Commit Graph

771 Commits

Author SHA1 Message Date
Marcus Efraimsson
3fc5f4552a CloudWatch: Fix high CPU load (#20579)
* Cache decrypted securejsondata
* Models: Add datasource cache tests
2019-11-22 14:21:23 +01:00
Eric Leijonmarck
f05607d4c0 UserTableView: Show user name in table view (#18108)
* refactor to multiple rows

* added name for org user struct

* added name getorgusers

* added user name to tableview

* made test pass

* updated userMocks to user name field

* added missing UsersTable snapshot

* added name on teammembers page, be able to search query for name, login and email

* added the updated snapshots

* conform to same sorting as output form

* conform to previous way of using it

* sort first by login and after by email, as it was before
2019-11-21 12:44:46 +02:00
Sofia Papagiannaki
d1c523838b
API: Optionally list expired keys (#20468)
* API: Optionally list expired keys

* Update docs
2019-11-20 13:14:57 +02:00
Leonard Gram
992b4b8adf
Licensing service (#19903)
* Licensing: supplies a service to handle licensing information

* Licensing: uses the license service further

Uses the license service instead of settings.isEnterprise:
- external team members
- saml
- usage stats

* Licensing: fixes broken tests due to new Licensing service dependency

* Licensing: fixes linting errors

* Licensing: exposes license expiry information to the frontend
2019-11-01 14:56:12 +01:00
Arve Knudsen
9843a886f7
pkg/models: Check errors (#19839)
Check errors in pkg/models.
2019-10-22 16:18:36 +02:00
Weeco
8cd93f0b88 Datasource: Add custom headers on alerting queries (#19508)
* Add custom headers on alerting queries

Reference issue #15381

Signed-off-by: Martin Schneppenheim <martin.schneppenheim@rewe-digital.com>

* Fix datasource transport tests

* Migrate decrypting header test to models pkg

* Check correct header

* Add HTTP transport test

Fixes #15381
2019-10-11 14:28:52 +02:00
Rafael George
e1b2bf711d API: Add createdAt field to /api/users/:id (#19475)
It would help for auditing purposes to have the user's created date exposed via the API along with the other fields already exposed via the API.
2019-09-28 12:12:33 +01:00
Masudur Rahman
a41a7ea656 Backend: Remove redundant condition of ROLE_VIEWER (#19211) 2019-09-19 08:19:11 +02:00
Sofia Papagiannaki
b5f0a5d5ca
Api: Readonly datasources should not be created via the API (#19006)
* Readonly datasources should not be created via the API

* Return correct `ReadOnly` value in GetDataSourceByName
2019-09-17 12:29:43 +03:00
gotjosh
fa007423e3
API: Add updatedAt to api/users/:id (#19004)
* API: Add `updatedAt` to api/users/:id

This adds the timestamp of when a particular user was last updated to
the `api/users/:id` endpoint.

This helps our administrators understand when was the user information last
updated. Particularly when it comes from external systems e.g. LDAP
2019-09-11 13:43:05 +01:00
gotjosh
10fe101add
LDAP: Fetch teams in debug view (#18951)
Adds the definition of `GetTeamsForLDAPGroupCommand` which handles the lookup of team information based on LDAP groupDNs.

This is an Enterprise only feature. To diferentiate,a response will contain the `team` key as `null` on OSS while on Enterprise the key will contain an empty array `[]` when no teams are found.
2019-09-08 11:48:47 +01:00
gotjosh
0cbbb43222
LDAP: Add API endpoint to debug user mapping from LDAP (#18833)
* Move the ReloadLDAPCfg function to the debug file

Appears to be a better suite place for this.

* LDAP: Return the server information when we find a specific user

We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things:

- Understand in which server we found the user
- Have access the groups specified as part of the server configuration

* LDAP: Adds the /api/admin/ldap/:username endpoint

This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration.

No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 18:34:44 +01:00
Oleg Gaidarenko
c5bca40566
Email: add reply-to and direct attachment (#18715)
* Add support for `Reply-To` header

* Allow direct attachment

Don't have tests yet, but they will follow
2019-08-26 16:44:18 +02:00
Marcus Efraimsson
8fd153edb7
API: Restrict anonymous user information access (#18422)
Existing /api/alert-notifications now requires at least editor access.
Existing /api/alert-notifiers now requires at least editor access.
New /api/alert-notifications/lookup returns less information than
/api/alert-notifications and can be access by any authenticated user.
Existing /api/org/users now requires org admin role.
New /api/org/users/lookup returns less information than
/api/org/users and can be access by users that are org admins,
admin in any folder or admin of any team.
UserPicker component now uses /api/org/users/lookup instead
of /api/org/users.

