* add: deprecation to api keys write path
* boolean w. meessage
* add read and delete endpoints
* better description of deprecation
* updated with puncutations
* Tracing: Pass OTLP address and propagation format to plugins
* Fix unit tests
* Fix indentation
* Fix plugin manager integration tests
* Goimports
* Pass plugin version to plugins
* Do not add GF_PLUGIN_VERSION if plugin version is not set, add tests
* Allow disabling plugins distributed tracing on a per-plugin basis
* Moved disabled plugins to tracing.opentelemetry config section
* Pre-allocate DisabledPlugins map to the correct size
* Moved disable tracing setting flags in plugin settings
* Renamed plugin env vars for tracing endpoint and propagation
* Fix plugin initializer tests
* Refactoring: Moved OpentelemetryCfg from pkg/infra to pkg/plugins
* Changed GetSection to Section in parseSettingsOpentelemetry
* Add tests for NewOpentelemetryCfg
* Fix test case names in TestNewOpentelemetryCfg
* OpenTelemetry: Remove redundant error checks
* Nested Folders: Fix move response
Fix JSON tags to be consistent with the GET endpoint
* Add API test for moving to root folder
* Allow move to root folder
* Fix failure message
* Update OpenAPI specification
* FeatureToggle: Add toggle to use a new way of rotating tokens
* API: Add endpoints to perform token rotation, one endpoint for api request and one endpoint for redirectsd
* Auth: Aling not authorized handling between auth middleware and access
control middleware
* API: add utility function to get redirect for login
* API: Handle token rotation redirect for login page
* Frontend: Add job scheduling for token rotation and make call to token rotation as fallback in retry request
* ContextHandler: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated
* AuthN: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated
* Cookies: Add option NotHttpOnly
* AuthToken: Add helper function to get next rotation time and another function to check if token need to be rotated
* AuthN: Add function to delete session cookie and set expiry cookie
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* fix: disable orgrolepicker if externaluser is synced
* add disable to role picker
* just took me 2 hours to center the icon
* wip
* fix: check externallySyncedUser for API call
* remove check from store
* add: tests
* refactor authproxy and made tests run
* add: feature toggle
* set feature toggle for tests
* add: IsProviderEnabled
* refactor: featuretoggle name
* IsProviderEnabled tests
* add specific tests for isProviderEnabled
* fix: org_user tests
* add: owner to featuretoggle
* add missing authlabels
* remove fmt
* feature toggle
* change config
* add test for a different authmodule
* test refactor
* gen feature toggle again
* fix basic auth user able to change the org role
* test for basic auth role
* make err.base to error
* lowered lvl of log and input mesg
* protect moving folders to a subfolder and creating folders in a subfolder
* folder update endpoint isn't used for folder parent update
* lint
* move permission check logic to services, fix tests
* linting
* only redirect to /login when anonymous access is disabled
* only search for dashboards when not logged in if anon access is enabled
* fix go logic
* add unit tests
* Add test for deleting snapshot for non existent dashboard
* Add test for failure to fetch guardian other than ErrDashboardNotFound
* Fix dashboard snapshot delete
* Social: Fix type so it appears in error responses
* AuthN: construct errutil.Error from social.Error
* login: Check for errutil.Error and use public message
* Login: redirectURLWithErrorCookie for authn errors
Co-authored-by: Jo <joao.guerreiro@grafana.com>
* revert to using folder store from the resolvers
* fixing tests after revert
* api test fixes
---------
Co-authored-by: Kristin Laemmert <mildwonkey@users.noreply.github.com>
* move analytics identifiers to backend
* implement hash function
* grab secret from env
* expose and retrieve intercom secret from config
* concat email with appUrl to ensure uniqueness
* revert to just using email
* Revert "revert to just using email"
This reverts commit 8f10f9b1bc.
