Commit Graph

52 Commits

Author SHA1 Message Date
Jo
f2bf066ad2
SigningKeys: Add jwks endpoint (#76040)
* add jwks

add remote caching

add expose jwks test

tweaks

* fix swagger

* nt
2023-10-05 15:17:31 +02:00
Ryan McKinley
025b2f3011
Chore: use any rather than interface{} (#74066) 2023-08-30 18:46:47 +03:00
Jo
4821175d40
Auth: Add auth.azure_ad security improvements (#912)
* security improvements id_token

* add audience validation

* add allowOrganizations

* add allowOrganizations tests and documentation

* add log warn on no configuration

* anonymize tenant id

* Apply suggestions from code review

Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-security/configure-authentication/azuread/index.md

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

* Update pkg/login/social/azuread_oauth_test.go

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

* Update pkg/login/social/azuread_oauth_test.go

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

* optimize key validation and add mising fields

* fix missing key_id

* lint

* Update docs/sources/setup-grafana/configure-security/configure-authentication/azuread/index.md

Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>

* lint docs

---------

Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2023-06-23 09:13:38 +02:00
Sofia Papagiannaki
caac9838d8
Build: Fix Redis/Memcached integration tests (#64298)
* Build: Fix integration cache tests

* Allow REDIS_URL with scheme

* Reduce cache integration tests timeout to 5m

* Apply suggestion from code review

* Run redis/memcached integration tests in OSS pipelines

* Change redis image
2023-04-05 11:55:55 +03:00
Carl Bergquist
6d5688ed94
remotecache: set secret service on encryptionstorage (#64849)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2023-03-15 20:19:35 +01:00
Carl Bergquist
eb507dca89
Remotecache: rename setbytearray/getbytearray to set/get and remove codec (#64470)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2023-03-10 13:57:29 +01:00
Jo
4ee389676e
RemoteCache: Cleanup infra remote cache (#64381)
* add warning on Count

* add usagestats service

* fix typo

* remove unused glog

* remote cache stats collect

* add encrypt usage stat

* rename handler

* Update pkg/infra/remotecache/remotecache.go

Co-authored-by: Dan Cech <dcech@grafana.com>

* Update pkg/infra/remotecache/remotecache_test.go

---------

Co-authored-by: Dan Cech <dcech@grafana.com>
2023-03-09 09:26:13 +01:00
Carl Bergquist
7c55dbf37d
Remotecache: Migrates get/set calls to use bytearrays and remove get/set functions (#63525)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2023-03-08 17:08:57 +01:00
Jo
ff78103a24
Authn: Anon session service (#63052)
* add anon sessions package

* add usage stat fn

* implement count for cache

* add anonservice to authn broker

* lint

* add tests for remote cache count

* move anon service to services

* wrap tagging in goroutine

* make func used
2023-02-21 16:21:18 +01:00
Selene
5fe3548691
RemoteCache: Fix null pointer exception in redis cache (#63094)
Fix null pointer exception in redis cache
2023-02-08 17:08:56 +01:00
Carl Bergquist
791b1001af
remote cache: new function to get/set cache items as byte arrays (#62916)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2023-02-06 13:08:03 +01:00
Serge Zaitsev
f531074d89
Chore: Fix goimports grouping in pkg/infra (#62421)
* fix goimports

* fix goimports order
2023-01-30 08:32:25 +00:00
Serge Zaitsev
f1fb202284
Chore: Add encryption codec to the remote cache (#59871)
* add encryption codec to the remote cache

* change config files too

* fix test constructor

* pass codec into the test cache
2022-12-06 15:12:27 +01:00
Serge Zaitsev
3978502d83
Chore: Remote cache key prefix (#59838)
* attempt to implement a remote cache key prefix

* add a test for the prefix store

* oh, linter
2022-12-06 13:20:49 +01:00
Kristin Laemmert
05709ce411
chore: remove sqlstore & mockstore dependencies from (most) packages (#57087)
* chore: add alias for InitTestDB and Session

Adds an alias for the sqlstore InitTestDB and Session, and updates tests using these to reduce dependencies on the sqlstore.Store.

* next pass of removing sqlstore imports
* last little bit
* remove mockstore where possible
2022-10-19 09:02:15 -04:00
Sofia Papagiannaki
8b77ee2734
SQLStore: Ensure that sessions are always closed (#55864)
* SQLStore: Ensure that sessions are always closed

Delete `NewSession()` in favour of `WithDbSession()`

* Add WithDbSessionForceNewSession to the interface

* Apply suggestions from code review
2022-09-29 15:55:47 +03:00
Emil Tullstedt
b287047052
Chore: Upgrade Go to 1.19.1 (#54902)
* WIP

* Set public_suffix to a pre Ruby 2.6 version

* we don't need to install python

* Stretch->Buster

* Bump versions in lib.star

* Manually update linter

Sort of messy, but the .mod-file need to contain all dependencies that
use 1.16+ features, otherwise they're assumed to be compiled with
-lang=go1.16 and cannot access generics et al.

