* remove dashboard previews backend
* remove dashboard previews backend
* bring back the migration
* bring back the migration
* bring back the migration
* move analytics identifiers to backend
* implement hash function
* grab secret from env
* expose and retrieve intercom secret from config
* concat email with appUrl to ensure uniqueness
* revert to just using email
* Revert "revert to just using email"
This reverts commit 8f10f9b1bc.
* add docstring
* update ldap library and use go module path
* add TLS min version and accepted min TLS version
* set default min ver to library default
* set default min ver to library default
* add cipher list to toml
* Update pkg/services/ldap/settings.go
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Apply suggestions from code review
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* lint
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* add: deprecaation notice for overall setting
* add: deprecation notice for configuration files
* chore: update docs with deprecation notice
* refactor: change to note the new setting instead
* Update pkg/setting/setting.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* refactor: based on review comments
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Use suggested value for uid
* update the snapshot
* use __expr__
* replace all -100 with __expr__
* update snapshot
* more changes
* revert redundant change
* Use expr.DatasourceUID where it's possible
* generate files
* Allow pausing alerts from provisioning
* Update swagger
* Add IsPaused to provision export endpoints
* Add pause field in sample.yml
* Add exception for reset state in first loop iteration of scheduler if rule is paused
* Update provision definition and swagger docs
* Fix provisioning export tests
* Suggestion: Simplify if condition
* Add more context to a comment
* WIP
* Update pkg/services/login/authinfo.go
* fix: merge
* change order to internal last
* adds: docs
* add: configuration for defaults and sample
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Jo <joao.guerreiro@grafana.com>
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
---------
Co-authored-by: Jo <joao.guerreiro@grafana.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Add config to remove Snapshot functionality (frontend is hidden and validation in the backend)
* Add test cases
* Remove unused mock on the test
* Moving Snapshot config from globar variables to settings.Cfg
* Removing warnings on code
* Add new config option
* Add frontend control
* Condition new auth broker with config option
* Condition old auth broker with config option
Co-authored-by: Jo <joao.guerreiro@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* [WIP] Auth: add backend skipOrgRoleSync to AzureAD OAuth
- add: skipOrgRoleSync
- rename: skipOrgRoleSync to skipOrgRoleSyncBase (to make it clear that
it is the base version of SocialBase)
- add: tests for skipOrgRoleSync in AzureAD
TODO:
- [ ] frontend changes
* add: docs
* refactor: remove role from basicinfo
* add: settings for grafanacom
* add: settigns for frontend
* add: logic for azureAD user skip org role
* add: docs for skip_org_role_sync
* refactor: docs a bit
* add: tests for userinfo
* refactor: to only extract if skiporgrolesync false
* refactor: based on review comments
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
This commit adds a customizable timeout for screenshots called
capture_timeout. The default value is 10 seconds, and the maximum
value is 30 seconds. This timeout should be less than the minimum
Interval of all Evaluation Groups to avoid back pressure on alert
rule evaluation.
The GrafanaComURL setting is currently used in two places:
- the /api/gnet endpoint, which proxies all requests to the URL
configured in GrafanaComURL
- OAuth logins using grafana.com, where the auth URL, token URL and
redirect URL are all configured to use the GrafanaComURL.
This has worked fine until now because almost all Grafana instances have
just used the default value, https://grafana.com. However, we now have a
few different grafana.com's, some of which are behind IAP. The IAP
causes the /api/gnet proxy to fail because the required cookies are not
present in the request (how could they be?). Setting the
[grafana_net.url] setting to an internal-only URL improves the situation
slightly - the proxy works again just fine - but breaks any OAuth logins
using grafana.com, because the user must be redirected to a publicly
accessible URL.
This commit adds an additional setting, `[grafana_com.api_url]`,
which can be used to tell Grafana to use the new API URL when proxying
requests to the grafana.com API, while still using the existing
`GrafanaComURL` setting for other things.
The setting will fall back to the GrafanaComURL setting + "/api" if unset.
