* x_xss_protection
* strict_transport_security (HSTS)
* x_content_type_options
these are currently defaulted to false (off) until the next minor release.
fixes#17509
* wip: fix remote cache for redis
connstr parsing and non-negative expires for #17377
TODO: finish parse, check zero case, find out why negative duration in the first place
* finish parse.
Still TODO, find out negative value, and decide if would be better to make database specific entries in the .ini file
* update ini files
* remove accidental uncomment in defaults.ini
* auth_proxy: expiration non-negative so expiration is not in the past
* fix test, revert neg in redis
* review: use errutil
Adds a new [server] setting `serve_from_sub_path`. By enabling
this setting and using a subpath in `root_url` setting, e.g.
`root_url = http://localhost:3000/grafana`, Grafana will be accessible
on `http://localhost:3000/grafana`. By default it is set to `false`
for compatibility reasons.
Closes#16623
When allow_embedding is false (default) the Grafana backend
will set the http header `X-Frame-Options: deny` in all responses
to non-static content which will instruct browser to not allow
Grafana to be embedded in `<frame>`, `<iframe>`,
`<embed>` or `<object>`.
Closes#14189
* Feature: introduce LdapActiveSyncEnabled setting
We probably remove it after the active sync is done.
But at the moment we do not want to affect the current users
with not fully tested feature
* Chore: move settings in more logical order
* Feature: add cron setting for the ldap settings
* Move ldap configuration read to special function
* Introduce cron setting (no docs for it yet, pending approval)
* Chore: duplicate ldap module as a service
* Feature: implement active sync
This is very early preliminary implementation of active sync.
There is only one thing that's going right for this code - it works.
Aside from that, there is no tests, error handling, docs, transactions,
it's very much duplicative and etc.
But this is the overall direction with architecture I'm going for
* Chore: introduce login service
* Chore: gradually switch to ldap service
* Chore: use new approach for auth_proxy
* Chore: use new approach along with refactoring
* Chore: use new ldap interface for auth_proxy
* Chore: improve auth_proxy and subsequently ldap
* Chore: more of the refactoring bits
* Chore: address comments from code review
* Chore: more refactoring stuff
* Chore: make linter happy
* Chore: add cron dep for grafana enterprise
* Chore: initialize config package var
* Chore: disable gosec for now
* Chore: update dependencies
* Chore: remove unused module
* Chore: address review comments
* Chore: make linter happy
* Feature: add cron setting for the ldap settings
* Move ldap configuration read to special function
* Introduce cron setting (no docs for it yet, pending approval)
* Chore: address code review comments
* add folderUid to DashbaordsAsConfig structs and DashbardProviderConfigs struct, set these values in mapping func
look for new folderUid values in config_reader tests
set dashboard folder Uid explicitly in file_reader, which has no affect when not given
* formatting and docstrings
* add folderUid to DashbaordsAsConfig structs and DashbardProviderConfigs struct, set these values in mapping func
look for new folderUid values in config_reader tests
set dashboard folder Uid explicitly in file_reader, which has no affect when not given
* formatting and docstrings
* add folderUid option, as well as documentation for the rest of the fields
* add blank folderUid in devenv example.
* add folderUid to provisioning sample yaml
* instead of just warning, return error if unmarshalling dashboard provisioning file fails
* Removing the error handling and adding comment
* Add duplicity check for folder Uids
Co-authored-by: swtch1 <joshua.thornton@protonmail.com>
* Chore: remove session storage references
* Small refactoring of the settings module
* Update docs - remove references for the session storage
* Update config files (sample and default configs)
* Add tests for warning during the config load on defined storage cache
* Remove all references to session storage
* Remove macaron session dependency
* Remove leftovers
* Fix: address review comments
* Fix: remove old deps
* Fix: add skipStaticRootValidation = true to tests
* Fix: improve the docs and warning message
As per discussion in here - https://github.com/grafana/grafana/pull/16445/files#r273026255
* Chore: make linter happy
Fixes#16148
Ref #16114
* app pages
* app pages
* workign example
* started alpha support
* remove app stuff
* show warning on alpha/beta panels
* put app back on plugin file
* fix go
* add enum for PluginType and PluginIncludeType
* Refactoring and moving settings to plugins section
fixes#16529
Adds new alert settings for configuring timeouts and retries named
evaluation_timeout_seconds, notification_timeout_seconds
and max_attempts.
Closes#16240
Since we do not like some of the default golint rules,
this commit proposes to use https://github.com/mgechev/revive.
And potential revive speed-up should't hurt :).
Right now, presented config (./conf/revive.toml) is permissive,
we might improve it over time however. Fixes for found revive
issues in the code are very limited so it wouldn't be large to review.
