* AUthN: Add last seen sync hooks for user / service account and move api
key last seen to own hook
* ContextHandler: only run sync for last seen if auth.Service is not
enabled
* AuthN: set up boilerplate for proxy client
* AuthN: Implement Test for proxy client
* AuthN: parse accept list in constructor
* AuthN: add proxy client interface
* AuthN: handle error
* AuthN: Implement the proxy client interface for ldap
* AuthN: change reciever name
* AuthN: add grafana as a proxy client
* AuthN: for error returned
* AuthN: add tests for grafana proxy auth
* AuthN: swap order of grafan and ldap auth
* AuthN: Parse additional proxy headers in proxy client and pass down
* AuthN: Create password client wrapper and use that on in basic auth
client
* AuthN: fix basic auth client test
* AuthN: Add tests for form authentication
* API: Inject authn service
* Login: If authnService feature flag is enabled use authn login
* Login: Handle token creation errors
* Config: Separate lists either by spaces or by commas.
* Simplify space separation
* use separate function for the config strings
* Change behavior only if string contains quotes
* add test for invalid string
* Use JSON list syntax
* ignore leading spaces when process list
* Add notes about using JSON lists into the docs
* Fix typo
* Apply suggestions from code review
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Add docs generator
* Add json-to-md conversion
* Fix lint issues
* Remove check for kind type
* Disable prettier for generated docs
* Use schema ref names as identifiers for links & headers
* Display the default value (if so) in the description
* Undo 'draft:false' introduced by mistake
* Update pkg/codegen/jenny_docs.go
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
* Undraft and unlist kinds documentation (#61476)
* Support running containers without root daemon
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Use section shortcode to automatically list child pages
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Undraft and unlist kinds documentation
This page and child pages are directly accessible but are not listed
in the table of contents.
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Add docs-preview to browse drafted pages
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Replace end of line and pipe characters in table codegen
* Remove draft status from generated docs
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
Co-authored-by: Robert Horvath <robert.horvath@grafana.com>
* [WIP] Auth: add backend skipOrgRoleSync to AzureAD OAuth
- add: skipOrgRoleSync
- rename: skipOrgRoleSync to skipOrgRoleSyncBase (to make it clear that
it is the base version of SocialBase)
- add: tests for skipOrgRoleSync in AzureAD
TODO:
- [ ] frontend changes
* add: docs
* refactor: remove role from basicinfo
* add: settings for grafanacom
* add: settigns for frontend
* add: logic for azureAD user skip org role
* add: docs for skip_org_role_sync
* refactor: docs a bit
* add: tests for userinfo
* refactor: to only extract if skiporgrolesync false
* refactor: based on review comments
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* add feature flag `alertingNoNormalState`
* update instance database to support exclusion of state in list operation
* do not save normal state and delete transitions to normal
* update get methods to filter out normal state
* API: Rewrite legacy access control and rbac tests for current org
endpoint
* API: Rewrite legacy and rbac endpoint tests for update current and
target org
* API: rewrite access control tests for create org
* API: Rewrite delete org api access control tests
* API: rewrite search org access control tests to not use mocked access
control
* API: Rewrite get org and get org by name access control tests to not use
mocked access control
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* AuthN: add the ability to register post login hooks
* AuthN: add a guard for the user id
* AuthN: Add helper to create external user info from identity
* AuthN: Pass auth request to password clients
* AuthN: set auth module and username in metadata
* Chore: Move team models to models pkg
* Fix ACL tests
* More ACL tests
* Change Id to ID in conflict user command test
* Remove team from models
* Fix ac test lint
* Alerting: Improve legacy migration to include send reminder & frequency
Legacy channel frequency is migrated to the channel's migrated route's
repeat interval if send reminder is true. If send reminder is false, we
pseudo-disable the repeat interval by setting it to a large value (1y).
If there were no default channels, the root notification policy is still
created with the default 4h repeat interval.
This pull request re-applies the refactoring of ConditionsCmd from a
reverted fix#56812 for mathexp.noData. It does not add the fix, or
tests for the fix, because those were added in #56816. We use the
additional test coverage added in #56816 and #58650 to avoid the
reoccurrence of regressions that caused us to revert #56812 the
first time.
* use new log group picker also for non cross-account queries
* cleanup and add comment
* remove not used code
* remove not used test
* add error message when trying to set log groups before saving
* fix bugs from pr feedback
* add more tests
* fix broken test
* PermissionFilter: Handle all search type and only check one action for dashboards
* PermissionFilter: Still handle multiple action but take short cut when
only one action is required
* Add auth labels and access control metadata to org users search results
* Fix search result JSON model
* Org users: Use API for pagination
* Fix default page size
* Refactor: UsersListPage to functional component
* Refactor: update UsersTable component code style
* Add pagination to the /orgs/{org_id}/users endpoint
* Use pagination on the AdminEditOrgPage
* Add /orgs/{org_id}/users/search endpoint to prevent breaking API
* Use existing search store method
* Remove unnecessary error
* Remove unused
* Add query param to search endpoint
* Fix endpoint docs
* Minor refactor
* Fix number of pages calculation
* Use SearchOrgUsers for all org users methods
* Refactor: GetOrgUsers as a service method
* Minor refactor: rename orgId => orgID
* Fix integration tests
* Fix tests
* Use preferred package header for generated code
> To convey to humans and machine tools that code is generated, generated source should have a line that matches the following regular expression (in Go syntax):
> `^// Code generated .* DO NOT EDIT\.$`
https://pkg.go.dev/cmd/go#hdr-Generate_Go_files_by_processing_source
Co-authored-by: sam boyer <sdboyer@grafana.com>
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Regenerate files with updated header
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Co-authored-by: sam boyer <sdboyer@grafana.com>
* protect /connection url paths with permissions
These permissions match the original ones at /datasources and /plugins
* add Connections section to navtree only if user has permissions
This commit works only when the easystart plugin is not present.
I'll see what I can do when it is present in the next commit(s).
* update datasources page permissions
The datasources page have Explore buttons on datasource entries,
therefore it makes sense to show this page for those, who can't edit or
create datasources but have explore permissions.
This applies for the traditional Editor role.
* DataSourcesList: link to edit page only if has right to write
If the user doesn't have rights to write datasources, then it's better
to not create a link from cards to the edit page. This way they won't
see the configuration of the data sources either, which is a desirable
outcome.
Also, I moved the query for DataSourcesExplore permission out from the
DataSourcesListView component in the DataSourcesList component, next to
the other permission queries - for the sake of consistency.
* fix permissions for connect data
This way it matches the permissions of the "Plugins" page.
* fix applinks test
