public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
62,065 Commits 655 Branches 650 Tags
f2f1663dba8a5f6884df19bebd2dbe61c831d8d5
Commit Graph

582 Commits

Author SHA1 Message Date
Jo
f3896624f5 Access: Remove plugin app access in plugin basic role seeder (#108526) 
* draft: remove plugin app access in plugin basic role seeder

* fix log

* remove mods to gosum

* fix missing plugin check

* debug log, not warn

* Secrets: Better error message for not matching resource owner (#109113)

---------

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
 2025-08-06 09:25:06 +01:00
Stephanie Hingtgen
6b86277ecf Nested folders: Remove feature flag (#109212) 2025-08-06 10:07:23 +03:00
Serge Zaitsev
a95fb3a37c Chore: Omit integration tests if short test flag is passed (#108777) 
* omit integration tests if short test flag is passed

* Update pkg/services/ngalert/models/receivers_test.go

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>

* Update pkg/tests/api/alerting/api_ruler_test.go

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>

* Update pkg/tests/api/alerting/api_ruler_test.go

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>

* Update pkg/tests/api/alerting/api_ruler_test.go

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>

* Update pkg/tests/api/alerting/api_ruler_test.go

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>

* Update pkg/tests/api/alerting/api_ruler_test.go

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>

* Update pkg/services/ngalert/models/receivers_test.go

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>

* Update pkg/cmd/grafana-cli/commands/datamigrations/to_unified_storage_test.go

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>

* Update pkg/services/ngalert/models/receivers_test.go

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>

* fix the rest

* false positive

---------

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
 2025-07-28 13:38:54 +02:00
Misi
c6a6b9fdd2 IAM: Create and delete user from the legacy store (#107694) 
* Add Create for User + DualWriter setup

* Add delete User

* Fix delete + access check

* Add tests for delete user

* Add tests for create user

* Fixes

* Use sqlx session to fix database locked issues

* wip authz checks

* legacyAccessClient

* Update legacyAccessClient, add tests for create user

* Close rows before running other queries

* Use ExecWithReturningId

* Verify deletion in the tests

* Add Validate and Mutate

* Other changes

* Address feedback

* Update tests

---------

Co-authored-by: Gabriel Mabille <gabriel.mabille@grafana.com>
 2025-07-17 11:50:40 +02:00
Ryan McKinley
3f502f305d Chore: Update mocks with recent mockery (#107816) 2025-07-09 09:15:34 +02:00
Serge Zaitsev
f66a693438 Chore: Rename integration tests to follow the common convention (#105987) 
* automatically rename integration tests to follow the common convention

* name tests differently

* alter column type to bigint

* update another column to bigint

* add another alter

* fix subquery for mysql
 2025-06-29 16:56:24 +02:00
mohammad-hamid
55cc6c120a Zanzana: incorrect folder tree bug (#106478) 
use pagination to get all folders
 2025-06-23 11:07:16 -04:00
Cory Forseth
40164cb09e Authorization: Fix/provisioned permission display (#106179) 
* add isProvisioned flag to permission DTO

* handle provisioned permissions explicitly

* lint

* swagger

* simplify logic to always show non-managed permissions first; remove unnecessary isProvisioned

* fix docs

* oops

* actually just generate the docs
 2025-06-03 11:21:42 -05:00
Alexander Zobnin
cb05eb3cd6 RBAC: Return bad request when header is malformed (#105448) 2025-06-02 16:31:15 +02:00
Alexander Zobnin
ef14992f00 Zanzana: Fix reconciling role with empty UID (#106045) 2025-05-27 14:23:29 +02:00
Alexander Zobnin
cfba630f5c RBAC: Don't additionally cache all users permissions (#105607) 
* RBAC: Don't additionally cache all users permissions

* remove unused tests
 2025-05-20 09:28:46 +02:00
Ezequiel Victorero
310b234fbc Reporting: Update filter and docs to get reports by dashboard (#104560) 2025-05-08 11:35:43 -03:00
Alexander Zobnin
4ea56b2cfb Zanzana: Fix reconciliation for roles (#103889) 
* Zanzana: Fix reconciliation for roles

* update go workspaces

* update go.sum
 2025-04-15 11:33:40 +02:00
Mihai Doarna
f8fc3d2db2 Chore: Fix lint error in accesscontrol API endpoints (#103792) 
fix lint error
 2025-04-10 12:29:04 -05:00
Mihai Doarna
42dd2336b9 Team: Add validation for provisioned teams in setUserPermission endpoint (#103623) 
* removed provisioned team validation from team permissions

* validate team in setUserPermission
 2025-04-10 17:28:31 +03:00
Mariell Hoversholm
757be6365a CI: Bump golangci-lint to 2.0.2 (#103572) 2025-04-10 14:42:23 +02:00
Cory Forseth
4caa9853cb Authorization: Add group to role DisplayName to make filtered list more clear (#102950) 
* add group to role DisplayName to make searching easier

