* expose folder UID in dashboards API response, import dashboards into folders by folder UID
* handle bad folder UID as 400 error
* 12591:Add tests for request with folderUid
* Use more descriptive error status for missing folders
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* return 400 when folder id is missing
* put error checking in the right place this time
* mention folderUid in the docs
* Clarify usage of folderUid and folderId when both present
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Capitalise UID
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* mention folder UID in the metadata for a GET response
Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
Uses new httpclient package from grafana-plugin-sdk-go introduced
via grafana/grafana-plugin-sdk-go#328.
Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined
on DataSource model.
Longer-term the goal is to migrate core HTTP backend data sources to use the
SDK contracts and using httpclient.Provider for creating HTTP clients and such.
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Update dashboard_snapshot.go
This is to address: https://github.com/grafana/grafana/issues/33665
The key and deleteKey fields are not honoured when creating a snapshot with external:true set
* removed whitespace
* add uninstall flow
* add install flow
* small cleanup
* smaller-footprint solution
* cleanup + make bp start auto
* fix interface contract
* improve naming
* accept version arg
* ensure use of shared logger
* make installer a field
* add plugin decommissioning
* add basic error checking
* fix api docs
* making initialization idempotent
* add mutex
* fix comment
* fix test
* add test for decommission
* improve existing test
* add more test coverage
* more tests
* change test func to use read lock
* refactoring + adding test asserts
* improve purging old install flow
* improve dupe checking
* change log name
* skip over dupe scanned
* make test assertion more flexible
* remove trailing line
* fix pointer receiver name
* update comment
* add context to API
* add config flag
* add base http api test + fix update functionality
* simplify existing check
* clean up test
* refactor tests based on feedback
* add single quotes to errs
* use gcmp in tests + fix logo issue
* make plugin list testing more flexible
* address feedback
* fix API test
* fix linter
* undo preallocate
* Update docs/sources/administration/configuration.md
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Update docs/sources/administration/configuration.md
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Update docs/sources/administration/configuration.md
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* fix linting issue in test
* add docs placeholder
* update install notes
* Update docs/sources/plugins/marketplace.md
Co-authored-by: Marcus Olsson <marcus.olsson@hey.com>
* update access wording
* add more placeholder docs
* add link to more info
* PR feedback - improved errors, refactor, lock fix
* improve err details
* propagate plugin version errors
* don't autostart renderer
* add H1
* fix imports
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
Co-authored-by: Marcus Olsson <marcus.olsson@hey.com>
* Rendering: add CSV rendering support
* Rendering: save csv files into a separate folder
* add missing field
* Renderer: get filename from renderer plugin
* apply PR suggestions
* Rendering: remove old PhantomJS error
* Rendering: separate RenderCSV and Render functions
* fix alerting test
* Rendering: fix handling error in HTTP mode
* apply PR feedback
* Update pkg/services/rendering/http_mode.go
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
* apply PR feedback
* Update rendering metrics with type label
* Rendering: return error if not able to parse header
* Rendering: update grpc generated file
* Rendering: use context.WithTimeout to render CSV too
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
* WIP: intial structure
* Refactor: adds create library element endpoint
* Feature: adds delete library element
* wip
* Refactor: adds get api
* Refactor: adds get all api
* Refactor: adds patch api
* Refactor: changes to library_element_connection
* Refactor: add get connections api
* wip: in the middle of refactor
* wip
* Refactor: consolidating both api:s
* Refactor: points front end to library elements api
* Tests: Fixes broken test
* Fix: fixes delete library elements in folder and adds tests
* Refactor: changes order of tabs in manage folder
* Refactor: fixes so link does not cover whole card
* Update pkg/services/libraryelements/libraryelements.go
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Update pkg/services/libraryelements/libraryelements_permissions_test.go
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Update pkg/services/libraryelements/database.go
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Chore: changes after PR comments
* Update libraryelements.go
* Chore: updates after PR comments
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* use a common way to redact sensitive values before logging them
* fix panic on missing testCase.err, simplify require checks
* fix a silly typo
* combine readConfig and buildConnectionString methods, as they are closely related
* AuthType in route configuration
* Pass interpolated auth parameters to token provider
* Unit tests
* Update after review
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Fixes#33669Closed#33732
Following discussion in grafana/grafana-enterprise#1292, removing
org-scoped users scopes to make it clear that the local organization is
the default and the alternative to that is a global scope (for a select
few endpoints)
In the case permissions has been added on dashboard(s). Later permissions for the
parent folder of the dashboard is edited in such a way that dashboard in that folder
has a permission that is a duplicate of an inherited one. This PR changes so that
duplicate permissions are now filtered out from /api/dashboards/id/<dashboard id>/permissions.
Duplicate permission are not filtered out if the permission on dashboard is higher
than on the inherited folder.
Fixes#33296
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Encapsulate settings with a provider with support for runtime reloads
* SettingsProvider: reload is controlled by the services
* naive impl of reload handlers for settings
* working naive detection on new changes
* Trigger settings reload from API endpoint
* validation step added
* validation of settings
* Fix linting errors
* Replace DB_Varchar by DB_NVarchar
* Reduce settings columns (section, key) lenghts
* wip db update logic
* Db Settings: separate updates and removals
* Fix: removes incorrectly added code
* Minor code improvements
* Runtime settings: moved oss -> ee
* Remove no longer used setting.Cfg SAML-related fields
* Rename file setting/settings.go => setting/provider.go
* Apply suggestions from code review
Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>
* Minor code improvements on OSS settings provider
* Fix some login API tests
* Correct some GoDoc comments
* Apply suggestions from code review
Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>
Co-authored-by: Leonard Gram <leo@xlson.com>
Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>
Before these changes the request tracing was added for each route
registered using the routing.RouteRegister, see code. This had the
consequence that middleware executed earlier/later in the request
pipeline was not part of the request tracing middleware life-cycle
which measures the duration of requests among other things.
In the logger middleware we do extract the current distributed trace
identifier, if available, and set that on request info/error log messages.
With these changes we can extract the current distributed trace identifier,
if available, and set that on the contextual HTTP request logger
(models.ReqContext.Logger) which would improve the possibility to correlate
all HTTP request log messages with traces.
In addition, the request tracing middleware is now executed first and last in
the request pipeline and should therefore result in more accurate timing
measurements (request duration).
