* Add interface verification compliance
* rework service account api to a provider
* wire the service accounts api
* rewire the implementation of sa srv for the proxy
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Disable plugin service account
* Revert extsvc injection
* handle plugin state changes
* Use isProxyEnabled
* Remove plugininteg changes
* Change update function to also work for mysql 😩
* Plugin: enable service account based on plugin settings on
initialization
* Remove misleading comment
* Fix tests
* test message
* Clean up tests
* Simplify tests
* Re-order imports
* Remove unecessary comment
* Enable datasource plugins by default
Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
---------
Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
* Disable plugin service account
* Revert extsvc injection
* handle plugin state changes
* Use isProxyEnabled
* Remove plugininteg changes
* Change update function to also work for mysql 😩
* Change test to also check no collateral update
* Update pkg/services/serviceaccounts/database/store_test.go
* Update pkg/services/serviceaccounts/database/store_test.go
* add FlagExternalServiceAccounts to proxy service
* add FlagExternalServiceAccounts value to tests
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* expand serviceaccount service interface
* implemet FakeServiceAccountService
* Replace SA service interface from api
* merge sa proxy tests with new fake service
* implement DeleteServiceAccountToken
* add test for DeleteServiceAccountToken
* AuthN: Add metrics to external service accounts management
* Add a new metric to count stored external service accounts
* Update variable names
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
* Add test to SearchOrgServiceAccounts
* Add feature flags checks before registering and using the metrics
---------
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
* Add proxy service template
* Replace SA srv with proxy for external SA srv
* Move service account prefix to a constant
* Prevent deletion from external service account
* Make SA validation a resusable function
* Add protection for creating service accounts
* Add protection when updating service accounts
* Add IsExternal field for service account
* Protect ext service account token generation
* Add verbose errors for form name or sa name
* add tests
* Add logs
* Adjusts tests
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Add tests for service accounts metrics usage
* Add service account store implementation
* Add service account service implementation
* Add tests for org metrics usage
* Add org implementation
* Add service implementation
* Allow setting role as None
Co-authored-by: gamab <gabi.mabs@gmail.com>
Seeking for places where role.None would be used
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
Adding None role to the frontend
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
unify org role declaration and remove from add permission
fix backend test
fix backend lint
* remove role none from frontend
* Simplify checks
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
* nits
---------
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
* ui migration WIP
* merge
* migration tests for api
* revert chagnes to align with main
* revert chagnes to align with main
* revert chagnes to align with main
* remove unused code and comments
* revert gen files
* retry logic inplace
* fix a any
* fixed types
* migraiton results now show only result if no failures
* review comments
* wording to make it more actionable
* add migraiton summary text onyl for failed apikeys
* fixed wording and added a close button to the modal
* made the button close the modal
* moved state into component
* fix based on review, naming and removed unused code
* service account migration state optional
* making migration result undefined
* showing total and migrated numbers for a successful migration
* fix payload const to take the payload
* Moving POC files from #64283 to a new branch
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* Adding missing permission definition
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* Force the service instantiation while client isn't merged
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* Merge conf with main
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* Leave go-sqlite3 version unchanged
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* tidy
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* User SearchUserPermissions instead of SearchUsersPermissions
* Replace DummyKeyService with signingkeys.Service
* Use user🆔<id> as subject
* Fix introspection endpoint issue
* Add X-Grafana-Org-Id to get_resources.bash script
* Regenerate toggles_gen.go
* Fix basic.go
* Add GetExternalService tests
* Add GetPublicKeyScopes tests
* Add GetScopesOnUser tests
* Add GetScopes tests
* Add ParsePublicKeyPem tests
* Add database test for GetByName
* re-add comments
* client tests added
* Add GetExternalServicePublicKey tests
* Add other test case to GetExternalServicePublicKey
* client_credentials grant test
* Add test to jwtbearer grant
* Test Comments
* Add handleKeyOptions tests
* Add RSA key generation test
* Add ECDSA by default to EmbeddedSigningKeysService
* Clean up org id scope and audiences
* Add audiences to the DB
* Fix check on Audience
* Fix double import
* Add AC Store mock and align oauthserver tests
* Fix test after rebase
* Adding missing store function to mock
* Fix double import
* Add CODEOWNER
* Fix some linting errors
* errors don't need type assertion
* Typo codeowners
* use mockery for oauthserver store
* Add feature toggle check
* Fix db tests to handle the feature flag
* Adding call to DeleteExternalServiceRole
* Fix flaky test
* Re-organize routes comments and plan futur work
* Add client_id check to Extended JWT client
* Clean up
* Fix
* Remove background service registry instantiation of the OAuth server
* Comment cleanup
* Remove unused client function
* Update go.mod to use the latest ory/fosite commit
* Remove oauth2_server related configs from defaults.ini
* Add audiences to DTO
* Fix flaky test
* Remove registration endpoint and demo scripts. Document code
* Rename packages
* Remove the OAuthService vs OAuthServer confusion
* fix incorrect import ext_jwt_test
* Comments and order
* Comment basic auth
* Remove unecessary todo
* Clean api
* Moving ParsePublicKeyPem to utils
* re ordering functions in service.go
* Fix comment
* comment on the redirect uri
* Add RBAC actions, not only scopes
* Fix tests
* re-import featuremgmt in migrations
* Fix wire
* Fix scopes in test
* Fix flaky test
* Remove todo, the intersection should always return the minimal set
* Remove unecessary check from intersection code
* Allow env overrides on settings
* remove the term app name
* Remove app keyword for client instead and use Name instead of ExternalServiceName
* LogID remove ExternalService ref
* Use Name instead of ExternalServiceName
* Imports order
* Inline
* Using ExternalService and ExternalServiceDTO
* Remove xorm tags
* comment
* Rename client files
* client -> external service
* comments
* Move test to correct package
* slimmer test
* cachedUser -> cachedExternalService
* Fix aggregate store test
* PluginAuthSession -> AuthSession
* Revert the nil cehcks
* Remove unecessary extra
* Removing custom session
* fix typo in test
* Use constants for tests
* Simplify HandleToken tests
* Refactor the HandleTokenRequest test
* test message
* Review test
* Prevent flacky test on client as well
* go imports
* Revert changes from 526e48ad45
* AuthN: Change the External Service registration form (#68649)
* AuthN: change the External Service registration form
* Gen default permissions
* Change demo script registration form
* Remove unecessary comment
* Nit.