* clean up more role names; add filtered display text when fetching

* pass filter state into role menu to decide how to display role name

* prop name better describes what it does
 2025-04-08 09:15:03 -05:00
Mihai Doarna
64e005d12f Teams: Restrict provisioned teams from being updated and deleted (#103454) 
* restrict provisioned teams from being updated and deleted

* check if team is provisioned before update and delete

* add function getTeamDTOByID()

* check if team is provisioned in access control

* fix TestDeleteTeamMembersAPIEndpoint

* add unit tests

* add function for validating a team
 2025-04-08 11:27:30 +03:00
Mihai Doarna
10411361e7 Team: Add columns external_uid and is_provisioned to the team table (#103285) 
* add columns external_id and is_provisioned to the team table

* generate openapi specs

* rename column to external_uid

* generate open api specs

* increase limit for external_uid to 256
 2025-04-04 11:00:14 +03:00
Eric Leijonmarck
180f579f18 Revert "Anonymous: Enforce org role Viewer setting (#102070)" (#103043) 
This reverts commit e216c2f29d.
 2025-03-31 10:31:53 +01:00
Mariell Hoversholm
d0d7078953 App Platform: Remove mutable globals (#102962) 
* App Platform: Remove mutable globals

* chore: clarify why this exists

* fix: support multi-tenant mode

* refactor: call builder providers directly

* CI: Force re-build
 2025-03-27 15:46:09 +01:00
Eric Leijonmarck
e216c2f29d Anonymous: Enforce org role Viewer setting (#102070) 
* Anon: Remove org role setting

* remove from ini

* remove setting from documentation
 2025-03-27 09:10:30 +00:00
Ieva
ff6039567b RBAC: Return 404 instead of 403 if a dashboard cannot be found (#102815) 
return 404 instead of 403 if a dashboard cannot be found
 2025-03-26 12:26:14 +00:00
Alexander Zobnin
c34394f385 Zanzana: Support subresources for typed resources (#102470) 
* Zanzana: Support subresources for folders

* refactor

* fix subresource requests

* implement listing for folders subresources

* teams subresources PoC

* re-enable tests

* use team resource def from iam

* fix tests

* remove unused code

* refactor: rename to subresource

* split resource schema

* update workspaces

* rename folder relation to subresource

* refactor: rename folder resources to subresources

* update readme

* fix listing

* rename params in subresource filter
 2025-03-25 12:31:06 +01:00
Matheus Macabu
2ade94bbf7 SecretsManager: Add roles and access control to APIs (#102456) 2025-03-19 16:30:07 +01:00
Peter Štibraný
0c58d39e76 Spanner-related fixes (#102376) 
* Fix UNION syntax in resourcepermissions package.
* Fix migrations in usermig package to work with Spanner.
* Fix health query.
* Use more connections for integration tests.
* Add test-go-integration-spanner target to run integration tests against Spanner emulator.
* Add test for enterprise.
* Don't delete sequence number for migration_log.id column.

* Only bump max open connections to 20 for Spanner.
Lower integration test timeout.
 2025-03-19 12:34:44 +01:00
Ieva
9264431c81 RBAC: Remove action set feature toggle (#101959) 
* remove action set feature toggle

* don't pass feature toggles to action set service instantiation

* linting

* test fixes and frontend clean-up

* fix test
 2025-03-13 15:18:23 +00:00
maicon
927f7befd6 Unistore: Create default permissions through Folder APIServer (#101420) 
* Unistore: Declare a new storage to set default folder permissions

Signed-off-by: Maicon Costa <maiconscosta@gmail.com>

* Remove the setting of default permissions from folder legacy storage

Signed-off-by: Maicon Costa <maiconscosta@gmail.com>

* Disable setting of folder permissions when Api Server is enabled

Signed-off-by: Maicon Costa <maiconscosta@gmail.com>

* Reverts grafana/grafana#100019

Signed-off-by: Maicon Costa <maiconscosta@gmail.com>

* Add unit test

Signed-off-by: Maicon Costa <maiconscosta@gmail.com>

* check error on unit test

Signed-off-by: Maicon Costa <maiconscosta@gmail.com>

* Add unit test

Signed-off-by: Maicon Costa <maiconscosta@gmail.com>

* Remove unused fields

Signed-off-by: Maicon Costa <maiconscosta@gmail.com>

* Add unit tests for folder_storage

Signed-off-by: Maicon Costa <maiconscosta@gmail.com>

* Remove duplicated import

Signed-off-by: Maicon Costa <maiconscosta@gmail.com>

* Fix unit test

Signed-off-by: Maicon Costa <maiconscosta@gmail.com>

---------

Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
 2025-03-11 11:33:08 +00:00
Peter Štibraný
fd6a4908f1 Support Spanner's UNION syntax, which needs to be UNION DISTINCT or UNION ALL. (#101768) 
* Support Spanner's UNION syntax, which needs to be UNION DISTINCT or UNION ALL.
 2025-03-10 12:33:52 +01:00
Matheus Macabu
b110754c9a Hackaton: Add more unit tests, take 2 (#101473) 
* login/social/socialimpl: add assertions for usage stats, support bundle and oauthinfo methods

