public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
62,065 Commits 655 Branches 650 Tags
f2f1663dba8a5f6884df19bebd2dbe61c831d8d5
Commit Graph

14 Commits

Author SHA1 Message Date
mohammad-hamid
936dd05eac ext jwt client: map k8s-style to rbac permissions (#106279) 
* initial commit

* Proposal
Co-Authored-By: mohammad-hamid <mohammad.hamid@grafana.com>

* extend k8s-style mapper
- add tests

* address comments

* cleanup

* address comments

---------

Co-authored-by: Gabriel Mabille <gabriel.mabille@grafana.com>
 2025-06-18 11:51:35 -04:00
xavi
045733aed6 [IAM] Clear user's permission cache after login (#102311) 2025-03-19 10:06:58 +01:00
Ryan McKinley
680e6bc1f8 Authlib: Use types package rather than claims (#99243) 2025-01-21 12:06:55 +03:00
Gabriel MABILLE
7ef13497a8 AuthN: Ext JWT support actions (#92486) 2024-09-19 14:25:43 +02:00
Karl Persson
8bcd9c2594 Identity: Remove typed id (#91801) 
* Refactor identity struct to store type in separate field

* Update ResolveIdentity to take string representation of typedID

* Add IsIdentityType to requester interface

* Use IsIdentityType from interface

* Remove usage of TypedID

* Remote typedID struct

* fix GetInternalID
 2024-08-13 10:18:28 +02:00
Ryan McKinley
21d4a4f49e Auth: use IdentityType from authlib (#91763) 2024-08-12 09:26:53 +03:00
Vardan Torosyan
e20f8c566d RBAC sync: Fix removal of roles which need to be added (#91152) 
* RBAC sync: Fix removal of roles which need to be added

* Optimize code

* cleanup: appease the linter

---------

Co-authored-by: Victor Cinaglia <victor@grafana.com>
 2024-07-30 09:00:47 +02:00
Ryan McKinley
9db3bc926e Identity: Rename "namespace" to "type" in the requester interface (#90567) 2024-07-25 12:52:14 +03:00
Vardan Torosyan
82236976ae Add support ticket fixed roles to cloud role sync (#90864) 
* Add support ticket fixed roles to cloud role sync

* Adding tests

* Fix the linter
 2024-07-24 17:58:21 +02:00
Jeff Levin
cfe8317d45 Add auth spans and remove deduplication code for scopes (#89804) 
Adds more spans for timing in accesscontrol and remove permission deduplicating code after benchmarking

---------

Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
Co-authored-by: Dave Henderson <dave.henderson@grafana.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
 2024-07-02 22:08:57 -08:00
Karl Persson
be5ced4287 Identity: Use typed version of namespace id (#87257) 
* Remove different constructors and only use NewNamespaceID

* AdminUser: check typed namespace id

* Identity: Add convinient function to parse valid user id when type is either user or service account

* Annotations: Use typed namespace id instead
 2024-05-08 14:03:53 +02:00
Karl Persson
cd724d74aa Authn: move namespace id type (#86853) 
* Use RoleType from org package

* Move to identity package and re-export from authn

* Replace usage of top level functions for identity

Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
 2024-04-25 12:54:36 +02:00
Karl Persson
0fa983ad8e AuthN: Use typed namespace id inside authn package (#86048) 
* authn: Use typed namespace id inside package
 2024-04-24 09:57:34 +02:00
Karl Persson
7b58f71b33 AuthN: Add auth hook that can sync grafana cloud role to rbac cloud role (#80416) 
* AuthnSync: Rename files and structures

* AuthnSync: register rbac cloud role sync if feature toggle is enabled

* RBAC: Add new sync function to service interface

* RBAC: add common prefix and role names for cloud fixed roles

* AuthnSync+RBAC: implement rbac cloud role sync

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
 2024-01-17 10:55:47 +01:00