* add docstring
* AuthN: add utility functions to handle response and redirect after
successful login
* API: Reuse utility functions for logins if authnService flag is enabled
* feat(plugins): introduce dashboard panel menu placement for adding menu items
* test: add test for getPanelMenu()
* added an unique identifier for each extension.
* added context to getPluginExtensions.
* wip
* Wip
* wiwip
* Wip
* feat: WWWIIIIPPPP 🧨
* Wip
* Renamed some of the types to align a bit better.
* added limit to how many extensions a plugin can register per placement.
* decreased number of items to 2
* will trim the lenght of titles to max 25 chars.
* wrapping configure function with error handling.
* added error handling for all scenarios.
* moved extension menu items to the bottom of the more sub menu.
* added tests for configuring the title.
* minor refactorings.
* changed so you need to specify the full path in package.json.
* wip
* removed unused type.
* big refactor to make things simpler and to centralize all configure error/validation handling.
* added missing import.
* fixed failing tests.
* fixed tests.
* revert(extensions): remove static extensions config in favour of registering via AppPlugin APIs
* removed the compose that didn't work for some reason.
* added tests just to verify that validation and error handling is tied together in configuration function.
* adding some more values to the context.
* draft validation.
* added missing tests for getPanelMenu.
* added more tests.
* refactor(extensions): move logic for validating extension link config to function
* Fixed ts errors.
* Update packages/grafana-data/src/types/app.ts
Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
* Update packages/grafana-runtime/src/services/pluginExtensions/extensions.test.ts
Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
* refactor(extensions): rename limiter -> pluginPlacementCount
* refactor(getpanelmenu): remove redundant continue statement
---------
Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
Co-authored-by: Marcus Andersson <marcus.andersson@grafana.com>
* chore(services): replace dependencies on dashboard store with dashboard service
This continues the backend service/store split by replacing dashboard store dependencies with service dependencies. the folder service remains the single exception for now; otherwise we'd have a dependency cycle between the folder and dashboard services. I have some ideas for that, but I'll take care of all the easy parts first.
While doing this, I identified and removed a number of unused arguments from the following functions:
NewFolderNameScopeResolver
NewFolderIDScopeResolver
NewFolderUIDScopeResolver
NewDashboardIDScopeResolver
NewDashboardUIDScopeResolver
resolveDashboardScope
I have a small enterprise PR to support this commit.
* lingering fmt
* chore: remove export service POC from main
This is a POC and we'll see it, or something like it, again!
* remove frontend changes
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* Enable serving Swagger UI by default
It used to be served behind the `swaggerUi` feature toggle.
* Remove `swaggerUi` feature toggle
* Add docs and guidelines for updating swagger
* Apply suggestions from code review
Co-authored-by: Josh Hunt <joshhunt@users.noreply.github.com>
* Setting: Remove global DisableLoginForm and add it to cfg
* Setting: Remove unused BasicAuthEnabled global
* Setting: Remove global OAuthAutoLogin and use from cfg
* Setting: Remove global AnonymousEnabled
* Setting: Remove global values for AuthProxy settings
* fix org user always getting org id = 1 on auto assign false
* make tests explicit
* use correct cfg in service accounts
* fix api tests
* fix database test of ac
* fix InsertOrgUser returning affected rows as orgID
* Plugins CDN: Add support for different CDN root path
* Plugins CDN: Make frontendsettings return the correct CDN base path
* Update comments
* Fix version detection
* Undo frontend changes
* Fix system.js asset path construction
* fix(plugins): translate all plugin css asset paths loaded via cdn
* refactor(plugins): rename extractPluginNameVersionFromUrl and add comments
* Fix typo in comment
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
* Hardcode CDN URL structure
/{id}/{version}/public/plugins/{id}/{assetPath} is not required anymore in the cdn url template config
---------
Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
* add anon sessions package
* add usage stat fn
* implement count for cache
* add anonservice to authn broker
* lint
* add tests for remote cache count
* move anon service to services
* wrap tagging in goroutine
* make func used
* Update oapi library and thema
* Use fork commit to fix elasticsearch and cloudwatch generators
* Update thema
* Fixes
* Update thema with last fixes
* Sync
* Fix test
* Update thema and schemas
* Update thema
* structure dtos and private methods
* add basic LDAP service
* use LDAP service in ldap debug API
* lower non fatal error
* remove unused globals
* wip
* remove final globals
* fix tests to use cfg enabled
* restructure errors
* remove logger from globals
* use ldap service in authn
* use ldap service in context handler
* fix failed tests
* fix ldap middleware provides
* fix provides in auth_test.go
* Remove Result field from AddDataSourceCommand
* Remove DatasourcesPermissionFilterQuery Result
* Remove GetDataSourceQuery Result
* Remove GetDataSourcesByTypeQuery Result
* Remove GetDataSourcesQuery Result
* Remove GetDefaultDataSourceQuery Result
* Remove UpdateDataSourceCommand Result
* Renamed target -> id and href -> path after feedback.