* Add new configuration option for SA tokens
* Add new expiry date option to frontend components
* Add backend validation
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Add configuration options for `renderKey` lifetime
* Rename config key to `render_key_lifetime`
* Update conf/defaults.ini
Co-authored-by: Joan López de la Franca Beltran <5459617+joanlopez@users.noreply.github.com>
* Add `render_key_lifetime` to sample.ini
Co-authored-by: Joan López de la Franca Beltran <5459617+joanlopez@users.noreply.github.com>
* LDAP: Add skip_org_role_sync option
* Document the new config option
* Nit on docs
* Update docs/sources/setup-grafana/configure-security/configure-authentication/ldap.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Docs suggestions
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Add test, Fix disabled user when no role
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* feat: make it possible to register standalone app plugin pages under different sections
* refactor(sample.ini): use "admin" instead of "starred" section in the INI
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* feat(defaults.ini): add app navigation settings to the defaults.ini as well
* fix: use the correct key in the tests
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* RBAC: Add cache for oss permissions
* RBAC: include service account actions
* RBAC: revert changes to fetch service account permissions
* Update comment for setting
* RBAC: Disable permission chache for tests
* WIP
* Set public_suffix to a pre Ruby 2.6 version
* we don't need to install python
* Stretch->Buster
* Bump versions in lib.star
* Manually update linter
Sort of messy, but the .mod-file need to contain all dependencies that
use 1.16+ features, otherwise they're assumed to be compiled with
-lang=go1.16 and cannot access generics et al.
Bingo doesn't seem to understand that, but it's possible to manually
update things to get Bingo happy.
* undo reformatting
* Various lint improvements
* More from the linter
* goimports -w ./pkg/
* Disable gocritic
* Add/modify linter exceptions
* lint + flatten nested list
Go 1.19 doesn't support nested lists, and there wasn't an obvious workaround.
https://go.dev/doc/comment#lists
* extract errors to errors file
* implement oauth server admin assignment
* add server admin tests
* deduplicate autoAssignOrgRole
* deduplicate strict setting
* deduplicate strict setting
* add support for generic oauth
* add role attribute strict support for generic oauth
* add support for github/gitlab
* assignGrafanaAdmin option is here to stay
* unify similar errors
* add config option
* add okta server admin mapping
* remove never used Company attribute
* unify generic oauth role extract with other methods
* case insensitive role match as in azure
* add ini settings
* add server admin to devenv
* remove duplicate fields
* add documentation to oauth
* fix titlecase test
* implement doc feedback
* feat: allow jwt role to be set
* chore: update documentation
* fix: cr suggestions
* fix: lint issues
* respect org auto assign and default org ID
* add server admin to devenv
Co-authored-by: jguer <joao.guerreiro@grafana.com>
* Toggle on the mixed mode option
* Ensure switching to mixed gives existing query prev datasource
* WIP - Populate datasource when switching between mixed and not
* WIP - handle change from mixed
* Remove preimport filter, refine filter to work for queries
* WIP debugging datasource transition
* Ensure creating a new query gets target data source if switching with no matches between
* Add mixed datasource to rich history display
* Cleanup console logs, add relevant comments
* Add feature toggle for mixed datasource
* Fix Wrapper tests
* Fix tests!
* Fix test types and add feature tracking
* Remove unnecessary default, remove explore/mixed workarounds for D2E
* Move display text logic to mixed datasource file
* Add in the default query parameters to a generated empty query
* Condense some code
* Apply suggestions from code review
Co-authored-by: Giordano Ricci <me@giordanoricci.com>
* Add more logic around mixed datasource being off for explore
* Build out logic to handle different datasource scenarios
* Add tests
* Finalize last test
* Fix mixed URL with mixed ds off, and relevant test
* Fix datasource to explore workflow
* Add datasource change function, call import queries if needed
* add logic for changing single query ds
Co-authored-by: Giordano Ricci <me@giordanoricci.com>
* Add: package error message for io/util
* added a ioutil for testing ci
* Revert "added a ioutil for testing ci"
This reverts commit 8c324ccf8a.
* removed spaces
* add depguard rule for ioutil
* replace ioutil.ReadDir with os.ReadDir
* use legacy option in depguard supported in golangci-lint v1.40
* replace ioutil.ReadDir with os.ReadDir
* return error for file info
* Toggle on the mixed mode option
* Ensure switching to mixed gives existing query prev datasource
* WIP - Populate datasource when switching between mixed and not
* WIP - handle change from mixed
* Remove preimport filter, refine filter to work for queries
* WIP debugging datasource transition
* Ensure creating a new query gets target data source if switching with no matches between
* Add mixed datasource to rich history display
* Cleanup console logs, add relevant comments
* Add feature toggle for mixed datasource
* Fix Wrapper tests
* Fix tests!
