Commit Graph

441 Commits

Author SHA1 Message Date
Sofia Papagiannaki
9855e74b92
Chore: Refactor quota service (#58643)
Chore: Refactor quota service (#57586)

* Chore: refactore quota service

* Apply suggestions from code review
2022-11-14 21:08:10 +02:00
Misi
4915d21c25
OAuth: Feature toggle for access token expiration check and docs (#58179)
* Add feature toggle for access token expiration check

* Add docs for configuring refresh tokens

* Update docs

* Update docs based on review

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Improve documentation

* Change access_type default to Offline

* Update docs/sources/setup-grafana/configure-security/configure-authentication/gitlab/index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-security/configure-authentication/google/index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update pkg/services/featuremgmt/registry.go

Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>

* Regenerate toggles

* Update Generic OAuth docs

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
2022-11-14 16:47:46 +01:00
Sofia Papagiannaki
96cdf77995
Revert "Chore: Refactor quota service (#57586)" (#58394)
This reverts commit 326ea86a57.
2022-11-08 11:52:07 +02:00
Sofia Papagiannaki
326ea86a57
Chore: Refactor quota service (#57586)
* Chore: refactore quota service

* Apply suggestions from code review
2022-11-08 10:25:34 +02:00
Kristina
5d7d54d076
Auth: Write the redirect cookie if denied - do not write a blank redirect (#57381)
* Write the redirect cookie if denied - do not write a blank redirect

* Remove redundant code, reverse polarity
2022-10-21 09:53:17 -05:00
Marcus Efraimsson
6f8fcae01b
[main] Plugin fixes (#57399)
* Plugins: Remove support for V1 manifests

* Plugins: Make proxy endpoints not leak sensitive HTTP headers

* Security: Fix do not forward login cookie in outgoing requests

(cherry picked from commit 4539c33fce)

Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2022-10-21 13:54:55 +02:00
Kristin Laemmert
05709ce411
chore: remove sqlstore & mockstore dependencies from (most) packages (#57087)
* chore: add alias for InitTestDB and Session

Adds an alias for the sqlstore InitTestDB and Session, and updates tests using these to reduce dependencies on the sqlstore.Store.

* next pass of removing sqlstore imports
* last little bit
* remove mockstore where possible
2022-10-19 09:02:15 -04:00
Misi
9c954d06ab
Auth: Refresh OAuth access_token automatically using the refresh_token (#56076)
* Verify OAuth token expiration for oauth users in the ctx handler middleware

* Use refresh token to get a new access token

* Refactor oauth_token.go

* Add tests for the middleware changes

* Align other tests

* Add tests, wip

* Add more tests

* Add InvalidateOAuthTokens method

* Fix ExpiryDate update to default

* Invalidate OAuth tokens during logout

* Improve logout

* Add more comments

* Cleanup

* Fix import order

* Add error to HasOAuthEntry return values

* add dev debug logs

* Fix tests

Co-authored-by: jguer <joao.guerreiro@grafana.com>
2022-10-18 18:17:28 +02:00
Misi
1de0f4453e
Chore: Make NewCookieOptions exported in cookies.go (#56476) 2022-10-06 20:00:54 +02:00
idafurjes
bc7a383252
Remove org methods from sqlstore interface (#56358)
* Remove org methods from sqlstore interface

* Remove some mocks

* Fix some tests
2022-10-05 15:47:56 +02:00
Kat Yang
7715672fb3
Chore: use org service methods (#55768)
* Chore: use org service methods

* fix tests

* fix errors

* adjust func signatures for getbyname

* 💩

* Use the same fake service to get the user in AC and in HS

* Fix middleware test

* Fix more middleware test

* Fix api tests

Co-authored-by: gamab <gabi.mabs@gmail.com>
Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com>
2022-10-04 14:48:02 -04:00
Torkel Ödegaard
e31cb93ec0
NavTree: Make it possible to configure where in nav tree plugins live (#55484)
* NewIA: Plugin nav config

* progress

* Progress

* Things are working

* Add monitoring node

* Add alerts and incidents

* added experiment with standalone page

* Refactoring by adding a type for navtree root

* First test working

* More tests

* more tests

* Progress on richer config and sorting

* Sort weight working

* Path config

* Improving logic for not including admin or cfg nodes, making it the last step so that enterprise can add admin nodes without having to worry about the section not existing

