Commit Graph

295 Commits

Author SHA1 Message Date
Misi
5285e9503b
Auth: SSO settings foundations (#77724)
* inital changes, db migration

* changes

* Implement basic GetAll, Delete

* Add first batch of tests

* Add more tests

* Add service tests for GetForProvider, List

* Update http_server.go + wire.go

* Lint + update fixed role

* Update CODEOWNERS

* Change API init

* Change roles, rename

* Review with @kalleep

* Revert a mistakenly changed part

* Updates based on @dmihai 's feedback

---------

Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2023-11-08 10:50:01 +01:00
Ryan McKinley
35c1ee9686
EntityStore: Remove http access (can use apiserver now) (#77602) 2023-11-03 08:14:51 -07:00
linoman
c50ada3a1a
auth: wire service account proxy (#77215)
* Add interface verification compliance

* rework service account api to a provider

* wire the service accounts api

* rewire the implementation of sa srv for the proxy

---------

Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
2023-11-03 10:27:43 +01:00
Hugo Kiyodi Oshiro
dfc1875061
Plugins: Add managed instance installation resources (#76767)
* Plugins: Add configs to allow managed install

* Expose methods to use with cloud plugin installer

* Change plugins installer bind to OSS
2023-10-24 16:21:37 +02:00
Gabriel MABILLE
3015e5921f
Chore: Move extsvcaccounts package to serviceaccounts (#76977)
* Chore: Move extsvcaccounts package to serviceaccounts

* Fix proxy

* Fix tests

* Fix linting
2023-10-24 11:01:04 +02:00
Matthew Jacobson
82f3127e23
Alerting: Move legacy alert migration from sqlstore migration to service (#72702) 2023-10-12 13:43:10 +01:00
Jo
466f8a1f5a
Teams: Move team API to own service (#76347)
* move team API to its own service

* remove uneeded import

* reshare pref api logic
2023-10-12 10:10:54 +02:00
Alexander Weaver
f6649d7a97
Revert "Alerting: Remove vendored models in migration service" (#76387)
Revert "Alerting: Remove vendored models in migration service (#74503)"

This reverts commit 6a8649d544.
2023-10-11 14:21:21 -05:00
Matthew Jacobson
6a8649d544
Alerting: Remove vendored models in migration service (#74503)
This PR replaces the vendored models in the migration with their equivalent ngalert models. It also replaces the raw SQL selects and inserts with service calls.

It also fills in some gaps in the testing suite around:

    - Migration of alert rules: verifying that the actual data model (queries, conditions) are correct 9a7cfa9
    - Secure settings migration: verifying that secure fields remain encrypted for all available notifiers and certain fields migrate from plain text to encrypted secure settings correctly e7d3993

Replacing the checks for custom dashboard ACLs will be replaced in a separate targeted PR as it will be complex enough alone.
2023-10-11 17:22:09 +01:00
Gabriel MABILLE
007c2c8131
AuthN: Extract from OAuthServer service account management code (#76128)
* Extract code to manage service accounts

* Add test with client credentials grants

* Fix test with the changed interface

* Wire

* Fix HandleTokenRequest

* Add tests to extsvcaccounts

* Rename Retrieve function

* Document the interface
2023-10-10 09:20:52 +02:00
Gabriel MABILLE
e902d8fd10
AuthN: New service to support multiple authentication providers for plugins (#75979)
* OnGoing

* Continue migrating structure

* Comment

* Add intermediary service

* Remove unused error so far

* no need for fmt use errors

* use RoleNone

* Docs

* Fix test

* Accounting for review feedback

* Rename oauthserver.ExternalService to OAuthClient

* Revert as the interface looks weird

* Update pluginintegration

* Rename oauthserver.ExternalService

* closer to what it was before
2023-10-05 18:13:06 +02:00
Gabriel MABILLE
193ec8de2b
AuthN: Move oauthserver to extsvcauth (#75972)
* AuthN: Move oauthserver to extsvcauth

* Codeowners
2023-10-04 16:53:17 +02:00
Marcus Efraimsson
e4c1a7a141
Tracing: Standardize on otel tracing (#75528) 2023-10-03 14:54:20 +02:00
Karl Persson
b50f1e15a8
IDForwarding: Add service and a local signer (#75423)
* IDForwarding: Add service for handling id token and create a local signer
---------

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2023-09-27 11:36:23 +02:00
Todd Treece
440f9a6ffb
K8s: Register apiserver as background service, and list real playlists (#75338)
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
2023-09-25 15:31:58 -07:00
Jo
40a1f8434d
Anon: Scaffold anon service (#74744)
* remove API tagging method and authed tagging

