Adds a new [server] setting `serve_from_sub_path`. By enabling
this setting and using a subpath in `root_url` setting, e.g.
`root_url = http://localhost:3000/grafana`, Grafana will be accessible
on `http://localhost:3000/grafana`. By default it is set to `false`
for compatibility reasons.
Closes#16623
* incapsulates multipleldap logic under one module
* abstracts users upsert and get logic
* changes some of the text error messages and import sort sequence
* heavily refactors the LDAP module – LDAP module now only deals with LDAP related behaviour
* integrates affected auth_proxy module and their tests
* refactoring of the auth_proxy logic
When allow_embedding is false (default) the Grafana backend
will set the http header `X-Frame-Options: deny` in all responses
to non-static content which will instruct browser to not allow
Grafana to be embedded in `<frame>`, `<iframe>`,
`<embed>` or `<object>`.
Closes#14189
* Feature: introduce LdapActiveSyncEnabled setting
We probably remove it after the active sync is done.
But at the moment we do not want to affect the current users
with not fully tested feature
* Chore: move settings in more logical order
* Feature: add cron setting for the ldap settings
* Move ldap configuration read to special function
* Introduce cron setting (no docs for it yet, pending approval)
* Chore: duplicate ldap module as a service
* Feature: implement active sync
This is very early preliminary implementation of active sync.
There is only one thing that's going right for this code - it works.
Aside from that, there is no tests, error handling, docs, transactions,
it's very much duplicative and etc.
But this is the overall direction with architecture I'm going for
* Chore: introduce login service
* Chore: gradually switch to ldap service
* Chore: use new approach for auth_proxy
* Chore: use new approach along with refactoring
* Chore: use new ldap interface for auth_proxy
* Chore: improve auth_proxy and subsequently ldap
* Chore: more of the refactoring bits
* Chore: address comments from code review
* Chore: more refactoring stuff
* Chore: make linter happy
* Chore: add cron dep for grafana enterprise
* Chore: initialize config package var
* Chore: disable gosec for now
* Chore: update dependencies
* Chore: remove unused module
* Chore: address review comments
* Chore: make linter happy
* Feature: add cron setting for the ldap settings
* Move ldap configuration read to special function
* Introduce cron setting (no docs for it yet, pending approval)
* Chore: address code review comments
* Chore: remove session storage references
* Small refactoring of the settings module
* Update docs - remove references for the session storage
* Update config files (sample and default configs)
* Add tests for warning during the config load on defined storage cache
* Remove all references to session storage
* Remove macaron session dependency
* Remove leftovers
* Fix: address review comments
* Fix: remove old deps
* Fix: add skipStaticRootValidation = true to tests
* Fix: improve the docs and warning message
As per discussion in here - https://github.com/grafana/grafana/pull/16445/files#r273026255
* Chore: make linter happy
Fixes#16148
Ref #16114
* app pages
* app pages
* workign example
* started alpha support
* remove app stuff
* show warning on alpha/beta panels
* put app back on plugin file
* fix go
* add enum for PluginType and PluginIncludeType
* Refactoring and moving settings to plugins section
fixes#16529
Adds new alert settings for configuring timeouts and retries named
evaluation_timeout_seconds, notification_timeout_seconds
and max_attempts.
Closes#16240
* master: (156 commits)
Fixed issues with the sanitizie input in text panels, added docs, renamed config option
build: removes arm32v6 docker image.
Updated version in package.json to 6.0.0-pre1
Update CHANGELOG.md
build: armv6 docker image.
build: skips building rpm for armv6.
build: builds for armv6.
Explore: mini styling fix for angular query editors
Removed unused props & state in PromQueryField
chore: Remove logging and use the updated config param
chore: Reverse sanitize variable so it defaults to false
feat: wip: Sanitize user input on text panel
fix: Text panel should re-render when panel mode is changed #14922
Minor rename of LogsProps and LogsState
Splitted up LogLabels into LogLabelStats and LogLabel
Refactored out LogRow to a separate file
Removed strange edit
Added link to side menu header and fixed styling
Moved ValueMapping logic and tests to separate files
Fixed data source selection in explore
...
