* ExtSvcAuth: Assign roles locally
* Fix test
* HandlePluginStateChanged in the OrgID
* Remove Global from command
* Use AssignmentOrgID instead of OrgID
* Remove unecessary test case
* Plugin: Remove external service on plugin removal
* Early exit no service account
* Add log
* WIP
* Cable OAuth2Server client removal
* Move function lower
* Add function to test removal
* Add test to RemoveExternalService
* Test RemoveExtSvcAccount
* remove apostrophy in comment
* Add cfg to plugin installer to check features
* Add feature flag check in the service registration service
* Comments
* Move metrics Inc
* Initialize map
* Reorder
* Initialize mutex as well
* Add HasExternalService as suggested
* WIP: CleanUpOrphanedExternalServices
* Commit suggestion
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
* Nit on test.
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
* oauthserver return names
* Name is not Slug
* Use plugin ID not slug
* Add background job
* remove negation on feature check
* Add test to the CleanUp function
* Test GetExternalServiceNames
* rename test
* Add test for ExtSvcAccountsService_GetExternalServiceNames
* Add a todo
* Add todo
* Option based on mix
* Rewrite a bit the comment
* Opinionated choice use slugs instead of names everywhere
* Nit.
* Comments and re-ordering
* Comment
* Add log
* Add context
---------
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
* Swagger: Fix listTokensResponse
It should return a list of Tokens, not a single one
Also regenerated the API spec from the latest changes + this branch
* Remove pointer
* Add `isManaged` property to frontend model
* Remove enabled and token buttons for managed SA
* Replace trash icon for lock icon for managed SA
* Block the role picker for managed SA
* Filter SA list usiong the managed filter
* Rename external for managed
* Add only managed filter
* Toggle the enable buttons for managed sa
* Disable add token and delete token buttons
* Remove the edit name button
* Disable the Role picker for managed sa
* Hide the permissions section
* Add managed by row
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Plugin: Remove external service on plugin removal
* Add feature flag check in the service registration service
* Initialize map
* Add HasExternalService as suggested
* Commit suggestion
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
* Nit on test.
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
---------
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
* Add `isExternal` property to frontend model
* Remove enabled and token buttons for external SA
* Replace trash icon for lock icon for external SA
* Block the role picker for external SA
* Filter SA list using the external filter
* Add only external filter at backend
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Add interface verification compliance
* rework service account api to a provider
* wire the service accounts api
* rewire the implementation of sa srv for the proxy
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Disable plugin service account
* Revert extsvc injection
* handle plugin state changes
* Use isProxyEnabled
* Remove plugininteg changes
* Change update function to also work for mysql 😩
* Plugin: enable service account based on plugin settings on
initialization
* Remove misleading comment
* Fix tests
* test message
* Clean up tests
* Simplify tests
* Re-order imports
* Remove unecessary comment
* Enable datasource plugins by default
Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
---------
Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
* Disable plugin service account
* Revert extsvc injection
* handle plugin state changes
* Use isProxyEnabled
* Remove plugininteg changes
* Change update function to also work for mysql 😩
* Change test to also check no collateral update
* Update pkg/services/serviceaccounts/database/store_test.go
* Update pkg/services/serviceaccounts/database/store_test.go
* add FlagExternalServiceAccounts to proxy service
* add FlagExternalServiceAccounts value to tests
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* expand serviceaccount service interface
* implemet FakeServiceAccountService
* Replace SA service interface from api
* merge sa proxy tests with new fake service
* implement DeleteServiceAccountToken
* add test for DeleteServiceAccountToken
* AuthN: Add metrics to external service accounts management
* Add a new metric to count stored external service accounts
* Update variable names
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
* Add test to SearchOrgServiceAccounts
* Add feature flags checks before registering and using the metrics
---------
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
* Add proxy service template
* Replace SA srv with proxy for external SA srv
* Move service account prefix to a constant
* Prevent deletion from external service account
* Make SA validation a resusable function
* Add protection for creating service accounts
* Add protection when updating service accounts
* Add IsExternal field for service account
* Protect ext service account token generation
* Add verbose errors for form name or sa name
* add tests
* Add logs
* Adjusts tests
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Add tests for service accounts metrics usage
* Add service account store implementation
* Add service account service implementation
* Add tests for org metrics usage
* Add org implementation
* Add service implementation
* Allow setting role as None
Co-authored-by: gamab <gabi.mabs@gmail.com>
Seeking for places where role.None would be used
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
Adding None role to the frontend
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
unify org role declaration and remove from add permission
fix backend test
fix backend lint
* remove role none from frontend
* Simplify checks
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
* nits
---------
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
* ui migration WIP
* merge
* migration tests for api
* revert chagnes to align with main
* revert chagnes to align with main
* revert chagnes to align with main
* remove unused code and comments
* revert gen files
* retry logic inplace
* fix a any
* fixed types
* migraiton results now show only result if no failures
* review comments
* wording to make it more actionable
* add migraiton summary text onyl for failed apikeys
* fixed wording and added a close button to the modal
* made the button close the modal
* moved state into component
* fix based on review, naming and removed unused code
* service account migration state optional
* making migration result undefined
* showing total and migrated numbers for a successful migration
* fix payload const to take the payload
* Moving POC files from #64283 to a new branch
