* add WWW-Authenticate header in the http response of /metrics endpoint in case of wrong basic auth credentials
Signed-off-by: Syed Nihal <syed.nihal@nokia.com>
* added change log for the change fixing the issue https://github.com/grafana/grafana/issues/86902
Signed-off-by: Syed Nihal <syed.nihal@nokia.com>
* Update CHANGELOG.md
---------
Signed-off-by: Syed Nihal <syed.nihal@nokia.com>
* filter the k6 folder out in the SQL queries rather than during post processing to ensure that the correct number of results is always returned
* linting
Adds more spans for timing in accesscontrol and remove permission deduplicating code after benchmarking
---------
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
Co-authored-by: Dave Henderson <dave.henderson@grafana.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
This PR reduces the number of allocations made while caching permissions from the database, fixes the hierarchy of spans and adds new spans for tracing.
---------
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
Co-authored-by: Dave Henderson <dave.henderson@grafana.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
* iam-716 - prevent a folder move operation when the folder's uid or any of its parents uids begin with k6-app
* fox folder move check and only list non-k6 folders to users
* adding tests for moving
* add a test for listing folders
* fix the other tests
* use method that adds folder parent
---------
Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>
* remove unused action set code, refactor the existing code
* fix import ordering
* use a separate interface for permission expansion after all, to avoid circular dependencies
* add comments, fix a test
* Social: link to OrgRoleMapper
* OIDC: support Generic Oauth org to role mappings
Fixes: #73448
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
* Handle when getAllOrgs fails in the org_role_mapper
* Add more tests
* OIDC: ensure orgs are evaluated from API when not from token
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
* OIDC: ensure AutoAssignOrg is applied with OrgMapping without RoleAttributeStrict
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
* Extend docs
* Fix test, lint
---------
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
* logic to expand action set to the underlying actions when permissions are fetched from the DB
* updates needed for dependency injection
* clean up some code, also deduplicate scopes when grouping scopes and actions
* expand on a comment
* rename a method
* add action set resolver
* rename variables
* some fixes and some tests
* more tests
* more tests, and put action set storing behind a feature toggle
* undo change from cfg to feature mgmt - will cover it in a separate PR due to the amount of test changes
* fix dependency cycle, update some tests
* add one more test
* fix for feature toggle check not being set on test configs
* linting fixes
* check that action set name can be split nicely
* clean up tests by turning GetActionSetNames into a function
* undo accidental change
* test fix
* more test fixes
* Remove different constructors and only use NewNamespaceID
* AdminUser: check typed namespace id
* Identity: Add convinient function to parse valid user id when type is either user or service account
* Annotations: Use typed namespace id instead
* clean up error handling in postDashboard and remove UserDisplayDTO
* replace GetUserUID with GetUID and GetNamespacedUID, enforce namespace constant type
* lint fix
* lint fix
* more lint fixes
* Get custom cloud list from grafana-azure-sdk-go for frontend settings
* Remove getAzureClouds() and call CustomClouds() directly
* remove unused type
