Commit Graph

399 Commits

Author SHA1 Message Date
Torkel Ödegaard
f68b8b73f0
LDAP: Align ldap example with the devenv testdata (#18343) 2019-08-02 12:00:13 +02:00
gotjosh
87a794fe0a
Docs: Update documentation with new SAML features (#18163)
* Update defaults.ini and sample.ini with the SAML assertion mapping
fields

* Document Grafana's ability to map ACS attributes while a Grafana user is created
2019-07-23 09:20:07 +01:00
Alexander Zobnin
e47546d529
Docs: SAML idp_metadata_url option (#18181) 2019-07-18 18:45:59 +03:00
gotjosh
d006f7c916
Docs: SAML (#18069)
* docs: Link to SAML docs and document configuration options

- Document configuration options `defaults.ini` and `sample.ini`
- Add the SAML documentation
- Link to the SAML documentation from "what's new in 6.3"
2019-07-17 13:46:51 +01:00
Oleg Gaidarenko
e2cf7c9698
LDAP: finishing touches (#17945)
* LDAP:Docs: `active_sync_enabled` setting

Mention `active_sync_enabled` setting and enable it by default

* LDAP: move "disableExternalUser" method

Idea behind new design of the LDAP module is to minimise conflation
between other parts of the system, so it would decoupled as much as
possible from stuff like database, HTTP transport and etc.

Following "Do One Thing and Do It Well" Unix philosophy principal, other things
could be better fitted on the consumer side of things.

Which what this commit trying to archive

* LDAP: correct user/admin binding

The second binding was not happening, so if the admin login/password
in LDAP configuration was correct, anyone could had login as anyone using
incorrect password
2019-07-05 17:49:00 +03:00
gotjosh
e6b8a1529b
SAML: Configuration defaults, examples and dependencies (#17954)
* Add SAML configuration options

* Add crewjam/saml as a depdency

Needed as part of the enterprise SAML integration.

* Vendor github.com/stretchr/testify/require

The package require implements the same assertions as the `assert` package but stops test execution when a test fails.
2019-07-05 11:27:14 +01:00
Torkel Ödegaard
57c220c93d
Docs: added version notice to new ldap feature docs (#17929) 2019-07-04 14:39:11 +02:00
Sofia Papagiannaki
dc9ec7dc91
Auth: Allow expiration of API keys (#17678)
* Modify backend to allow expiration of API Keys

* Add middleware test for expired api keys

* Modify frontend to enable expiration of API Keys

* Fix frontend tests

* Fix migration and add index for `expires` field

* Add api key tests for database access

* Substitude time.Now() by a mock for test usage

* Front-end modifications

* Change input label to `Time to live`
* Change input behavior to comply with the other similar
* Add tooltip

* Modify AddApiKey api call response

Expiration should be *time.Time instead of string

* Present expiration date in the selected timezone

* Use kbn for transforming intervals to seconds

* Use `assert` library for tests

* Frontend fixes

Add checks for empty/undefined/null values

* Change expires column from datetime to integer

* Restrict api key duration input

It should be interval not number

* AddApiKey must complain if SecondsToLive is negative

* Declare ErrInvalidApiKeyExpiration

* Move configuration to auth section

* Update docs

* Eliminate alias for models in modified files

* Omit expiration from api response if empty

* Eliminate Goconvey from test file

* Fix test

Do not sleep, use mocked timeNow() instead

* Remove index for expires from api_key table

The index should be anyway on both org_id and expires fields.
However this commit eliminates completely the index for now
since not many rows are expected to be in this table.