* fixed type issues in test page.
* chore(pluginschemajson): update extensions props target -> id
* this is the final.
* fixed typings...again...
---------
Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
* fix(dashboard version service): add DashboardUID to query and responses
The DashboardUID was not populated in the response from Get and ListDashboardVersions. This adds the DashboardUID to the Get query (it was already in List) and populated the DashboardUID in the returned DashboardVersionDTOs.
* added extensions to plugin.json and exposing it via frontend settings.
* added extensions to the plugin.json schema.
* changing the extensions in frontend settings to a map instead of an array.
* wip
* feat(pluginregistry): begin wiring up registry
* feat(pluginextensions): prevent duplicate links and clean up
* added test case for link extensions.
* added tests and implemented the getPluginLink function.
* wip
* feat(pluginextensions): expose plugin extension registry
* fix(pluginextensions): appease the typescript gods post rename
* renamed file and will throw error if trying to call setExtensionsRegistry if trying to call it twice.
* added reafactorings.
* fixed failing test.
* minor refactorings to make sure we only include extensions if the app is enabled.
* fixed some nits.
* Update public/app/features/plugins/extensions/registry.test.ts
Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
* Update packages/grafana-runtime/src/services/pluginExtensions/registry.ts
Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
* Update packages/grafana-runtime/src/services/pluginExtensions/registry.ts
Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
* Update public/app/features/plugins/extensions/registry.test.ts
Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
* Moved types for extensions from data to runtime.
* added a small example on how you could consume link extensions.
* renamed after feedback from levi.
* updated the plugindef.cue.
* using the generated plugin def.
* added tests for apps and extensions.
* fixed linting issues.
* wip
* wip
* wip
* wip
* test(extensions): fix up failing tests
* feat(extensions): freeze registry extension arrays, include type in registry items
* added restrictions in the pugindef cue schema.
* wip
* added required fields.
* added key to uniquely identify each item.
