Any authenticated user of an organization should be able to
- search its organization's users
- search its organization's users
- retrieve a single user of its organization (this how it was
implemented earlier)
* grafana/master: (51 commits)
Use curly brackets around hyperlink help text #11478 (#11479)
migrated playlist-routes to ts
migrated last all.js to ts
Notes for closing #7119
changelog: adds note for #11128
variables: adds test for variable sorting
Add case-insensitive sort for variables.
graphite: fixes#11434
settings: fixes test
changed from margin to padding
changed variable for tabbed close btn hover, and changed text-strong variable for lighttheme, removed commented out variable
mssql: typos in help sections
Webpack Grafana plugin template project to links (#11457)
rm panel.type constrain from threshold_mapper.ts (#11448)
No need for node_modules/bin in npm run-script (#11449)
changelog: adds note about closing #11555
add article
fix some typos
migrated graph_tooltip to ts
started migration to ts
...
* grafana/master: (26 commits)
notes about closing #11306
cleanup
changelog: unix socket permissions
Adjust permissions of unix socket
docs: tweaks
changelog: adds note about closing #5855
legend: small refactoring
Make golint happier
mysql: skip tests by default
mssql: update query editor help
mysql: fix precision for the time column in table/annotation query mode
postgres: fix precision for the time column in table/annotation query mode
mssql: fix precision for the time column in table/annotation query mode
mssql: remove UTC conversion in macro functions
mssql: fix timeGroup macro so that it properly creates correct groups
small screen legend right also work like legend under in render + set scrollbar to undefined in destroyScrollbar so it doesnt become disabled when toggeling between right and under
fixed so legend right works like legend under on small screens
Alerting: move getNewState to EvalContext
graphite: adds more traces for alerting
sql datasource: extract common logic for converting time column to epoch time in ms
...
This changes forks the mysql part of the Macaron session middleware.
In the forked mysql file:
- takes in a config setting for SetConnMaxLifetime (this solves wait_timeout
problem if it is set to a shorter interval than wait_timeout)
- removes the panic when an error is returned in the Exist function.
- retries the exist query once
- retries the GC query once
Admins can see all snapshots. Other roles can only see their own
snapshots.
Added permission check for deleting snapshots - admins can delete
any snapshot, other roles can delete their own snapshots or
snapshots that they have access to via dashboard permissions.
* dashboards: new command for validating dashboard before update
Removes validation logic from saveDashboard and later on use the new command for validating
dashboard before saving a dashboard. This due to the fact that we need to validate permissions
for overwriting other dashboards by uid and title.
* dashboards: use the new command for validating dashboard before saving
Had to refactor dashboard provisioning a bit to be able to sidetrack the permission validation
in a somewhat reasonable way.
Adds some initial tests of the dashboard repository, but needs to be extended later. At least
now you can mock the dashboard guardian
* dashboards: removes validation logic in the save dashboard api layer
Use the dashboard repository solely for create/update dashboards and let it do all
the validation. One exception regarding quota validation which still is in api layer
since that logic is in a macaron middleware.
Need to move out-commented api tests later.
* dashboards: fix database tests for validate and saving dashboards
* dashboards: rename dashboard repository to dashboard service
Split the old dashboard repository interface in two new interfaces, IDashboardService and
IDashboardProvisioningService. Makes it more explicit when using it from the provisioning package
and there's no possibility of calling an incorrect method for saving a dashboard.
* database: make the InitTestDB function available to use from other packages
* dashboards: rename ValidateDashboardForUpdateCommand and some refactoring
* dashboards: integration tests of dashboard service
* dashboard: fix sqlstore test due to folder exist validation
* dashboards: move dashboard service integration tests to sqlstore package
Had to move it to the sqlstore package due to concurrency problems when running
against mysql and postgres. Using InitTestDB from two packages added conflicts
when clearing and running migrations on the test database
* dashboards: refactor how to find id to be used for save permission check
* dashboards: remove duplicated dashboard tests
* dashboards: cleanup dashboard service integration tests
* dashboards: handle save dashboard errors and return correct http status
* fix: remove log statement
* dashboards: import dashboard should use dashboard service
Had to move alerting commands to models package due to problems with import cycles of packages.
* dashboards: cleanup dashboard api tests and add some tests for post dashboard
* dashboards: rename dashboard service interfaces
* dashboards: rename dashboard guardian interface
* enables overwrite if dashboard allready exist in folder
* dashboard: Don't allow creating a folder named General
* dashboards: update logic for save/update dashboard
No id and uid creates a new dashboard/folder.
No id and uid, with an existing title in folder allows overwrite
of dashboard.
Id without uid, allows update of existing dashboard/folder without
overwrite.
Uid without id allows update of existing dashboard/folder without
overwrite.
Id without uid, with an existing title in folder allows overwrite
of dashboard/folder and updated will have the uid of overwritten.
