* implement perm check with direct db access
* add tests
* more tests
* Update pkg/services/authz/rbac/service.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Update pkg/services/authz/rbac/service.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* allow fetching permissions for a user who is not a member of the org
* linting
* fix typo
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Zanzana: Handle renderer service authorization requests
* only add context if render service is authorizing
* use group and resource from API definitions
* check prefix instead of full identity
* fix AddRenderContext
* remove unused type
* Add setting to adjust number of login attempts before user login gets locked
* Ensure at least one attempt can be made
* Update documentation with new setting
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
* add service account to the schema
* sync managed permissions for service accounts
* sync SA basic roles
* sync SA roles
* Fix endless loop in reconciler while read openfga
* Azure Monitor: Add a feature flag to toggle user auth for Azure Monitor only
* Fix condition for userIdentityEnabled
* Re-add removed test
* Remove unused prop
* Refactor onAuthTypeChange in AzureCredentialsForm
* Add frontend unit tests
* Lint
* Initial streamed version of list
* instantiate openfga client to use StreamedListObjects
* Add config option for using streamed version
* Use caching
* fix cache init
* Fix hashing
* refactor
Remove create relation from generic resources.
We cant have a create relation to a resource because they don't exist yet. So
in oder to check create we either have to have that permissions on a folder or the namespace
* Feature toggles: remove lokiMetricDataplane
* Framing: remove test cases expecting metricDataplane to be false
* Remove test code
* Chore: rename test cases
* Enable getting folders with kubernetes client
* Add TestIntegrationFolderGetPermissions
* Set full path as part of legacy get
* Replace implementation for setting fullpath
* Add folder get test
* Escape forward slash in parent titles
* Replace test for access control metadata
* Add test case to TestIntegrationFolderGetPermissions
* Improve fetching of access control
* Add basic usage of K8s API for notification policies
* Add permissions checks for navtree for routes
* Add and update permissions for routing tree logic
* Add capability to skip calling contact points hook
* Conditionally show list of mute timings depending on permissions
* Conditionally link to mute timings if user can see at least one
* Add work in progress k8s handlers for routing tree
* Update notification policy hooks
* Wire up policies to permissions better (conditionally calling APIs)
* Add additional checks for whether to show grafana AM
* Add permission checks to access control
* Remove accidental permissions after rebase
* Update types and const for k8s routes
* Improve statefulness and reset routing tree in tests
* Update notif policy tests to check k8s and config API
* Fix type assertion
* Move non-grafana test out of .each
* Make failure case safer
* Override tag invalidation for notification policies API
* Pass in error and add new error alert component
* Add basic mock server conflict check
* Add test to check user can save after a conflict
* Add logic to allow reloading policies if changed by another user
* Fix test
* Update translations in Modals
* Add ViewAlertGroups ability
* Tweak provisioning logic and memoize AM config response
* Update snapshots for useAbilities
* Update result destructure
* Use enums for provenance in routingtrees
* Use consistent memoisation
* Fix _metadata for vanilla AM
* useAsync for error / update state
* move k8s api error handling to separate file
* use cause for error codes
* Use `supported` bools from Alertmanager abilities and clarify default policy
---------
Co-authored-by: Konrad Lalik <konrad.lalik@grafana.com>
Co-authored-by: Gilles De Mey <gilles.de.mey@gmail.com>
