* Conf: Add org_mapping and org_attribute_path to github and gitlab conf
* Gitlab: Implement org role mapping
* Update docs
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Introduce preLogoutHooks in authn service
* Add gcom_logout_hook
* Config the api token from the Grafana config file
* Simplify
* Add tests for logout hook
* Clean up
* Update
* Address PR comment
* Fix
* Load custom clouds from config file
* Update docs
* Use the correct list of clouds, add test, fix error condition handling
* Remove on custom cloud from sample.ini and docs
* Remove unnecessary else block
* Use cached json instead of serializing with each request
* Update grafana-azure-sdk-go version to v2.0.4
* update configure-grafana entry for clouds_config
* fix lint errors
* fix lint errors
---------
Co-authored-by: Jeremy Angel (from Dev Box) <jeremyangel@microsoft.com>
* Social: link to OrgRoleMapper
* OIDC: support Generic Oauth org to role mappings
Fixes: #73448
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
* Handle when getAllOrgs fails in the org_role_mapper
* Add more tests
* OIDC: ensure orgs are evaluated from API when not from token
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
* OIDC: ensure AutoAssignOrg is applied with OrgMapping without RoleAttributeStrict
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
* Extend docs
* Fix test, lint
---------
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
* Add setting for changing shortlink expiration time
* Add docs, add better language
* put all the numbers in the duration 🤷
* 🙄
* update language to be correct and clear
* Add max limit and more documentation
* Alerting: Make retention period configurable for the notification log
* update sample.ini
* fix outdated comment (on disk -> kvstore)
* skip checking cyclomatic complexity for ReadUnifiedAlertingSettings
* Implement run migration endpoint
* Refactor RunMigration method into separate methods
* Save migration runs fix lint
* Minor changes
* Refactor how to use cms endpoint
* fix interface
* complete merge
* add individual items
* adds tracing to getMigration
* linter
* updated swagger definition with the latest changes
* CloudMigrations: Implement core API handlers for cloud migrations and migration runs (#85407)
* implement delete
* add auth token encryption
* implement token validation
* call token validation during migration creation
* implement get migration status
* implement list migration runs
* fix bug
* finish parse domain func
* fix urls
* fix typo
* fix encoding and decoding
* remove double decryption
* add missing slash
* fix id returned by create function
* inject missing services
* finish implementing (as far as I can tell right now) data migration and response handling
* comment out broken test, needs a rewrite
* add a few final touches
* get dashboard migration to work properly
* changed runMigration to a POST
* swagger
* swagger
* swagger
---------
Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com>
Co-authored-by: Leonard Gram <leo@xlson.com>
Co-authored-by: Michael Mandrus <41969079+mmandrus@users.noreply.github.com>
* add function to static function to static service
* find email and login claims with jmespath
* rename configuration files
* Replace JWTClaims struct for map
* check for subclaims error
* server: reload of grafana server certs when renewed without restart.
Signed-off-by: Rao, B V Chalapathi <b_v_chalapathi.rao@nokia.com>
* server: reload of grafana server certs when renewed without restart.
