Adds an additional sqlite error code 5 (SQLITE_BUSY) to the
transaction retry handler to add retries when sqlite
returns database is locked error.
More info: https://www.sqlite.org/rescode.html#busy
Ref #17247#16638
* Users: add is_disabled column
* Users: disable users removed from LDAP
* Auth: return ErrInvalidCredentials for failed LDAP auth
* User: return isDisabled flag in user search api
* User: mark disabled users at the server admin page
* Chore: refactor according to review
* Auth: prevent disabled user from login
* Auth: re-enable user when it found in ldap
* User: add api endpoint for disabling user
* User: use separate endpoints to disable/enable user
* User: disallow disabling external users
* User: able do disable users from admin UI
* Chore: refactor based on review
* Chore: use more clear error check when disabling user
* Fix login tests
* Tests for disabling user during the LDAP login
* Tests for disable user API
* Tests for login with disabled user
* Remove disable user UI stub
* Sync with latest LDAP refactoring
* fix: azuremonitor adds multi-sub support to alerting
* fix: AzureMonitor missing parameter in metadata func
getMetricMetadata function when called in the query ctrl
was missing a parameter for Subscription Id.
Also, made some tweaks to what happens when a chained
dropdown is changed to not reset all the fields that
are dependent on it.
Adds logs scenario which is quite basic and not that smart
to begin with. This will hopefully ease development of
Explore and support for logs in Grafana.
This makes sure the scenarios returned from API are sorted in a consistent
way and by that makes the values in scenario drop down always presented
ordered instead of jumping around.
* incapsulates multipleldap logic under one module
* abstracts users upsert and get logic
* changes some of the text error messages and import sort sequence
* heavily refactors the LDAP module – LDAP module now only deals with LDAP related behaviour
* integrates affected auth_proxy module and their tests
* refactoring of the auth_proxy logic
* Chore: explore possibilities of using makefile
This is an exploratory commit - I wanted to see how
revive/gosec linters could be integrated with makefile and our build scripts.
Looks better then I expected :)
* Chore: make revive happy
Revive execution was not supplied with path, if you restore there is couple
errors that were popping up - so I fixed them
* Chore: make revive happy
* remotecache: avoid race condition in set
since set called the database twice without transactions another
operation could insert a value before the first operation completed.
which would raise an error on insert since the data have been inserted
by the other request.
closes#17079
This adds support for using templated/dynamic urls in routes.
* refactor interpolateString into utils and add interpolation support for app plugin routes.
* cleanup and add error check for url parse failure
* add docs for interpolated route urls
Closes#16835
This fixes a regression introduced in #16646 where using Elasticsearch
pre-v7.0 and alerting resulted in an error when trying to deserialize the
response of total number of hits.
Total number of hits is not in use by the backend so we're removing it
for now to make ES 6 and 7 being able to deserialize search responses
without errors.
Closes#15622
When allow_embedding is false (default) the Grafana backend
will set the http header `X-Frame-Options: deny` in all responses
to non-static content which will instruct browser to not allow
Grafana to be embedded in `<frame>`, `<iframe>`,
`<embed>` or `<object>`.
Closes#14189
Currently all API requests set Cache-control: no-cache to avoid browsers
caching sensitive data. This fixes so that all responses returned from
backend not are cached using http headers. The exception is the data proxy
where we don't add these http headers in case datasource backend needs
to control whether data can be cached or not.
Fixes#16845
A new parameter `queryMode` is added to the InfluxDB datasource to provide a way to use POST instead of GET when querying the database. This prevents to get any error when querying the database with a heavy request.
Default configuration is kept to GET for backward compatibility. Tests and documentation have been added for this new behaviour.
If Grafana rotates the user's auth token during a request to the data
source proxy it will set the Set-Cookie header with new auth token in
response before proxying the request to the datasource.
Before this fix the Set-Cookie response header was cleared after the
proxied request was finished to make sure that proxied datasources
cannot affect cookies in users browsers. This had the consequence
of accidentally also clearing the new auth token set in Set-Cookie
header.
With this fix the original Set-Cookie value in response header is now
restored after the proxied datasource request is finished. The existing
logic of clearing Set-Cookie response header from proxied request
have been left intact.
Fixes#16757
* Add file path to metadata and show it in dialogs
* Make path relative to config directory
* Fix tests
* Add test for the relative path
* Refactor to use path relative to provisioner path
* Change return types
* Rename attribute
* Small fixes from review
* Provisioning: Trying to fix test
* Use better sync strategy for test
* Lower the timeout
* Remove commented code
Co-Authored-By: aocenas <mr.ocenas@gmail.com>
* Feature: introduce LdapActiveSyncEnabled setting
We probably remove it after the active sync is done.