Uid without id, with an existing title in folder allows overwrite
of dashboard/folder and new will have the same uid as provided.
Trying to change an existing folder to a dashboard yields error.
Trying to change an existing dashboard to a folder yields error.
* dashboards: include folder id when confirmed to save with overwrite
* dashboards: fixes due to new url structure
Return importedUrl property in response to importing dashboards and
getting plugin dashboards and use this for redirects/links in the
frontend.
* dashfolders: hide permissions in settings if folder has changed
and the dashboard has not been saved yet. Otherwise the use will
see stale permissions from the original folder.
* dashfolders: return folder url for inherited permissions
* origin/7883_frontend_step:
dashboards: make scripted dashboards work using the old legacy urls
dashboards: redirect from old url used to load dashboard to new url
dashboards: add new default frontend route for rendering a dashboard panel
dashboards: fix links to recently viewed and starred dashboards
dashboards: use new *url* prop from dashboard search for linking to dashboards
dashboards: when saving dashboard redirect if url changes
dashboards: add new default frontend route for loading a dashboard
dashboards: return url in response to save dashboard. #7883
If legacy backend routes (/dashboard/db/<slug> and /dashboard-solo/db/<slug>)
are requested we try to redirect to new routes with a 301 Moved Permanently
#7883
Since we're already have possibility to get a dashboard by slug
it makes little sense to have a separate endpoint in api for
retrieving uid by slug.
#7883
Introduces new url in api /dashboards/<uid> for fetching dashboard by unique id
Leave the old dashboard by slug url /dashboards/db/<slug> for backward
compatibility and for supporting fallback
WIP for #7883
In the permissions view in dashboard settings, this adds a
link to the parent folder for inherited permissions. Which
allows the user to easily navigate to the folder and change
inherited permissions.
* db: add login attempt migrations
* db: add possibility to create login attempts
* db: add possibility to retrieve login attempt count per username
* auth: validation and update of login attempts for invalid credentials
If login attempt count for user authenticating is 5 or more the last 5 minutes
we temporarily block the user access to login
* db: add possibility to delete expired login attempts
* cleanup: Delete login attempts older than 10 minutes
The cleanup job are running continuously and triggering each 10 minute
* fix typo: rename consequent to consequent
* auth: enable login attempt validation for ldap logins
* auth: disable login attempts validation by configuration
Setting is named DisableLoginAttemptsValidation and is false by default
Config disable_login_attempts_validation is placed under security section
#7616
* auth: don't run cleanup of login attempts if feature is disabled
#7616
* auth: rename settings.go to ldap_settings.go
* auth: refactor AuthenticateUser
Extract grafana login, ldap login and login attemp validation together
with their tests to separate files.
Enables testing of many more aspects when authenticating a user.
#7616
* auth: rename login attempt validation to brute force login protection
Setting DisableLoginAttemptsValidation => DisableBruteForceLoginProtection
Configuration disable_login_attempts_validation => disable_brute_force_login_protection
#7616
Instead of returning all folders a user has some sort of access to,
this change creates a new end point that returns folders the user
has write access to. This new endpoint is used in the folder picker
* teams: add db migration for email column in teams table
* teams: /teams should render index page with a 200 OK
* teams: additional backend functionality for team and team members
Possibility to save/update email for teams.
Possibility to retrive avatar url when searching for teams.
Possibility to retrive avatar url when searching for team members.
* teams: display team avatar and team member avatars
Possibility to save and update email for a team
* teams: create team on separate page instead of modal dialog
* removes readonly editor role
* adds viewersCanEdit setting
This enable you to allow viewers to edit/inspect
dashboards in grafana in their own browser without
allowing them to save dashboards
* remove read only editor option from all dropdowns
* migrates all read only viewers to viewers
* docs: replace readOnlyEditor with viewersCanEdit
simple solution for waiting for all go sub routines to
finish before closing Grafana. We would use errGroup
here as well but I dont like spreading context's all
over the place.
closes#10131
* annotations: throw error if no text specified and set default time to Now() if empty, #9571
* annotations: fix saving graphite event with empty string tags
* docs: add /api/annotations/graphite endpoint docs, #9571
Prometheus client lib support gzip by itself. Which caused the
response to be double gzipped sometimes. We should use the Grafana
middle ware instead.
closes#9464
* annotations: add endpoint for writing graphite-like events
* annotations: fix new line handling in tooltip
* annotations: support tags in prior to Graphite 0.10.0 format
Macaron's gzip middleware tries to automatically figure out the content
type for a file when gzipped and seems to mostly fail with plugin
readmes. This change sets the content type to plain text.
Fixes#9344. Ref #5952.
