* AccessControl: add one-dimensional permissions to datasources in the backend
* AccessControl: add one-dimensional permissions to datasources in the frontend (#38080)
Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com>
Introduces org-level isolation for the Alertmanager and its components.
Silences, Alerts and Contact points are not separated by org and are not shared between them.
Co-authored with @davidmparrott and @papagian
* add a more flexible way to create permissions
* update interface for accesscontrol to use new eval interface
* use new eval interface
* update middleware to use new eval interface
* remove evaluator function and move metrics to service
* add tests for accesscontrol middleware
* Remove failed function from interface and update inejct to create a new
evaluator
* Change name
* Support Several sopes for a permission
* use evaluator and update fakeAccessControl
* Implement String that will return string representation of permissions
for an evaluator
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* simplify toggle + add link to server admin
* feat(catalog): org admins can configure plugin apps, cannot install/uninstall plugins
* fix(catalog): dont show buttons if user doesn't have install permissions
* feat(catalog): cater for accessing catalog via /plugins and /admin/plugins
* feat(catalog): use location for list links and match.url to define breadcrumb links
* test(catalog): mock isGrafanaAdmin for PluginDetails tests
* test(catalog): preserve default bootdata in PluginDetails mock
* refactor(catalog): move orgAdmin check out of state and make easier to reason with
Co-authored-by: Will Browne <will.browne@grafana.com>
* AccessControl: Implement a way to register fixed roles
* Add context to register func
* Use FixedRoleGrantsMap instead of FixedRoleGrants
* Removed FixedRoles map to sync.map
* Wrote test for accesscontrol and provisioning
* Use mutexes+map instead of sync maps
* Create a sync map struct out of a Map and a Mutex
* Create a sync map struct for grants as well
* Validate builtin roles
* Make validation public to access control
* Handle errors consistently with what seeder does
* Keep errors consistant amongst accesscontrol impl
* Handle registration error
* Reverse the registration direction thanks to a RoleRegistrant interface
* Removed sync map in favor for simple maps since registration now happens during init
* Work on the Registrant interface
* Remove the Register Role from the interface to have services returning their registrations instead
* Adding context to RegisterRegistrantsRoles and update descriptions
* little bit of cosmetics
* Making sure provisioning is ran after role registration
* test for role registration
* Change the accesscontrol interface to use a variadic
* check if accesscontrol is enabled
* Add a new test for RegisterFixedRoles and fix assign which was buggy
* Moved RegistrationList def to roles.go
* Change provisioning role's description
* Better comment on RegisterFixedRoles
* Correct comment on ValidateFixedRole
* Simplify helper func to removeRoleHelper
* Add log to saveFixedRole and assignFixedRole
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
Co-authored-by: Jeremy Price <Jeremy.price@grafana.com>
* add fixed role for datasource read operations
* Add action for datasource explore
* add authorize middleware to explore index route
* add fgac support for explore navlink
* update hasAccessToExplore to check if accesscontrol is enable and evalute action if it is
* add getExploreRoles to evalute roles based onaccesscontrol, viewersCanEdit and default
* create function to evaluate permissions or using fallback if accesscontrol is disabled
* change hasAccess to prop and derive the value in mapStateToProps
* add test case to ensure buttons is not rendered when user does not have access
* Only hide return with changes button
* remove internal links if user does not have access to explorer
Co-authored-by: Ivana Huckova <30407135+ivanahuckova@users.noreply.github.com>
* add accesscontrol action for stats read
* use accesscontrol middleware for stats route
* add fixed role with permissions to read sever stats
* add accesscontrol action for settings read
* use accesscontrol middleware for settings route
* add fixed role with permissions to read settings
* add accesscontrol tests for AdminGetSettings and AdminGetStats
* add ability to scope settings
* add tests for AdminGetSettings
* Add new accesscontrol action for ldap config reload
* Update ldapAdminEditRole with new ldap config reload permission
* wrap /ldap/reload with accesscontrol authorize middleware
* document new action and update fixed:ldap:admin:edit with said action
* add fake accesscontrol implementation for tests
* Add accesscontrol tests for ldap handlers
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