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Expose user permissions to the frontend
* Do not include empty scope
* Extend ContextSrv with hasPermission() method
* Add access control types
* Fix type error (make permissions optional)
* Fallback if access control disabled
* Move UserPermission to types
* Simplify hasPermission()
* [Alerting]: Use common properties for all rules
* Add Labels in rules
* Fix update ruleGroup API
Return 400 Bad Request response
when the request contains a UID that does not exist
* Check permissions and return namespace id
* Apply suggestions from code review
Co-authored-by: gotjosh <josue@grafana.com>
* Move db package WIP
* Implement OSS access control
* Register OSS access control
* Fix linter error in tests
* Fix linter error in evaluator
* Simplify OSS tests
* Optimize builtin roles
* Chore: add comments to the exported functions
* Remove init from ossaccesscontrol package (moved to ext)
* Add access control as a dependency for http server
* Modify middleware to receive fallback function
* Middleware: refactor fallback function call
* Move unused models to enterprise
* Simplify AccessControl type
* Chore: use bool IsDisabled() method instead of CanBeDisabled interface
* FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters to prometheus
* FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters to prometheus
* Fix naming
* change to histogram
* Fixed go lint
* return 400 bad request if id and orgId is invalid
Signed-off-by: bergquist <carl.bergquist@gmail.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Initial commit
* Progress
* Update
* Progress
* updates
* Minor fix
* fixed ts issue
* fixed e2e tests
* More explorations
* Making progress
* Panel options and field options unified
* With nested categories
* Starting to find something
* fix paddings
* Progress
* Breakthrough ux layout
* Progress
* Updates
* New way of composing options with search
* added regex search
* Refactoring to react note tree
* Show overrides
* Adding overrides radio button support
* Added popular view
* Separate stat/gauge/bargauge options into value options and display options
* Initial work on getting library panels into viz picker flow
* Fixed issues switching to panel library panel
* Move search input put of LibraryPanelsView
* Changing design again to have content inside boxes
* Style updates
* Refactoring to fix scroll issue
* Option category naming
* Fixed FilterInput issue
* Updated snapshots
* Fix padding
* Updated viz picker design
* Unify library panel an viz picker card
* Updated card with delete action
* Major refactoring back to an object model instead of searching and filtering react node tree
* More refactoring
* Show option category in label when searching
* Nice logic for categories rendering when searching or when only child
* Make getSuggestions more lazy for DataLinksEditor
* Add missing repeat options and handle conditional options
* Prepping options category to be more flexibly and control state from outside
* Added option count to search result
* Minor style tweak
* Added button to close viz picker
* Rewrote overrides to enable searching overrides
* New search engine and tests
* Searching overrides works
* Hide radio buttons while searching
* Added angular options back
* Added memoize for all options so they are not rebuilt for every search key stroke
* Added back support for category counters
* Started unit test work
* Refactoring and base popular options list
* Initial update to e2e test, more coming to add e2e test for search features
* Minor fix
* Review updates
* Fixing category open states
* Unit test progress
* Do not show visualization list mode radio button if library panels is not enabled
* Use boolean
* More unit tests
* Increase library panels per page count and give search focus when switching list mode
* field config change test and search test
* Feedback updates
* Minor tweaks
* Minor refactorings
* More minimal override collapse state
This pull request migrates testdata to coreplugin streaming capabilities,
this is mostly a working concept of streaming plugins at the moment,
the work will continue in the following pull requests.
* Fix LoginService.UpsertUser user creation
* Fix API AdminCreateUser user creation
* Add missing underscore import
* Fix API CompleteInvite user creation
* Fix API SignUpStep2 user creation
Fix encoded characters in URL path should be proxied as encoded in the data proxy.
Fixes#26870Fixes#31438
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Add revoked_at field to user auth token to allow soft revokes
* Allow soft token revocations
* Update token revocations and tests
* Return error info on revokedTokenErr
* Override session cookie only when no revokedErr nor API request
* Display modal on revoked token error
* Feedback: Refactor TokenRevokedModal to FC
* Add GetUserRevokedTokens into UserTokenService
* Backendsrv: adds tests and refactors soft token path
* Apply feedback
* Write redirect cookie on token revoked error
* Update TokenRevokedModal style
* Return meaningful error info
* Some UI changes
* Update backend_srv tests
* Minor style fix on backend_srv tests
* Replace deprecated method usage to publish events
* Fix backend_srv tests
* Apply suggestions from code review
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>
* Apply suggestions from code review
* Apply suggestions from code review
Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>
* Minor style fix after PR suggestion commit
* Apply suggestions from code review
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
* Prettier fixes
Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
* Refactor: adds permissions for library panel creation
* Refactor: checks folder permissions for patch requests
* Chore: changes after PR comments
* Refactor: adds permissions to delete
* Refactor: moves get all permission tests out of get all tests
* Chore: move out get all tests to a separate file
* Refactor: adds permissions to get handler
* Refactor: fixes a bug with getting library panels in General folder
* Refactor: adds permissions for connect/disconnect
* Refactor: adds permissions and tests for get connected dashboards
* Tests: adds tests for connected dashboards in General Folder
* LibraryPanels: Deletes library panels during folder deletion
* LibraryPanels: Deletes library panels during folder deletion
* Update pkg/api/folder.go
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Update pkg/services/librarypanels/librarypanels_permissions_test.go
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Chore: updates after PR comments
* Chore: forgot to change some function signatures
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Run post-friendly request with set method first
* Improve messaging, retry only when post and specific status code
* Add comments
* Fix backend
* Update public/app/plugins/datasource/prometheus/datasource.ts
* Replace DataSourcesListItem with Card
* Add tests
* Remove unused styles
* Make card heading semi bold
* Make heading semi-bold
* Show type name instead of type id
* Fix key warning
* Update Card
* Fix tests
* Make typeName optional
* remove styling that was just a test
* Make typeName non-optional and fix tests
* Update list key
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* LibraryPanels: Disconnect before connect during dashboard save
* Tests: fixed test
* Chore: updates after PR comments
* Chore: changes from context.Background() to c.Context.Req.Context()
* Chore: fixes lint issue
* Cfg: fix hidden users initialization
* add tests
* do not call isHiddenUser function for non-user permission
* do not call isHiddenUser function for non-user permission
* break out new and edit
* changed model to match new model in backend
* AlertingNG: API modifications (#30683)
* Fix API consistency
* Change eval alert definition to POST request
* Fix eval endpoint to accept custom now parameter
* Change JSON input property for create/update endpoints
* model adjustments
* set mixed datasource, fix put url
* update snapshots
* remove edit and add landing page
* remove snapshot tests ans snapshots
* wrap linkbutton in array
Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
Co-authored-by: Sofia Papagiannaki <sofia@grafana.com>
* Introduce PluginRequestValidator abstraction with a NoOp implementation
* Update PluginRequestValidator abstraction to use the dsURL instead
* Inject PluginRequestValidator into the HTTPServer and validate requests going through data source proxy
* Inject PluginRequestValidator into the BackendPluginManager and validate requests going through it
* Validate requests going through QueryMetrics & QueryMetricsV2
* Validate BackendPluginManager health requests
* Fix backend plugins manager tests
* Validate requests going through alerting service
* Fix tests
* fix tests
* goimports
Co-authored-by: Leonard Gram <leo@xlson.com>
* CDN: Initial poc support for serving assets over a CDN
* Minor fix
* added build path and test
* fix lint error
* Added edition to cdn path
* Move master builds to a separate path
* Added error handling for the url parsing, changed setting name, and added docs
* Updated sample.ini
* Some property renames
* updated
* Minor update to html
* index template improvements
* Update docs/sources/administration/configuration.md
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Update docs/sources/administration/configuration.md
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Added ContentDeliveryPrefix to Licence service
* updated docs
* Updated test mock
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
Converts the core testdata data source to use the SDK contracts and by that
implementing a backend plugin in core Grafana in similar manner as an external one.