* annotations: add 25px space for events section
* annotations: restored create annotation action
* annotations: able to use fa icons as event markers
* annotations: initial emoji support from twemoji lib
* annotations: adjust fa icon position
* annotations: initial emoji picker
* annotation: include user info into annotation requests
* annotation: add icon info
* annotation: display user info in tooltip
* annotation: fix region saving
* annotation: initial region markers
* annotation: fix region clearing (add flot-temp-elem class)
* annotation: adjust styles a bit
* annotations: minor fixes
* annoations: removed userId look in loop, need a sql join or a user cache for this
* annotation: fix invisible events
* lib: changed twitter emoij lib to be npm dependency
* annotation: add icon picker to Add Annotation dialog
* annotation: save icon to annotation table
* annotation: able to set custom icon for annotation added by user
* annotations: fix emoji after library upgrade (switch to 72px)
* emoji: temporary remove bad code points
* annotations: improve icon picker
* annotations: icon show icon picker at the top
* annotations: use svg for emoji
* annotations: fix region drawing when add annotation editor opened
* annotations: use flot lib for drawing region fill
* annotations: move regions building into event_manager
* annotations: don't draw additional space if no events are got
* annotations: deduplicate events
* annotations: properly render cut regions
* annotations: fix cut region building
* annotations: refactor
* annotations: adjust event section size
* add-annotations: fix undefined default icon
* create-annotations: edit event (frontend part)
* fixed bug causes error when hover event marker
* create-annotations: update event (backend)
* ignore grafana-server debug binary in git (created VS Code)
* create-annotations: use PUT request for updating annotation.
* create-annotations: fixed time format when editing existing event
* create-annotations: support for region update
* create-annotations: fix bug with limit and event type
* create-annotations: delete annotation
* create-annotations: show only selected icon in edit mode
* create-annotations: show event editor only for users with at least Editor role
* create-annotations: handle double-sized emoji codepoints
* create-annotations: refactor
use CP_SEPARATOR from emojiDef
* create-annotations: update emoji list, add categories.
* create-annotations: copy SVG emoji into public/vendor/npm and use it as a base path
* create-annotations: initial tabs for emoji picker
* emoji-picker: adjust styles
* emoji-picker: minor refactor
* emoji-picker: refactor - rename and move into one directory
* emoji-picker: build emoji elements on app load, not on picker open
* emoji-picker: fix emoji searching
* emoji-picker: refactor
* emoji-picker: capitalize category name
* emoji-picker: refactor
move buildEmojiElem() into emoji_converter.ts for future reuse.
* jquery.flot.events: refactor
use buildEmojiElem() for making emojis, remove unused code for font awesome based icons.
* emoji_converter: handle converting error
* tech: updated
* merged with master
* shore: clean up some stuff
* annotation: wip tags
* annotation: filtering by tags
* tags: parse out spaces etc. from a tags string
* annotations: use tagsinput component for tag filtering
* annotation: wip work on how we query alert & panel annotations
* annotations: support for updating tags in an annotation
* linting
* annotations: work on unifying how alert history annotations and manual panel annotations are created
* tslint: fixes
* tags: create tag on blur as well
Currently, the tags directive only creates the tag when the
user presses enter. This change means the tag is created on
blur as well (when the user clicks outside the input field).
* annotations: fix update after refactoring
* annotations: progress on how alert annotations are fetched
* annotations: minor progress
* annotations: progress
* annotation: minor progress
* annotations: move tag parsing from tooltip to ds
Instead of parsing a tag string into an array in the annotation_tooltip
class, this moves the parsing to the datasources. InfluxDB ds already
does that parsing. Graphite now has it.
* annotations: more work on querying
* annotations: change from tags as string to array
when saving in the db and in the api.
* annotations: delete tag link if removed on edit
* annotation: more work on depricating annotation title
* annotations: delete tag links on delete
* annotations: fix for find
* annotation: added user to annotation tooltip and added alertName to annoation dto
* annotations: use id from route instead from cmd for updating
* annotations: http api docs
* create annotation: last edits
* annotations: minor fix for querying annotations before dashboard saved
* annotations: fix for popover placement when legend is on the side (and doubel render pass is causing original marker to be removed)
* annotations: changing how the built in query gets added
* annotation: added time to header in edit mode
* tests: fixed jshint built issue
It should be specify to either use TLS client authentication or use a
user-supplied CA; previously you had to enable client authentication to
use a custom CA.
If either is set, try to use them.
This should help avoid a situation where someone has half-configured TLS
client authentication and it doesn't work without raising an obvious
error.
TLS was not being verified in a number of places:
- connections to grafana.com
- connections to OAuth providers when TLS client authentication was
enabled
- connections to self-hosted Grafana installations when using the CLI
tool
TLS should always be verified unless the user explicitly enables an
option to skip verification.
Removes some instances where `InsecureSkipVerify` is explicitly set to
`false`, the default, to help avoid confusion and make it more difficult
to regress on this fix by accident.