* add uninstall flow
* add install flow
* small cleanup
* smaller-footprint solution
* cleanup + make bp start auto
* fix interface contract
* improve naming
* accept version arg
* ensure use of shared logger
* make installer a field
* add plugin decommissioning
* add basic error checking
* fix api docs
* making initialization idempotent
* add mutex
* fix comment
* fix test
* add test for decommission
* improve existing test
* add more test coverage
* more tests
* change test func to use read lock
* refactoring + adding test asserts
* improve purging old install flow
* improve dupe checking
* change log name
* skip over dupe scanned
* make test assertion more flexible
* remove trailing line
* fix pointer receiver name
* update comment
* add context to API
* add config flag
* add base http api test + fix update functionality
* simplify existing check
* clean up test
* refactor tests based on feedback
* add single quotes to errs
* use gcmp in tests + fix logo issue
* make plugin list testing more flexible
* address feedback
* fix API test
* fix linter
* undo preallocate
* Update docs/sources/administration/configuration.md
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Update docs/sources/administration/configuration.md
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Update docs/sources/administration/configuration.md
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* fix linting issue in test
* add docs placeholder
* update install notes
* Update docs/sources/plugins/marketplace.md
Co-authored-by: Marcus Olsson <marcus.olsson@hey.com>
* update access wording
* add more placeholder docs
* add link to more info
* PR feedback - improved errors, refactor, lock fix
* improve err details
* propagate plugin version errors
* don't autostart renderer
* add H1
* fix imports
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
Co-authored-by: Marcus Olsson <marcus.olsson@hey.com>
Following discussion in grafana/grafana-enterprise#1292, removing
org-scoped users scopes to make it clear that the local organization is
the default and the alternative to that is a global scope (for a select
few endpoints)
* Encapsulate settings with a provider with support for runtime reloads
* SettingsProvider: reload is controlled by the services
* naive impl of reload handlers for settings
* working naive detection on new changes
* Trigger settings reload from API endpoint
* validation step added
* validation of settings
* Fix linting errors
* Replace DB_Varchar by DB_NVarchar
* Reduce settings columns (section, key) lenghts
* wip db update logic
* Db Settings: separate updates and removals
* Fix: removes incorrectly added code
* Minor code improvements
* Runtime settings: moved oss -> ee
* Remove no longer used setting.Cfg SAML-related fields
* Rename file setting/settings.go => setting/provider.go
* Apply suggestions from code review
Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>
* Minor code improvements on OSS settings provider
* Fix some login API tests
* Correct some GoDoc comments
* Apply suggestions from code review
Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>
Co-authored-by: Leonard Gram <leo@xlson.com>
Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>
* FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters to prometheus
* FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters to prometheus
* Fix naming
* change to histogram
* Fixed go lint
* Fix LoginService.UpsertUser user creation
* Fix API AdminCreateUser user creation
* Add missing underscore import
* Fix API CompleteInvite user creation
* Fix API SignUpStep2 user creation
* Refactor: adds permissions for library panel creation
* Refactor: checks folder permissions for patch requests
* Chore: changes after PR comments
* Refactor: adds permissions to delete
* Refactor: moves get all permission tests out of get all tests
* Chore: move out get all tests to a separate file
* Refactor: adds permissions to get handler
* Refactor: fixes a bug with getting library panels in General folder
* Refactor: adds permissions for connect/disconnect
* Refactor: adds permissions and tests for get connected dashboards
* Tests: adds tests for connected dashboards in General Folder
* LibraryPanels: Deletes library panels during folder deletion
* LibraryPanels: Deletes library panels during folder deletion
* Update pkg/api/folder.go
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Update pkg/services/librarypanels/librarypanels_permissions_test.go
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Chore: updates after PR comments
* Chore: forgot to change some function signatures
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Converts the core testdata data source to use the SDK contracts and by that
implementing a backend plugin in core Grafana in similar manner as an external one.
