* Chore: Collect elasticsearch version usage stats
* Fix lint error
* use GetDataSources from sqlstore
* Apply review suggestions
* Return error if datasource type is not specified
* Update pkg/services/sqlstore/datasource.go
* fix undefined var
* Add revoked_at field to user auth token to allow soft revokes
* Allow soft token revocations
* Update token revocations and tests
* Return error info on revokedTokenErr
* Override session cookie only when no revokedErr nor API request
* Display modal on revoked token error
* Feedback: Refactor TokenRevokedModal to FC
* Add GetUserRevokedTokens into UserTokenService
* Backendsrv: adds tests and refactors soft token path
* Apply feedback
* Write redirect cookie on token revoked error
* Update TokenRevokedModal style
* Return meaningful error info
* Some UI changes
* Update backend_srv tests
* Minor style fix on backend_srv tests
* Replace deprecated method usage to publish events
* Fix backend_srv tests
* Apply suggestions from code review
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>
* Apply suggestions from code review
* Apply suggestions from code review
Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>
* Minor style fix after PR suggestion commit
* Apply suggestions from code review
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
* Prettier fixes
Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
* Introduce PluginRequestValidator abstraction with a NoOp implementation
* Update PluginRequestValidator abstraction to use the dsURL instead
* Inject PluginRequestValidator into the HTTPServer and validate requests going through data source proxy
* Inject PluginRequestValidator into the BackendPluginManager and validate requests going through it
* Validate requests going through QueryMetrics & QueryMetricsV2
* Validate BackendPluginManager health requests
* Fix backend plugins manager tests
* Validate requests going through alerting service
* Fix tests
* fix tests
* goimports
Co-authored-by: Leonard Gram <leo@xlson.com>
* CDN: Initial poc support for serving assets over a CDN
* Minor fix
* added build path and test
* fix lint error
* Added edition to cdn path
* Move master builds to a separate path
* Added error handling for the url parsing, changed setting name, and added docs
* Updated sample.ini
* Some property renames
* updated
* Minor update to html
* index template improvements
* Update docs/sources/administration/configuration.md
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Update docs/sources/administration/configuration.md
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Added ContentDeliveryPrefix to Licence service
* updated docs
* Updated test mock
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Usage Stats: Remove unused method for getting user stats
This was used in enterprise codebase, but is not longer in use, thus can be safely removed.
* Force refresh user stats in tests
* Auth: add error for expired token
* Auth: save token error into context data
* Auth: send full user and req context to CreateToken
* Auth: add token ID in context
* add TokenExpiredError struct
* update auth tests
* remove most of the changes to CreateToken func
* clean up
* Login: add requestURI in CreateToken ctx
* update RequestURIKey comment
Replace hard-coded `GF_ENTERPRISE_LICENSE_TEXT` with a
`map[string]string` to allow the licensing service to allow sending any
environment variable through to the plugins for licensing purposes.
* Auth: Add Content-Type to SigV4 header allowlist
* add MT headers to permitted headers
* add Kibana API header to allowlist
* add Content-Length header to allow list
* SQLStore: customise the limit of retrieved datasources per organisation
* update all suggestions regarding nil or 0 as default
* Apply suggestions from code review
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* correct default.ini description + adding unittest
* Apply suggestions from code review
Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
* modify unittest name
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
* Add fake TeamSyncService
* Change SyncTeams dispatch to direct method call
* Remove SyncTeamsCommand struct
* Move TeamSyncService to a separate package
* Remove context from SyncTeams args
* Add comments to teamsyncgroup package
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Replace TeamSyncService with TeamSyncFunc
* Remove unnecessary error check
* Add a test
* Fix test input
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* middleware: Move context handler to own service
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Emil Tullsted <sakjur@users.noreply.github.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
* DataSourceSettings: Add servername field to DataSource TLS config
A DNS lookup URL can be provided in the DataSource URL field in order
to dynamically load balance between multiple instances of a DataSource.
When using mutual TLS, Golang's TLS config implementation checks that
the certificate's common name (< 1.15) or subject alternative name
(>= 1.15) has the same value as the domain being accessed. If the DNS
entry is dynamically generated for a specific environment, the
certificate cannot be generated with a name matching the dynamic
DNS URL. As such, Golang offers a servername field that can be set to
overwrite what value is used when checking against the certificate's
common name (or subject alternative name). Without this change, Skip
TLS Verify must be set to true in order for the DataSource to work,
removing some of the benefits gained by using mutual TLS.
This commit adds the ability to set Grafana's internal Golang TLS config
servername field from the UI or a provisioned DataSource.
The servername field is optional and the existing behavior is retained if
the field is not set.
Co-authored-by: Dana Pruitt <dpruitt@vmware.com>
Co-authored-by: Jeremy Alvis <jalvis@pivotal.io>
* Update docs with PR review changes
Co-authored-by: Jeremy Alvis <jalvis@pivotal.io>
Co-authored-by: Dana Pruitt <dpruitt@vmware.com>
* Update with additional PR requested changes
* Minor updates based on PR change requests
Co-authored-by: Dana Pruitt <dpruitt@vmware.com>
* Add an option to hide certain users in the UI
* revert changes for admin users routes
* fix sqlstore function name
* Improve slice management
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Hidden users: convert slice to map
* filter with user logins instead of IDs
* put HiddenUsers in Cfg struct
* hide hidden users from dashboards/folders permissions list
* Update conf/defaults.ini
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* fix params order
* fix tests
* fix dashboard/folder update with hidden user
* add team tests
* add dashboard and folder permissions tests
* fixes after merge
* fix tests
* API: add test for org users endpoints
* update hidden users management for dashboard / folder permissions
* improve dashboard / folder permissions tests
* fixes after merge
* Guardian: add hidden acl tests
* API: add team members tests
* fix team sql syntax for postgres
* api tests update
* fix linter error
* fix tests errors after merge
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
Co-authored-by: Leonard Gram <leo@xlson.com>
