in folders * fix dashboard parent permissions	2024-08-09 13:48:56 +02:00
Gabriel MABILLE	c76d1e04e8	Authz: Fix on-prem grpc authentication (#91341 ) * Authz: Fix on-prem grpc authentication Co-authored-by: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com> * Remove noAuth override --------- Co-authored-by: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com>	2024-08-01 16:30:13 +03:00
Claudiu Dragalina-Paraipan	cf55ac5813	authz: set authzv1.ReadResponse.Found (#91212 ) Co-authored-by: Gabriel MABILLE <gabriel.mabille@grafana.com>	2024-07-30 18:26:54 +03:00
Claudiu Dragalina-Paraipan	05ab4cdd1f	[authz]: use authlib client (#91205 ) authz: use authlib client Co-authored-by: Gabriel MABILLE <gabriel.mabille@grafana.com>	2024-07-30 17:49:46 +03:00
Ryan McKinley	9db3bc926e	Identity: Rename "namespace" to "type" in the requester interface (#90567 )	2024-07-25 12:52:14 +03:00
Karl Persson	c04be62b65	Zanzana: client integration test (#89997 ) * Restructure * Zanzana: Add integration tests for client * skip mysql 5.7 integration tests	2024-07-04 11:23:48 +02:00
Karl Persson	cbbc12a31b	Zanzana: Sync team memberships (#89983 ) * Zanzana: Use uid for users and teams * Zanzana: Team membership migrator --------- Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>	2024-07-03 13:37:26 +02:00
Karl Persson	e568b86ac0	Zanzana: Initial work to allow partial data migrations (#89919 ) * Zanana: Add Write method to interface * Zanzana: Add utilities for translating RBAC to openFGA tuple keys * RBAC: Add zanzana synchronizer * Run zanzana sync in access controll provider	2024-07-02 14:45:25 +02:00
Alexander Zobnin	f1968bbcbb	Zanzana: Run OpenFGA HTTP server in standalone mode (#89914 ) * Zanzana: Listen http to handle fga cli requests. * make configurable * start http server during service run * wait for GRPC server is ready * remove unnecessary logs * fix linter errors * run only in devenv * make address configurable	2024-07-02 11:14:09 +02:00
Alexander Zobnin	190892bc88	Zanzana: Initial schema loading (#89492 ) * Zanzana: Dummy schema loading * Load authorzation model for client --------- Co-authored-by: Karl Persson <kalle.persson@grafana.com>	2024-06-27 13:57:06 +02:00
Karl Persson	eea7319a67	Zanzana: sqlite data store (#89486 ) * Zanzana: Add sqlite3 store * Zanzana: Initilize sqlite store with migrations	2024-06-25 09:52:33 +02:00
Ryan McKinley	5e95c1bdf8	Storage: Move grpc helper from entity store to resource store (#89490 )	2024-06-20 22:32:19 +03:00
Alexander Zobnin	ba16c37126	Zanzana: Simple openfga client wrapper (#89430 )	2024-06-20 10:37:16 +02:00
Karl Persson	3fe29809be	Zanzana: database migrations (#89390 ) * Zanana: Use grafana migrations to run openFGA migration files and initilize store. * Add feature toggle * Zanzana: return noop client if feature toggle is disabled	2024-06-19 15:59:47 +02:00
Alexander Zobnin	b3907ca5ec	Zanzana: Simple logger wrapper for openfga (#89396 ) * Zanzana: Simple logger wrapper for openfga * don't export	2024-06-19 13:55:31 +02:00
Karl Persson	606a74d0af	Zanzana: Initial work to run openFGA as embedded or standalone service (#89211 ) * Zanana: Initial work to run zanana as ebeddedn or standalone * Add addr settings for when remote client is used. * sync dependencies * Lock mysql driver version --------- Co-authored-by: Dan Cech <dcech@grafana.com>	2024-06-18 10:04:18 +02:00
Gabriel MABILLE	5f83fdef2c	AuthZ: GRPC client init and config options (#89161 )	2024-06-18 06:13:24 +02:00
Gabriel MABILLE	afcb5a855c	AuthZ: embed an authorization server (#89018 ) * AuthZ: embed an authorization server * CODEOWNERS * Remove swagger * WIP * Flatten structure and inject wireset * sync mod files * Rename authorization package * Fix swagger gen * CODEOWNERS * Use itf instead of impl --------- Co-authored-by: Karl Persson <kalle.persson@grafana.com>	2024-06-13 11:41:35 +02:00

34 Commits