* Authn: Add interface for external identity sync
This interface is implemented by authnimpl.Service and just triggers PostAuthHooks and skipping last seen update by default
* Authn: Add SyncIdentity to fake and add a new mock
This commit updates the screenshot package to make From and To
optional. It also updates the docs for ScreenshotOptions so
this behavior is well documented.
* Add tests for service accounts metrics usage
* Add service account store implementation
* Add service account service implementation
* Add tests for org metrics usage
* Add org implementation
* Add service implementation
* add metrics and tracing to state manager
* propagate tracer to state manager
* add scheduler metrics
* fix backtesting
* add test for state metrics
* remove StateUpdateCount
* update docs
* metrics can be null
* add tracer to new tests
* make discord url secure
* support migrating unsecure settings to secure settings
* Update public/app/features/alerting/unified/utils/receiver-form.ts
Co-authored-by: William Wernert <william.wernert@grafana.com>
---------
Co-authored-by: Gilles De Mey <gilles.de.mey@gmail.com>
Co-authored-by: William Wernert <william.wernert@grafana.com>
* wip
* scope active user to 1 org
* remove TODOs
* add render auth namespace
* import cycle fix
* make condition more readable
* convert Evaluate to user Requester
* only use active OrgID for SearchUserPermissions
* add cache key to interface definition
* change final SignedInUsers to interface
* fix api key managed roles fetch
* fix anon auth id parsing
* Update pkg/services/accesscontrol/acimpl/accesscontrol.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
---------
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Dashboards: Fix tests when authn broker is enabled.
StarService was not configured for tests, the call was guarded by !c.IsSignedIn
* Change default to be anon user to match expectations from tests
* OAuth: rewrite tests to work with authn.Service
* Setup template renderer by default
* Extract cookie options from cfg instead of relying on global variables
* Fix test to work with authn service
* Middleware: rewrite auth tests
* Remvoe session cookie if we cannot refresh access token
* introduce a new action "alert.provisioning.secrets:read" and role "fixed:alerting.provisioning.secrets:reader"
* update alerting API authorization layer to let the user read provisioning with the new action
* let new action use decrypt flag
* add action and role to docs
* calculate cacheID instead of literals
* use mocked clocks
* advance clocks with the eval results
* use clearer timestamp aliases
* make expected state labels be more clear to read
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
* add termination stage
* uid -> pluginID (for now)
* also fix fakes
* add simple test
* Fix logger name
Co-authored-by: Giuseppe Guerra <giuseppe.guerra@grafana.com>
* inline stop func call
Co-authored-by: Giuseppe Guerra <giuseppe.guerra@grafana.com>
---------
Co-authored-by: Giuseppe Guerra <giuseppe.guerra@grafana.com>
* Search: Attempt to support folderUID filter
* Search: Use folder UID instead of ID for searching folders
* Update swagger
* Fix JSON property casing
* Add integration test
* Remove redundant query condition
* Fix frontend test
* Fix listing dashboards in General/root
* Add support for fetching top level folders
using `folderUIDs=` (empty string) query parameter
* Add deprecation notice
* Send uid of general in sql.ts
* Use 'general' for query folderUIDs query param for fetching folder
* Add tests
* Fix FolderUIDFilter
---------
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Add tests
* Fix query for nested folders with zero self-contained permissions
* Fix query behind permissionsFilterRemoveSubquery flag
* Apply suggestion from code review
* Add feature flag
* Introduce interface and dummy implementation
* Add tests for the new filter
* accessControlDashboardPermissionFilterNoFolderSubquery implementation
* join only if it's necessary
* force ordering for tests
* Temporarily enable new query for benchmarks
* lock down server admin role updates on the frontend if the user is externally synced
* add tests
* lock Grafana Server admin role updates from the backend
* rename variables
* check that the user has auth info
* add LDAP to providers for which Grafana Server admin role can be synced
* linting
* add folder data migration, fix unique index
* fix unique index
* pass a fake store in tests
* pass store into other providers in tests
* and now with alerting!