* fixed index routes

* removed file

* Fixes

* Fixing tests

* Fixing more tests and adding support for weight config

* Updates

* Remove unused fake

* More fixes

* Minor tweak

* Minor fix

* Can now control position using sortweight even when existing items have no sortweight

* Added tests for frontend standalone page logic

* more tests

* Remove unused fake and fixed lint issue

* Moving reading settings to navtree impl package

* remove nav_id setting prefix

* Remove old test file

* Fix trailing newline

* Fixed bug with adding nil node

* fixing lint issue

* remove some code we have to rethink

* move read settings to PrivideService and switch to util.SplitString
2022-09-28 08:29:35 +02:00
Kristin Laemmert
701f6d5436
UserService: use the UserService instead of calling sqlstore directly (#55745)
* UserService: update callers to use the UserService instead of calling sqlstore directly

There is one major change hiding in this PR. UserService.Delete originally called a number of services to delete user-related records. I moved everything except the actual call to the user table, and moved those into the API. This was done to avoid dependencies cycles; many of our services depend on the user service, so the user service itself should have as few dependencies as possible.
2022-09-27 07:58:49 -04:00
Torkel Ödegaard
09f4068849
NavTree: Refactor out the navtree building from api/index.go and into it's own service (#55552) 2022-09-22 22:04:48 +02:00
Sofia Papagiannaki
55ef34bee4
Instrumentation: Add api/health to the unnamed handlers (#55478) 2022-09-22 13:03:20 +03:00
Serge Zaitsev
305d494902
Chore: Switch over to team.Service instead of sqlstore (#55497)
* switch to using team service

* trying to fix tests

* more tests to fix

* add missing teamtest package
2022-09-20 18:58:04 +02:00
Marcus Efraimsson
862a6a2fa6
Logging: Introduce API for contextual logging (#55198)
Introduces a FromContext method on the log.Logger interface that 
allows contextual key/value pairs to be attached, e.g. per request, 
so that any logger using this API will automatically get the per request 
context attached. The proposal makes the traceID available for 
contextual logger , if available, and would allow logs originating from 
a certain HTTP request to be correlated with traceID.
In addition, when tracing not enabled, skip adding
traceID=00000000000000000000000000000000
to logs.
2022-09-20 18:32:06 +02:00
Domas
b5c67fe0dd
Frontend logging: handle logging endpoints without expensive middleware (#54960) 2022-09-12 13:04:43 +03:00
Nicholas Wiersma
faf8eb3afb
JWT: Allow conventional bearer token in Authorization header (#54821)
* fix: allow JWT to accept standard bearer token

* fix: linter issues

* fix: linter gosec false positive

* fix: refactor logic into JWT handler

* fix: move bearer trimming earlier
2022-09-09 11:05:58 +02:00
Nicholas Wiersma
9e704fec3c
JWT: Add support for assigning org roles (#54277)
* feat: allow jwt role to be set

* chore: update documentation

* fix: cr suggestions

* fix: lint issues

* respect org auto assign and default org ID

* add server admin to devenv

Co-authored-by: jguer <joao.guerreiro@grafana.com>
2022-09-07 14:00:33 +02:00
Carl Bergquist
78978048c3
Instrumentation: log the total number of db queries per request (#54647)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Dave Henderson <dave.henderson@grafana.com>
2022-09-05 07:39:22 +02:00
Serge Zaitsev
927ddf9376
Chore: Move login attempt methods to separate service (#54479)
* Chore: Move login attempt methods to separate service

* attempt to fix tests

* fix syntax

* better time mocking

* initialise now func
2022-09-01 18:08:42 +02:00
Carl Bergquist
ab59f3cb1a
metrics: add operation name used in metrics/tracing for middlewares (#53949)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2022-08-25 10:11:27 +02:00
idafurjes
fa2e74cd6e
Chore: Remove GetSignedInUserWithCacheCtx from store interface (#53734)
* Remove delete suer from store interface

* Remove get signed in user with cache ctx from store interface

* Support options when setting up access control tests

* Fix broken tests

* Fix lint

* Add user fake to middleware

* Fix middleware tests, remove usertest being initialised twice

Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2022-08-16 16:08:59 +02:00
zhichli
806fb8ab7a
Tracing: Fix OpenTelemetry Jaeger context propagation (#53269)
* fix otel jaeger context propagation

* add back launch.json

* add back launch.json
2022-08-11 16:11:34 +02:00
idafurjes
a14621fff6
Chore: Add user service method SetUsingOrg and GetSignedInUserWithCacheCtx (#53343)
* Chore: Add user service method SetUsingOrg