* add anonstore

move debug to after cache

change test order

fix issue where mysql trims to second

* add old device cleanup

lint

utc-ize everything

trim whitespace

* remove dangling setting

* Add delete devices

* Move anonymous authnclient to anonimpl

* Add simple post login hook

* move registration of Background Service

cleanup

* add updated_at index

* do not untag device if login err

* add delete device integration test
2023-09-25 16:25:29 +02:00
Andres Martinez Gotor
c70623fb85
Chore: Rename testdata plugin with a fully qualified name (#75104) 2023-09-22 15:00:40 +03:00
Will Browne
e855efb13d
Plugins: Move store and plugin dto to pluginsintegration (#74655)
move store and plugin dto
2023-09-11 13:59:24 +02:00
Marcus Efraimsson
8ee43f3705
Instrumentation: Add status_source label to request metrics/logs (#74114)
Ref #68480

Co-authored-by: Giuseppe Guerra <giuseppe.guerra@grafana.com>
2023-09-11 12:13:13 +02:00
Artur Wierzbicki
d50ccd6741
Chore: AuthN/IdentitySynchronizer interface/impl compatibility wire fix (#74400)
authn/identitysynchronizer fix
2023-09-06 15:10:07 +04:00
Kristin Laemmert
fa229661e8
chore: use setting.Dev in place of "development" string (#74391)
chore: use development variable instead of string
2023-09-05 13:16:14 -04:00
Kristin Laemmert
cc1205d6ba
fix: revert module server initialization from CLI (#74386)
not-a-revert reversion of module server initialization
2023-09-05 11:45:56 -04:00
Serge Zaitsev
32defdb6bf
Fix: make apiserver work behind a feature toggle (#73891)
Co-authored-by: Charandas Batra <charandas.batra@grafana.com>
2023-09-01 22:31:51 +03:00
Kristin Laemmert
0de2c9eb96
feat: add ability to launch targeted dskit modules in the grafana server CLI command (#74188)
* feat: add ability to launch targeted dskit modules in the grafana server CLI command

This commit adds a ModuleServer and ModuleRunner suitable for launching dskit services and updates the server cli command to use this instead of the full Server. The default behavior is unchanged and will launch the full Grafana server. Individual services are targeted by setting target=comma,seperated,list in the config file.

* require dev mode to target dskit modules

* remove unused type

* replace setting.CommandLineArgs w/setting.Cfg; the caller can deal with calling setting.NewCfg

* Update pkg/server/module_server.go

Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>

---------

Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
2023-09-01 08:09:54 -04:00
Kristin Laemmert
d1876b68bc
Chore: refactor grafana-apiserver a bit (#74177) 2023-08-31 09:12:01 -04:00
Ieva
ec9c35fae5
Chore: clean up access control for data sources (#73010)
* move DS guardian interfaces to OSS, move allow guardian to OSS

* update codeowner file
2023-08-21 14:26:49 +01:00
Karl Persson
618daf0518
Login: remove login.Service (#73542) 2023-08-21 13:15:31 +02:00
Karl Persson
124e0efe1f
Authn: external identity sync (#73461)
* Authn: Add interface for external identity sync

This interface is implemented by authnimpl.Service and just triggers PostAuthHooks and skipping last seen update by default

* Authn: Add SyncIdentity to fake and add a new mock
2023-08-18 11:11:44 +02:00
Karl Persson
43aab615c3
Auth: Remove unused Authenticator service (#73143)
Auth: remove unused Authenticator service
2023-08-10 11:02:32 +02:00
Karl Persson
e53e22ef2a
Contexthandler: Remove code that is no longer used (#73101)
* Contexthandler: remove dead code

* Contexthandler: Add tests

* Update pkg/tests/api/alerting/api_alertmanager_test.go

Co-authored-by: Jo <joao.guerreiro@grafana.com>

---------

Co-authored-by: Jo <joao.guerreiro@grafana.com>
2023-08-09 15:17:59 +02:00
Todd Treece
f3ffc850aa
Chore: Revert dskit service additions (#72608) 2023-08-03 09:19:01 -04:00
Todd Treece
29fef40f26
Chore: Move backgroundsvcs and usagestatssvcs to registry (#72692) 2023-08-02 09:25:55 -04:00
Jo
a4a87f6228
Auth: Rename Sessions to Devices in counting (#72432)
* rename session to device

