* Draft: Feature: Trusted Types support
* remove trusted-types package
* Create policy before jQuery and Angular is loaded and add feature flag
* Add trustedTypePolicies
* Sanitize scriptURL
* Add TT meta tag for test env
* Move trusted types into core
* Add DOMParser support for TrustedHTML
* Seperate RSS sanitization and add better TrustedHTML support
* Get test CSP header from config
* Remove dompurify dep from core
* Add documentation for trusted types
* Apply suggestions from code review
Co-authored-by: Kristian Bremberg <114284895+KristianGrafana@users.noreply.github.com>
* Add comment about Github discussion thread and things breaking
* Remove changes from News panel
* Remove TT feature toggle
* Expose TT and CSPReportOnly to frontend
* Log errors in console when CSP report only is enabled
* Log error for reporting and remove test mode
* Only insert CSP header in HTML for dev env
* Update docs
---------
Co-authored-by: Tobias Skarhed <tobias.skarhed@gmail.com>
Co-authored-by: Tobias Skarhed <1438972+tskarhed@users.noreply.github.com>
* first pass at SAML UI docs
* doc updates
* Apply suggestions from code review
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* review feedback
* finish documentation for all the sections
* remove unneeded doc bit
* PR feedback
* cross-reference SAML UI docs from SAML config file docs
* extending the docs with the new fields and expaning the mapping section
* feedback
* add the permissions required to access SAML UI
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Added note to contact Support
* Update docs/sources/setup-grafana/configure-security/configure-authentication/enhanced-ldap/index.md
* Update docs/sources/setup-grafana/configure-security/configure-authentication/enhanced-ldap/index.md
* makes prettier
* Apply suggestions from code review
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Chris Moyer <chris.moyer@grafana.com>
* update enhanced-ldap
documenting a potential issue with ldap active sync, when search filter and username attributes do not match.
* Update docs/sources/setup-grafana/configure-security/configure-authentication/enhanced-ldap/index.md
* formats example
* Update docs/sources/setup-grafana/configure-security/configure-authentication/enhanced-ldap/index.md
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Chris Moyer <chris.moyer@grafana.com>
* docs: add featuretoggle introduction
* update to point to the setting instead
* Update docs/sources/administration/user-management/manage-org-users/index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* update text
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Fix reference to Grafana CLI
- Make relref for relative permalink
- Use relative path for unambiguous resolution
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Fix alerting relref anchor format
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Avoid ambiguous relref lookups by forcing relative resolution
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Remove reference to non-existent shared page
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Fix links broken in Grafana Cloud using absolute relrefs
By resolving the relref absolutely, it refers to the same location
regardless of mounted directory.
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Remove trailing slash for bundle independent resolution
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Fix typo
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* For now, avoid Hugo checking cross repository /docs/grafana-cloud link
The path is unlikely to change in the short term and this makes CI
completely green for now.
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* No need to specify path for in page anchors
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Fix prose
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
---------
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Add 'Grafana Cloud' label to content
All pages are applicable to both 'Open source' and 'Grafana Cloud'
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Add 'Grafana Cloud' label to administration content with some exceptions
- Enterprise licensing is 'Open source' and 'Enterprise'.
- 'Manage Organizations', 'Provision Grafana', and 'Stats and License' are 'Open source' only.
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Remove OSS from enterprise-licensing content
* Apply suggestions from code review
---------
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Clarify that enabling LDAP will create users by default when they log in
This proposed change to the doc was requested by a user in support ticket `79860`, as it was not clear to them that the OOTB behavior was for user accounts to be provisioned automatically in Grafana when signing in for the first time via LDAP.
* Update docs/sources/setup-grafana/configure-security/configure-authentication/ldap/index.md
Thanks!
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* fix boolean
Woops, `true` should be `false`
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* update ldap library and use go module path
* add TLS min version and accepted min TLS version
* set default min ver to library default
* set default min ver to library default
* add cipher list to toml
* Update pkg/services/ldap/settings.go
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Apply suggestions from code review
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* lint
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Add PDC docs
Add documentation for private data source connect, available in Cloud Pro and Advanced in closed preview
* Move PDC ssh key generation task
* edits throughout
* move image to media folder
---------
Co-authored-by: Chris Moyer <chris.moyer@grafana.com>
* add: deprecaation notice for overall setting
* add: deprecation notice for configuration files
* chore: update docs with deprecation notice
* refactor: change to note the new setting instead
* Update pkg/setting/setting.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* refactor: based on review comments
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* WIP
* Update pkg/services/login/authinfo.go
* fix: merge
* change order to internal last
* adds: docs
* add: configuration for defaults and sample
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Jo <joao.guerreiro@grafana.com>
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
---------
Co-authored-by: Jo <joao.guerreiro@grafana.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* add: skip_org_role_sync setting for github
* fix: frontend
* rearranged tests
* refactor: assignGrafanaAdmin skip also
* Add: tests for allowGrafanaAdmin
- both for the case when both settings are set and the setting for only
allowGrafanaAdmin
* Apply suggestions from code review
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update pkg/login/social/github_oauth.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* added vairable inside scope
* Update docs/sources/setup-grafana/configure-security/configure-authentication/github/index.md
* Update docs/sources/setup-grafana/configure-security/configure-authentication/github/index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Add new config option
* Add frontend control
* Condition new auth broker with config option
* Condition old auth broker with config option
Co-authored-by: Jo <joao.guerreiro@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Config: Separate lists either by spaces or by commas.
* Simplify space separation
* use separate function for the config strings
* Change behavior only if string contains quotes
* add test for invalid string
* Use JSON list syntax
* ignore leading spaces when process list
* Add notes about using JSON lists into the docs
* Fix typo
* Apply suggestions from code review
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* [WIP] Auth: add backend skipOrgRoleSync to AzureAD OAuth
- add: skipOrgRoleSync
- rename: skipOrgRoleSync to skipOrgRoleSyncBase (to make it clear that
it is the base version of SocialBase)
- add: tests for skipOrgRoleSync in AzureAD
TODO:
- [ ] frontend changes
* add: docs
* refactor: remove role from basicinfo
* add: settings for grafanacom
* add: settigns for frontend
* add: logic for azureAD user skip org role
* add: docs for skip_org_role_sync
* refactor: docs a bit
* add: tests for userinfo
* refactor: to only extract if skiporgrolesync false
* refactor: based on review comments
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Docs: add Grafana security hardening
* Apply suggestions from code review
Changed grammar and typos based on feedback.
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Move configure-security-hardening.md file to new directory to comply with Hugo.
* Linting with Prettier
* Apply suggestions from code review
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Use relative aliases for all non-current Grafana aliases
Prevents non-latest documentation "stealing" the page away from latest
and through permanent redirects for latest pages that no longer exist.
The redirected pages are indexed by search engines but our robots.txt
forbids them crawling the non-latest page.
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Remove aliases from shared pages
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Rewrite all current latest aliases to be next
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Fix typo in latest alias
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Remove all current page aliases
find docs/sources -type f -name '*.md' -exec sed -z -i 's#\n *- /docs/grafana/next/[^\n]*\n#\n#' {} \;
find docs/sources -type f -name '*.md' -exec sed -Ez -i 's#\n((aliases:\n *-)|aliases:\n)#\n\2#' {} \;
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Prettier
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* usageinsights: record events for Explore queries
* usageinsights: make the source field optional
It is not logical to have it for an event like the dashboard-view
* usageinsights: add comment to Explore test
Explain why we are reversing a previous decision
