grafana

Commit Graph

Author	SHA1	Message	Date
Misi	54a347463e	IAM: Use the new authorizer for the User resource (#111479 ) * Use the new authorizer for the User resource * Use accessClient * Update pkg/services/authz/rbac/mapper.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>	2025-09-24 11:32:29 +02:00
Misi	c012a95fa1	IAM: Add role to User (#111256 ) * codegen fix * Return user role from the legacy store * Lint * Add tests, gen openapi * make generate * revert go.mod, go.sum, go.work.sum changes * Update go.mod and go.sum	2025-09-19 11:12:00 +02:00
Mihai Doarna	9d9dca3208	IAM: Adds the team creation endpoint in app platform (#111003 ) * implement team creation for legacy store * add generated code * add basic integration test * add new fields to get and list teams * fix sql tests for teams * register dual writer for team resource * add generated code * add more sql tests for team creation * address feedback * add integration tests	2025-09-18 14:43:07 +03:00
Misi	29551a6edf	IAM: Implement Delete in Service Account API (#110584 ) * wip * IAM: Create Service Account * Add dual writer * Update openapi_test.go * Add integration tests * Add sql tests * Add Role to SA spec, add validation, add DBTime, add tests * Format, update test * Fixes * Add check for External * wip * Fix merge * wip * Use plugin name instead of title for ext svc account login Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Remove OrgID from DeleteUserCommand * Use the new authorizer * Fix tests * cleanup * Move test to enterprise * Revert unnecessary change * Address feedback * Revert "Address feedback" This reverts commit `8ab9559076`. --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>	2025-09-16 15:39:01 +02:00
Gabriel MABILLE	aecc2c9fe7	`grafana-iam`: init mt `resourcepermission` apis (#110821 ) * Init mt resource permissions * Few fixes for the mt service to work * Refactor NewAPIService to take the provider and enabledapis	2025-09-11 17:46:29 +02:00
Misi	badea8bc37	IAM: Create Service Account API and legacy store impl (#110411 ) * wip * IAM: Create Service Account * Add dual writer * Update openapi_test.go * Add integration tests * Add sql tests * Add Role to SA spec, add validation, add DBTime, add tests * Format, update test * Fixes * Add check for External * Address feedback * Update tests * Address feedback * make gen-go * Simplify a bit * Fixes * make update-workspace * Update pkg/registry/apis/iam/serviceaccount/store.go Co-authored-by: Ryan McKinley <ryantxu@gmail.com> * Address feedback, add test for generateName --------- Co-authored-by: Ryan McKinley <ryantxu@gmail.com>	2025-09-08 14:31:32 +02:00
Misi	a5c05ba9c1	IAM: Moving code to the /pkg/apps/iam folder (#109985 ) * wip * Gen GetTeams with app sdk * Revert some changes, cleanup * Format iam_manifest.go * Remove generated file * Regenerate openapi defs * Cleanup * Remove TODO	2025-08-28 12:32:15 +02:00
Gabriel MABILLE	b6226c6173	`grafana-iam`: Skeleton of the resource permission api backend (#110218 ) * Extract from #108753 Co-Authored-By: mohammad-hamid <mohammad.hamid@grafana.com> * Tackle create Co-Authored-By: mohammad-hamid <mohammad.hamid@grafana.com> * WIP use identity store to resolve role names * Commit empty service for now * Clean * For now only show name and created at --------- Co-authored-by: mohammad-hamid <mohammad.hamid@grafana.com>	2025-08-27 15:00:09 +02:00
Misi	aade015d96	IAM: Change required permission in the app (#109894 ) * Update required permissions * Align tests	2025-08-21 11:33:56 +00:00
Ryan McKinley	e0404f924c	K8s/SecureValues: Wire InlineSecureValueSupport to apistore (#109449 ) * inline wire * extra fields * add variable * wire	2025-08-11 15:22:56 +03:00
Gabriel MABILLE	1a7a7f1d99	`grafana-iam`: Wire the roles api (#108577 )	2025-07-28 13:36:27 +02:00
Victor Cinaglia	5f6fc38430	iam/authn: Introduce feature flag for authz resource mutations (#108698 ) * iam/authz: introduce feature flag for authz resource mutations * lint: fix typo	2025-07-25 12:05:32 -03:00
