* * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search
* Teams: Ensure that users searching for teams are only able see teams they have access to
* Teams: Require teamGuardian admin privileges to list team members
* Teams: Prevent org viewers from administering teams
* Teams: Add org_id condition to team count query
* Teams: clarify permission requirements in teams api docs
* Teams: expand scenarios for team search tests
* Teams: mock teamGuardian in tests
Co-authored-by: Dan Cech <dcech@grafana.com>
* remove duplicate WHERE statement
* Fix for CVE-2022-21702
(cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e)
* Lint and test fixes
(cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981)
* check content type properly
(cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98)
* basic csrf origin check
(cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1)
* compare origin to host
(cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42)
* simplify url parsing
(cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d)
* check csrf for GET requests, only compare origin
(cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709)
* parse content type properly
(cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0)
* mentioned get in the comment
(cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345)
* add content-type: application/json to test HTTP requests
* fix pluginproxy test
* Fix linter when comparing errors
Co-authored-by: Kevin Minehart <kmineh0151@gmail.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
Re-adding back Azure authentication support to Prometheus datasource
after the datasource query logic was rewritten from plugin.json routes to
Go backend.
Ref #35857
Get rid of using legacydata.RequestHandler in HTTPServer, /api/tsdb/query and pkg/expr
with the goal of deprecating /api/tsdb/query and remove it completely eventually. This is
the first step of cleaning up the HTTP API query endpoint.
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Alexander Emelin <frvzmb@gmail.com>
* Use secrets service in pluginproxy
* Use secrets service in pluginxontext
* Use secrets service in pluginsettings
* Use secrets service in provisioning
* Use secrets service in authinfoservice
* Use secrets service in api
* Use secrets service in sqlstore
* Use secrets service in dashboardshapshots
* Use secrets service in tsdb
* Use secrets service in datasources
* Use secrets service in alerting
* Use secrets service in ngalert
* Break cyclic dependancy
* Refactor service
* Break cyclic dependancy
* Add FakeSecretsStore
* Setup Secrets Service in sqlstore
* Fix
* Continue secrets service refactoring
* Fix cyclic dependancy in sqlstore tests
* Fix secrets service references
* Fix linter errors
* Add fake secrets service for tests
* Refactor SetupTestSecretsService
* Update setting up secret service in tests
* Fix missing secrets service in multiorg_alertmanager_test
* Use fake db in tests and sort imports
* Use fake db in datasources tests
* Fix more tests
* Fix linter issues
* Attempt to fix plugin proxy tests
* Pass secrets service to getPluginProxiedRequest in pluginproxy tests
* Fix pluginproxy tests
* Revert using secrets service in alerting and provisioning
* Update decryptFn in alerting migration
* Rename defaultProvider to currentProvider
* Use fake secrets service in alert channels tests
* Refactor secrets service test helper
* Update setting up secrets service in tests
* Revert alerting changes in api
* Add comments
* Remove secrets service from background services
* Convert global encryption functions into vars
* Revert "Convert global encryption functions into vars"
This reverts commit 498eb19859.
* Add feature toggle for envelope encryption
* Rename toggle
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
* Encryption: Add support to encrypt/decrypt sjd
* Add datasources.Service as a proxy to datasources db operations
* Encrypt ds.SecureJsonData before calling SQLStore
* Move ds cache code into ds service
* Fix tlsmanager tests
* Fix pluginproxy tests
* Remove some securejsondata.GetEncryptedJsonData usages
* Add pluginsettings.Service as a proxy for plugin settings db operations
* Add AlertNotificationService as a proxy for alert notification db operations
* Remove some securejsondata.GetEncryptedJsonData usages
* Remove more securejsondata.GetEncryptedJsonData usages
* Fix lint errors
* Minor fixes
* Remove encryption global functions usages from ngalert
* Fix lint errors
* Minor fixes
* Minor fixes
* Remove securejsondata.DecryptedValue usage
* Refactor the refactor
* Remove securejsondata.DecryptedValue usage
* Move securejsondata to migrations package
* Move securejsondata to migrations package
* Minor fix
* Fix integration test
* Fix integration tests
* Undo undesired changes
* Fix tests
* Add context.Context into encryption methods
* Fix tests
* Fix tests
* Fix tests
* Trigger CI
* Fix test
* Add names to params of encryption service interface
* Remove bus from CacheServiceImpl
* Add logging
* Add keys to logger
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Add missing key to logger
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Undo changes in markdown files
* Fix formatting
* Add context to secrets service
* Rename decryptSecureJsonData to decryptSecureJsonDataFn
* Name args in GetDecryptedValueFn
* Add template back to NewAlertmanagerNotifier
* Copy GetDecryptedValueFn to ngalert
* Add logging to pluginsettings
* Fix pluginsettings test
Co-authored-by: Tania B <yalyna.ts@gmail.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Add secrets service
* Revert accidental changes in util encryption
* Make minor changes
Move functional options to models
Revert renaming types to models
* Add context
* Minor change in GetDataKey
* Use CreateDataKeyWithDBSession in CreateDataKey
* Handle empty DEK name in DeleteDataKey
* Rename defaultProvider
* Remove secrets store service
* Setup filter
* Enable filtering users by active in last 30 days
* Add loading state
* Update last active age strings
* Tweak user list
* Use theme spacing
* Improve table's accessibility
* Add more aria-labels
* only recurse a symbolic link if it is a directory
* added test for detecting valid plugins using lib dirs with symbolic links in them (like oracle)
* fix linting errors
* added extra checks as per code-review
Moves common request proxy utilities to proxyutil package with
support for removing X-Forwarded-Host, X-Forwarded-Port,
X-Forwarded-Proto headers, setting X-Forwarded-For header
and cleaning Cookie header.