* accesscontrol/acimpl: add tests for GetRoleByName

* anonymous/sortopts: add tests for Sorter

* cloudmigration/gmsclient: add basic test cases for all methods

* shorturls/shorturlimpl: add more edge test cases

* tag/tagimpl: add test to cover duplicate tag kv and nil pairs

* updatechecker: add test cases for module
 2025-03-03 13:12:13 +01:00
Sven Grossmann
b5faf5d9a1 Drilldown: Require datasources:explore RBAC action (#101366) 
Drilldown: Require `datasources:explore` acton
 2025-02-26 17:33:05 +01:00
Karl Persson
fa74d1c36d Authn: Sync authlib and update how we construct authn client interceptor (#101124) 
* Sync authlib and update how we construct authn client interceptor

* Remove namespace from checker
 2025-02-26 09:22:09 +01:00
Gabriel MABILLE
f3433fd472 RBAC: Remove accessControlOnCall feature toggle (#101222) 
* RBAC: Remove accessControlOnCall feature toggle

* Leave the other one in place

* Tests

* frontend

* Readd empty ft to frontend test

* Remove legacy RBAC check

* Fix test

* no need for context

* Remove unused variable

* Remove unecessary param

* remove unecessary param from tests

* More tests :D
 2025-02-25 13:44:40 +01:00
Gabriel MABILLE
0290da6aaa AccessControl: Allow plugin roles to include plugins:write (#101089) 2025-02-21 08:23:04 +01:00
Andre Pereira
e54149e551 Explore: Move drilldown apps from Explore to a new navbar item "Drilldown" (#100409) 
* Move drilldown apps from Explore to a new navbar item "Drilldown"

* Commit make i18n-extract

* Update drilldown icon

* Added alert to explore with call out to drilldown apps

* Add isNew field for nav item which shows a "New!" badge on the navbar and expands it by default

* Fix e2e test
 2025-02-20 17:56:55 +00:00
Ryan McKinley
5a40c84568 DualWriter: Support managed DualWriter (#100881) 2025-02-19 17:50:39 +03:00
Alexander Zobnin
fcb88f6ccc Zanzana: revert cluster store for fixed roles (#100958) 
* Zanzana: revert cluster store for fixed roles

* update go workspace
 2025-02-19 13:53:25 +01:00
Stephanie Hingtgen
3e6f40c873 K8s: Move to one feature toggle for folders and dashboards (#100911) 2025-02-19 01:11:26 +02:00
Stephanie Hingtgen
67be9aeed6 K8s: Search fallback: Support all sort by methods (#100776) 2025-02-18 12:30:11 -06:00
Peter Štibraný
1856d47e47 Remove GetResourceClient hack from unified package. (#100636) 
* Remove GetResourceClient hack from unified package.
 2025-02-14 12:34:52 +01:00
Alexander Zobnin
5118e82e8c Zanzana: Run reconciliation in its own service (#100361) 
* Zanzana: Start reconciliation in its own service

* cleanup

* update go workspaces

* refactor

* remove unused code

* move func definition
 2025-02-11 14:09:39 +01:00
Karl Persson
39d94eabcd Auth: Fix function name (#100122) 
Fix spelling
 2025-02-05 15:32:22 +01:00
Stephanie Hingtgen
8ac9c47222 Folders: Validator: add temporary fix (#100019) 2025-02-03 17:08:15 -06:00
Karl Persson
c85a175212 RBAC: only query folder service when fetching parent folders (#99893) 
* only query folder service when fetching parent folders
* Perform validation and inehrited scopes solvers as service instead of caller
 2025-02-03 13:56:25 +01:00
Arati R.
a2097fbc2f Folders: Add user service to folder service implementation (#99518) 
Add user service to folder service implementation
 2025-01-27 14:29:47 +01:00
Misi
437b7a565d Auth: Add access token to in-proc communication and ServiceIdentity (#98926) 
Use fake access token for in-proc grpc and add ServiceIdentity 
---------

Co-authored-by: gamab <gabriel.mabille@grafana.com>
Co-authored-by: Karl Persson <23356117+kalleep@users.noreply.github.com>
 2025-01-24 14:03:23 +01:00
Ezequiel Victorero
3a94057ec8 PublicDashboards: Delete on folder deletion (#99040) 2025-01-23 17:23:59 -03:00
Todd Treece
2622449718 Dashboards: Use dashboard service in access control (#99053) 2025-01-21 22:57:43 +02:00
Ryan McKinley
680e6bc1f8 Authlib: Use types package rather than claims (#99243) 2025-01-21 12:06:55 +03:00
Karl Persson
7329d2c34b Authz: Account for fixed roles when running oss and using authz service (#99244) 
* Extract "PermissionStore" from general store interface

* Add static and union permission stores

* Add GetStaticRoles

* Use accesscontrol.Service for inproc to provide static permissions
 2025-01-20 16:00:36 +01:00