Alexander Zobnin
5d724c2482
Zanzana: Initial dashboard search ( #93093 )
...
* Zanzana: Search in a background and compare results
* refactor
* Search with check
* instrument zanzana client
* add single_read option
* refactor
* refactor move check into separate function
* Fix tests
* refactor
* refactor getFindDashboardsFn
* add resource type to span attributes
* run ListObjects concurrently
* Use list and search in less cases
* adjust metrics buckets
* refactor: move Check and ListObjects to AccessControl implementation
* Revert "Fix tests"
This reverts commit b0c2f072a2ee5f14eea8
2024-10-04 12:27:10 +02:00
Charandas
af2e79aa83
K8s: namespace mapper should use authlib's util ( #92332 )
2024-08-27 15:01:42 -07:00
Alexander Zobnin
0e0c877609
Zanzana: Model fixed roles as a part of schema ( #92364 )
...
* model fixed roles for dashboards and folders
* Correctly translate fixed role assignments
* minor refactor
* assign fixed roles to teams
* fix linter errors
* Migrate general folder permissions for fixed roles
* fix dashboards:create permission
2024-08-27 15:39:22 +02:00
Dave Henderson
df3d8915ba
Chore: Bump Go to 1.23.0 ( #92105 )
...
* chore: Bump Go to 1.23.0
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
* update swagger files
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
* chore: update .bingo/README.md formatting to satisfy prettier
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
* chore(lint): Fix new lint errors found by golangci-lint 1.60.1 and Go 1.23
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
* keep golden file
* update openapi
* add name to expected output
* chore(lint): rearrange imports to a sensible order
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
---------
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
2024-08-21 11:40:42 -04:00
Alexander Zobnin
87c4f2448c
Zanzana: Use modular schema ( #92001 )
...
* Zanzana: Use modular schema
* Fix tests
* Add module transform tests
2024-08-19 11:10:51 +02:00
Alexander Zobnin
aaf33c7923
Zanzana: Migrate basic, fixed and custom roles ( #91814 )
...
* Zanzana: Migrate basic roles permissions
* add basic roles assignments
* refactor
* Sync basic roles permissions in all orgs
* migrate fixed roles
* map root folders to orgs
* fix basic role assignments in orgs
* migrate other roles
* migrate team roles assignments
* add notes about authorization schema
* don't migrate fixed roles
2024-08-15 16:13:27 +02:00
Karl Persson
8bcd9c2594
Identity: Remove typed id ( #91801 )
...
* Refactor identity struct to store type in separate field
* Update ResolveIdentity to take string representation of typedID
* Add IsIdentityType to requester interface
* Use IsIdentityType from interface
* Remove usage of TypedID
* Remote typedID struct
* fix GetInternalID
2024-08-13 10:18:28 +02:00
Ryan McKinley
243c0935fc
Auth: Use claims.AuthInfo in requester ( #91739 )
2024-08-09 19:46:56 +03:00
Alexander Zobnin
1cc438a56c
Zanzana: Evaluate dashboard and folder permissions ( #91539 )
...
* Zanzana: basic folder permissions checks
* Fix managed permissions for teams
* fix sync batch size
* add dashboards actions translations
* migrate folder tree
* migrate dashboard folders
* remove action sets from schema
* Adding more dashboard and folder-related permissions
* refactor
* Correctly translate dashboard permissions in folders
* fix dashboard parent permissions
2024-08-09 13:48:56 +02:00
Gabriel MABILLE
c76d1e04e8
Authz: Fix on-prem grpc authentication ( #91341 )
...
* Authz: Fix on-prem grpc authentication
Co-authored-by: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com>
* Remove noAuth override
---------
Co-authored-by: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com>
2024-08-01 16:30:13 +03:00
Claudiu Dragalina-Paraipan
cf55ac5813
authz: set authzv1.ReadResponse.Found ( #91212 )
...