* Allow oauth email attribute name to be configurable
Signed-off-by: Bob Shannon <bshannon@palantir.com>
* Document e-mail determination steps for generic oauth
* Add reference to email_attribute_name
* Re-add e-mail determination docs to new generic-oauth page
* Inherit default e-mail attribute from defaults.ini
* improve remote image rendering
- determine "domain" during Init() so we are not re-parsing settings
on every request
- if using http-mode via a rednererUrl, then use the AppUrl for the
page that the renderer loads. When in http-mode the renderer is likely
running on another server so trying to use the localhost or even the
specific IP:PORT grafana is listening on wont work.
- apply the request timeout via a context rather then directly on the http client.
- use a global http client so we can take advantage of connection re-use
- log and handle errors better.
* ensure imagesDir exists
* allow users to define callback_url for remote rendering
- allow users to define the url that a remote rendering service
should use for connecting back to the grafana instance.
By default the "root_url" is used.
* improve remote image rendering
- determine "domain" during Init() so we are not re-parsing settings
on every request
- if using http-mode via a rednererUrl, then use the AppUrl for the
page that the renderer loads. When in http-mode the renderer is likely
running on another server so trying to use the localhost or even the
specific IP:PORT grafana is listening on wont work.
- apply the request timeout via a context rather then directly on the http client.
- use a global http client so we can take advantage of connection re-use
- log and handle errors better.
* ensure imagesDir exists
* allow users to define callback_url for remote rendering
- allow users to define the url that a remote rendering service
should use for connecting back to the grafana instance.
By default the "root_url" is used.
* rendering: fixed issue with renderKey where userId and orgId was in mixed up, added test for RenderCallbackUrl reading logic
* rendering: headless chrome progress
* renderer: minor change
* grpc: version hell
* updated grpc libs
* wip: minor progess
* rendering: new image rendering plugin is starting to work
* feat: now phantomjs works as well and updated alerting to use new rendering service
* refactor: renamed renderer package and service to rendering to make renderer name less confusing (rendering is internal service that handles the renderer plugin now)
* rendering: now render key is passed and render auth is working in plugin mode
* removed unneeded lines from gitignore
* rendering: now plugin mode supports waiting for all panels to complete rendering
* fix: LastSeenAt fix for render calls, was not set which causes a lot of updates to Last Seen at during rendering, this should fix sqlite db locked issues in seen in previous releases
* change: changed render tz url parameter to use proper timezone name as chrome does not handle UTC offset TZ values
* fix: another update to tz param generation
* renderer: added http mode to renderer service, new ini setting [rendering] server_url
* refactor: tracing service refactoring
* refactor: sqlstore to instance service
* refactor: sqlstore & registory priority
* refactor: sqlstore refactor wip
* sqlstore: progress on getting tests to work again
* sqlstore: progress on refactoring and getting tests working
* sqlstore: connection string fix
* fix: not sure why this test is not working and required changing expires
* fix: updated grafana-cli
* wip: start on refactoring settings
* settings: progress on settings refactor
* refactor: progress on settings refactoring
* fix: fixed failing test
* settings: moved smtp settings from global to instance
This commit fixes the following golint warnings:
pkg/api/avatar/avatar.go:229:12: should omit type *http.Client from declaration of var client; it will be inferred from the right-hand side
pkg/login/brute_force_login_protection.go:13:26: should omit type time.Duration from declaration of var loginAttemptsWindow; it will be inferred from the right-hand side
pkg/metrics/graphitebridge/graphite.go:58:26: should omit type []string from declaration of var metricCategoryPrefix; it will be inferred from the right-hand side
pkg/metrics/graphitebridge/graphite.go:69:22: should omit type []string from declaration of var trimMetricPrefix; it will be inferred from the right-hand side
pkg/models/alert.go:37:36: should omit type error from declaration of var ErrCannotChangeStateOnPausedAlert; it will be inferred from the right-hand side
