Commit Graph

826 Commits

Author SHA1 Message Date
Dave Henderson
19cf9fa87d
Docs: Correct references to 'lockingMigration' (#51678)
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
2022-07-14 15:42:24 -04:00
Matthew Jacobson
28dd413c1d
Alerting: Add config disabled_labels to disable reserved labels (#51832)
* Alerting: Add config disabled_labels to disable reserved labels

[unified_alerting.reserved_labels]
disabled_labels

* Replace IsGrafanaFolderDisabled with more generic IsReservedLabelDisabled

* Simplify SchedulerCfg by including UnifiedAlertingSettings
2022-07-11 12:41:40 -04:00
hannes-256
62b0a8bae6
LDAP: Allow specifying LDAP timeout (#48870)
* Allow specifying LDAP timeout

* Update docs/sources/auth/ldap.md

Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com>

* LDAP timeout: Add annotations; Make functions "private"

* Setting the default timeout if unspecified

* fix goimports lint issue

Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: jguer <joao.guerreiro@grafana.com>
2022-07-08 08:52:54 +02:00
Jguer
b79b53cbdb
JWT: Add JWT proxy setup devenv (#51731)
* JWT: Add JWT Auth devenv

* Auth: JWT allow retrieving login token

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

* JWT: Add JWT Auth Proxy devenv

* JWT: Add instructions to readme

* JWT: Add JWT users

* JWT: Remove oauth users

* revert session changes, unnecessary

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2022-07-07 10:28:04 -04:00
Ieva
31e8e17d2f
allow specifying auth style (#51233) 2022-06-30 10:27:31 +01:00
Timur Olzhabayev
7c886fb6f9
Frontend Logging: Integrate grafana javascript agent (#50801)
Add Grafana Javascript Agent integration to Grafana
2022-06-28 03:25:30 -04:00
Josh Hunt
dcf786f3a9
I18n: Add default locale server config option (#51035)
* I18n: Set default locale in server config and expose in grafanaBootData

* put default locale behind feature flag

* update tests now that default locale is behind feature flag

* little bit of PR feedback

* update sample.ini
2022-06-21 11:12:49 +01:00
ying-jeanne
4489f331b8
Chore: Use the bingo built golangci-lint (#51048)
* use the bingo built golangci-lint

* remove grapl usage

* add dependancy
2022-06-17 19:46:20 +02:00
Ashley Harrison
d0fa326798
Chore: Remove newNavigation feature toggle and old navbar code (#50872)
* Remove newNavigation feature toggle + old code

* fix unit tests

* remove buildCreateNavLinks
2022-06-16 10:48:38 +01:00
Eric Leijonmarck
b5615a1a18
Docs: CSRF add configuration options and documentation for additional headers and origins (#50473)
* added troubleshooting for "origin not allowed" messages

* include in configuration.ini

* moved doc to security

* removed enterprise congiruation

* Update conf/sample.ini

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2022-06-09 09:13:08 +02:00
Jean-Philippe Quéméner
fd664e4beb
Alerting: replace a duplicated configuration key (#50350)
This PR renames the configuration key enabled to capture. This is needed as we already have a configuration key with the name enabled.

Fixes #50328

Co-authored-by: Jean-Philippe Quéméner <JohnnyQQQQ@users.noreply.github.com>
2022-06-08 11:04:51 +08:00
Marcus Efraimsson
36c3398c6d
Datasource: Remove support for unencrypted passwords (#49987)
* Datasource: Remove support for unencrypted passwords

* regenerate swagger

* [WIP] Remove references to datasource password and basic auth password fields (#50015)

* try delete moar tings

* delete provisioning stuff

* remove from yaml

* update snapshots

* remove lingering snapshot fields

* fix ds http settings

* Re-generate swagger and fix swagger-api-spec make target

Co-authored-by: Will Browne <will.browne@grafana.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2022-06-03 17:38:22 +02:00
Copolycube
31a4d97b05
update defaults.ini to add role_attribute_path (#49147)
cf. https://community.grafana.com/t/grafana-gitlab-oauth-env-variable-not-recognized/65039
and https://github.com/grafana/grafana/issues/48637
2022-06-03 13:07:39 +02:00
idafurjes
24c6a73095
Tracing: Deprecate opentracing (#50058)
* Deprecate opentracing

* Fix comment

* Adjust comment

* Fix docs for opentelemetry

* Add deprecated to sample.ini
2022-06-02 14:13:00 +02:00
Karl Persson
389eec089e
AuthProxy: Remove deprecated ldap_sync_ttl setting (#49902)
* Remove deprecated ldap_sync_ttl
2022-05-31 14:08:24 +02:00
Torkel Ödegaard
e1909fe74b
AngularSupport: Update description for angular_support_enabled config option (#49569)
* AngularSupport: Update description for angular_support_enabled config option

* Update angular deprecration plan doc

* Update

* Update article

* Updated
2022-05-25 11:49:12 +02:00
Sriram
27c26c30d1
InfluxDB: Removing influxDB backend migration feature flag (#49531)
Removing the `influxdbBackendMigration` feature toggle default value.
2022-05-24 18:31:03 +01:00
Piotr Jamróz
5a3cd45f79
Query History: Enable new query history by default (#49407)
* Enable new Query History

* Update docs and sample.ini
2022-05-23 16:53:36 +02:00
Sriram
755ec3b469
InfluxDB: Use backend for influxDB by default via feature toggle (#48453) 2022-05-23 12:43:50 +01:00
Erik Sundell
4fc1bf4bfb
enable feature toggle by default (#49173) 2022-05-23 10:07:21 +02:00
Joe Blubaugh
687e79538b
Alerting: Add a general screenshot service and alerting-specific image service. (#49293)
This commit adds a pkg/services/screenshot package for taking and uploading screenshots of Grafana dashboards. It supports taking screenshots of both dashboards and individual panels within a dashboard, using the rendering service.

The screenshot package has the following services, most of which can be composed:

BrowserScreenshotService (Takes screenshots with headless Chrome)
CachableScreenshotService (Caches screenshots taken with another service such as BrowserScreenshotService)
NoopScreenshotService (A no-op screenshot service for tests)
SingleFlightScreenshotService (Prevents duplicate screenshots when taking screenshots of the same dashboard or panel in parallel)
ScreenshotUnavailableService (A screenshot service that returns ErrScreenshotsUnavailable)
UploadingScreenshotService (A screenshot service that uploads taken screenshots)

The screenshot package does not support wire dependency injection yet. ngalert constructs its own version of the service. See https://github.com/grafana/grafana/issues/49296

This PR also adds an ImageScreenshotService to ngAlert. This is used to take screenshots with a screenshotservice and then store their location reference for use by alert instances and notifiers.
2022-05-22 22:33:49 +08:00
Gabriel MABILLE
83e234d4f6
AccessControl: Document basic roles changes and provisioning V2 (#48910)
* AccessControl: Document basic roles simplifying

* Add sample file for provisioning v2

* WIP

* Update provisioning example from docs

* Fix wrong permission in docs

* Nits on about-rbas.md

* Manage rbac roles

* Nit.

* Nit.

* Rephrase

* Comment

* Add version to the role

* Update role

* Update role

* Spell

* Final touch on about-rbac

* Add basic role UID mapping about-rbac

* Team assignments

* assign rbac roles

* move for more info

* enable rbac and provisioning

* spell

* plan rbac rollout strategy

* Cover factory reset

* remove builtin assignment permissions from docs

* to -> from

* Custom role actions scopes

* spell

* Update docs/sources/enterprise/access-control/about-rbac.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/about-rbac.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/assign-rbac-roles.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/assign-rbac-roles.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/assign-rbac-roles.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/plan-rbac-rollout-strategy.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/plan-rbac-rollout-strategy.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/manage-rbac-roles.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/custom-role-actions-scopes.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/custom-role-actions-scopes.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/enable-rbac-and-provisioning.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/manage-rbac-roles.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/manage-rbac-roles.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/manage-rbac-roles.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/manage-rbac-roles.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/manage-rbac-roles.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/manage-rbac-roles.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/manage-rbac-roles.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/manage-rbac-roles.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/manage-rbac-roles.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/manage-rbac-roles.md

* Update docs/sources/enterprise/access-control/manage-rbac-roles.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Remove factory as much as possible

* Update docs/sources/enterprise/access-control/plan-rbac-rollout-strategy.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/plan-rbac-rollout-strategy.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Have -> Must

 Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Have -> Must

 Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Replace factory by hard reset

* Replace LINK

* Update docs/sources/enterprise/access-control/about-rbac.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Suggestion on example descriptions

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/manage-rbac-roles.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Remove comment on permissions escalate

* Prettier.

* add a sentence to explain the type:escalate

* add a sentence to explain the type:escalate

* Rephrase

* Remove TODOs as discussed with jguer

Co-authored-by: Jguer <joao.guerreiro@grafana.com>

* Implement vardan's suggestion to have only one mapping:

Co-authored-by: Vardan Torosyan <vardants@gmail.com>

* Document that you cannot delete basic roles

Co-authored-by: Vardan Torosyan <vardants@gmail.com>

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
2022-05-17 15:46:43 +02:00
Karl Persson
2dc45e3e72
AccessControl: Add enterprise only setting for rbac permission cache (#49006)
* Add enterprise only setting for RBAC permission cache

Co-authored-by: Jguer <joao.guerreiro@grafana.com>
2022-05-16 17:52:10 +02:00
Ieva
f256f625d8
AccessControl: Enable RBAC by default (#48813)
* Add RBAC section to settings

* Default to RBAC enabled settings to true

* Update tests to respect RBAC

Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2022-05-16 12:45:41 +02:00
idafurjes
abb1618291
Add OTLP exporter for OpenTelemetry (#47987)
* Add OTLP exporter for OpenTelemtry

* Fix lint

* Refactore parse settings

* Add configuration for propagation + fix tests

* Fix tests and lint

* Fix alerting tests

* Add coments to config

* Add propagation to custom.ini
2022-05-05 10:37:26 +02:00
Josh Hunt
5dabb55b39
Navigation: Enable new navigation by default (#48447) 2022-05-03 16:28:40 +02:00
Jean-Philippe Quéméner
0a87ef06af
Alerting: add safeguard for migrations that might cause dataloss (#48526)
* Alerting: add safeguard for migrations that might cause dataloss

* add test for panic

* add documentation
2022-05-02 10:38:42 +02:00
Shirley
7bb4f5cd9b
CloudWatch: Add dynamic labels feature toggle (#48498) 2022-04-29 11:43:04 +02:00
Ivana Huckova
da49e94069
Loki: Enable new visual query builder by default (#48346) 2022-04-28 13:03:59 +02:00
Jguer
8126331f66
Update cron library for ldap sync (#47983)
* ldap: update cron library

* Update docs/sources/enterprise/enhanced_ldap.md
2022-04-26 14:14:48 +02:00
Artur Wierzbicki
2e599643f6
Previews: refactor (#47728)
* #44449: return standard thumb service even if auth setup fails

* #44449: remove dashboardPreviewsScheduler feature flag

* #44449: externalize dashboardPreviews config

* #44449: disable previews by default

* #44449: rename logger

* #44449: dashboardPreviewsAdmin feature requires dev mode

* #44449: retrigger CII
2022-04-25 01:55:10 +04:00
Kristina
3e7db088ac
Command Palette Scaffolding + Explore (#47445)
* Add feature flag and scaffodling

* start adding actions

* WIP

* move action files

* Start adding styles

* Fix implementation based on feedback

* Add more hackathon code back to command palette

* Cleanup

* Cleanup unused service files for simple MVP pass

* Move type def to library

* WIP

* Move provider to proper place to pick up other routes’ actions

* Build actions off navbar, add explore actions

* Work around undefined typescript stuff

* Fix based on feedback

* close palette on ESC

* Fix based on PR feedback pt 1

* Move styles to classes

* Move another inline style to a class

* Enable command palette by default

* change around async hook structure

* Add simple feature tracking

* Code cleanup, and be sure the command is accurate

* Change to only render if there are actions, and only add actions once past login
2022-04-21 16:50:34 -05:00
Torkel Ödegaard
057ff5bcf5
Prometheus: Query builder UX tweaks and feedback link (#47655)
* Prometheus: Query builder UX tweaks and feedback link

* Remove .