* Reduce cyclomatic complexity
* Remove demo_scripts
* Handle case with no service account
* Comments
* Group key gen
* Nit.
* Check the SaveExternalService test
* Rename cachedUser to cachedClient in test
* One more test case to database test
* Comments
* Remove last org scope
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* Update pkg/services/oauthserver/utils/utils_test.go
* Update pkg/services/sqlstore/migrations/oauthserver/migrations.go
Remove comment
* Update pkg/setting/setting.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
---------
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
* remove state and refactor interface to IsDisabled
* update docs and span
* Update pkg/services/apikey/apikey.go
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
---------
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* add: hide apikeys tab on start
* make use of store method
* added hiding of apikeys tab for new org creation
* missing err check
* removed unused files
* implemennted fake to make tests run
* move check for globalHideApikeys from org to admin
* refactor to remove the fake
* removed unused method calls for interface
* Update pkg/services/serviceaccounts/manager/service.go
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* Update pkg/services/serviceaccounts/manager/service.go
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* remove the checkglobal method
* removed duplicate global set const
* add count of apikeys for performance
* remove apikeys adding in UI
* added back deleted file
* added comment on component
* changed wording and copy for hiding and migrating service accounts
* refactor: remove migrationstatus in front/backend
This removes the migrationstatus state from the UI in favor of only
looking at the number of API keys to determine what to show to the user.
This simplifies the logic and makes less calls to the backend with each
page load. This was called both on the API keys page and the Service
accounts page.
- removes the state of migrationstatus from the UI
- removes the backend call
- removes the backend endpoint for migrationstatus
* Update pkg/services/apikey/apikeyimpl/xorm_store.go
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* changes the contet to also be primary
* change id of version for footer component
---------
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* fix org user always getting org id = 1 on auto assign false
* make tests explicit
* use correct cfg in service accounts
* fix api tests
* fix database test of ac
* fix InsertOrgUser returning affected rows as orgID
* add bundle registry service to avoid dependency cycles
* move user support bundle collector to user service
* move usage stat bundle implementation to usage stats
* add info for background service
* fix remaining imports
* whitespace
* remove placeholder image
* improve http client options
* add http clients options for webhook notifier
* ensure http is only used in dev mode
* cleanup errors
* RBAC: Add fake for permissions service
* ServiceAccount: Rewrite create api tests
* ServiceAccount: Rewrite api delete tests
* ServiceAccount: Rewrite api test for RetriveServiceAccount
* ServiceAccount: Refactor UpdateServiceAccount api test
* ServiceAccount: Refactor CreateToken api test
* ServiceAccount: refactor delete token api tests
* ServiceAccount: rewrite list tokens api test
* Remove test helper that is not used any more
* ServiceAccount: remove unused test helpers
* chore: remove unused test helper from sqlstore
TimeNow() is no longer used in any tests in this package.
* chore: move sqlstore.SQLBuilder to the infra/db package
This required some minor refactoring; we need to be a little more explicit about passing around the dialect and engine. On the other hand, that's a few fewer uses of the `dialect` global constant!
* chore: move UserDeletions into the only package using it
* cleanup around moving sqlbuilder
* remove dialect and sqlog global vars
* rename userDeletions to serviceAccountDeletions
* refactor: renaming of files from database to store
* refactor: make service account store private
- moves store interface to manager package
- adds an interface to the ProvideAPI constructor
- refactors tests to use the store when necessary
- adds mocks for the new interface implementations in the tests package
* wip
* refactor: make fakestore in service
* wip
* wip
* wip
* working tests
* trailing whitespaces
* Update pkg/services/serviceaccounts/api/api.go
* Update pkg/services/serviceaccounts/tests/common.go
* Update pkg/services/serviceaccounts/tests/common.go
* refactor: doc string for retriever
* fix import unused
* remove: serviceaccount from featuretoggle
* added: back legacy serviceaccounts feature toggle
* added: docs
* refactor: make query for the SearchQuery
* add: validation of service input fields
* add validation
* remove legacy createorg from org service
* remove another createorg from orgimpl
* remove createorg from api pref tests
* remove createorg from api org tests
* fix tests
* remove createorg from annotations test
* remove createorg from team tests
* remove createorg from service accounts
* remove createorg from accesscontrol tests
* remove createorg from provisioning
* Use quotaservice from sc.hs
* Add new configuration option for SA tokens
* Add new expiry date option to frontend components
* Add backend validation
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