Adds a `--insecure` flag to `grafana-cli` to skip TLS verification.
Adds a `tls_skip_verify_insecure` setting for OAuth.
Adds a `app_tls_skip_verify_insecure` setting under a new `[plugins]`
section.
I'm not super happy with the way the global setting is used by
`pkg/api/app_routes.go` but that seems to be the existing pattern used.
Unfortunately CloudWatch dimensions are case-sensitive and it uses both `DBClusterIdentifier` and `DbClusterIdentifier` (notice the lower case `b`) depending on the metric. All metrics which also have the `Role` dimension appear to use `DBClusterIdentifier`, whereas metric with the `EngineName` dimension use `DbClusterIdentifier`.
Fixes#5356. Internet Explorer aggressively caches GET requests which
means that all API calls fetching data are cached. This fix adds a
Cache-Control header with the value no-cache to all GET requests to
the API.
Changes to the http_server class meant that the TLS settings were not
getting applied anymore. This fixes so that the minimum TLS version is
1.2 again.
Dashboard folders included in all searches. If a dashboard matches
a search and has a parent folder then the parent folder is appended
to the search result. A hierarchy is then returned in the result
with child dashboards under their parent folders.
Breaks some stuff like selected dash in the search result.
In dashboard search, if the user is not searching then the result is
returned as a tree structure. No ACL's or user group ux yet.
A simple version control system for dashboards. Closes#1504.
Goals
1. To create a new dashboard version every time a dashboard is saved.
2. To allow users to view all versions of a given dashboard.
3. To allow users to rollback to a previous version of a dashboard.
4. To allow users to compare two versions of a dashboard.
Usage
Navigate to a dashboard, and click the settings cog. From there, click
the "Changelog" button to be brought to the Changelog view. In this
view, a table containing each version of a dashboard can be seen. Each
entry in the table represents a dashboard version. A selectable
checkbox, the version number, date created, name of the user who created
that version, and commit message is shown in the table, along with a
button that allows a user to restore to a previous version of that
dashboard. If a user wants to restore to a previous version of their
dashboard, they can do so by clicking the previously mentioned button.
If a user wants to compare two different versions of a dashboard, they
can do so by clicking the checkbox of two different dashboard versions,
then clicking the "Compare versions" button located below the dashboard.
From there, the user is brought to a view showing a summary of the
dashboard differences. Each summarized change contains a link that can
be clicked to take the user a JSON diff highlighting the changes line by
line.
Overview of Changes
Backend Changes
- A `dashboard_version` table was created to store each dashboard
version, along with a dashboard version model and structs to represent
the queries and commands necessary for the dashboard version API
methods.
- API endpoints were created to support working with dashboard
versions.
- Methods were added to create, update, read, and destroy dashboard
versions in the database.
- Logic was added to compute the diff between two versions, and
display it to the user.
- The dashboard migration logic was updated to save a "Version
1" of each existing dashboard in the database.
Frontend Changes
- New views
- Methods to pull JSON and HTML from endpoints
New API Endpoints
Each endpoint requires the authorization header to be sent in
the format,
```
Authorization: Bearer <jwt>
```
where `<jwt>` is a JSON web token obtained from the Grafana
admin panel.
`GET "/api/dashboards/db/:dashboardId/versions?orderBy=<string>&limit=<int>&start=<int>"`
Get all dashboard versions for the given dashboard ID. Accepts
three URL parameters:
- `orderBy` String to order the results by. Possible values
are `version`, `created`, `created_by`, `message`. Default
is `versions`. Ordering is always in descending order.
- `limit` Maximum number of results to return
- `start` Position in results to start from
`GET "/api/dashboards/db/:dashboardId/versions/:id"`
Get an individual dashboard version by ID, for the given
dashboard ID.
`POST "/api/dashboards/db/:dashboardId/restore"`
Restore to the given dashboard version. Post body is of
content-type `application/json`, and must contain.
```json
{
"dashboardId": <int>,
"version": <int>
}
```
`GET "/api/dashboards/db/:dashboardId/compare/:versionA...:versionB"`
Compare two dashboard versions by ID for the given
dashboard ID, returning a JSON delta formatted
representation of the diff. The URL format follows
what GitHub does. For example, visiting
[/api/dashboards/db/18/compare/22...33](http://ec2-54-80-139-44.compute-1.amazonaws.com:3000/api/dashboards/db/18/compare/22...33)
will return the diff between versions 22 and 33 for
the dashboard ID 18.
Dependencies Added
- The Go package [gojsondiff](https://github.com/yudai/gojsondiff)
was added and vendored.
* refactor util encryption library so it doesn't have to import log
* add util.SplitString to handle space and/or comma-separated config lines
* go fmt
We now obtain credentials based on the container task's role
rather than just relying on the credentials of the enclosing
container instance.
Fixes#6700.
