Commit Graph

36 Commits

Author SHA1 Message Date
Khushi Jain
d02de5ddb9
Image Rendering: Add settings for default width, height and scale (#82040)
* Add Image width & height

* ability to change default width, height and scale

* default ini

* Update conf/defaults.ini

Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>

* Update pkg/setting/setting.go

Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>

* Update pkg/setting/setting.go

Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>

* Added docs, changed frontend

* Update conf/defaults.ini

Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>

* Update conf/defaults.ini

Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>

* Update conf/defaults.ini

Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>

* Update pkg/api/dtos/frontend_settings.go

Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>

* Update pkg/api/frontendsettings.go

Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>

* Update pkg/api/render.go

Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>

* add query float 64

* Update packages/grafana-runtime/src/config.ts

Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>

* Update public/app/features/dashboard/components/ShareModal/utils.ts

Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>

* spacing

* fix tests

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

---------

Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2024-02-26 13:27:34 +01:00
Ryan McKinley
5d5f8dfc52
Chore: Upgrade Go to 1.21.3 (#77304) 2023-11-01 09:17:38 -07:00
linoman
13f4382214
Auth: Implement requester interface in access control module (#74289)
* Implement requester interface in the access control module
2023-09-06 11:16:10 +02:00
Ryan McKinley
025b2f3011
Chore: use any rather than interface{} (#74066) 2023-08-30 18:46:47 +03:00
Marcus Efraimsson
040b7d2571
Chore: Add errutils helpers (#73577)
Add helpers for the errutil package in favor of errutil.NewBase.
2023-08-22 12:52:24 +02:00
Todd Treece
52121b7165
Chore: Add grafana-apiserver (#70721)
* add grafana-apiserver
* remove watchset & move provisioning and http server to background
services
* remove scheme
* otel fixes (#70874)
* remove module ProvideRegistry test
* use certgenerator from apiserver package
* Control collector/pdata from going to v1.0.0-rc8 (as Tempo 1.5.1 would have it)
2023-07-14 12:22:10 -07:00
George Robinson
19ebb079ba
Alerting: Add limits and filters to Prometheus Rules API (#66627)
This commit adds support for limits and filters to the Prometheus Rules
API.

Limits:

It adds a number of limits to the Grafana flavour of the Prometheus Rules
API:

- `limit` limits the maximum number of Rule Groups returned
- `limit_rules` limits the maximum number of rules per Rule Group
- `limit_alerts` limits the maximum number of alerts per rule

It sorts Rule Groups and rules within Rule Groups such that data in the
response is stable across requests. It also returns summaries (totals)
for all Rule Groups, individual Rule Groups and rules.

Filters:

Alerts can be filtered by state with the `state` query string. An example
of an HTTP request asking for just firing alerts might be
`/api/prometheus/grafana/api/v1/rules?state=alerting`.

A request can filter by two or more states by adding additional `state`
query strings to the URL. For example `?state=alerting&state=normal`.

Like the alert list panel, the `firing`, `pending` and `normal` state are
first compared against the state of each alert rule. All other states are
ignored. If the alert rule matches then its alert instances are filtered
against states once more.

Alerts can also be filtered by labels using the `matcher` query string.
Like `state`, multiple matchers can be provided by adding additional
`matcher` query strings to the URL.

The match expression should be parsed using existing regular expression
and sent to the API as URL-encoded JSON in the format:

{
    "name": "test",
    "value": "value1",
    "isRegex": false,
    "isEqual": true
}

The `isRegex` and `isEqual` options work as follows:

| IsEqual | IsRegex  | Operator |
| ------- | -------- | -------- |
| true    | false    |    =     |
| true    | true     |    =~    |
| false   | true     |    !~    |
| false   | false    |    !=    |
2023-04-17 17:45:06 +01:00
Michael Mandrus
5626461b3c
Caching: Refactor enterprise query caching middleware to a wire service (#65616)
* define initial service and add to wire

* update caching service interface

* add skipQueryCache header handler and update metrics query function to use it

* add caching service as a dependency to query service

* working caching impl

* propagate cache status to frontend in response

* beginning of improvements suggested by Lean - separate caching logic from query logic.

