* Update defaults.ini and sample.ini with the SAML assertion mapping
fields
* Document Grafana's ability to map ACS attributes while a Grafana user is created
* docs: Link to SAML docs and document configuration options
- Document configuration options `defaults.ini` and `sample.ini`
- Add the SAML documentation
- Link to the SAML documentation from "what's new in 6.3"
* LDAP:Docs: `active_sync_enabled` setting
Mention `active_sync_enabled` setting and enable it by default
* LDAP: move "disableExternalUser" method
Idea behind new design of the LDAP module is to minimise conflation
between other parts of the system, so it would decoupled as much as
possible from stuff like database, HTTP transport and etc.
Following "Do One Thing and Do It Well" Unix philosophy principal, other things
could be better fitted on the consumer side of things.
Which what this commit trying to archive
* LDAP: correct user/admin binding
The second binding was not happening, so if the admin login/password
in LDAP configuration was correct, anyone could had login as anyone using
incorrect password
* Add SAML configuration options
* Add crewjam/saml as a depdency
Needed as part of the enterprise SAML integration.
* Vendor github.com/stretchr/testify/require
The package require implements the same assertions as the `assert` package but stops test execution when a test fails.
* Modify backend to allow expiration of API Keys
* Add middleware test for expired api keys
* Modify frontend to enable expiration of API Keys
* Fix frontend tests
* Fix migration and add index for `expires` field
* Add api key tests for database access
* Substitude time.Now() by a mock for test usage
* Front-end modifications
* Change input label to `Time to live`
* Change input behavior to comply with the other similar
* Add tooltip
* Modify AddApiKey api call response
Expiration should be *time.Time instead of string
* Present expiration date in the selected timezone
* Use kbn for transforming intervals to seconds
* Use `assert` library for tests
* Frontend fixes
Add checks for empty/undefined/null values
* Change expires column from datetime to integer
* Restrict api key duration input
It should be interval not number
* AddApiKey must complain if SecondsToLive is negative
* Declare ErrInvalidApiKeyExpiration
* Move configuration to auth section
* Update docs
* Eliminate alias for models in modified files
* Omit expiration from api response if empty
* Eliminate Goconvey from test file
* Fix test
Do not sleep, use mocked timeNow() instead
* Remove index for expires from api_key table
The index should be anyway on both org_id and expires fields.
However this commit eliminates completely the index for now
since not many rows are expected to be in this table.
* Use getTimeZone function
* Minor change in api key listing
The frontend should display a message instead of empty string
if the key does not expire.
* x_xss_protection
* strict_transport_security (HSTS)
* x_content_type_options
these are currently defaulted to false (off) until the next minor release.
fixes#17509
* wip: fix remote cache for redis
connstr parsing and non-negative expires for #17377
TODO: finish parse, check zero case, find out why negative duration in the first place
* finish parse.
Still TODO, find out negative value, and decide if would be better to make database specific entries in the .ini file
* update ini files
* remove accidental uncomment in defaults.ini
* auth_proxy: expiration non-negative so expiration is not in the past
* fix test, revert neg in redis
* review: use errutil
Adds a new [server] setting `serve_from_sub_path`. By enabling
this setting and using a subpath in `root_url` setting, e.g.
`root_url = http://localhost:3000/grafana`, Grafana will be accessible
on `http://localhost:3000/grafana`. By default it is set to `false`
for compatibility reasons.
Closes#16623
When allow_embedding is false (default) the Grafana backend
will set the http header `X-Frame-Options: deny` in all responses
to non-static content which will instruct browser to not allow
Grafana to be embedded in `<frame>`, `<iframe>`,
`<embed>` or `<object>`.
Closes#14189
* Feature: introduce LdapActiveSyncEnabled setting
We probably remove it after the active sync is done.
But at the moment we do not want to affect the current users
with not fully tested feature
* Chore: move settings in more logical order
* Feature: add cron setting for the ldap settings
* Move ldap configuration read to special function
* Introduce cron setting (no docs for it yet, pending approval)
* Chore: duplicate ldap module as a service
* Feature: implement active sync
This is very early preliminary implementation of active sync.
There is only one thing that's going right for this code - it works.