* test(pluginextensions): align tests with implementation
* chore(schema): refresh reference.md
---------
Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
* add bundle registry service to avoid dependency cycles
* move user support bundle collector to user service
* move usage stat bundle implementation to usage stats
* add info for background service
* fix remaining imports
* whitespace
* reorganize auth usage stats
* usage stat privilege elevators
* stat count of modified role
* cfg related info
* add authn anon client
* kv store
* ensure anon enabled is collected even if client is not registered
* fix usage stats test
* *Create Caching Config interface and OSS impl
*Create front-end facing DS Cache config
*Populate Caching Config on Datasource DTO
*Update OSS wire deps
* fix unit test
* handle query caching TTL override on the frontend
* Make sure the override works with pubdash
* move caching config to the right place in the ds info
* move caching config logic to enterprise index hook
* move queryCachingTTL to pubdash query payload
* Remove from metadata (not needed)
* rename struct and add comment
* remove invalid wire dependency
* manual revert of 395c74b
* fix frontend test
* fix backend test
* fix tests for real this time
* truly fix frontend test
* fix back end unit test for real
* remove result field from alert notification commands and queries
* fix a few more tests
* ok, linter
* remove alert result fields
* fix api calls
* et tu, linter
* Config: Make frontend settings a struct rather than map
remove frontend settings to setting package
remove frontend settings struct to dtos package
rearrange structs to avoid cycles
rename getFrontendSettings fn
omitempty
fix login test
fix middleware test
* wip some enterprise types
* cleanup, moved structs from enterprise
* ci
* add nested folder scope inheritance to managed permission services
* add a more specific erorr
* remove circular dependencies
* use errutil for returning erorr
* fix tests
* fix tests
* define a new error in ac package
* AuthN: Update signature of redirect client and RedirectURL function
* OAuth: use authn.Service to perform oauth authentication and login if feature toggle is enabled
* AuthN: register oauth clients
* AuthN: set auth module metadata
* AuthN: add logs for failed login attempts
* AuthN: Don't use enable disabled setting
* OAuth: only run hooks when authnService feature toggle is disabled
* OAuth: Add function to handle oauth errors from authn.Service
* WIP
* Update pkg/services/login/authinfo.go
* fix: merge
* change order to internal last
* adds: docs
* add: configuration for defaults and sample
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Jo <joao.guerreiro@grafana.com>
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
---------
Co-authored-by: Jo <joao.guerreiro@grafana.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
This adds provisioning endpoints for downloading alert rules and alert rule groups in a
format that is compatible with file provisioning. Each endpoint supports both json and
yaml response types via Accept header as well as a query parameter
download=true/false that will set Content-Disposition to recommend initiating a download
or inline display.
This also makes some package changes to keep structs with potential to drift closer
together. Eventually, other alerting file structs should also move into this new file
package, but the rest require some refactoring that is out of scope for this PR.
The old GrafanaComURL setting didn't have the /api suffix so needed it
adding on by the proxy director, but the new GrafanaComAPIURL setting is
assumed to already point directly to the API and doesn't need an
additional suffix.
This is the only place in the codebase that GrafanaComAPIURL is used.
* Add config to remove Snapshot functionality (frontend is hidden and validation in the backend)
* Add test cases
* Remove unused mock on the test
* Moving Snapshot config from globar variables to settings.Cfg
* Removing warnings on code
* API: Add reqSignedIn to router groups
* AuthN: Add fall through in context handler
* AuthN: Add IsAnonymous field
* AuthN: add priority to context aware clients
* ContextHandler: Add comment
* AuthN: Add a simple priority queue
* AuthN: Add Name to client interface
* AuthN: register clients with function
* AuthN: update mock and fake to implement interface
* AuthN: rewrite test without reflection
* AuthN: add comment
* AuthN: fix queue insert
* AuthN: rewrite tests
* AuthN: make the queue generic so we can reuse it for hooks
* ContextHandler: Add fixme for auth headers
* AuthN: remove unused variable
* AuthN: use multierror
* AuthN: write proper tests for queue
* AuthN: Add queue item that can store the value and priority
Co-authored-by: Jo <joao.guerreiro@grafana.com>
* Access Control: Add folder service dependency to the dashboard/folder resolvers
* Expose the function fetching parents to folder interface
* Add generic prepend utility
* Modify dashboard resolvers to return inherited scopes
* add: skip_org_role_sync setting for github
* fix: frontend
* rearranged tests
* refactor: assignGrafanaAdmin skip also
* Add: tests for allowGrafanaAdmin
- both for the case when both settings are set and the setting for only
allowGrafanaAdmin
* Apply suggestions from code review
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update pkg/login/social/github_oauth.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* added vairable inside scope
* Update docs/sources/setup-grafana/configure-security/configure-authentication/github/index.md
* Update docs/sources/setup-grafana/configure-security/configure-authentication/github/index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
During the review of the initial PR adding this (#59506) I removed
a new global variable from the setting package, but forgot to update
the reference to the new setting, so the API URL wasn't actually
being used. This PR updates the proxy endpoint to use the API
URL correctly.