* Fixed link

* added option to hide feedback links

* feedback link setting name change

* move config check

* fixed ts issue
2022-04-14 15:18:03 +02:00
Torkel Ödegaard
7181efd1cf
Explore: Allow users to save Explore queries to dashboards (#47083)
* Select: Expose AsyncSelectProps interface

* DashboardPicker: Add a generic DashboardPicker component

* Dashboard Service: improve types

* Explore: allow saving explore state in a new panel in an existing dashboard

* Handle saving provisioned dashboards error

* Improve test coverage

* simplify test setup

* Strip base path from url when redirecting to a dashboard

* Keep existing variables when saving to an existing dashboard

* group assertions in test

* SearchCard: handle undefined in meta.updated

* Change required error message

* Add to dashboard alternative

* Add to existing is working

* Add to dashboard form

* remove default add-panel when creating a dashboard from explore

* types cleanup

* remove unneeded BE change

* simplify selector

* Add explore2Dashboard feature toggle

* add tests

* Small refactor & add tests

* small DashboardPicker improvements

* use partial from lodash

* Better error handling

* improve tests & disable button when there are no queries

* rename addPanelToDashboard function

* remove localStorage item if opening tab fails

* UI touchups & tracking

* Fix tests & remove close reporting

* remove echologger debug

* fix adding a panel to an existing dashboard

* Enable explore2Dashboard by default and add docs

* Ensure each panel in dashboards has a valid ID

* force CI restart

Co-authored-by: Elfo404 <me@giordanoricci.com>
2022-04-12 13:26:07 +02:00
Ieva
ef4c2672b3
Access control: SQL filtering for annotation listing (#47467)
* pass in user to attribute scope resolver

* add SQL filter to annotation listing

* check annotation FGAC permissions before exposing them for commenting

* remove the requirement to be able to list all annotations from annotation listing endpoint

* adding tests for annotation listing

* remove changes that got moved to a different PR

* unused var

* Update pkg/services/sqlstore/annotation.go

Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>

* remove unneeded check

* remove unneeded check

* undo accidental change

* undo accidental change

* doc update

* move tests

* redo the approach for passing the user in for scope resolution

* accidental change

* cleanup

* error handling

Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
2022-04-11 13:18:38 +01:00
Will Browne
f3c1448b57
Analytics: Enable grafana and plugin update checks to be operated independently (#46352)
* add separate cfg for controlling plugin update checks

* https

* add specific version note to docs

* pr feedback

* fixup
2022-04-06 10:50:21 +02:00
Cameron Waterman
8426cfe400
Profile/Help: Expose option to disable profile section and help menu (#46308)
* Expose option to disable help menu

* Expose option to disable profile menu

* Add Profile FeatureTogglePage

* Update public/app/features/profile/FeatureTogglePage.tsx

Uptake PR wording suggestion.

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* Fix front end lint issue

* Fix back end lint issue

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
2022-03-29 16:27:53 +01:00
Marcus Efraimsson
9eb2cd537d
Plugins: Make backend plugin metrics endpoints available with optional authentication (#46467)
* add new endpoint without auth+config

* add cfg check

* fit lint issue

* Add basic auth support

Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>

* WIP docs

* Update docs/sources/administration/view-server/internal-metrics.md

Co-authored-by: Dave Henderson <dhenderson@gmail.com>

* update instructions

Co-authored-by: Will Browne <will.browne@grafana.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
Co-authored-by: Dave Henderson <dhenderson@gmail.com>
2022-03-29 11:18:26 +02:00
Torkel Ödegaard
e10c4397dc
Prometheus: Enable new visual query builder by default (#46634)
* Prometheus: Enable new query builder by default

* Updated e2e test

* Fixed e2e
2022-03-23 07:28:19 +01:00
sivamu
6c468daabc
AzureAD OAuth: Add optional strict parsing of role_attribute_path for Azure AD (#42157)
* AzureAD OAuth: Add optional strict parsing of role_attribute_path for Azure AD

Fix casting issues

modify unit tests

Unit test fix

Add proper test args

* Return empty role when using strict attribute mode

* Raise error on empty role

* Fix UT for latest case
2022-03-18 10:34:16 +00:00
Joan López de la Franca Beltran
2081f37e95
Encryption: Make DEKs cache TTL & cleanup interval configurable (#46042)
* Make DEKs cache TTL & cleanup interval configurable

* Improve 'data_keys_cache_ttl' setting description

* Fix test
2022-03-16 20:05:13 +01:00
Sergey Kostrukov
1dca39fb91
Auth Proxy: encoding of non-ASCII headers (#44797)
* Decode auth proxy headers using URL encoding

* Header encoding configuration via settings file

* Rename configuration setting to headers_encoded

* Quoted-printable encoding

* Tests for AuthProxy

* Fix encoding name

* Remove authproxy init
2022-03-04 04:58:27 -05:00
baez90
6beba5a049
Chore: add setting to skip org assignment for external users (#34834)
* Chore: add setting to skip org assignment for external users

Introduce 'skip_org_role_update_sync' setting to skip any kind of org assignment during the login of external users.
As a consequence manual organization assignments won't be overridden during the upsert of an external user.

Part of #22605

* Chore: Rename skip_org_role_update_sync to oauth_skip_org_role_update_sync and relocate it to auth section

* Chore: replace global setting access where possible
2022-02-21 17:34:47 +01:00
Dan Cech
51cd6f3cc5
Configuration: Add ability to customize okta login button name and icon (#44079)
* add ability to customize okta login button name and icon

* update configs, add basic frontend test

* add icon to oauth settings type

* trigger tests

* fix typecheck
2022-02-16 11:35:00 -05:00
Torkel Ödegaard
2b9e46d1f8
Angular: Option to disable angular support and isolate angular dependencies (#45421)
* Angular: Initial setting that disables angular, load angular support in separate chunk

* Load angular panels on demand

* Load alerting in separate chunk only when angularSupportEnabled

* progress, do not export core_module if angular disabled

* Progress

* Update public/app/features/plugins/built_in_plugins.ts

Co-authored-by: Ryan McKinley <ryantxu@gmail.com>

* Removing remaining usage of angular from outside angular app (not counting plugins)

* Update config and docs

* Fix sample.ini

* Update public/app/features/alerting/AlertTab.tsx

Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>

* Fixing prettier issue

Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
2022-02-16 17:14:33 +01:00
Sofia Papagiannaki
d718ee1918
SQLStore: Prevent concurrent migrations (#44101)
* SQLStore: Prevent concurrent migrations

* Hide behind a feature toggle

* Configurable locking attempt timeout

* Update docs/sources/administration/configuration.md

Co-authored-by: Igor Suleymanov <radiohead@users.noreply.github.com>
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
2022-02-15 18:54:27 +02:00
Will Browne
fc42dfe396
Auth: Guarantee consistency of signed SigV4 headers (#45054)
* use latest sigv4 changes

* update configuration docs

* lint

* reformat lint ignore

* specific version for docs
2022-02-08 14:48:17 +01:00
Ivana Huckova
4e37a53a1c
Query history: Create API to add query to query history (#44479)
* Create config to enable/disable query history

* Create add to query history functionality

* Add documentation

* Add test

* Refactor

* Add test

* Fix built errors and linting errors

* Refactor

* Remove old tests

* Refactor, adjust based on feedback, add new test

* Update default value
2022-01-28 17:55:09 +01:00
Alex Vandiver
844b194f5b
Middleware: Don't require HTTPS for HSTS headers to be emitted (#35147)
Grafana itself may not be serving content over HTTPS, but it may be
behind a transparent proxy which does.

Fixes #26770.  Based on #26868.
2022-01-28 07:23:28 +01:00
Dan Cech
1e89fc157d
update snapshots server url (#44563)
* update snapshots server url
* update all old references to snapshot.raintank.io
2022-01-27 16:11:20 -05:00
Emil Tullstedt
25736b6afb
Auth: implement auto_sign_up for auth.jwt (#43502)
Co-authored-by: James Brown <jbrown@easypost.com>
2022-01-13 17:15:22 +01:00
Joan López de la Franca Beltran
532e71554f
Usage Stats: Add metrics to count enabled kms providers per kind (#43640)
* Usage Insights: Add metrics to count enabled kms providers per kind

* Add backwards compatibility
2022-01-07 13:52:28 +01:00
Alex Khomenko
3b4a4be3c6
Feature highlights: add setting toggle (#43394)
* Feature highlights: add toggle setting

* Settings: Use provider for 'feature_highlights' section

* Fix frontendsettings API tests

* Document the toggle

Co-authored-by: Joan López de la Franca Beltran <5459617+joanlopez@users.noreply.github.com>
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
2021-12-24 10:49:52 +02:00
Carl Bergquist
f373588810
setting: configure toggles as true/false instead of array (#43326)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2021-12-20 15:33:11 +01:00
William Assis
eab0ba8716
Analytics: RudderStack custom URLs to fetch SDK and Config (#41988)
* Add config options to provide custom URL to fetch Rudderstack SDK and Config

* Add new entries to defaults.ini

* Update docs
2021-12-06 09:42:29 -05:00
idafurjes
d993b12415
Add interface Tracer, add Opentelemetry (#41963)
* Add interface Tracer, add Opentelemetry

* Fix lint

* Fix failing tests and return error if config not parsed fo opentelemetry

* Update defaults.ini

Add comment with jaeger url

* go mod tidy

* Remove comments that are not needed

* Move OpentracingSpan to tracing.go

* Add opentelemetry to sample.ini
2021-12-01 17:05:08 +01:00
Armand Grillet
6523486122
Alerting: Make Unified Alerting enabled by default for those who do not use legacy alerting (#42200)
* update AlertingEnabled and UnifiedAlertingSettings.Enabled to be pointers
* add a pseudo migration to fix the AlertingEnabled and UnifiedAlertingSettings.Enabled if the latter is not defined
* update the default configuration file to make default value for both 'enabled' flags be undefined

Misc
* update Migrator to expose DB engine. This is needed for a ualert migration to access the database while the list of migrations is created.
* add more verbose failure when migrations do not match

Co-authored-by: gotjosh <josue@grafana.com>
Co-authored-by: Yuriy Tseretyan <yuriy.tseretyan@grafana.com>
Co-authored-by: gillesdemey <gilles.de.mey@gmail.com>
2021-11-24 14:56:07 -05:00
Tania B
3af36b7e23
Encryption: Add settings to ini files (#42057)
* Encryption: Add settings to ini files

* Rename a setting
2021-11-23 20:29:35 +02:00
Levente Balogh
35c2c95fdc
Plugins: remove deprecated code (components) (#41686)
* refactor(plugins): use routes specific to the new plugins/admin

* refactor(plugins): remove unused pages (PluginList, PluginItem)

* refactor(plugins): remove PluginPage

* refactor(plugins): remove UpdatePluginModal

* refactor(plugins): move AppConfigWrapper under plugins/admin

* refactor(plugins): move PluginDashboards under plugins/admin

* refactor(plugins): rename the "specs" folder to "tests"

* refactor(plugins): move test files to /tests folder

* refactor(plugins): move AppRootPage into a /components folder

* refactor(plugins): move PluginsErrorsInfo into a /plugins folder

* refactor(plugins): move PluginSettingsCache into a /components folder

* refactor(plugins): move PluginStateInfo into a /plugins folder

* refactor(plugins): move AppRootPage.test.tsx next to the tested component

* refactor(plugins): remove old snapshot tests

* fix(plugins): fix tests

* refactor(plugins/admin): move & rename PluginSettingsCache

* fix(plugins): fix a few rebase issues

* Plugins: remove deprecated code (state handling) (#41739)

* refactor(plugins): use the plugins/admin reducer only

* refactor(plugins): remove tests for the deprecated plugins reducer

* refactor(plugins): remove tests for the deprecated plugins selectors

* refactor(plugins/state): add a short comment note to selectors

* feat(plugins/state): add a selector for selecting errors

* feat(plugins/state): add a hook for getting plugin errors

* refactor(plugins): udpate the PluginsErrorsInfo component to use the new state selectors

* refactor(plugins/state): remove the old (deprecated) selectors

* refactor(plugins/state): use the new actions under /admin

* refactor(plugins/state): remove old (deprecated) reducers and actions

* refactor(plugins): update component definition

* fix(plugins): remove unnecessary {children} prop for PluginsErrorsInfo

* Plugins: show / hide install controls based on the `pluginAdminEnabled` flag (#41749)

* docs(plugins): update documentation for the `plugin_admin_enabled` flag

* refactor(InstallControls): move the main component to a named module

* feat(plugins): use the `pluginAdminEnable` flag to hide / show install controls in the UI

* test(plugins): add tests for enabling/disabling install controls
2021-11-19 13:42:26 +01:00
Agnès Toulet
e904f423e4
Docs: Add configuration option for the image renderer (#41798)
* Docs: add configuration option for the image renderer

* Apply review feedback
2021-11-18 18:09:08 +01:00
Marcus Efraimsson
b88d21a6cb
PluginsCatalog: Add backend support for hiding plugins in plugins catalog (#41563)
Add backend support for hiding plugins in plugins catalog. 