* fixed: added id token expiry check to oauth token sync
* use go-jose and id token in cache
* Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go
* refactored getOAuthTokenCacheTTL and added unit tests
* Small changes to oauth_token_sync
* Remove unnecessary contexthandler changes
---------
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
* Lucene: add dependency
* ModifyQuery: use Lucene parser to detect key:values in queries
* ModifyQuery: use Lucene parser to remove filters
* Remove test code
* Modify query: switch to recursive implementation
* Modify query: implement remove filter
* Update query normalizing function
* FlagElasticToggleableFilters: remove feature flag
* Remove unused feature flag from test
* Elasticsearch: escape quotes in filter values
* RBAC: Make the SplitScope migration concurrent
* Benchmark multiple alternatives: (updates in a loop, batch update, concurrent batch update)
* Only keep batching since mysql 5.7 does not seem to support concurrent batching
* Update pkg/services/accesscontrol/migrator/migrator.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
---------
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* build httpsettings overhaul with new auth component
* remove test code
* add connection and advanced http settings components
* use tooltip with link
* add correct styling and spacing
* save option select for sigV4
* fix styles in Azure auth to fit new auth component
* add types in overhaul folder that are not available yet in grafana
* update e2e tests for new connection component
* update e2e tests for new connection component
* update width of azure inputs
* fix non custom auth selects
* add feature toggle
* wrap azure style changes behind the feature flag
* fix feature toggle rebase fix error
* move advanced http setting and wrap everything in the config subsection component to fix font
* fix input width
* use cx for conditional classes
* use cx for conditional class
* don't show Admin/Data sources page in navtree
* redirect from admin/datasources to connections/datasources
* update link of DS plugins to connections/datasources
* redirect edit page from datasources to connections
* redirect to new datasource page under connections
* redirect to datasouce dashboard page under connections
* fix navId on datasource dashboards page
* fix datasource dashboard page's nav
* Revert "update link of DS plugins to connections/datasources"
This reverts commit 0ebcb09b03.
* Alerting: Fix contact point testing with secure settings
Fixes double encryption of secure settings during contact point testing and removes code duplication
that helped cause the drift between alertmanager and test endpoint. Also adds integration tests to cover
the regression.
Note: provisioningStore is created to remove cycle and the unnecessary dependency.
* add a new feature toggle for locking down role sync for users managed by GCom
* protect the frontend and the backend using the new feature toggle
* fix merge
* Expose library element service's folder service
* Register library panels, add count implementation
* Expand folder counts test
* Update registry deletion method interface
* Allow getting library elements from any folder
* Add test for library panel deletion
* Add test for library panel counting
* Remove feature flag from registry.go
* Remove usages of toggle
* Refactor and cleanup Tempo's query field components
* Added deprecation alert
* Mark nativeSearch fields as deprecated
* Also show deprecated search tab if queryType is nativeSearch
* Update deprecation message to list grafana version
* Fix merge conflict
* Remove mention of toggle from docs
* make sure LastSeen hook has information to decide if update is necessary
* make user service check if it should update the user's last seen
* do not run last seen hook if is a login request
* make service return error when last seen is up to date
* fix err
* Update pkg/services/contexthandler/contexthandler.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* fix golint
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Azure: AzureMonitorMetrics - change response to be dataplane compliant
can be disabled via toggle azureMonitorDataplane
Co-authored-by: Andreas Christou <andreas.christou@grafana.com>
* Datasource test: fix describe nesting
* Parsing: export handleQuotes function
* Modify query: add functions to detect the presence of a label and remove it