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* Adding missing permission definition
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* Force the service instantiation while client isn't merged
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* Merge conf with main
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* Leave go-sqlite3 version unchanged
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* tidy
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* User SearchUserPermissions instead of SearchUsersPermissions
* Replace DummyKeyService with signingkeys.Service
* Use user🆔<id> as subject
* Fix introspection endpoint issue
* Add X-Grafana-Org-Id to get_resources.bash script
* Regenerate toggles_gen.go
* Fix basic.go
* Add GetExternalService tests
* Add GetPublicKeyScopes tests
* Add GetScopesOnUser tests
* Add GetScopes tests
* Add ParsePublicKeyPem tests
* Add database test for GetByName
* re-add comments
* client tests added
* Add GetExternalServicePublicKey tests
* Add other test case to GetExternalServicePublicKey
* client_credentials grant test
* Add test to jwtbearer grant
* Test Comments
* Add handleKeyOptions tests
* Add RSA key generation test
* Add ECDSA by default to EmbeddedSigningKeysService
* Clean up org id scope and audiences
* Add audiences to the DB
* Fix check on Audience
* Fix double import
* Add AC Store mock and align oauthserver tests
* Fix test after rebase
* Adding missing store function to mock
* Fix double import
* Add CODEOWNER
* Fix some linting errors
* errors don't need type assertion
* Typo codeowners
* use mockery for oauthserver store
* Add feature toggle check
* Fix db tests to handle the feature flag
* Adding call to DeleteExternalServiceRole
* Fix flaky test
* Re-organize routes comments and plan futur work
* Add client_id check to Extended JWT client
* Clean up
* Fix
* Remove background service registry instantiation of the OAuth server
* Comment cleanup
* Remove unused client function
* Update go.mod to use the latest ory/fosite commit
* Remove oauth2_server related configs from defaults.ini
* Add audiences to DTO
* Fix flaky test
* Remove registration endpoint and demo scripts. Document code
* Rename packages
* Remove the OAuthService vs OAuthServer confusion
* fix incorrect import ext_jwt_test
* Comments and order
* Comment basic auth
* Remove unecessary todo
* Clean api
* Moving ParsePublicKeyPem to utils
* re ordering functions in service.go
* Fix comment
* comment on the redirect uri
* Add RBAC actions, not only scopes
* Fix tests
* re-import featuremgmt in migrations
* Fix wire
* Fix scopes in test
* Fix flaky test
* Remove todo, the intersection should always return the minimal set
* Remove unecessary check from intersection code
* Allow env overrides on settings
* remove the term app name
* Remove app keyword for client instead and use Name instead of ExternalServiceName
* LogID remove ExternalService ref
* Use Name instead of ExternalServiceName
* Imports order
* Inline
* Using ExternalService and ExternalServiceDTO
* Remove xorm tags
* comment
* Rename client files
* client -> external service
* comments
* Move test to correct package
* slimmer test
* cachedUser -> cachedExternalService
* Fix aggregate store test
* PluginAuthSession -> AuthSession
* Revert the nil cehcks
* Remove unecessary extra
* Removing custom session
* fix typo in test
* Use constants for tests
* Simplify HandleToken tests
* Refactor the HandleTokenRequest test
* test message
* Review test
* Prevent flacky test on client as well
* go imports
* Revert changes from 526e48ad45
* AuthN: Change the External Service registration form (#68649)
* AuthN: change the External Service registration form
* Gen default permissions
* Change demo script registration form
* Remove unecessary comment
* Nit.
* Reduce cyclomatic complexity
* Remove demo_scripts
* Handle case with no service account
* Comments
* Group key gen
* Nit.
* Check the SaveExternalService test
* Rename cachedUser to cachedClient in test
* One more test case to database test
* Comments
* Remove last org scope
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* Update pkg/services/oauthserver/utils/utils_test.go
* Update pkg/services/sqlstore/migrations/oauthserver/migrations.go
Remove comment
* Update pkg/setting/setting.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
---------
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* remove state and refactor interface to IsDisabled
* update docs and span
* Update pkg/services/apikey/apikey.go
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
---------
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* add: hide apikeys tab on start
* make use of store method
* added hiding of apikeys tab for new org creation
* missing err check
* removed unused files
* implemennted fake to make tests run
* move check for globalHideApikeys from org to admin
* refactor to remove the fake
* removed unused method calls for interface
* Update pkg/services/serviceaccounts/manager/service.go
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* Update pkg/services/serviceaccounts/manager/service.go
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* remove the checkglobal method
* removed duplicate global set const
* add count of apikeys for performance
* remove apikeys adding in UI
* added back deleted file
* added comment on component
* changed wording and copy for hiding and migrating service accounts
* refactor: remove migrationstatus in front/backend
This removes the migrationstatus state from the UI in favor of only
looking at the number of API keys to determine what to show to the user.
This simplifies the logic and makes less calls to the backend with each
page load. This was called both on the API keys page and the Service
accounts page.
- removes the state of migrationstatus from the UI
- removes the backend call
- removes the backend endpoint for migrationstatus
* Update pkg/services/apikey/apikeyimpl/xorm_store.go
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* changes the contet to also be primary
* change id of version for footer component
---------
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* fix org user always getting org id = 1 on auto assign false
* make tests explicit
* use correct cfg in service accounts
* fix api tests
* fix database test of ac
* fix InsertOrgUser returning affected rows as orgID
* add bundle registry service to avoid dependency cycles
* move user support bundle collector to user service
* move usage stat bundle implementation to usage stats
* add info for background service
* fix remaining imports
* whitespace
* remove placeholder image
* improve http client options
* add http clients options for webhook notifier
* ensure http is only used in dev mode
* cleanup errors
