* Authz: Test List
* Anonymous case
* Cover rendering
* Authz: Check namespace is set in the context
* Explicitly request a namespace check in the storage functions
* Revert logic
* Add FolderStore interface
* Authz: add implementation to use folders api and use it inproc with loopback config
* Add tracing and add rest.Config for talking with folder api using access tokens
* Restructure test to get rid of circular dependencies in tests
* use correct group version kind
---------
Co-authored-by: gamab <gabriel.mabille@grafana.com>
* Refactor folder tree to its own structure
* Make it possible to json encode the tree
* Use iterations for Ancestors and Children
---------
Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>
* add metrics for authZ MT service
* remove metrics that are already tracked by the GRPC server metrics
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* undo unneeded change
* test fix
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Extract "PermissionStore" from general store interface
* Add static and union permission stores
* Add GetStaticRoles
* Use accesscontrol.Service for inproc to provide static permissions
* Remove "wrapper" interface and only check feature toggle for grpc and cloud mode
* Only set name for update checks
* Set dashboard permissions for admin user
* Add prefix constants and use string builders / string concatinations
* Use cache for both streamed and non-stream versions of list objects
* Remove unused constants
* Zanzana: Setup GRPC authentication in client/server mode
* don't use grpcutils
* refactor
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Add a namespace stub for in-proc mode
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Read parameters from config
* authorize server requests
* add namespace to the tests context
* use stack id from config
* simplify authorize func
* properly format namespace
* return Unauthenticated if namespace is empty
* use insecure cred only in dev env
* check request namespace
* Use CallCredentials API for client auth
* provide config
* fail if stack id is missing
* improve error message
* use insecure connection by default
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Create and use common ResourceInfo struct
* Add support for formatting group resource with subresource
* Add initial support for handling subresource
* Add test for checking subresource for generic resource
* Bump authlib
* Zanzana: Pass contextual tuples for authorization
* global reconciler for fixed roles
* inject tuples from global store
* fix adding contextual tuples
* cleanup
* don't error on auth context fail
* add todo
* add context for List
* add caching
* remove unused
* use constant for global namespace
* Rename global namespace to cluster namespace
* listing implementation pt 1
* validate list request
* register GRPC endpoint, pass the correct user UID and return folder identifiers not scopes
* uncomment code that was only commented out for testing
* fix tests
* remove unneeded changes
* remove unused import
* Update pkg/services/authz/rbac/service.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* refactor to improve efficiency
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* use variable names when logging
* adding tests for listing
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Igor Suleymanov
Alexander Zobnin
Gabriel MABILLE
Ryan McKinley
Karl Persson
Todd Treece
Ieva
Karl Persson