pkg/models/alert.go:38:36: should omit type error from declaration of var ErrRequiresNewState; it will be inferred from the right-hand side
pkg/models/datasource.go:61:28: should omit type map[string]bool from declaration of var knownDatasourcePlugins; it will be inferred from the right-hand side
pkg/plugins/update_checker.go:16:13: should omit type http.Client from declaration of var httpClient; it will be inferred from the right-hand side
pkg/services/alerting/engine.go:103:24: should omit type time.Duration from declaration of var unfinishedWorkTimeout; it will be inferred from the right-hand side
pkg/services/alerting/engine.go:105:19: should omit type time.Duration from declaration of var alertTimeout; it will be inferred from the right-hand side
pkg/services/alerting/engine.go:106:19: should omit type int from declaration of var alertMaxAttempts; it will be inferred from the right-hand side
pkg/services/alerting/notifier.go:143:23: should omit type map[string]*NotifierPlugin from declaration of var notifierFactories; it will be inferred from the right-hand side
pkg/services/alerting/rule.go:136:24: should omit type map[string]ConditionFactory from declaration of var conditionFactories; it will be inferred from the right-hand side
pkg/services/alerting/conditions/evaluator.go:12:15: should omit type []string from declaration of var defaultTypes; it will be inferred from the right-hand side
pkg/services/alerting/conditions/evaluator.go:13:15: should omit type []string from declaration of var rangedTypes; it will be inferred from the right-hand side
pkg/services/alerting/notifiers/opsgenie.go:44:19: should omit type string from declaration of var opsgenieAlertURL; it will be inferred from the right-hand side
pkg/services/alerting/notifiers/pagerduty.go:43:23: should omit type string from declaration of var pagerdutyEventApiUrl; it will be inferred from the right-hand side
pkg/services/alerting/notifiers/telegram.go:21:17: should omit type string from declaration of var telegramApiUrl; it will be inferred from the right-hand side
pkg/services/provisioning/dashboards/config_reader_test.go:11:24: should omit type string from declaration of var simpleDashboardConfig; it will be inferred from the right-hand side
pkg/services/provisioning/dashboards/config_reader_test.go:12:24: should omit type string from declaration of var oldVersion; it will be inferred from the right-hand side
pkg/services/provisioning/dashboards/config_reader_test.go:13:24: should omit type string from declaration of var brokenConfigs; it will be inferred from the right-hand side
pkg/services/provisioning/dashboards/file_reader.go:22:30: should omit type time.Duration from declaration of var checkDiskForChangesInterval; it will be inferred from the right-hand side
pkg/services/provisioning/dashboards/file_reader.go:24:23: should omit type error from declaration of var ErrFolderNameMissing; it will be inferred from the right-hand side
pkg/services/provisioning/datasources/config_reader_test.go:15:34: should omit type string from declaration of var twoDatasourcesConfig; it will be inferred from the right-hand side
pkg/services/provisioning/datasources/config_reader_test.go:16:34: should omit type string from declaration of var twoDatasourcesConfigPurgeOthers; it will be inferred from the right-hand side
pkg/services/provisioning/datasources/config_reader_test.go:17:34: should omit type string from declaration of var doubleDatasourcesConfig; it will be inferred from the right-hand side
pkg/services/provisioning/datasources/config_reader_test.go:18:34: should omit type string from declaration of var allProperties; it will be inferred from the right-hand side
pkg/services/provisioning/datasources/config_reader_test.go:19:34: should omit type string from declaration of var versionZero; it will be inferred from the right-hand side
pkg/services/provisioning/datasources/config_reader_test.go:20:34: should omit type string from declaration of var brokenYaml; it will be inferred from the right-hand side
pkg/services/sqlstore/stats.go:16:25: should omit type time.Duration from declaration of var activeUserTimeLimit; it will be inferred from the right-hand side
pkg/services/sqlstore/migrator/mysql_dialect.go:69:14: should omit type bool from declaration of var hasLen1; it will be inferred from the right-hand side
pkg/services/sqlstore/migrator/mysql_dialect.go:70:14: should omit type bool from declaration of var hasLen2; it will be inferred from the right-hand side
pkg/services/sqlstore/migrator/postgres_dialect.go:95:14: should omit type bool from declaration of var hasLen1; it will be inferred from the right-hand side