Fixes #17318
2019-08-12 20:03:48 +02:00
Sofia Papagiannaki
7520166f17
API: Minor fix for team creation endpoint when using API key (#18252)
* Fix CreateTeam api endpoint

No team member should be created for requests
authenticated by API tokens.

* Update middleware test

Assert that `isAnonymous` is set for `SignedInUser`
authenticated via API key.

* Add test for team creation

Assert that no team member is created if the signed in user
is anomymous.

* Revert "Fix CreateTeam api endpoint"

This reverts commit 9fcc4e67f5.

* Revert "Update middleware test"

This reverts commit 75f767e58d.

* Fix CreateTeam api endpoint

No team member should be created for requests
authenticated by API tokens.

* Update team test

* Change error to warning and update tests
2019-08-08 11:27:47 +03:00
Oleg Gaidarenko
d9f01cb822
SQLStore: use bool pointer instead of string (#18111) 2019-07-17 06:24:56 +03:00
Oleg Gaidarenko
8e0f091f14
SQLStore: allow to look for is_disabled flag (#18032)
* Add support for `is_disabled` to `CreateUser()`

* Add support for `is_disabled` to `SearchUsers()`
  Had to add it as a `string` type not as `bool`, since if that's property
  is omitted, we would have add it to SQL request, which might be dangerous

* Restructure desctructive tests and add more
2019-07-15 09:14:32 +03:00
Anthony Templeton
3680b95b44 Auth: Duplicate API Key Name Handle With Useful HTTP Code (#17905)
* API: Duplicate API Key Name Handle With Useful HTTP Code

* 17447: make changes requested during review

- use dialect.IsUniqueContraintViolation
- change if statement to match others
- return error properly

* Revert "17447: make changes requested during review"

This reverts commit a4a674ea83.

* API: useful http code on duplicate api key error w/ tests

* API: API Key Duplicate Handling

fixed small typo associated with error
2019-07-11 11:20:34 +03:00
Alexander Zobnin
5f0a7f43c3
Users: show badges for each auth provider (#17869)
* Users: show badges for each auth provider

* Chore: don't use functions in angular bindings

* Users: minor style changes to labels

* Chore: convert auth labels on the backed side, deduplicate frontend code

* Users: use authLabels everywhere instead of authModule

* User: fix edit user page style

* Users: minor fixes after review
2019-07-10 12:06:51 +03:00
Leonard Gram
e574147b1e Auth: SAML login button. (#17932)
* Auth: SAML login button.

* Fixed ts issue
2019-07-05 15:24:52 +02:00
Alexander Zobnin
3d848d0fdf
Teams: show proper label for each auth provider (#17860)
* Teams: show proper label for each auth provider

Teams: don't sore AuthModule in team_member table, use JOIN to get it instead

* Teams: fix AddTeamMember after last changes

* Teams: add more auth provider labels

* Teams: show external sync badge if LDAP is not enabled

* Teams: tests for getting auth module
2019-07-03 16:52:10 +03:00
Oleg Gaidarenko
caa1314f44
Build: use golangci-lint as a make command (#17739)
* Build: use golangci-lint as a make command

* Since gometalinter was deprecated in favor of golangci-lint so it was
  replaced by it. Responsibilities held by the gometalinter was moved to
  golangci-lint

* There was some changes in implementation (that was also mentioned in
  the code comment) between the tools, which uncovered couple errors
  in the code. Those issues were either solved or disabled by
  the inline comments

* Introduce the golangci-lint config, to make their
  configuration more manageable

* Build: replace backend-lint.sh script with make
2019-07-02 16:06:59 +03:00
Marcus Efraimsson
0a3f977ea2
Usage Stats: Update known datasource plugins (#17787) 2019-06-26 21:15:45 +02:00
Sofia Papagiannaki
dc9ec7dc91
Auth: Allow expiration of API keys (#17678)
* Modify backend to allow expiration of API Keys

* Add middleware test for expired api keys

* Modify frontend to enable expiration of API Keys

* Fix frontend tests

* Fix migration and add index for `expires` field

* Add api key tests for database access

* Substitude time.Now() by a mock for test usage

* Front-end modifications

* Change input label to `Time to live`
* Change input behavior to comply with the other similar
* Add tooltip

* Modify AddApiKey api call response

Expiration should be *time.Time instead of string

* Present expiration date in the selected timezone

* Use kbn for transforming intervals to seconds

* Use `assert` library for tests

* Frontend fixes

Add checks for empty/undefined/null values

* Change expires column from datetime to integer

* Restrict api key duration input

It should be interval not number

* AddApiKey must complain if SecondsToLive is negative

* Declare ErrInvalidApiKeyExpiration

* Move configuration to auth section

* Update docs

* Eliminate alias for models in modified files

* Omit expiration from api response if empty

* Eliminate Goconvey from test file

* Fix test

Do not sleep, use mocked timeNow() instead

* Remove index for expires from api_key table

The index should be anyway on both org_id and expires fields.
However this commit eliminates completely the index for now
since not many rows are expected to be in this table.

