* add fixed role for datasource read operations
* Add action for datasource explore
* add authorize middleware to explore index route
* add fgac support for explore navlink
* update hasAccessToExplore to check if accesscontrol is enable and evalute action if it is
* add getExploreRoles to evalute roles based onaccesscontrol, viewersCanEdit and default
* create function to evaluate permissions or using fallback if accesscontrol is disabled
* change hasAccess to prop and derive the value in mapStateToProps
* add test case to ensure buttons is not rendered when user does not have access
* Only hide return with changes button
* remove internal links if user does not have access to explorer
Co-authored-by: Ivana Huckova <30407135+ivanahuckova@users.noreply.github.com>
* add accesscontrol action for stats read
* use accesscontrol middleware for stats route
* add fixed role with permissions to read sever stats
* add accesscontrol action for settings read
* use accesscontrol middleware for settings route
* add fixed role with permissions to read settings
* add accesscontrol tests for AdminGetSettings and AdminGetStats
* add ability to scope settings
* add tests for AdminGetSettings
* Add new accesscontrol action for ldap config reload
* Update ldapAdminEditRole with new ldap config reload permission
* wrap /ldap/reload with accesscontrol authorize middleware
* document new action and update fixed:ldap:admin:edit with said action
* add fake accesscontrol implementation for tests
* Add accesscontrol tests for ldap handlers
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
this should help Live to be enabled by default but still
do not affect setups with lots of simultenious users. To
properly handle many WS connections Grafana administrators
should tune infrastructure a bit - for example increase a
number of open files for a process. Will be in more details
in documentation.
* click out to gcom when config enabled
* set to false
* fix styling for uninstall
* remove advertising config + simplify callout URL
* add entry to configuration.md
* update config name
* update lingo
* expose folder UID in dashboards API response, import dashboards into folders by folder UID
* handle bad folder UID as 400 error
* 12591:Add tests for request with folderUid
* Use more descriptive error status for missing folders
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* return 400 when folder id is missing
* put error checking in the right place this time
* mention folderUid in the docs
* Clarify usage of folderUid and folderId when both present
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Capitalise UID
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* mention folder UID in the metadata for a GET response
Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
Uses new httpclient package from grafana-plugin-sdk-go introduced
via grafana/grafana-plugin-sdk-go#328.
Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined
on DataSource model.
Longer-term the goal is to migrate core HTTP backend data sources to use the
SDK contracts and using httpclient.Provider for creating HTTP clients and such.
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Update dashboard_snapshot.go
This is to address: https://github.com/grafana/grafana/issues/33665
The key and deleteKey fields are not honoured when creating a snapshot with external:true set
* removed whitespace
* add uninstall flow
* add install flow
* small cleanup
* smaller-footprint solution
* cleanup + make bp start auto
* fix interface contract
* improve naming
* accept version arg
* ensure use of shared logger
* make installer a field
* add plugin decommissioning
* add basic error checking
* fix api docs
* making initialization idempotent
* add mutex
* fix comment
* fix test
* add test for decommission
* improve existing test
* add more test coverage
* more tests
* change test func to use read lock
* refactoring + adding test asserts
* improve purging old install flow
* improve dupe checking
* change log name
* skip over dupe scanned
* make test assertion more flexible
* remove trailing line
* fix pointer receiver name
* update comment
* add context to API
* add config flag
* add base http api test + fix update functionality
* simplify existing check
* clean up test
* refactor tests based on feedback
* add single quotes to errs
* use gcmp in tests + fix logo issue
* make plugin list testing more flexible
* address feedback
* fix API test
* fix linter
* undo preallocate
* Update docs/sources/administration/configuration.md
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Update docs/sources/administration/configuration.md
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Update docs/sources/administration/configuration.md
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* fix linting issue in test
* add docs placeholder
* update install notes
* Update docs/sources/plugins/marketplace.md
Co-authored-by: Marcus Olsson <marcus.olsson@hey.com>
* update access wording
* add more placeholder docs
* add link to more info
* PR feedback - improved errors, refactor, lock fix
* improve err details
* propagate plugin version errors
* don't autostart renderer
* add H1
* fix imports
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
Co-authored-by: Marcus Olsson <marcus.olsson@hey.com>
* Rendering: add CSV rendering support
* Rendering: save csv files into a separate folder
* add missing field
* Renderer: get filename from renderer plugin
* apply PR suggestions
* Rendering: remove old PhantomJS error
* Rendering: separate RenderCSV and Render functions
* fix alerting test
* Rendering: fix handling error in HTTP mode
* apply PR feedback
* Update pkg/services/rendering/http_mode.go
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
* apply PR feedback
* Update rendering metrics with type label
* Rendering: return error if not able to parse header
