Commit Graph

643 Commits

Author SHA1 Message Date
Eric Leijonmarck
a232e7ceca
Auth: Add skip_org_role_sync for Okta (#62106)
* WIP

* Update pkg/services/login/authinfo.go

* fix: merge

* change order to internal last

* adds: docs

* add: configuration for defaults and sample

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Jo <joao.guerreiro@grafana.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

---------

Co-authored-by: Jo <joao.guerreiro@grafana.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2023-01-30 10:54:14 +00:00
Josh Hunt
d51e7ec7ef
Preferences: Add theme preference to match system theme (#61986)
* user essentials mob! 🔱

lastFile:pkg/api/preferences.go

* user essentials mob! 🔱

* user essentials mob! 🔱

lastFile:packages/grafana-data/src/types/config.ts

* user essentials mob! 🔱

lastFile:public/app/core/services/echo/utils.test.ts

* user essentials mob! 🔱

* user essentials mob! 🔱

lastFile:public/views/index-template.html

* user essentials mob! 🔱

* Restore currentUser.lightTheme for backwards compat

* fix types

* Apply suggestions from code review

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* cleanup

* cleanup

---------

Co-authored-by: Ashley Harrison <ashley.harrison@grafana.com>
Co-authored-by: Joao Silva <joao.silva@grafana.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2023-01-30 10:51:51 +01:00
lean.dev
7d8ec6199d
Snapshots: Add snapshot enable config (#61587)
* Add config to remove Snapshot functionality (frontend is hidden and validation in the backend)
* Add test cases
* Remove unused mock on the test
* Moving Snapshot config from globar variables to settings.Cfg
* Removing warnings on code
2023-01-26 10:28:11 -03:00
Eric Leijonmarck
143ee0c49f
Auth: Add skip_org_role_sync to GitLab OAuth (#62055)
* Auth: Add skip_org_role_sync to GitLab OAuth

- add: tests
- docs added

* Update pkg/login/social/gitlab_oauth.go

Co-authored-by: Karl Persson <kalle.persson@grafana.com>

* fix: for import

Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2023-01-25 13:39:54 +01:00
Alexander Zobnin
60ef88c918
SAML: Support auto login (#61685)
* SAML: Support auto login

* Add individual auto_login option for each OAuth provider

* Docs: Describe new auto_login option

* Minor refactor
2023-01-19 15:53:02 +01:00
Eric Leijonmarck
0d42edddbf
Auth: Add skip_org_role_sync setting to OAuth integration Google (#61572)
* WIP

* Add: skip_org_role_sync for Google OAuth

- add setting for frontend
- add read of config
- add config to sample and default

* add: docs

* spelling

* Update pkg/login/social/social.go

* Apply suggestions from code review

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* removed unnessecary line

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2023-01-19 09:54:22 +01:00
linoman
4d095547f8
Auth: Implement skip org role sync for jwt (#61647)
* Add new config option

* Add frontend control

* Condition new auth broker with config option

* Condition old auth broker with config option

Co-authored-by: Jo <joao.guerreiro@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
2023-01-18 13:59:50 +01:00
Eric Leijonmarck
c5e74ee607
Auth: Add skip_org_role_sync for AzureAD OAuth (#60322)
* [WIP] Auth: add backend skipOrgRoleSync to AzureAD OAuth

- add: skipOrgRoleSync
- rename: skipOrgRoleSync to skipOrgRoleSyncBase (to make it clear that
  it is the base version of SocialBase)
- add: tests for skipOrgRoleSync in AzureAD

TODO:
- [ ] frontend changes

* add: docs

* refactor: remove role from basicinfo

* add: settings for grafanacom

* add: settigns for frontend

* add: logic for azureAD user skip org role

* add: docs for skip_org_role_sync

* refactor: docs a bit

* add: tests for userinfo

* refactor: to only extract if skiporgrolesync false

* refactor: based on review comments

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2023-01-16 13:16:01 +01:00
Eric Leijonmarck
91322bebb5
Auth: Add skip_org_role_sync setting for GrafanaCom (#60553)
* add frontend settings and setting for grafanacom

* removed println

* add skip-org-role-sync on login

* add deprecation notice for this field

* remove println

* remove newline

* change and renamed variables

* fix for reconfiguring the settings for grafanacom

* add documentationf or grafanacom setup

* WIP tests

* added tests

* Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* updated steps

* Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* doc: updated the docs to reflect what happens to grafana.com users

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Jo <joao.guerreiro@grafana.com>

* Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md

Co-authored-by: Jo <joao.guerreiro@grafana.com>

* Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md

Co-authored-by: Jo <joao.guerreiro@grafana.com>

* add blankline

* rephrase of doc improvements for explaing of the settings

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Jo <joao.guerreiro@grafana.com>

* add frontend setting for grafanacom.