* Use getTimeZone function

* Minor change in api key listing

The frontend should display a message instead of empty string
if the key does not expire.
2019-06-26 09:47:03 +03:00
Alexander Zobnin
dad894f1cc
API: get list of users with additional auth info (#17305)
* batch disable users

* batch revoke users tokens

* split batch disable user and revoke token

* API: get users with auth info and isExternal flag

* fix tests for batch disable users

* Users: refactor /api/users/search endpoint

* Users: use alias for "user" table

* Chore: add BatchDisableUsers() to the bus

* Users: order user list by id explicitly

* Users: return AuthModule from /api/users/:id endpoint

* Users: do not return unused fields

* Users: fix SearchUsers method after last changes

* User: return auth module as array for future purposes

* User: tests for SearchUsers()

* User: return only latest auth module in SearchUsers()

* User: fix JOIN, get only most recent auth module
2019-06-25 18:29:07 +03:00
Oleg Gaidarenko
c853ef7318
SQLStore: extend user.SearchUsers method (#17514)
* SQLStore: extend `user.SearchUsers` method

Allow `user.SearchUsers` to search users based on their auth type
2019-06-14 09:50:38 +01:00
Carl Bergquist
1aadb4426a
metrics: expose stats about roles as metrics (#17469) 2019-06-06 16:39:35 +02:00
Thibault Chataigner
e06abb30aa Alerting: Add tags to alert rules (#10989)
Ref #6552
2019-06-06 13:29:30 +02:00
Alexander Zobnin
60ddad8fdb
Batch disable users (#17254)
* batch disable users

* batch revoke users tokens

* split batch disable user and revoke token

* fix tests for batch disable users

* Chore: add BatchDisableUsers() to the bus
2019-05-31 13:22:22 +03:00
Alexander Zobnin
2d03815770
Users: Disable users removed from LDAP (#16820)
* Users: add is_disabled column

* Users: disable users removed from LDAP

* Auth: return ErrInvalidCredentials for failed LDAP auth

* User: return isDisabled flag in user search api

* User: mark disabled users at the server admin page

* Chore: refactor according to review

* Auth: prevent disabled user from login

* Auth: re-enable user when it found in ldap

* User: add api endpoint for disabling user

* User: use separate endpoints to disable/enable user

* User: disallow disabling external users

* User: able do disable users from admin UI

* Chore: refactor based on review

* Chore: use more clear error check when disabling user

* Fix login tests

* Tests for disabling user during the LDAP login

* Tests for disable user API

* Tests for login with disabled user

* Remove disable user UI stub

* Sync with latest LDAP refactoring
2019-05-21 14:52:49 +03:00
zhulongcheng
2fff8f77dc move log package to /infra (#17023)
ref #14679

Signed-off-by: zhulongcheng <zhulongcheng.me@gmail.com>
2019-05-13 08:45:54 +02:00
Carl Bergquist
a86b8c8a04
http: remove dualstack since its deprecated (#16940)
Deprecated: Fast Fallback is enabled by default. To
disable, set FallbackDelay to a negative value.

https://golang.org/src/net/dial.go
2019-05-08 10:37:48 +02:00
Carl Bergquist
9660356638
Auth: Enable retries and transaction for some db calls for auth tokens (#16785)
the WithSession wrapper handles retries and connection
management so the caller dont have to worry about it.
2019-04-30 14:42:01 +02:00
Andrej Ocenas
eb82a75668
Provisioning: Show file path of provisioning file in save/delete dialogs (#16706)
* Add file path to metadata and show it in dialogs

* Make path relative to config directory

* Fix tests

* Add test for the relative path

* Refactor to use path relative to provisioner path

* Change return types

* Rename attribute

* Small fixes from review
2019-04-30 13:32:18 +02:00
Carl Bergquist
eb8af01a8a
admin: add more stats about roles (#16667)
closes #14967
2019-04-24 13:18:16 +02:00
Oleg Gaidarenko
54c1bf0cc9
Chore: a bit of spring cleaning (#16710)
* Chore: use early return technic everywhere

