* add xorm and xorm/core as package
* remove mssql and oracle as driver
* fix some typo
* remove unittest
* remove some cache
* restore the removed part
* remove logfile
`X-Dashboard-Uid`, `X-Datasource-Uid`, `X-Grafana-Org-Id`, `X-Panel-Id` are very useful headers set
by Grafana front-end that we would like to see on the data source as
well. This is so that it would be possible to pinpoint from where slow
queries are coming in Mimir/Thanos/Cortex/etc., for example. Relevant
Mimir code lines:
0a94f26203/pkg/frontend/transport/handler.go (L182-L184)
Tested manually that with these changes the headers are visible.
* Correctly set filter values in portal URL
* Refactor to include dimensions as a part of AzureMonitor query
* Correctly set splitting value in URL
- Add type for dimension filters object
* Update tests
* Don't test dimensions
* feat(grafana-cli): add a flag to control the admin user's ID for reset-admin-password
Since this is now more permissive, I've also added validation that the requested user is an admin.
* slight refactor to support testing
Automatically forward core plugin request HTTP headers in outgoing HTTP requests.
Core datasource plugin authors don't have to specifically handle forwarding of HTTP
headers, e.g. do not have to "hardcode" the header-names in the datasource plugin,
if not having custom needs.
Fixes#57065
* refactor email to not use simplejson
* add tests
* split integration test and unit test + more unit-tests
* Remove outdated comment
Co-authored-by: Armand Grillet <2117580+armandgrillet@users.noreply.github.com>
* AuthN: Replicate functionallity to get org id for request
* Authn: parse org id for the request and populate the auth request with
it
* AuthN: add simple mock for client to use in test
* AuthN: add tests to verify that authentication is called with correct
org id
* AuthN: Add ClientParams to mock
* AuthN: Fix flaky org id selection
* add user sync
* add org user sync
* add client params
* merge remaining conflicts
* remove change to report.go
* update comments
* add basic tests for user ID population
* add tests for auth ID find
* add tests for user sync create and update
* add tests for orgsync
* satisfy lint
* add userID guards
Log a useful msg if no oauth provider configured
When a user doesn't configure an OAuth provider and uses auto login, Grafana logs a misleading message indicating that he has multiple providers configured.
* GoogleCloudMonitoring: Migrate queries to the new format
* Refactor Aligment and AligmentFunction components (#60235)
* Adapt CloudMonitoringDatasource and CloudMonitoringAnnotationSupport (#60177)
* Fix: avoid migration for new queries (#60375)
* Move preprocessor handling to the backend (#60383)
* Other fixes and new function (#60411)
* Adapt components to the new API (#60451)
* Split metrics query type in time series list and query (#60475)
* Clean up metricQuery references (#60478)
* More bug fixes (#60525)
* SQL Datasources: Use health check for config test
* Remove unnecessary test
* Fix test errors
* Revert mysql go driver update
* Use transform query error
* Use TransformQueryError from sql_engine
Time range added for public dashboard:
- Enable/Disable switch added in public dashboard configuration.
- Time range picker shown in public dashboard for viewer user
* RBAC: Add fake for permissions service
* ServiceAccount: Rewrite create api tests
* ServiceAccount: Rewrite api delete tests
* ServiceAccount: Rewrite api test for RetriveServiceAccount
* ServiceAccount: Refactor UpdateServiceAccount api test
* ServiceAccount: Refactor CreateToken api test
* ServiceAccount: refactor delete token api tests
* ServiceAccount: rewrite list tokens api test
* Remove test helper that is not used any more
* ServiceAccount: remove unused test helpers
* AuthN: Add functionallity to test if auth client should be used
* AuthN: Add bolierplate client for api keys and register it
* AuthN: Add tests for api key client
* Inject service
* AuthN: Update client names
* ContextHandler: Set authn service
* AuthN: Implement authentication for api key client
* ContextHandler: Use authn service for api keys if flag is enabled
* AuthN: refactor authentication method to return additional value to
indicate if client could perform authentication
* update prefixes
* Add namespaced id to identity
* AuthN: Expand the Identity struct to include required fields from signed
in user
* Add error for disabled service account
* Add function to write error response based on errutil.Error
* Add error to log
* Return errors based on errutil.Error
* pass error
* update log message
* Fix namespaced ids
* Add tests
* Lint
* introduce alias for json.RawMessage with name RawMessage. This is needed to keep raw JSON and implement a marshaler for YAML, which does not seem to be used but there are tests that fail.
* replace usage of simplejson with RawMessage in NotificationChannelConfig
* remove usage of simplejson in tests
* change migration code to convert simplejson to raw message
* chore: remove unused test helper from sqlstore
TimeNow() is no longer used in any tests in this package.
