Adding support for backend plugin client middlewares. This allows headers in outgoing
backend plugin and HTTP requests to be modified using client middlewares.
The following client middlewares added:
Forward cookies: Will forward incoming HTTP request Cookies to outgoing plugins.Client
and HTTP requests if the datasource has enabled forwarding of cookies (keepCookies).
Forward OAuth token: Will set OAuth token headers on outgoing plugins.Client and HTTP
requests if the datasource has enabled Forward OAuth Identity (oauthPassThru).
Clear auth headers: Will clear any outgoing HTTP headers that was part of the incoming
HTTP request and used when authenticating to Grafana.
The current suggested way to register client middlewares is to have a separate package,
pluginsintegration, responsible for bootstrap/instantiate the backend plugin client with
middlewares and/or longer term bootstrap/instantiate plugin management.
Fixes#54135
Related to #47734
Related to #57870
Related to #41623
Related to #57065
The GrafanaComURL setting is currently used in two places:
- the /api/gnet endpoint, which proxies all requests to the URL
configured in GrafanaComURL
- OAuth logins using grafana.com, where the auth URL, token URL and
redirect URL are all configured to use the GrafanaComURL.
This has worked fine until now because almost all Grafana instances have
just used the default value, https://grafana.com. However, we now have a
few different grafana.com's, some of which are behind IAP. The IAP
causes the /api/gnet proxy to fail because the required cookies are not
present in the request (how could they be?). Setting the
[grafana_net.url] setting to an internal-only URL improves the situation
slightly - the proxy works again just fine - but breaks any OAuth logins
using grafana.com, because the user must be redirected to a publicly
accessible URL.
This commit adds an additional setting, `[grafana_com.api_url]`,
which can be used to tell Grafana to use the new API URL when proxying
requests to the grafana.com API, while still using the existing
`GrafanaComURL` setting for other things.
The setting will fall back to the GrafanaComURL setting + "/api" if unset.
* Add Team kind
* Minor changes
* Use ToMedatata annotation
Co-authored-by: sam boyer <sdboyer@grafana.com>
* Use ToMedatata annotation
Co-authored-by: sam boyer <sdboyer@grafana.com>
* Use ToMedatata annotation
Co-authored-by: sam boyer <sdboyer@grafana.com>
* Use ToMedatata annotation
Co-authored-by: sam boyer <sdboyer@grafana.com>
* Update comments
* Add created and updated fields
* Make orgId required
* Use int64 for datetime
Co-authored-by: sam boyer <sdboyer@grafana.com>
* Accessibility: Improved keyboard accessibility in BarGauge
* use appropriate elements when rendering bargauge
* added space for focus-visible outline border
* Revert "added space for focus-visible outline border"
This reverts commit 9b83fa3a0b.
* Fix deleting subfolder
It used to fail with beause of missing signed in user
* Add logging
* fixup
* Fail request if deleting nested folder has failed
Before we only used to log the error
* Fix failing test
During failed nested folder creation
call the dashboard store deletion instead of the service one.
* wip for exposing full nav tree in command palatte
* Expose whole nav tree in command palette
* give search an icon
* comments
* remove unused index variable
* navigate to parents
* include image icons
* comment
* move original stats service into a separate package
* add stats service to wire
* move GetAdminStats
* switch to using stats.Service
* add missing package
* fix api tests
* Remove DeleteUser from sqlstore
* Use Delete instead of DeleteUser
* Remove unused method
* Remove DeleteUserSession from sqlstore
* Add fake for DeleteUseraccessControl
* Use user service, add fakes to tests
* Add comments to sqlstore
* Correct typo
* Add quota service initialisation
* Add config to acimpl initialisation
* Add routing to initialisation
* Making user provideStore private
* Use InTransaction instead of session
* Add cfg to userimpl
* Fix lint
* Make ProvideStore public again - enterprise tests
* Fix back ProvideStore to public
* Wrap merge user in transaction
* Delete DeleteUserAccessControl use DeleteUSerPermissions instead
* Add feature mgmt into acimpl
* DeleteUserAccessControl from ac database
* Remove case insensitive clause
* RBAC: Add an endpoint to see all user permissions
Co-authored-by: Joey Orlando <joey.orlando@grafana.com>
* Fix mock
* Add feature flag
* Fix merging
* Return normal permissions instead of simplified ones
* Fix test
* Fix tests
* Fix tests
* Create benchtests
* Split function to get basic roles
* Comments
* Reorg
* Add two more tests to the bench
* bench comment
* Re-ran the test
* Rename GetUsersPermissions to SearchUsersPermissions and prepare search options
* Remove from model unused struct
* Start adding option to get permissions by Action+Scope
* Wrong import
* Action and Scope
* slightly tweak users permissions actionPrefix query param validation logic
* Fix xor check
* Lint
* Account for suggeston
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Add search
* Remove comment on global scope
* use union all and update test to make it run on all dbs
* Fix MySQL needs a space
* Account for suggestion.
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Joey Orlando <joey.orlando@grafana.com>
Co-authored-by: Joey Orlando <joseph.t.orlando@gmail.com>
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
