* inital changes, db migration
* changes
* Implement basic GetAll, Delete
* Add first batch of tests
* Add more tests
* Add service tests for GetForProvider, List
* Update http_server.go + wire.go
* Lint + update fixed role
* Update CODEOWNERS
* Change API init
* Change roles, rename
* Review with @kalleep
* Revert a mistakenly changed part
* Updates based on @dmihai 's feedback
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Add interface verification compliance
* rework service account api to a provider
* wire the service accounts api
* rewire the implementation of sa srv for the proxy
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
This PR replaces the vendored models in the migration with their equivalent ngalert models. It also replaces the raw SQL selects and inserts with service calls.
It also fills in some gaps in the testing suite around:
- Migration of alert rules: verifying that the actual data model (queries, conditions) are correct 9a7cfa9
- Secure settings migration: verifying that secure fields remain encrypted for all available notifiers and certain fields migrate from plain text to encrypted secure settings correctly e7d3993
Replacing the checks for custom dashboard ACLs will be replaced in a separate targeted PR as it will be complex enough alone.
* Extract code to manage service accounts
* Add test with client credentials grants
* Fix test with the changed interface
* Wire
* Fix HandleTokenRequest
* Add tests to extsvcaccounts
* Rename Retrieve function
* Document the interface
* OnGoing
* Continue migrating structure
* Comment
* Add intermediary service
* Remove unused error so far
* no need for fmt use errors
* use RoleNone
* Docs
* Fix test
* Accounting for review feedback
* Rename oauthserver.ExternalService to OAuthClient
* Revert as the interface looks weird
* Update pluginintegration
* Rename oauthserver.ExternalService
* closer to what it was before
* remove API tagging method and authed tagging
* add anonstore
move debug to after cache
change test order
fix issue where mysql trims to second
* add old device cleanup
lint
utc-ize everything
trim whitespace
* remove dangling setting
* Add delete devices
* Move anonymous authnclient to anonimpl
* Add simple post login hook
* move registration of Background Service
cleanup
* add updated_at index
* do not untag device if login err
* add delete device integration test
* feat: add ability to launch targeted dskit modules in the grafana server CLI command
This commit adds a ModuleServer and ModuleRunner suitable for launching dskit services and updates the server cli command to use this instead of the full Server. The default behavior is unchanged and will launch the full Grafana server. Individual services are targeted by setting target=comma,seperated,list in the config file.
* require dev mode to target dskit modules
* remove unused type
* replace setting.CommandLineArgs w/setting.Cfg; the caller can deal with calling setting.NewCfg
* Update pkg/server/module_server.go
Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
---------
Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
* Authn: Add interface for external identity sync
This interface is implemented by authnimpl.Service and just triggers PostAuthHooks and skipping last seen update by default
* Authn: Add SyncIdentity to fake and add a new mock
* Chore: Add AwaitHealthy to ModuleEngine and Server
* switch from fmt.Errorf to errors.New
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
---------
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
* chore: wrap HTTP server in a dskit module
Much of the logic from this comes from the POC branch, so:
- credit for this work goes to everyone else
- mistakes are my own
This is needed to support microservice deployment modes.
* added an arbitrarily-chosen 30second timeout
* add grafana-apiserver
* remove watchset & move provisioning and http server to background
services
* remove scheme
* otel fixes (#70874)
* remove module ProvideRegistry test
* use certgenerator from apiserver package
* Control collector/pdata from going to v1.0.0-rc8 (as Tempo 1.5.1 would have it)
* Plugins: Angular detector: Remote patterns fetching
* Renamed PatternType to GCOMPatternType
* Renamed files
* Renamed more files
* Moved files again
* Add type checks, unexport GCOM structs
* Cache failures, update log messages, fix GCOM URL
* Fail silently for unknown pattern types, update docstrings
* Fix tests
* Rename gcomPattern.Value to gcomPattern.Pattern
* Refactoring
* Add FlagPluginsRemoteAngularDetectionPatterns feature flag
* Fix tests
* Re-generate feature flags
* Add TestProvideInspector, renamed TestDefaultStaticDetectorsInspector
* Add TestProvideInspector
* Add TestContainsBytesDetector and TestRegexDetector
* Renamed getter to provider
* More tests
* TestStaticDetectorsProvider, TestSequenceDetectorsProvider
* GCOM tests
* Lint
* Made detector.detect unexported, updated docstrings
* Allow changing grafana.com URL
* Fix API path, add more logs
* Update tryUpdateRemoteDetectors docstring
* Use angulardetector http client
* Return false, nil if module.js does not exist
* Chore: Split angualrdetector into angularinspector and angulardetector packages
Moved files around, changed references and fixed tests:
- Split the old angulardetector package into angular/angulardetector and angular/angularinspector
- angulardetector provides the detection structs/interfaces (Detector, DetectorsProvider...)