Bingo doesn't seem to understand that, but it's possible to manually
update things to get Bingo happy.

* undo reformatting

* Various lint improvements

* More from the linter

* goimports -w ./pkg/

* Disable gocritic

* Add/modify linter exceptions

* lint + flatten nested list

Go 1.19 doesn't support nested lists, and there wasn't an obvious workaround.
https://go.dev/doc/comment#lists
2022-09-12 12:03:49 +02:00
Kat Yang
3c3039f5b3
Chore: Remove Wrap (#50048)
* Chore: Remove Wrap and Wrapf

* Fix: Add error check
2022-06-03 09:24:24 +02:00
ying-jeanne
a8eef45a44
Logger migration from log15 to gokit/log (#41636)
* migrate log15 to gokit/log

* fix console log

* update some unittest

* fix all unittest

* fix the build

* Update pkg/infra/log/log.go

Co-authored-by: Yuriy Tseretyan <tceretian@gmail.com>

* general type vector

* correct the level key

Co-authored-by: Yuriy Tseretyan <tceretian@gmail.com>
2022-01-06 22:28:05 +08:00
idafurjes
56c3875bb9
Chore: Remove context.TODO (#43458)
* Remove context.TODO() from services

* Fix live test
2021-12-28 10:26:18 +01:00
idafurjes
b8852ef6a3
Chore: Remove context.TODO() (#43409)
* Remove context.TODO() from services

* Fix live test

* Remove context.TODO
2021-12-22 11:02:42 +01:00
Todd Treece
1781c8ec7d
Chore: Add go-redis v8 dependency (#39442)
* adds redis v8 client dependency

* remove go-redis v5 dependency
2021-09-20 22:21:59 +02:00
Serge Zaitsev
643c7fa0cb
Chore: update all +build statements (#38782) 2021-09-01 17:38:56 +03:00
Arve Knudsen
78596a6756
Migrate to Wire for dependency injection (#32289)
Fixes #30144

Co-authored-by: dsotirakis <sotirakis.dim@gmail.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com>
Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
Co-authored-by: Leon Sorokin <leeoniya@gmail.com>
Co-authored-by: Andrej Ocenas <mr.ocenas@gmail.com>
Co-authored-by: spinillos <selenepinillos@gmail.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: Leonard Gram <leo@xlson.com>
2021-08-25 15:11:22 +02:00
Carl Bergquist
a10fa5cad3
Instrumentation: Start tracing database requests (#34572)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2021-05-27 13:55:33 +02:00
Serge Zaitsev
da13f88862
Redact sensitive values before logging them (#33829)
* use a common way to redact sensitive values before logging them

* fix panic on missing testCase.err, simplify require checks

* fix a silly typo

* combine readConfig and buildConnectionString methods, as they are closely related
2021-05-10 17:03:10 +02:00
Arve Knudsen
12661e8a9d
Move middleware context handler logic to service (#29605)
* middleware: Move context handler to own service

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

Co-authored-by: Emil Tullsted <sakjur@users.noreply.github.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-12-11 11:44:44 +01:00
Arve Knudsen
8d5b0084f1
Middleware: Simplifications (#29491)
* Middleware: Simplify

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* middleware: Rename auth_proxy directory to authproxy

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-12-02 12:44:51 +01:00
Arve Knudsen
b5379c5335
Chore: Fix SQL related Go variable naming (#28887)
* Chore: Fix variable naming

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-11 06:21:08 +01:00
Arve Knudsen
a5d9196a53
Chore/fix lint issues (#27704)
* Chore: Fix linting issues

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-09-22 16:22:19 +02:00
Arve Knudsen
41d432b5ae
Chore: Enable whitespace linter (#25903)
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-07-06 20:17:28 +02:00
Mario Trangoni
5116420e9a
Fix misspell issues (#23905)
* Fix misspell issues

See,
$ golangci-lint run --timeout 10m --disable-all -E misspell ./...

Signed-off-by: Mario Trangoni <mjtrangoni@gmail.com>

* Fix codespell issues

See,
$ codespell -S './.git*' -L 'uint,thru,pres,unknwon,serie,referer,uptodate,durationm'

Signed-off-by: Mario Trangoni <mjtrangoni@gmail.com>

* ci please?

* non-empty commit - ci?