* Chore: Add user service method GetSignedInUserWithCacheCtx

* Use method GetSignedInUserWithCacheCtx from user service

* Fix lint after rebase

* Fix lint

* Fix lint error

* roll back some changes

* Roll back changes in api and middleware

* Add xorm tags to SignedInUser ID fields
2022-08-11 13:28:55 +02:00
Jo
062d255124
Handle ioutil deprecations (#53526)
* replace ioutil.ReadFile -> os.ReadFile

* replace ioutil.ReadAll -> io.ReadAll

* replace ioutil.TempFile -> os.CreateTemp

* replace ioutil.NopCloser -> io.NopCloser

* replace ioutil.WriteFile -> os.WriteFile

* replace ioutil.TempDir -> os.MkdirTemp

* replace ioutil.Discard -> io.Discard
2022-08-10 15:37:51 +02:00
idafurjes
6afad51761
Move SignedInUser to user service and RoleType and Roles to org (#53445)
* Move SignedInUser to user service and RoleType and Roles to org

* Use go naming convention for roles

* Fix some imports and leftovers

* Fix ldap debug test

* Fix lint

* Fix lint 2

* Fix lint 3

* Fix type and not needed conversion

* Clean up messages in api tests

* Clean up api tests 2
2022-08-10 11:56:48 +02:00
sh0rez
534ece064b
pkg/web: closure-style middlewares (#51238)
* pkg/web: closure-style middlewares

Switches the middleware execution model from web.Handlers in a slice to
web.Middleware.
Middlewares are temporarily kept in a slice to preserve ordering, but
prior to execution they are applied, forming a giant call-stack, giving
granular control over the execution flow.

* pkg/middleware: adapt to web.Middleware

* pkg/middleware/recovery: use c.Req over req

c.Req gets updated by future handlers, while req stays static.

The current recovery implementation needs this newer information

* pkg/web: correct middleware ordering

* pkg/webtest: adapt middleware

* pkg/web/hack: set w and r onto web.Context

By adopting std middlewares, it may happen they invoke next(w,r) without
putting their modified w,r into the web.Context, leading old-style
handlers to operate on outdated fields.

pkg/web now takes care of this

* pkg/middleware: selectively use future context

* pkg/web: accept closure-style on Use()

* webtest: Middleware testing

adds a utility function to web/webtest to obtain a http.ResponseWriter,
http.Request and http.Handler the same as a middleware that runs would receive

* *: cleanup

* pkg/web: don't wrap Middleware from Router

* pkg/web: require chain to write response

* *: remove temp files

* webtest: don't require chain write

* *: cleanup
2022-08-09 14:58:50 +02:00
idafurjes
0c5b71694f
Chore: Add user service method UpdateLastSeenAt (#53309)
* Chore: Add user service method UpdateLastSeenAt

* Fix lint
2022-08-04 15:44:14 +02:00
Serge Zaitsev
191ab3bb01
Chore: Move api key models into apikey service package (#53241)
* Chore: move api key models into apikey service package

* force table name for api key
2022-08-04 14:19:09 +02:00
idafurjes
1ecbe22751
Chore: Add user service method GetByLogin (#53204)
* Add wrapper around sqlstore method GetUserByLogin

* Use new method from user service

* Fix lint

* Fix lint 2

* fix middleware basic auth test

* Fix grafana login returning a user by login

* Remove GetUserByLogin from store interface

* Merge commit
2022-08-04 13:22:43 +02:00
Serge Zaitsev
64488f6b90
Chore: split APIKey store (#52781)
* move apikey store into a separate service

* add apikey service to wire graph

* fix linter

* switch api to use apikey service

* fix provideservice in tests

* add apikey service test double

* try different sql syntax

* rolling back the dialect

* trigger drone

* trigger drone
2022-08-02 16:55:19 +02:00
Jo
c2d3c90bc8
Auth: Implement Token URL JWT Auth (#52662)
* Auth: check of auth_token in url and resolve user if present

* check if auth_token is passed in url

* Auth: Pass auth_token for request if present in path

* no need to decode token in index

* temp

* use loadURLToken and set authorization header

* cache token in memory and strip it from url

* Use loadURLToken

* Keep token in url

* strip sensitive query strings from url used by context logger

* adapt login by url to jwt token

* add jwt iframe devenv

* add jwt iframe devenv instructions

* add access note

* add test for cleaning request

* ensure jwt token is not carried into handlers

* do not reshuffle queries, might be important

* add correct db dump location

* prefer set token instead of cached token

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-07-27 16:10:47 +02:00
Carl Bergquist
732cc99480
instrumentation: add buckets to catch very slow requests (#51492)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2022-07-26 12:38:59 +03:00
idafurjes
d3d8fdd878
Chore: Move user errors to user service (#52460)
* Move user not found err to user service