Signed-off-by: Rao, B V Chalapathi <b_v_chalapathi.rao@nokia.com>
* Update http_server.go
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update http_server.go
Address the comments
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Dan Cech <dan@aussiedan.com>
* Update http_server.go
Align the spaces
* Update http_server.go
* Update http_server.go
* Update pkg/api/http_server.go
Co-authored-by: Dan Cech <dan@aussiedan.com>
---------
Signed-off-by: Rao, B V Chalapathi <b_v_chalapathi.rao@nokia.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Dan Cech <dan@aussiedan.com>
Removes legacy alerting, so long and thanks for all the fish! 🐟
---------
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
Co-authored-by: Sonia Aguilar <soniaAguilarPeiron@users.noreply.github.com>
Co-authored-by: Armand Grillet <armandgrillet@users.noreply.github.com>
Co-authored-by: William Wernert <rwwiv@users.noreply.github.com>
Co-authored-by: Yuri Tseretyan <yuriy.tseretyan@grafana.com>
* poc
* add logger, skip hook when user is not assigned to default org
* Add tests, move to hook folder
* docs
* Skip for OrgId < 1
* Address feedback
* Update docs/sources/setup-grafana/configure-grafana/_index.md
* lint
* Move the hook to org_sync.go
* Update pkg/services/authn/authnimpl/sync/org_sync.go
* Handle the case when GetUserOrgList returns error
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* hard disable for legacy alerting
* remove alerting section from configuration file
* update documentation to not refer to deleted section
* remove AlertingEnabled from usage in UA setting parsing
* Introduce environment.local_filesystem_available
* Only show TLS client cert, client key, client ca when local_filesystem_available is true
* Rename LocalFSAvailable to LocalFileSystemAvailable
* query OAuth info from a new instance
* add `hd` validation flag
* add `disable_hd_validation` to settings map
* update documentation
---------
Co-authored-by: Jo <joao.guerreiro@grafana.com>
* introduce new config section [unified_alerting.state_history.annotations] and deprecate settings in [alerting]
Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com>
* add password service interface
* add password service implementation
* add tests for password service
* add password service wiring
* add feature toggle
* Rework from service interface to static function
* Replace previous password validations
* Add codeowners to password service
* add error logs
* update config files
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Add notification settings to storage\domain and API models. Settings are a slice to workaround XORM mapping
* Support validation of notification settings when rules are updated
* Implement route generator for Alertmanager configuration. That fetches all notification settings.
* Update multi-tenant Alertmanager to run the generator before applying the configuration.
* Add notification settings labels to state calculation
* update the Multi-tenant Alertmanager to provide validation for notification settings
* update GET API so only admins can see auto-gen
* Add config for limit of rules per rule group
* Warn when editing big groups through normal API
* Warn on prov api writes for groups
* Wire up comp root, tests
* Also add warning to state manager warm
* Drop unnecessary conversion
* merge JSON search logic
* document public methods
* improve test coverage
* use separate JWT setting struct
* correct use of cfg.JWTAuth
* add group tests
* fix DynMap typing
* add settings to default ini
* add groups option to devenv path
* fix test
* lint
* revert jwt-proxy change
* remove redundant check
* fix parallel test
* remove latest.json and replace with api call to grafana.com
* remove latest.json
* Revert "remove latest.json"
This reverts commit bcff43d898.
* Revert "remove latest.json and replace with api call to grafana.com"
This reverts commit 02b867d84e.
* add deprecation message to latest.json
* (WIP) Alerting: Use the forked Alertmanager for remote secondary mode
* fall back to using internal AM in case of error
* remove TODOs, clean up .ini file, add orgId as part of remote AM config struct
* log warnings and errors, fall back to remoteSecondary, fall back to internal AM only
* extract logic to decide remote Alertmanager mode to a separate function, switch on mode
* tests
* make linter happy
* remove func to decide remote Alertmanager mode
* refactor factory function and options
* add default case to switch statement
* remove ineffectual assignment
* Can add allowed custom headers to an email Message. WIP.
* adds slug as a custom email header to all outgoing emails
* Headers are static - declared as key/value pairs in config. All static headers get added to emails.
* updates comment
* adds tests for parsing smtp static headers
* updates test to assert static headers are included when building email
* updates test to use multiple static headers
* updates test names
* fixes linting issue with error
* ignore gocyclo for loading config
* updates email headers in tests to be formatted properly
* add static headers first
* updates tests to assert that regular headers like From cant be overwritten
* ensures only the header is in a valid format for smtp and not the value
* updates comment and error message wording
* adds to docs and ini sample files
* updates smtp.static_headers docs examples formatting
* removes lines commented with semi colons
* prettier:write
* renames var
* Plugins: add option to disable TLS in the socks proxy
* fix allow_insecure docs
* upgrade github.com/grafana/grafana-plugin-sdk-go from v0.196.0 to v0.197.0
* fix conflicts
* Add Azure settings and update tests
* Filter by plugin ID
* Add forward settings config variable
* Update line
* Add tests
* Update so that data sources are fully defined in config
* Update SDK and test
* Fix lint
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com>
* Remove unnecessary if
---------
Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com>
* Unified Alerting: Set `max_attempts` to 1 by default
The retry logic for unified alerting has been broken as far as v9.4.x, rather than fixing it in one go and causing a headache to our users with rules putting extra load on their datasources - I think a better approach is to simply set 1 as a default and then let our users change it.