* rename session to device
2023-07-27 11:09:08 +02:00
Todd Treece
4b95f611c2
Chore: Add AwaitHealthy to ModuleEngine and Server (#72215)
* Chore: Add AwaitHealthy to ModuleEngine and Server

* switch from fmt.Errorf to errors.New

Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>

---------

Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2023-07-24 14:01:07 -04:00
Kristin Laemmert
76abbef32d
chore: refactor SecretMigrationProviderImpl as a dskit module (#71944)
* chore: refactor SecretMigrationProviderImpl as a dskit service
2023-07-24 08:14:53 -04:00
Todd Treece
d280fedb3f
Chore: Wrap provisioning in dskit service (#71598) 2023-07-18 15:37:25 -04:00
Kristin Laemmert
d183a241e9
chore: wrap HTTP server in a dskit module (#71601)
* chore: wrap HTTP server in a dskit module

Much of the logic from this comes from the POC branch, so:
- credit for this work goes to everyone else
- mistakes are my own
This is needed to support microservice deployment modes.
* added an arbitrarily-chosen 30second timeout
2023-07-18 10:37:53 -04:00
Todd Treece
52121b7165
Chore: Add grafana-apiserver (#70721)
* add grafana-apiserver
* remove watchset & move provisioning and http server to background
services
* remove scheme
* otel fixes (#70874)
* remove module ProvideRegistry test
* use certgenerator from apiserver package
* Control collector/pdata from going to v1.0.0-rc8 (as Tempo 1.5.1 would have it)
2023-07-14 12:22:10 -07:00
Giuseppe Guerra
a8d2a9ae2b
Plugins: Angular detector: Add database cache store for remote patterns (#70693)
* Plugins: Angular detector: Remote patterns fetching

* Renamed PatternType to GCOMPatternType

* Renamed files

* Renamed more files

* Moved files again

* Add type checks, unexport GCOM structs

* Cache failures, update log messages, fix GCOM URL

* Fail silently for unknown pattern types, update docstrings

* Fix tests

* Rename gcomPattern.Value to gcomPattern.Pattern

* Refactoring

* Add FlagPluginsRemoteAngularDetectionPatterns feature flag

* Fix tests

* Re-generate feature flags

* Add TestProvideInspector, renamed TestDefaultStaticDetectorsInspector

* Add TestProvideInspector

* Add TestContainsBytesDetector and TestRegexDetector

* Renamed getter to provider

* More tests

* TestStaticDetectorsProvider, TestSequenceDetectorsProvider

* GCOM tests

* Lint

* Made detector.detect unexported, updated docstrings

* Allow changing grafana.com URL

* Fix API path, add more logs

* Update tryUpdateRemoteDetectors docstring

* Use angulardetector http client

* Return false, nil if module.js does not exist

* Chore: Split angualrdetector into angularinspector and angulardetector packages

Moved files around, changed references and fixed tests:
- Split the old angulardetector package into angular/angulardetector and angular/angularinspector
- angulardetector provides the detection structs/interfaces (Detector, DetectorsProvider...)
- angularinspector provides the actual angular detection service used directly in pluginsintegration
- Exported most of the stuff that was private and now put into angulardetector, as it is not required by angularinspector

* Renamed detector.go -> angulardetector.go and inspector.go -> angularinspector.go

Forgot to rename those two files to match the package's names

* Renamed angularinspector.ProvideInspector to angularinspector.ProvideService

* Renamed "harcoded" to "static" and "remote" to "dynamic"

from PR review, matches the same naming schema used for signing keys fetching

* WIP: Angular: cache patterns in db, moved gcom into pluginsintegration

More similar to signing keys fetching

* Rename package, refactoring

* try to solve circular import

* Fix merge conflict on updated angular patterns

* Fix circular imports

* Fix wire gen

* Add docstrings, refactoring

* Removed angualrdetectorsprovider dependency into angularpatternsstore

* Moved GCOM test files

* Removed GCOM cache

* Renamed Detect to DetectAngular and Detector to AngularDetector

* Fix call to NewGCOMDetectorsProvider in newDynamicInspector

* Removed unused test function newError500GCOMScenario

* Added angularinspector service definition in pluginsintegration

* refactoring

* lint

* Fix angularinspector TestProvideService

* cleanup

* Await initial restore

* Register dynamicAngularDetector background service

* Removed static detectors provider from pluginsintegration

* Add tests for kvstore

* Add more tests

* order imports in dynamic_test.go

* Fix potential panic in dynamic_test

* Add "runs the job periodically" test

* lint

* add timeout to test

* refactoring

* Removed context.Context from DetectorsProvider

* Refactoring, ensure angular dynamic background service is not started if feature flag is off

* Fix deadlock on startup

* Fix angulardetectorsprovider tests

* Revert "Removed context.Context from DetectorsProvider"

This reverts commit 4e8c6dded7.