* chore: move sqlstore.SQLBuilder to the infra/db package
This required some minor refactoring; we need to be a little more explicit about passing around the dialect and engine. On the other hand, that's a few fewer uses of the `dialect` global constant!
* chore: move UserDeletions into the only package using it
* cleanup around moving sqlbuilder
* remove dialect and sqlog global vars
* rename userDeletions to serviceAccountDeletions
* Refactor parse query to functions
* Move parsing to new file
* Create empty result variable and use it when returning early
* Fix linting
* Revert "Create empty result variable and use it when returning early"
This reverts commit 36a503f66e.
* Set Dashboard and Panel IDs on rule group replacement
* fix comments and abbreviate test variable name
* Update pkg/services/ngalert/provisioning/alert_rules.go
Co-authored-by: Jean-Philippe Quéméner <JohnnyQQQQ@users.noreply.github.com>
Co-authored-by: Jean-Philippe Quéméner <JohnnyQQQQ@users.noreply.github.com>
* Update config store to split between active and history tables
* Migrations to fix up indexes
* Implement migration from old format to new
* Move add migrations call
* Delete duplicated rows
* Explicitly map fields
* Quote the column name because it's a reserved word
* Lift migrations to top
* introduce Logger interface local to channles + implementaton that wraps the Grafana logger
* make NewFactoryConfig accept LoggerFactory
* add logger field to FactoryConfig
* update usages of log.Logger to internal interface
* Guardian: Use dashboard UID instead of ID
* Apply suggestions from code review
Introduce several guardian constructors and each time use
the most appropriate one.
Grafana would forward the X-Grafana-User header to backend plugin request when
dataproxy.send_user_header is enabled. In addition, X-Grafana-User will be automatically
forwarded in outgoing HTTP requests for core/builtin HTTP datasources.
Use grafana-plugin-sdk-go v0.147.0.
Fixes#47734
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
* ProxyUtil: Populate X-Grafana-Referer header
* ProxyUtil: Move Referer/Origin header removal
So that the removal and setting X-Grafana-Referer logic applies to all
proxied requests and not just datasource proxy.
* ProxyUtil: Test to guard against multiline headers
* ProxyUtil: Explicitly check injected header isn't parsed
* Move and rename genversions.go and tests
* Fix lint - bring back cli.Exit
* Move package.json and fix tests
* Add necessary env vars for promote event
* Implement backtesting engine that can process regular rule specification (with queries to datasource) as well as special kind of rules that have data frame instead of query.
* declare a new API endpoint and model
* add feature toggle `alertingBacktesting`
* Elasticsearch: Fix ordering in raw_document and add logic for raw_data
* Add comments
* Fix raw data request to use correct timefield
* Fix linting
* Add raw data as metric type
* Fix linting
* Elasticsearch: Add defaults for log query
* Add higlight
* Fix lint
* Add snapshot test
* Implement correct query for logs
* Update
* Adjust naming and comments
* Fix lint
* Remove ifs
* initial commit
* clean up
* fix a bug and add tests
* more tests
* undo some unintended changes
* undo some unintended changes
* linting
* PR feedback - add user ID to search options
* simplify the query
* Apply suggestions from code review
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* remove unneeded formatting changes
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Move truncation code to util to mirror upstream
* Resolve merge conflicts
* Align logging of alert key
* Update tests and fix field passing bug
* Remove superfluous newline in test now that we trim whitespace
* Uptake minor log changes from upstream
* RBAC: Add benchmarks to search all users given a specific permission
* Add missing time
* Inline benchmarks
* Make bench setup memory efficient
* fix user id
* comment
* Ran 10K_10k and got a better time this time
* change comment to pass linting
* change comment to pass linting
* Update pkg/services/accesscontrol/acimpl/service_bench_test.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* refactor: renaming of files from database to store
* refactor: make service account store private
- moves store interface to manager package
- adds an interface to the ProvideAPI constructor
- refactors tests to use the store when necessary
- adds mocks for the new interface implementations in the tests package
* wip
* refactor: make fakestore in service
* wip
* wip
* wip
* working tests
* trailing whitespaces
* Update pkg/services/serviceaccounts/api/api.go
* Update pkg/services/serviceaccounts/tests/common.go
* Update pkg/services/serviceaccounts/tests/common.go
* refactor: doc string for retriever
* fix import unused
* remove: serviceaccount from featuretoggle
* added: back legacy serviceaccounts feature toggle
* added: docs
* refactor: make query for the SearchQuery
* add: validation of service input fields
* add validation
* Remove TraceID tab when TraceQL is enabled. Use TraceQL editor to query for trace IDs by checking whether the content is an hex only string
* Highlight valid trace IDs in traceql editor
* Update trace and span links to use TraceQL tab when feature flag is enabled
* Remove traceqlEditor feature flag.