* WIP tests

* refactor docs

* frontend to adhere to skipping org role sync for GrafanaCom users

* update docs to reflect desired behavior

* tests: added test for skip and nonskip

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Jo <joao.guerreiro@grafana.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2023-01-12 16:44:08 +01:00
Alexander Weaver
8c3a5f6da0
Alerting: Allow state history to be disabled through configuration (#61006)
* Add configuration option for if state history should be enabled

* Inject no-op when history is disabled
2023-01-05 12:21:07 -06:00
George Robinson
9af7adef76
Alerting: Support customizable timeout for screenshots (#60981)
This commit adds a customizable timeout for screenshots called
capture_timeout. The default value is 10 seconds, and the maximum
value is 30 seconds. This timeout should be less than the minimum
Interval of all Evaluation Groups to avoid back pressure on alert
rule evaluation.
2023-01-05 16:07:46 +00:00
Serge Zaitsev
f1fb202284
Chore: Add encryption codec to the remote cache (#59871)
* add encryption codec to the remote cache

* change config files too

* fix test constructor

* pass codec into the test cache
2022-12-06 15:12:27 +01:00
Serge Zaitsev
3978502d83
Chore: Remote cache key prefix (#59838)
* attempt to implement a remote cache key prefix

* add a test for the prefix store

* oh, linter
2022-12-06 13:20:49 +01:00
Ben Sully
632ca67e3f
Add a separate grafana.com API URL setting (#59506)
The GrafanaComURL setting is currently used in two places:

- the /api/gnet endpoint, which proxies all requests to the URL
  configured in GrafanaComURL
- OAuth logins using grafana.com, where the auth URL, token URL and
  redirect URL are all configured to use the GrafanaComURL.

This has worked fine until now because almost all Grafana instances have
just used the default value, https://grafana.com. However, we now have a
few different grafana.com's, some of which are behind IAP. The IAP
causes the /api/gnet proxy to fail because the required cookies are not
present in the request (how could they be?). Setting the
[grafana_net.url] setting to an internal-only URL improves the situation
slightly - the proxy works again just fine - but breaks any OAuth logins
using grafana.com, because the user must be redirected to a publicly
accessible URL.

This commit adds an additional setting, `[grafana_com.api_url]`,
which can be used to tell Grafana to use the new API URL when proxying
requests to the grafana.com API, while still using the existing
`GrafanaComURL` setting for other things.

The setting will fall back to the GrafanaComURL setting + "/api" if unset.
2022-12-01 18:06:12 +01:00
Ryan McKinley
b537acab49
FeatureFlags: enable i18n flag in the registry (#59662) 2022-12-01 08:27:52 -08:00
Gabriel MABILLE
8e929163a8
RBAC: Add config option to reset basic roles on start up (#59598)
* RBAC: add config option to reset basic roles on start up

Co-authored-by: Jguer <joao.guerreiro@grafana.com>

* Update docs

Co-authored-by: Jguer <joao.guerreiro@grafana.com>

* Add to sample.ini as well

Co-authored-by: Jguer <joao.guerreiro@grafana.com>

Co-authored-by: Jguer <joao.guerreiro@grafana.com>
2022-12-01 09:41:40 +01:00
João Calisto
bba42b113c
Middleware: Add Custom Headers to HTTP responses (#59018)
* Middleware: Add Custom Headers to HTTP responses

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update conf/defaults.ini

Co-authored-by: Dave Henderson <dave.henderson@grafana.com>

* Update conf/sample.ini

Co-authored-by: Dave Henderson <dave.henderson@grafana.com>

* Update _index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Dave Henderson <dave.henderson@grafana.com>
2022-11-30 17:12:34 +00:00
Stephanie Hingtgen
6805c951e9
Plugins: add option to proxy ds connections through a secure socks proxy (#59254)
* Plugins: add feature to proxy data source connections
2022-11-29 23:50:59 -06:00
Josh Hunt
ba0ac08465
Internationalization: Enable internationalization by default (#59204)
* Enable internationalization feature flag by default

* Change i18n feature to beta

* Set i18n feature flag to stable

* update features
2022-11-23 14:23:26 +00:00
Josh Hunt
460be70261
Internationalization: Change locale preference to language (#58359)
* backend locale -> language

* frontend locale -> language

* sample.ini and tests

* fix few last locale -> language

* fix few last locale -> language
2022-11-22 12:18:34 +00:00
linoman
f8f61c1a69
Auth: Add expiry date for service accounts access tokens (#58885)
* Add new configuration option for SA tokens