* User ErrCaseInsensitive from user pkg

* User ErrUserAlreadyExists from user pkg

* User ErrLastGrafanaAdmin from user pkg

* Remove errors from model
2022-07-20 14:50:06 +02:00
idafurjes
17ec9cac83
Add delete user from other services/stores (#51912)
* Remove user from preferences, stars, orguser, team member

* Fix lint

* Add Delete user from org and dashboard acl

* Delete user from user auth

* Add DeleteUser to quota

* Add test files and adjust user auth store

* Rename package in wire for user auth

* Import Quota Service interface in other services

* do the same in tests

* fix lint tests

* Fix tests

* Add some tests

* Rename InsertUser and DeleteUser to InsertOrgUser and DeleteOrgUser

* Rename DeleteUser to DeleteByUser in quota

* changing a method name in few additional places

* Fix in other places

* Fix lint

* Fix tests

* Rename DeleteOrgUser to DeleteUserFromAll

* Update pkg/services/org/orgimpl/org_test.go

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

* Update pkg/services/preference/prefimpl/inmemory_test.go

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

* Rename Acl to ACL

* Fix wire after merge with main

* Move test to uni test

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2022-07-15 18:06:44 +02:00
Emil Tullstedt
06bd8b8e7a
CSRF: Fix additional headers option (#50629)
* CSRF: Fix additional headers option

* fix: type assertion on error fail on wrapped error

* Update pkg/middleware/csrf/csrf_test.go

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

* update test

Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
2022-07-13 19:28:59 +01:00
Jeff Levin
eacee08135
public dashboards: move into into its own service (#51358)
This PR moves public dashboards into its own self contained service including API, Service, Database, and Models. Routes are mounted on the Grafana HTTPServer by the API service at injection time with wire.go. The main  route that loads the frontend for public dashboards is still handled by the API package.

Co-authored-by: Jesse Weaver <jesse.weaver@grafana.com>
Co-authored-by: Owen Smallwood <owen.smallwood@grafana.com>
2022-07-06 17:51:44 -06:00
Ieva
75873d05d7
Access Control: Allow dashboard admins to query org users (#51652)
* allow dashboard admins to query org users

* rename one more variable
2022-07-04 10:43:06 +01:00
idafurjes
6c43eb0b4d
Split Create User (#50502)
* Split Create User

* Use new create user and User from package user

* Add service to wire

* Making create user work

* Replace user from user pkg

* One more

* Move Insert to orguser Service/Store

* Remove unnecessary conversion

* Cleaunp

* Fix Get User and add fakes

* Fixing get org id for user logic, adding fakes and other adjustments

* Add some tests for ourguser service and store

* Fix insert org logic

* Add comment about deprecation

* Fix after merge with main

* Move orguser service/store to org service/store

* Remove orguser from wire

* Unimplement new Create user and use User from pkg user

* Fix wire generation

* Fix lint

* Fix lint - use only User and CrateUserCommand from user pkg

* Remove User and CreateUserCommand from models

* Fix lint 2
2022-06-28 14:32:25 +02:00
Serge Zaitsev
ae9491c3a7
Chore: Make test tracer noop and return no errors (#50797) 2022-06-15 12:40:41 +02:00
Carl Bergquist
b8b6d0e1a1
Instrumentation: Define handlers for requests that are not handled with named handlers (#50613)
Signed-off-by: bergquist <carl.bergquist@gmail.com>

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
2022-06-14 07:58:20 +02:00
Carl Bergquist
2d6e69226b
Instrumentation: Add feature toggle for logging requests instrumented as unknown (#50566)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2022-06-10 10:56:55 +02:00
owensmallwood
cfdea1ee30
PublicDashboards: Frontend routing for public dashboards (#48834)
* add isPublic to dashboard