* Trigger build

Co-authored-by: bergquist <carl.bergquist@gmail.com>
Co-authored-by: Kyle Brandt <kyle@grafana.com>
2020-04-29 21:37:21 +02:00
Arve Knudsen
7349a6b96c
pkg/infra: Check errors (#19705)
* pkg/infra: Check errors

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* pkg/infra: Handle errors

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/infra/usagestats/usage_stats.go

Co-Authored-By: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2019-10-10 16:42:11 +02:00
Kyle Brandt
f689b60426
remotecache: support SSL with redis (#18511)
* update go-redis lib from v2 -> v5
* add ssl option to the redis connection string
fixes #18498
2019-08-13 06:51:13 -04:00
Markus Blaschke
31547597d3 remote_cache: Fix redis connstr parsing (#18204)
* Fix redis connstr parsing

* Don’t log the password
2019-07-23 16:45:04 +03:00
Kyle Brandt
0adbb001db RemoteCache: redis connection string parsing test (#17702) 2019-06-24 11:51:38 +02:00
Sofia Papagiannaki
7b70e7db2d
AuthProxy: Optimistic lock pattern for remote cache Set (#17485)
* Implementation of optimistic lock pattern

Try to insert the remote cache key and handle integrity error

* Remove transaction

Integrity error inside a transaction results in deadlock

* Remove check for existing remote cache key

Is no longer needed since integrity constrain violations are handled

* Add check for integrity constrain violation

Do not update the row if the insert statement fails
for other than an integrity constrain violation

* Handle failing inserts because of deadlocks

If the insert statement fails because of a deadlock
try to update the row

* Add utility function for returning SQL error code

Useful for debugging

* Add logging for failing expired cache key deletion

Do not shallow it completely

* Revert "Add utility function for returning SQL error code"

This reverts commit 8e0b82c79633e7d8bc350823cbbab2ac7a58c0a5.

* Better log for failing deletion of expired cache key

* Add some comments

* Remove check for existing cache key

Attempt to insert the key without checking if it's already there
and handle the error situations

* Do not propagate deadlocks created during update

Most probably somebody else is trying to insert/update
the key at the same time so it is safe enough to ignore it
2019-06-13 15:36:09 +02:00
Kyle Brandt
c09fe3c3b4
remote_cache: Fix redis (#17483)
* wip: fix remote cache for redis
connstr parsing and non-negative expires for #17377
TODO: finish parse, check zero case, find out why negative duration in the first place

* finish parse.
Still TODO, find out negative value, and decide if would be better to make database specific entries in the .ini file

* update ini files

* remove accidental uncomment in defaults.ini

* auth_proxy: expiration non-negative so expiration is not in the past

* fix test, revert neg in redis

* review: use errutil
2019-06-10 15:27:08 +02:00
Mario Trangoni
87760d4fde Codestyle: Fix govet issues (#17178)
ref #10381

Signed-off-by: Mario Trangoni <mjtrangoni@gmail.com>
2019-06-04 22:00:05 +02:00
Carl Bergquist
aed3d0d3ad
Remotecache: Avoid race condition in Set causing error on insert. (#17082)
* remotecache: avoid race condition in set

since set called the database twice without transactions another
operation could insert a value before the first operation completed.
which would raise an error on insert since the data have been inserted
by the other request.

closes #17079
2019-05-15 11:24:04 +02:00
zhulongcheng
2fff8f77dc move log package to /infra (#17023)
ref #14679

Signed-off-by: zhulongcheng <zhulongcheng.me@gmail.com>
2019-05-13 08:45:54 +02:00
Carl Bergquist
3f136e0da9
tech: replace bmizerany/assert with stretchr/testify (#16625)
bmizerany is old and unsupported. so we are replacing it
with stretchr which is an drop in replacement and something
we want to use more in Grafana.
2019-04-17 10:25:58 +02:00
Carl Bergquist
490515aec6
build: partially replace gometalinter with golangci-lint (#16610)
we still use gometalinter for goconst since it doesn't 
report errors for duplicated in test files
2019-04-16 10:27:07 +02:00
Oleg Gaidarenko
67cbc7d4cf
Chore: use remote cache instead of session storage (#16114)
Replaces session storage in auth_proxy middleware with remote cache

Fixes #15161
2019-04-08 14:31:46 +03:00
Oleg Gaidarenko
c5bc723a6e Correct table names of sql storage for remotecache 2019-03-20 13:24:56 +01:00
bergquist
6d42d43b22 use constants for cache type 2019-03-14 15:48:20 +01:00
bergquist
0a86a1d7b6 updates old distcache names 2019-03-14 09:23:35 +01:00
bergquist
c001cfe1d9 dont allow inifinite expiration 2019-03-14 09:22:03 +01:00
bergquist
5186273731 return error if cache type is invalid 2019-03-14 08:57:38 +01:00
bergquist
7aeab0a235 use Get instead of Find 2019-03-11 11:04:56 +01:00