* Rendering: update grpc generated file
* Rendering: use context.WithTimeout to render CSV too
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
* WIP: intial structure
* Refactor: adds create library element endpoint
* Feature: adds delete library element
* wip
* Refactor: adds get api
* Refactor: adds get all api
* Refactor: adds patch api
* Refactor: changes to library_element_connection
* Refactor: add get connections api
* wip: in the middle of refactor
* wip
* Refactor: consolidating both api:s
* Refactor: points front end to library elements api
* Tests: Fixes broken test
* Fix: fixes delete library elements in folder and adds tests
* Refactor: changes order of tabs in manage folder
* Refactor: fixes so link does not cover whole card
* Update pkg/services/libraryelements/libraryelements.go
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Update pkg/services/libraryelements/libraryelements_permissions_test.go
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Update pkg/services/libraryelements/database.go
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Chore: changes after PR comments
* Update libraryelements.go
* Chore: updates after PR comments
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* use a common way to redact sensitive values before logging them
* fix panic on missing testCase.err, simplify require checks
* fix a silly typo
* combine readConfig and buildConnectionString methods, as they are closely related
* AuthType in route configuration
* Pass interpolated auth parameters to token provider
* Unit tests
* Update after review
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Fixes#33669Closed#33732
Following discussion in grafana/grafana-enterprise#1292, removing
org-scoped users scopes to make it clear that the local organization is
the default and the alternative to that is a global scope (for a select
few endpoints)
In the case permissions has been added on dashboard(s). Later permissions for the
parent folder of the dashboard is edited in such a way that dashboard in that folder
has a permission that is a duplicate of an inherited one. This PR changes so that
duplicate permissions are now filtered out from /api/dashboards/id/<dashboard id>/permissions.
Duplicate permission are not filtered out if the permission on dashboard is higher
than on the inherited folder.
Fixes#33296
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Encapsulate settings with a provider with support for runtime reloads
* SettingsProvider: reload is controlled by the services
* naive impl of reload handlers for settings
* working naive detection on new changes
* Trigger settings reload from API endpoint
* validation step added
* validation of settings
* Fix linting errors
* Replace DB_Varchar by DB_NVarchar
* Reduce settings columns (section, key) lenghts
* wip db update logic
* Db Settings: separate updates and removals
* Fix: removes incorrectly added code
* Minor code improvements
* Runtime settings: moved oss -> ee
* Remove no longer used setting.Cfg SAML-related fields
* Rename file setting/settings.go => setting/provider.go
* Apply suggestions from code review
Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>
* Minor code improvements on OSS settings provider
* Fix some login API tests
* Correct some GoDoc comments
* Apply suggestions from code review
Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>
Co-authored-by: Leonard Gram <leo@xlson.com>
Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>
Before these changes the request tracing was added for each route
registered using the routing.RouteRegister, see code. This had the
consequence that middleware executed earlier/later in the request
pipeline was not part of the request tracing middleware life-cycle
which measures the duration of requests among other things.
In the logger middleware we do extract the current distributed trace
identifier, if available, and set that on request info/error log messages.
With these changes we can extract the current distributed trace identifier,
if available, and set that on the contextual HTTP request logger
(models.ReqContext.Logger) which would improve the possibility to correlate
all HTTP request log messages with traces.
In addition, the request tracing middleware is now executed first and last in
the request pipeline and should therefore result in more accurate timing
measurements (request duration).
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Expose user permissions to the frontend
* Do not include empty scope
* Extend ContextSrv with hasPermission() method
* Add access control types
* Fix type error (make permissions optional)
* Fallback if access control disabled
* Move UserPermission to types
* Simplify hasPermission()
* [Alerting]: Use common properties for all rules
* Add Labels in rules
* Fix update ruleGroup API
Return 400 Bad Request response
when the request contains a UID that does not exist
* Check permissions and return namespace id
* Apply suggestions from code review
Co-authored-by: gotjosh <josue@grafana.com>
* Move db package WIP
* Implement OSS access control
* Register OSS access control
* Fix linter error in tests
* Fix linter error in evaluator
* Simplify OSS tests
* Optimize builtin roles
* Chore: add comments to the exported functions
* Remove init from ossaccesscontrol package (moved to ext)
* Add access control as a dependency for http server
* Modify middleware to receive fallback function
* Middleware: refactor fallback function call
* Move unused models to enterprise
* Simplify AccessControl type
* Chore: use bool IsDisabled() method instead of CanBeDisabled interface
* FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters to prometheus
* FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters to prometheus
* Fix naming
* change to histogram
* Fixed go lint
