* initial passwordless client
* passwordless login page
* Working basic e2e flow
* Add todo comments
* Improve the passwordless login flow
* improved passwordless login, backend for passwordless signup
* add expiration to emails
* update email templates & render username & name fields on signup
* improve email templates
* change login page text while awaiting passwordless code
* fix merge conflicts
* use claims.TypeUser
* add initial passwordless tests
* better error messages
* simplified error name
* remove completed TODOs
* linting & minor test improvements & rename passwordless routes
* more linting fixes
* move code generation to its own func, use locationService to get query params
* fix ampersand in email templates & use passwordless api routes in LoginCtrl
* txt emails more closely match html email copy
* move passwordless auth behind experimental feature toggle
* fix PasswordlessLogin property failing typecheck
* make update-workspace
* user correct placeholder
* Update emails/templates/passwordless_verify_existing_user.txt
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update emails/templates/passwordless_verify_existing_user.mjml
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update emails/templates/passwordless_verify_new_user.txt
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update emails/templates/passwordless_verify_new_user.txt
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update emails/templates/passwordless_verify_new_user.mjml
Co-authored-by: Dan Cech <dcech@grafana.com>
* use & in email templates
* Update emails/templates/passwordless_verify_existing_user.txt
Co-authored-by: Dan Cech <dcech@grafana.com>
* remove IP address validation
* struct for passwordless settings
* revert go.work.sum changes
* mock locationService.getSearch in failing test
---------
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
* Improves initial indexing speed. Makes params configurable.
* fix linter errors
* removes kind param
* updates index test
* remove println from test
* removes error check in test
* adds log for high index latency ands updates max goroutine var with workers config var
* fix test timing out - set worker limit
* set the batch size
---------
Co-authored-by: Scott Lepper <scott.lepper@gmail.com>
* Use a enable configuration to enable frontend sandbox
* Modify settings to load enableFrontendSandbox
* Check for signature type
* Update commment
* Fix e2e tests for the frontend sandbox
* Modify logic so a custom check function is used instead of a list of checks
* Fixes flaky test
* fix comment
* Update comment
* Empty commit
* Empty commit
* ManagedServiceAccounts: Add a config option to disabled by default
* Update log in pkg/services/extsvcauth/registry/service.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* allow post URL
* check for config
* allow relative paths
* add allowed internal pattern; add checks for method
* update defaults.ini
* add custom header
* update config comment
* use globbing, switch to older middleware - deprecated call
* add codeowner
* update to use current api, add test
* update fall through logic
* Update pkg/middleware/validate_action_url.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update pkg/middleware/validate_action_url.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* add more tests
* Update pkg/middleware/validate_action_url_test.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* fix request headers
* add additional tests for all verbs
* fix request headers++
* throw error when method is unknown
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
Co-authored-by: Brian Gann <bkgann@gmail.com>
Co-authored-by: Brian Gann <briangann@users.noreply.github.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
* Remove kubernetesPlaylists feature_toggle
* Remove unified_storage_mode
* Remove double import
* Read from config instead from feature_toggle
* cover scenario for when unified storage is not defined
* Be temporarily retro compatible with previous feature toggle
* Properly read unified_storage section
* [WIP] Read new format of config
* Fix test
* Fix other tests
* Generate feature flags file
* Use <group>.<resource> schema
* Use <group>.resource format on the FE as well
* Hide UniStore config from Frontend
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
* unwanted changes
* Use feature toggles in the FE. Enforce FTs are present before enabling dual writing
Co-authored-by: Ryan McKinley <ryantxu@users.noreply.github.com>
* use kubernetes playlists feature toggle on the FE
* Remove unwanted code
* Remove configs from the FE
* Remove commented code
* Add more explicit example
---------
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
Co-authored-by: Maicon Costa <maiconscosta@gmail.com>
* update oauthtoken service to use remote cache and server lock
* remove token cache
* retry is lock is held by an in-flight refresh
* refactor token renewal to avoid race condition
* re-add refresh token expiry cache, but in SyncOauthTokenHook
* Add delta to the cache ttl
* Fix merge
* Change lockTimeConfig
* Always set the token from within the server lock
* Improvements
* early return when user is not authed by OAuth or refresh is disabled
* Allow more time for token refresh, tracing
* Retry on Mysql Deadlock error 1213
* Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* Add settings for configuring min wait time between retries
* Add docs for the new setting
* Clean up
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
---------
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Remove kubernetesPlaylists feature_toggle
* Remove unified_storage_mode
* Remove double import
* Regenerate feature-toggles
* Read from config instead from feature_toggle
* cover scenario for when unified storage is not defined
* Cfg: Move rbac settings to own struct
* Cfg: Add setting to control if resource should generate managed permissions when created
* Dashboards: Check if we should generate default permissions when dashboard is created
* Folders: Check if we should generate default permissions when folder is created
* Datasource: Check if we should generate default permissions when datasource is created
* ServiceAccount: Check if we should generate default permissions when service account is created
* Cfg: Add option to specify resources for wich we should default seed
* ManagedPermissions: Move providers to their own files
* Dashboards: Default seed all possible managed permissions if configured
* Folders: Default seed all possible managed permissions if configured
* Cfg: Remove service account from list
* RBAC: Move utility function
* remove managed permission settings from the config file examples, change the setting names
* remove ini file changes from the PR
* fix setting reading
* fix linting errors
* fix tests
* fix wildcard role seeding
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: jguer <me@jguer.space>
* Zanana: Initial work to run zanana as ebeddedn or standalone
* Add addr settings for when remote client is used.