Co-authored-by: Will Browne <will.browne@grafana.com>
Co-authored-by: Marcus Efraimsson <marefr@users.noreply.github.com>
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* Expressions: remove feature toggle, add experimental badge
* Make button only show for backend and mixed data sources
Co-authored-by: Peter Holmberg <peter.hlmbrg@gmail.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Auth: add error for expired token
* Auth: save token error into context data
* Auth: send full user and req context to CreateToken
* Auth: add token ID in context
* add TokenExpiredError struct
* update auth tests
* remove most of the changes to CreateToken func
* clean up
* Login: add requestURI in CreateToken ctx
* update RequestURIKey comment
* Chore: moves common and response into separate packages
* Chore: moves common and response into separate packages
* Update pkg/api/utils/common.go
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Chore: changes after PR comments
* Chore: move wrap to routing package
* Chore: move functions in common to response package
* Chore: move functions in common to response package
* Chore: formats imports
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* SQLStore: customise the limit of retrieved datasources per organisation
* update all suggestions regarding nil or 0 as default
* Apply suggestions from code review
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* correct default.ini description + adding unittest
* Apply suggestions from code review
Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
* modify unittest name
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
* PanelLibrary: Adds get to the API
* Refactor: adds tests for get and getAll and cleans up other tests
* Refactor: changed name on DTO
* Update pkg/services/librarypanels/api.go
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Update pkg/services/librarypanels/database.go
* create page and sidebar entry
* add components for query editor and definition
* split pane things
* add reducer and action
* implement split pane and update ui actions
* making things pretty
* Unify toolbar
* minor tweak to title prefix and some padding
* can create definitions
* fix default state
* add notificaion channel
* add wrappers to get correct spacing between panes
* include or exclude description
* implement query editor
* start on query result component
* update from master
* some cleanup and remove expressions touch ups
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* middleware: Move context handler to own service
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Emil Tullsted <sakjur@users.noreply.github.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
* Starting moving more stuff into data source picker
* WIP progress
* Progress on datasource picker rethink
* Things are working now some details to figure out
* Removed commented part
* Complex work on getting data source lists
* Fixed variable support showing correct data sources
* Tried fixing dashboard import but failed
* Fixes
* Fixed import dashboard
* Fixed unit test
* Fixed explore test
* Fixed test
* Fix
* fixed more tests
* fixed more tests
* fixed showing which option is default in picker
* Changed query variable to use data source picker, updated tests and e2e
* Fixed more tests
* Updated snapshots, had wrong typescript version
* feat: hide snapshots menu item from viewers
* feat(playlists): prevent viewers from creating/editing playlists
* feat: prevent viewers seeing playlist nav link if no playlists
* refactor(playlist): rename isViewer property to canEditPlaylists
* revert(playlists): put back note if viewer and no playlists
* refactor(snapshots): consider admin/editor permission in folders/dashboards for displaying menu item
* feat(snapshots): only show snapshot nav item if user is signed in
* fix(snapshots): revert snapshots to previous state if delete snapshot api error
* Add an option to hide certain users in the UI
* revert changes for admin users routes
* fix sqlstore function name
* Improve slice management
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Hidden users: convert slice to map
* filter with user logins instead of IDs
* put HiddenUsers in Cfg struct
* hide hidden users from dashboards/folders permissions list
* Update conf/defaults.ini
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* fix params order
* fix tests
* fix dashboard/folder update with hidden user
* add team tests
* add dashboard and folder permissions tests
* fixes after merge
* fix tests
* API: add test for org users endpoints
* update hidden users management for dashboard / folder permissions
* improve dashboard / folder permissions tests
* fixes after merge
* Guardian: add hidden acl tests
* API: add team members tests
* fix team sql syntax for postgres
* api tests update
* fix linter error
* fix tests errors after merge
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
Co-authored-by: Leonard Gram <leo@xlson.com>
* comes from grafana/gel-app
* remove transform plugin code
* move __expr__ and -100 constants to expr pkg
* set OrgID on request plugin context
* use gtime for resample duration
* in resample, rename "rule" to "window", use gtime for duration, parse duration before exec
* remove gel entry from plugins-bundled/external.json
which creates an empty array for plugins
* remove unused function to interpolate URLs
* share function to add headers between ds/plugin proxies
* stop performing unnecessary plugin setting lookup
* fix bug causing runtime errors when using complex templated URLs
* lower case util functions not used outside of pluginproxy package
* change test URL to a (valid) dummy URL to make intent clearer
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Chore: Convert tests to standard Go lib
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
* Alerting NG: prototype v2 (WIP)
* Separate eval package
* Modify eval alert definition endpoint
* Disable migration if ngalert is not enabled
* Remove premature test
* Fix lint issues
* Delete obsolete struct
* Apply suggestions from code review
* Update pkg/services/ngalert/ngalert.go
Co-authored-by: Kyle Brandt <kyle@grafana.com>
* Add API endpoint for listing alert definitions
* Introduce index for alert_definition table
* make ds object for expression to avoid panic
* wrap error
* Update pkg/services/ngalert/eval/eval.go
* Swith to backend.DataQuery
* Export TransformWrapper callback
* Fix lint issues
* Update pkg/services/ngalert/ngalert.go
Co-authored-by: Kyle Brandt <kyle@grafana.com>
* Validate alert definitions before storing them
* Introduce AlertQuery
* Add test
* Add QueryType in AlertQuery
* Accept only float64 (seconds) durations
* Apply suggestions from code review
* Get rid of bus
* Do not export symbols
* Fix failing test
* Fix failure due to service initialization order
Introduce MediumHigh service priority and assign it to backendplugin
service
* Fix test
* Apply suggestions from code review
* Fix renamed reference
Co-authored-by: Kyle Brandt <kyle@grafana.com>
* Backend: Adds route for well-known change password URL
* Include 'dashboard/new' in backend routes
* Move index route handler registration out of "not logged in views" section
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Provisioning: Fixed problem with getting started panel being added to custom home dashboard
* Fixed comment
* Update pkg/api/dashboard.go
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Adds support for the Forward OAuth Identity feature in backend data source plugins.
Earlier this feature has only been supported for non-backend data source plugins.
Fixes#26023
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Alerting: Return proper status code when trying to create an Alert Notification where the name or UID already exists.
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* intial frontend resolution/redirection logic
* backend scaffolding
* enough of the frontend to actually test end to end
* bugfixes
* add tests
* cleanup
* explore too hard for now
* fix build
* Docs: add docs
* FE test
* redirect directly from backend
* validate incoming uids
* add last_seen_at
* format documentation
* more documentation feedback
* very shaky migration of get route to middleware
* persist unix timestamps
* add id, orgId to table
* fixes for orgId scoping
* whoops forgot the middleware
* only redirect to absolute URLs under the AppUrl domain
* move lookup route to /goto/:uid, stop manually setting 404 response code
* renaming things according to PR feedback
* tricky deletion
* sneaky readd
* fix test
* more BE renaming
* FE updates -- no more @ts-ignore hacking :) and accounting for subpath
* Simplify code
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* Short URLs: Drop usage of bus
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* ShortURLService: Make injectable
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* Rename file
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* Add handling of url parsing and creating of full shortURL to backend
* Update test, remove unused imports
* Update pkg/api/short_urls.go
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Add correct import
* Pass context to short url service
* Remove not needed error log
* Rename dto and field to denote URL rather than path
* Update api docs based on feedback/suggestion
* Rename files to singular
* Revert to send relative path to backend
* Fixes after review
* Return dto when creating short URL that includes the full url
Use full url to provide shorten URL to the user
* Fix after review
* Fix relative url path when creating new short url
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Ivana <ivana.huckova@gmail.com>
Co-authored-by: Ivana Huckova <30407135+ivanahuckova@users.noreply.github.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* end 2 end
* fix import
* refactor
* introduce securedata
* check err
* use testify instead of convey
* cleanup test
* cleanup test
* blob time
* rename funcs
* New feature toggle for enabling alerting NG
* Initial commit
* Modify evaluate alert API request
* Check for unique labels in alert execution result dataframes
* Remove print statement
* Additional minor fixes/comments
* Fix lint issues
* Add API endpoint for evaluating panel queries
* Push missing renaming
* add refId for condition to API
* add refId for condition to API
* switch dashboard based eval to get method
* add from/to params to dashboard based eval
* add from/to params to eval endpoint
Co-authored-by: kyle <kyle@grafana.com>
* SAML: single logout WIP
* SAML: sign SAML requests
* SAML: remove unnecessary logs
* fix go mod file
* Docs: Single Logout
* SAML: use api endpoint for single logout
* Apply suggestions from code review
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* SAML: save context for single logout
* Chore: add SAML dependencies
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
This adds a check to see if plugin route URL is empty, and in such case
does not modify request schema and host of the request to be proxied.