Aside: I'm not a huge fan of how the error is being ignored when parsing
the URL, but I think that should be addressed in a separate PR if anyone
has a suggestion for how we should handle it. (Should we check that the
URL is valid when parsing config?)
* rename routes and fix access control for support bundles
* AccessControl: Hide menu if not authorized
* AccessControl: Add AC guards for create and delete
* lint
* feat: add a new modal for displaying no-access info
* feat(CardGrid): add an onClick handler for items
* feat: open a no-access modal when clicking on a connection in the catlog
* feat: update permissions
Open a "No access" modal when the user clicks a connection type but has no permissions creating a datasource out of it
* test: add tests for opening the No Access modal
* test: fix the user permissions in tests
* Wip
* Revert "Wip"
This reverts commit 7f080c7f77.
* Add new config option
* Add frontend control
* Condition new auth broker with config option
* Condition old auth broker with config option
Co-authored-by: Jo <joao.guerreiro@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* AuthN: Create password client wrapper and use that on in basic auth
client
* AuthN: fix basic auth client test
* AuthN: Add tests for form authentication
* API: Inject authn service
* Login: If authnService feature flag is enabled use authn login
* Login: Handle token creation errors
* [WIP] Auth: add backend skipOrgRoleSync to AzureAD OAuth
- add: skipOrgRoleSync
- rename: skipOrgRoleSync to skipOrgRoleSyncBase (to make it clear that
it is the base version of SocialBase)
- add: tests for skipOrgRoleSync in AzureAD
TODO:
- [ ] frontend changes
* add: docs
* refactor: remove role from basicinfo
* add: settings for grafanacom
* add: settigns for frontend
* add: logic for azureAD user skip org role
* add: docs for skip_org_role_sync
* refactor: docs a bit
* add: tests for userinfo
* refactor: to only extract if skiporgrolesync false
* refactor: based on review comments
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* API: Rewrite legacy access control and rbac tests for current org
endpoint
* API: Rewrite legacy and rbac endpoint tests for update current and
target org
* API: rewrite access control tests for create org
* API: Rewrite delete org api access control tests
* API: rewrite search org access control tests to not use mocked access
control
* API: Rewrite get org and get org by name access control tests to not use
mocked access control
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Chore: Move team models to models pkg
* Fix ACL tests
* More ACL tests
* Change Id to ID in conflict user command test
* Remove team from models
* Fix ac test lint
* Add auth labels and access control metadata to org users search results
* Fix search result JSON model
* Org users: Use API for pagination
* Fix default page size
* Refactor: UsersListPage to functional component
* Refactor: update UsersTable component code style
* Add pagination to the /orgs/{org_id}/users endpoint
* Use pagination on the AdminEditOrgPage
* Add /orgs/{org_id}/users/search endpoint to prevent breaking API
* Use existing search store method
* Remove unnecessary error
* Remove unused
* Add query param to search endpoint
* Fix endpoint docs
* Minor refactor
* Fix number of pages calculation
* Use SearchOrgUsers for all org users methods
* Refactor: GetOrgUsers as a service method
* Minor refactor: rename orgId => orgID
* Fix integration tests
* Fix tests
* protect /connection url paths with permissions
These permissions match the original ones at /datasources and /plugins
* add Connections section to navtree only if user has permissions
This commit works only when the easystart plugin is not present.
I'll see what I can do when it is present in the next commit(s).
* update datasources page permissions
The datasources page have Explore buttons on datasource entries,
therefore it makes sense to show this page for those, who can't edit or
create datasources but have explore permissions.
This applies for the traditional Editor role.
