* IAM: Register CoreRole apis
* one line store instantiation
* Small refactor for readability
* Add authorizer for CoreRole
* Nit
* Error strings should not end with punctiation
* Account for error
* Switch to use the local resource client
* error should not start with upper casing
* noopStorageErr should have a name starting with err
* Update workspace
* I don't know why I don't have the same output as the CI 🤷
* Dependency xOwnership
* imports
* Import order
* Rename alias to make it clear this is legacy
* feat(add): datasources:query support for using the authlib/authzservice
* added test for datasources
* refactor to create the translation right away
* Update pkg/services/authz/rbac/mapper.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* fix tests
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* SQLTemplates: Add helper to ensure all templates have a test-case associated
* UnifiedStorage: Add missing sql template test case
* LegacyDashboards: Add sql templates fs to test cases for exhaustiveness check
* RBACStore: Add sql templates fs to test cases for exhaustiveness check
* LegacyIAM: Add missing sql template test cases
* Anonymous access: Allow setting org role in new authz service
* back out change that is not needed; rename struct
* cleanup
* Fix tests
---------
Co-authored-by: Gabriel Mabille <gabriel.mabille@grafana.com>
* Authz: Test List
* Anonymous case
* Cover rendering
* Authz: Check namespace is set in the context
* Explicitly request a namespace check in the storage functions
* Revert logic
* Add FolderStore interface
* Authz: add implementation to use folders api and use it inproc with loopback config
* Add tracing and add rest.Config for talking with folder api using access tokens
* Restructure test to get rid of circular dependencies in tests
* use correct group version kind
---------
Co-authored-by: gamab <gabriel.mabille@grafana.com>
* Refactor folder tree to its own structure
* Make it possible to json encode the tree
* Use iterations for Ancestors and Children
---------
Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>
* add metrics for authZ MT service
* remove metrics that are already tracked by the GRPC server metrics
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* undo unneeded change
* test fix
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Extract "PermissionStore" from general store interface
* Add static and union permission stores
* Add GetStaticRoles
* Use accesscontrol.Service for inproc to provide static permissions
* listing implementation pt 1
* validate list request
* register GRPC endpoint, pass the correct user UID and return folder identifiers not scopes
* uncomment code that was only commented out for testing
* fix tests
* remove unneeded changes
* remove unused import
* Update pkg/services/authz/rbac/service.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* refactor to improve efficiency
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* use variable names when logging
* adding tests for listing
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* AuthZ Service: Add caching
* split in functions
* Test getUserTeams
* Add tests to getUserBasicRole
* Test getUserPermissions
* Cache user identifiers
* fix test