This behavior is now the same as in the plugin proxy.
kuberentes (and Im sure other orchastrators does as well) support two
kind of checks. readiness checks and liveness checks. Grafanas current
`/api/health` endpoint requires database access which might not
always be required for the instance to be considered active.
Allows login_maximum_inactive_lifetime_duration and
login_maximum_lifetime_duration to be configured using
time.Duration-compatible values while retaining backward compatibility.
Fixes#17554
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Alerting API: Send back 404 not found error for update and delete endpoints
* Alerting API: send back alert notification id for delete with uid endpoint
OAuth token refresh fails when custom SSL settings are configured for
oauth provider. These changes makes sure that custom SSL settings
are applied for HTTP client before refreshing token.
Fixes#27514
#26395 introduced a regression regarding sort order of nav tree
items set in Grafana boot data and used for rendering the sidemenu.
This fixes so that sort happens after RunIndexDataHooks is called
in case the hook make changes to the nav tree.
* Add support for local time formats in graph panel
* Enfore 24h format for backward compatibility
* Use existing Intl.DateTimeFormatOptions
* Pre-generate time scale, add tests
* Move localTimeFormat, add local format to units
* updated default fallback
* #25602, use navigator.languages to enforce locale in formatting
* Making options
* Worked new system settings
* things are working
* Local browser time formats working
* Support parsing dates in different formats
* settings updated
* Settings starting to work
* Fixed graph issue
* Logs fix
* refactored settings a bit
* Updated and name change
* Progress
* Changed config names
* Updated
* Updated
* Updated test
* Synced description
* fixed ts issue
* Added version notice
* Ts fix
* Updated heatmap and test
* Updated snapshot
* Updated
* fixed ts issue
* Fixes
Co-authored-by: Alex Shpak <alex-shpak@users.noreply.github.com>
* API: first version to send events about login actions
* API: improve login actions events
* Login: update auth test with new behavior
* Login: update auth test for auth module
* Login OAuth: improve functions structure
* API: make struct public to use for saml
* API: add send login log tests for grafana and ldap login
* API: remove log from tests
* Login API: fix test linting
* Update pkg/api/login_oauth.go
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Login API: refactor using defer
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Refactor: initial commit
* wip
* Refactor: getting into a simpler model
* Refactor: adds some comments
* Refactor: renames statuses according to PR comments
* Refactor: adds more comments
* Tests: adds tests for FetchQueue
* Tests: adds tests for ResponseQueue
* Tests: adds tests for FetchQueueWorker
* Tests: simplified the tests for ResponseQueue
* Refactor: adds http2 scenario
* Refactor: using Cfg instead of global variable
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Refactor: reverted change in frontendsettings.go
* Tests: fix test mocks
* Fix: changes how cfg.Protocol gets its value
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Remove validation from empty playlists
* Remove redundant API call
Frontend used to call /api/playlists/:id/items directly after /api/playlists/:id but items are already included in the first response
* API: Improve error handling (#26934)
* New ErrUserAlreadyExists error has been introduced
* Create user endpoint returns 412 Precondition Failed on ErrUserAlreadyExists errors
* Make ErrUserAlreadyExists error message clearer
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Use errors.Is instead of equality comparator on AdminCreateUser handler
* Improve sqlstore/user test definition
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Improve sqlstore/user tests for ErrUserAlreadyExists cases
* Remove no needed string fmt and err declaration on sqlstore/user tests
* Code improvements for sqlstore/user tests
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Use err.Error() instead of sentinel error value on AdminCreateUser
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Add ErrUserAlreadyExists handling for signup & org invite use cases
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Support storing sensitive notification settings securely/encrypted.
Move slack notifier url and api token to secure settings.
Migrating slack notifier to store token and url encrypted is currently
a manual process by saving an existing slack alert notification channel.
saving an existing slack alert notification channel will reset the stored
non-secure url and token.
Closes#25113
Ref #25967
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Settings: Add setting for hiding version number for anonymous users
Fixes#12925
* Hide version string from footer when unavailable
* Settings: Test frontend settings with hide version for anonymous users
* Settings: Add hide version variable to frontend settings
* Make AnonymousHideVersion non-global
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* Settings: Improve test neighbor friendliness, reset state before and after
* Settings: Use T.Cleanup
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Forbid additional redirect urls
* Optionally force login in anonymous mode
* Update LoginCtrl page to ignore redirect parameter
* Modify SignIn to set forceLogin query instead of redirect
* Pass appUrl to frontend and use URL API for updating url query
* Apply suggestions from code review
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Fix SignIn test
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
This ensures that the X-Grafana-User header can be trusted.
If the configuration enabled the setting of this header, the
server can now trust that X-Grafana-User is set/unset by Grafana.
Before this, an anonymous user could simply set the X-Grafana-User
header themselves (using the developer tool for example)
Refactor to allow shared contract between core and external backend plugins
allowing core backend data sources in Grafana to be implemented in same
way as an external backend plugin.
Use v0.67.0 of sdk.
Add tests for verifying plugin is restarted when process is killed.
Enable strict linting for backendplugin packages
* image and card component
* change height of getting started panel
* progress
* setup basic step
* advanced steps
* step forward and backward
* do checks
* fix button size
* minor styling on butttons
* add correct links
* save tutorial click in localstorage
* types and gradients
* fix gradients
* use spacing variable
* lots of responsiveness
* add links to help
* Getting started work
* redo according to split panel design
* minor touch ups
* new background images
* split up docs card to different hrefs
* welcome bar touch ups
* hide icon on small screens
* transparent false on welcome banner
* fix urls
* source tag in welcome urls
* move images to panel dir, removed unused images
* Nicer loading message
* make the cards look nicer on wide screens
* append utm tag on render instead
* replace width with margin
* new background image for light
* remove target on a element
* removing buttonselect, add tag to href
* more polishing
Co-authored-by: Dominik Prokop <dominik.prokop@grafana.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
grafana-plugin-model is legacy and is replaced by new backend
plugins SDK and architecture. Renderer is not part of SDK and
we want to keep it that way for now since it's highly unlikely there
will be more than one kind of renderer plugin.
So this PR adds support for renderer plugin v2.
Also adds support sending a Device Scale Factor parameter to the
plugin v2 remote rendering service and by that replaces #22474.
Adds support sending a Headers parameter to the plugin v2 and
remote rendering service which for now only include
Accect-Language header (the user locale in browser when using
Grafana), ref grafana/grafana-image-renderer#45.
Fixes health check json details response.
Adds image renderer plugin configuration settings in defaults.ini
and sample.ini.
Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
Removes all references and usage of PhantomJS #23375.
Remove direct link rendered image e2e smoke test for now.
Docker: Fix installing chrome in ubuntu custom docker image.
Improve handling of image renderer not available/installed #23593.
Add PhantomJS breaking change and upgrading notes.
Use grabpl v0.2.10.