* DataSourcesList: link to edit page only if has right to write
If the user doesn't have rights to write datasources, then it's better
to not create a link from cards to the edit page. This way they won't
see the configuration of the data sources either, which is a desirable
outcome.
Also, I moved the query for DataSourcesExplore permission out from the
DataSourcesListView component in the DataSourcesList component, next to
the other permission queries - for the sake of consistency.
* fix permissions for connect data
This way it matches the permissions of the "Plugins" page.
* fix applinks test
* refactor(pluginhelp): rewrite as functional component with useAsync
* mimic old behaviour
* feat(pluginhelp): display message if backend returned an empty string
Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
The DashboardVersion struct is the database object; the DashboardVersionDTO is the object that should be sent to the API layer.
In the future I'd like to move DashboardVersion to dashverimpl and un-export it, but there are a few places that Insert directly into that table, not all of which are test fixtures, so that should wait until we clean up at least the DashboardService's use of it.
Log a useful msg if no oauth provider configured
When a user doesn't configure an OAuth provider and uses auto login, Grafana logs a misleading message indicating that he has multiple providers configured.
Time range added for public dashboard:
- Enable/Disable switch added in public dashboard configuration.
- Time range picker shown in public dashboard for viewer user
* Guardian: Use dashboard UID instead of ID
* Apply suggestions from code review
Introduce several guardian constructors and each time use
the most appropriate one.
Grafana would forward the X-Grafana-User header to backend plugin request when
dataproxy.send_user_header is enabled. In addition, X-Grafana-User will be automatically
forwarded in outgoing HTTP requests for core/builtin HTTP datasources.
Use grafana-plugin-sdk-go v0.147.0.
Fixes#47734
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
* RBAC: add viewer grand if dspermissions enforcement is not enabled
* RBAC: Change permissions based on role prefix
* RBAC: Add option to for permission service to add a license middleware
* RBAC: Remove actions from query struct
Adding support for backend plugin client middlewares. This allows headers in outgoing
backend plugin and HTTP requests to be modified using client middlewares.
The following client middlewares added:
Forward cookies: Will forward incoming HTTP request Cookies to outgoing plugins.Client
and HTTP requests if the datasource has enabled forwarding of cookies (keepCookies).
Forward OAuth token: Will set OAuth token headers on outgoing plugins.Client and HTTP
requests if the datasource has enabled Forward OAuth Identity (oauthPassThru).
Clear auth headers: Will clear any outgoing HTTP headers that was part of the incoming
HTTP request and used when authenticating to Grafana.
The current suggested way to register client middlewares is to have a separate package,
pluginsintegration, responsible for bootstrap/instantiate the backend plugin client with
middlewares and/or longer term bootstrap/instantiate plugin management.
Fixes#54135
Related to #47734
Related to #57870
Related to #41623
Related to #57065
* move original stats service into a separate package
* add stats service to wire
* move GetAdminStats
* switch to using stats.Service
* add missing package
* fix api tests
* RBAC: Add an endpoint to see all user permissions
Co-authored-by: Joey Orlando <joey.orlando@grafana.com>
* Fix mock
* Add feature flag
* Fix merging
* Return normal permissions instead of simplified ones
* Fix test
* Fix tests
* Fix tests
* Create benchtests
* Split function to get basic roles
* Comments
* Reorg
* Add two more tests to the bench
* bench comment
* Re-ran the test
* Rename GetUsersPermissions to SearchUsersPermissions and prepare search options
* Remove from model unused struct
* Start adding option to get permissions by Action+Scope
* Wrong import
* Action and Scope
* slightly tweak users permissions actionPrefix query param validation logic
* Fix xor check
* Lint
* Account for suggeston
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Add search
* Remove comment on global scope
* use union all and update test to make it run on all dbs
* Fix MySQL needs a space
* Account for suggestion.
