AuthN: Remove embedded oauth server (#83146)

* AuthN: Remove embedded oauth server * Restore main * go mod tidy * Fix problem * Remove permission intersection * Fix test and lint * Fix TestData test * Revert to origin/main * Update go.mod * Update go.mod * Update go.sum
2025-02-25 18:55:37 -06:00 · 2024-02-26 11:29:09 +01:00
parent d0679f0993
commit 80d6bf6da0
55 changed files with 46 additions and 5631 deletions
--- a/pkg/plugins/manager/testdata/oauth-external-registration/plugin.json
+++ b/pkg/plugins/manager/testdata/oauth-external-registration/plugin.json
@@ -1,37 +0,0 @@
-{
-  "id": "grafana-test-datasource",
-  "type": "datasource",
-  "name": "Test",
-  "backend": true,
-  "executable": "gpx_test_datasource",
-  "info": {
-    "author": {
-      "name": "Grafana Labs",
-      "url": "https://grafana.com"
-    },
-    "logos": {
-      "large": "img/ds.svg",
-      "small": "img/ds.svg"
-    },
-    "screenshots": [],
-    "updated": "2023-08-03",
-    "version": "1.0.0"
-  },
-  "iam": {
-    "impersonation": {
-      "groups" : true,
-      "permissions" :  [
-        {
-          "action": "read",
-          "scope": "datasource"
-        }
-      ]
-    },
-    "permissions" :  [
-      {
-        "action": "read",
-        "scope": "datasource"
-      }
-    ]
-  }
-}
--- a/pkg/plugins/pfs/pfs_test.go
+++ b/pkg/plugins/pfs/pfs_test.go
@@ -142,9 +142,6 @@ func TestParsePluginTestdata(t *testing.T) {
 		"external-registration": {
 			rootid: "grafana-test-datasource",
 		},
-		"oauth-external-registration": {
-			rootid: "grafana-test-datasource",
-		},
 	}

 	staticRootPath, err := filepath.Abs(filepath.Join("..", "manager", "testdata"))
--- a/pkg/plugins/plugindef/plugindef.cue
+++ b/pkg/plugins/plugindef/plugindef.cue
@@ -422,20 +422,6 @@ schemas: [{
 		#IAM: {
 			// Permissions are the permissions that the external service needs its associated service account to have.
 			permissions?: [...#Permission]
-
-			// Impersonation describes the permissions that the external service will have on behalf of the user
-			// This is only available with the OAuth2 Server
-			impersonation?: #Impersonation
-		}
-
-		#Impersonation: {
-			// Groups allows the service to list the impersonated user's teams.
-			// Defaults to true.
-			groups?: bool
-			// Permissions are the permissions that the external service needs when impersonating a user.
-			// The intersection of this set with the impersonated user's permission guarantees that the client will not
-			// gain more privileges than the impersonated user has.
-			permissions?: [...#Permission]
 		}
 	}
 }]
--- a/pkg/plugins/plugindef/plugindef_types_gen.go
+++ b/pkg/plugins/plugindef/plugindef_types_gen.go
@@ -132,24 +132,10 @@ type Header struct {
 // IAM allows the plugin to get a service account with tailored permissions and a token
 // (or to use the client_credentials grant if the token provider is the OAuth2 Server)
 type IAM struct {
-	Impersonation *Impersonation `json:"impersonation,omitempty"`
-
 	// Permissions are the permissions that the external service needs its associated service account to have.
 	Permissions []Permission `json:"permissions,omitempty"`
 }

-// Impersonation defines model for Impersonation.
-type Impersonation struct {
-	// Groups allows the service to list the impersonated user's teams.
-	// Defaults to true.
-	Groups *bool `json:"groups,omitempty"`
-
-	// Permissions are the permissions that the external service needs when impersonating a user.
-	// The intersection of this set with the impersonated user's permission guarantees that the client will not
-	// gain more privileges than the impersonated user has.
-	Permissions []Permission `json:"permissions,omitempty"`
-}
-
 // A resource to be included in a plugin.
 type Include struct {
 	// RBAC action the user must have to access the route