But at the moment we do not want to affect the current users
with not fully tested feature
* Chore: move settings in more logical order
* Feature: add cron setting for the ldap settings
* Move ldap configuration read to special function
* Introduce cron setting (no docs for it yet, pending approval)
* Chore: duplicate ldap module as a service
* Feature: implement active sync
This is very early preliminary implementation of active sync.
There is only one thing that's going right for this code - it works.
Aside from that, there is no tests, error handling, docs, transactions,
it's very much duplicative and etc.
But this is the overall direction with architecture I'm going for
* Chore: introduce login service
* Chore: gradually switch to ldap service
* Chore: use new approach for auth_proxy
* Chore: use new approach along with refactoring
* Chore: use new ldap interface for auth_proxy
* Chore: improve auth_proxy and subsequently ldap
* Chore: more of the refactoring bits
* Chore: address comments from code review
* Chore: more refactoring stuff
* Chore: make linter happy
* Chore: add cron dep for grafana enterprise
* Chore: initialize config package var
* Chore: disable gosec for now
* Chore: update dependencies
* Chore: remove unused module
* Chore: address review comments
* Chore: make linter happy
* Feature: add cron setting for the ldap settings
* Move ldap configuration read to special function
* Introduce cron setting (no docs for it yet, pending approval)
* Chore: address code review comments
Adds a new version option 7.0+ (70 internally).
Version 7.0+ doesn't include document types in index mappings
so support for handling this have been added.
Version 7.0+ returns number of hits in a different way so
support for handling this have been added.
Version 7.0+ doesn't support sending
max_concurrent_shard_requests in multisearch header so
support for sending this in query string have been added.
Update elastic6 docker block and dashboards (devenv) to use
6.7.1 images, filebeat index name is now filebeat-YYYY.MM.DD
and dashboard include correct tags and links.
Add elastic7 docker block and provisioning (devenv).
Updates documentation regarding new version.
Closes#15622
* Add api to reaload provisioning
* Refactor and simplify the polling code
* Add test for the provisioning service
* Fix provider initialization and move some code to file reader
* Simplify the code and move initialization
* Remove unused code
* Update comment
* Add comment
* Change error messages
* Add DashboardProvisionerFactory type
* Update imports
* Use new assert lib
* Use mutext for synchronizing the reloading
* Fix typo
Co-Authored-By: aocenas <mr.ocenas@gmail.com>
* Add docs about the new api
* Add value types with custom unmarshalling logic
* Add env support for notifications config
* Use env vars in json data tests for values
* Add some more complexities to value tests
* Update comment with example usage
* Set env directly in the tests, removing patching
* Update documentation
* Add env var to the file reader tests
* Add raw value
* Post merge fixes
* Add comment
* add folderUid to DashbaordsAsConfig structs and DashbardProviderConfigs struct, set these values in mapping func
look for new folderUid values in config_reader tests
set dashboard folder Uid explicitly in file_reader, which has no affect when not given
* formatting and docstrings
* add folderUid to DashbaordsAsConfig structs and DashbardProviderConfigs struct, set these values in mapping func
look for new folderUid values in config_reader tests
set dashboard folder Uid explicitly in file_reader, which has no affect when not given
* formatting and docstrings
* add folderUid option, as well as documentation for the rest of the fields
* add blank folderUid in devenv example.
* add folderUid to provisioning sample yaml
* instead of just warning, return error if unmarshalling dashboard provisioning file fails
* Removing the error handling and adding comment
* Add duplicity check for folder Uids
Co-authored-by: swtch1 <joshua.thornton@protonmail.com>
* Chore: remove session storage references
* Small refactoring of the settings module
* Update docs - remove references for the session storage
* Update config files (sample and default configs)
* Add tests for warning during the config load on defined storage cache
* Remove all references to session storage
* Remove macaron session dependency
* Remove leftovers
* Fix: address review comments
* Fix: remove old deps
* Fix: add skipStaticRootValidation = true to tests
* Fix: improve the docs and warning message
As per discussion in here - https://github.com/grafana/grafana/pull/16445/files#r273026255
* Chore: make linter happy
Fixes#16148
Ref #16114
The iteration order over maps is not specified and is not guaranteed
to be the same from one iteration to the next. If a map entry that
has not yet been reached is removed during iteration, the corresponding
iteration value will not be produced. If a map entry is created during
iteration, that entry may be produced during the iteration or may be skipped.
The choice may vary for each entry created and from one iteration to
the next. If the map is nil, the number of iterations is 0.
https://golang.org/ref/spec#For_range
* Search: Fixes search limits and adds a page parameter
This adds a page parameter to search api without adding
any major breaking change.