- angularinspector provides the actual angular detection service used directly in pluginsintegration
- Exported most of the stuff that was private and now put into angulardetector, as it is not required by angularinspector
* Renamed detector.go -> angulardetector.go and inspector.go -> angularinspector.go
Forgot to rename those two files to match the package's names
* Renamed angularinspector.ProvideInspector to angularinspector.ProvideService
* Renamed "harcoded" to "static" and "remote" to "dynamic"
from PR review, matches the same naming schema used for signing keys fetching
* WIP: Angular: cache patterns in db, moved gcom into pluginsintegration
More similar to signing keys fetching
* Rename package, refactoring
* try to solve circular import
* Fix merge conflict on updated angular patterns
* Fix circular imports
* Fix wire gen
* Add docstrings, refactoring
* Removed angualrdetectorsprovider dependency into angularpatternsstore
* Moved GCOM test files
* Removed GCOM cache
* Renamed Detect to DetectAngular and Detector to AngularDetector
* Fix call to NewGCOMDetectorsProvider in newDynamicInspector
* Removed unused test function newError500GCOMScenario
* Added angularinspector service definition in pluginsintegration
* refactoring
* lint
* Fix angularinspector TestProvideService
* cleanup
* Await initial restore
* Register dynamicAngularDetector background service
* Removed static detectors provider from pluginsintegration
* Add tests for kvstore
* Add more tests
* order imports in dynamic_test.go
* Fix potential panic in dynamic_test
* Add "runs the job periodically" test
* lint
* add timeout to test
* refactoring
* Removed context.Context from DetectorsProvider
* Refactoring, ensure angular dynamic background service is not started if feature flag is off
* Fix deadlock on startup
* Fix angulardetectorsprovider tests
* Revert "Removed context.Context from DetectorsProvider"
This reverts commit 4e8c6dded7.
* Fix wrong argument number in dynamic_teset
* Standardize gcom http client
* Reduce context timeout for angular inspector in plugins loader
* Simplify initial restore logic
* Fix dynamic detectors provider tests
* Chore: removed angulardetector/provider.go
* Add more tests
* Removed backgroundJob interface, PR review feedback
* Update tests
* PR review feedback: remove ErrNoCachedValue from kv store Get
* Update tests
* PR review feedback: add IsDisabled and remove nop background srevice
* Update tests
* Remove initialRestore channel, use mux instead
* Removed backgroundJobInterval, use package-level variable instead
* Add TestDynamicAngularDetectorsProviderBackgroundService
* Removed timeouts
* pr review feedback: restore from store before returning the service
* Update tests
* Log duration on startup restore and cron run
* Switch cron job start log to debug level
* Do not attempt to restore if disabled
* [Chore] Remove setting provider from secret service
Co-authored-by: Tania B <yalyna.ts@gmail.com>
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
* Add a ShouldBeRedacted func
Co-authored-by: Tania B <yalyna.ts@gmail.com>
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
* Secrets: Make Migrator extensible
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Tania B <yalyna.ts@gmail.com>
* Alerting: Fix tests after refactor
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Tania B <yalyna.ts@gmail.com>
* Remove commented code no longer used
* Fix Wire bindings
Co-authored-by: Tania B <yalyna.ts@gmail.com>
* Add constructors to secrets
* Linting
* Undo undesired change
---------
Co-authored-by: gamab <gabi.mabs@gmail.com>
Co-authored-by: Tania B <yalyna.ts@gmail.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Moving POC files from #64283 to a new branch
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* Adding missing permission definition
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* Force the service instantiation while client isn't merged
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* Merge conf with main
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* Leave go-sqlite3 version unchanged
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* tidy