* Fix test types and add feature tracking
* Remove unnecessary default, remove explore/mixed workarounds for D2E
* Move display text logic to mixed datasource file
* Add in the default query parameters to a generated empty query
* Condense some code
* Apply suggestions from code review
Co-authored-by: Giordano Ricci <me@giordanoricci.com>
Co-authored-by: Giordano Ricci <me@giordanoricci.com>
* OAuth: Add extract role support to github
OAuth: correct github errors
Oauth: add github tests
Oauth: Allow mapping via group memberships
Oauth: Add markdown instructions to the new mappers
fix lint
* Apply suggestions from code review
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
* Apply suggestions from code review
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
* Alerting: Add config disabled_labels to disable reserved labels
[unified_alerting.reserved_labels]
disabled_labels
* Replace IsGrafanaFolderDisabled with more generic IsReservedLabelDisabled
* Simplify SchedulerCfg by including UnifiedAlertingSettings
* I18n: Set default locale in server config and expose in grafanaBootData
* put default locale behind feature flag
* update tests now that default locale is behind feature flag
* little bit of PR feedback
* update sample.ini
* added troubleshooting for "origin not allowed" messages
* include in configuration.ini
* moved doc to security
* removed enterprise congiruation
* Update conf/sample.ini
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
This PR renames the configuration key enabled to capture. This is needed as we already have a configuration key with the name enabled.
Fixes#50328
Co-authored-by: Jean-Philippe Quéméner <JohnnyQQQQ@users.noreply.github.com>
This commit adds a pkg/services/screenshot package for taking and uploading screenshots of Grafana dashboards. It supports taking screenshots of both dashboards and individual panels within a dashboard, using the rendering service.
The screenshot package has the following services, most of which can be composed:
BrowserScreenshotService (Takes screenshots with headless Chrome)
CachableScreenshotService (Caches screenshots taken with another service such as BrowserScreenshotService)
NoopScreenshotService (A no-op screenshot service for tests)
SingleFlightScreenshotService (Prevents duplicate screenshots when taking screenshots of the same dashboard or panel in parallel)
ScreenshotUnavailableService (A screenshot service that returns ErrScreenshotsUnavailable)
UploadingScreenshotService (A screenshot service that uploads taken screenshots)
The screenshot package does not support wire dependency injection yet. ngalert constructs its own version of the service. See https://github.com/grafana/grafana/issues/49296
This PR also adds an ImageScreenshotService to ngAlert. This is used to take screenshots with a screenshotservice and then store their location reference for use by alert instances and notifiers.
* AccessControl: Document basic roles simplifying
* Add sample file for provisioning v2
* WIP
* Update provisioning example from docs
* Fix wrong permission in docs
* Nits on about-rbas.md
* Manage rbac roles
* Nit.
* Nit.
* Rephrase
* Comment
* Add version to the role
* Update role
* Update role
* Spell
* Final touch on about-rbac
* Add basic role UID mapping about-rbac
* Team assignments
* assign rbac roles
* move for more info
* enable rbac and provisioning
* spell
* plan rbac rollout strategy
* Cover factory reset
* remove builtin assignment permissions from docs
* to -> from
* Custom role actions scopes
* spell
* Update docs/sources/enterprise/access-control/about-rbac.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/about-rbac.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/assign-rbac-roles.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/assign-rbac-roles.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/assign-rbac-roles.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/plan-rbac-rollout-strategy.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/plan-rbac-rollout-strategy.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/manage-rbac-roles.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/custom-role-actions-scopes.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/custom-role-actions-scopes.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/enable-rbac-and-provisioning.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/manage-rbac-roles.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/manage-rbac-roles.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/manage-rbac-roles.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/manage-rbac-roles.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/manage-rbac-roles.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/manage-rbac-roles.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/manage-rbac-roles.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/manage-rbac-roles.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/manage-rbac-roles.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/manage-rbac-roles.md
* Update docs/sources/enterprise/access-control/manage-rbac-roles.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Remove factory as much as possible
* Update docs/sources/enterprise/access-control/plan-rbac-rollout-strategy.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/plan-rbac-rollout-strategy.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Have -> Must
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Have -> Must
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Replace factory by hard reset
* Replace LINK
* Update docs/sources/enterprise/access-control/about-rbac.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Suggestion on example descriptions
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/enterprise/access-control/manage-rbac-roles.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Remove comment on permissions escalate
* Prettier.