* Remove traceId query type from Tempo and replace it with traceQl
* Elasticsearch: Fix ordering in raw_document and add logic for raw_data
* Add comments
* Fix raw data request to use correct timefield
* Fix linting
* Add raw data as metric type
* Fix linting
* Hopefully fix lint
* Datasource settings: Add deprecation notice for database field
* SQL Datasources: Migrate from settings.database to settings.jsonData.database
* Check jsonData first
* Remove comment from docs
* add stats and licensing under admin -> general when topnav is enabled
* add ldap to users and access
* use ID instead of Id
* add enterprise licensing node
* Kinds: Generate JSON report
* Kinds: Add Validate/Write support for JSON report
* Kinds: Report format
* Kinds: Report new line
* Kinds: Use kindsys.SomeKindMeta to generate the report
* Move kinds report generation to the end
* Re-structure kinds report JSON output
* Make prettier to ignore kinds json report
* Minor on kinds report generation
* Fix toggles_gen test
Removes request/response connection/hop headers for call resource in similar
manner as Go's reverse proxy functions. Also removes Prometheus datasource
custom call resource header manipulation in regards to hop-by-hop headers.
Fixes#60076
Ref #58646
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
This change marks tests in the `sender` package that use an external
process as integration tests instead of unit tests. This speeds up the
package's unit tests by about 20 seconds.
This change also reduces the number of alert instances in the `store`
package's bulk write integration test from 20_000 to 10_000. This is
still enough to exercise the bulk-write code but speeds up the package
tests from about 250s to 130s.
Put together, integration tests go to about 160s while also speeding up
unit tests by 20s.
This commit better defines how we set states in resultNormal,
resultAlerting, resultError and resultNoData. It changes the existing
code to call methods such as SetAlerting, SetPending, SetNormal,
SetError and NoData instead of assigning values to each individual field
whenever the state is changed. This should make it easier to understand
what fields should be set for which states and avoid cases where states are
missing, or have additional unexpected fields.
Before this change, the alerting provisioning system incorrectly used
the QuotaTarget to check if alerting's request quota had been reached.
The quota service requires the QuotaTargetSrv, which is what's
registered with the service at startup time. This is leading to errors
in the provisioning system.
* block move operation that could introduce more than 8 level of depth, forbid circular reference
* move getHeight to store, mock store in service
* fix linter
* Auth: Session cache [v9.2.x] (#59907)
* add cache wrapper
only cache token if not to rotate
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
anticipate next rotation
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
(cherry picked from commit 07a4b2343d)
* FeatureToggle: for storing sessions in a Remote Cache
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
(cherry picked from commit b8a8c15148)
* use feature flag for session cache
* ensure ttl is minimum 1 second
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* ensure 2 ttl window to prevent caching of tokens near rotation
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
* fix description of toggle
Co-authored-by: gamab <gabi.mabs@gmail.com>
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
(cherry picked from commit 2919588a82)
* fix broken quota test
* don't remove grafana-server and grafana-cli binaries from /usr/share/grafana/bin in deb and rpm packages
* don't add config overrides in /usr/sbin/grafana-server
* update pagerduty and opsgenie to deserialize settings using standard JSON library
* update pagerduty truncation to use a function from Alertamanger package
* update opsgenie to use payload model (same as in Alertmanager)
* Elasticsearch: Fix removing of empty settings from query in backend implementation
* Update
* Update
* Update pkg/tsdb/elasticsearch/time_series_query.go
Co-authored-by: Gábor Farkas <gabor.farkas@gmail.com>
Co-authored-by: Gábor Farkas <gabor.farkas@gmail.com>
* RBAC: add viewer grand if dspermissions enforcement is not enabled
* RBAC: Change permissions based on role prefix
* RBAC: Add option to for permission service to add a license middleware
* RBAC: Remove actions from query struct
This commit makes a number of changes to how images work in Slack
notifications.
It adds support for uploading images to Slack via the files.upload
API when the contact point has a token. Images are no longer linked
via a URL if a token is present.
Each image uploaded to Slack is posted as a reply to the original
notification. Up to maxImagesPerThreadTs images can be posted as
replies before a final message is sent with:
There are no images than can be shown here. To see the panels for
all firing and resolved alerts please check Grafana
Incoming Webhooks cannot upload files via files.upload and so webhooks
require the image to be uploaded to cloud storage and linked via URL.
* cleanup cloudwatch.go
* streamline interface naming
* use utility func
* rename test utils file
* move util function to where they are used
* move dtos to models
* split integration tests from the rest
* Update pkg/tsdb/cloudwatch/cloudwatch.go
Co-authored-by: Isabella Siu <Isabella.siu@grafana.com>
* refactor error codes aggregation
* move error messages to models
Co-authored-by: Isabella Siu <Isabella.siu@grafana.com>
* wip
* wip
* almost there..