Co-authored-by: Will Browne <will.browne@grafana.com>
Co-authored-by: Marcus Efraimsson <marefr@users.noreply.github.com>
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* Chore: moves common and response into separate packages
* Chore: moves common and response into separate packages
* Update pkg/api/utils/common.go
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Chore: changes after PR comments
* Chore: move wrap to routing package
* Chore: move functions in common to response package
* Chore: move functions in common to response package
* Chore: formats imports
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* SQLStore: customise the limit of retrieved datasources per organisation
* update all suggestions regarding nil or 0 as default
* Apply suggestions from code review
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* correct default.ini description + adding unittest
* Apply suggestions from code review
Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
* modify unittest name
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
* middleware: Move context handler to own service
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Emil Tullsted <sakjur@users.noreply.github.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
* Add an option to hide certain users in the UI
* revert changes for admin users routes
* fix sqlstore function name
* Improve slice management
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Hidden users: convert slice to map
* filter with user logins instead of IDs
* put HiddenUsers in Cfg struct
* hide hidden users from dashboards/folders permissions list
* Update conf/defaults.ini
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* fix params order
* fix tests
* fix dashboard/folder update with hidden user
* add team tests
* add dashboard and folder permissions tests
* fixes after merge
* fix tests
* API: add test for org users endpoints
* update hidden users management for dashboard / folder permissions
* improve dashboard / folder permissions tests
* fixes after merge
* Guardian: add hidden acl tests
* API: add team members tests
* fix team sql syntax for postgres
* api tests update
* fix linter error
* fix tests errors after merge
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
Co-authored-by: Leonard Gram <leo@xlson.com>
* Alerting NG: prototype v2 (WIP)
* Separate eval package
* Modify eval alert definition endpoint
* Disable migration if ngalert is not enabled
* Remove premature test
* Fix lint issues
* Delete obsolete struct
* Apply suggestions from code review
* Update pkg/services/ngalert/ngalert.go
Co-authored-by: Kyle Brandt <kyle@grafana.com>
* Add API endpoint for listing alert definitions
* Introduce index for alert_definition table
* make ds object for expression to avoid panic
* wrap error
* Update pkg/services/ngalert/eval/eval.go
* Swith to backend.DataQuery
* Export TransformWrapper callback
* Fix lint issues
* Update pkg/services/ngalert/ngalert.go
Co-authored-by: Kyle Brandt <kyle@grafana.com>
* Validate alert definitions before storing them
* Introduce AlertQuery
* Add test
* Add QueryType in AlertQuery
* Accept only float64 (seconds) durations
* Apply suggestions from code review
* Get rid of bus
* Do not export symbols
* Fix failing test
* Fix failure due to service initialization order
Introduce MediumHigh service priority and assign it to backendplugin
service
* Fix test
* Apply suggestions from code review
* Fix renamed reference
Co-authored-by: Kyle Brandt <kyle@grafana.com>
* Backend: Adds route for well-known change password URL
* Include 'dashboard/new' in backend routes
* Move index route handler registration out of "not logged in views" section
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* intial frontend resolution/redirection logic
* backend scaffolding
* enough of the frontend to actually test end to end
* bugfixes
* add tests
* cleanup
* explore too hard for now
* fix build
* Docs: add docs
* FE test
* redirect directly from backend
* validate incoming uids
* add last_seen_at
* format documentation
* more documentation feedback
* very shaky migration of get route to middleware
* persist unix timestamps
* add id, orgId to table
* fixes for orgId scoping
* whoops forgot the middleware
* only redirect to absolute URLs under the AppUrl domain
* move lookup route to /goto/:uid, stop manually setting 404 response code
* renaming things according to PR feedback
* tricky deletion
* sneaky readd
* fix test
* more BE renaming
* FE updates -- no more @ts-ignore hacking :) and accounting for subpath
* Simplify code
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* Short URLs: Drop usage of bus
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* ShortURLService: Make injectable
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* Rename file
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* Add handling of url parsing and creating of full shortURL to backend
* Update test, remove unused imports
* Update pkg/api/short_urls.go
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Add correct import
* Pass context to short url service
* Remove not needed error log
* Rename dto and field to denote URL rather than path
* Update api docs based on feedback/suggestion
* Rename files to singular
* Revert to send relative path to backend
* Fixes after review
* Return dto when creating short URL that includes the full url
Use full url to provide shorten URL to the user
* Fix after review
* Fix relative url path when creating new short url
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Ivana <ivana.huckova@gmail.com>
Co-authored-by: Ivana Huckova <30407135+ivanahuckova@users.noreply.github.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* end 2 end
* fix import
* refactor
* introduce securedata
* check err
* use testify instead of convey
* cleanup test
* cleanup test
* blob time
* rename funcs
* New feature toggle for enabling alerting NG
* Initial commit
* Modify evaluate alert API request
* Check for unique labels in alert execution result dataframes
* Remove print statement
* Additional minor fixes/comments
* Fix lint issues
* Add API endpoint for evaluating panel queries
* Push missing renaming
* add refId for condition to API
* add refId for condition to API
* switch dashboard based eval to get method
* add from/to params to dashboard based eval
* add from/to params to eval endpoint
Co-authored-by: kyle <kyle@grafana.com>
kuberentes (and Im sure other orchastrators does as well) support two
kind of checks. readiness checks and liveness checks. Grafanas current
`/api/health` endpoint requires database access which might not
always be required for the instance to be considered active.