Closes#13802
Co-authored-by: Kyle Brandt <kyle@grafana.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
* Allow API to assign new user to a specific organization
* Add defer block to test
* Add API tests and return 400 instead of 500 for bad orgId
* Minor test improvements
* Part1: Unicons implementation (#23197)
* Create a new Icon component
* Update icons in main sidebar
* Update icons in Useful links and in react components on main site
* Update icons in Useful links and in main top navigation
* Adjust sizing
* Update panel navigation and timepicker
* Update icons in Panel menu
* NewPanelEditor: Fixed so that test alert rule works in new edit mode (#23179)
* Update icons in add panel widget
* Resolve merge conflict
* Fix part of the test errors and type errors
* Fix storybook errors
* Update getAvailableIcons import in storybook knobs
* Fix import path
* Fix SyntaxError: Cannot use import statement outside a module in test environment error
* Remove dynamic imports
* Remove types as using @ts-ignore
* Update snapshot test
* Add @iconscout/react-unicons to the shouldExclude list as it is blundled with es2015 syntax
* Remove color prop from icon, remove color implemetation in mono icons
* Update navbar styling
* Move toPascalCase to utils/string
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Resolve type errors resulted from merge
* Part2: Unicons implementation (#23266)
* Create a new Icon component
* Update icons in main sidebar
* Update icons in Useful links and in react components on main site
* Update icons in Useful links and in main top navigation
* Adjust sizing
* Update panel navigation and timepicker
* Update icons in Panel menu
* Update icons in add panel widget
* Resolve merge conflict
* Fix part of the test errors and type errors
* Fix storybook errors
* Update getAvailableIcons import in storybook knobs
* Fix import path
* Fix SyntaxError: Cannot use import statement outside a module in test environment error
* Remove dynamic imports
* Remove types as using @ts-ignore
* Update snapshot test
* Add @iconscout/react-unicons to the shouldExclude list as it is blundled with es2015 syntax
* Implment icons in Tabs
* Implement icons in search items and empty list
* Update buttons
* Update button-related snapshot tests
* Update icons in modals and page headers
* Create anfular wrapper and update all icons on search screen
* Update sizing, remove colors, update snapshot tests
* Remove color prop from icon, remove color implemetation in mono icons
* Remove color props from monochrome icons
* Complete update of icons for search screen
* Update icons for infor tooltips, playlist, permissions
* Support temporarly font awesome icons used in enterprise grafana
* Part1: Unicons implementation (#23197)
* Create a new Icon component
* Update icons in main sidebar
* Update icons in Useful links and in react components on main site
* Update icons in Useful links and in main top navigation
* Adjust sizing
* Update panel navigation and timepicker
* Update icons in Panel menu
* NewPanelEditor: Fixed so that test alert rule works in new edit mode (#23179)
* Update icons in add panel widget
* Resolve merge conflict
* Fix part of the test errors and type errors
* Fix storybook errors
* Update getAvailableIcons import in storybook knobs
* Fix import path
* Fix SyntaxError: Cannot use import statement outside a module in test environment error
* Remove dynamic imports
* Remove types as using @ts-ignore
* Update snapshot test
* Add @iconscout/react-unicons to the shouldExclude list as it is blundled with es2015 syntax
* Remove color prop from icon, remove color implemetation in mono icons
* Update navbar styling
* Move toPascalCase to utils/string
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Icons update
* Add optional chaining to for isFontAwesome variable
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Part3: Unicons implementation (#23356)
* Create a new Icon component
* Update icons in main sidebar
* Update icons in Useful links and in react components on main site
* Update icons in Useful links and in main top navigation
* Adjust sizing
* Update panel navigation and timepicker
* Update icons in Panel menu
* Update icons in add panel widget
* Resolve merge conflict
* Fix part of the test errors and type errors
* Fix storybook errors
* Update getAvailableIcons import in storybook knobs
* Fix import path
* Fix SyntaxError: Cannot use import statement outside a module in test environment error
* Remove dynamic imports
* Remove types as using @ts-ignore
* Update snapshot test
* Add @iconscout/react-unicons to the shouldExclude list as it is blundled with es2015 syntax
* Implment icons in Tabs
* Implement icons in search items and empty list
* Update buttons
* Update button-related snapshot tests
* Update icons in modals and page headers
* Create anfular wrapper and update all icons on search screen
* Update sizing, remove colors, update snapshot tests
* Remove color prop from icon, remove color implemetation in mono icons
* Remove color props from monochrome icons
* Complete update of icons for search screen
* Update icons for infor tooltips, playlist, permissions
* Support temporarly font awesome icons used in enterprise grafana
* Part1: Unicons implementation (#23197)
* Create a new Icon component
* Update icons in main sidebar
* Update icons in Useful links and in react components on main site
* Update icons in Useful links and in main top navigation
* Adjust sizing
* Update panel navigation and timepicker
* Update icons in Panel menu
* NewPanelEditor: Fixed so that test alert rule works in new edit mode (#23179)
* Update icons in add panel widget
* Resolve merge conflict
* Fix part of the test errors and type errors
* Fix storybook errors
* Update getAvailableIcons import in storybook knobs
* Fix import path
* Fix SyntaxError: Cannot use import statement outside a module in test environment error
* Remove dynamic imports
* Remove types as using @ts-ignore
* Update snapshot test
* Add @iconscout/react-unicons to the shouldExclude list as it is blundled with es2015 syntax
* Remove color prop from icon, remove color implemetation in mono icons
* Update navbar styling
* Move toPascalCase to utils/string
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Update icons in Explore
* Update icons in alerting
* Update + and x buttons
* Update icons in configurations and settings
* Update close icons
* Update icons in rich history
* Update alert messages
* Add optional chaining to for isFontAwesome variable
* Remove icon mock, set up jest.config
* Fix navbar plus icon
* Fir enable-bacground to enableBackgournd
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Merge remote branch origin master to icons-unicons
* Revert "Merge remote branch origin master to icons-unicons"
This reverts commit 3f25d50a39.
* Size-up dashnav icons
* Fix alerting icons, panel headers, update tests
* Fix typecheck error
* Adjustments - add panel icon, spacing
* Set TerserPlugin sourceMap to false to prevent running out of memory when publishing storybook
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Cookie : Increase duration to avoid error
When using oauth2 authentication with multifactor, the 60s delay may be too short
* Introduce new setting for OAuth state cookie max age
Co-authored-by: Sofia Papagiannaki <sofia@grafana.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Hide plugins list from viewers
* Made /api/plugins only return core plugins for users with viewer role
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Revert "API: Fix redirect issue when configured to use a subpath (#21652)" (#22671)
This reverts commit 0e2d874ecf.
* Fix redirect validation (#22675)
* Chore: Add test for parse of app url and app sub url
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Fix redirect: prepend subpath only if it's missing (#22676)
* Validate redirect in login oauth (#22677)
* Fix invalid redirect for authenticated user (#22678)
* Login: Use correct path for OAuth logos
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Use v0.19.0 of SDK.
Support handling of streaming resource response.
Disable gzip/compression middleware for resources
to allow chunked/streaming response to clients the gzip
middleware had to be disabled since it buffers the full
response before sending it to the client.
Closes#22569
Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
Moves common request proxy utilities to proxyutil package with
support for removing X-Forwarded-Host, X-Forwarded-Port,
X-Forwarded-Proto headers, setting X-Forwarded-For header
and cleaning Cookie header.
Using the proxyutil package to prepare and clean request
headers before resource calls.
Closes#21512
This feature would provide a way for administrators to limit the minimum
dashboard refresh interval globally.
Filters out the refresh intervals available in the time picker that are lower
than the set minimum refresh interval in the configuration .ini file
Adds the minimum refresh interval as available in the time picker.
If the user tries to enter a refresh interval that is lower than the minimum
in the URL, defaults to the minimum interval.
When trying to update the JSON via the API, rejects the update if the
dashboard's refresh interval is lower than the minimum.
When trying to update a dashboard via provisioning having a lower
refresh interval than the minimum, defaults to the minimum interval
and logs a warning.
Fixes#3356
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
By storing render key in remote cache it will enable
image renderer to use public facing url or load
balancer url to render images and thereby remove
the requirement of image renderer having to use the
url of the originating Grafana instance when running
HA setup (multiple Grafana instances).