* more changes to simplify query function

* Decided to revert renaming of function

* Remove error status from cache request

* add extra documentation

* Move query caching duration metric to query package

* add a little bit of documentation

* wip: convert resource caching

* Change return type of query service QueryData to a QueryDataResponse with Headers

* update codeowners

* change X-Cache value to const

* use resource caching in endpoint handlers

* write resource headers to response even if it's not a cache hit

* fix panic caused by lack of nil check

* update unit test

* remove NONE header - shouldn't show up in OSS

* Convert everything to use the plugin middleware

* revert a few more things

* clean up unused vars

* start reverting resource caching, start to implement in plugin middleware

* revert more, fix typo

* Update caching interfaces - resource caching now has a separate cache method

* continue wiring up new resource caching conventions - still in progress

* add more safety to implementation

* remove some unused objects

* remove some code that I left in by accident

* add some comments, fix codeowners, fix duplicate registration

* fix source of panic in resource middleware

* Update client decorator test to provide an empty response object

* create tests for caching middleware

* fix unit test

* Update pkg/services/caching/service.go

Co-authored-by: Arati R. <33031346+suntala@users.noreply.github.com>

* improve error message in error log

* quick docs update

* Remove use of mockery. Update return signature to return an explicit hit/miss bool

* create unit test for empty request context

* rename caching metrics to make it clear they pertain to caching

* Update pkg/services/pluginsintegration/clientmiddleware/caching_middleware.go

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>

* Add clarifying comments to cache skip middleware func

* Add comment pointing to the resource cache update call

* fix unit tests (missing dependency)

* try to fix mystery syntax error

* fix a panic

* Caching: Introduce feature toggle to caching service refactor (#66323)

* introduce new feature toggle

* hide calls to new service behind a feature flag

* remove licensing flag from toggle (misunderstood what it was for)

* fix unit tests

* rerun toggle gen

---------

Co-authored-by: Arati R. <33031346+suntala@users.noreply.github.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2023-04-12 12:30:33 -04:00
George Robinson
bd29071a0d
Revert "Alerting: Add limits to the Prometheus Rules API" (#65842) 2023-04-03 15:20:37 +00:00
George Robinson
d96b0a71d3
Alerting: Add limits to the Prometheus Rules API (#65169)
This commit adds a number of limits to the Grafana flavor of the
Prometheus Rules API:

1. `limit` limits the maximum number of Rule Groups returned
2. `limit_rules` limits the maximum number of rules per Rule Group
3. `limit_alerts` limits the maximum number of alerts per rule

It sorts Rule Groups and rules within Rule Groups such that data in the
response is stable across requests. It also returns summaries (totals) for
all Rule Groups, individual Rule Groups and rules.
2023-04-03 10:17:02 +01:00
Emil Tullstedt
be9361cb9e
Logger: Add feature toggle for errors in HTTP request logs (#64425) 2023-03-31 15:38:09 +02:00
Jeff Levin
d561920147
Context: add better error message when it panics loading a template (#65219)
add better error message about building frontend assets when the web server panics loading a template
2023-03-22 11:40:00 -08:00
Serge Zaitsev
e2d49ea17f
Chore: Fix goimports grouping (#62423)
* fix goimports

* fix goimports order
2023-01-30 08:25:58 +00:00
idafurjes
6c5a573772
Chore: Move ReqContext to contexthandler service (#62102)
* Chore: Move ReqContext to contexthandler service

* Rename package to contextmodel

* Generate ngalert files

* Remove unused imports
2023-01-27 08:50:36 +01:00
Jo
a226903ec6
AuthN: Add session client (#60894)
* add basic session client

* populate UserToken in ReqContext

* token rotation as a post auth hook

* fixed in context handler

* add session token rotation

* add session token tests

* use namespacedID constructor
2023-01-04 16:10:43 +01:00
Sasha Melentyev
febcaeff3a
Chore: Use strings.ReplaceAll and preallocate containers (#58483) 2022-11-09 17:17:09 +01:00
Emil Tullstedt
75701695d8
pkg/web: avoid shared middleware slice (#58458) 2022-11-08 10:58:04 -05:00
Emil Tullstedt
89eba7a108
Server: Write internal server error on missing write (#57813) 2022-11-07 16:14:41 +01:00
sh0rez
635571db8a
pkg/web: remove Router and Logger from Context (#53765)
web.Context previously held references to the current *web.Router albeit
not using it.