Ref #41074
2021-11-15 10:53:35 +01:00
Tania B
e81d434edf
Encryption: Extend secrets service to support registering key providers (#40626)
* Draft adding kms providers

* Rename defaultProvider to currentProvider

* Add getting current provider from config

* Remove comments

* Make current provider service struct field

* Add methods to secrets service

* Test getting current provider

* Implements missing methods for fake secrets service

* Remove accidental changes

* Fix linter issue

* Update configuration examples

* Rename CurrentProvider method

* Split service interface

* Update wire

Co-authored-by: spinillos <selenepinillos@gmail.com>
2021-11-04 19:25:01 +02:00
Emil Tullstedt
e73cd2fdeb
OAuth: Support PKCE (#39948) 2021-10-13 16:45:15 +02:00
Levente Balogh
c2754eb9cc
Plugins Catalog: Make the catalog the default way to interact with plugins (#39779)
* chore(Plugins/Admin): make the Plugins Catalog the default way to interact with plugins

* chore(defaults.ini): change the default value for `plugin_admin_enabled`

* test(Plugins): make the tests pass
2021-09-30 08:34:03 +02:00
Sofia Papagiannaki
012d4f0905
Alerting: Remove ngalert feature toggle and introduce two new settings for enabling Grafana 8 alerts and disabling them for specific organisations (#38746)
* Remove `ngalert` feature toggle

* Update frontend

Remove all references of ngalert feature toggle

* Update docs

* Disable unified alerting for specific orgs

* Add backend tests

* Apply suggestions from code review

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* Disabled unified alerting by default

* Ensure backward compatibility with old ngalert feature toggle

* Apply suggestions from code review

Co-authored-by: gotjosh <josue@grafana.com>
2021-09-29 16:16:40 +02:00
Sofia Papagiannaki
eead8cd8e1
Docs: alerting fixes (#39717)
* Docs: alerting fixes
2021-09-28 16:37:07 +03:00
Sofia Papagiannaki
f6f3a54742
Alerting: tune rule evaluation via configuration (#35623)
* Alerting: Configure max evaluation retries

* Alerting: Enforce minimum rule evaluation interval

* Alerting: Disable rule evaluation from configuration

* Update docs

* Alerting: Configure rule evaluation timeout

* Move options on unified_alerting config section

* Apply suggestions from code review

Co-authored-by: gotjosh <josue@grafana.com>
2021-09-28 13:00:16 +03:00
gotjosh
7db97097c9
Alerting: Support Unified Alerting with Grafana HA (#37920)
* Alerting: Support Unified Alerting in Grafana's HA mode.
2021-09-16 15:33:51 +01:00
Erik Sundell
9d3f4f5983
Analytics: Instrument Azure Application Insights (#38553)
* add backend

* read config and pass to backend

* update config docs

* change var name

* use connection string instead of instrumentation key

* add config for endpoint url. update docs

* update default ini

* add spaces

* remove space

* Update docs/sources/administration/configuration.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* Update conf/defaults.ini

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* Update conf/defaults.ini

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
2021-09-15 13:00:38 +02:00
Marcus Efraimsson
1c892a2fc4
Postgres/MySQL/MSSQL: Add setting to limit maximum amount of rows processed (#38986)
Adds a new setting dataproxy.row_limit that allows an operator to limit the 
amount of rows being processed/accepted in response to database queries 
originating from SQL data sources.

Closes #38975
Ref #39095

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
2021-09-13 15:27:51 +02:00
Dimitris Sotirakis
ba9d5540b8
Datasources: Introduce response_limit for datasource responses (#38962)
* Introduce response_limit for datasource responses

* Fix lint

* Fix tests

* Add case where limit <= 0 - added parametrized tests

* Add max_bytes_reader.go

* Use new httpclient.MaxBytesReader instead of net/http one

* Fixes according to reviewer's comments

* Add tests for max_bytes_reader

* Add small piece in configuration.md

* Further fixes according to reviewer's comments

* Fix linting - fix test
2021-09-10 16:51:06 +03:00
Djairho Geuens
0383becc46
OAuth: Make generic teams URL and JMES path configurable (#37233)
OAuth: Make generic teams URL and JMES path configurable
2021-09-07 19:57:20 -05:00
gotjosh
f3f3fcc727
Alerting: Introduces /api/v1/ngalert/alertmanagers to expose discovered and dropped Alertmanager(s) (#37632)
* Alerting: Expose discovered and dropped Alertmanagers

Exposes the API for discovered and dropped Alertmanagers.

* make admin config poll interval configurable

* update after rebase

* wordsmith

* More wordsmithing

* change name of the config

* settings package too
2021-08-13 13:14:36 +01:00
Alexander Emelin
6b2d33dc14
fix sample.ini (#37106) 2021-07-22 16:50:27 +02:00
Ryan McKinley
e604e69d93
Geomap: default basemap config cleanup (#37069) 2021-07-21 13:48:20 -07:00
Eunice Kim
3b0d7fc00b
Geomap: Base layer server configuration (#37041) 2021-07-21 17:54:05 +02:00
Djairho Geuens
4cadbba686
Email: Allow configuration of content types for email notifications (#34530)
* Alerting: Allow configuration of content types for email notifications

* Fix lint error

* Improves email templates

* Improve configuration documentation

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

* Improve code comments

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

* Improve configuration documentation

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

* Improve email template

* Remove unnecessary predeclaration

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Adds handling for unrecognized content type

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Move utility function outside of util package

* Fixes syntax

* Remove unused package

* Fix lint error

* improve email templates

* Fix test

* Alerting: Allow configuration of content types for email notifications

* Fix lint error

* Improves email templates

* Improve configuration documentation

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

* Improve code comments

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

* Improve configuration documentation

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

* Improve email template

* Remove unnecessary predeclaration

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Adds handling for unrecognized content type

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Move utility function outside of util package

* Fixes syntax

* Remove unused package

* Fix lint error

* improve email templates

* Fix test

* Fix comment style

Co-authored-by: Ganesh Vernekar <15064823+codesome@users.noreply.github.com>

* Fix template formatting

* Add test and improve error handling

* Fix test

* Fix formatting

* Fix formatting

* Improve documentation and regenerates txt template

* Update docs/sources/administration/configuration.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

Co-authored-by: Djairho Geuens <djairho.geuens@ae.be>
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Ganesh Vernekar <15064823+codesome@users.noreply.github.com>
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
2021-07-19 13:31:51 +03:00
Dominik Prokop
663a8935f7
User analytics: Add Rudderstack integration (#36567)
* Replace analytics service with Echo backend

* Add Rudderstack integration and general pageview and interaction Echo events

* Update conf/defaults.ini

Co-authored-by: Dan Cech <dcech@grafana.com>

* Update packages/grafana-runtime/src/types/analytics.ts

Co-authored-by: Dan Cech <dcech@grafana.com>

* Update conf/defaults.ini

Co-authored-by: Dan Cech <dcech@grafana.com>

* Update tests

* Force cla check

Co-authored-by: Dan Cech <dcech@grafana.com>
2021-07-09 11:45:25 +02:00
Dimitris Sotirakis
069fb0cf38
HTTP Client: Introduce dataproxy_max_idle_connections config variable (#35864)
* Introduce dataproxy_max_idle_connections config var

* Fix according to reviewer's comments

* Fix according to reviewer's comments - round 2

* Remove unused const

* Bring back MaxIdleConnsPerHost

* Fixes according to reviewer's comments
2021-07-07 13:13:53 +03:00
Alexander Emelin
354789edc9
update option description to only commit to wildcard symbol for now (#36341)
(cherry picked from commit 012ee1fc28)
2021-07-03 00:46:48 +03:00
Ward Bekker
b255f3db3f
Team Sync: Add group mapping to support team sync in the Generic OAuth provider (#36307)
Added group mapping to support team sync in the Generic OAuth provider.

Co-authored-by: Leonard Gram <leo@xlson.com>
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
Co-authored-by: Dan Cech <dan@aussiedan.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2021-07-01 22:40:46 +02:00
Alexander Emelin
483418dbb0
live: add allowed_origins option (#36318) 2021-07-01 09:30:09 +03:00
Alexander Emelin
98893c0420
Live: experimental HA with Redis (#34851) 2021-06-24 11:07:09 +03:00
Will Browne
89d8dedece
Plugins: Improve wording around allow_loading_unsigned_plugins configuration (#35731)
* improve wording

* Update docs/sources/administration/configuration.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* Update docs/sources/administration/configuration.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* Update conf/sample.ini

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* Update conf/defaults.ini

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
2021-06-15 18:53:11 +02:00
Javier Palomo
6531424c72
Datasource: Add support for max_conns_per_host in dataproxy settings (#35520)
Allow configuring dataproxy.max_conns_per_host for HTTP data sources.

Ref #35519
Ref #35257
2021-06-11 14:18:08 +02:00
Gabriel MABILLE
134dba5101
Provisioning: Update accesscontrol sample file 2021-06-02 17:22:34 +02:00
kay delaney
8143991b94
Security: Update default CSP template and fix firefox CSP issues (#34836)
* Security: Update default content_security_policy_template
- Add 'strict-dynamic' back to script-src
- Add ws(s)://$ROOT_PATH to connect-src
- Change onEvent to on-event in angular templates to fix CSP issues in firefox.
- Add blob: to style-src
2021-05-28 17:01:10 +02:00
Alexander Emelin
6d750c000e
Live: max_connections option with strict default (#34634)
this should help Live to be enabled by default but still
do not affect setups with lots of simultenious users. To
properly handle many WS connections Grafana administrators
should tune infrastructure a bit - for example increase a
number of open files for a process. Will be in more details
in documentation.
2021-05-27 22:03:18 +03:00
Will Browne
c7b58fe186
Plugins: Enable catalog management link to gcom (#34673)
* click out to gcom when config enabled

* set to false

* fix styling for uninstall

* remove advertising config + simplify callout URL

* add entry to configuration.md

* update config name

* update lingo
2021-05-27 12:45:06 +02:00
Dimitris Sotirakis
91657dad18
HTTP Client: Make ResponseHeaderTimeout default timeout in http client (#34597)
* HTTP Client: Add `ResponseHeaderTimeout` - split from `DialContext` timeout

* Fixes according to reviewer's comments

* Use grafana-plugin-sdk-go v0.100.0
2021-05-25 11:32:41 +03:00
Ryan McKinley
a91edd7267
Plugin Admin App: make the catalog look like internal component (#34341)
* Allow Route component usage in app plugins

* i tried

* fix catalog app

* fix catalog app

* fix catalog app

* cleanup imports

* plugin catalog enabled to plugin admin

* rename plugin catalog to plugin admin

* expose catalog url

* update text

* import from react-router-dom

* fix imports -- add logging

* merge changes

* avoid onNavUpdate

* Fixed onNavChange issues

* fix library imports

* more links

Co-authored-by: Dominik Prokop <dominik.prokop@grafana.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
2021-05-20 10:42:26 +02:00
Gabriel MABILLE
d56a653e73
AccessControl: Add provisioning folder to the packaging process (#34398)
* AccessControl: Add provisioning folder to the packaging process
2021-05-20 09:41:39 +02:00
Marcus Efraimsson
348e76fc8e
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439)
Uses new httpclient package from grafana-plugin-sdk-go introduced 
via grafana/grafana-plugin-sdk-go#328. 
Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined 
on DataSource model.
Longer-term the goal is to migrate core HTTP backend data sources to use the 
SDK contracts and using httpclient.Provider for creating HTTP clients and such.

