* remove drone & dead code in pkg/build; update go modules
* remove .drone.star
* Remove drone scripts and drone references in Makefile
* make update-workspace
* remove deadcode tool
* Remove daggerbuild/scripts: deadcode
* Remove drone files / folders in CODEOWNERS
* make update-workspace
* remove more dead code
* Auth: Add functional option for static requester methods
Initially supporting WithServiceIdentityName to set a ServiceIdentity
inside the Claims.Rest object, so that Secrets Manager can parse
the service requesting secret decryption.
On Secret creation, the service will have to pass its identity
(which is a freeform string) to the SecureValues' Decrypters object.
This field gates which services are allowed to decrypt the SecureValue.
And upon decryption, the service should build a static identity with
that same service identity name when calling the decrypt service.
* StaticRequester: Put secret decrypt permission in access token claims
* StaticRequester: Inline getTokenPermissions function
* wip
* Use serviceaccount model from /apps/iam
* revert version update
* Add tembinding, userteam, other improvements
* Change serviceaccounttoken spec
* Revert the change of ServiceAccountToken
* Revert the change of UserTeam
* Clean up
* Remove files that are not needed for now
* Lint
* Update sql query's integration tests
* Fix tests
* update openapi spec
* Move LastSeenAt to the annotations
* Updte openapi_snapshots
* Change lastSeenAt annotation name
* IAM: Register CoreRole apis
* one line store instantiation
* Small refactor for readability
* Add authorizer for CoreRole
* Nit
* Error strings should not end with punctiation
* Account for error
* Switch to use the local resource client
* error should not start with upper casing
* noopStorageErr should have a name starting with err
* Update workspace
* I don't know why I don't have the same output as the CI 🤷
* Dependency xOwnership
* imports
* Import order
* Rename alias to make it clear this is legacy
* feat: remove kube-aggregator for OSS and provide injection points with runner iface
* upgrade authlib to support expiresIn
* new FT
* new FT again
* update go.mod
* get rid of the slice implementation
* reconcile conflicts
* gracefully handle enterprise not being linked situation with kubeAggregator FT true
* allow dataplane agg and kube agg to both be added to delegate chain
* make update-workspace
* address feedback
* revert go.mod changes
* go.mod updates
* elaborate on why and how of skipping the Ready channel handling
* after rebase and make run
* Dependencies: Bump github.com/openfga/openfga from v1.8.6 to v1.8.12
* Linter: Replace x/exp/rand with math/rand/v2
* NGAlert: Fix test after linter fixes
* feat(add): datasources:query support for using the authlib/authzservice
* added test for datasources
* refactor to create the translation right away
* Update pkg/services/authz/rbac/mapper.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* fix tests
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* WIP: Separate signature package
* Add some unit tests
* Test factory
* Finish unit test coverage signature package
* Fix register
* Add FIXME
* Add more coverage
* Add more coverage
* Fix migrate tests
* Fix unit tests
* Activate schema validation and align underlying systems
* update to save as v0 if not the right schema version
* Resolve merge conflicts
* Move RequireApiErrorStatus to tests package
* Add mutation tests
* Fix lint
* Only do min version check if dashboard is v1
* Fix lint and disable provisioning test
* Revert provisioning changes
* Revert more tests and add schema test
* Reran gen
* SQL Dashboard save
* Adjust APIVERSION
* Fixed mutation test
* Add logging on downgrade
---------
Co-authored-by: Marco de Abreu <18629099+marcoabreu@users.noreply.github.com>
Co-authored-by: Stephanie Hingtgen <stephanie.hingtgen@grafana.com>
* create permissions
* add key
* lint
* structure as a delayed callback
* legacy API hook
* merge main
* wired up
* and folders
* watch repos
* missing return statement
* Set the correct permissions
* add TestAfterCreatePermissionCreator
* do not add perms on folder create
* fix tests
* add annotation on create
* lint
* lint
* ensure we set permissions when the FT is disabled
* remove custom folder_storage
* fix lint
* change default
* lint
* lint
* fix: annotation
* ensure permissions are added on folder legacy
* remove folderstorage again
* fix tests
* add FT
* undo change to folder
* dashboard on create
* remove annotation for folder
* fix tests
* fix prepare after rebase
* fix tests
* fix tests
* fix tests
* lint
* address comments
* add test for prepareObjectForStorage
* add again skipIfMode as per comment
---------
Co-authored-by: Georges Chaudy <chaudyg@gmail.com>
* Use authlib repo. Use otel
* Use interceptors on the provider level
* Create a new wire set with otel
* Lint
* Fix test
* make update-workflow
* make update-workspace
* make update-workspace. Try to add authlib as enterprise imports
* make update-workspace
* Add e2e dagger pipeline
* various-suite not various suite
* upload videos dir
* produce e2e videos even on failure
* nil ref
* sync doesn't return container
* fix quotes
* try without flags first?
* try without quoting?
* use two dashes in flags
* update CODEOWNERS
* make update-workspace
* go work sync
* make update-workspace
* add newline
* Convert pkg/apis to a module
* Update apistore module to use apis go module
* Add module to dependabot
* Group go dependencies
* Add guidelines for adding a new gomod
* Prettier
* Only convert apis/folder to a module for now
* Add replace directive
* Add missing go mod
