* WIP
* Update pkg/services/login/authinfo.go
* fix: merge
* change order to internal last
* adds: docs
* add: configuration for defaults and sample
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Jo <joao.guerreiro@grafana.com>
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
---------
Co-authored-by: Jo <joao.guerreiro@grafana.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Add config to remove Snapshot functionality (frontend is hidden and validation in the backend)
* Add test cases
* Remove unused mock on the test
* Moving Snapshot config from globar variables to settings.Cfg
* Removing warnings on code
* Add new config option
* Add frontend control
* Condition new auth broker with config option
* Condition old auth broker with config option
Co-authored-by: Jo <joao.guerreiro@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* [WIP] Auth: add backend skipOrgRoleSync to AzureAD OAuth
- add: skipOrgRoleSync
- rename: skipOrgRoleSync to skipOrgRoleSyncBase (to make it clear that
it is the base version of SocialBase)
- add: tests for skipOrgRoleSync in AzureAD
TODO:
- [ ] frontend changes
* add: docs
* refactor: remove role from basicinfo
* add: settings for grafanacom
* add: settigns for frontend
* add: logic for azureAD user skip org role
* add: docs for skip_org_role_sync
* refactor: docs a bit
* add: tests for userinfo
* refactor: to only extract if skiporgrolesync false
* refactor: based on review comments
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
This commit adds a customizable timeout for screenshots called
capture_timeout. The default value is 10 seconds, and the maximum
value is 30 seconds. This timeout should be less than the minimum
Interval of all Evaluation Groups to avoid back pressure on alert
rule evaluation.
The GrafanaComURL setting is currently used in two places:
- the /api/gnet endpoint, which proxies all requests to the URL
configured in GrafanaComURL
- OAuth logins using grafana.com, where the auth URL, token URL and
redirect URL are all configured to use the GrafanaComURL.
This has worked fine until now because almost all Grafana instances have
just used the default value, https://grafana.com. However, we now have a
few different grafana.com's, some of which are behind IAP. The IAP
causes the /api/gnet proxy to fail because the required cookies are not
present in the request (how could they be?). Setting the
[grafana_net.url] setting to an internal-only URL improves the situation
slightly - the proxy works again just fine - but breaks any OAuth logins
using grafana.com, because the user must be redirected to a publicly
accessible URL.
This commit adds an additional setting, `[grafana_com.api_url]`,
which can be used to tell Grafana to use the new API URL when proxying
requests to the grafana.com API, while still using the existing
`GrafanaComURL` setting for other things.
The setting will fall back to the GrafanaComURL setting + "/api" if unset.
* Add new configuration option for SA tokens
* Add new expiry date option to frontend components
* Add backend validation
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Add configuration options for `renderKey` lifetime
* Rename config key to `render_key_lifetime`
* Update conf/defaults.ini
Co-authored-by: Joan López de la Franca Beltran <5459617+joanlopez@users.noreply.github.com>
* Add `render_key_lifetime` to sample.ini
Co-authored-by: Joan López de la Franca Beltran <5459617+joanlopez@users.noreply.github.com>
* LDAP: Add skip_org_role_sync option
* Document the new config option
* Nit on docs
* Update docs/sources/setup-grafana/configure-security/configure-authentication/ldap.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Docs suggestions
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Add test, Fix disabled user when no role
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* feat: make it possible to register standalone app plugin pages under different sections
* refactor(sample.ini): use "admin" instead of "starred" section in the INI
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* feat(defaults.ini): add app navigation settings to the defaults.ini as well
* fix: use the correct key in the tests
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* RBAC: Add cache for oss permissions
* RBAC: include service account actions
* RBAC: revert changes to fetch service account permissions
* Update comment for setting
* RBAC: Disable permission chache for tests
* WIP
* Set public_suffix to a pre Ruby 2.6 version
* we don't need to install python
* Stretch->Buster
* Bump versions in lib.star
* Manually update linter
Sort of messy, but the .mod-file need to contain all dependencies that
use 1.16+ features, otherwise they're assumed to be compiled with
-lang=go1.16 and cannot access generics et al.
Bingo doesn't seem to understand that, but it's possible to manually
update things to get Bingo happy.
* undo reformatting
* Various lint improvements
* More from the linter
* goimports -w ./pkg/
* Disable gocritic
* Add/modify linter exceptions
* lint + flatten nested list
Go 1.19 doesn't support nested lists, and there wasn't an obvious workaround.
https://go.dev/doc/comment#lists
* extract errors to errors file
* implement oauth server admin assignment
* add server admin tests
* deduplicate autoAssignOrgRole
* deduplicate strict setting
* deduplicate strict setting
* add support for generic oauth
* add role attribute strict support for generic oauth
* add support for github/gitlab
* assignGrafanaAdmin option is here to stay
* unify similar errors
* add config option
* add okta server admin mapping
* remove never used Company attribute
* unify generic oauth role extract with other methods
* case insensitive role match as in azure
* add ini settings
* add server admin to devenv
* remove duplicate fields
* add documentation to oauth
* fix titlecase test
* implement doc feedback
* feat: allow jwt role to be set
* chore: update documentation
* fix: cr suggestions
* fix: lint issues
* respect org auto assign and default org ID
* add server admin to devenv
Co-authored-by: jguer <joao.guerreiro@grafana.com>