It also had a log.Logger only being used once internally
2022-08-16 12:25:27 +02:00
idafurjes
a14621fff6
Chore: Add user service method SetUsingOrg and GetSignedInUserWithCacheCtx (#53343)
* Chore: Add user service method SetUsingOrg

* Chore: Add user service method GetSignedInUserWithCacheCtx

* Use method GetSignedInUserWithCacheCtx from user service

* Fix lint after rebase

* Fix lint

* Fix lint error

* roll back some changes

* Roll back changes in api and middleware

* Add xorm tags to SignedInUser ID fields
2022-08-11 13:28:55 +02:00
Jo
062d255124
Handle ioutil deprecations (#53526)
* replace ioutil.ReadFile -> os.ReadFile

* replace ioutil.ReadAll -> io.ReadAll

* replace ioutil.TempFile -> os.CreateTemp

* replace ioutil.NopCloser -> io.NopCloser

* replace ioutil.WriteFile -> os.WriteFile

* replace ioutil.TempDir -> os.MkdirTemp

* replace ioutil.Discard -> io.Discard
2022-08-10 15:37:51 +02:00
idafurjes
6afad51761
Move SignedInUser to user service and RoleType and Roles to org (#53445)
* Move SignedInUser to user service and RoleType and Roles to org

* Use go naming convention for roles

* Fix some imports and leftovers

* Fix ldap debug test

* Fix lint

* Fix lint 2

* Fix lint 3

* Fix type and not needed conversion

* Clean up messages in api tests

* Clean up api tests 2
2022-08-10 11:56:48 +02:00
sh0rez
adbb789877
pkg/web: detect Hijack() as chain write (#53466) 2022-08-09 16:04:21 +02:00
sh0rez
534ece064b
pkg/web: closure-style middlewares (#51238)
* pkg/web: closure-style middlewares

Switches the middleware execution model from web.Handlers in a slice to
web.Middleware.
Middlewares are temporarily kept in a slice to preserve ordering, but
prior to execution they are applied, forming a giant call-stack, giving
granular control over the execution flow.

* pkg/middleware: adapt to web.Middleware

* pkg/middleware/recovery: use c.Req over req

c.Req gets updated by future handlers, while req stays static.

The current recovery implementation needs this newer information

* pkg/web: correct middleware ordering

* pkg/webtest: adapt middleware

* pkg/web/hack: set w and r onto web.Context

By adopting std middlewares, it may happen they invoke next(w,r) without
putting their modified w,r into the web.Context, leading old-style
handlers to operate on outdated fields.

pkg/web now takes care of this

* pkg/middleware: selectively use future context

* pkg/web: accept closure-style on Use()

* webtest: Middleware testing

adds a utility function to web/webtest to obtain a http.ResponseWriter,
http.Request and http.Handler the same as a middleware that runs would receive

* *: cleanup

* pkg/web: don't wrap Middleware from Router

* pkg/web: require chain to write response

* *: remove temp files

* webtest: don't require chain write

* *: cleanup
2022-08-09 14:58:50 +02:00
sh0rez
3ca3a59079
pkg/web: remove dependency injection (#49123)
* pkg/web: store http.Handler internally

* pkg/web: remove injection

Removes any injection code from pkg/web.

It already was no longer functional, as we already only injected into
`http.Handler`, meaning we only inject ctx.Req and ctx.Resp.

Any other types (*Context, *ReqContext) were already accessed using the
http.Request.Context.Value() method.

* *: remove type mappings

Removes any call to the previously removed TypeMapper, as those were
non-functional already.