* Loki: add support to toggle filters if already present
* Datasource test: fix describe nesting
* Loki: add support to toggle filter out if present
* Remove label: handle escaped values
* Datasource: add test case for escaped label values
* Loki: remove = filter when applying !=
* Remove selector: add support for Selector node being far from Matcher
* Modify query: add unit tests
* Elasticsearch: create modifyQuery for elastic
* Elastic modify query: implement functions
* Elasticsearch: implement modifyQuery functions in datasource
* Elasticsearch: update datasource test
* Loki modify query: check for streamSelectorPositions length
* Elasticsearch query has filter: escape filter value in regex
* Remove unused type
* Modify query: add functions to detect the presence of a label and remove it
* Remove label: handle escaped values
* Logs: create props to check for label filters in the query
* Log Details Row: use label state props to show visual feedback
* Make isCallbacks async
* Explore: add placeholder for checking for filter in query
* Datasource: define new API method
* Inspect query: add base implementation
* Remove isFilterOutLabelActive as it will not be needed
* Check for "isActive" on every render
Otherwise the active state will be out of sync
* Elasticsearch: implement inspectQuery in the datasource
* Logs: update test
* Log details: update test
* Datasources: update tests
* Inspect query: rename to analize query to prevent confusion
* Datasource types: mark method as alpha
* Explore: add comment to log-specific functions
* Remove duplicated code from bad rebase
* Remove label filter: check node type
* getMatchersWithFilter: rename argument
* Fix bad rebase
* Create DataSourceWithQueryManipulationSupport interface
* Implement type guard for DataSourceWithQueryManipulationSupport
* DataSourceWithQueryManipulationSupport: move to logs module
* hasQueryManipulationSupport: change implementation
`modifyQuery` comes from the prototype.
* DataSourceWithQueryManipulationSupport: expand code comments
* AnalyzeQueryOptions: move to logs module
* DataSourceWithQueryManipulationSupport: add support for more return types
* Fix merge error
* Update packages/grafana-data/src/types/logs.ts
Co-authored-by: Sven Grossmann <sven.grossmann@grafana.com>
* DatasourceAPI: deprecate modifyQuery
* Explore: refactor isFilterLabelActive
* DataSourceWithQueryModificationSupport: rename interface
* Split interfaces into Analyze and Modify
* Query analysis: better name for interface
* Fix guard
* Create feature flag for active state
* Use new feature flag in Explore
* DataSourceToggleableQueryFiltersSupport: create a specific interface for this feature
* Rename feature flag
* De-deprecate modifyQuery
* DataSourceToggleableQueryFiltersSupport: Rethink types and methods
* Explore: adjust modifyQuery and isFilterLabelActive to new methods
* Loki: implement new interface and revert modifyQuery
* DataSourceToggleableQueryFiltersSupport: better name for arguments
* Elasticsearch: implement new interface and revert modifyQuery
* Loki: better name for arguments
* Explore: document current limitation on isFilterLabelActive
* Explore: place toggleable filters under feature flag
* Loki: add tests for the new methods
* Loki: add legacy modifyQuery tests
* Elasticsearch: add tests for the new methods
* Elasticsearch: add legacy modifyQuery tests
* Toggle filter action: improve type values
* Logs types: update interface description
* DataSourceWithToggleableQueryFiltersSupport: update interface name
* Update feature flag description
* Explore: add todo comment for isFilterLabelActive
---------
Co-authored-by: Sven Grossmann <sven.grossmann@grafana.com>
* add a feature toggle
* add the fields for attribute, kind and identifier to permission
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
* set the new fields when new permissions are stored
* add migrations
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
* remove comments
* Update pkg/services/accesscontrol/migrator/migrator.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* feedback: put column migrations behind the feature toggle, added an index, changed how wildcard scopes are split
* PR feedback: add a comment and revert an accidentally changed file
* PR feedback: handle the case with : in resource identifier
* switch from checking feature toggle through cfg to checking it through featuremgmt
