TLS was not being verified in a number of places:
- connections to grafana.com
- connections to OAuth providers when TLS client authentication was
enabled
- connections to self-hosted Grafana installations when using the CLI
tool
TLS should always be verified unless the user explicitly enables an
option to skip verification.
Removes some instances where `InsecureSkipVerify` is explicitly set to
`false`, the default, to help avoid confusion and make it more difficult
to regress on this fix by accident.
Adds a `--insecure` flag to `grafana-cli` to skip TLS verification.
Adds a `tls_skip_verify_insecure` setting for OAuth.
Adds a `app_tls_skip_verify_insecure` setting under a new `[plugins]`
section.
I'm not super happy with the way the global setting is used by
`pkg/api/app_routes.go` but that seems to be the existing pattern used.
* webpack poc, this is not going to work for plugins, dam
* tech: webpack and systemjs for plugins starting to work
* tech: webpack and systemjs combo starting to work
* tech: webpack + karma tests progress
* tech: webpack + karma progress
* tech: working on tests
* tech: webpack
* tech: webpack + karma, all tests pass
* tech: webpack + karma, all tests pass
* tech: webpack all tests pass
* webpack: getting closer
* tech: webpack progress
* webpack: further build refinements
* webpack: ng annotate fixes
* webpack: optimized build fix
* tech: minor fix for elasticsearch
* tech: webpack + ace editor
* tech: restored lodash move mixin compatability
* tech: added enzyme react test and upgraded to react v16
* tech: package version fix
* tech: added testdata to built in bundle
* webpack: sass progress
* tech: prod & dev build is working for the sass
* tech: clean up unused grunt stuff and moved to scripts folder
* tech: added vendor and manifest chunks, updated readme and docs
* tech: webpack finishing touches
* refactor util encryption library so it doesn't have to import log
* add util.SplitString to handle space and/or comma-separated config lines
* go fmt
- adds the option to use ldap groups for authorization in combination with an auth proxy
- adds an option to limit where auth proxy requests come from by configure a list of ip's
- fixes a security issue, session could be reused
* break out go and js build commands
* support oauth providers that return errors via redirect
* remove extra call to get grafana.net org membership
* removed GitHub specifics from generic OAuth
* readded ability to name generic source
* revert to a backward-compatible state, refactor and clean up
* streamline oauth user creation, make generic oauth support more generic