Fixes#17704
Ref grafana/grafana-image-renderer#91
Put the cipher suites with Forward Secrecy at or nearer the top, keeping any TLS v1.3 suites at the top, following best practice guides for the ordering of the rest. There is no change to the selection of suites only reordering.
Now any errors logged by http.ReverseProxy are forwarded to
Grafana's logger and includes more contextual information like
level (error), user id, org id, username, proxy path, referer and
IP address.
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Start Angular migration
* Add SignupCtrl
* Change name signup
* Add backend call
* Put form in separate file
* Add form model
* Start using react-hook-forms
* Add FormModel to state
* Reduxify
* Connect nav with Redux
* Fix routing and navModel
* Fetch state options on mount
* Add default values and add button margin
* Add errror messages
* Fix title
* Remove files and cleanup
* Add Signup tests
* Add boot config assingnAutoOrg and verifyEmailEnabled
* Remove onmount call
* Remove ctrl and move everything to SignupForm
* Make routeParams optional for testing
* Remove name if it is empty
* Set username
* Make function component
* Fix subpath issues and add link button
* Move redux to SignupPage
* Implement Azure AD oauth
* Use go-jose and cleanup
* Update go-jose in go.mod
* cleanup
* Add unit tests
* Fix scopes
* Add documentation page
* Improve documentation
* Convert extract_role into function.
* Do not use upn and replace unique_name with preferred_username
* Configure login button
* Use official microsoft icon and color from branding guideline.
* Add Azure AD config section in sample.ini.
It was missing for ldap_login which means that the first signup failed
for users with LDAP+quota enabled. There's also potential cases where we
can't provide a request context (background jobs) which is also covered,
but needs a refactoring.
By rotating the auth tokens at the end of the request we ensure
that there is minimum delay between a new token being generated
and the client receiving it.
Adds auth token slow load test which uses random latency for all
tsdb queries..
Cleans up datasource proxy response handling.
DefaultHandler in middleware tests should write a response, the
responseWriter BeforeFuncs wont get executed unless a response
is written.
Fixes#18644
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
#21350 introduced a bug regarding import of plugin dashboards.
This should fix this and add custom validation if not importing
plugin dashboard and dashboard property is missing.
Ref #21350
Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
Breaking change: If disabled the cookie samesite cookie attribute
will not be set, but if none the attribute will be set and is a
breaking change compared to before where none did not render the
attribute. This was due to a known issue in Safari.
Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
Fixes#19847
* add min_interval_seconds setting to alerting config
It will let operator enforce a minimum time for the scheduler to enqueue evaluations
* Introduce UI modifications
* Update docs
Co-authored-by: Martin <uepoch@users.noreply.github.com>
* Refactor redirect_to cookie with secure flag in middleware
* Refactor redirect_to cookie with secure flag in api/login
* Refactor redirect_to cookie with secure flag in api/login_oauth
* Removed the deletion of 'Set-Cookie' header to prevent logout
* Removed the deletion of 'Set-Cookie' at top of api/login.go
* Add HttpOnly flag on redirect_to cookies where missing
* Refactor duplicated code
* Add tests
* Refactor cookie options
* Replace local function for deleting cookie
* Delete redundant calls
Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
* Footer: Single footer implementation for both react & angular pages
* Export type
* Updates
* Use footer links in help menu
* Updates & Fixes
* Updated snapshot
* updated snapshot
* added alert state validation before changing its state
* modified boolean condition
* converted most occurring string into const
* referred the const of alert models
The ordering of links in the navigation bar is currently based the order of the slice containing the navigation tree. Since Grafana supports adding more links to the navigation bar with `RunIndexDataHooks` which runs at the very end of the function this means that any link registered through a hook will be placed last in the slice and be displayed last in the menu. With this PR the ordering can be specified with a weight which allows for placing links created by extensions in a more intuitive place where applicable.
Stable sorting is used to ensure that the current FIFO ordering is preserved when either no weight is set or two items shares the same weight.
* AuthProxy: Can now login with auth proxy and get a login token
* added unit tests
* renamed setting and updated docs
* AuthProxy: minor tweak
* Fixed tests and namings
* spellfix
* fix
* remove unused setting, probably from merge conflict
* fix
The arching goal of this commit is to enable single user
synchronisation with LDAP. Also, it included minor fixes of style,
error messages and minor bug fixing.
The changes are:
- bug: The `multildap` package has its own errors when the user is
not found. We fixed the conditional branch on this error by asserting
on the `multildap` errors as opposed to the `ldap` one
- bug: The previous interface usage of `RevokeAllUserTokens` did not
work as expected. This replaces the manual injection of the service by
leveraging the service injected as part of the `server` struct.
- chore: Better error messages around not finding the user in LDAP.
- fix: Enable the single sync button and disable it when we receive an
error from LDAP. Please note, that you can enable it by dispatching
the error. This allows you to try again without having to reload the
page.
- fix: Move the sync info to the top, then move the sync button above
that information and clearfix to have more harmony with the UI.
Adds support for Generic OAuth role mapping. A new
configuration setting for generic oauth is added named
role_attribute_path which accepts a JMESPath expression.
Only Grafana roles named Viewer, Editor or Admin are
accepted.
Closes#9766
* LDAP Debug: No longer shows incorrectly matching groups based on role
Org Role was used as a shortcut to figure out what groups were matching
and which weren't. That lead to too all groups matching a specific role
to show up for a user if that user got that role.
* LDAP Debug: Fixes ordering of matches
The order of groups in the ldap.toml file is important, only the first
match for an organisation will be used. This means we have to iterate
based on the config and stop matching when a match is found.
We might want to think about showing further matches as potential
matches that are shadowed by the first match. That would possibly make
it easier to understand why one match is used instead of another one.
* LDAP Debug: never display more than one match for the same LDAP group/mapping.
* LDAP Debug: show all matches, even if they aren't used
* Update public/app/features/admin/ldap/LdapUserGroups.tsx
Co-Authored-By: gotjosh <josue.abreu@gmail.com>
* Update public/app/features/admin/ldap/LdapUserGroups.tsx
Co-Authored-By: gotjosh <josue.abreu@gmail.com>
* Licensing: supplies a service to handle licensing information
* Licensing: uses the license service further
Uses the license service instead of settings.isEnterprise:
- external team members
- saml
- usage stats
* Licensing: fixes broken tests due to new Licensing service dependency
* Licensing: fixes linting errors
* Licensing: exposes license expiry information to the frontend
* API: Add `createdAt` and `updatedAt` to api/users/lookup
In the past, we have added both `updatedAt` (#19004) and `createdAt` (#19475) to /api/users/:id
Turns out, api/users/lookup uses the same DTO for both. This fixes the serialization of both `createdAt` and `updatedAt`for this endpoint.
Also, adds a test to ensure no further regressions.
* Updated API documentation
* LDAP: Show all LDAP groups
* Use the returned LDAP groups as the reference when debugging LDAP
We need to use the LDAP groups returned as the main reference for
assuming what we were able to match and what wasn't. Before, we were
using the configured groups in LDAP TOML configuration file.