* Fix wrong argument number in dynamic_teset

* Standardize gcom http client

* Reduce context timeout for angular inspector in plugins loader

* Simplify initial restore logic

* Fix dynamic detectors provider tests

* Chore: removed angulardetector/provider.go

* Add more tests

* Removed backgroundJob interface, PR review feedback

* Update tests

* PR review feedback: remove ErrNoCachedValue from kv store Get

* Update tests

* PR review feedback: add IsDisabled and remove nop background srevice

* Update tests

* Remove initialRestore channel, use mux instead

* Removed backgroundJobInterval, use package-level variable instead

* Add TestDynamicAngularDetectorsProviderBackgroundService

* Removed timeouts

* pr review feedback: restore from store before returning the service

* Update tests

* Log duration on startup restore and cron run

* Switch cron job start log to debug level

* Do not attempt to restore if disabled
2023-07-06 17:34:27 +03:00
Will Browne
4818568c65
Chore: Convert background service registry to dskit module (#64062)
* Chore: Add initial support for deployment modes

* revert CLI changes and start modules independently

* add modules to codeowners

* additional comments

* add Engine and Manager interface to fix test issues

* convert background service registry to dskit module

* remove extra context from serviceListener logger

Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>

* Remove whitespace

* fix import

* undo ide changes

* only register All by default

* with registry

* add test

* add comments

* re-add debug log

* fix import

* reorganize arg

* undo kind changes

* add provide service test

* fix import

* rejig systemd calls

* update codeowners

---------

Co-authored-by: Todd Treece <todd.treece@grafana.com>
Co-authored-by: Todd Treece <360020+toddtreece@users.noreply.github.com>
2023-07-06 14:45:47 +02:00
Todd Treece
8f975cfdb8
Modules: Add registry (#70859) 2023-06-29 07:58:45 -04:00
Joan López de la Franca Beltran
cc65b4d46a
Secrets: Make the Migrator extensible (#67307)
* [Chore] Remove setting provider from secret service

Co-authored-by: Tania B <yalyna.ts@gmail.com>
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>

* Add a ShouldBeRedacted func

Co-authored-by: Tania B <yalyna.ts@gmail.com>
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>

* Secrets: Make Migrator extensible

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Tania B <yalyna.ts@gmail.com>

* Alerting: Fix tests after refactor

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Tania B <yalyna.ts@gmail.com>

* Remove commented code no longer used

* Fix Wire bindings

Co-authored-by: Tania B <yalyna.ts@gmail.com>

* Add constructors to secrets

* Linting

* Undo undesired change

---------

Co-authored-by: gamab <gabi.mabs@gmail.com>
Co-authored-by: Tania B <yalyna.ts@gmail.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
2023-06-19 23:44:01 +02:00
Ryan McKinley
e17ef5e504
Pyroscope: Rename phlare to grafana-pyroscope-datasource (#68859) 2023-06-07 06:09:29 +03:00
Gabriel MABILLE
edf1775d49
AuthN: Embed an OAuth2 server for external service authentication (#68086)
* Moving POC files from #64283 to a new branch

Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>

* Adding missing permission definition

Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>

* Force the service instantiation while client isn't merged

Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>

* Merge conf with main

Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>

* Leave go-sqlite3 version unchanged

Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>

* tidy

Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>

* User SearchUserPermissions instead of SearchUsersPermissions

* Replace DummyKeyService with signingkeys.Service

* Use user🆔<id> as subject

* Fix introspection endpoint issue

* Add X-Grafana-Org-Id to get_resources.bash script

* Regenerate toggles_gen.go
* Fix basic.go

* Add GetExternalService tests

* Add GetPublicKeyScopes tests

* Add GetScopesOnUser tests

* Add GetScopes tests

* Add ParsePublicKeyPem tests

* Add database test for GetByName

* re-add comments

* client tests added

* Add GetExternalServicePublicKey tests

* Add other test case to GetExternalServicePublicKey

* client_credentials grant test

* Add test to jwtbearer grant

* Test Comments

* Add handleKeyOptions tests

* Add RSA key generation test

* Add ECDSA by default to EmbeddedSigningKeysService

* Clean up org id scope and audiences

* Add audiences to the DB

* Fix check on Audience

* Fix double import

* Add AC Store mock and align oauthserver tests

* Fix test after rebase

* Adding missing store function to mock

* Fix double import

* Add CODEOWNER

* Fix some linting errors

* errors don't need type assertion

* Typo codeowners

* use mockery for oauthserver store

* Add feature toggle check

* Fix db tests to handle the feature flag

* Adding call to DeleteExternalServiceRole

* Fix flaky test

* Re-organize routes comments and plan futur work

* Add client_id check to Extended JWT client

* Clean up

* Fix

* Remove background service registry instantiation of the OAuth server

* Comment cleanup

* Remove unused client function

* Update go.mod to use the latest ory/fosite commit

* Remove oauth2_server related configs from defaults.ini

* Add audiences to DTO

* Fix flaky test

* Remove registration endpoint and demo scripts. Document code

* Rename packages

* Remove the OAuthService vs OAuthServer confusion

* fix incorrect import ext_jwt_test

* Comments and order

* Comment basic auth

* Remove unecessary todo

* Clean api

* Moving ParsePublicKeyPem to utils

* re ordering functions in service.go

* Fix comment

* comment on the redirect uri

* Add RBAC actions, not only scopes

* Fix tests

* re-import featuremgmt in migrations

* Fix wire

* Fix scopes in test

* Fix flaky test

* Remove todo, the intersection should always return the minimal set

* Remove unecessary check from intersection code

* Allow env overrides on settings

* remove the term app name

* Remove app keyword for client instead and use Name instead of ExternalServiceName

* LogID remove ExternalService ref

* Use Name instead of ExternalServiceName

* Imports order

* Inline

* Using ExternalService and ExternalServiceDTO

* Remove xorm tags

* comment

* Rename client files

* client -> external service

* comments

* Move test to correct package

* slimmer test

* cachedUser -> cachedExternalService

* Fix aggregate store test

* PluginAuthSession -> AuthSession

* Revert the nil cehcks

* Remove unecessary extra

* Removing custom session

* fix typo in test

* Use constants for tests

* Simplify HandleToken tests

* Refactor the HandleTokenRequest test

* test message

* Review test

* Prevent flacky test on client as well

* go imports

* Revert changes from 526e48ad45

* AuthN: Change the External Service registration form (#68649)

* AuthN: change the External Service registration form

* Gen default permissions

* Change demo script registration form

* Remove unecessary comment

* Nit.

* Reduce cyclomatic complexity

* Remove demo_scripts

* Handle case with no service account

* Comments

* Group key gen

* Nit.

* Check the SaveExternalService test

* Rename cachedUser to cachedClient in test

* One more test case to database test

* Comments

* Remove last org scope

Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>

* Update pkg/services/oauthserver/utils/utils_test.go

* Update pkg/services/sqlstore/migrations/oauthserver/migrations.go

Remove comment

* Update pkg/setting/setting.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

---------

Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
2023-05-25 15:38:30 +02:00
Ieva
d54fa569ec
Chore: Remove legacy AC checks from team (#68715)
* removing legacy AC checks from team API handlers

* Chore: remove `UserIDFilter` from team queries (#68820)

* remove userIDfilter from team queries in favour of RBAC SQL filtering

* fix typo

* remove redundant tests

* remove another unused function

* fix failing test
2023-05-22 18:41:53 +02:00
Andreas Christou
108acee08e
CloudMonitoring: Initial GCM Schema (#67739)
* Initial GCM schema work

- Split types for convenience
- Update conditionals where needed
- Update type references

* Add additional supporting types

* Add some more accessory and legacy types

* Add missing type

* Rename backend folder

* Add missing generated file

* Review
2023-05-22 17:19:54 +01:00
Andres Martinez Gotor
aa9838bd25
Chore: Refactor manifest verifier (#67218) 2023-04-27 17:54:28 +02:00
Andres Martinez Gotor
9d7c3a101d
Chore: Use KVStore for the manifest public key (#66839) 2023-04-25 13:01:49 +02:00
Bruno
d4715a6f04
CSRF middleware: Add flag to skip login cookie check (#66806)
* CSRF middleware: add flag to skip login cookie check

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

---------

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2023-04-24 10:11:08 -03:00
Eric Leijonmarck
6b8c77c70c
Usagestats: Add interface for stats for user.Service and add Usagestats for case_insensitive_login (#66742)
* add interface for stats

* add user service to registry
2023-04-18 14:34:40 +01:00