Also in this commit:
* Add annotations for makefile commands and declare phony targets
* Rename "gometalinter" script and CI command to "lint"
since we are doing there a bit more then using gometalinter package
* Add Makefile rules to .editorconfig
* Documentation which mentioned "golint" replaced with revive
Fixes#16109
Ref #16160
* master: (250 commits)
Firing off an action instead of listening to location changes
Changes after PR Comments
Made ExplorerToolbar connected and refactored away responsabilities from Explore
Removed some split complexity
Fixed some more styling
Fixed close split look and feel
Fixed position of Closesplit
Fixed small issue with TimePicker dropdown position
Simplified some styles and dom elements
Fixed some more with the sidemenu open and smaller screens
Fixed so heading looks good with closed sidemenu
Restructure of component and styling
Refactored out ExploreToolbar from Explore
Fixed reinitialise of Explore
changelog: add notes about closing #13929
changelog: add notes about closing #14558
changelog: add notes about closing #14484
changelog: add notes about closing #13765
changelog: add notes about closing #11503
changelog: add notes about closing #4075
...
* master: (156 commits)
Fixed issues with the sanitizie input in text panels, added docs, renamed config option
build: removes arm32v6 docker image.
Updated version in package.json to 6.0.0-pre1
Update CHANGELOG.md
build: armv6 docker image.
build: skips building rpm for armv6.
build: builds for armv6.
Explore: mini styling fix for angular query editors
Removed unused props & state in PromQueryField
chore: Remove logging and use the updated config param
chore: Reverse sanitize variable so it defaults to false
feat: wip: Sanitize user input on text panel
fix: Text panel should re-render when panel mode is changed #14922
Minor rename of LogsProps and LogsState
Splitted up LogLabels into LogLabelStats and LogLabel
Refactored out LogRow to a separate file
Removed strange edit
Added link to side menu header and fixed styling
Moved ValueMapping logic and tests to separate files
Fixed data source selection in explore
...
this makes the cache mode in the sqlite connection
string configurable. the default also changed from
shared to private to solve #107272 but allow the user
to use shared if performance is more important.
ref #10727
* Allow oauth email attribute name to be configurable
Signed-off-by: Bob Shannon <bshannon@palantir.com>
* Document e-mail determination steps for generic oauth
* Add reference to email_attribute_name
* Re-add e-mail determination docs to new generic-oauth page
* Inherit default e-mail attribute from defaults.ini
* improve remote image rendering
- determine "domain" during Init() so we are not re-parsing settings
on every request
- if using http-mode via a rednererUrl, then use the AppUrl for the
page that the renderer loads. When in http-mode the renderer is likely
running on another server so trying to use the localhost or even the
specific IP:PORT grafana is listening on wont work.
- apply the request timeout via a context rather then directly on the http client.
- use a global http client so we can take advantage of connection re-use
- log and handle errors better.
* ensure imagesDir exists
* allow users to define callback_url for remote rendering
- allow users to define the url that a remote rendering service
should use for connecting back to the grafana instance.
By default the "root_url" is used.
* improve remote image rendering
- determine "domain" during Init() so we are not re-parsing settings
on every request
- if using http-mode via a rednererUrl, then use the AppUrl for the
page that the renderer loads. When in http-mode the renderer is likely
running on another server so trying to use the localhost or even the
specific IP:PORT grafana is listening on wont work.
- apply the request timeout via a context rather then directly on the http client.
- use a global http client so we can take advantage of connection re-use
- log and handle errors better.
* ensure imagesDir exists
* allow users to define callback_url for remote rendering
- allow users to define the url that a remote rendering service
should use for connecting back to the grafana instance.
By default the "root_url" is used.
* rendering: fixed issue with renderKey where userId and orgId was in mixed up, added test for RenderCallbackUrl reading logic
GitLab could already be used as an authentication backend by properly
configuring `auth.generic_oauth`, but then there was no way to authorize
users based on their GitLab group membership.
This commit adds a `auth.gitlab` backend, similar to `auth.github`, with
an `allowed_groups` option that can be set to a list of groups whose
members should be allowed access to Grafana.
In some setups (ex openshift), the Datasource will require Grafana
to pass oauth token as header when sending queries.
Also, this PR allow to send any header which is something
Grafana currently does not support.
Just fixed some minor inconsistencies in the format of the file. There were some configurations uncommented like so:
```
; container_name =
```
and some other like so:
```
;container_name =
```
So there is a need for a small perfection here!
I also removed some unnecessary line breaks, bullying my eyes...
For MySQL, setting this to be shorter than the wait_timeout MySQL setting
solves the issue with connection errors after the session has timed out for
the connection to the database via xorm.
Snapshot cleanup did not work due to time.Now syntax error. Added test
for it as well to catch any future errors.
Added error and debug logging so that it is possible to see any errors in the future.
Removed an unused configuration value and deprecated the remove expired snapshots
setting.