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 23:53:41 +02:00
Arve Knudsen
aed1c013c0
CSP: Relax default template wrt. loading of scripts, due to nonces not working (#34363)
* CSP: Relax default template, due to nonces not working

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* CSP: Add back data: to img-src

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 11:37:14 +02:00
Arve Knudsen
d1a9044171
CSP: Allow all image sources by default (#34265)
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-18 13:41:55 +02:00
Ryan McKinley
edcefe1c8e
Chore: Rename "marketplace" app to "catalog" (#34149) 2021-05-17 08:27:56 -07:00
Will Browne
c39d6ad97d
Plugins: Enable plugin runtime install/uninstall capabilities (#33836)
* add uninstall flow

* add install flow

* small cleanup

* smaller-footprint solution

* cleanup + make bp start auto

* fix interface contract

* improve naming

* accept version arg

* ensure use of shared logger

* make installer a field

* add plugin decommissioning

* add basic error checking

* fix api docs

* making initialization idempotent

* add mutex

* fix comment

* fix test

* add test for decommission

* improve existing test

* add more test coverage

* more tests

* change test func to use read lock

* refactoring + adding test asserts

* improve purging old install flow

* improve dupe checking

* change log name

* skip over dupe scanned

* make test assertion more flexible

* remove trailing line

* fix pointer receiver name

* update comment

* add context to API

* add config flag

* add base http api test + fix update functionality

* simplify existing check

* clean up test

* refactor tests based on feedback

* add single quotes to errs

* use gcmp in tests + fix logo issue

* make plugin list testing more flexible

* address feedback

* fix API test

* fix linter

* undo preallocate

* Update docs/sources/administration/configuration.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* Update docs/sources/administration/configuration.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* Update docs/sources/administration/configuration.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* fix linting issue in test

* add docs placeholder

* update install notes

* Update docs/sources/plugins/marketplace.md

Co-authored-by: Marcus Olsson <marcus.olsson@hey.com>

* update access wording

* add more placeholder docs

* add link to more info

* PR feedback - improved errors, refactor, lock fix

* improve err details

* propagate plugin version errors

* don't autostart renderer

* add H1

* fix imports

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
Co-authored-by: Marcus Olsson <marcus.olsson@hey.com>
2021-05-12 20:05:16 +02:00
Sergey Kostrukov
81ad9769fa
AzureMonitor: Azure settings in Grafana server config (#33728)
* Azure cloud settings

* Fix typos

* Grouped Azure settings

* Doc fixes

* Some settings are not needed

* Updated cloud name aliases
2021-05-12 16:23:37 +02:00
jvoeller
0d044285a9
OAuth: Add support for empty scopes (#32129)
* add parameter empty_scopes to override scope parameter with empty value and thus be able to authenticate against IdPs without scopes. Issue #27503

Update docs/sources/auth/generic-oauth.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* updated check according to feedback

* Update generic-oauth.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
2021-05-10 13:07:30 -04:00
Serge Zaitsev
7367cfc0a3
Add isolation level db configuration parameter (#33830)
* add isolation level db configuration parameter

* add isolation_level to default.ini and sample.ini

* add note that only mysql supports isolation levels for now

* mention isolation_level in the documentation

* Update docs/sources/administration/configuration.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
2021-05-10 17:54:13 +02:00
Sofia Papagiannaki
540f110220
[Alerting]: Extend quota service to optionally set limits on alerts (#33283)
* Quota: Extend service to set limit on alerts

* Add test for applying quota to alert rules

* Apply suggestions from code review

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

* Get used alert quota only if naglert is enabled

* Set alert limit to zero if nglalert is not enabled
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
2021-05-04 19:16:28 +03:00
Arve Knudsen
7f53dfad88
CSP: Set nonce attribute on Webpack injected bundles (#33298)
* CSP: Set __webpack_nonce__

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-04-26 11:38:24 +02:00
Kristian Klausen
4fc0d42470
OAuth: Add optional strict parsing of role_attribute_path (#28021)
* OAuth: Add strict role mapping

By default the user is assigned the role Viewer if role_attribute_path
doesn't return a role, which is not always desirable. This commit adds a
strict mode, which deny the user access if a role isn't returned.

Fix #26626

* Update docs/sources/auth/generic-oauth.md

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

* Update docs/sources/auth/generic-oauth.md

* Update .gitignore file with WAN

* Removed WAN from .gitignore

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
Co-authored-by: achatterjee-grafana <aparajita.chatterjee@grafana.com>
2021-04-14 15:14:27 -04:00
Jack Westbrook
bd74953f0d
Plugins: Allow a non-dashboard page to be the default home page (#32926)
* feat: introduce home page redirect if default dashboard

* style: clean up

* Apply suggestions from code review

Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com>

* chore(dashboard): remove obsolete setting import

* docs(config): add home_page description

Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com>
2021-04-13 15:27:51 +02:00
Vladimir Kochnev
39a3b0d0b0
Auth: support JWT Authentication (#29995) 2021-03-31 08:40:44 -07:00
Carl Bergquist
862cd473eb
HttpServer: Make read timeout configurable but disabled by default (#31575)
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
2021-03-19 11:21:52 +01:00
Erik Sundell
d512c5a1b4
Cloudwatch: ListMetrics API page limit (#31788)
* add list metrics api page limit

* Update docs/sources/datasources/cloudwatch.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
2021-03-10 07:41:22 +01:00
Erik Sundell
2d660ee502
CloudWatch: Restrict auth provider and assume role usage according to Grafana configuration (#31805)
* restrict usage of providers and assume role according to grafana config

* update docs

* Update docs/sources/datasources/cloudwatch.md

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/tsdb/cloudwatch/cloudwatch.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/tsdb/cloudwatch/session_test.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* pr feedback

* fix failing test

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-03-09 21:20:59 +01:00
Carl Bergquist
3b36636318
Annotations: Make the annotation clean up batch size configurable (#31487)
Signed-off-by: bergquist <carl.bergquist@gmail.com>

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
2021-03-08 14:16:07 +01:00
Erik Sundell
1b149523ed
AWS: Add aws plugin configuration (#31312)
* add new conf and make sure its passed to frontend

* change auth provider name

* goimports

* fixed after feedback

* more updates after feedback

* Update docs/sources/administration/configuration.md

Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>

* Update docs/sources/administration/configuration.md

Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>

* Update docs/sources/administration/configuration.md

Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>

* Update docs/sources/administration/configuration.md

Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>

* Update docs/sources/administration/configuration.md

Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>

* Update conf/sample.ini

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update docs/sources/administration/configuration.md

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/setting/setting.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* updates after pr feedback

* Update conf/defaults.ini

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update conf/defaults.ini

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update conf/sample.ini

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-02-24 18:08:13 +01:00
Carl Bergquist
d1b9fddb4f
Usage stats: Adds source/distributor setting (#31039)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2021-02-10 10:07:32 +01:00
Torkel Ödegaard
c04bc805b5
CDN: Adds support for serving assets over a CDN (#30691)
* CDN: Initial poc support for serving assets over a CDN

* Minor fix

* added build path and test

* fix lint error

* Added edition to cdn path

* Move master builds to a separate path

* Added error handling for the url parsing, changed setting name, and added docs

* Updated sample.ini

* Some property renames

* updated

* Minor update to html

* index template improvements

* Update docs/sources/administration/configuration.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* Update docs/sources/administration/configuration.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* Added ContentDeliveryPrefix to Licence service

* updated docs

* Updated test mock

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
2021-02-01 10:13:09 +01:00
Sofia Papagiannaki
94a29759ab
Docs: Fix expressions enabled description (#30589) 2021-01-26 18:49:58 +02:00
Sofia Papagiannaki
9ada4b6052
Expressions: Add option to disable feature (#30541)
* Expressions: Add option to disable feature

* Apply suggestions from code review

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
2021-01-22 19:27:33 +02:00
Arve Knudsen
50b649a869
Middleware: Add CSP support (#29740)
* Middleware: Add support for CSP

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

Co-authored by @iOrcohen
2021-01-12 07:42:32 +01:00
Peter Toft
de563bfaa4
Fix two ini-file typos regarding LDAP (#29843) 2020-12-30 11:09:17 +01:00
ying-jeanne
375e8e4fd0
SQLStore: customise the limit of retrieved datasources per organisation (#29358)
* SQLStore: customise the limit of retrieved datasources per organisation

* update all suggestions regarding nil or 0 as default

* Apply suggestions from code review

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

* correct default.ini description + adding unittest

* Apply suggestions from code review

Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>

* modify unittest name

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
2020-12-28 12:24:42 +01:00
Emil Tullstedt
3ea1fd035f
LDAP: Update use_ssl documentation (#29964) 2020-12-23 09:14:02 +01:00
Domas
7d9a528184
Logging: rate limit fronted logging endpoint (#29272)
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
2020-12-09 16:22:24 +01:00
Agnès Toulet
22788d1d86
Add an option to hide certain users in the UI (#28942)
* Add an option to hide certain users in the UI

* revert changes for admin users routes

* fix sqlstore function name

* Improve slice management

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

* Hidden users: convert slice to map

* filter with user logins instead of IDs

* put HiddenUsers in Cfg struct

* hide hidden users from dashboards/folders permissions list

* Update conf/defaults.ini

Co-authored-by: Torkel Ödegaard <torkel@grafana.com>

* fix params order

* fix tests

* fix dashboard/folder update with hidden user

* add team tests

* add dashboard and folder permissions tests

* fixes after merge

* fix tests

* API: add test for org users endpoints

* update hidden users management for dashboard / folder permissions

* improve dashboard / folder permissions tests

* fixes after merge

* Guardian: add hidden acl tests

* API: add team members tests

* fix team sql syntax for postgres

* api tests update

* fix linter error

* fix tests errors after merge

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
Co-authored-by: Leonard Gram <leo@xlson.com>
2020-11-24 12:10:32 +01:00
Domas
76df096791
Logging: Log frontend errors (#28073)
* basic frontend  Sentry integration

* backend endpoint to capture sentry events

* WIP!

* log user email for frontend logs

* remove debug logging

* lint fixes

* Fix type exports & property names

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* additional struct naming fix

* rename log endpoint, config section & interface

* add sentry sample rate to config

* refac to use EchoSrv

* log user id

* backend tests

* tests for SentryEchoBackend

* sentry echo backend tests

* CustomEndpointTransport tests

* Update pkg/api/frontend_logging_test.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update conf/defaults.ini

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/api/frontend_logging_test.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* don't export unnecesasrily

* update go.sum

* get rid of Convey in tests, use stdlib

* add sentry config to sample.ini

* cleanup to set orig logging handler in test

* Apply suggestions from code review

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* PR feedback changes

* lock sentry version

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-12 12:29:43 +01:00
Carl Bergquist
e3c7d66324
Tracing: Add setting for sampling server (#29011)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2020-11-11 10:21:52 +01:00
Alex Khomenko
9b90ff2961
Disable selecting enterprise plugins with no license (#28758)
* Add unlicensed property to plugins

* Disable selecting unlicensed plugin

* Add customizable plugin market place url

* License: workaround enabled only in enterprise

* linter

* Move licensing info to front end

* Update pkg/services/licensing/oss.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/services/licensing/oss.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/setting/setting.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/setting/setting.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/api/frontendsettings.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update sample.ini

* Update docs

* Update packages/grafana-runtime/src/config.ts

Co-authored-by: Torkel Ödegaard <torkel@grafana.org>

* Update public/app/features/datasources/state/buildCategories.ts

Co-authored-by: Torkel Ödegaard <torkel@grafana.org>

* Update pkg/api/frontendsettings.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/setting/setting.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix spelling

Co-authored-by: Leonard Gram <leo@xlson.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.org>
2020-11-05 12:55:40 +02:00
Alexander Zobnin
8032b43838
OAuth: configurable user name attribute (#28286)
* OAuth: more user-frienly logging

* OAuth: custom user name attribute

* OAuth: remove deprecated nameAttributeName option

* OAuth: nameAttributePath tests

* OAuth: add name_attribute_path config option

* OAuth: docs for name_attribute_path option

* move docs to the separate branch
2020-10-20 09:56:48 +03:00
Carl Bergquist
89ebb97fca
Instrumentation: Adds environment_info metric (#28355)
Signed-off-by: bergquist <carl.bergquist@gmail.com>

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-10-19 16:58:16 +02:00
Will Browne
a189cd1832
Users: Expire old user invites (#27361)
* expire with existng cleanup service

* expire with new temp user service

* make Drone happy :)

* add expiry status

* remove other approach

* cleanup

* add test for idempotency

* add migration from datetime to unix ts

* update cmd names

* change lifetime config to duration

* remove unnecessart formatting

* add comment

* update docs

* remove max bound and introduce min error

* simplify sql

* remove comment

* allow any outstanding to exist for at least 24 hours

* revert created ts change

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>

* add extra state check to cleanup step

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2020-10-13 12:30:09 +02:00
Kyle Hinton
92c2a6c239
Fix: Add additional settings for dataproxy to help with network proxy timeouts (#27841)
* adding additional settings for datasource cache transport

* added documentation for the new changes

* fixing small typo in defaults.ini comment

* fixing small typo in configuration.md comment

* Update conf/defaults.ini keepalive comment per review

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

* Update conf/defaults.ini idle conn comment per review

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

* Update conf/defaults.ini anon user comment per review

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

* Update docs/sources/administration/configuration.md idle conn comment per review

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

* adding suggestions from papagian

* fixing configuration.md

* fixing configuration.md typo

* Apply suggestions from code review aknuds1

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* updating sample.ini

* Apply suggestions for docs from code review papagian

Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>

* Update docs/sources/administration/configuration.md fix typo

Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
2020-10-12 11:36:47 +03:00
Will Browne
7d63b2c473
Auth: Add Sigv4 auth option to datasources (#27552)
* create transport chain

* add frontend

* remove log

* inline field updates

* allow ARN, Credentials + Keys auth in frontend

* configure credentials

* add tests and refactor

* update frontend json field names

* fix tests

* fix comment

* add app config flag

* refactor tests

* add return field for tests

* add flag for UI display

* update comment

* move logic

* fix config

* pass config through props

* update docs

* pr feedback and add docs coverage

* shorten settings filename

* fix imports

* revert docs changes

* remove log line

* wrap up next as round tripper

* only propagate required config

* remove unused import

* remove ARN option and replace with default chain

* make ARN role assume as supplemental

* update docs

* refactor flow

* sign body when necessary

* remove unnecessary wrapper

* remove newline

* Apply suggestions from code review

* PR fixes

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-10-08 10:03:20 +02:00
Wouter Smeenk
39eba5065b
Dashboard: Support configuring default timezone via config file (#27404)
Add a default timezone that the administrator can set in the settings. 
This setting is be used as default for the users timezone preference.
Can be used when creating Grafana instances without administrator 
intervention, in order to give user the correct default timezone.