* s/User name/Username
* Add a title to for the LDAP mapping results
* LDAP: UI Updates to debug view
* LDAP: Make it explicit when we weren't able to match teams
* Add items for navmodel and basic page
* add reducer and actions
* adding user mapping table component
* adding components for ldap tables
* add alert box on error
* close error alert box
* LDAP status page: connect APIs WIP
* LDAP debug: fetch connection status from API
* LDAP debug: fetch user info from API
* LDAP debug: improve connection error view
* LDAP debug: connection error tweaks
* LDAP debug: fix role mapping view
* LDAP debug: role mapping view tweaks
* LDAP debug: add bulk-sync button stub
* LDAP debug: minor refactor
* LDAP debug: show user teams
* LDAP debug: user info refactor
* LDAP debug: initial user page
* LDAP debug: minor refactor, remove unused angular wrapper
* LDAP debug: add sessions to user page
* LDAP debug: tweak user page
* LDAP debug: tweak view for disabled user
* LDAP debug: get sync info from API
* LDAP debug: user sync info
* LDAP debug: sync user button
* LDAP debug: clear error on page load
* LDAP debug: add user last sync info
* LDAP debug: actions refactor
* LDAP debug: roles and teams style tweaks
* Pass showAttributeMapping to LdapUserTeams
* LDAP debug: hide bulk sync button
* LDAP debug: refactor sessions component
* LDAP debug: fix loading user sessions
* LDAP debug: hide sync user button
* LDAP debug: fix fetching unavailable /ldap-sync-status endpoint
* LDAP debug: revert accidentally added fix
* LDAP debug: show error when LDAP is not enabled
* LDAP debug: refactor, move ldap components into ldap/ folder
* LDAP debug: styles refactoring
* LDAP debug: ldap reducer tests
* LDAP debug: ldap user reducer tests
* LDAP debug: fix connection error placement
* Text update
* LdapUser: Minor UI changes moving things around
* AlertBox: Removed icon-on-top as everywhere else it is centered, want to have it be consistent
* LDAP: Allow an user to be synchronised against LDAP
This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand.
A few things to note are:
LDAP needs to be enabled for the sync to work
It only works against users that originally authenticated against LDAP
If the user is the Grafana admin and it needs to be disabled - it will not sync the information
Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
* API: Add `updatedAt` to api/users/:id
This adds the timestamp of when a particular user was last updated to
the `api/users/:id` endpoint.
This helps our administrators understand when was the user information last
updated. Particularly when it comes from external systems e.g. LDAP
Adds the definition of `GetTeamsForLDAPGroupCommand` which handles the lookup of team information based on LDAP groupDNs.
This is an Enterprise only feature. To diferentiate,a response will contain the `team` key as `null` on OSS while on Enterprise the key will contain an empty array `[]` when no teams are found.
* LDAP: Add API endpoint to query the LDAP server(s) status|
This endpoint returns the current status(es) of the configured LDAP server(s).
The status of each server is verified by dialling and if no error is returned we assume the server is operational.
This is the last piece I'll produce as an API before moving into #18759 and see the view come to life.
* Move the ReloadLDAPCfg function to the debug file
Appears to be a better suite place for this.
* LDAP: Return the server information when we find a specific user
We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things:
- Understand in which server we found the user
- Have access the groups specified as part of the server configuration
* LDAP: Adds the /api/admin/ldap/:username endpoint
This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration.
No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
* SQLite migrations
* cleanup
* migrate end times
* switch to update with a query
* real migration
* anno migrations
* remove old docs
* set isRegion from time changes
* use <> for is not
* add comment and fix index decleration
* single validation place
* add test
* fix test
* add upgrading docs
* use AnnotationEvent
* fix import
* remove regionId from typescript
Existing /api/alert-notifications now requires at least editor access.
Existing /api/alert-notifiers now requires at least editor access.
New /api/alert-notifications/lookup returns less information than
/api/alert-notifications and can be access by any authenticated user.
Existing /api/org/users now requires org admin role.
New /api/org/users/lookup returns less information than
/api/org/users and can be access by users that are org admins,
admin in any folder or admin of any team.
UserPicker component now uses /api/org/users/lookup instead
of /api/org/users.
Fixes#17318
* Do not set SameSite login_error cookie attribute if cookie_samesite is none
* Do not set SameSite grafana_session cookie attribute if cookie_samesite is none
* Update middleware tests
* Fix CreateTeam api endpoint
No team member should be created for requests
authenticated by API tokens.
* Update middleware test
Assert that `isAnonymous` is set for `SignedInUser`
authenticated via API key.
* Add test for team creation
Assert that no team member is created if the signed in user
is anomymous.
* Revert "Fix CreateTeam api endpoint"
This reverts commit 9fcc4e67f5.
* Revert "Update middleware test"
This reverts commit 75f767e58d.
* Fix CreateTeam api endpoint
No team member should be created for requests
authenticated by API tokens.
* Update team test
* Change error to warning and update tests
The `oauth_state` cookie used to be created with the SameSite value set
according to the `cookie_samesite` configuration.
However, due to a Safari bug SameSite=None or SameSite=invalid are treated
as Strict which results in "missing saved state" OAuth login failures
because the cookie is not sent with the redirect requests to the OAuth
provider.
This commit always creates the `oauth_state` cookie with SameSite=Lax
to compensate for this.
Allow non admins to see plugins list but only with readme. Any config tabs are hidden from the plugin page. Also plugin panel does not show action buttons (like Enable) for non admins.
* Metrics: remove unused metrics
Metric `M_Grafana_Version` is not used anywhere, nor the mentioned
`M_Grafana_Build_Version`. Seems to be an artefact?
* Metrics: make the naming consistent
* Metrics: add comments to exported vars
* Metrics: use proper naming
Fixes#18110
* API: Duplicate API Key Name Handle With Useful HTTP Code
* 17447: make changes requested during review
- use dialect.IsUniqueContraintViolation
- change if statement to match others
- return error properly
* Revert "17447: make changes requested during review"
This reverts commit a4a674ea83.
* API: useful http code on duplicate api key error w/ tests
* API: API Key Duplicate Handling
fixed small typo associated with error
* Minor fix for nil pointer when trying to log error
* Do not return error if a dashboard is created
Only log the failures
* Do not return error if the folder is created
Only log the failures
* Users: show badges for each auth provider
* Chore: don't use functions in angular bindings
* Users: minor style changes to labels
* Chore: convert auth labels on the backed side, deduplicate frontend code
* Users: use authLabels everywhere instead of authModule
* User: fix edit user page style
* Users: minor fixes after review
* Add tests for login view
* Fix OAuth auto login redirect loop
login_error cookie is only set when the OAuth login fails
for some reason. Therefore, the login view should return
immediately if a login_error cookie exists before trying
to login the user using OAuth again.
* Fix test
Use 'index-template' instead of 'index' for testing
* Add some comments
* Teams: show proper label for each auth provider
Teams: don't sore AuthModule in team_member table, use JOIN to get it instead
* Teams: fix AddTeamMember after last changes
* Teams: add more auth provider labels
* Teams: show external sync badge if LDAP is not enabled
* Teams: tests for getting auth module
* Build: use golangci-lint as a make command
* Since gometalinter was deprecated in favor of golangci-lint so it was
replaced by it. Responsibilities held by the gometalinter was moved to
golangci-lint
* There was some changes in implementation (that was also mentioned in
the code comment) between the tools, which uncovered couple errors
in the code. Those issues were either solved or disabled by
the inline comments
* Introduce the golangci-lint config, to make their
configuration more manageable
* Build: replace backend-lint.sh script with make
* OAuth: github team sync POC
* OAuth: minor refactor of github module
* OAuth: able to use team shorthands for github team sync
* support passing a list of groups via auth-proxy header
* Modify backend to allow expiration of API Keys
* Add middleware test for expired api keys
* Modify frontend to enable expiration of API Keys
* Fix frontend tests
* Fix migration and add index for `expires` field
* Add api key tests for database access
* Substitude time.Now() by a mock for test usage
* Front-end modifications
* Change input label to `Time to live`
* Change input behavior to comply with the other similar
* Add tooltip
* Modify AddApiKey api call response
Expiration should be *time.Time instead of string
* Present expiration date in the selected timezone
* Use kbn for transforming intervals to seconds
* Use `assert` library for tests
* Frontend fixes
Add checks for empty/undefined/null values
* Change expires column from datetime to integer
* Restrict api key duration input
It should be interval not number
* AddApiKey must complain if SecondsToLive is negative
* Declare ErrInvalidApiKeyExpiration
* Move configuration to auth section
* Update docs
* Eliminate alias for models in modified files
* Omit expiration from api response if empty
* Eliminate Goconvey from test file
* Fix test
Do not sleep, use mocked timeNow() instead
* Remove index for expires from api_key table
The index should be anyway on both org_id and expires fields.