Aside from that, there is no tests, error handling, docs, transactions,
it's very much duplicative and etc.
But this is the overall direction with architecture I'm going for
* Chore: introduce login service
* Chore: gradually switch to ldap service
* Chore: use new approach for auth_proxy
* Chore: use new approach along with refactoring
* Chore: use new ldap interface for auth_proxy
* Chore: improve auth_proxy and subsequently ldap
* Chore: more of the refactoring bits
* Chore: address comments from code review
* Chore: more refactoring stuff
* Chore: make linter happy
* Chore: add cron dep for grafana enterprise
* Chore: initialize config package var
* Chore: disable gosec for now
* Chore: update dependencies
* Chore: remove unused module
* Chore: address review comments
* Chore: make linter happy
* Feature: add cron setting for the ldap settings
* Move ldap configuration read to special function
* Introduce cron setting (no docs for it yet, pending approval)
* Chore: address code review comments
* add folderUid to DashbaordsAsConfig structs and DashbardProviderConfigs struct, set these values in mapping func
look for new folderUid values in config_reader tests
set dashboard folder Uid explicitly in file_reader, which has no affect when not given
* formatting and docstrings
* add folderUid to DashbaordsAsConfig structs and DashbardProviderConfigs struct, set these values in mapping func
look for new folderUid values in config_reader tests
set dashboard folder Uid explicitly in file_reader, which has no affect when not given
* formatting and docstrings
* add folderUid option, as well as documentation for the rest of the fields
* add blank folderUid in devenv example.
* add folderUid to provisioning sample yaml
* instead of just warning, return error if unmarshalling dashboard provisioning file fails
* Removing the error handling and adding comment
* Add duplicity check for folder Uids
Co-authored-by: swtch1 <joshua.thornton@protonmail.com>
* Chore: remove session storage references
* Small refactoring of the settings module
* Update docs - remove references for the session storage
* Update config files (sample and default configs)
* Add tests for warning during the config load on defined storage cache
* Remove all references to session storage
* Remove macaron session dependency
* Remove leftovers
* Fix: address review comments
* Fix: remove old deps
* Fix: add skipStaticRootValidation = true to tests
* Fix: improve the docs and warning message
As per discussion in here - https://github.com/grafana/grafana/pull/16445/files#r273026255
* Chore: make linter happy
Fixes#16148
Ref #16114
* app pages
* app pages
* workign example
* started alpha support
* remove app stuff
* show warning on alpha/beta panels
* put app back on plugin file
* fix go
* add enum for PluginType and PluginIncludeType
* Refactoring and moving settings to plugins section
fixes#16529
Adds new alert settings for configuring timeouts and retries named
evaluation_timeout_seconds, notification_timeout_seconds
and max_attempts.
Closes#16240
Since we do not like some of the default golint rules,
this commit proposes to use https://github.com/mgechev/revive.
And potential revive speed-up should't hurt :).
Right now, presented config (./conf/revive.toml) is permissive,
we might improve it over time however. Fixes for found revive
issues in the code are very limited so it wouldn't be large to review.
Also in this commit:
* Add annotations for makefile commands and declare phony targets
* Rename "gometalinter" script and CI command to "lint"
since we are doing there a bit more then using gometalinter package
* Add Makefile rules to .editorconfig
* Documentation which mentioned "golint" replaced with revive
Fixes#16109
Ref #16160
* master: (250 commits)
Firing off an action instead of listening to location changes
Changes after PR Comments
Made ExplorerToolbar connected and refactored away responsabilities from Explore
Removed some split complexity
Fixed some more styling
Fixed close split look and feel
Fixed position of Closesplit
Fixed small issue with TimePicker dropdown position
Simplified some styles and dom elements
Fixed some more with the sidemenu open and smaller screens
Fixed so heading looks good with closed sidemenu
Restructure of component and styling
Refactored out ExploreToolbar from Explore
Fixed reinitialise of Explore
changelog: add notes about closing #13929
changelog: add notes about closing #14558
changelog: add notes about closing #14484
changelog: add notes about closing #13765
changelog: add notes about closing #11503
changelog: add notes about closing #4075
...