* LDAP: Allow an user to be synchronised against LDAP
This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand.
A few things to note are:
LDAP needs to be enabled for the sync to work
It only works against users that originally authenticated against LDAP
If the user is the Grafana admin and it needs to be disabled - it will not sync the information
Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
* LDAP: Add API endpoint to query the LDAP server(s) status|
This endpoint returns the current status(es) of the configured LDAP server(s).
The status of each server is verified by dialling and if no error is returned we assume the server is operational.
This is the last piece I'll produce as an API before moving into #18759 and see the view come to life.
* Move the ReloadLDAPCfg function to the debug file
Appears to be a better suite place for this.
* LDAP: Return the server information when we find a specific user
We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things:
- Understand in which server we found the user
- Have access the groups specified as part of the server configuration
* LDAP: Adds the /api/admin/ldap/:username endpoint
This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration.
No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
* SQLite migrations
* cleanup
* migrate end times
* switch to update with a query
* real migration
* anno migrations
* remove old docs
* set isRegion from time changes
* use <> for is not
* add comment and fix index decleration
* single validation place
* add test
* fix test
* add upgrading docs
* use AnnotationEvent
* fix import
* remove regionId from typescript
Existing /api/alert-notifications now requires at least editor access.
Existing /api/alert-notifiers now requires at least editor access.
New /api/alert-notifications/lookup returns less information than
/api/alert-notifications and can be access by any authenticated user.
Existing /api/org/users now requires org admin role.
New /api/org/users/lookup returns less information than
/api/org/users and can be access by users that are org admins,
admin in any folder or admin of any team.
UserPicker component now uses /api/org/users/lookup instead
of /api/org/users.
Fixes#17318
* Modify backend to allow expiration of API Keys
* Add middleware test for expired api keys
* Modify frontend to enable expiration of API Keys
* Fix frontend tests
* Fix migration and add index for `expires` field
* Add api key tests for database access
* Substitude time.Now() by a mock for test usage
* Front-end modifications
* Change input label to `Time to live`
* Change input behavior to comply with the other similar
* Add tooltip
* Modify AddApiKey api call response
Expiration should be *time.Time instead of string
* Present expiration date in the selected timezone
* Use kbn for transforming intervals to seconds
* Use `assert` library for tests
* Frontend fixes
Add checks for empty/undefined/null values
* Change expires column from datetime to integer
* Restrict api key duration input
It should be interval not number
* AddApiKey must complain if SecondsToLive is negative
* Declare ErrInvalidApiKeyExpiration
* Move configuration to auth section
* Update docs
* Eliminate alias for models in modified files
* Omit expiration from api response if empty
* Eliminate Goconvey from test file
* Fix test
Do not sleep, use mocked timeNow() instead
* Remove index for expires from api_key table
The index should be anyway on both org_id and expires fields.
However this commit eliminates completely the index for now
since not many rows are expected to be in this table.
* Use getTimeZone function
* Minor change in api key listing
The frontend should display a message instead of empty string
if the key does not expire.
* Users: add is_disabled column
* Users: disable users removed from LDAP
* Auth: return ErrInvalidCredentials for failed LDAP auth
* User: return isDisabled flag in user search api
* User: mark disabled users at the server admin page
* Chore: refactor according to review
* Auth: prevent disabled user from login
* Auth: re-enable user when it found in ldap
* User: add api endpoint for disabling user
* User: use separate endpoints to disable/enable user
* User: disallow disabling external users
* User: able do disable users from admin UI
* Chore: refactor based on review
* Chore: use more clear error check when disabling user
* Fix login tests
* Tests for disabling user during the LDAP login
* Tests for disable user API
* Tests for login with disabled user
* Remove disable user UI stub
* Sync with latest LDAP refactoring
* Add file path to metadata and show it in dialogs
* Make path relative to config directory
* Fix tests
* Add test for the relative path
* Refactor to use path relative to provisioner path
* Change return types
* Rename attribute
* Small fixes from review
* Add api to reaload provisioning
* Refactor and simplify the polling code
* Add test for the provisioning service
* Fix provider initialization and move some code to file reader
* Simplify the code and move initialization
* Remove unused code
* Update comment
* Add comment
* Change error messages
* Add DashboardProvisionerFactory type
* Update imports
* Use new assert lib
* Use mutext for synchronizing the reloading
* Fix typo
Co-Authored-By: aocenas <mr.ocenas@gmail.com>
* Add docs about the new api
* Search: Fixes search limits and adds a page parameter
This adds a page parameter to search api without adding
any major breaking change.
It does at an api validation error when trying to use
a limit beyond 5000. This is a breaking change. We could
remove this and have it only in the docs and describe that this
is a limit that grafana will apply silently.