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Joey Orlando <joey.orlando@grafana.com>
Co-authored-by: Joey Orlando <joseph.t.orlando@gmail.com>
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* feat(plugins-catalog): only allow admins to access plugins catalog routes
* add backend check
* fix(plugins-catalog): update route role access to include server admins
Co-authored-by: Will Browne <will.browne@grafana.com>
* remove legacy createorg from org service
* remove another createorg from orgimpl
* remove createorg from api pref tests
* remove createorg from api org tests
* fix tests
* remove createorg from annotations test
* remove createorg from team tests
* remove createorg from service accounts
* remove createorg from accesscontrol tests
* remove createorg from provisioning
* Use quotaservice from sc.hs
This change preallocates slices and maps where the size of the data is known before the object is created.
Co-authored-by: Joe Blubaugh <joe.blubaugh@grafana.com>
* Add new configuration option for SA tokens
* Add new expiry date option to frontend components
* Add backend validation
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Add ApprovalForce to AuthCodeOptions
* Extract access token validity check to a function
* Refactor
* Oauth: set options internally instead of exposing new function
* Align tests
* Remove unused function
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Auth: move interface to its own file
* Auth: move to test package
* Auth: move quota consts to auth file
* Auth: move service to impl package
* Auth: move interfaces and related models to auth package
* Auth: Create sub package and type alias to avoid circular dependency
* fix: email and username trimming and invitation validation
* Trim leading and trailing whitespaces from email and username on signup
* Check whether the provided email address is the same as where the invitation sent
* Align tests
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
* Nested Folders: Support getting of nested folder in folder service when feature flag is set
* Fix lint
* Fix some tests
* Fix ngalert test
* ngalert fix
* Fix API tests
* Fix some tests and lint
* Fix lint 2
* Fix library elements and panels
* Add access control to get folder
* Cleanup and minor test change
* Update thema to latest
* Deal with s/Library/*Runtime/
* Commit new, working results of codegen
* We like pointers now
* Always take runtime arg for NewBase()
* Sketchy handwavy pass at entity meta framework
* Little nibbles
* Update pkg/framework/coremodel/entityframework.cue
Co-authored-by: Artur Wierzbicki <wierzbicki.artur.94@gmail.com>
* Move file into new framework location
* Introduce loaders, Go code
* Complete rename to kind
* Flesh out framework, add svg/dashboard examples
* Cruft removal
* Remove generated kind go files from gitignore
* Refine maturity concept, add SlotKind
* Update embed and go deps
* Export PrefixWithGrafanaCUE
* Make the loader actually work, holy crap
* Many small tweaks to type.cue
* Add Apache 2 licensing exceptions for kinds
* Add new kinds dir, start of generator
* Roll back to earlier oapi-codegen
* Introduce new grafana-specific CUE loaders
* Introduce new tidy code generators framework
* Catch up kind framework with tinkering
* Add slices for the generators
* Add write/verify step to main generator
* Many renames
* Split up kind framework cue files
* Use kind.Decl within generated kinds
* Create kind.SomeDecl wrapper type to cache lineages
* Better names again
* Get one generated implemented, hopefully
* Copy dashboard schema into new kind.cue
* Small fixes to make the initial gen work
* Put svg kind in its new home
* Add generated Go dashboard type
* More renames and cleanups
* Add base kind registry and generator
* Stop blacklisting *_gen.go files
This is not the Go best practice, anyway. All we actually want to ignore
for enterprise is generated wire files.