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* User SearchUserPermissions instead of SearchUsersPermissions
* Replace DummyKeyService with signingkeys.Service
* Use user🆔<id> as subject
* Fix introspection endpoint issue
* Add X-Grafana-Org-Id to get_resources.bash script
* Regenerate toggles_gen.go
* Fix basic.go
* Add GetExternalService tests
* Add GetPublicKeyScopes tests
* Add GetScopesOnUser tests
* Add GetScopes tests
* Add ParsePublicKeyPem tests
* Add database test for GetByName
* re-add comments
* client tests added
* Add GetExternalServicePublicKey tests
* Add other test case to GetExternalServicePublicKey
* client_credentials grant test
* Add test to jwtbearer grant
* Test Comments
* Add handleKeyOptions tests
* Add RSA key generation test
* Add ECDSA by default to EmbeddedSigningKeysService
* Clean up org id scope and audiences
* Add audiences to the DB
* Fix check on Audience
* Fix double import
* Add AC Store mock and align oauthserver tests
* Fix test after rebase
* Adding missing store function to mock
* Fix double import
* Add CODEOWNER
* Fix some linting errors
* errors don't need type assertion
* Typo codeowners
* use mockery for oauthserver store
* Add feature toggle check
* Fix db tests to handle the feature flag
* Adding call to DeleteExternalServiceRole
* Fix flaky test
* Re-organize routes comments and plan futur work
* Add client_id check to Extended JWT client
* Clean up
* Fix
* Remove background service registry instantiation of the OAuth server
* Comment cleanup
* Remove unused client function
* Update go.mod to use the latest ory/fosite commit
* Remove oauth2_server related configs from defaults.ini
* Add audiences to DTO
* Fix flaky test
* Remove registration endpoint and demo scripts. Document code
* Rename packages
* Remove the OAuthService vs OAuthServer confusion
* fix incorrect import ext_jwt_test
* Comments and order
* Comment basic auth
* Remove unecessary todo
* Clean api
* Moving ParsePublicKeyPem to utils
* re ordering functions in service.go
* Fix comment
* comment on the redirect uri
* Add RBAC actions, not only scopes
* Fix tests
* re-import featuremgmt in migrations
* Fix wire
* Fix scopes in test
* Fix flaky test
* Remove todo, the intersection should always return the minimal set
* Remove unecessary check from intersection code
* Allow env overrides on settings
* remove the term app name
* Remove app keyword for client instead and use Name instead of ExternalServiceName
* LogID remove ExternalService ref
* Use Name instead of ExternalServiceName
* Imports order
* Inline
* Using ExternalService and ExternalServiceDTO
* Remove xorm tags
* comment
* Rename client files
* client -> external service
* comments
* Move test to correct package
* slimmer test
* cachedUser -> cachedExternalService
* Fix aggregate store test
* PluginAuthSession -> AuthSession
* Revert the nil cehcks
* Remove unecessary extra
* Removing custom session
* fix typo in test
* Use constants for tests
* Simplify HandleToken tests
* Refactor the HandleTokenRequest test
* test message
* Review test
* Prevent flacky test on client as well
* go imports
* Revert changes from 526e48ad45
* AuthN: Change the External Service registration form (#68649)
* AuthN: change the External Service registration form
* Gen default permissions
* Change demo script registration form
* Remove unecessary comment
* Nit.
* Reduce cyclomatic complexity
* Remove demo_scripts
* Handle case with no service account
* Comments
* Group key gen
* Nit.
* Check the SaveExternalService test
* Rename cachedUser to cachedClient in test
* One more test case to database test
* Comments
* Remove last org scope
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* Update pkg/services/oauthserver/utils/utils_test.go
* Update pkg/services/sqlstore/migrations/oauthserver/migrations.go
Remove comment
* Update pkg/setting/setting.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
---------
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* removing legacy AC checks from team API handlers
* Chore: remove `UserIDFilter` from team queries (#68820)
* remove userIDfilter from team queries in favour of RBAC SQL filtering
* fix typo
* remove redundant tests
* remove another unused function
* fix failing test