* Extract from #108753
Co-Authored-By: mohammad-hamid <mohammad.hamid@grafana.com>
* Tackle create
Co-Authored-By: mohammad-hamid <mohammad.hamid@grafana.com>
* WIP use identity store to resolve role names
* Commit empty service for now
* Clean
* For now only show name and created at
---------
Co-authored-by: mohammad-hamid <mohammad.hamid@grafana.com>
* Add Create for User + DualWriter setup
* Add delete User
* Fix delete + access check
* Add tests for delete user
* Add tests for create user
* Fixes
* Use sqlx session to fix database locked issues
* wip authz checks
* legacyAccessClient
* Update legacyAccessClient, add tests for create user
* Close rows before running other queries
* Use ExecWithReturningId
* Verify deletion in the tests
* Add Validate and Mutate
* Other changes
* Address feedback
* Update tests
---------
Co-authored-by: Gabriel Mabille <gabriel.mabille@grafana.com>
* IAM: Register CoreRole apis
* one line store instantiation
* Small refactor for readability
* Add authorizer for CoreRole
* Nit
* Error strings should not end with punctiation
* Account for error
* Switch to use the local resource client
* error should not start with upper casing
* noopStorageErr should have a name starting with err
* Update workspace
* I don't know why I don't have the same output as the CI 🤷
* Dependency xOwnership
* imports
* Import order
* Rename alias to make it clear this is legacy
* Extract a helper funtion to perform list with authorization checks
* Add k8s verb to utils package
* Construct default mapping when no custom mapping is passed
* Configure authorization checks for service accounts
* Fix helper and add filtering to service accounts
* Unexport store and create new constructor function
* Add ResourceAuthorizer and LegacyAccessClient
* Configure checks for user store
* List with checks if AccessClient is configured
* Allow system user service account to read all users
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Misi
Gabriel MABILLE
Ryan McKinley
Karl Persson