* Change codegen output directories
pkg/kind -> pkg/kinds
pkg/registry/kindreg -> pkg/registry/corekind
* Rename pkg/framework/kind to pkg/kindsys
* Add core structured kind generator
* Add plural and machine names to kind spec
* Copy playlist over to kind system
* Consolidate kindsys files
* Add raw kind generator
* Update CODEOWNERS for kind framework
* Touch up comments a bit
* More docs tweaks
* Remove generated types to reduce noise for review
* Split each generator into its own file
* Rename Slot kind to Composable kind
* Add handwavy types for customkind loading
* Guard against init calls to framework loader
* First pass at doc on extending the kind system
* Improve attribute example in docs
* Fix wire imports
* Add basic TS types generator
* Fix composable kind category def
* No need for a separate file with generate directive
* Catch dashboard schema up
* Rename generator types to something saner and generic
* Make version configurable in ts/go generators
* Add CommonMeta to ease property access
* Add kindsys prop indicating whether lineage is group
* Put all kind categories back in a single file
* Finish with kindsys group props
* Refactor maturity progression per discussion
- Replace "committed" with "merged"
- All kindcats can use all maturity levels, at least for now
* Convert ts veneer index generator to modular system
* Move over to new jennywrites framework
* Strip down old coremodel generator
* Use public version of jennywrites
* Pull latest thema
* Commit generated Go types
* Add header injection postprocessor
* Move sdboyer/jennywrites to grafana/codejen
* Tweak header output
* Remove dashboard and playlist coremodels
* Fix up backend dashboards devenv test
* Fix TS import patterns to new gen filename
* Update internal imports, remove coremodel registry
* Fix compilation errors, wire generation
* Export and replace the prefix dropper
* More Go struct and field name changes
* Last name fixes, hopefully
* Fix lint errors
* Last lint error
Co-authored-by: Artur Wierzbicki <wierzbicki.artur.94@gmail.com>
* transfer DeleteFolder changes from larger PR
* finish some thingies
* add the simplest delete logics
* some intermedia steps
* fix tests
* add test
* fix some comments
Co-authored-by: yangkb09 <yangkb09@gmail.com>
* Plugins: CallResource: use canonical MIME headers when writing response
* Plugins: add tests for canonical mime headers and Set-Cookie filter
* Removed extra new line
Grafana's HTTPServer ensures that the Content-Type header is always set
in the response to a CallResource call, but when the status code is
204 No Content this shouldn't be done; the body should be empty and no
Content-Type header should be set.
We ran into this in the Grafana ML plugin where we were sending an empty
response with status 204, but the frontend client saw that the content
type was JSON and tried to parse it, resulting in an error that made it
to the JS console.
This PR splits the create and update paths for public dashboards and includes assorted refactors toward a proper REST API. Additionally, we removed the concept of a "public dashboard config" in favor of "public dashboard"
Co-authored-by: juanicabanas <juan.cabanas@grafana.com>
Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
* feat(nested folders): add CountDashboardsInFolder
This commit adds a new method to the Dashboard service and stores: CountDashboardsInFolder. The command struct takes a folderUID, but the store implementation still depends on the parent folder ID. This is temporary; eventually we will replace all references to FolderIDs (associated with Dashboards) with folder UIDs.
There are some unfortunate additional test changes that were necessary after generating the service & store mocks; it looks like that hasn't been generated since the last change(s).
* more test updates
* don't forget the service test
* that didn't end up used, so bye for now
* agree to disagree with the linter
* Oauth: change error type to a struct that unwraps into a social error
* Oauth: Handle empty role in error and fix unwrap
* Oauth: provide more informatio in error
* Oauth: return InvalidBasicRoleError
* Oauth: Fix tests
* Login: Remove casing
* Oath: Change to warning logs
* Add phlare datasource
* Rename
* Add parca
* Add self field to parca
* Make sure phlare works with add to dashboard flow
* Add profiling category and hide behind feature flag
* Update description and logos
* Update phlare icon
* Cleanup logging
* Clean up logging
* Fix for shift+enter
* onRunQuery to set label
* Update type naming
* Fix lint
* Fix test and quality issues
Co-authored-by: Joey Tawadrous <joey.tawadrous@grafana.com>
* Plugins: Remove support for V1 manifests
* Plugins: Make proxy endpoints not leak sensitive HTTP headers
* Security: Fix do not forward login cookie in outgoing requests
(cherry picked from commit 4539c33fce)
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
