public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
62,065 Commits 655 Branches 650 Tags
f2f1663dba8a5f6884df19bebd2dbe61c831d8d5
Commit Graph

14 Commits

Author SHA1 Message Date
Ryan McKinley 664e5255fe Provisioning: Use role based access when the target does not yet exist (#103862) 
* role based fallback

* disable permissions cache with provisioning

* fallback to role based

* test with editor (not admin)

* test with editor (not admin)

* fix imports

* lint

* editor can create folders
 2025-04-11 17:47:26 +03:00
Gabriel MABILLE 45d6bfe7cf AuthZ: Make cache ttl configurable (#103769) 
* AuthZ: Configure cache ttl

Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>

* Client side conf

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>

* 0 -> No caching

* Make it possible to disable cache on the remote client as well

* Comment

* Move ttl parsing up for in-proc to have it

---------

Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
 2025-04-11 10:09:47 +02:00
Stephanie Hingtgen 6eba5d74e1 Anonymous access: Allow setting org role in new authz service (#103669) 
* Anonymous access: Allow setting org role in new authz service

* back out change that is not needed; rename struct

* cleanup

* Fix tests

---------

Co-authored-by: Gabriel Mabille <gabriel.mabille@grafana.com>
 2025-04-10 09:51:10 +01:00
Ieva d9dc93c4a6 AuthZService: improve authz caching (#103633) 
* remove the use of client side cache for in-proc authz client

Co-authored-by: Gabriel MABILLE <gabriel.mabille@grafana.com>

* add a permission denial cache, fetch perms if not in either of the caches

Co-authored-by: Gabriel MABILLE <gabriel.mabille@grafana.com>

* Clean up tests

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

* Cache tests

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

* Add test to list + cache

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

* Add outdated cache test

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

* Re-organize metrics

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

---------

Co-authored-by: Gabriel MABILLE <gabriel.mabille@grafana.com>
 2025-04-09 17:50:48 +01:00
Alexander Zobnin 4bc9203cf6 Zanzana: Perform shadow requests (#103444) 
* Zanzana: Execute checks in the background

* add metrics

* collect metrics

* cleanup

* shadow compile checker

* add time metrics for compiler

* run compile in parallel

* prevent deadlock
 2025-04-08 10:03:35 +02:00
Leonor Oliveira e9ed7223a6 Use authlib repo. Use otel (#103178) 
* Use authlib repo. Use otel

* Use interceptors on the provider level

* Create a new wire set with otel

* Lint

* Fix test

* make update-workflow

* make update-workspace

* make update-workspace. Try to add authlib as enterprise imports

* make update-workspace
 2025-04-07 15:47:40 +02:00
Mariell Hoversholm d0d7078953 App Platform: Remove mutable globals (#102962) 
* App Platform: Remove mutable globals

* chore: clarify why this exists

* fix: support multi-tenant mode

* refactor: call builder providers directly

* CI: Force re-build
 2025-03-27 15:46:09 +01:00
Gabriel MABILLE a91081a2fc AuthZService: Add certificates to the client (#101603) 2025-03-06 10:18:58 +01:00
Gabriel MABILLE c3505f0864 AuthZ: Make NewGrpcTokenAuth public (#101352) 
* AuthZ: Expose NewGrpcTokenAuth

* Lint
 2025-02-26 17:29:32 +01:00
Karl Persson 74632a25c3 Authz: folder api tls settings (#101213) 
* Skip certificate verification

* Add more settings for folder api
 2025-02-24 16:03:14 +01:00
Todd Treece 9e80b0f913 K8s: Add error to GetRestConfig (#101147) 
K8s: Add error to RestConfigProvider return values
 2025-02-21 18:07:13 +02:00
Karl Persson 4df398c084 Authz: Sync authlib and update authz client setup code (#100817) 
* Sync authlib and update setup code for authz client
 2025-02-18 09:09:20 +01:00
Karl Persson e9b2f69137 Authz: Only have two modes for authz client (#100803) 
* Only have "inproc" and "clod" mode
 2025-02-17 14:37:25 +01:00
Karl Persson 1b1954de28 Authz: add support to use folder api to fetch folder tree (#100038) 
* Add FolderStore interface

* Authz: add implementation to use folders api and use it inproc with loopback config

* Add tracing and add rest.Config for talking with folder api using access tokens

* Restructure test to get rid of circular dependencies in tests

* use correct group version kind

---------

Co-authored-by: gamab <gabriel.mabille@grafana.com>
 2025-02-13 11:59:59 +01:00