* pkg/web: remove Context.Invoke

was no longer used outside of pkg/web and also no longer functional
2022-05-24 15:35:08 -04:00
Ezequiel Victorero
dfab100dc7
Chore: sanitize values before being logged from request headers (#49245)
* Chore: sanitize values being logged directly from request headers
2022-05-23 14:18:33 -03:00
sh0rez
3d5d8c785b
pkg/web: restrict handler types (#48495)
Makes `pkg/web` only accept handles from the following set:

```go
	handlerStd       = func(http.ResponseWriter, *http.Request)
	handlerStdCtx    = func(http.ResponseWriter, *http.Request, *web.Context)
	handlerStdReqCtx = func(http.ResponseWriter, *http.Request, *models.ReqContext)
	handlerReqCtx    = func(*models.ReqContext)
	handlerReqCtxRes = func(*models.ReqContext) Response
	handlerCtx       = func(*web.Context)
```

This is a first step to reducing above set to only `http.Handler`.

---

Due to a cyclic import situation between `pkg/models` and `pkg/web`, parts of this PR were put into `pkg/api/response`, even though they definitely do not belong there. This however is _temporary_ until we untangle `models.ReqContext`.
2022-05-20 12:45:18 -04:00
ying-jeanne
0bf889e058
Fix unmaarshal of double pointer (#47586)
* Fix unmaarshal of double pointer

* update sdk version
2022-04-12 09:30:34 +02:00
Marcus Efraimsson
6c7d326499
Plugins: Refactor GetPluginDashboards/LoadPluginDashboard (#46316)
Refactors GetPluginDashboards/LoadPluginDashboard by moving database 
interaction from plugin management to the plugindashboards service.

Fixes #44553

Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2022-03-10 18:38:04 +01:00
Dimitris Sotirakis
605d056136
Security: Sync security changes on main (#45083)
* * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search
* Teams: Ensure that users searching for teams are only able see teams they have access to
* Teams: Require teamGuardian admin privileges to list team members
* Teams: Prevent org viewers from administering teams
* Teams: Add org_id condition to team count query
* Teams: clarify permission requirements in teams api docs
* Teams: expand scenarios for team search tests
* Teams: mock teamGuardian in tests

Co-authored-by: Dan Cech <dcech@grafana.com>

* remove duplicate WHERE statement

* Fix for CVE-2022-21702

(cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e)

* Lint and test fixes

(cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981)

* check content type properly

(cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98)

* basic csrf origin check

(cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1)

* compare origin to host

(cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42)

* simplify url parsing

(cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d)

* check csrf for GET requests, only compare origin

(cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709)

* parse content type properly

(cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0)

* mentioned get in the comment

(cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345)

* add content-type: application/json to test HTTP requests

* fix pluginproxy test

* Fix linter when comparing errors

Co-authored-by: Kevin Minehart <kmineh0151@gmail.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
2022-02-09 13:44:38 +01:00
sam boyer
6a2255abe7
pkg/web: X-Forwarded-For multi-IP handling (#45098)
It is conventionally common for the X-Forwarded-For header to contain a
comma-separated list of IP addresses, with each intermediate proxy
adding an additional item as a request passes through it. This change
makes the web framework handle this case appropriately, always selecting
the first item in the list.
2022-02-08 14:37:19 -05:00
Marcus Efraimsson
94edd7a762
Plugins: Refactor plugin dashboards (#44315)
Moves/refactor Grafana specific functionality related to plugin dashboards 
out to specific services for importing dashboards and keep app plugin dashboards
up-to-date.

Fixes #44257
2022-01-28 10:28:33 +01:00
Igor Suleymanov
fdeaf7a5c4
Add nil checks to HTTP request validation dispatch (#44371)
Signed-off-by: Igor Suleymanov <igor.suleymanov@grafana.com>
2022-01-24 16:43:44 +01:00
ying-jeanne
7422789ec7
Remove Macaron ParamsInt64 function from code base (#43810)
* draft commit

* change all calls

* Compilation errors
2022-01-15 00:55:57 +08:00
Serge Zaitsev
f5802878f1
Chore: Move remaining web framework code to pkg/web, remove macaron binding module (#43018)
* remove macaron binding dependency

* completely purge macaron binding

* move everything to pkg/web

* remove non-go files from pkg/web

* clean up leftovers of macaron imports

* make linter happy
2021-12-13 15:56:14 +01:00
Serge Zaitsev
57fcfd578d
Chore: replace macaron with web package (#40136)
* replace macaron with web package

* add web.go
2021-10-11 14:30:59 +02:00