And enable "indent-error-flow" revive rule

* Chore: remove if-return rule from revive config

* Chore: improve error messages

And enable "error-strings" revive rule

* Chore: enable "error-naming" revive rule

* Chore: make linter happy

* Chore: do not duplicate gofmt execution

* Chore: make linter happy

* Chore: address the pull review comments
2019-04-23 11:24:47 +03:00
Oleg Gaidarenko
db584b3d28
Chore: remove session storage references (#16445)
* Chore: remove session storage references

* Small refactoring of the settings module

* Update docs - remove references for the session storage

* Update config files (sample and default configs)

* Add tests for warning during the config load on defined storage cache

* Remove all references to session storage

* Remove macaron session dependency

* Remove leftovers

* Fix: address review comments

* Fix: remove old deps

* Fix: add skipStaticRootValidation = true to tests

* Fix: improve the docs and warning message

As per discussion in here - https://github.com/grafana/grafana/pull/16445/files#r273026255

* Chore: make linter happy

Fixes #16148
Ref #16114
2019-04-22 18:58:24 +03:00
Andrej Ocenas
66f6e16916
Security: Store datasource passwords encrypted in secureJsonData (#16175)
* Store passwords in secureJsonData

* Revert unnecessary refactors

* Fix for nil jsonSecureData value

* Remove copied encryption code from migration

* Fix wrong field reference

* Remove migration and provisioning changes

* Use password getters in datasource proxy

* Refactor password handling in datasource configs

* Add provisioning warnings

* Update documentation

* Remove migration command, moved to separate PR

* Remove unused code

* Set the upgrade version

* Remove unused code

* Remove double reference
2019-04-15 11:11:17 +02:00
Carl Bergquist
9134251417
build: upgrades to golang 1.12.4 (#16545)
fix govet issue in golang 1.12.4
2019-04-15 09:18:28 +02:00
Carl Bergquist
30dcf0f6c5
Revert "Build: Upgrades to go 1.12.3 (#16491)" (#16544)
This reverts commit 44b365028f.
2019-04-12 11:17:31 +02:00
Carl Bergquist
44b365028f
Build: Upgrades to go 1.12.3 (#16491)
fixes go vet issue that 1.12.3 detects
2019-04-12 09:44:02 +02:00
Andrej Ocenas
2d7fc55df7
Provisioning: Do not allow deletion of provisioned dashboards (#16211)
* Unprovision dashboard in case of DisableDeletion = true

* Rename command struct

* Handle removed provision files

* Allow html in confirm-modal

* Do not show confirm button without onConfirm

* Show dialog on deleting provisioned dashboard

* Changed DeleteDashboard to DeleteProvisionedDashboard

* Remove unreachable return

* Add provisioned checks to API

* Remove filter func

* Fix and add tests for deleting dashboards

* Change delete confirm text

* Added and used pkg/errors for error wrapping
2019-04-10 13:29:10 +02:00
Marcus Efraimsson
5da1faf454
Alerting: Notification channel http api fixes (#16379)
Fixes so it's possible to create new notification channel and providing uid.
Fixes better error/result handling when updating a notifcation channel.

Fixes #16372
Ref #16219 #16012
2019-04-04 17:52:40 +02:00
Marcus Efraimsson
79b86466fd Fix: Alerting Notification channel http api fixes (#16288)
Fix so that uid can be changed when updating notification
channels through the http api.
Update documentation
2019-03-29 09:42:38 +01:00
Marcus Efraimsson
2ae63e70c0
Alerting: Notification channel http api enhancements (#16219)
Now returns uid in response to get notification channel by id.
Adds GET/PUT/DELETE support for notification channel by uid, 
  /api/alert-notifications/uid/:uid.
Break apart alerting and alert notification http api docs in two 
  pages and update documentation to make it up to date
  with current implementation.

Fixes #16012
2019-03-26 18:37:02 +07:00
Daniel Lee
fda7e686f3
Merge pull request #15205 from seanlaff/12556-oauth-pass-thru
Add oauth pass-thru option for datasources
2019-03-25 21:52:20 +01:00
Torkel Ödegaard
d11695b8b5 Fixed gofmt issue in PR #16093 2019-03-20 10:58:20 +01:00
Sai Ram Gupta
6929593eb6
Update org_user.go
Add check for, if current role is ROLE_VIEWER, return true if the role I'm checking for is ROLE_VIEWER. Fixes #16092
2019-03-19 11:31:55 -07:00
Leonard Gram
978c20a604 teams: explains the external property of a team membership. 2019-03-19 14:01:22 +01:00
Hugo Häggmark
53c74fa2f5 teams: refactor so that you can only delete teams if you are team admin 2019-03-19 14:01:21 +01:00