IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity
52,419 Commits 5,416 Branches 554 Tags
319a8740337f28a6464887f3388ec61aa5945cab
Commit Graph

3599 Commits

Author SHA1 Message Date
Andrew Hackmann
319a874033 MSSQL: Password auth for Azure AD (#89746) 
* Password auth for Azure AD

* rename auth fields

* add azure flag for client password cred enabled

* prettier

* rename flag

* Update go.mod

* Update public/app/plugins/datasource/mssql/azureauth/AzureCredentialsForm.tsx

Co-authored-by: Andreas Christou <andreas.christou@grafana.com>

* Apply suggestions from code review

Co-authored-by: Andreas Christou <andreas.christou@grafana.com>

* update package

* go mod

* prettier

* remove password

* gowork

* remove unused env test

* linter

---------

Co-authored-by: Andreas Christou <andreas.christou@grafana.com>
 2024-07-16 14:08:51 -05:00
Kristin Laemmert
8a6107cd35 DashboardStore: Use ReplDB and get dashboard quotas from the ReadReplica (#90235) 
* Use ReplDB in dashboard store and update all fixtures - no other changes

* just moving dashboard counts for now

* find the missing test fixture
 2024-07-12 10:47:49 -04:00
Aaron Godin
7e767e40a9 IAM: Fix logic for enabling a user (#90309) 
fix: correct logic on enabling a disabled user account
 2024-07-12 10:54:27 +02:00
Nihal
c1d9e793be Metrics: Fix internal metrics endpoint not accessible from browser if basic auth is enabled (#86904) 
* add WWW-Authenticate header in the http response of /metrics endpoint in case of wrong basic auth credentials

Signed-off-by: Syed Nihal <syed.nihal@nokia.com>

* added change log for the change fixing the issue https://github.com/grafana/grafana/issues/86902

Signed-off-by: Syed Nihal <syed.nihal@nokia.com>

* Update CHANGELOG.md

---------

Signed-off-by: Syed Nihal <syed.nihal@nokia.com>
 2024-07-11 14:55:48 +02:00
Alex Khomenko
62494248e3 Restore dashboards: Add RBAC (#90270) 
* Restore dashboards: Add RBAC

* Add check to navtree

* Prevent non-admins from searching deleted dbs

* Add check to the route

* Cleanup

* Update translations

* Update API permissions

* Correct permissions

* Update warning message

* Update translation

* Return 401 for deleted query without admin role
 2024-07-11 13:20:04 +03:00
Giuseppe Guerra
9216a3df7d Plugins: Remove datasourceQueryMultiStatus feature toggle (#90191) 
* Remove datasourceQueryMultiStatus feature toggle

* PR review suggestion
 2024-07-10 11:15:10 +02:00
Charandas
c210617735 K8s: use contexthandler in standalone handler chain (#90102) 2024-07-08 12:22:10 -07:00
Timur Olzhabayev
f763f2085b Feat: Extending report interaction with static context that can be appended to all interaction events (#88927) 
* Extending report interaction with static context that can be appended to all requests
 2024-07-08 16:37:45 +02:00
Kristin Laemmert
77a4869fca accesscontrol service read replica (#89963) 
* accesscontrol service read replica
* now using the ReplDB interface
* ReadReplica for GetUser
 2024-07-08 10:00:13 -04:00
Ieva
e9ebb6eaa4 Folders: Fix folder pagination for cloud instances with many folders (#90008) 
* filter the k6 folder out in the SQL queries rather than during post processing to ensure that the correct number of results is always returned

* linting
 2024-07-05 11:19:03 +01:00
Karl Persson
7a78ad3893 Authn: Remove response writer from auth req (#90110) 
Authn: Remove response writer from request
 2024-07-05 11:42:12 +02:00
Alexander Zobnin
87d86e81ce Zanzana: Evaluate permissions alongside with RBAC engine (#90064) 
* Zanzana: Evaluate permissions if feature flag enabled

* Fix tests

* adjust logs

* fix spelling

* remove unused

* only evaluate implemented resources

* refactor
 2024-07-05 11:31:23 +02:00
Andres Martinez Gotor
be98ab1111 Add apiVersion to datasource settings DTO (#90057) 2024-07-04 16:44:19 +02:00
Joao Silva
9004b58851 Navigation: Backend to save navigation customization into preferences (#89783) 2024-07-03 10:40:51 +01:00
Jeff Levin
cfe8317d45 Add auth spans and remove deduplication code for scopes (#89804) 
Adds more spans for timing in accesscontrol and remove permission deduplicating code after benchmarking