Fixes #25654
2020-09-15 15:20:53 +02:00
Hansuuuuuuuuuu
8d971ab2f2
Auth: Replace maximum inactive/lifetime settings of days to duration (#27150)
Allows login_maximum_inactive_lifetime_duration and 
login_maximum_lifetime_duration to be configured using 
time.Duration-compatible values while retaining backward compatibility.

Fixes #17554

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2020-09-14 15:57:38 +02:00
Marcos Mendez
4e94c0959a
Image Store: Add support for using signed URLs when uploading images to GCS (#26840)
Enables creating signed URLs when uploading images to Google Cloud Storage. 
By using signed urls, not only is the public URL expiration configurable but the 
images in the bucket are not publicly accessible.

Fixes #26773

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
2020-09-07 19:10:14 +02:00
Torkel Ödegaard
61bd33c241
System: Date formating options (#27216)
* Add support for local time formats in graph panel

* Enfore 24h format for backward compatibility

* Use existing Intl.DateTimeFormatOptions

* Pre-generate time scale, add tests

* Move localTimeFormat, add local format to units

* updated default fallback

* #25602, use navigator.languages to enforce locale in formatting

* Making options

* Worked new system settings

* things are working

* Local browser time formats working

* Support parsing dates in different formats

* settings updated

* Settings starting to work

* Fixed graph issue

* Logs fix

* refactored settings a bit

* Updated and name change

* Progress

* Changed config names

* Updated

* Updated

* Updated test

* Synced description

* fixed ts issue

* Added version notice

* Ts fix

* Updated heatmap and test

* Updated snapshot

* Updated

* fixed ts issue

* Fixes

Co-authored-by: Alex Shpak <alex-shpak@users.noreply.github.com>
2020-09-07 16:19:33 +02:00
Carl Bergquist
20747015f6
Annotation: Add clean up job for old annotations (#26156)
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-09-02 08:07:31 +02:00
Carl Bergquist
8faaa1a520
OAuth: Increase state cookie max age (#27258)
60s can be too short if the oauth provider is slow
for some reason and its defintly too slow if the
OAuth provider requires 2FA.

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
2020-09-01 10:57:43 +02:00
Alexander Zobnin
df11cdad62
Generic OAuth: customize login and id_token attributes (#26577)
* OAuth: add login_attribute_path to generic oauth

* OAuth: remove default client_secret values (able to use empty client_secret)

* OAuth: allow to customize id_token attribute name

* Docs: describe how login_attribute_path and id_token_attribute_name params work

* Docs: review fixes

* Docs: review fixes

* Chore: fix go linter error

* Tests: fix test code style
2020-08-03 17:33:27 +03:00
Josh Soref
7d08a8497a
Chore: fix spelling of GitHub (#26182)
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
2020-07-22 08:12:50 -07:00
Marcus Efraimsson
460b01f1fe
Datasource: Make sure data proxy timeout applies to HTTP client (#25865)
For backend data sources executing in the backend (not through data proxy) make 
sure that the timeout applies to cached HTTP client.

Fixes #25863

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
2020-06-29 11:22:49 +02:00
Carl Bergquist
383aa21ab6
docs: removes invalid comment (#25883) 2020-06-29 09:26:08 +02:00
Carl Bergquist
703f728c0c
Dashboards: Make path to default dashboard configurable (#25595)
Closes #25463

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
2020-06-22 18:00:39 +02:00
Marcus Efraimsson
cc95754e0d
Provisioning: Adds support for enabling app plugins (#25649)
Adds support for enabling app plugins using provisioning. 

Ref #11409

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
2020-06-22 17:49:13 +02:00
Emil Tullstedt
80e9546cec
Settings: Add setting for hiding version number for anonymous users (#24919)
* Settings: Add setting for hiding version number for anonymous users

Fixes #12925

* Hide version string from footer when unavailable

* Settings: Test frontend settings with hide version for anonymous users

* Settings: Add hide version variable to frontend settings

* Make AnonymousHideVersion non-global

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Settings: Improve test neighbor friendliness, reset state before and after

* Settings: Use T.Cleanup

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-06-17 07:39:50 +02:00
Josh Soref
ed92b41d47
Chore: spelling - misc (#24438)
* Chore: spelling - misc

* fix master merge
2020-06-04 06:51:30 +02:00
Carl Bergquist
328ea80cca
switches default value for security settings (#25175)
closes #25163
2020-05-28 10:38:22 +02:00
thameezb
16297da298
Email Notifications: Add StartTLSPolicy config flag (#24574) 2020-05-13 16:33:40 +02:00
Arve Knudsen
96ffcaa134
Plugins: Require signing of external back-end plugins (#24075)
* PluginManager: Require signing of external plugins

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
2020-05-04 10:57:55 +02:00
Marcus Efraimsson
76650e60e4
Image Rendering: New setting to control render request concurrency (#23950)
Fixes #23806

Co-Authored-By: Torkel Ödegaard <torkel@grafana.com>
Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
2020-04-27 17:25:08 +02:00
Marcus Efraimsson
854085dbc6
Dashboard: Enforce min dashboard refresh interval to 5 seconds per default (#23929)
Fixes #22493
2020-04-27 16:51:54 +02:00
Marcus Efraimsson
871ad73414
Backend plugins: Renderer v2 plugin (#23625)
grafana-plugin-model is legacy and is replaced by new backend 
plugins SDK and architecture. Renderer is not part of SDK and 
we want to keep it that way for now since it's highly unlikely there 
will be more than one kind of renderer plugin.
So this PR adds support for renderer plugin v2.
Also adds support sending a Device Scale Factor parameter to the 
plugin v2 remote rendering service and by that replaces #22474.
Adds support sending a Headers parameter to the plugin v2 and
remote rendering service which for now only include 
Accect-Language header (the user locale in browser when using 
Grafana), ref grafana/grafana-image-renderer#45.
Fixes health check json details response.
Adds image renderer plugin configuration settings in defaults.ini 
and sample.ini.

Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
2020-04-21 16:16:41 +02:00
Andrej Ocenas
97bb3dcf2d
Remove file (#23741) 2020-04-21 15:52:08 +02:00
Alexander Zobnin
f023e7a399
SAML Role and Team sync (open source part) (#23391)
* SAML: add default params for role and team sync

* SAML: add org_mapping option

* SAML: support allowed_organizations option

* Chore: expose RedirectWithError from HTTPServer

* Chore: return RedirectResponse (fix superfluous response.writeheader message)

* HTTPServer: expose ValidateRedirectTo() and CookieOptionsFromCfg()

* Config: move SAML section to the enterprise
2020-04-17 10:48:37 +03:00
Andrej Ocenas
1864807b15
Tracing: Performance optimization (#23474)
* Add integration with Jeager
Add Jaeger datasource and modify derived fields in loki to allow for opening a trace in Jager in separate split.
Modifies build so that this branch docker images are pushed to docker hub
Add a traceui dir with docker-compose and provision files for demoing.:wq

* Enable docker logger plugin to send logs to loki

* Add placeholder zipkin datasource

* Fixed rebase issues, added enhanceDataFrame to non-legacy code path

* Trace selector for jaeger query field

* Fix logs default mode for Loki

* Fix loading jaeger query field services on split

* Updated grafana image in traceui/compose file

* Fix prettier error

* Hide behind feature flag, clean up unused code.

* Fix tests

* Fix tests

* Cleanup code and review feedback

* Remove traceui directory

* Remove circle build changes

* Fix feature toggles object

* Fix merge issues

* Add trace ui in Explore

* WIP

* WIP

* WIP

* Make jaeger datasource return trace data instead of link

* Allow js in jest tests

* Return data from Jaeger datasource

* Take yarn.lock from master

* Fix missing component

* Update yarn lock

* Fix some ts and lint errors

* Fix merge

* Fix type errors

* Make tests pass again

* Add tests

* Fix es5 compatibility

* Add header with minimap

* Fix sizing issue due to column resizer handle

* Fix issues with sizing, search functionality, duplicate react, tests

* Refactor TraceView component, fix tests

* Fix type errors

* Add dark theme styling

* Add tests for hooks

* More color changes

* Fix tests to deal with additional theme wrappers.

* Add memoization

* Fix duplicate identifier

Co-authored-by: David Kaltschmidt <david.kaltschmidt@gmail.com>
2020-04-15 16:04:01 +02:00
Andrej Ocenas
008bee8f27
Tracing: Adds header and minimap (#23315)
* Add integration with Jeager
Add Jaeger datasource and modify derived fields in loki to allow for opening a trace in Jager in separate split.
Modifies build so that this branch docker images are pushed to docker hub
Add a traceui dir with docker-compose and provision files for demoing.:wq

* Enable docker logger plugin to send logs to loki

* Add placeholder zipkin datasource

* Fixed rebase issues, added enhanceDataFrame to non-legacy code path

* Trace selector for jaeger query field

* Fix logs default mode for Loki

* Fix loading jaeger query field services on split

* Updated grafana image in traceui/compose file

* Fix prettier error

* Hide behind feature flag, clean up unused code.

* Fix tests

* Fix tests

* Cleanup code and review feedback

* Remove traceui directory

* Remove circle build changes

* Fix feature toggles object

* Fix merge issues

* Add trace ui in Explore

* WIP

* WIP

* WIP

* Make jaeger datasource return trace data instead of link

* Allow js in jest tests

* Return data from Jaeger datasource

* Take yarn.lock from master

* Fix missing component

* Update yarn lock

* Fix some ts and lint errors

* Fix merge

* Fix type errors

* Make tests pass again

* Add tests

* Fix es5 compatibility

* Add header with minimap

* Fix sizing issue due to column resizer handle

* Fix issues with sizing, search functionality, duplicate react, tests

* Refactor TraceView component, fix tests

* Fix type errors

* Add tests for hooks

Co-authored-by: David Kaltschmidt <david.kaltschmidt@gmail.com>
2020-04-08 17:16:22 +02:00
Alexander Zobnin
7afdfd2ef4
Okta OAuth provider (team sync support) (#22972)
* Okta OAuth support

* Chore: fix linter error

* Chore: move IsEmailAllowed to SocialBase

* Chore: move IsSignupAllowed to SocialBase

* Chore: review fixes

* Okta: support allowed_groups

* Okta: default config

* Chore: move extractEmail() to OktaClaims struct

* Chore: review fixes

* generic_oauth_test: Handle error cases

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* generic_oauth_test: Handle error cases

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Docs: Okta OAuth

* Chore: don't return expected errors from searchJSONForAttr

* Docs: role mapping

* Chore: review fixes (searchJSONForAttr)

* Docs: review fixes

* Update docs/sources/auth/okta.md

Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>

* Update docs/sources/auth/okta.md

Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>

* Chore: log error if searchJSONForAttr failed

* Docs: add Okta login link

* Docs: review fixes

* Docs: add reference to the org roles

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-04-02 17:35:48 +03:00
rtrompier
474dac1501
OAuth : Introduce new setting for configuring max age of OAuth state cookie (#23195)
* Cookie : Increase duration to avoid error

When using oauth2 authentication with multifactor, the 60s delay may be too short

* Introduce new setting for OAuth state cookie max age

Co-authored-by: Sofia Papagiannaki <sofia@grafana.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-03-30 17:44:58 +03:00
lfroment
72628c8ea0
Dashboard: Adds support for a global minimum dashboard refresh interval (#19416)
This feature would provide a way for administrators to limit the minimum 
dashboard refresh interval globally.
Filters out the refresh intervals available in the time picker that are lower 
than the set minimum refresh interval in the configuration .ini file
Adds the minimum refresh interval as available in the time picker.
If the user tries to enter a refresh interval that is lower than the minimum 
in the URL, defaults to the minimum interval.
When trying to update the JSON via the API, rejects the update if the 
dashboard's refresh interval is lower than the minimum.
When trying to update a dashboard via provisioning having a lower 
refresh interval than the minimum, defaults to the minimum interval 
and logs a warning. 