Refactor to allow shared contract between core and external backend plugins
allowing core backend data sources in Grafana to be implemented in same
way as an external backend plugin.
Use v0.67.0 of sdk.
Add tests for verifying plugin is restarted when process is killed.
Enable strict linting for backendplugin packages
Moves common request proxy utilities to proxyutil package with
support for removing X-Forwarded-Host, X-Forwarded-Port,
X-Forwarded-Proto headers, setting X-Forwarded-For header
and cleaning Cookie header.
Using the proxyutil package to prepare and clean request
headers before resource calls.
Closes#21512
* Licensing: supplies a service to handle licensing information
* Licensing: uses the license service further
Uses the license service instead of settings.isEnterprise:
- external team members
- saml
- usage stats
* Licensing: fixes broken tests due to new Licensing service dependency
* Licensing: fixes linting errors
* Licensing: exposes license expiry information to the frontend
* LDAP: Allow an user to be synchronised against LDAP
This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand.
A few things to note are:
LDAP needs to be enabled for the sync to work
It only works against users that originally authenticated against LDAP
If the user is the Grafana admin and it needs to be disabled - it will not sync the information
Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
* LDAP: Add API endpoint to query the LDAP server(s) status|
This endpoint returns the current status(es) of the configured LDAP server(s).
The status of each server is verified by dialling and if no error is returned we assume the server is operational.
This is the last piece I'll produce as an API before moving into #18759 and see the view come to life.
* Move the ReloadLDAPCfg function to the debug file
Appears to be a better suite place for this.
* LDAP: Return the server information when we find a specific user
We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things:
- Understand in which server we found the user
- Have access the groups specified as part of the server configuration
* LDAP: Adds the /api/admin/ldap/:username endpoint
This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration.
No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
* SQLite migrations
* cleanup
* migrate end times
* switch to update with a query
* real migration
* anno migrations
* remove old docs
* set isRegion from time changes
* use <> for is not
* add comment and fix index decleration
* single validation place
* add test
* fix test
* add upgrading docs
* use AnnotationEvent
* fix import
* remove regionId from typescript
Existing /api/alert-notifications now requires at least editor access.
Existing /api/alert-notifiers now requires at least editor access.
New /api/alert-notifications/lookup returns less information than
/api/alert-notifications and can be access by any authenticated user.
Existing /api/org/users now requires org admin role.
New /api/org/users/lookup returns less information than
/api/org/users and can be access by users that are org admins,
admin in any folder or admin of any team.
UserPicker component now uses /api/org/users/lookup instead
of /api/org/users.