---------

Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
Co-authored-by: Dave Henderson <dave.henderson@grafana.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
 2024-07-02 22:08:57 -08:00
Josh Hunt
52ea6236d4 E2C: Set up page route so cloud-migrations doesn't 404 (#89947) 2024-07-02 17:11:18 +01:00
Karl Persson
e568b86ac0 Zanzana: Initial work to allow partial data migrations (#89919) 
* Zanana: Add Write method to interface

* Zanzana: Add utilities for translating RBAC to openFGA tuple keys

* RBAC: Add zanzana synchronizer

* Run zanzana sync in access controll provider
 2024-07-02 14:45:25 +02:00
Andres Martinez Gotor
a22c1ae424 Chore: Remove provisional APIVersion from plugin info (#89831) 2024-07-01 10:53:16 +02:00
Jeff Levin
ed13959e33 Optimize memory allocations in permissions cache (#89645) 
This PR reduces the number of allocations made while caching permissions from the database, fixes the hierarchy of spans and adds new spans for tracing.

---------

Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
Co-authored-by: Dave Henderson <dave.henderson@grafana.com>
 2024-06-26 23:03:13 +03:00
Marcus Andersson
04f39457cf Chore: Remove sensitive information from presigned URLs prior to logging (#87035) 
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
 2024-06-24 14:53:42 +02:00
Ryan McKinley
27e800768e K8s: Improve identity mapping setup (#89450) 2024-06-20 17:53:07 +03:00
Laura Benz
34b3dbdbf3 RestoreDashboards: Adjust path (#89233) 
* refactor: change path

* fix: page headline

* refactor: remove condition
 2024-06-18 17:24:48 +02:00
Ryan McKinley
99d8025829 Chore: Move identity and errutil to apimachinery module (#89116) 2024-06-13 07:11:35 +03:00
Ashley Harrison
822644714a Navigation: Remove ApplyAdminIA logic (#89113) 
make admin IA more normal
 2024-06-12 16:45:13 +01:00
Aaron Godin
59a6a6513f Prevent moving a k6 folder (#88884) 
* iam-716 - prevent a folder move operation when the folder's uid or any of its parents uids begin with k6-app

* fox folder move check and only list non-k6 folders to users

* adding tests for moving

* add a test for listing folders

* fix the other tests

* use method that adds folder parent

---------

Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>
 2024-06-10 09:17:51 -05:00
Marcus Efraimsson
fe3e5917f1 Plugins: Preserve trailing slash in plugin proxy (#86859) 
* Plugins: Preserve trailing slash in plugin proxy

* enable toggle by default
 2024-06-05 13:36:14 +02:00
Andres Martinez Gotor
60ce523b72 Refactor plugin context initialization (#88343) 2024-05-28 16:59:06 +03:00
Tim Levett
b5cf90ce78 API: Add in theme support to /render/* endpoint (#88304) 
add in theme support to render endpoint
 2024-05-24 14:12:31 -05:00
Ryan McKinley
ffc2702552 Plugins: Support Admission validation hooks (#87718) 2024-05-24 18:45:16 +03:00
Juan Cabanas
a85c1b69d5 PublicDashboards: Remove publicDashboardUid from DashboardMeta (#85126) 2024-05-23 11:21:21 -03:00
Ieva
bd2b248f0e RBAC: Clean up action set code (#88147) 
* remove unused action set code, refactor the existing code

* fix import ordering

* use a separate interface for permission expansion after all, to avoid circular dependencies

* add comments, fix a test
 2024-05-23 12:14:01 +01:00
Mathieu Parent
b8c9ae0eb7 OIDC: Support Generic OAuth org to role mappings (#87394) 
* Social: link to OrgRoleMapper

* OIDC: support Generic Oauth org to role mappings

Fixes: #73448
Signed-off-by: Mathieu Parent <math.parent@gmail.com>

* Handle when getAllOrgs fails in the org_role_mapper

* Add more tests

* OIDC: ensure orgs are evaluated from API when not from token

Signed-off-by: Mathieu Parent <math.parent@gmail.com>

* OIDC: ensure AutoAssignOrg is applied with OrgMapping without RoleAttributeStrict

Signed-off-by: Mathieu Parent <math.parent@gmail.com>

* Extend docs

* Fix test, lint

---------

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
 2024-05-23 09:55:45 +02:00
Ieva
3e77768144 RBAC: Expand action sets when fetching permissions (#87967) 
* logic to expand action set to the underlying actions when permissions are fetched from the DB