* don't put the column migrations behind a feature toggle after all - this breaks permission queries from db
---------
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* pushed to get help of a genius
* fix: error response is not json
* feat: make request on click
* refactor: remove print statement
* refactor: remove unnecessary code
* feat: convert grafana variables to value for API request
* use the parser to interpolate and recover the original query (#64591)
* Prettify query: use the parser to interpolate and recover the original query
* Fix typo
Co-authored-by: Ivana Huckova <30407135+ivanahuckova@users.noreply.github.com>
* Fix typo
Co-authored-by: Ivana Huckova <30407135+ivanahuckova@users.noreply.github.com>
* fix: reverse transformation not working
---------
Co-authored-by: Ivana Huckova <30407135+ivanahuckova@users.noreply.github.com>
Co-authored-by: Gareth Dawson <gwdawson.work@gmail.com>
* fix: bugs created from merge
* refactor: move prettify code out of monaco editor
* fix: variables with the same value get converted back to the incorect variable
* refactor
* use consistent styling with bigquery
* fix: only allow text/plain and application/json
* fix: only make the request if the query is valid
* endpoint now returns application/json
* prettify from js
* WIP: not all cases are handles, code still needs cleaning up
* WIP
* large refactor, finished support for all pipeline expressions
* add tests for all format functions
* idk why these files changed
* add support for range aggregation expr & refactor
* add support for vector aggregation expressions
* add support for bin op expression
* add support for literal and vector expressions
* add tests and fix some bugs
* add support for distinct and decolorize
* feat: update variable replace and return
* fix: lezer throws an errow when using a range variable
* remove api implementation
* remove api implementation
* remove type assertions
* add feature flag
* update naming
* fix: bug incorrectly formatting unwrap with labelfilter
* support label replace expr
* remove duplicate code (after migration)
* add more tests
* validate query before formatting
* move tests to lezer repo
* add feature tracking
* populate feature tracking with some data
* upgrade lezer version to 0.1.7
* bump lezer to 0.1.8
* add tests
---------
Co-authored-by: Matias Chomicki <matyax@gmail.com>
Co-authored-by: Ivana Huckova <30407135+ivanahuckova@users.noreply.github.com>
* introduce a function checkIfSeriesNeedToBeFixed to scan all value fields in the response and provide a function that updates Series so they can be uniquely identifiable. Only Graphite and TestData are checked.
* update `convertDataFramesToResults` to run this function and provide it to WideToMany
* update WideToMany to run the fix function if it is not nil
This commit updates eval.go to improve the performance of matching
captures in the general case. In some cases we have reduced the
runtime of the function from 10s of minutes to a couple 100ms.
In the case where no capture matches the exact labels, we revert to
the current subset/superset match, but with a reduced search space
due to grouping captures.
* gRPC Server: Instrument requests made to the server.
Expose metrics from the gRPC server in order to monitor for failed responses
and response latency. Uses code from the already vendored weaveworks/common.
* Review comments.
This commit changes extractEvalString to sort NumberCaptureValues
in ascending order of Var before building the output string. This
means that users will see EvaluationString in a consistent order,
but also make it possible to assert its output in tests.
* Alerting: No longer silence paused alerts during legacy migration
Now that we migrate paused legacy alerts to paused UA alert rules, we no longer need to silence them.
* add grafana-apiserver
* remove watchset & move provisioning and http server to background
services
* remove scheme
* otel fixes (#70874)
* remove module ProvideRegistry test
* use certgenerator from apiserver package
* Control collector/pdata from going to v1.0.0-rc8 (as Tempo 1.5.1 would have it)
* Refactor Tempo datasource backend to support multiple queryData types.
Added traceId query type that is set when performing the request but doesn't map to a tab.
* WIP data is reaching the frontend
* WIP
* Use channels and goroutines
* Some fixes
* Simplify backend code.
Return traces, metrics, state and error in a dataframe.
Shared state type between FE and BE.