* Add new expiry date option to frontend components

* Add backend validation


Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
2022-11-22 10:08:40 +01:00
Marcus Efraimsson
79f1a7a4fd
Database: Adds support for enable/disable SQLite Write-Ahead Logging (WAL) via configuration (#58268)
Adds support for enable/disable SQLite Write-Ahead Logging (WAL) via configuration.
Enables SQLite WAL for E2E tests.
2022-11-16 19:29:33 +01:00
João Calisto
f254a37d35
Middleware: Add CSP Report Only support (#58074)
* Middleware: Add CSP Report Only support

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update csp documentation wording

* Update conf/sample.ini

Co-authored-by: Dave Henderson <dave.henderson@grafana.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Dave Henderson <dave.henderson@grafana.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Dave Henderson <dave.henderson@grafana.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Dave Henderson <dave.henderson@grafana.com>

* Update pkg/middleware/csp.go

Co-authored-by: Dave Henderson <dave.henderson@grafana.com>

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Dave Henderson <dave.henderson@grafana.com>
2022-11-16 17:11:26 +00:00
Daniel Lee
891ae91c70
docs: fix typo in provisioning docs (#58110)
Fix typo

Co-authored-by: Udlei Nati <udlei@nati.biz>
2022-11-11 12:30:26 +01:00
Timur Olzhabayev
008c554d7f
Echo: Add config option to prevent duplicate page views for GA4 (#57619) 2022-11-09 15:09:19 +01:00
Conor Evans
40ba2ba18d
fix(config/jwt): the value should be "expect_claims", not "expected_claims" (#58284)
Signed-off-by: Conor Evans <coevans@tcd.ie>
2022-11-07 12:29:27 +00:00
Ryan McKinley
857e545c5a
FeatureFlags: set defaults in the registry rather than the ini file (#58106) 2022-11-03 17:34:01 +00:00
Villena Guillaume
e9dc7fb85c
Rendering: Add configuration options for renderKey lifetime (#57339)
* Add configuration options for `renderKey` lifetime

* Rename config key to `render_key_lifetime`

* Update conf/defaults.ini

Co-authored-by: Joan López de la Franca Beltran <5459617+joanlopez@users.noreply.github.com>

* Add `render_key_lifetime` to sample.ini

Co-authored-by: Joan López de la Franca Beltran <5459617+joanlopez@users.noreply.github.com>
2022-11-03 12:06:55 +01:00
Ivana Huckova
77f47ccba3
Loki: Remove redundant feature flag in defaults.ini (#58084) 2022-11-03 09:40:13 +01:00
unknowndevQwQ
6dd3584f77
Server: Make unix socket permission configurable (#52944) 2022-11-01 15:04:01 +01:00
Petr Stupka
e99f75f0ca
Alerting: Linking external images securely - Azure Blob (#1) (#56598) 2022-11-01 13:02:17 +01:00
Jo
cae900c6f9
fix GF_AUTH_JWT_URL_LOGIN not working (#57689) 2022-10-27 15:57:01 +02:00
Gabriel MABILLE
fce0a49284
LDAP: inline toml with devenv (#57499) 2022-10-24 11:01:58 +02:00
Sofia Papagiannaki
46fb4081ba
SQLStore: Optionally retry queries if sqlite returns database is locked (#56096)
* SQLStore: Retry queries if sqlite returns database is locked

* Configurable retries

* Apply suggestions from code review

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2022-10-17 21:23:44 +03:00
Jan Garaj
03248e9cd8
Alerting: Missing config option in the sample (#54179) 2022-10-17 11:10:41 +02:00
Gabriel MABILLE
0f4d126109
AzureAD: Add option to force fetch the groups from the Graph API (#56916)
* Add a new option to systematically fetch AzureAD groups from the Graph API
2022-10-14 12:55:00 +02:00
Alex
94ed744454
Auth: Make built-in login configurable (#46978) 2022-10-12 15:34:59 +00:00
Gabriel MABILLE
10c080dad1
LDAP: Add skip_org_role_sync configuration option (#56679)
* LDAP: Add skip_org_role_sync option

* Document the new config option

* Nit on docs

* Update docs/sources/setup-grafana/configure-security/configure-authentication/ldap.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Docs suggestions

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>

* Add test, Fix disabled user when no role

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
2022-10-12 13:33:33 +02:00
Alec Sears
c61d6c39a0
Configuration: Update ssl_mode docs in sample.ini to match default.ini (#55138) 2022-10-10 09:04:51 +00:00
Eric Leijonmarck
53f0928321
Docs: Add variable expansion recommendation (#56368)
* docs: add variable expansion recommendation

* docs: updated the ldap docs in configure grafana
2022-10-07 17:04:37 +01:00
Levente Balogh
55187ebc48
Navtree: Make it possible to configure standalone plugin pages (#56393)
* feat: make it possible to register standalone app plugin pages under different sections