Co-authored-by: Gabriel MABILLE <gabriel.mabille@grafana.com>
2024-07-30 18:26:54 +03:00
Claudiu Dragalina-Paraipan
05ab4cdd1f
[authz]: use authlib client ( #91205 )
...
authz: use authlib client
Co-authored-by: Gabriel MABILLE <gabriel.mabille@grafana.com>
2024-07-30 17:49:46 +03:00
Ryan McKinley
9db3bc926e
Identity: Rename "namespace" to "type" in the requester interface ( #90567 )
2024-07-25 12:52:14 +03:00
Karl Persson
c04be62b65
Zanzana: client integration test ( #89997 )
...
* Restructure
* Zanzana: Add integration tests for client
* skip mysql 5.7 integration tests
2024-07-04 11:23:48 +02:00
Karl Persson
cbbc12a31b
Zanzana: Sync team memberships ( #89983 )
...
* Zanzana: Use uid for users and teams
* Zanzana: Team membership migrator
---------
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
2024-07-03 13:37:26 +02:00
Karl Persson
e568b86ac0
Zanzana: Initial work to allow partial data migrations ( #89919 )
...
* Zanana: Add Write method to interface
* Zanzana: Add utilities for translating RBAC to openFGA tuple keys
* RBAC: Add zanzana synchronizer
* Run zanzana sync in access controll provider
2024-07-02 14:45:25 +02:00
Alexander Zobnin
f1968bbcbb
Zanzana: Run OpenFGA HTTP server in standalone mode ( #89914 )
...
* Zanzana: Listen http to handle fga cli requests.
* make configurable
* start http server during service run
* wait for GRPC server is ready
* remove unnecessary logs
* fix linter errors
* run only in devenv
* make address configurable
2024-07-02 11:14:09 +02:00
Alexander Zobnin
190892bc88
Zanzana: Initial schema loading ( #89492 )
...
* Zanzana: Dummy schema loading
* Load authorzation model for client
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2024-06-27 13:57:06 +02:00
Karl Persson
eea7319a67
Zanzana: sqlite data store ( #89486 )
...
* Zanzana: Add sqlite3 store
* Zanzana: Initilize sqlite store with migrations
2024-06-25 09:52:33 +02:00
Ryan McKinley
5e95c1bdf8
Storage: Move grpc helper from entity store to resource store ( #89490 )
2024-06-20 22:32:19 +03:00
Alexander Zobnin
ba16c37126
Zanzana: Simple openfga client wrapper ( #89430 )
2024-06-20 10:37:16 +02:00
Karl Persson
3fe29809be
Zanzana: database migrations ( #89390 )
...
* Zanana: Use grafana migrations to run openFGA migration files and initilize store.
* Add feature toggle
* Zanzana: return noop client if feature toggle is disabled
2024-06-19 15:59:47 +02:00
Alexander Zobnin
b3907ca5ec
Zanzana: Simple logger wrapper for openfga ( #89396 )
...
* Zanzana: Simple logger wrapper for openfga
* don't export
2024-06-19 13:55:31 +02:00
Karl Persson
606a74d0af
Zanzana: Initial work to run openFGA as embedded or standalone service ( #89211 )
...
* Zanana: Initial work to run zanana as ebeddedn or standalone
* Add addr settings for when remote client is used.
* sync dependencies
* Lock mysql driver version
---------
Co-authored-by: Dan Cech <dcech@grafana.com>
2024-06-18 10:04:18 +02:00
Gabriel MABILLE
5f83fdef2c
AuthZ: GRPC client init and config options ( #89161 )
2024-06-18 06:13:24 +02:00
Gabriel MABILLE
afcb5a855c
AuthZ: embed an authorization server ( #89018 )
...
* AuthZ: embed an authorization server
* CODEOWNERS
* Remove swagger
* WIP
* Flatten structure and inject wireset
* sync mod files
* Rename authorization package
* Fix swagger gen
* CODEOWNERS
* Use itf instead of impl
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2024-06-13 11:41:35 +02:00