Using the proxyutil package to prepare and clean request
headers before resource calls.
Closes#21512
* Util: Optionally allow empty input in SplitHostPortDefault
Due to a recent change the SQL Server tests failed because passing an
empty datasource url in `util.SplitHostPortDefault` was no more allowed.
This fix contains the following modifications:
- Modifies the util.SplitHostPortDefault not to return an error for empty input.
- Modifies the util.SplitHostPort to return an error for empty input.
- Introduces an additional test for empty input.
* Convert Azure Application Insights datasource to Go
Allows for alerting of Application Insights data source
Closes: #15153
* Fix timeGrainReset
* Default time interval for querys for alerts
* Fix a few rename related bugs
* Update readme to indicate App Insights alerting
* Fix typo and add tests to ensure migration is happening
* Address code review feedback (mostly typos and unintended changes)
* Emails: resurrect template notification
* Phantomjs (oh yeah, there is another dev dep phantom :-) was failing for
the generation of the html templates so I had to update the dependencies
in order to fix it. While doing that I update the scripts field and docs
for it as well. yarn.lock is included
* Move splitting of the emails to separate helper function, since more services
coming up that would need to use this functionality
* Add support for enterprise specific email letters. Probably could
be done in the better way, but it's not a priority right now
* Unprovision dashboard in case of DisableDeletion = true
* Rename command struct
* Handle removed provision files
* Allow html in confirm-modal
* Do not show confirm button without onConfirm
* Show dialog on deleting provisioned dashboard
* Changed DeleteDashboard to DeleteProvisionedDashboard
* Remove unreachable return
* Add provisioned checks to API
* Remove filter func
* Fix and add tests for deleting dashboards
* Change delete confirm text
* Added and used pkg/errors for error wrapping
See,
$ gometalinter --vendor --deadline 10m --disable-all --enable=golint ./...
filepath.go:12:5⚠️ error var WalkSkipDir should have name of the form ErrFoo (golint)
shortid_generator.go:11:5⚠️ var validUidPattern should be validUIDPattern (golint)
shortid_generator.go:19:6⚠️ func IsValidShortUid should be IsValidShortUID (golint)
shortid_generator.go:24:6⚠️ func GenerateShortUid should be GenerateShortUID (golint)
See,
$ gometalinter --vendor --deadline 10m --disable-all --enable=golint ./...
ip.go:8:6⚠️ func SplitIpPort should be SplitIPPort (golint)
url.go:14:6⚠️ func NewUrlQueryReader should be NewURLQueryReader (golint)
url.go:9:6⚠️ type UrlQueryReader should be URLQueryReader (golint)
url.go:37:6⚠️ func JoinUrlFragments should be JoinURLFragments (golint)
See,
$ gometalinter --vendor --deadline 10m --disable-all --enable=golint ./...
encoding.go:15:1⚠️ comment on exported function GetRandomString should be of the form "GetRandomString ..." (golint)
encoding.go:30:1⚠️ exported function EncodePassword should have comment or be unexported (golint)
encoding.go:35:1⚠️ comment on exported function EncodeMd5 should be of the form "EncodeMd5 ..." (golint)
encoding.go:42:1⚠️ comment on exported function PBKDF2 should be of the form "PBKDF2 ..." (golint)
encoding.go:80:1⚠️ exported function GetBasicAuthHeader should have comment or be unexported (golint)
encoding.go:85:1⚠️ exported function DecodeBasicAuthHeader should have comment or be unexported (golint)
encoding.go:105:1⚠️ exported function RandomHex should have comment or be unexported (golint)
encryption.go:14:1⚠️ exported function Decrypt should have comment or be unexported (golint)
encryption.go:39:1⚠️ exported function Encrypt should have comment or be unexported (golint)
ip.go:7:1⚠️ exported function SplitIpPort should have comment or be unexported (golint)
json.go:3:6⚠️ exported type DynMap should have comment or be unexported (golint)
md5.go:22:1⚠️ comment on exported function Md5SumString should be of the form "Md5SumString ..." (golint)
strings.go:10:1⚠️ exported function StringsFallback2 should have comment or be unexported (golint)
strings.go:14:1⚠️ exported function StringsFallback3 should have comment or be unexported (golint)
strings.go:27:1⚠️ exported function SplitString should have comment or be unexported (golint)
strings.go:35:1⚠️ exported function GetAgeString should have comment or be unexported (golint)
url.go:8:6⚠️ exported type UrlQueryReader should have comment or be unexported (golint)
url.go:12:1⚠️ exported function NewUrlQueryReader should have comment or be unexported (golint)
url.go:23:1⚠️ exported method UrlQueryReader.Get should have comment or be unexported (golint)
url.go:32:1⚠️ exported function JoinUrlFragments should have comment or be unexported (golint)
validation.go:16:1⚠️ exported function IsEmail should have comment or be unexported (golint)