It does at an api validation error when trying to use
a limit beyond 5000. This is a breaking change. We could
remove this and have it only in the docs and describe that this
is a limit that grafana will apply silently.
Fixes#16049
* Fix: Corrected wrong array slice change
* Docs: minor docs fix
* Search: fixed folder tests
* Fixed: Moved limit to correct inner query
* Search: moving limit check and page check
* Search: limit in handler is no longer needed
* Chore: refactor auth proxy
Introduced the helper struct for auth_proxy middleware.
Added couple unit-tests, but it seems "integration" tests already cover
most of the code paths.
Although it might be good idea to test every bit of it, hm.
Haven't refactored the extraction of the header logic that much
Fixes#16147
* Fix: make linters happy
- guide shamelessly stolen from prometheus/prometheus
- updates local interface of oauth exchange
- updates local impl of hclogger
- bump jaeger client version
closes#16088
* fix label handling
* SEARCH() results could have multiple namespace, remove from legend
* divide GetMetricStatistics related code
* divide GetMetricData related code
* divide parseGetMetricDataResponse()
* divide parseGetMetricDataQuery()
* divide test code
* add test for GetMetricData
* add test for GetMetricData parse response
* fix bug of terminating gap
* fix gofmt
This is basically implementation of the https://github.com/grafana/grafana/issues/8900#issuecomment-435437167
points, except for the type conversion bit.
I tried to implement idea mentioned in cockroachdb ticket (see below).
And it is possible, but it complicates things as lot - not only we have to
have 4 SQL statements instead of one, but we would have to copy the column
structure as well - PK, FG, indexes and stuff, plus there will
be additional downtime with this approach.
So idea for this pull is to prepare our SQL as much as possible, so when
cockroachdb will add support for full type conversions, we could easilly add
support for it as well.
* Add `CASCADE` to `DROP INDEX` statement
* Make string conversions explicit
Thanks @Luit
Ref #8900
Ref cockroach/cockroach#9851
* Store passwords in secureJsonData
* Revert unnecessary refactors
* Fix for nil jsonSecureData value
* Remove copied encryption code from migration
* Fix wrong field reference
* Remove migration and provisioning changes
* Use password getters in datasource proxy
* Refactor password handling in datasource configs
* Add provisioning warnings
* Update documentation
* Remove migration command, moved to separate PR
* Remove unused code
* Set the upgrade version
* Remove unused code
* Remove double reference
* app pages
* app pages
* workign example
* started alpha support
* remove app stuff
* show warning on alpha/beta panels
* put app back on plugin file
* fix go
* add enum for PluginType and PluginIncludeType
* Refactoring and moving settings to plugins section
fixes#16529
* Unprovision dashboard in case of DisableDeletion = true
* Rename command struct
* Handle removed provision files
* Allow html in confirm-modal
* Do not show confirm button without onConfirm
* Show dialog on deleting provisioned dashboard
* Changed DeleteDashboard to DeleteProvisionedDashboard
* Remove unreachable return
* Add provisioned checks to API
* Remove filter func
* Fix and add tests for deleting dashboards
* Change delete confirm text
* Added and used pkg/errors for error wrapping
Fixes so it's possible to create new notification channel and providing uid.
Fixes better error/result handling when updating a notifcation channel.
Fixes#16372
Ref #16219#16012
Adds new alert settings for configuring timeouts and retries named
evaluation_timeout_seconds, notification_timeout_seconds
and max_attempts.
Closes#16240
See https://github.com/securego/gosec for more info.
Disabled a lot of rules. I guess we should go through them
and recheck if we really need to disable some
Fixes#16204
Since we do not like some of the default golint rules,
this commit proposes to use https://github.com/mgechev/revive.
And potential revive speed-up should't hurt :).
Right now, presented config (./conf/revive.toml) is permissive,
we might improve it over time however. Fixes for found revive
issues in the code are very limited so it wouldn't be large to review.
Also in this commit:
* Add annotations for makefile commands and declare phony targets
* Rename "gometalinter" script and CI command to "lint"
since we are doing there a bit more then using gometalinter package
* Add Makefile rules to .editorconfig
* Documentation which mentioned "golint" replaced with revive
Fixes#16109
Ref #16160
Now returns uid in response to get notification channel by id.
Adds GET/PUT/DELETE support for notification channel by uid,
/api/alert-notifications/uid/:uid.
Break apart alerting and alert notification http api docs in two
pages and update documentation to make it up to date
with current implementation.
Fixes#16012
If an image section is included in the JSON payload for MS Teams alerts
when no image URL exists, rendering of the alert in the client fails.
This change makes sure that an image section is only included in the
JSON payload if an image URL exists.
Closes#16082