Victor Cinaglia	4c17c1cbb6	IAM: Instantiate DualWriter only when in single-tenant mode (#108558 ) * Instantiate dual writer only in ST case * minor cleanup --------- Co-authored-by: Charandas Batra <charandas.batra@grafana.com>	2025-07-24 09:33:53 -03:00
Misi	d5f47d2a6b	IAM: Comment out DualWriter setup for Users (#108241 ) Actionlint / Lint GitHub Actions files (push) Waiting to run Details Backend Code Checks / Validate Backend Configs (push) Waiting to run Details Backend Unit Tests / Detect whether code changed (push) Waiting to run Details Backend Unit Tests / Grafana (${{ matrix.shard }}) (1/8) (push) Blocked by required conditions Details Backend Unit Tests / Grafana (${{ matrix.shard }}) (2/8) (push) Blocked by required conditions Details Backend Unit Tests / Grafana (${{ matrix.shard }}) (3/8) (push) Blocked by required conditions Details Backend Unit Tests / Grafana (${{ matrix.shard }}) (4/8) (push) Blocked by required conditions Details Backend Unit Tests / Grafana (${{ matrix.shard }}) (5/8) (push) Blocked by required conditions Details Backend Unit Tests / Grafana (${{ matrix.shard }}) (6/8) (push) Blocked by required conditions Details Backend Unit Tests / Grafana (${{ matrix.shard }}) (7/8) (push) Blocked by required conditions Details Backend Unit Tests / Grafana (${{ matrix.shard }}) (8/8) (push) Blocked by required conditions Details Backend Unit Tests / Grafana Enterprise (${{ matrix.shard }}) (1/8) (push) Blocked by required conditions Details Backend Unit Tests / Grafana Enterprise (${{ matrix.shard }}) (2/8) (push) Blocked by required conditions Details Backend Unit Tests / Grafana Enterprise (${{ matrix.shard }}) (3/8) (push) Blocked by required conditions Details Backend Unit Tests / Grafana Enterprise (${{ matrix.shard }}) (4/8) (push) Blocked by required conditions Details Backend Unit Tests / Grafana Enterprise (${{ matrix.shard }}) (5/8) (push) Blocked by required conditions Details Backend Unit Tests / Grafana Enterprise (${{ matrix.shard }}) (6/8) (push) Blocked by required conditions Details Backend Unit Tests / Grafana Enterprise (${{ matrix.shard }}) (7/8) (push) Blocked by required conditions Details Backend Unit Tests / Grafana Enterprise (${{ matrix.shard }}) (8/8) (push) Blocked by required conditions Details Backend Unit Tests / All backend unit tests complete (push) Blocked by required conditions Details CodeQL checks / Analyze (actions) (push) Waiting to run Details CodeQL checks / Analyze (go) (push) Waiting to run Details CodeQL checks / Analyze (javascript) (push) Waiting to run Details Lint Frontend / Detect whether code changed (push) Waiting to run Details Lint Frontend / Lint (push) Blocked by required conditions Details Lint Frontend / Typecheck (push) Blocked by required conditions Details Lint Frontend / Betterer (push) Blocked by required conditions Details golangci-lint / lint-go (push) Waiting to run Details Crowdin Upload Action / upload-sources-to-crowdin (push) Waiting to run Details Verify i18n / verify-i18n (push) Waiting to run Details End-to-end tests / Detect whether code changed (push) Waiting to run Details End-to-end tests / Build & Package Grafana (push) Blocked by required conditions Details End-to-end tests / Build E2E test runner (push) Blocked by required conditions Details End-to-end tests / ${{ matrix.suite }} (--flags="--env dashboardScene=false", e2e/old-arch/dashboards-suite, dashboards-suite (old arch)) (push) Blocked by required conditions Details End-to-end tests / ${{ matrix.suite }} (--flags="--env dashboardScene=false", e2e/old-arch/panels-suite, panels-suite (old arch)) (push) Blocked by required conditions Details End-to-end tests / ${{ matrix.suite }} (--flags="--env dashboardScene=false", e2e/old-arch/smoke-tests-suite, smoke-tests-suite (old arch)) (push) Blocked by required conditions Details End-to-end tests / ${{ matrix.suite }} (--flags="--env dashboardScene=false", e2e/old-arch/various-suite, various-suite (old arch)) (push) Blocked by required conditions Details End-to-end tests / ${{ matrix.suite }} (e2e/dashboards-suite, dashboards-suite) (push) Blocked by required conditions Details End-to-end tests / ${{ matrix.suite }} (e2e/panels-suite, panels-suite) (push) Blocked by required