Commit Graph

78 Commits

Author SHA1 Message Date
Karl Persson
8d74296b6c
Authn: Always set namespace (#96230)
* Rename from AllowedKubernetesNamespace to Namespace

* Use a sync hook to always set namespace for Identity.

* format

* Don't set uid when authenticating as user
2024-11-12 10:12:47 +01:00
Ryan McKinley
c0de407fee
K8s/Dashboards: Delegate large objects to blob store (#94943) 2024-11-09 08:09:46 +03:00
Karl Persson
3bcbf231ee
IDToken: fix namespace format (#95341)
* Bump authlib version

* Remove temporary formatter and start signing tokens with `stacks-` prefix

* update workspace
2024-11-04 09:33:03 +01:00
Yuri Tseretyan
672d5f92f2
Chore: Fix population of details when converting from errutil errors to K8s error (#94996) 2024-10-18 13:15:13 -04:00
Karl Persson
a82d01214d
Auth: Update authlib (#94947)
* Update authlib
2024-10-18 13:36:21 +02:00
Marcus Efraimsson
42016dc359
Chore: Update SDK to v0.255.0 (#94894) 2024-10-18 10:42:32 +02:00
Ryan McKinley
8b9bb2acf6
K8s/Folders: Warn against using full path in metadata (#94829) 2024-10-17 14:32:39 +03:00
Alexander Zobnin
9f1b584c85
Chore: Update authlib version (#94714)
* Chore: Update authlib version

* update workspace

* use ParseNamespace()
2024-10-15 16:58:46 +02:00
Arati R.
011978e81b
K8s/Folders: Remove folder service from client (#94450)
* Support getting full path of UIDs
* Use full path to set parents field
* Update get folder test
* Add folder store test for getting with full path UIDs
* Add test for parsing parent titles
* Test nested folder create payload
2024-10-10 13:22:57 +02:00
Karl Persson
9ece88d585
Zanzana: bump openfga version (#94485)
* Bump openfga

* Remove internall sqlite implementation for openfga

* Use sqlite implementation from openfga
2024-10-10 09:07:40 +02:00
Todd Treece
a4d919c157
Chore: Update k8s.io dependencies to v0.31.1 (#93696) 2024-10-03 15:50:15 -04:00
Santiago
aa77023008
Alerting: Fix panics when attempting to create an Alertmanager after failing (#94023) 2024-09-30 13:50:35 -03:00
Karl Persson
0160f4f72c
RBAC: Add legacy authorization checks to service accounts (#93753)
* Extract a helper funtion to perform list with authorization checks

* Add k8s verb to utils package

* Construct default mapping when no custom mapping is passed

* Configure authorization checks for service accounts

* Fix helper and add filtering to service accounts
2024-09-27 15:53:11 +02:00
Gabriel MABILLE
6b89e3f711
go.mod: Authlib update (#93642) 2024-09-24 09:41:52 +02:00
Claudiu Dragalina-Paraipan
a8b07b0c81
[authn] use authlib client+interceptors for in-proc mode (#93124)
* Add authlib gRPC authenticators for in-proc mode

* implement `StaticRequester` signing in the unified resource client
- [x] when the `claims.AuthInfo` value type is `identity.StaticRequester`, and there's no ID token set, create an internal token and sign it with symmetrical key. This is a workaround for `go-jose` not offering the possibility to create an unsigned token.
- [x] update `IDClaimsWrapper` to support the scenario above
- [x] Switch to using `claims.From()` in `dashboardSqlAccess.SaveDashboard()`

---------

Co-authored-by: gamab <gabriel.mabille@grafana.com>
2024-09-24 09:03:48 +03:00
Karl Persson
2e38329026
RBAC: Add required component to perform access control checks for user api when running single tenant (#93104)
* Unexport store and create new constructor function

* Add ResourceAuthorizer and LegacyAccessClient

* Configure checks for user store

* List with checks if AccessClient is configured

* Allow system user service account to read all users

---------

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
2024-09-23 11:26:44 +02:00
Todd Treece
d1ffcc22d9
Playlists: Migrate to App SDK codegen (#93246) 2024-09-13 16:27:40 -04:00
Ryan McKinley
9210414782
K8s: support unstructured spec+status mutation with GrafanaMetaAccessor (#92970) 2024-09-10 13:32:18 +03:00
Claudiu Dragalina-Paraipan
3aeb8d390e
[authn] update authlib and claims versions (#93098)
* update authlib version to latest

* make update-workspace -- 2nd run

* manual cleanup of old version
2024-09-09 15:45:59 +03:00
ismail simsek
6548ea377d
Chore: Bump grafana-plugin-sdk-go version to v0.247.0 (#93095)
* Bump grafana-plugin-sdk-go version to v0.247.0

* make update-workspace

* make update-workspace
2024-09-09 14:36:59 +03:00
Dave Henderson
e1090db5d9
Chore: Bump Go to 1.23.1 (#93007)
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
2024-09-06 20:58:50 +03:00
Claudiu Dragalina-Paraipan
1ce43b4c42
[authn] update authlib and claims versions (#92987)
* update authlib and claims versions