* Use getTimeZone function

* Minor change in api key listing

The frontend should display a message instead of empty string
if the key does not expire.
2019-06-26 09:47:03 +03:00
Oleg Gaidarenko
31d2905490 LDAP:Docs: add information on LDAP sync feature and update LDAP sync default (#17689)
* Docs: for LDAP active sync feature
2019-06-25 12:54:13 +02:00
Sergey Goppikov
dda8b731e8 Settings: Fix typo in defaults.ini (#17707)
`backround` -> `backGround`
2019-06-23 17:38:30 +02:00
Kyle Brandt
49f0f0e89e
config: fix connstr for remote_cache (#17675)
fixes #17643 and adds test to check for commented out lines (but will only catch `;`, not `#`).
2019-06-20 10:15:21 -04:00
Oleg Gaidarenko
1c08e58605
LDAP: small improvements to various LDAP parts (#17662)
* Add multildap config example

* Publicize mocks for multildap module
2019-06-19 15:46:04 +02:00
Kyle Brandt
599514ad68
middleware: add security related HTTP(S) response headers (#17522)
* x_xss_protection
  * strict_transport_security (HSTS)
  * x_content_type_options

these are currently defaulted to false (off) until the next minor release.

fixes #17509
2019-06-12 13:15:50 +02:00
Kyle Brandt
c09fe3c3b4
remote_cache: Fix redis (#17483)
* wip: fix remote cache for redis
connstr parsing and non-negative expires for #17377
TODO: finish parse, check zero case, find out why negative duration in the first place

* finish parse.
Still TODO, find out negative value, and decide if would be better to make database specific entries in the .ini file

* update ini files

* remove accidental uncomment in defaults.ini

* auth_proxy: expiration non-negative so expiration is not in the past

* fix test, revert neg in redis

* review: use errutil
2019-06-10 15:27:08 +02:00
Tom McClellan
34f314552d Config: Add comment before log_queries in sample ini file (#17462) 2019-06-06 11:13:27 +02:00
Jonathan Rockway
02975256d1 Tracing: allow propagation with Zipkin headers (#17009)
Closes #17006
2019-06-05 13:12:05 +02:00
Abhilash Gnan
04d473b3e5 HTTP Server: Serve Grafana with a custom URL path prefix (#17048)
Adds a new [server] setting `serve_from_sub_path`. By enabling 
this setting and using a subpath in `root_url` setting, e.g.
`root_url = http://localhost:3000/grafana`, Grafana will be accessible 
on `http://localhost:3000/grafana`. By default it is set to `false` 
for compatibility reasons.

Closes #16623
2019-05-27 17:47:29 +02:00
Marcus Efraimsson
1c1427520d
Security: Add new setting allow_embedding (#16853)
When allow_embedding is false (default) the Grafana backend 
will set the http header `X-Frame-Options: deny` in all responses 
to non-static content which will instruct browser to not allow 
Grafana to be embedded in `<frame>`, `<iframe>`, 
`<embed>` or `<object>`.

Closes #14189
2019-05-06 09:56:23 +02:00
Oleg Gaidarenko
66c9297c36
Feature: introduce LdapActiveSyncEnabled setting (#16787)
* Feature: introduce LdapActiveSyncEnabled setting

We probably remove it after the active sync is done.
But at the moment we do not want to affect the current users
with not fully tested feature

* Chore: move settings in more logical order
2019-04-27 09:03:59 +03:00
Oleg Gaidarenko
62b85a886e
LDAP Refactoring to support syncronizing more than one user at a time. (#16705)
* Feature: add cron setting for the ldap settings

* Move ldap configuration read to special function

* Introduce cron setting (no docs for it yet, pending approval)

* Chore: duplicate ldap module as a service

* Feature: implement active sync

This is very early preliminary implementation of active sync.
There is only one thing that's going right for this code - it works.

Aside from that, there is no tests, error handling, docs, transactions,
it's very much duplicative and etc.