Fixes #3356

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2020-02-28 14:32:01 +01:00
Alexander Zobnin
f2fc7aa3aa
Azure OAuth: enable teamsync (#22160)
* Azure OAuth: extract groups from token for teamsync

* Docs: changed some headers

* Azure OAuth: fix tests

* Azure OAuth: fix linter error (simplify)

* Azure OAuth: add allowed_groups option

* Azure OAuth: docs for team sync and allowed_groups

* Azure OAuth: tests for allowed_groups

* Update docs/sources/auth/azuread.md

Co-Authored-By: Leonard Gram <leo@xlson.com>

Co-authored-by: Leonard Gram <leo@xlson.com>
2020-02-14 14:03:00 +03:00
twendt
ff6a082e23
Auth: Azure AD OAuth (#20030)
* Implement Azure AD oauth

* Use go-jose and cleanup

* Update go-jose in go.mod

* cleanup

* Add unit tests

* Fix scopes

* Add documentation page

* Improve documentation

* Convert extract_role into function.

* Do not use upn and replace unique_name with preferred_username

* Configure login button

* Use official microsoft icon and color from branding guideline.

* Add Azure AD config section in sample.ini.
2020-02-13 12:12:25 +03:00
Marcus Efraimsson
a1579283a6
Add disabled option for cookie samesite attribute (#21472)
Breaking change: If disabled the cookie samesite cookie attribute
will not be set, but if none the attribute will be set and is a
breaking change compared to before where none did not render the
attribute. This was due to a known issue in Safari.

Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

Fixes #19847
2020-01-14 17:41:54 +01:00
Sofia Papagiannaki
d135f1229d
Alerting: new min_interval_seconds options to enforce a minimum eval frequency (#21188)
* add min_interval_seconds setting to alerting config

It will let operator enforce a minimum time for the scheduler to enqueue evaluations

* Introduce UI modifications

* Update docs

Co-authored-by: Martin <uepoch@users.noreply.github.com>
2020-01-14 11:13:34 +02:00
Paul Emmerich
42032f6c03 ImgUploader: add support for non-amazon S3 (#20354)
* imguploader: add support for non-Amazon S3 endpoints and forcing of path-style S3 addressing

fixes #11240

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-01-02 15:10:20 +01:00
Alexander Morozov
06bf7e8ef1 OAuth: Removes send_client_credentials_via_post setting (#20044)
Removes send_client_credentials_via_post oauth setting and 
use auto-detect mechanism instead.
By these changes also fixes statichcheck errors

Ref #8968
2019-12-12 20:00:56 +01:00
Sofia Papagiannaki
21fed8c5f1
OAuth: Add missing setting from defaults.ini (#20691) 2019-11-27 11:08:08 +02:00
Marcus Efraimsson
4a2104a1de
Chore: Sync defaults.ini with sample.ini (#20645)
Make sure that configuration sections/keys from defaults.ini 
is mirrored in the sample.ini.

Fixes #20622
2019-11-26 17:14:26 +01:00
Thomas Casteleyn
9fa18a2df5 Configuration: Update root_url to reflect the default value (#20278) 2019-11-11 10:05:32 +01:00
Shavonn Brown
3e5abe7c21 Admin: Adds setting to disable creating initial admin user (#19505)
Adds a new setting disable_admin_user and when true the default 
admin user will not be created when Grafana starts for the first 
time (or no users exists in the system).

Closes #19038
2019-11-08 11:11:03 +01:00
Jon Gyllenswärd
3111c3620b AuthProxy: additions to ttl config change (#20249)
* fixes according to feedback

* additions to config and docs
2019-11-08 10:51:15 +01:00
Torkel Ödegaard
be2bf1a297
AuthProxy: Can now login with auth proxy and get a login token (#20175)
* AuthProxy: Can now login with auth proxy and get a login token

* added unit tests

* renamed setting and updated docs

* AuthProxy: minor tweak

* Fixed tests and namings

* spellfix

* fix

* remove unused setting, probably from merge conflict

* fix
2019-11-07 17:48:56 +01:00
Jon Gyllenswärd
53f8088316
Auth Proxy: replace ini setting ldap_sync_ttl with sync_ttl (#20191)
* Renamed ttl config in code to be more consistent with behaviour
* Introduced new setting `sync_ttl` in .ini file
* Keeping the old setting `ldap_sync_ttl` in the .ini file as fallback and compatibility.
2019-11-07 11:24:54 +01:00
Martin Reinhardt
7a3d1c0e4b OAuth: Generic OAuth role mapping support (#17149)
Adds support for Generic OAuth role mapping. A new 
configuration setting for generic oauth is added named 
role_attribute_path which accepts a JMESPath expression.
Only Grafana roles named Viewer, Editor or Admin are
accepted.

Closes #9766
2019-11-05 21:56:42 +01:00
Scott Brenner
aa87f62c3a Quick typo fix (#19759) 2019-10-11 14:57:29 +01:00
Marcus Efraimsson
75bf31b5c7
docs: image rendering (#19183)
Adds a new "Image Rendering" page in Administration section.
Updates configuration page with rendering settings and also 
default.ini and sample.ini.
Updates and cleanup pages that referencing image rendering.

Ref #18914
2019-09-17 19:24:03 +02:00
Marcus Efraimsson
80592e3361
Metrics: Adds setting for turning off total stats metrics (#19142)
Don't update total stats metrics if reporting is disabled.
New setting disable_total_stats for turning off update 
of total stats (stat_totals_*) metrics.

Ref #19137
2019-09-17 09:32:24 +02:00
Ryan McKinley
7d32caeac2 Transformers: configure result transformations after query(alpha) (#18740) 2019-09-09 08:58:57 +02:00
Marcus Efraimsson
964c2e722f
Snapshot: Fix http api (#18830)
(cherry picked from commit be2e2330f5)
2019-09-02 15:15:46 +02:00
Bob Shannon
056dbc7012 OAuth: Support JMES path lookup when retrieving user email (#14683)
Add support for fetching e-mail with JMES path

Signed-off-by: Bob Shannon <bobs@dropbox.com>
2019-08-26 18:11:40 +02:00
kay delaney
fb0cec5591
Backend: Adds support for HTTP/2 (#18358)
* Backend: Adds support for HTTP/2

* Adds mozilla recommended ciphers

* Updates sample.ini and config documentation
2019-08-16 16:06:54 +01:00
Kyle Brandt
f689b60426
remotecache: support SSL with redis (#18511)
* update go-redis lib from v2 -> v5
* add ssl option to the redis connection string
fixes #18498
2019-08-13 06:51:13 -04:00
Torkel Ödegaard
f68b8b73f0
LDAP: Align ldap example with the devenv testdata (#18343) 2019-08-02 12:00:13 +02:00
gotjosh
87a794fe0a
Docs: Update documentation with new SAML features (#18163)
* Update defaults.ini and sample.ini with the SAML assertion mapping
fields

* Document Grafana's ability to map ACS attributes while a Grafana user is created
2019-07-23 09:20:07 +01:00
Alexander Zobnin
e47546d529
Docs: SAML idp_metadata_url option (#18181) 2019-07-18 18:45:59 +03:00
gotjosh
d006f7c916
Docs: SAML (#18069)
* docs: Link to SAML docs and document configuration options

- Document configuration options `defaults.ini` and `sample.ini`
- Add the SAML documentation
- Link to the SAML documentation from "what's new in 6.3"
2019-07-17 13:46:51 +01:00
Oleg Gaidarenko
e2cf7c9698
LDAP: finishing touches (#17945)
* LDAP:Docs: `active_sync_enabled` setting

Mention `active_sync_enabled` setting and enable it by default

* LDAP: move "disableExternalUser" method

Idea behind new design of the LDAP module is to minimise conflation
between other parts of the system, so it would decoupled as much as
possible from stuff like database, HTTP transport and etc.

Following "Do One Thing and Do It Well" Unix philosophy principal, other things
could be better fitted on the consumer side of things.

Which what this commit trying to archive

* LDAP: correct user/admin binding

The second binding was not happening, so if the admin login/password
in LDAP configuration was correct, anyone could had login as anyone using
incorrect password
2019-07-05 17:49:00 +03:00
gotjosh
e6b8a1529b
SAML: Configuration defaults, examples and dependencies (#17954)
* Add SAML configuration options

* Add crewjam/saml as a depdency

Needed as part of the enterprise SAML integration.

* Vendor github.com/stretchr/testify/require

The package require implements the same assertions as the `assert` package but stops test execution when a test fails.
2019-07-05 11:27:14 +01:00
Torkel Ödegaard
57c220c93d
Docs: added version notice to new ldap feature docs (#17929) 2019-07-04 14:39:11 +02:00
Sofia Papagiannaki
dc9ec7dc91
Auth: Allow expiration of API keys (#17678)
* Modify backend to allow expiration of API Keys

* Add middleware test for expired api keys

* Modify frontend to enable expiration of API Keys

* Fix frontend tests

* Fix migration and add index for `expires` field

* Add api key tests for database access

* Substitude time.Now() by a mock for test usage

* Front-end modifications

* Change input label to `Time to live`
* Change input behavior to comply with the other similar
* Add tooltip

* Modify AddApiKey api call response

Expiration should be *time.Time instead of string

* Present expiration date in the selected timezone

* Use kbn for transforming intervals to seconds

* Use `assert` library for tests

* Frontend fixes

Add checks for empty/undefined/null values

* Change expires column from datetime to integer

* Restrict api key duration input

It should be interval not number

* AddApiKey must complain if SecondsToLive is negative

* Declare ErrInvalidApiKeyExpiration

* Move configuration to auth section

* Update docs

* Eliminate alias for models in modified files

* Omit expiration from api response if empty

* Eliminate Goconvey from test file

* Fix test

Do not sleep, use mocked timeNow() instead

* Remove index for expires from api_key table

The index should be anyway on both org_id and expires fields.
However this commit eliminates completely the index for now
since not many rows are expected to be in this table.

* Use getTimeZone function

* Minor change in api key listing

The frontend should display a message instead of empty string
if the key does not expire.
2019-06-26 09:47:03 +03:00
Oleg Gaidarenko
31d2905490 LDAP:Docs: add information on LDAP sync feature and update LDAP sync default (#17689)
* Docs: for LDAP active sync feature
2019-06-25 12:54:13 +02:00
Sergey Goppikov
dda8b731e8 Settings: Fix typo in defaults.ini (#17707)
`backround` -> `backGround`
2019-06-23 17:38:30 +02:00
Kyle Brandt
49f0f0e89e
config: fix connstr for remote_cache (#17675)
fixes #17643 and adds test to check for commented out lines (but will only catch `;`, not `#`).
2019-06-20 10:15:21 -04:00
Oleg Gaidarenko
1c08e58605
LDAP: small improvements to various LDAP parts (#17662)
* Add multildap config example

* Publicize mocks for multildap module
2019-06-19 15:46:04 +02:00
Kyle Brandt
599514ad68
middleware: add security related HTTP(S) response headers (#17522)
* x_xss_protection
  * strict_transport_security (HSTS)
  * x_content_type_options

these are currently defaulted to false (off) until the next minor release.

fixes #17509
2019-06-12 13:15:50 +02:00
Kyle Brandt
c09fe3c3b4
remote_cache: Fix redis (#17483)
* wip: fix remote cache for redis
connstr parsing and non-negative expires for #17377
TODO: finish parse, check zero case, find out why negative duration in the first place

* finish parse.
Still TODO, find out negative value, and decide if would be better to make database specific entries in the .ini file

* update ini files

* remove accidental uncomment in defaults.ini

* auth_proxy: expiration non-negative so expiration is not in the past

* fix test, revert neg in redis

* review: use errutil
2019-06-10 15:27:08 +02:00
Tom McClellan
34f314552d Config: Add comment before log_queries in sample ini file (#17462) 2019-06-06 11:13:27 +02:00
Jonathan Rockway
02975256d1 Tracing: allow propagation with Zipkin headers (#17009)
Closes #17006
2019-06-05 13:12:05 +02:00
Abhilash Gnan
04d473b3e5 HTTP Server: Serve Grafana with a custom URL path prefix (#17048)
Adds a new [server] setting `serve_from_sub_path`. By enabling 
this setting and using a subpath in `root_url` setting, e.g.
`root_url = http://localhost:3000/grafana`, Grafana will be accessible 
on `http://localhost:3000/grafana`. By default it is set to `false` 
for compatibility reasons.