* refactor(sample.ini): use "admin" instead of "starred" section in the INI

Co-authored-by: Torkel Ödegaard <torkel@grafana.com>

* feat(defaults.ini): add app navigation settings to the defaults.ini as well

* fix: use the correct key in the tests

Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
2022-10-06 12:57:03 +02:00
Sofia Papagiannaki
d0e7765c6a
Annotation: Optionally allow storing longer annotation tags (#54754)
* Annotation: Optionally allow longer annotation tags

* Do not accept configuration lower than today's default (500)

* Apply suggestion from code review
2022-09-23 06:04:41 -04:00
Artur Wierzbicki
c3ca5405ce
Search: Add search index configuration options (#55525)
* Search: externalize config

* Search: update config descriptions

* Search: fix value

* Search: fix

* update

* Search: revert config values

* Search: rename copy/paste

* Search: fix tests
2022-09-20 19:09:55 -04:00
Josh Hunt
d014a3a09b
Echo: Add support for Google Analytics 4 (#55446)
* user essentials mob! 🔱

lastFile:public/app/core/services/echo/backends/analytics/GA4Backend.ts

* user essentials mob! 🔱

* user essentials mob! 🔱

lastFile:public/app/core/services/echo/backends/analytics/GA4Backend.ts

* user essentials mob! 🔱

lastFile:public/app/core/services/echo/backends/analytics/GA4Backend.ts

* user essentials mob! 🔱

lastFile:public/app/app.ts

* user essentials mob! 🔱

Co-authored-by: eledobleefe <laura.fernandez@grafana.com>
Co-authored-by: Leodegario Pasakdal <leodegario.pasakdal@grafana.com>
2022-09-20 03:13:14 -07:00
Dave Henderson
801b61c963
Tracing: Add new [tracing.opentelemetry] custom_attributes config setting (#54110)
* tracing: Add new [tracing.opentelemetry] custom_attributes config setting

Signed-off-by: Dave Henderson <dave.henderson@grafana.com>

* Fix typos in config

Signed-off-by: Dave Henderson <dave.henderson@grafana.com>

* Return error when custom_attributes contains malformed entries

Signed-off-by: Dave Henderson <dave.henderson@grafana.com>

Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
2022-09-16 09:54:25 -04:00
Karl Persson
870929b463
RBAC: Add cache for oss rbac permissions (#55098)
* RBAC: Add cache for oss permissions

* RBAC: include service account actions

* RBAC: revert changes to fetch service account permissions

* Update comment for setting

* RBAC: Disable permission chache for tests
2022-09-14 09:13:10 +02:00
Emil Tullstedt
b287047052
Chore: Upgrade Go to 1.19.1 (#54902)
* WIP

* Set public_suffix to a pre Ruby 2.6 version

* we don't need to install python

* Stretch->Buster

* Bump versions in lib.star

* Manually update linter

Sort of messy, but the .mod-file need to contain all dependencies that
use 1.16+ features, otherwise they're assumed to be compiled with
-lang=go1.16 and cannot access generics et al.

Bingo doesn't seem to understand that, but it's possible to manually
update things to get Bingo happy.

* undo reformatting

* Various lint improvements

* More from the linter

* goimports -w ./pkg/

* Disable gocritic

* Add/modify linter exceptions

* lint + flatten nested list

Go 1.19 doesn't support nested lists, and there wasn't an obvious workaround.
https://go.dev/doc/comment#lists
2022-09-12 12:03:49 +02:00
Jo
ef245874da
OAuth: Allow assigning Server Admin (#54780)
* extract errors to errors file

* implement oauth server admin assignment

* add server admin tests

* deduplicate autoAssignOrgRole

* deduplicate strict setting

* deduplicate strict setting

* add support for generic oauth

* add role attribute strict support for generic oauth

* add support for github/gitlab

* assignGrafanaAdmin option is here to stay

* unify similar errors

* add config option

* add okta server admin mapping

* remove never used Company attribute

* unify generic oauth role extract with other methods

* case insensitive role match as in azure

* add ini settings

* add server admin to devenv

* remove duplicate fields

* add documentation to oauth

* fix titlecase test

* implement doc feedback
2022-09-08 06:11:00 -04:00
mhuangwm
39102c6656
Admin: Add support to configure default admin email (#54363) 2022-09-07 14:38:40 +02:00
Nicholas Wiersma
9e704fec3c
JWT: Add support for assigning org roles (#54277)
* feat: allow jwt role to be set

* chore: update documentation

* fix: cr suggestions

* fix: lint issues

* respect org auto assign and default org ID

* add server admin to devenv

Co-authored-by: jguer <joao.guerreiro@grafana.com>
2022-09-07 14:00:33 +02:00