But this is the overall direction with architecture I'm going for

* Chore: introduce login service

* Chore: gradually switch to ldap service

* Chore: use new approach for auth_proxy

* Chore: use new approach along with refactoring

* Chore: use new ldap interface for auth_proxy

* Chore: improve auth_proxy and subsequently ldap

* Chore: more of the refactoring bits

* Chore: address comments from code review

* Chore: more refactoring stuff

* Chore: make linter happy

* Chore: add cron dep for grafana enterprise

* Chore: initialize config package var

* Chore: disable gosec for now

* Chore: update dependencies

* Chore: remove unused module

* Chore: address review comments

* Chore: make linter happy
2019-04-26 15:47:16 +03:00
Oleg Gaidarenko
78cd9058a3
Feature: add cron setting for the ldap settings (#16673)
* Feature: add cron setting for the ldap settings

* Move ldap configuration read to special function

* Introduce cron setting (no docs for it yet, pending approval)

* Chore: address code review comments
2019-04-25 17:12:56 +03:00
Josh
fca5ee4bea Provisioning: Support FolderUid in Dashboard Provisioning Config (#16559)
* add folderUid to DashbaordsAsConfig structs and DashbardProviderConfigs struct, set these values in mapping func
look for new folderUid values in config_reader tests
set dashboard folder Uid explicitly in file_reader, which has no affect when not given

* formatting and docstrings

* add folderUid to DashbaordsAsConfig structs and DashbardProviderConfigs struct, set these values in mapping func
look for new folderUid values in config_reader tests
set dashboard folder Uid explicitly in file_reader, which has no affect when not given

* formatting and docstrings

* add folderUid option, as well as documentation for the rest of the fields

* add blank folderUid in devenv example.

* add folderUid to provisioning sample yaml

* instead of just warning, return error if unmarshalling dashboard provisioning file fails

* Removing the error handling and adding comment

* Add duplicity check for folder Uids


Co-authored-by: swtch1 <joshua.thornton@protonmail.com>
2019-04-24 08:57:42 +02:00
Oleg Gaidarenko
db584b3d28
Chore: remove session storage references (#16445)
* Chore: remove session storage references

* Small refactoring of the settings module

* Update docs - remove references for the session storage

* Update config files (sample and default configs)

* Add tests for warning during the config load on defined storage cache

* Remove all references to session storage

* Remove macaron session dependency

* Remove leftovers

* Fix: address review comments

* Fix: remove old deps

* Fix: add skipStaticRootValidation = true to tests

* Fix: improve the docs and warning message

As per discussion in here - https://github.com/grafana/grafana/pull/16445/files#r273026255

* Chore: make linter happy

Fixes #16148
Ref #16114
2019-04-22 18:58:24 +03:00
Carl Bergquist
490515aec6
build: partially replace gometalinter with golangci-lint (#16610)
we still use gometalinter for goconst since it doesn't 
report errors for duplicated in test files
2019-04-16 10:27:07 +02:00
Ryan McKinley
3c21a121eb Plugins: Unifying alpha state & options for all plugins (#16530)
* app pages

* app pages

* workign example

* started alpha support

* remove app stuff

* show warning on alpha/beta panels

* put app back on plugin file

* fix go

* add enum for PluginType and PluginIncludeType

* Refactoring and moving settings to plugins section

fixes #16529
2019-04-12 13:46:42 +02:00
kleph
7ddb770e3b Configuration: Improve session_lifetime comments (#16238) 2019-03-29 13:10:20 +07:00
Zzy
1b84a924a3 Alerting: Makes timeouts and retries configurable (#16259)
Adds new alert settings for configuring timeouts and retries named 
evaluation_timeout_seconds, notification_timeout_seconds 
and max_attempts.

Closes #16240
2019-03-29 12:58:37 +07:00
Oleg Gaidarenko
04b3afcd15
Chore: Implement revive (#16200)
Since we do not like some of the default golint rules,
this commit proposes to use https://github.com/mgechev/revive.

And potential revive speed-up should't hurt :).

Right now, presented config (./conf/revive.toml) is permissive,
we might improve it over time however. Fixes for found revive
issues in the code are very limited so it wouldn't be large to review.