* sync dependencies
* Lock mysql driver version
---------
Co-authored-by: Dan Cech <dcech@grafana.com>
* chore(perf): Pre-allocate where possible (enable prealloc linter)
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
* fix TestAlertManagers_buildRedactedAMs
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
* prealloc a slice that appeared after rebase
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
---------
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
* Introduce preLogoutHooks in authn service
* Add gcom_logout_hook
* Config the api token from the Grafana config file
* Simplify
* Add tests for logout hook
* Clean up
* Update
* Address PR comment
* Fix
* Add setting for changing shortlink expiration time
* Add docs, add better language
* put all the numbers in the duration 🤷
* 🙄
* update language to be correct and clear
* Add max limit and more documentation
* reenable ext-jwt-client
* fixup settings struct
* add user and service auth
* lint up
* add user auth to grafana ext
* fixes
* Populate token permissions
Co-authored-by: jguer <joao.guerreiro@grafana.com>
* fix tests
* fix lint
* small prealloc
* small prealloc
* use special namespace for access policies
* fix access policy auth
* fix tests
* fix uncalled settings expander
* add feature toggle
* small feedback fixes
* rename entitlements to permissions
* add authlibn
* allow viewing the signed in user info for non user namespace
* fix invalid namespacedID
* use authlib as verifier for tokens
* Update pkg/services/authn/clients/ext_jwt.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Update pkg/services/authn/clients/ext_jwt_test.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* fix parameter names
* change asserts to normal package
* add rule for assert
* fix ownerships
* Local diff
* test and lint
* Fix test
* Fix ac test
* Fix pluginproxy test
* Revert testdata changes
* Force revert on test data
---------
Co-authored-by: gamab <gabriel.mabille@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* server: reload of grafana server certs when renewed without restart.
Signed-off-by: Rao, B V Chalapathi <b_v_chalapathi.rao@nokia.com>
* server: reload of grafana server certs when renewed without restart.
Signed-off-by: Rao, B V Chalapathi <b_v_chalapathi.rao@nokia.com>
* Update http_server.go
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update http_server.go
Address the comments
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Dan Cech <dan@aussiedan.com>
* Update http_server.go
Align the spaces
* Update http_server.go
* Update http_server.go
* Update pkg/api/http_server.go
Co-authored-by: Dan Cech <dan@aussiedan.com>
---------
Signed-off-by: Rao, B V Chalapathi <b_v_chalapathi.rao@nokia.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Dan Cech <dan@aussiedan.com>
Removes legacy alerting, so long and thanks for all the fish! 🐟
---------
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
Co-authored-by: Sonia Aguilar <soniaAguilarPeiron@users.noreply.github.com>
Co-authored-by: Armand Grillet <armandgrillet@users.noreply.github.com>
Co-authored-by: William Wernert <rwwiv@users.noreply.github.com>
Co-authored-by: Yuri Tseretyan <yuriy.tseretyan@grafana.com>
* poc
* add logger, skip hook when user is not assigned to default org
* Add tests, move to hook folder
* docs
* Skip for OrgId < 1
* Address feedback
* Update docs/sources/setup-grafana/configure-grafana/_index.md
* lint
* Move the hook to org_sync.go
* Update pkg/services/authn/authnimpl/sync/org_sync.go
* Handle the case when GetUserOrgList returns error
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* hard disable for legacy alerting
* remove alerting section from configuration file
* update documentation to not refer to deleted section
* remove AlertingEnabled from usage in UA setting parsing
* add a middleware that appens headers for IP range AC to data source proxy requests
* update code
* add tests
* fix a mistake
* add logging
* refactor to reuse code
* small cleanup
* skip the plugins middleware if the header is already set
* skip the plugins middleware if the header is already set
