11 Commits

Author	SHA1	Message	Date
Jo	ed1ad34f9b	ServiceAccounts: Allow use of UIDs for Service Account routes (#95401)	2024-10-28 10:49:48 +01:00
Karl Persson	7fba9ba522	SA: Fix name validation so we can prevent creating service account with protected prefix (#94762) ... Fix name validation so we can prevent creating service account with protected prefix	2024-10-16 10:27:06 +02:00
Gabriel MABILLE	8d84517103	AuthN: Introduce DefaultOrgID function for managed service accounts (#93432) ... * Managed Service Accounts: Use AutoAssignOrgID * Fix the IsExternalServiceAccount function * Reassign service account role * Account for AutoAssignOrg * Update pkg/services/serviceaccounts/models.go * Simplify IsExternalServiceAccount function * Add tests * Easier to understand test * Revert small change	2024-09-20 14:43:29 +02:00
Gabriel MABILLE	2795f9827a	ExtSvcAccounts: FIX prevent service account deletion (#84502) ... * ExtSvcAccounts: Fix External Service Accounts Login check Co-authored-by: Karl Persson <kalle.persson@grafana.com> * Remove service accounts assignments and permissions on delete * Fix first set of tests * Fix second batch of tests * Fix third batch of tests --------- Co-authored-by: Karl Persson <kalle.persson@grafana.com>	2024-03-14 19:11:02 +01:00
linoman	5bc4f56c79	IAM: Protect external service accounts frontend list page (#77834) ... * Add `isExternal` property to frontend model * Remove enabled and token buttons for external SA * Replace trash icon for lock icon for external SA * Block the role picker for external SA * Filter SA list using the external filter * Add only external filter at backend --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>	2023-11-09 17:45:46 +01:00
Gabriel MABILLE	bf363b3234	ServiceAccounts: Use isManaged in DTO instead of isExternal (#77634) ... * ServiceAccounts: Use IsManaged in DTO instead of isExternal * Revert omitempty * Modify the other DTO * Swagger	2023-11-03 17:49:11 +01:00
linoman	dff7403b29	auth: implement feature flag for service account proxy (#77129) ... * add FlagExternalServiceAccounts to proxy service * add FlagExternalServiceAccounts value to tests --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>	2023-10-25 16:44:05 +02:00
linoman	1bc81b7bd1	auth: migrate api interface implementation (#77040) ... * expand serviceaccount service interface * implemet FakeServiceAccountService * Replace SA service interface from api * merge sa proxy tests with new fake service * implement DeleteServiceAccountToken * add test for DeleteServiceAccountToken	2023-10-25 12:40:30 +02:00
Gabriel MABILLE	897e3a4dab	AuthN: Add metrics to external service accounts management (#76789) ... * AuthN: Add metrics to external service accounts management * Add a new metric to count stored external service accounts * Update variable names Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> * Add test to SearchOrgServiceAccounts * Add feature flags checks before registering and using the metrics --------- Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>	2023-10-24 15:54:14 +02:00
Gabriel MABILLE	3015e5921f	Chore: Move extsvcaccounts package to serviceaccounts (#76977) ... * Chore: Move extsvcaccounts package to serviceaccounts * Fix proxy * Fix tests * Fix linting	2023-10-24 11:01:04 +02:00
linoman	359d84799e	auth: add serviceaccount proxy (#76815) ... * Add proxy service template * Replace SA srv with proxy for external SA srv * Move service account prefix to a constant * Prevent deletion from external service account * Make SA validation a resusable function * Add protection for creating service accounts * Add protection when updating service accounts * Add IsExternal field for service account * Protect ext service account token generation * Add verbose errors for form name or sa name * add tests * Add logs * Adjusts tests --------- Co-authored-by: Misi <mgyongyosi@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>	2023-10-23 14:09:42 +02:00