However this commit eliminates completely the index for now
since not many rows are expected to be in this table.
* Use getTimeZone function
* Minor change in api key listing
The frontend should display a message instead of empty string
if the key does not expire.
* batch disable users
* batch revoke users tokens
* split batch disable user and revoke token
* API: get users with auth info and isExternal flag
* fix tests for batch disable users
* Users: refactor /api/users/search endpoint
* Users: use alias for "user" table
* Chore: add BatchDisableUsers() to the bus
* Users: order user list by id explicitly
* Users: return AuthModule from /api/users/:id endpoint
* Users: do not return unused fields
* Users: fix SearchUsers method after last changes
* User: return auth module as array for future purposes
* User: tests for SearchUsers()
* User: return only latest auth module in SearchUsers()
* User: fix JOIN, get only most recent auth module
* tsdb: add support for setting debug flag of tsdb query
* alerting: adds debug flag in eval context
Debug flag is set when testing an alert rule and this debug
flag is used to return more debug information in test aler rule
response. This debug flag is also provided to tsdb queries so
datasources can optionally add support for returning additional
debug data
* alerting: improve test alert rule ui
Adds buttons for expand/collapse json and copy json to clipboard,
very similar to how the query inspector works.
* elasticsearch: implement support for tsdb query debug flag
* elasticsearch: embedding client response in struct
* alerting: return proper query model when testing rule
* LDAP: use only one struct
* Use only models.ExternalUserInfo
* Add additional helper method :/
* Move all the helpers to one module
* LDAP: refactoring
* Rename some of the public methods and change their behaviour
* Remove outdated methods
* Simplify logic
* More tests
There is no and never were tests for settings.go, added tests for helper
methods (cover is now about 100% for them). Added tests for the main
LDAP logic, but there is some stuff to add. Dial() is not tested and not
decoupled. It might be a challenge to do it properly
* Restructure tests:
* they wouldn't depend on external modules
* more consistent naming
* logical division
* More guards for erroneous paths
* Login: make login service an explicit dependency
* LDAP: remove no longer needed test helper fns
* LDAP: remove useless import
* LDAP: Use new interface in multildap module
* LDAP: corrections for the groups of multiple users
* In case there is several users their groups weren't detected correctly
* Simplify helpers module
* Feature: Parse user agent string in user auth token api response (#16222)
* Adding UA Parser Go modules attempt (#16222)
* Bring user agent vals up per req
* fix tests
* doc update
* update to flatten, no maps
* update doc
Adds a new [server] setting `serve_from_sub_path`. By enabling
this setting and using a subpath in `root_url` setting, e.g.
`root_url = http://localhost:3000/grafana`, Grafana will be accessible
on `http://localhost:3000/grafana`. By default it is set to `false`
for compatibility reasons.
Closes#16623
* Users: add is_disabled column
* Users: disable users removed from LDAP
* Auth: return ErrInvalidCredentials for failed LDAP auth
* User: return isDisabled flag in user search api
* User: mark disabled users at the server admin page
* Chore: refactor according to review
* Auth: prevent disabled user from login
* Auth: re-enable user when it found in ldap
* User: add api endpoint for disabling user
* User: use separate endpoints to disable/enable user
* User: disallow disabling external users
* User: able do disable users from admin UI
* Chore: refactor based on review
* Chore: use more clear error check when disabling user
* Fix login tests
* Tests for disabling user during the LDAP login
* Tests for disable user API
* Tests for login with disabled user
* Remove disable user UI stub
* Sync with latest LDAP refactoring
This makes sure the scenarios returned from API are sorted in a consistent
way and by that makes the values in scenario drop down always presented
ordered instead of jumping around.
This adds support for using templated/dynamic urls in routes.
* refactor interpolateString into utils and add interpolation support for app plugin routes.
* cleanup and add error check for url parse failure
* add docs for interpolated route urls
Closes#16835
Currently all API requests set Cache-control: no-cache to avoid browsers
caching sensitive data. This fixes so that all responses returned from
backend not are cached using http headers. The exception is the data proxy
where we don't add these http headers in case datasource backend needs
to control whether data can be cached or not.
Fixes#16845
If Grafana rotates the user's auth token during a request to the data
source proxy it will set the Set-Cookie header with new auth token in
response before proxying the request to the datasource.
Before this fix the Set-Cookie response header was cleared after the
proxied request was finished to make sure that proxied datasources
cannot affect cookies in users browsers. This had the consequence
of accidentally also clearing the new auth token set in Set-Cookie
header.
With this fix the original Set-Cookie value in response header is now
restored after the proxied datasource request is finished. The existing
logic of clearing Set-Cookie response header from proxied request
have been left intact.
Fixes#16757
* Add file path to metadata and show it in dialogs
* Make path relative to config directory
* Fix tests
* Add test for the relative path
* Refactor to use path relative to provisioner path
* Change return types
* Rename attribute
* Small fixes from review
* Add api to reaload provisioning
* Refactor and simplify the polling code
* Add test for the provisioning service
* Fix provider initialization and move some code to file reader
* Simplify the code and move initialization
* Remove unused code
* Update comment
* Add comment
* Change error messages
* Add DashboardProvisionerFactory type
* Update imports
* Use new assert lib
* Use mutext for synchronizing the reloading
* Fix typo
Co-Authored-By: aocenas <mr.ocenas@gmail.com>
* Add docs about the new api
* Search: Fixes search limits and adds a page parameter
This adds a page parameter to search api without adding
any major breaking change.
It does at an api validation error when trying to use
a limit beyond 5000. This is a breaking change. We could
remove this and have it only in the docs and describe that this
is a limit that grafana will apply silently.
Fixes#16049
* Fix: Corrected wrong array slice change
* Docs: minor docs fix
* Search: fixed folder tests
* Fixed: Moved limit to correct inner query
* Search: moving limit check and page check
* Search: limit in handler is no longer needed
* Store passwords in secureJsonData
* Revert unnecessary refactors
* Fix for nil jsonSecureData value
* Remove copied encryption code from migration
* Fix wrong field reference
* Remove migration and provisioning changes
* Use password getters in datasource proxy
* Refactor password handling in datasource configs
* Add provisioning warnings
* Update documentation
* Remove migration command, moved to separate PR
* Remove unused code
* Set the upgrade version
* Remove unused code
* Remove double reference
* app pages
* app pages
* workign example
* started alpha support
* remove app stuff
* show warning on alpha/beta panels
* put app back on plugin file
* fix go
* add enum for PluginType and PluginIncludeType
* Refactoring and moving settings to plugins section
fixes#16529
* Unprovision dashboard in case of DisableDeletion = true
* Rename command struct
* Handle removed provision files
* Allow html in confirm-modal
* Do not show confirm button without onConfirm
* Show dialog on deleting provisioned dashboard
* Changed DeleteDashboard to DeleteProvisionedDashboard
* Remove unreachable return
* Add provisioned checks to API
* Remove filter func
* Fix and add tests for deleting dashboards
* Change delete confirm text
* Added and used pkg/errors for error wrapping
Fixes so it's possible to create new notification channel and providing uid.
Fixes better error/result handling when updating a notifcation channel.
Fixes#16372
Ref #16219#16012