pkg/services/sqlstore/migrator/postgres_dialect.go:96:14: should omit type bool from declaration of var hasLen2; it will be inferred from the right-hand side
pkg/setting/setting.go:42:15: should omit type string from declaration of var Env; it will be inferred from the right-hand side
pkg/setting/setting.go:161:18: should omit type bool from declaration of var LdapAllowSignup; it will be inferred from the right-hand side
pkg/setting/setting.go:473:30: should omit type bool from declaration of var skipStaticRootValidation; it will be inferred from the right-hand side
pkg/tsdb/interval.go:14:21: should omit type time.Duration from declaration of var defaultMinInterval; it will be inferred from the right-hand side
pkg/tsdb/interval.go:15:21: should omit type time.Duration from declaration of var year; it will be inferred from the right-hand side
pkg/tsdb/interval.go:16:21: should omit type time.Duration from declaration of var day; it will be inferred from the right-hand side
pkg/tsdb/cloudwatch/credentials.go:26:24: should omit type map[string]cache from declaration of var awsCredentialCache; it will be inferred from the right-hand side
pkg/tsdb/influxdb/query.go:15:27: should omit type *regexp.Regexp from declaration of var regexpOperatorPattern; it will be inferred from the right-hand side
pkg/tsdb/influxdb/query.go:16:27: should omit type *regexp.Regexp from declaration of var regexpMeasurementPattern; it will be inferred from the right-hand side
pkg/tsdb/mssql/mssql_test.go:25:14: should omit type string from declaration of var serverIP; it will be inferred from the right-hand side
* extensions: import and build
* bus: use predefined error
* enterprise: build script for enterprise packages
* poc: auto registering services and dependency injection
(cherry picked from commit b5b1ef875f905473af41e49f8071cb9028edc845)
* poc: backend services registry progress
(cherry picked from commit 97be69725881241bfbf1e7adf0e66801d6b0af3d)
* poc: minor update
(cherry picked from commit 03d7a6888b81403f458b94305792e075568f0794)
* ioc: introduce manuel ioc
* enterprise: adds setting for enterprise
* build: test and build specific ee commit
* cleanup: test testing code
* removes example hello service
This changes forks the mysql part of the Macaron session middleware.
In the forked mysql file:
- takes in a config setting for SetConnMaxLifetime (this solves wait_timeout
problem if it is set to a shorter interval than wait_timeout)
- removes the panic when an error is returned in the Exist function.
- retries the exist query once
- retries the GC query once
Snapshot cleanup did not work due to time.Now syntax error. Added test
for it as well to catch any future errors.
Added error and debug logging so that it is possible to see any errors in the future.
Removed an unused configuration value and deprecated the remove expired snapshots
setting.
* db: add login attempt migrations
* db: add possibility to create login attempts
* db: add possibility to retrieve login attempt count per username
* auth: validation and update of login attempts for invalid credentials
If login attempt count for user authenticating is 5 or more the last 5 minutes
we temporarily block the user access to login
* db: add possibility to delete expired login attempts
* cleanup: Delete login attempts older than 10 minutes
The cleanup job are running continuously and triggering each 10 minute
* fix typo: rename consequent to consequent
* auth: enable login attempt validation for ldap logins
* auth: disable login attempts validation by configuration
Setting is named DisableLoginAttemptsValidation and is false by default
Config disable_login_attempts_validation is placed under security section
#7616
* auth: don't run cleanup of login attempts if feature is disabled
#7616
* auth: rename settings.go to ldap_settings.go
* auth: refactor AuthenticateUser
Extract grafana login, ldap login and login attemp validation together
with their tests to separate files.
Enables testing of many more aspects when authenticating a user.
#7616
* auth: rename login attempt validation to brute force login protection
Setting DisableLoginAttemptsValidation => DisableBruteForceLoginProtection
Configuration disable_login_attempts_validation => disable_brute_force_login_protection
#7616
* removes readonly editor role
* adds viewersCanEdit setting
This enable you to allow viewers to edit/inspect
dashboards in grafana in their own browser without
allowing them to save dashboards
* remove read only editor option from all dropdowns
* migrates all read only viewers to viewers
* docs: replace readOnlyEditor with viewersCanEdit