Closes #16623
2019-05-27 17:47:29 +02:00
Marcus Efraimsson
1c1427520d
Security: Add new setting allow_embedding (#16853)
When allow_embedding is false (default) the Grafana backend 
will set the http header `X-Frame-Options: deny` in all responses 
to non-static content which will instruct browser to not allow 
Grafana to be embedded in `<frame>`, `<iframe>`, 
`<embed>` or `<object>`.

Closes #14189
2019-05-06 09:56:23 +02:00
Oleg Gaidarenko
66c9297c36
Feature: introduce LdapActiveSyncEnabled setting (#16787)
* Feature: introduce LdapActiveSyncEnabled setting

We probably remove it after the active sync is done.
But at the moment we do not want to affect the current users
with not fully tested feature

* Chore: move settings in more logical order
2019-04-27 09:03:59 +03:00
Oleg Gaidarenko
62b85a886e
LDAP Refactoring to support syncronizing more than one user at a time. (#16705)
* Feature: add cron setting for the ldap settings

* Move ldap configuration read to special function

* Introduce cron setting (no docs for it yet, pending approval)

* Chore: duplicate ldap module as a service

* Feature: implement active sync

This is very early preliminary implementation of active sync.
There is only one thing that's going right for this code - it works.

Aside from that, there is no tests, error handling, docs, transactions,
it's very much duplicative and etc.

But this is the overall direction with architecture I'm going for

* Chore: introduce login service

* Chore: gradually switch to ldap service

* Chore: use new approach for auth_proxy

* Chore: use new approach along with refactoring

* Chore: use new ldap interface for auth_proxy

* Chore: improve auth_proxy and subsequently ldap

* Chore: more of the refactoring bits

* Chore: address comments from code review

* Chore: more refactoring stuff

* Chore: make linter happy

* Chore: add cron dep for grafana enterprise

* Chore: initialize config package var

* Chore: disable gosec for now

* Chore: update dependencies

* Chore: remove unused module

* Chore: address review comments

* Chore: make linter happy
2019-04-26 15:47:16 +03:00
Oleg Gaidarenko
78cd9058a3
Feature: add cron setting for the ldap settings (#16673)
* Feature: add cron setting for the ldap settings

* Move ldap configuration read to special function

* Introduce cron setting (no docs for it yet, pending approval)

* Chore: address code review comments
2019-04-25 17:12:56 +03:00
Josh
fca5ee4bea Provisioning: Support FolderUid in Dashboard Provisioning Config (#16559)
* add folderUid to DashbaordsAsConfig structs and DashbardProviderConfigs struct, set these values in mapping func
look for new folderUid values in config_reader tests
set dashboard folder Uid explicitly in file_reader, which has no affect when not given

* formatting and docstrings

* add folderUid to DashbaordsAsConfig structs and DashbardProviderConfigs struct, set these values in mapping func
look for new folderUid values in config_reader tests
set dashboard folder Uid explicitly in file_reader, which has no affect when not given

* formatting and docstrings

* add folderUid option, as well as documentation for the rest of the fields

* add blank folderUid in devenv example.

* add folderUid to provisioning sample yaml

* instead of just warning, return error if unmarshalling dashboard provisioning file fails

* Removing the error handling and adding comment

* Add duplicity check for folder Uids


Co-authored-by: swtch1 <joshua.thornton@protonmail.com>
2019-04-24 08:57:42 +02:00
Oleg Gaidarenko
db584b3d28
Chore: remove session storage references (#16445)
* Chore: remove session storage references

* Small refactoring of the settings module

* Update docs - remove references for the session storage

* Update config files (sample and default configs)

* Add tests for warning during the config load on defined storage cache

* Remove all references to session storage

* Remove macaron session dependency

* Remove leftovers

* Fix: address review comments

* Fix: remove old deps

* Fix: add skipStaticRootValidation = true to tests

* Fix: improve the docs and warning message

As per discussion in here - https://github.com/grafana/grafana/pull/16445/files#r273026255

* Chore: make linter happy

Fixes #16148
Ref #16114
2019-04-22 18:58:24 +03:00
Carl Bergquist
490515aec6
build: partially replace gometalinter with golangci-lint (#16610)
we still use gometalinter for goconst since it doesn't 
report errors for duplicated in test files
2019-04-16 10:27:07 +02:00
Ryan McKinley
3c21a121eb Plugins: Unifying alpha state & options for all plugins (#16530)
* app pages

* app pages

* workign example

* started alpha support

* remove app stuff

* show warning on alpha/beta panels

* put app back on plugin file

* fix go

* add enum for PluginType and PluginIncludeType

* Refactoring and moving settings to plugins section

fixes #16529
2019-04-12 13:46:42 +02:00
kleph
7ddb770e3b Configuration: Improve session_lifetime comments (#16238) 2019-03-29 13:10:20 +07:00
Zzy
1b84a924a3 Alerting: Makes timeouts and retries configurable (#16259)
Adds new alert settings for configuring timeouts and retries named 
evaluation_timeout_seconds, notification_timeout_seconds 
and max_attempts.

Closes #16240
2019-03-29 12:58:37 +07:00
Oleg Gaidarenko
04b3afcd15
Chore: Implement revive (#16200)
Since we do not like some of the default golint rules,
this commit proposes to use https://github.com/mgechev/revive.

And potential revive speed-up should't hurt :).

Right now, presented config (./conf/revive.toml) is permissive,
we might improve it over time however. Fixes for found revive
issues in the code are very limited so it wouldn't be large to review.

Also in this commit:

* Add annotations for makefile commands and declare phony targets

* Rename "gometalinter" script and CI command to "lint"
  since we are doing there a bit more then using gometalinter package

* Add Makefile rules to .editorconfig

* Documentation which mentioned "golint" replaced with revive

Fixes #16109
Ref #16160
2019-03-27 17:53:49 +01:00
Hugo Häggmark
a90b3e331e config: updated feature toggle name 2019-03-19 13:59:39 +01:00
Andrej Ocenas
697a87b7b2 Add check so that header is not sent for anonymous users 2019-03-14 16:33:21 +01:00
Andrej Ocenas
bbdc1c0e64 Add custom header with grafana user and a config switch for it 2019-03-14 16:33:19 +01:00
Carl Bergquist
291ffcb75b
Merge pull request #15457 from bergquist/distributed_cache
Distributed cache
2019-03-14 16:16:39 +01:00
Torkel Ödegaard
06f7a49a61 Refactoring / fixing password hint PR #15868 2019-03-11 13:33:57 +01:00
bergquist
7e7427637c renames distcache -> remotecache 2019-03-11 10:49:55 +01:00
bergquist
daa3b17951 code layouts and comments 2019-03-11 10:49:42 +01:00
bergquist
98f5432659 memcache -> memcached
https://github.com/memcached/memcached
2019-03-11 10:49:09 +01:00
bergquist
196cdf9710 adds config to default settings 2019-03-11 10:49:09 +01:00
Woodward, Joshua
946e542412 Make password hint configurable from settings/defaults.ini 2019-03-07 14:00:04 -08:00
Hugo Häggmark
8f62082482 Added feature toggle to defaults.ini and sample.ini after PR comments 2019-02-22 14:39:22 +01:00
bergquist
170783c292 make hourly cleanup the default behavior 2019-02-07 10:51:35 +01:00
Marcus Efraimsson
1a140ee199
run token cleanup job when grafana starts, then each hour 2019-02-06 22:27:08 +01:00
Marcus Efraimsson
85ef2ca738
fix spelling 2019-02-06 09:43:45 +01:00
Marcus Efraimsson
3c2fd02bc0
refactor login/auth token configuration settings
remove login section and reuse existing sections security and auth
2019-02-05 21:09:55 +01:00
bergquist
a6bd2c73a0 introduce samesite setting for login cookie
ref #15067
2019-02-01 11:47:21 +01:00
Carl Bergquist
c6f80ecec2
Merge pull request #14229 from pbakulev/configurable-alert-notification
Configurable alert notification
2019-01-28 22:47:12 +01:00
bergquist
8f0e65a150 renames alert_notifications -> notifiers 2019-01-28 20:39:09 +01:00
Marcus Efraimsson
f701c610fb
Merge pull request #15054 from RangerRick/master
add global datasource proxy timeout setting
2019-01-28 18:21:27 +01:00
bergquist
6a8643b3d1 Merge branch 'master' into configurable-alert-notification
* master: (250 commits)
  Firing off an action instead of listening to location changes
  Changes after PR Comments
  Made ExplorerToolbar connected and refactored away responsabilities from Explore
  Removed some split complexity
  Fixed some more styling
  Fixed close split look and feel
  Fixed position of Closesplit
  Fixed small issue with TimePicker dropdown position
  Simplified some styles and dom elements
  Fixed some more with the sidemenu open and smaller screens
  Fixed so heading looks good with closed sidemenu
  Restructure of component and styling
  Refactored out ExploreToolbar from Explore
  Fixed reinitialise of Explore
  changelog: add notes about closing #13929
  changelog: add notes about closing #14558
  changelog: add notes about closing #14484
  changelog: add notes about closing #13765
  changelog: add notes about closing #11503
  changelog: add notes about closing #4075
  ...
2019-01-28 14:16:43 +01:00
bergquist
6e672eb291 enable explore by default
closes #15037
2019-01-28 13:02:54 +01:00
Marcus Efraimsson
e4924795a2
change default rotate_token_minutes to 10 minutes 2019-01-25 13:30:26 +01:00
Benjamin Reed
9108fd1b9d add global datasource proxy timeout setting
closes grafana#5699
2019-01-24 14:06:48 -05:00
bergquist
d6edaa1328 moves cookie https setting to [security] 2019-01-24 19:04:58 +01:00
bergquist
9153b6ed96 improves readability of loginping handler 2019-01-24 15:17:09 +01:00
bergquist
516037fbdd makes sure rotation is always higher than urgent rotation 2019-01-24 13:54:45 +01:00
bergquist
f257101c41 removes unused/commented code 2019-01-24 11:26:45 +01:00
bergquist
ff483f3782 removes old cookie auth configuration 2019-01-24 10:55:10 +01:00
bergquist
56a521b264 makes auth token rotation time configurable 2019-01-24 10:50:18 +01:00
bergquist
31b5db06f1 Merge branch 'master' into poc_token_auth
* master: (156 commits)
  Fixed issues with the sanitizie input in text panels, added docs, renamed config option
  build: removes arm32v6 docker image.
  Updated version in package.json to 6.0.0-pre1
  Update CHANGELOG.md
  build: armv6 docker image.
  build: skips building rpm for armv6.
  build: builds for armv6.
  Explore: mini styling fix for angular query editors
  Removed unused props & state in PromQueryField
  chore: Remove logging and use the updated config param
  chore: Reverse sanitize variable so it defaults to false
  feat: wip: Sanitize user input on text panel
  fix: Text panel should re-render when panel mode is changed #14922
  Minor rename of LogsProps and LogsState
  Splitted up LogLabels into LogLabelStats and LogLabel
  Refactored out LogRow to a separate file
  Removed strange edit
  Added link to side menu header and fixed styling
  Moved ValueMapping logic and tests to separate files
  Fixed data source selection in explore
  ...
2019-01-22 15:39:54 +01:00
bergquist
64124b5042 add setting for how to long we should keep expired tokens 2019-01-22 15:31:43 +01:00
bergquist
d3ec8e1ccb creates new config section for login settings 2019-01-22 15:22:11 +01:00
Torkel Ödegaard
f0e61af8e0 Fixed issues with the sanitizie input in text panels, added docs, renamed config option 2019-01-22 11:56:35 +01:00
Johannes Schill
1ed35f3dc1 chore: Reverse sanitize variable so it defaults to false 2019-01-22 09:36:07 +01:00
Johannes Schill
15d560a1c0 feat: wip: Sanitize user input on text panel 2019-01-22 09:36:07 +01:00
Pavel Bakulev
f132e929ce Added uid for alert notifications 2019-01-16 16:50:00 +02:00
Pavel Bakulev
7b09dd38d8 Commented alert_notifications sample config 2019-01-16 16:45:42 +02:00
Pavel Bakulev
5c10a897f8 Instantiating notifiers from config before using 2019-01-16 16:45:42 +02:00
Pavel Bakulev
6e3e9a337d Added alert_notification configuration 2019-01-16 16:45:42 +02:00
bergquist
74124ec8ed makes cache mode configurable
this makes the cache mode in the sqlite connection
string configurable. the default also changed from
shared to private to solve #107272 but allow the user
to use shared if performance is more important.