conditions Details End-to-end tests / ${{ matrix.suite }} (e2e/smoke-tests-suite, smoke-tests-suite) (push) Blocked by required conditions Details End-to-end tests / ${{ matrix.suite }} (e2e/various-suite, various-suite) (push) Blocked by required conditions Details End-to-end tests / Playwright E2E tests (${{ matrix.shard }}/${{ matrix.shardTotal }}) (1, 8) (push) Blocked by required conditions Details End-to-end tests / Playwright E2E tests (${{ matrix.shard }}/${{ matrix.shardTotal }}) (2, 8) (push) Blocked by required conditions Details End-to-end tests / Playwright E2E tests (${{ matrix.shard }}/${{ matrix.shardTotal }}) (3, 8) (push) Blocked by required conditions Details End-to-end tests / Playwright E2E tests (${{ matrix.shard }}/${{ matrix.shardTotal }}) (4, 8) (push) Blocked by required conditions Details End-to-end tests / Playwright E2E tests (${{ matrix.shard }}/${{ matrix.shardTotal }}) (5, 8) (push) Blocked by required conditions Details End-to-end tests / Playwright E2E tests (${{ matrix.shard }}/${{ matrix.shardTotal }}) (6, 8) (push) Blocked by required conditions Details End-to-end tests / Playwright E2E tests (${{ matrix.shard }}/${{ matrix.shardTotal }}) (7, 8) (push) Blocked by required conditions Details End-to-end tests / Playwright E2E tests (${{ matrix.shard }}/${{ matrix.shardTotal }}) (8, 8) (push) Blocked by required conditions Details End-to-end tests / All Playwright tests complete (push) Blocked by required conditions Details End-to-end tests / A11y test (push) Blocked by required conditions Details End-to-end tests / All E2E tests complete (push) Blocked by required conditions Details Frontend tests / Detect whether code changed (push) Waiting to run Details Frontend tests / Unit tests (${{ matrix.chunk }} / 8) (1) (push) Blocked by required conditions Details Frontend tests / Unit tests (${{ matrix.chunk }} / 8) (2) (push) Blocked by required conditions Details Frontend tests / Unit tests (${{ matrix.chunk }} / 8) (3) (push) Blocked by required conditions Details Frontend tests / Unit tests (${{ matrix.chunk }} / 8) (4) (push) Blocked by required conditions Details Frontend tests / Unit tests (${{ matrix.chunk }} / 8) (5) (push) Blocked by required conditions Details Frontend tests / Unit tests (${{ matrix.chunk }} / 8) (6) (push) Blocked by required conditions Details Frontend tests / Unit tests (${{ matrix.chunk }} / 8) (7) (push) Blocked by required conditions Details Frontend tests / Unit tests (${{ matrix.chunk }} / 8) (8) (push) Blocked by required conditions Details Frontend tests / Decoupled plugin tests (push) Blocked by required conditions Details Frontend tests / All frontend unit tests complete (push) Blocked by required conditions Details Integration Tests / Sqlite (${{ matrix.shard }}) (1/8) (push) Waiting to run Details Integration Tests / Sqlite (${{ matrix.shard }}) (2/8) (push) Waiting to run Details Integration Tests / Sqlite (${{ matrix.shard }}) (3/8) (push) Waiting to run Details Integration Tests / Sqlite (${{ matrix.shard }}) (4/8) (push) Waiting to run Details Integration Tests / Sqlite (${{ matrix.shard }}) (5/8) (push) Waiting to run Details Integration Tests / Sqlite (${{ matrix.shard }}) (6/8) (push) Waiting to run Details Integration Tests / Sqlite (${{ matrix.shard }}) (7/8) (push) Waiting to run Details Integration Tests / Sqlite (${{ matrix.shard }}) (8/8) (push) Waiting to run Details Integration Tests / MySQL (${{ matrix.shard }}) (1/8) (push) Waiting to run Details Integration Tests / MySQL (${{ matrix.shard }}) (2/8) (push) Waiting to run Details Integration Tests / MySQL (${{ matrix.shard }}) (3/8) (push) Waiting to run Details Integration Tests / MySQL (${{ matrix.shard }}) (4/8) (push) Waiting to run Details Integration Tests / MySQL (${{ matrix.shard }}) (5/8) (push) Waiting to run Details Integration Tests / MySQL (${{ matrix.shard }}) (6/8) (push) Waiting to run Details Integration Tests / MySQL (${{ matrix.shard }}) (7/8) (push) Waiting to run Details Integration Tests / MySQL (${{ matrix.shard }}) (8/8) (push) Waiting to run Details Integration Tests / Postgres (${{ matrix.shard }}) (1/8) (push) Waiting to run Details Integration Tests / Postgres (${{ matrix.shard }}) (2/8) (push) Waiting to run Details Integration Tests / Postgres (${{ matrix.shard }}) (3/8) (push) Waiting to run Details Integration Tests / Postgres (${{ matrix.shard }}) (4/8) (push) Waiting to run Details Integration Tests / Postgres (${{ matrix.shard }}) (5/8) (push) Waiting to run Details Integration Tests / Postgres (${{ matrix.shard }}) (6/8) (push) Waiting to run Details Integration Tests / Postgres (${{ matrix.shard }}) (7/8) (push) Waiting to run Details Integration Tests / Postgres (${{ matrix.shard }}) (8/8) (push) Waiting to run Details Integration Tests / All backend integration tests complete (push) Blocked by required conditions Details Reject GitHub secrets / reject-gh-secrets (push) Waiting to run Details Build Release Packages / setup (push) Waiting to run Details Build Release Packages / Dispatch grafana-enterprise build (push) Blocked by required conditions Details Build Release Packages / ${{ needs.setup.outputs.version }} / ${{ matrix.name }} (targz:grafana:darwin/amd64, darwin-amd64) (push) Blocked by required conditions Details Build Release Packages / ${{ needs.setup.outputs.version }} / ${{ matrix.name }} (targz:grafana:darwin/arm64, darwin-arm64) (push) Blocked by required conditions Details Build Release Packages / ${{ needs.setup.outputs.version }} / ${{ matrix.name }} (targz:grafana:linux/amd64,deb:grafana:linux/amd64,rpm:grafana:linux/amd64,docker:grafana:linux/amd64,docker:grafana:linux/amd64:ubuntu,npm:grafana,storybook, linux-amd64) (push) Blocked by required conditions Details Build Release Packages / ${{ needs.setup.outputs.version }} / ${{ matrix.name }} (targz:grafana:linux/arm/v6,deb:grafana:linux/arm/v6, linux-armv6) (push) Blocked by required conditions Details Build Release Packages / ${{ needs.setup.outputs.version }} / ${{ matrix.name }} (targz:grafana:linux/arm/v7,deb:grafana:linux/arm/v7,docker:grafana:linux/arm/v7,docker:grafana:linux/arm/v7:ubuntu, linux-armv7) (push) Blocked by required conditions Details Build Release Packages / ${{ needs.setup.outputs.version }} / ${{ matrix.name }} (targz:grafana:linux/arm64,deb:grafana:linux/arm64,rpm:grafana:linux/arm64,docker:grafana:linux/arm64,docker:grafana:linux/arm64:ubuntu, linux-arm64) (push) Blocked by required conditions Details Build Release Packages / ${{ needs.setup.outputs.version }} / ${{ matrix.name }} (targz:grafana:linux/s390x,deb:grafana:linux/s390x,rpm:grafana:linux/s390x,docker:grafana:linux/s390x,docker:grafana:linux/s390x:ubuntu, linux-s390x) (push) Blocked by required conditions Details Build Release Packages / ${{ needs.setup.outputs.version }} / ${{ matrix.name }} (targz:grafana:windows/amd64,zip:grafana:windows/amd64,msi:grafana:windows/amd64, windows-amd64) (push) Blocked by required conditions Details Build Release Packages / ${{ needs.setup.outputs.version }} / ${{ matrix.name }} (targz:grafana:windows/arm64,zip:grafana:windows/arm64, windows-arm64) (push) Blocked by required conditions Details Build Release Packages / Upload artifacts (push) Blocked by required conditions Details Run dashboard schema v2 e2e / dashboard-schema-v2-e2e (push) Waiting to run Details Shellcheck / Shellcheck scripts (push) Waiting to run Details Verify Storybook (Playwright) / Verify Storybook (Playwright) (push) Waiting to run Details Verify Storybook / Verify Storybook (push) Waiting to run Details Swagger generated code / Verify committed API specs match (push) Waiting to run Details Dispatch sync to mirror / dispatch-job (push) Waiting to run Details * Try 1 * Comment out DW setup for users	2025-07-18 09:29:09 +00:00
Misi	c6a6b9fdd2	IAM: Create and delete user from the legacy store (#107694 ) * Add Create for User + DualWriter setup * Add delete User * Fix delete + access check * Add tests for delete user * Add tests for create user * Fixes * Use sqlx session to fix database locked issues * wip authz checks * legacyAccessClient * Update legacyAccessClient, add tests for create user * Close rows before running other queries * Use ExecWithReturningId * Verify deletion in the tests * Add Validate and Mutate * Other changes * Address feedback * Update tests --------- Co-authored-by: Gabriel Mabille <gabriel.mabille@grafana.com>	2025-07-17 11:50:40 +02:00