Fixes#16049
* Fix: Corrected wrong array slice change
* Docs: minor docs fix
* Search: fixed folder tests
* Fixed: Moved limit to correct inner query
* Search: moving limit check and page check
* Search: limit in handler is no longer needed
* Unprovision dashboard in case of DisableDeletion = true
* Rename command struct
* Handle removed provision files
* Allow html in confirm-modal
* Do not show confirm button without onConfirm
* Show dialog on deleting provisioned dashboard
* Changed DeleteDashboard to DeleteProvisionedDashboard
* Remove unreachable return
* Add provisioned checks to API
* Remove filter func
* Fix and add tests for deleting dashboards
* Change delete confirm text
* Added and used pkg/errors for error wrapping
Now returns uid in response to get notification channel by id.
Adds GET/PUT/DELETE support for notification channel by uid,
/api/alert-notifications/uid/:uid.
Break apart alerting and alert notification http api docs in two
pages and update documentation to make it up to date
with current implementation.
Fixes#16012
* fix: Viewers with viewers_can_edit should be able to access /explore #15773
* refactoring initial PR a bit to simplify function and reduce duplication
Added new PATCH verb annotation endpoint
Removed unwanted fmt
Added test cases for PATCH verb annotation endpoint
Fixed formatting issue
Check arr len before proceeding
Updated doc to include PATCH verb annotation endpt
* enable ee build on pr/master
* step1: of including group sync
* disable commit pinning for now
* fixes broken build
* enable team to ldap group sync
* avoid returning error for missing external handler
* services: allow routes to be added before http server start
* services: allows services to add their own migrations
* moves db migrations to ee code base
* build using master branch in ee
* disable enterprise build in .bra.toml
[skip ci]
* removes team sync extensions
* removes commented line
* rendering: headless chrome progress
* renderer: minor change
* grpc: version hell
* updated grpc libs
* wip: minor progess
* rendering: new image rendering plugin is starting to work
* feat: now phantomjs works as well and updated alerting to use new rendering service
* refactor: renamed renderer package and service to rendering to make renderer name less confusing (rendering is internal service that handles the renderer plugin now)
* rendering: now render key is passed and render auth is working in plugin mode
* removed unneeded lines from gitignore
* rendering: now plugin mode supports waiting for all panels to complete rendering
* fix: LastSeenAt fix for render calls, was not set which causes a lot of updates to Last Seen at during rendering, this should fix sqlite db locked issues in seen in previous releases
* change: changed render tz url parameter to use proper timezone name as chrome does not handle UTC offset TZ values
* fix: another update to tz param generation
* renderer: added http mode to renderer service, new ini setting [rendering] server_url
* extensions: import and build
* bus: use predefined error
* enterprise: build script for enterprise packages
* poc: auto registering services and dependency injection
(cherry picked from commit b5b1ef875f905473af41e49f8071cb9028edc845)
* poc: backend services registry progress
(cherry picked from commit 97be69725881241bfbf1e7adf0e66801d6b0af3d)
* poc: minor update
(cherry picked from commit 03d7a6888b81403f458b94305792e075568f0794)
* ioc: introduce manuel ioc
* enterprise: adds setting for enterprise
* build: test and build specific ee commit
* cleanup: test testing code
* removes example hello service
Any authenticated user of an organization should be able to
- search its organization's users
- search its organization's users
- retrieve a single user of its organization (this how it was
implemented earlier)
Admins can see all snapshots. Other roles can only see their own
snapshots.
Added permission check for deleting snapshots - admins can delete
any snapshot, other roles can delete their own snapshots or
snapshots that they have access to via dashboard permissions.
If legacy backend routes (/dashboard/db/<slug> and /dashboard-solo/db/<slug>)
are requested we try to redirect to new routes with a 301 Moved Permanently
#7883
Since we're already have possibility to get a dashboard by slug
it makes little sense to have a separate endpoint in api for
retrieving uid by slug.
#7883
Introduces new url in api /dashboards/<uid> for fetching dashboard by unique id
Leave the old dashboard by slug url /dashboards/db/<slug> for backward
compatibility and for supporting fallback
WIP for #7883
Instead of returning all folders a user has some sort of access to,
this change creates a new end point that returns folders the user
has write access to. This new endpoint is used in the folder picker
* teams: add db migration for email column in teams table
* teams: /teams should render index page with a 200 OK
* teams: additional backend functionality for team and team members
Possibility to save/update email for teams.
Possibility to retrive avatar url when searching for teams.
Possibility to retrive avatar url when searching for team members.
* teams: display team avatar and team member avatars
Possibility to save and update email for a team
* teams: create team on separate page instead of modal dialog