I see two cons with this approach:
- Configuration for legacy to unified alerting cannot be ported over automatically, users will have to manually set `max_attempts` to 3 when migrating.
- Users expecting to get any sort of retrying (as with legacy alerting) will not have it out of the box and will have to manually edit the configuration.
Signed-off-by: gotjosh <josue.abreu@gmail.com>
---------
Signed-off-by: gotjosh <josue.abreu@gmail.com>
* Alerting: Add clean_upgrade config and deprecate force_migration
Upgrading to UA and rolling back will no longer delete any data by default.
Instead, each set of tables will remain unchanged when switching between
legacy and UA. As such, the force_migration config has been deprecated
and no extra configuration is required to roll back to legacy anymore.
If clean_upgrade is set to true when upgrading from legacy alerting to Unified
Alerting, grafana will first delete all existing Unified Alerting resources,
thus re-upgrading all organizations from scratch. If false or unset,
organizations that have previously upgraded will not lose their existing Unified
Alerting data when switching between legacy and Unified Alerting.
Similar to force_migration, it should be kept false when not needed as it may
cause unintended data-loss if left enabled.
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Split signout_redirect_url into per provider settings
* Split signout_redirect_url into per provider settings
* Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana/index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Split signout_redirect_url into per provider settings
* Split signout_redirect_url into per provider settings
* Split signout_redirect_url into per provider settings
* Split signout_redirect_url into per provider settings
* Split signout_redirect_url into per provider settings
* Split signout_redirect_url into per provider settings
* update docs
* update devenvs
* add missing struct tag
---------
Co-authored-by: Rao, B V Chalapathi <b_v_chalapathi.rao@nokia.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: jguer <me@jguer.space>
* support google oauth allowed_groups. unify allowed groups logic
* add role mapping for google oauth
* add documentation
* add addendums
* remove extra isGroupMember
* add to sample ini
* Apply suggestions from code review
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* add configuration options to .ini file and parse them
* updates on config options, add external AM config to the main config struct
* separate external AM configs from general alerting configs, naming
* comments about usage of tenantID in basic auth & not using config options yet
* Do not update statistics at service collector startup
* Configurable collector interval
* Introduce initial random delay
* Prevent reporting metrics until the stats have been collected
* Apply suggestion from code review
* enforce role sync except if skip org role sync is enabled
* move errors to errors file and set codes
* fix docs and defaults
* remove legacy parameter
* support fall through token-api in generic oauth
* fix error handling for generic_oauth
* Update pkg/login/social/generic_oauth.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Update pkg/login/social/gitlab_oauth_test.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Update pkg/login/social/gitlab_oauth_test.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* First changes
* WIP docs
* Align current tests
* Add test for UseRefreshToken
* Update docs
* Fix
* Remove unnecessary AuthCodeURL from generic_oauth
* Change GitHub to disable use_refresh_token by default
* github oauth doc improvements
* add skip_org_role_sync to config for github provider
* update links and section headings
* update the docs based on the first PR
* update references
* split queries and merge responses
* increase concurrency again
* update unit test to verify the headers are merged
* fix lint issue
* fix race condition in unit test
* Fix function name and add a bit more documentation about how the func should be used
* update function call after rename
* check for duplicate header vals
* make concurrent query limit configurable
* Update conf/sample.ini
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
---------
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
This commit adds support for concurrent queries when saving alert
instances to the database. This is an experimental feature in
response to some customers experiencing delays between rule evaluation
and sending alerts to Alertmanager, resulting in flapping. It is
disabled by default.