* add a sentence to explain the type:escalate
* add a sentence to explain the type:escalate
* Rephrase
* Remove TODOs as discussed with jguer
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Implement vardan's suggestion to have only one mapping:
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
* Document that you cannot delete basic roles
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
* Add RBAC section to settings
* Default to RBAC enabled settings to true
* Update tests to respect RBAC
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Add feature flag and scaffodling
* start adding actions
* WIP
* move action files
* Start adding styles
* Fix implementation based on feedback
* Add more hackathon code back to command palette
* Cleanup
* Cleanup unused service files for simple MVP pass
* Move type def to library
* WIP
* Move provider to proper place to pick up other routes’ actions
* Build actions off navbar, add explore actions
* Work around undefined typescript stuff
* Fix based on feedback
* close palette on ESC
* Fix based on PR feedback pt 1
* Move styles to classes
* Move another inline style to a class
* Enable command palette by default
* change around async hook structure
* Add simple feature tracking
* Code cleanup, and be sure the command is accurate
* Change to only render if there are actions, and only add actions once past login
* Select: Expose AsyncSelectProps interface
* DashboardPicker: Add a generic DashboardPicker component
* Dashboard Service: improve types
* Explore: allow saving explore state in a new panel in an existing dashboard
* Handle saving provisioned dashboards error
* Improve test coverage
* simplify test setup
* Strip base path from url when redirecting to a dashboard
* Keep existing variables when saving to an existing dashboard
* group assertions in test
* SearchCard: handle undefined in meta.updated
* Change required error message
* Add to dashboard alternative
* Add to existing is working
* Add to dashboard form
* remove default add-panel when creating a dashboard from explore
* types cleanup
* remove unneeded BE change
* simplify selector
* Add explore2Dashboard feature toggle
* add tests
* Small refactor & add tests
* small DashboardPicker improvements
* use partial from lodash
* Better error handling
* improve tests & disable button when there are no queries
* rename addPanelToDashboard function
* remove localStorage item if opening tab fails
* UI touchups & tracking
* Fix tests & remove close reporting
* remove echologger debug
* fix adding a panel to an existing dashboard
* Enable explore2Dashboard by default and add docs
* Ensure each panel in dashboards has a valid ID
* force CI restart
Co-authored-by: Elfo404 <me@giordanoricci.com>
* pass in user to attribute scope resolver
* add SQL filter to annotation listing
* check annotation FGAC permissions before exposing them for commenting
* remove the requirement to be able to list all annotations from annotation listing endpoint
* adding tests for annotation listing
* remove changes that got moved to a different PR
* unused var
* Update pkg/services/sqlstore/annotation.go
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* remove unneeded check
* remove unneeded check
* undo accidental change
* undo accidental change
* doc update
* move tests
* redo the approach for passing the user in for scope resolution
* accidental change
* cleanup
* error handling
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* Expose option to disable help menu
* Expose option to disable profile menu
* Add Profile FeatureTogglePage
* Update public/app/features/profile/FeatureTogglePage.tsx
Uptake PR wording suggestion.
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Fix front end lint issue
* Fix back end lint issue
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* AzureAD OAuth: Add optional strict parsing of role_attribute_path for Azure AD
Fix casting issues
modify unit tests
Unit test fix
Add proper test args
* Return empty role when using strict attribute mode
* Raise error on empty role
* Fix UT for latest case
* Chore: add setting to skip org assignment for external users
Introduce 'skip_org_role_update_sync' setting to skip any kind of org assignment during the login of external users.
As a consequence manual organization assignments won't be overridden during the upsert of an external user.
Part of #22605
* Chore: Rename skip_org_role_update_sync to oauth_skip_org_role_update_sync and relocate it to auth section
* Chore: replace global setting access where possible
