* add nested folder scope inheritance to managed permission services
* add a more specific erorr
* remove circular dependencies
* use errutil for returning erorr
* fix tests
* fix tests
* define a new error in ac package
* AuthN: Update signature of redirect client and RedirectURL function
* OAuth: use authn.Service to perform oauth authentication and login if feature toggle is enabled
* AuthN: register oauth clients
* AuthN: set auth module metadata
* AuthN: add logs for failed login attempts
* AuthN: Don't use enable disabled setting
* OAuth: only run hooks when authnService feature toggle is disabled
* OAuth: Add function to handle oauth errors from authn.Service
* WIP
* Update pkg/services/login/authinfo.go
* fix: merge
* change order to internal last
* adds: docs
* add: configuration for defaults and sample
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Jo <joao.guerreiro@grafana.com>
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
---------
Co-authored-by: Jo <joao.guerreiro@grafana.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
This adds provisioning endpoints for downloading alert rules and alert rule groups in a
format that is compatible with file provisioning. Each endpoint supports both json and
yaml response types via Accept header as well as a query parameter
download=true/false that will set Content-Disposition to recommend initiating a download
or inline display.
This also makes some package changes to keep structs with potential to drift closer
together. Eventually, other alerting file structs should also move into this new file
package, but the rest require some refactoring that is out of scope for this PR.
The old GrafanaComURL setting didn't have the /api suffix so needed it
adding on by the proxy director, but the new GrafanaComAPIURL setting is
assumed to already point directly to the API and doesn't need an
additional suffix.
This is the only place in the codebase that GrafanaComAPIURL is used.
* Add config to remove Snapshot functionality (frontend is hidden and validation in the backend)
* Add test cases
* Remove unused mock on the test
* Moving Snapshot config from globar variables to settings.Cfg
* Removing warnings on code
* API: Add reqSignedIn to router groups
* AuthN: Add fall through in context handler
* AuthN: Add IsAnonymous field
* AuthN: add priority to context aware clients
* ContextHandler: Add comment
* AuthN: Add a simple priority queue
* AuthN: Add Name to client interface
* AuthN: register clients with function
* AuthN: update mock and fake to implement interface
* AuthN: rewrite test without reflection
* AuthN: add comment
* AuthN: fix queue insert
* AuthN: rewrite tests
* AuthN: make the queue generic so we can reuse it for hooks
* ContextHandler: Add fixme for auth headers
* AuthN: remove unused variable
* AuthN: use multierror
* AuthN: write proper tests for queue
* AuthN: Add queue item that can store the value and priority
Co-authored-by: Jo <joao.guerreiro@grafana.com>
* Access Control: Add folder service dependency to the dashboard/folder resolvers
* Expose the function fetching parents to folder interface
* Add generic prepend utility
* Modify dashboard resolvers to return inherited scopes
* add: skip_org_role_sync setting for github
* fix: frontend
* rearranged tests
* refactor: assignGrafanaAdmin skip also
* Add: tests for allowGrafanaAdmin
- both for the case when both settings are set and the setting for only
allowGrafanaAdmin
* Apply suggestions from code review
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update pkg/login/social/github_oauth.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* added vairable inside scope
* Update docs/sources/setup-grafana/configure-security/configure-authentication/github/index.md
* Update docs/sources/setup-grafana/configure-security/configure-authentication/github/index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
During the review of the initial PR adding this (#59506) I removed
a new global variable from the setting package, but forgot to update
the reference to the new setting, so the API URL wasn't actually
being used. This PR updates the proxy endpoint to use the API
URL correctly.
Aside: I'm not a huge fan of how the error is being ignored when parsing
the URL, but I think that should be addressed in a separate PR if anyone
has a suggestion for how we should handle it. (Should we check that the
URL is valid when parsing config?)
* rename routes and fix access control for support bundles
* AccessControl: Hide menu if not authorized
* AccessControl: Add AC guards for create and delete
* lint
* feat: add a new modal for displaying no-access info
* feat(CardGrid): add an onClick handler for items
* feat: open a no-access modal when clicking on a connection in the catlog
* feat: update permissions
Open a "No access" modal when the user clicks a connection type but has no permissions creating a datasource out of it
* test: add tests for opening the No Access modal
* test: fix the user permissions in tests
* Wip
* Revert "Wip"
This reverts commit 7f080c7f77.
* Add new config option
* Add frontend control
* Condition new auth broker with config option
* Condition old auth broker with config option
Co-authored-by: Jo <joao.guerreiro@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