ref #10727
2018-12-27 10:48:11 +01:00
Tomas Dabasinskas
3aa24b3afa Rename the setting and add description 2018-12-19 14:59:33 +02:00
Tomas Dabasinskas
08c12313fe Update sample and default configs 2018-12-18 13:51:17 +02:00
Marcus Efraimsson
b9e91cab0e
add oauth_auto_login setting to defaults file
Making the setting configurable thru environment variable
2018-12-12 10:42:37 +01:00
Mario Trangoni
e4771a88dd Fix other misspell issues
See,
$ find . -type f | xargs misspell -locale US | grep -vi -e vendor -e node_modules -e devenv -e unknwon -e destory -e yarn -e adn -e Spindel
2018-11-29 18:15:16 +01:00
Carl Bergquist
9b20c9c3a5
Merge pull request #14225 from zicklam/patch-3
removed extra whitespace
2018-11-29 10:00:09 +01:00
Florian Zicklam
3000818ab3
added google_tag_manager_id from defaults.ini 2018-11-29 09:30:03 +01:00
Florian Zicklam
d86ba20d10
removed extra whitespace
removed extra whitespace
2018-11-29 09:21:06 +01:00
bergquist
c999394b49 adds basic auth configuration to default.ini 2018-11-20 11:07:39 +01:00
Dan Cech
8a74fe2b76
add auth.proxy headers to sample.ini 2018-11-07 18:21:25 -05:00
Dan Cech
502290817a
add auth.proxy headers to default.ini 2018-11-07 17:36:44 -05:00
Torkel Ödegaard
28b0ae1d82 Added new backend setting for license file 2018-11-01 12:07:11 +01:00
Torkel Ödegaard
565edc1ed3 added setting top hide plugins in alpha state 2018-10-09 17:47:43 +02:00
Leo Ochoa
12a99fa0b5
typo in sample.ini 2018-10-01 18:47:25 +02:00
Torkel Ödegaard
cb96c6d942 Changed setting to be an alerting setting 2018-09-25 12:17:04 +02:00
Torkel Ödegaard
4dab595ed7 rendering: Added concurrent rendering limits 2018-09-24 16:14:11 +02:00
Torkel Ödegaard
5fbe8eff4f ldap: made minor change to group search, and to docs 2018-09-14 11:28:17 +02:00
Bob Shannon
f257ff0216 Allow oauth email attribute name to be configurable (#13006)
* Allow oauth email attribute name to be configurable

Signed-off-by: Bob Shannon <bshannon@palantir.com>

* Document e-mail determination steps for generic oauth

* Add reference to email_attribute_name

* Re-add e-mail determination docs to new generic-oauth page

* Inherit default e-mail attribute from defaults.ini
2018-09-10 09:45:07 +02:00
bergquist
1e33a3780f spelling errors 2018-09-06 11:51:24 +02:00
bergquist
3ce89cad71 make default values for alerting configurable 2018-09-06 11:26:14 +02:00
Anthony Woods
5c0fbbf7c8 improve remote image rendering (#13102)
* improve remote image rendering

- determine "domain" during Init() so we are not re-parsing settings
  on every request
- if using http-mode via a rednererUrl, then use the AppUrl for the
  page that the renderer loads.  When in http-mode the renderer is likely
  running on another server so trying to use the localhost or even the
  specific IP:PORT grafana is listening on wont work.
- apply the request timeout via a context rather then directly on the http client.
- use a global http client so we can take advantage of connection re-use
- log and handle errors better.

* ensure imagesDir exists

* allow users to define callback_url for remote rendering

- allow users to define the url that a remote rendering service
  should use for connecting back to the grafana instance.
  By default the "root_url" is used.

* improve remote image rendering

- determine "domain" during Init() so we are not re-parsing settings
  on every request
- if using http-mode via a rednererUrl, then use the AppUrl for the
  page that the renderer loads.  When in http-mode the renderer is likely
  running on another server so trying to use the localhost or even the
  specific IP:PORT grafana is listening on wont work.
- apply the request timeout via a context rather then directly on the http client.
- use a global http client so we can take advantage of connection re-use
- log and handle errors better.

* ensure imagesDir exists

* allow users to define callback_url for remote rendering

- allow users to define the url that a remote rendering service
  should use for connecting back to the grafana instance.
  By default the "root_url" is used.

* rendering: fixed issue with renderKey where userId and orgId was in mixed up, added test for RenderCallbackUrl reading logic
2018-09-04 13:42:55 +02:00
Benoît Knecht
7ec146df99 social: add GitLab authentication backend
GitLab could already be used as an authentication backend by properly
configuring `auth.generic_oauth`, but then there was no way to authorize
users based on their GitLab group membership.

This commit adds a `auth.gitlab` backend, similar to `auth.github`, with
an `allowed_groups` option that can be set to a list of groups whose
members should be allowed access to Grafana.
2018-08-14 14:11:48 +02:00
Torkel Ödegaard
277a696fa5
fix: added missing ini default keys, fixes #12800 (#12912) 2018-08-14 08:49:56 +02:00
Emil Flink
5bea54eaaa Support client certificates for LDAP servers 2018-08-03 12:00:20 +02:00
gzzo
cb76fc7f2d
Add auto_assign_org_id to defaults.ini
For #12801
2018-08-02 12:29:47 -04:00
Jan Garaj
e37e8cb38c Add missing tls_skip_verify_insecure (#12748) 2018-07-30 00:02:16 -07:00
Torkel Ödegaard
913b8576f8 docs: minor docs fix 2018-07-18 13:20:28 +02:00
Torkel Ödegaard
c189262bac ldap: Make it possible to define Grafana admins via ldap setup, closes #2469 2018-07-16 16:56:42 +02:00
Carl Bergquist
828fb39ee2
Merge pull request #11643 from mrsiano/generic_oauth
Pass configured/auth headers to a Datasource.
2018-06-21 14:21:59 +02:00
mrsiano
cc1e3a0e3c Pass configured/auth headers to a Datasource.
In some setups (ex openshift), the Datasource will require Grafana
to pass oauth token as header when sending queries.
Also, this PR allow to send any header which is something
Grafana currently does not support.
2018-06-21 14:58:05 +03:00
Anton Sergeyev
2024cf4b56 #11607 fixed formatting 2018-06-14 12:46:29 +05:00
Anton Sergeyev
516839d7b2 #11607 Cleanup time of temporary files is now configurable 2018-06-14 12:35:22 +05:00
Julien Pivotto
a5e6cb9a02 Fix #9847 Add a generic signout_redirect_url to enable oauth logout
Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
2018-05-27 14:52:50 +02:00
David Kaltschmidt
1e6e89121c Settings to enable Explore UI 2018-04-27 11:39:14 +02:00
Mario Trangoni
298ece0a02 conf: fix codespell issues 2018-04-13 20:31:29 +02:00
Daniel Lee
92388f7faf session: update defaults for ConnMaxLifetime
to be the same as the 5.0.3 release defaults
2018-03-20 19:31:01 +01:00
Daniel Lee
1cef373d16 Merge remote-tracking branch 'upstream/master' into update-xorm 2018-03-20 19:21:58 +01:00
DavidLambauer
b90c323e31
Minor format changes
Just fixed some minor inconsistencies in the format of the file. There were some configurations uncommented like so: 

```
; container_name =
```

and some other like so:

```
;container_name =
```

So there is a need for a small perfection here! 

I also removed some unnecessary line breaks, bullying my eyes... 

![<3](https://media.giphy.com/media/dTJd5ygpxkzWo/giphy.gif)
2018-03-18 10:17:48 +01:00
Daniel Lee
9cdd7cb04c database: expose SetConnMaxLifetime as config setting
For MySQL, setting this to be shorter than the wait_timeout MySQL setting
solves the issue with connection errors after the session has timed out for
the connection to the database via xorm.
2018-03-16 01:09:00 +01:00
Laurent Godet
59704ee939 Fix Github OAuth not working with private Organizations (#11028)
* Fix Github OAuth not working with private organizations

* Update documentation
2018-02-28 13:08:15 +01:00
Daniel Lee
fe49182b9d snapshots: fixes cleanup of old snapshots
Snapshot cleanup did not work due to time.Now syntax error. Added test
for it as well to catch any future errors.

Added error and debug logging so that it is possible to see any errors in the future.

Removed an unused configuration value and deprecated the remove expired snapshots
setting.
2018-02-22 16:12:16 +01:00
bergquist
4dc6074e79 provisioning: dont ignore sample yaml files
closes #10963
2018-02-20 08:40:37 +01:00
Scott Brenner
2d03ab1770
Update sample.ini 2018-02-15 10:41:26 -08:00
Scott Brenner
7535cefed9
Update ldap.toml 2018-02-15 10:41:15 -08:00
Scott Brenner
b8b6dc6d6d
Minor typo fix 2018-02-15 10:37:23 -08:00
bergquist
dba087463a provisioing: always skip sample.yaml files 2018-02-14 11:33:58 +01:00
bergquist
b010e4df93 provisioning: support camelcase for dashboards configs 2018-02-14 10:30:08 +01:00
bergquist
4a35244cb9 provisioning: support camcelCase provisioning files 2018-02-14 10:30:08 +01:00
Scott Brenner
e57c8d0357
Minor typo fix
Minor typo fix
2018-02-12 13:59:19 -08:00
bergquist
e93fe9db25 provisioning: update sample config to use path 2018-02-09 15:25:31 +01:00
Leonard Gram
b549d29319 Merge branch 'master' into provisioning 2018-02-08 11:01:09 +01:00
Marcus Efraimsson
3d1c624c12 WIP: Protect against brute force (frequent) login attempts (#10031)
* db: add login attempt migrations

* db: add possibility to create login attempts

* db: add possibility to retrieve login attempt count per username

* auth: validation and update of login attempts for invalid credentials

If login attempt count for user authenticating is 5 or more the last 5 minutes
we temporarily block the user access to login

* db: add possibility to delete expired login attempts

* cleanup: Delete login attempts older than 10 minutes

The cleanup job are running continuously and triggering each 10 minute

* fix typo: rename consequent to consequent

* auth: enable login attempt validation for ldap logins

* auth: disable login attempts validation by configuration

Setting is named DisableLoginAttemptsValidation and is false by default
Config disable_login_attempts_validation is placed under security section
#7616

* auth: don't run cleanup of login attempts if feature is disabled

#7616

* auth: rename settings.go to ldap_settings.go

* auth: refactor AuthenticateUser

Extract grafana login, ldap login and login attemp validation together
with their tests to separate files.
Enables testing of many more aspects when authenticating a user.
#7616

* auth: rename login attempt validation to brute force login protection

Setting DisableLoginAttemptsValidation => DisableBruteForceLoginProtection
Configuration disable_login_attempts_validation => disable_brute_force_login_protection
#7616
2018-01-26 10:41:41 +01:00
bergquist
1508755422 cfg: remove local as default image uploader
ref #9967
2018-01-24 21:31:07 +01:00
bergquist
67a9e6a71d provisioing: add lookup table provisioned dashboards 2018-01-23 21:52:55 +01:00
bergquist
5546828b9f cfg: adds info about local img uploader to docs 2018-01-22 11:11:30 +01:00
Martin Szulecki
c82e23d96e imguploader: Add support for new internal image store (#6922) 2018-01-12 21:40:12 +01:00