public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
62,065 Commits 655 Branches 650 Tags
f2f1663dba8a5f6884df19bebd2dbe61c831d8d5
Commit Graph

21 Commits

Author SHA1 Message Date
Eric Leijonmarck
aa0f8caa35 Authorizer: rename and enforce only once for NewGrafanaAuthorizer (#108294) 
* renaming of GrafanaAuthorizer to make it less confusing

* enforce only once by runtime

* comment only
 2025-07-18 15:40:34 +01:00
Karl Persson
5d94293305 Authz: Fix namespace authorization when calling a cluster resource (#102110) 2025-03-13 14:54:35 +01:00
Karl Persson
43f56c5ca1 Apiserver: Refactor authenticator and authorizers (#101449) 
* Clean up authenticator

* Cleanup authorizers and replace org_id and stack_id with namespace authorizer

* Remove dependency on org service

* Extract orgID from /apis/ urls and validate stack id
 2025-03-06 16:01:12 +01:00
Ryan McKinley
66932600ec K8s: DecisionNoOpinion for claims.TypeAnonymous (#100880) 2025-02-18 13:49:54 -08:00
Ryan McKinley
680e6bc1f8 Authlib: Use types package rather than claims (#99243) 2025-01-21 12:06:55 +03:00
linoman
8b7100a9aa Auth: Add None role to Viewer case (#96624) 
Add None role to Viewer case
 2024-11-19 11:29:58 +01:00
Karl Persson
a82d01214d Auth: Update authlib (#94947) 
* Update authlib
 2024-10-18 13:36:21 +02:00
Karl Persson
2e38329026 RBAC: Add required component to perform access control checks for user api when running single tenant (#93104) 
* Unexport store and create new constructor function

* Add ResourceAuthorizer and LegacyAccessClient

* Configure checks for user store

* List with checks if AccessClient is configured

* Allow system user service account to read all users

---------

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
 2024-09-23 11:26:44 +02:00
Ryan McKinley
a0cd89860e Identity: Add endpoint to get display info for an identifier (#91828) 2024-08-15 14:38:43 +03:00
Ryan McKinley
243c0935fc Auth: Use claims.AuthInfo in requester (#91739) 2024-08-09 19:46:56 +03:00
Charandas
a3d3f9a1e4 Revert "Identity: Remove id token from extra info (#91169)" (#91350) 
This reverts commit 10170cb839.
 2024-07-31 21:27:46 +03:00
Ryan McKinley
10170cb839 Identity: Remove id token from extra info (#91169) 2024-07-31 09:14:13 +03:00
Ryan McKinley
728150bdbd Identity: extend k8s user.Info (#90937) 2024-07-30 08:27:23 +03:00
Ryan McKinley
be7b1ce2df Chore: Replace appcontext.User(ctx) with identity.GetRequester(ctx) (#91030) 2024-07-26 16:39:23 +03:00
Ryan McKinley
27e800768e K8s: Improve identity mapping setup (#89450) 2024-06-20 17:53:07 +03:00
Daniele Stefano Ferru
fbda55316d K8s: Set X-Remote-Extra-User-Instance-Role header for SignedInUser (#87958) 2024-05-16 12:57:49 +03:00
Todd Treece
de438eae2e K8s: Prevent the use of arbitrary namespaces (#83636) 2024-05-08 09:30:08 -07:00
Todd Treece
8f0431ba46 K8s: Pass ID token in X-Extra-id-token header (#82893) 2024-02-16 17:07:37 +02:00
Todd Treece
f593161ef6 K8s: Set X-Remote- headers for SignedInUser (#82543) 2024-02-15 12:29:36 -05:00
Todd Treece
d6e6298103 K8s: Add Aggregation to Backend Service (#81591) 
Co-authored-by: Charandas Batra <charandas.batra@grafana.com>
 2024-02-12 22:59:35 +02:00
Todd Treece
67b6be5515 K8s: Refactor config/options for aggregation (#81739) 2024-02-01 17:27:30 -05:00