Also in this commit:

* Add annotations for makefile commands and declare phony targets

* Rename "gometalinter" script and CI command to "lint"
  since we are doing there a bit more then using gometalinter package

* Add Makefile rules to .editorconfig

* Documentation which mentioned "golint" replaced with revive

Fixes #16109
Ref #16160
2019-03-27 17:53:49 +01:00
Hugo Häggmark
a90b3e331e config: updated feature toggle name 2019-03-19 13:59:39 +01:00
Andrej Ocenas
697a87b7b2 Add check so that header is not sent for anonymous users 2019-03-14 16:33:21 +01:00
Andrej Ocenas
bbdc1c0e64 Add custom header with grafana user and a config switch for it 2019-03-14 16:33:19 +01:00
Carl Bergquist
291ffcb75b
Merge pull request #15457 from bergquist/distributed_cache
Distributed cache
2019-03-14 16:16:39 +01:00
Torkel Ödegaard
06f7a49a61 Refactoring / fixing password hint PR #15868 2019-03-11 13:33:57 +01:00
bergquist
7e7427637c renames distcache -> remotecache 2019-03-11 10:49:55 +01:00
bergquist
daa3b17951 code layouts and comments 2019-03-11 10:49:42 +01:00
bergquist
98f5432659 memcache -> memcached
https://github.com/memcached/memcached
2019-03-11 10:49:09 +01:00
bergquist
196cdf9710 adds config to default settings 2019-03-11 10:49:09 +01:00
Woodward, Joshua
946e542412 Make password hint configurable from settings/defaults.ini 2019-03-07 14:00:04 -08:00
Hugo Häggmark
8f62082482 Added feature toggle to defaults.ini and sample.ini after PR comments 2019-02-22 14:39:22 +01:00
bergquist
170783c292 make hourly cleanup the default behavior 2019-02-07 10:51:35 +01:00
Marcus Efraimsson
1a140ee199
run token cleanup job when grafana starts, then each hour 2019-02-06 22:27:08 +01:00
Marcus Efraimsson
85ef2ca738
fix spelling 2019-02-06 09:43:45 +01:00
Marcus Efraimsson
3c2fd02bc0
refactor login/auth token configuration settings
remove login section and reuse existing sections security and auth
2019-02-05 21:09:55 +01:00
bergquist
a6bd2c73a0 introduce samesite setting for login cookie
ref #15067
2019-02-01 11:47:21 +01:00
Carl Bergquist
c6f80ecec2
Merge pull request #14229 from pbakulev/configurable-alert-notification
Configurable alert notification
2019-01-28 22:47:12 +01:00
bergquist
8f0e65a150 renames alert_notifications -> notifiers 2019-01-28 20:39:09 +01:00
Marcus Efraimsson
f701c610fb
Merge pull request #15054 from RangerRick/master
add global datasource proxy timeout setting
2019-01-28 18:21:27 +01:00
bergquist
6a8643b3d1 Merge branch 'master' into configurable-alert-notification
* master: (250 commits)
  Firing off an action instead of listening to location changes
  Changes after PR Comments
  Made ExplorerToolbar connected and refactored away responsabilities from Explore
  Removed some split complexity
  Fixed some more styling
  Fixed close split look and feel
  Fixed position of Closesplit
  Fixed small issue with TimePicker dropdown position
  Simplified some styles and dom elements
  Fixed some more with the sidemenu open and smaller screens
  Fixed so heading looks good with closed sidemenu
  Restructure of component and styling
  Refactored out ExploreToolbar from Explore
  Fixed reinitialise of Explore
  changelog: add notes about closing #13929
  changelog: add notes about closing #14558
  changelog: add notes about closing #14484
  changelog: add notes about closing #13765
  changelog: add notes about closing #11503
  changelog: add notes about closing #4075
  ...
2019-01-28 14:16:43 +01:00
bergquist
6e672eb291 enable explore by default
closes #15037
2019-01-28 13:02:54 +01:00
Marcus Efraimsson
e4924795a2
change default rotate_token_minutes to 10 minutes 2019-01-25 13:30:26 +01:00