Misi	713f6d1551	IAM: Move resource definitions to apps/iam step 1 (#107389 ) * wip * Use serviceaccount model from /apps/iam * revert version update * Add tembinding, userteam, other improvements * Change serviceaccounttoken spec * Revert the change of ServiceAccountToken * Revert the change of UserTeam * Clean up * Remove files that are not needed for now * Lint * Update sql query's integration tests * Fix tests * update openapi spec * Move LastSeenAt to the annotations * Updte openapi_snapshots * Change lastSeenAt annotation name	2025-07-04 11:07:48 +02:00
Gabriel MABILLE	3d543a336f	IAM: Register CoreRole apis (#106924 ) * IAM: Register CoreRole apis * one line store instantiation * Small refactor for readability * Add authorizer for CoreRole * Nit * Error strings should not end with punctiation * Account for error * Switch to use the local resource client * error should not start with upper casing * noopStorageErr should have a name starting with err * Update workspace * I don't know why I don't have the same output as the CI 🤷 * Dependency xOwnership * imports * Import order * Rename alias to make it clear this is legacy	2025-06-26 10:11:28 +02:00
Stephanie Hingtgen	ef6e28b955	K8s: Make v0alpha1 opt-in (#107056 )	2025-06-20 16:37:17 -05:00
Ryan McKinley	04fb9f534e	Dashboards: Only expose LibraryPanels and search on v0 (not v1+v2) (#103335 )	2025-04-03 20:24:12 +03:00
Ashley Harrison	e0151528a4	API client generation: Update iam client (#99963 ) * update generated iam client * update API * with meta api * regenerate client * with identify ref --------- Co-authored-by: Ryan McKinley <ryantxu@gmail.com>	2025-02-03 13:40:36 +00:00
Ryan McKinley	b636b81b16	K8s/IAM: Use raw handler for display (not rest.Connector) (#99898 )	2025-02-03 14:24:35 +03:00
Ryan McKinley	680e6bc1f8	Authlib: Use types package rather than claims (#99243 )	2025-01-21 12:06:55 +03:00
Ryan McKinley	5f39d2eeb0	K8s: Make GetAPIRoutes an optional interface (#97531 )	2024-12-07 03:08:18 +03:00
Karl Persson	a82d01214d	Auth: Update authlib (#94947 ) * Update authlib	2024-10-18 13:36:21 +02:00
Ryan McKinley	36c38b5310	APIServer: add prometheus.Registerer to every init request (#94684 )	2024-10-15 07:46:08 +03:00
Karl Persson	86fc8da703	RBAC: Add legacy authorization checks to teams (#94524 ) * Setup team authorization for teams * Add list filter for teams	2024-10-10 16:47:31 +02:00
Karl Persson	0160f4f72c	RBAC: Add legacy authorization checks to service accounts (#93753 ) * Extract a helper funtion to perform list with authorization checks * Add k8s verb to utils package * Construct default mapping when no custom mapping is passed * Configure authorization checks for service accounts * Fix helper and add filtering to service accounts	2024-09-27 15:53:11 +02:00
Karl Persson	c28b37a67b	RBAC: Add option to skip rbac check for specified verbs (#93654 ) * Add option to skip rbac check for specified verbs	2024-09-24 15:13:04 +02:00
Charandas	db97da3465	K8s: handle multiple versions of the same group in standalone mode (#93199 )	2024-09-23 19:07:52 -07:00
Karl Persson	2e38329026	RBAC: Add required component to perform access control checks for user api when running single tenant (#93104 ) * Unexport store and create new constructor function * Add ResourceAuthorizer and LegacyAccessClient * Configure checks for user store * List with checks if AccessClient is configured * Allow system user service account to read all users --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>	2024-09-23 11:26:44 +02:00
Karl Persson	2bfa607ad0	ServiceAccount: Update service account api resource and add service account token (#92972 ) * Create own legacy store function to list service accounts and update api model * Add service account tokens as a sub resource for service accounts	2024-09-05 13:43:54 +02:00
Ryan McKinley	9338e40dc3	K8s/IAM: Move identity.grafana.app to iam.grafana.app (#92929 )	2024-09-05 09:43:54 +03:00

32 Commits