* updates needed for dependency injection

* clean up some code, also deduplicate scopes when grouping scopes and actions

* expand on a comment

* rename a method
 2024-05-21 15:09:26 +01:00
Aaron Godin
0072e4a92d Update DS Proxy to use RBAC action (#87517) 
iam-team: Update DS Proxy to use RBAC action
 2024-05-21 08:05:16 -05:00
Ezequiel Victorero
42d75ac737 Dashboards: Add feature restore dashboards backend (#83131) 
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
 2024-05-16 14:36:26 -03:00
Andres Martinez Gotor
d8904f3ca4 Add apiVersion to plugin models (#87510) 2024-05-14 13:58:27 +02:00
Ezequiel Victorero
c9c6445554 Chore: Refactor render via http (#84613) 2024-05-14 07:24:18 -03:00
Karl Persson
0f3080ecb8 AuthN: Fix signout redirect url (#87631) 
* Add missing return

* Use sign out redirect url from auth config if configured

* remove option from auth.jwt that is not used
 2024-05-12 19:53:19 +02:00
Ieva
167151b211 Chore: Remove use of deprecated method in AC code (#87541) 
* switch from using cfg to using featuremgmt for checking a feature toggle in AC code

* merge test fixes
 2024-05-10 11:56:52 +01:00
Ieva
105313f5c2 RBAC: Adding action set resolver for RBAC evaluation (#86801) 
* add action set resolver

* rename variables

* some fixes and some tests

* more tests

* more tests, and put action set storing behind a feature toggle

* undo change from cfg to feature mgmt - will cover it in a separate PR due to the amount of test changes

* fix dependency cycle, update some tests

* add one more test

* fix for feature toggle check not being set on test configs

* linting fixes

* check that action set name can be split nicely

* clean up tests by turning GetActionSetNames into a function

* undo accidental change

* test fix

* more test fixes
 2024-05-09 10:18:03 +01:00
Karl Persson
be5ced4287 Identity: Use typed version of namespace id (#87257) 
* Remove different constructors and only use NewNamespaceID

* AdminUser: check typed namespace id

* Identity: Add convinient function to parse valid user id when type is either user or service account

* Annotations: Use typed namespace id instead
 2024-05-08 14:03:53 +02:00
Alexander Zobnin
82dea4b3e5 Access control: Cache basic roles and teams permissions (#87043) 
* RBAC: Cache basic roles permissions

* Cache teams permissions

* Set cache TTL to 1 minute

* Add OSS implementation

* Fetch basic role permissions correctly

* fix conflict_user_command

* Fix teams permissions query

* Add traces for GetUserPermissions

* Fix folders tests

* Fix colflict user command

* Update store mock

* Fix linter error

* Reuse GetUserPermissions for fetching basic roles

* tests for GetTeamsPermissions

* pre-allocate slice capacity

* Fix linter
 2024-05-07 15:23:11 +02:00
Aaron Godin
0bc8992dfa Revert #86466 (#87405) 
Revert "Apply plugin route ReqAction to ds_proxy authorization (#86466)"

This reverts commit 53f94ac50d.
 2024-05-06 14:40:32 -05:00
Dan Cech
41bee274fd Chore: Fix error handling in postDashboard, remove UserDisplayDTO, fix live redis client initialization (#87206) 
* clean up error handling in postDashboard and remove UserDisplayDTO

* replace GetUserUID with GetUID and GetNamespacedUID, enforce namespace constant type

* lint fix

* lint fix

* more lint fixes
 2024-05-06 14:17:34 -04:00
Jon Cole
8e96821c16 Azure: get custom cloud list from grafana-azure-sdk-go package (#86717) 
* Get custom cloud list from grafana-azure-sdk-go for frontend settings

* Remove getAzureClouds() and call CustomClouds() directly

* remove unused type
 2024-05-04 13:17:51 +03:00
Karl Persson
d8fbbdefea Identity: Use typed namespace id (#87121) 
* Use typed namespace id
 2024-05-02 14:50:56 +02:00
Serge Zaitsev
ad5613d7d4 Chore: Remove cfg from folder service (#87212) 
remove cfg from folder service
 2024-05-02 13:18:54 +02:00
Aaron Godin
53f94ac50d Apply plugin route ReqAction to ds_proxy authorization (#86466) 
* Apply plugin route ReqAction to ds_proxy authorization

Co-authored-by: Eric Leijonmarck <eleijonmarck@users.noreply.github.com>

* fix: move ds_proxy route Evaluator out of plugins pkg

* move DataSourceProxy route authorization to method

---------

Co-authored-by: Eric Leijonmarck <eleijonmarck@users.noreply.github.com>
 2024-04-30 09:19:34 -05:00
Karl Persson
a2cba3d0b5 User: Add tracing (#87028) 
* Inject tracer in tests

* Annotate with traces

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
 2024-04-30 13:15:56 +02:00
Ieva
cee713e34c Chore: Add tracing to team service (#86999) 
* add tracing to team service

* another test fix

* pass in context for team creation and membership checking
 2024-04-29 11:32:03 +01:00