* 2nd make update-workspace

* manual fix
2024-09-05 19:17:15 +03:00
Santiago
87f4df4bc3
Remote Alertmanager: update github.com/go-openapi/runtime (v0.27.1 -> v0.28.0) (#92951) 2024-09-05 08:47:38 -03:00
Marcus Efraimsson
0a337ff3b3
Chore: Update SDK to v0.246.0 (#92938) 2024-09-04 17:30:37 +02:00
Ryan McKinley
cb484f9883
K8s: Move ResourceInfo from common to utils (#92924) 2024-09-04 14:53:14 +03:00
Todd Treece
85ef26a85d
K8s: Add generic support for status (#92378) 2024-08-28 03:45:04 +03:00
Charandas
af2e79aa83
K8s: namespace mapper should use authlib's util (#92332) 2024-08-27 15:01:42 -07:00
Todd Treece
2f01286034
Storage: Add go.mod for apistore (#92224) 2024-08-21 14:32:01 -04:00
Dave Henderson
df3d8915ba
Chore: Bump Go to 1.23.0 (#92105)
* chore: Bump Go to 1.23.0

Signed-off-by: Dave Henderson <dave.henderson@grafana.com>

* update swagger files

Signed-off-by: Dave Henderson <dave.henderson@grafana.com>

* chore: update .bingo/README.md formatting to satisfy prettier

Signed-off-by: Dave Henderson <dave.henderson@grafana.com>

* chore(lint): Fix new lint errors found by golangci-lint 1.60.1 and Go 1.23

Signed-off-by: Dave Henderson <dave.henderson@grafana.com>

* keep golden file

* update openapi

* add name to expected output

* chore(lint): rearrange imports to a sensible order

Signed-off-by: Dave Henderson <dave.henderson@grafana.com>

---------

Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
2024-08-21 11:40:42 -04:00
Ryan McKinley
2e60f28044
Auth: remove id token flag (#92209) 2024-08-21 16:30:17 +03:00
Karl Persson
b6540e2a18
SSOSettings: Add api:s (#92018)
* apis: add sso setting resource

* Implement Storage for sso

* Rename packages

* Merge identity and sso package

* Update table format and expose GetNestedBool

* Restructure identity api package
2024-08-21 09:16:47 +02:00
Will Browne
704b07b3f0
Plugins: Bump plugin SDK to latest (0.244.0) (#92057)
bump SDK
2024-08-20 14:40:51 +03:00
Ryan McKinley
a0cd89860e
Identity: Add endpoint to get display info for an identifier (#91828) 2024-08-15 14:38:43 +03:00
Karl Persson
5105fb7f3a
Identity: remove GetIDClaims (#91901)
remove GetIDClaims
2024-08-15 11:39:13 +02:00
Todd Treece
da6b02a2b0
K8s: Add k8s codegen PR check (#91903) 2024-08-14 11:06:37 -04:00
Karl Persson
8d36111420
IDForwarding: Set identity type and uid (#91830)
* Set identity type and uid

* Set uid without prefix

* Update authlib version

* Update to new claim name
2024-08-14 10:51:44 +02:00
Todd Treece
4ce82d3f14
Chore: Update k8s.io dependencies to v0.30.0 (#91851) 2024-08-13 14:01:48 -04:00
Karl Persson
8bcd9c2594
Identity: Remove typed id (#91801)
* Refactor identity struct to store type in separate field

* Update ResolveIdentity to take string representation of typedID

* Add IsIdentityType to requester interface

* Use IsIdentityType from interface

* Remove usage of TypedID

* Remote typedID struct

* fix GetInternalID
2024-08-13 10:18:28 +02:00
Karl Persson
7f1ae1cd54
Identity: Update authlib to version that has correct commit to claims (#91784)
* Update authlib to version that has correct commit to claims
2024-08-12 09:39:48 +02:00
Ryan McKinley
21d4a4f49e
Auth: use IdentityType from authlib (#91763) 2024-08-12 09:26:53 +03:00
Andreas Christou
24c9aad5bb
Bump grafana-azure-sdk-go and related dependencies (#91124)
* Bump Azure SDK and related dependencies

* Update go.mods

* update-workspace

* Update go files
2024-08-09 13:12:19 -04:00
Ryan McKinley
243c0935fc
Auth: Use claims.AuthInfo in requester (#91739) 2024-08-09 19:46:56 +03:00
Karl Persson
bcfb66b416
Identity: remove GetTypedID (#91745) 2024-08-09 18:20:24 +03:00
Todd Treece
7f155b2b6f
Chore: Add go workspace scripts (#91707) 2024-08-08 16:51:17 -04:00
Todd Treece
b4126d3bce
Chore: Update k8s.io dependencies (#91692) 2024-08-08 18:39:44 +03:00
Ryan McKinley
a223c46506
APIServer: Make TableConverter part of ResourceInfo (#91520) 2024-08-05 15:38:12 +03:00
Claudiu Dragalina-Paraipan
e2435f92f1
[authn]: add GetIDClaims() to Requester (#91387)
* authn: add GetIDClaims() to Requester

Co-Authored-By: Gabriel MABILLE <gamab@users.noreply.github.com>

* authn: update StaticRequester

Co-Authored-By: Gabriel MABILLE <gamab@users.noreply.github.com>

* update auth/idtest/mock

Co-Authored-By: Gabriel MABILLE <gamab@users.noreply.github.com>

* Fix test

Co-authored-by: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com>

---------

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: gamab <gabriel.mabille@grafana.com>
2024-08-02 12:36:02 +03:00
Todd Treece
e890279dcf
Chore: Add go work sync to workspace update (#91360) 2024-08-01 00:06:05 +03:00
Ryan McKinley
728150bdbd
Identity: extend k8s user.Info (#90937) 2024-07-30 08:27:23 +03:00
Ryan McKinley
ec6c6bd6c3
Identity: Add read-only identity apiserver (#90418) 2024-07-26 17:09:08 +03:00