Fixes#17318
* Modify backend to allow expiration of API Keys
* Add middleware test for expired api keys
* Modify frontend to enable expiration of API Keys
* Fix frontend tests
* Fix migration and add index for `expires` field
* Add api key tests for database access
* Substitude time.Now() by a mock for test usage
* Front-end modifications
* Change input label to `Time to live`
* Change input behavior to comply with the other similar
* Add tooltip
* Modify AddApiKey api call response
Expiration should be *time.Time instead of string
* Present expiration date in the selected timezone
* Use kbn for transforming intervals to seconds
* Use `assert` library for tests
* Frontend fixes
Add checks for empty/undefined/null values
* Change expires column from datetime to integer
* Restrict api key duration input
It should be interval not number
* AddApiKey must complain if SecondsToLive is negative
* Declare ErrInvalidApiKeyExpiration
* Move configuration to auth section
* Update docs
* Eliminate alias for models in modified files
* Omit expiration from api response if empty
* Eliminate Goconvey from test file
* Fix test
Do not sleep, use mocked timeNow() instead
* Remove index for expires from api_key table
The index should be anyway on both org_id and expires fields.
However this commit eliminates completely the index for now
since not many rows are expected to be in this table.
* Use getTimeZone function
* Minor change in api key listing
The frontend should display a message instead of empty string
if the key does not expire.
* Users: add is_disabled column
* Users: disable users removed from LDAP
* Auth: return ErrInvalidCredentials for failed LDAP auth
* User: return isDisabled flag in user search api
* User: mark disabled users at the server admin page
* Chore: refactor according to review
* Auth: prevent disabled user from login
* Auth: re-enable user when it found in ldap
* User: add api endpoint for disabling user
* User: use separate endpoints to disable/enable user
* User: disallow disabling external users
* User: able do disable users from admin UI
* Chore: refactor based on review
* Chore: use more clear error check when disabling user
* Fix login tests
* Tests for disabling user during the LDAP login
* Tests for disable user API
* Tests for login with disabled user
* Remove disable user UI stub
* Sync with latest LDAP refactoring
* Add file path to metadata and show it in dialogs
* Make path relative to config directory
* Fix tests
* Add test for the relative path
* Refactor to use path relative to provisioner path
* Change return types
* Rename attribute
* Small fixes from review
* Add api to reaload provisioning
* Refactor and simplify the polling code
* Add test for the provisioning service
* Fix provider initialization and move some code to file reader
* Simplify the code and move initialization
* Remove unused code
* Update comment
* Add comment
* Change error messages
* Add DashboardProvisionerFactory type
* Update imports
* Use new assert lib
* Use mutext for synchronizing the reloading
* Fix typo
Co-Authored-By: aocenas <mr.ocenas@gmail.com>
* Add docs about the new api
* Search: Fixes search limits and adds a page parameter
This adds a page parameter to search api without adding
any major breaking change.
It does at an api validation error when trying to use
a limit beyond 5000. This is a breaking change. We could
remove this and have it only in the docs and describe that this
is a limit that grafana will apply silently.
Fixes#16049
* Fix: Corrected wrong array slice change
* Docs: minor docs fix
* Search: fixed folder tests
* Fixed: Moved limit to correct inner query
* Search: moving limit check and page check
* Search: limit in handler is no longer needed
* Unprovision dashboard in case of DisableDeletion = true
* Rename command struct
* Handle removed provision files
* Allow html in confirm-modal
* Do not show confirm button without onConfirm
* Show dialog on deleting provisioned dashboard
* Changed DeleteDashboard to DeleteProvisionedDashboard
* Remove unreachable return
* Add provisioned checks to API
* Remove filter func
* Fix and add tests for deleting dashboards
* Change delete confirm text
* Added and used pkg/errors for error wrapping
Now returns uid in response to get notification channel by id.
Adds GET/PUT/DELETE support for notification channel by uid,
/api/alert-notifications/uid/:uid.
Break apart alerting and alert notification http api docs in two
pages and update documentation to make it up to date
with current implementation.
Fixes#16012
* fix: Viewers with viewers_can_edit should be able to access /explore #15773
* refactoring initial PR a bit to simplify function and reduce duplication
Added new PATCH verb annotation endpoint
Removed unwanted fmt
Added test cases for PATCH verb annotation endpoint
Fixed formatting issue
Check arr len before proceeding
Updated doc to include PATCH verb annotation endpt