* refactor routes to use route group and add placeholder method for sharing apii

* add sharing pane and utils for public dashboard config to sharing modal

* Sharing modal now persists data through the api

* moves ShareDashboard endpoint to new file and starts adding tests

* generates mocks. Adds tests for public dashboard feature flag

* Adds ability to pass in array of features to enable for the test

* test to update public flag on dashboard WIP

* Adds mock for SaveDashboardSharingConfig

* Fixes tests. Had to use FakeDashboardService

* Adds React tests for public dashboards toggle

* removes semicolons

* refactors SharePublic component to use hooks

* rename from `share publicly` to `public dashboard config`

* checkpoint. debugging tests. need to verify name changes

* checkpoint. test bugs fixed. need to finish returning proper response codes

* finish renaming. fix test

* Update pkg/api/api.go

Co-authored-by: Torkel Ödegaard <torkel@grafana.com>

* update backend url

* rename internal objects and commands. fix configuration modal labels

* add endpoint for retrieving public dashboard configuration and populate the frontend state from it

* add test for dashboardCanBePublic

* adds backend routes

* copy DashboardPage component into component for public dashboards. WIP

* adds react routes, and doesnt render main nav bar when viewing a public route

* removes extra react route from testing

* updates component name

* Wrap the original dashboard component so we can pass props relevant to public dashboards, turn kiosk mode on/off, etc

* Wraps DashboardPage in PublicDashboardPage component. DashboardPage gets rendered in kiosk mode when public prop is passed.

* removes commented out code from exploratory work

* Makes public dashboard routes require no auth

* extracts helper to own util file to check if were viewing a public page

* Hides panel dropdown when its being viewed publicly

* formatting

* use function from utils file for determining if publicly viewed. If public, hides app notifications, searchwrapper, and commandpalette.

* adds unit tests for util function used to see if page is being viewed publicly

* cant added annotations to panel when being publicly viewed

* removes useless comment

* hides backend and frontend pubdash routes behind feature flag

* consider feature flag when checking url path to see if on public dashboard

* renames function

* still render app notifications when in public view

* Extract pubdash route logic into own file

* fixes failing tests

* Determines path using location locationUtils. This covers the case when grafana is being hosted on a subpath. Updates tests.

* renames pubdash web route to be more understandable

* rename route

* fixes failing test

* fixes failing test. Needed to update pubdash urls

* sets flag on grafana boot config for if viewing public dashboard. Removes hacky check that looks at the url

* fixes failing tests. Uses config to determine if viewing public dashboard

* renders the blue panel timeInfo on public dashboard panel

* Extracts conditional logic for rendering components out into their own functions

* removes publicDashboardView check, and uses dashboard meta instead

* the timeInfo is always displayed on the panel

* After fetch of public dashboard dto, the meta isPublic flag gets set and used to determine if viewing public dashboard for child components. Fixes tests for PanelHeader.

* Fixes failing test. Needed to add isPublic flag to dashboard meta.

Co-authored-by: Jeff Levin <jeff@levinology.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
2022-06-02 14:57:55 -06:00
Emil Tullstedt
3e81fa0716
API: Migrate CSRF to service and support additional options (#48120)
* API: Migrate CSRF to service and support additional options

* minor

* public Csrf service to use in tests

* WIP

* remove fmt

* comment

* WIP

* remove fmt prints

* todo add prefix slash

* remove fmt prints

* linting fix

* remove trimPrefix

Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>
2022-06-02 15:52:30 +02:00
Kristin Laemmert
2edfbb7767
sqlstore split: dashboard permissions (#49962)
* backend/sqlstore split: remove unused GetDashboardPermissionsForUser from sqlstore
* remove debugging line
* backend/sqlstore: move dashboard permission related functions to dashboard service
2022-06-01 14:16:26 -04:00
Carl Bergquist
9562fb389f
Metrics: Remove support for using summaries instead of histogram for HTTP instrumentation (#49985)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2022-06-01 14:33:59 +02:00
sh0rez
3ca3a59079
pkg/web: remove dependency injection (#49123)
* pkg/web: store http.Handler internally

* pkg/web: remove injection

Removes any injection code from pkg/web.

It already was no longer functional, as we already only injected into
`http.Handler`, meaning we only inject ctx.Req and ctx.Resp.

Any other types (*Context, *ReqContext) were already accessed using the
http.Request.Context.Value() method.

* *: remove type mappings

Removes any call to the previously removed TypeMapper, as those were
non-functional already.

* pkg/web: remove Context.Invoke

was no longer used outside of pkg/web and also no longer functional
2022-05-24 15:35:08 -04:00
Ezequiel Victorero
dfab100dc7
Chore: sanitize values before being logged from request headers (#49245)
* Chore: sanitize values being logged directly from request headers
2022-05-23 14:18:33 -03:00