Use getStream() instead of getQueryData()
* Handle errors in frontend
* Update Tempo and use same URL for RPC and HTTP
* Cleanup backend code
* Merge main
* Create grpc client only with host and authenticate
* Create grpc client only with host and authenticate
* Cleanup
* Add streaming to TraceQL Search tab
* Fix merge conflicts
* Added tests for processStream
* make gen-cue
* make gen-cue
* goimports
* lint
* Cleanup go.mod
* Comments
* Addressing PR comments
* Fix streaming for tracel search tab
* Added streaming kill switch as the disableTraceQLStreaming feature toggle
* Small comment
* Fix conflicts
* Correctly capture and send all errors as a DF to client
* Fix infinite error loop
* Fix merge conflicts
* Fix test
* Update deprecated import
* Fix feature toggles gen
* Fix merge conflicts
* First changes
* WIP docs
* Align current tests
* Add test for UseRefreshToken
* Update docs
* Fix
* Remove unnecessary AuthCodeURL from generic_oauth
* Change GitHub to disable use_refresh_token by default
* introduce a new node-type ML and implement a command outlier that uses ML plugin as a source of data.
* add feature flag mlExpressions that guards the feature
* add table visualisation for logs
* add `logsExploreTableVisualisation` feature flag
* add feature flag to visualisation switch
* fix english
* improve state when no data is present
* improve margin
* add missing prop to test
* add tests
* fix logs table height
* fix linting
* move visualisation toggle
* add field config overrides
* update tests
* fix explore test
* fix explore test
* add missing header and revert test changes
* use timefield from logsFrame.ts
* add TODO
* move to new file
* hide fields that should be hidden
* add test to hide fields
* remove unused lines
* Search sql filter draft, unfinished
* Search works for empty roles
* Add current AuthModule to SignedInUser
* clean up, changes to the search
* Use constant prefixes
* Change AuthModule to AuthenticatedBy
* Add tests for using the permissions from the SignedInUser
* Refactor and simplify code
* Fix sql generation for pg and mysql
* Fixes, clean up
* Add test for empty permission list
* Fix
* Fix any vs all in case of edit permission
* Update pkg/services/authn/authn.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Update pkg/services/sqlstore/permissions/dashboard_test.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Fixes, changes based on the review
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Alerting: Make ApplyAlertmanagerConfiguration only decrypt/encrypt new/changed secure settings
Previously, ApplyAlertmanagerConfiguration would decrypt and re-encrypt all secure settings. However, this caused re-encrypted secure settings to be included in the raw configuration when applied to the embedded alertmanager, resulting in changes to the hash. Consequently, even if no actual modifications were made, saving any alertmanager configuration triggered an apply/restart and created a new historical entry in the database.
To address the issue, this modifies ApplyAlertmanagerConfiguration, which is called by POST `api/alertmanager/grafana/config/api/v1/alerts`, to decrypt and re-encrypt only new and updated secure settings. Unchanged secure settings are loaded directly from the database without alteration.
We determine whether secure settings have changed based on the following (already in-use) assumption: Only new or updated secure settings are provided via the POST `api/alertmanager/grafana/config/api/v1/alerts` request, while existing unchanged settings are omitted.
* Ensure saving a grafana-managed contact point will only send new/changed secure settings
Previously, when saving a grafana-managed contact point, empty string values were transmitted for all unset secure settings. This led to potential backend issues, as it assumed that only newly added or updated secure settings would be provided.
To address this, we now exclude empty ('', null, undefined) secure settings, unless there was a pre-existing entry in secureFields for that specific setting. In essence, this means we only transmit an empty secure setting if a previously configured value was cleared.
* Fix linting
* refactor omitEmptyUnlessExisting
* fixup
---------
Co-authored-by: Gilles De Mey <gilles.de.mey@gmail.com>
* Use sha1 (160 bit hash)
* Update pkg/services/accesscontrol/database/externalservices.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Satisfy linter, clean up
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