* wip - change so it can run.
* treelist is working.
* support CODEGEN_VERIFY env variable
* use log.fatal
* comment out old PluginTreeList code generation
* cleanup
* rename corelist package files
* fix makefile
* move pkg/codegen/pluggen.go to pkg/plugins/codegen
* copy and refactor files to pkg/plugins/codegen
* use pkg/plugins/codegen instead of pkg/codegen for core plugins code gen
* remove unneeded files
* remove unused code to resolve linting errors
* adapters first hack
* added flattener
* add back ignore build tags to go generate file
* cleaned up the code a bit.
* seems to work, needs to do some refactoring of the GoTypesJenns and TSTypesJenny.
* one more step, going to get upstream changes in this branch.
* working but need to run import tmpl in jenny_schemapath to have the proper imports.
* added header to generated files.
* added missing jenny.
* preventing plugins with multiple decls/schemas to insert multiple lines in corelist.
* fixed so we use Slot type from kindsys to detect if its group.
* adding a go jenny that only runs if the plugin has a backend.
* added version object to generated ts.
* generating the ts types with the same output as prior to this refactoring.
* removed code that is replaced by the jenny pattern.
* removed the go code that isn't used anymore.
* removed some more unused code and renamed pluggen to util_ts
* fixed linting issue.
* removed unused vars.
* use a jenny list postprocessor for header injection
* moved decl and decl_parser to pfs.
* removed the pre-pended header in the gotypes jenny since it is done in the postprocess.
* moved decl to pfs.
* removed unused template.
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* make create call consistent with update and delete
* send multiple targets to graphite and correlate the responses with the requests
* make create call consistent with update and delete
* send multiple targets to graphite and correlate the responses with the requests
* Revert "make create call consistent with update and delete"
This reverts commit 26b6463bd6.
* refactor query -> target parsing and fix unit tests
* add additional validations and more unit tests
* change error statement to warn
Adding support for backend plugin client middlewares. This allows headers in outgoing
backend plugin and HTTP requests to be modified using client middlewares.
The following client middlewares added:
Forward cookies: Will forward incoming HTTP request Cookies to outgoing plugins.Client
and HTTP requests if the datasource has enabled forwarding of cookies (keepCookies).
Forward OAuth token: Will set OAuth token headers on outgoing plugins.Client and HTTP
requests if the datasource has enabled Forward OAuth Identity (oauthPassThru).
Clear auth headers: Will clear any outgoing HTTP headers that was part of the incoming
HTTP request and used when authenticating to Grafana.
The current suggested way to register client middlewares is to have a separate package,
pluginsintegration, responsible for bootstrap/instantiate the backend plugin client with
middlewares and/or longer term bootstrap/instantiate plugin management.
Fixes#54135
Related to #47734
Related to #57870
Related to #41623
Related to #57065
The GrafanaComURL setting is currently used in two places:
- the /api/gnet endpoint, which proxies all requests to the URL
configured in GrafanaComURL
- OAuth logins using grafana.com, where the auth URL, token URL and
redirect URL are all configured to use the GrafanaComURL.
This has worked fine until now because almost all Grafana instances have
just used the default value, https://grafana.com. However, we now have a
few different grafana.com's, some of which are behind IAP. The IAP
causes the /api/gnet proxy to fail because the required cookies are not
present in the request (how could they be?). Setting the
[grafana_net.url] setting to an internal-only URL improves the situation
slightly - the proxy works again just fine - but breaks any OAuth logins
using grafana.com, because the user must be redirected to a publicly
accessible URL.
This commit adds an additional setting, `[grafana_com.api_url]`,
which can be used to tell Grafana to use the new API URL when proxying
requests to the grafana.com API, while still using the existing
`GrafanaComURL` setting for other things.
The setting will fall back to the GrafanaComURL setting + "/api" if unset.
* Add Team kind
* Minor changes
* Use ToMedatata annotation
Co-authored-by: sam boyer <sdboyer@grafana.com>
* Use ToMedatata annotation
Co-authored-by: sam boyer <sdboyer@grafana.com>
* Use ToMedatata annotation
Co-authored-by: sam boyer <sdboyer@grafana.com>
* Use ToMedatata annotation
Co-authored-by: sam boyer <sdboyer@grafana.com>
* Update comments
* Add created and updated fields
* Make orgId required
* Use int64 for datetime
Co-authored-by: sam boyer <sdboyer@grafana.com>
* Fix deleting subfolder
It used to fail with beause of missing signed in user
* Add logging
* fixup
* Fail request if deleting nested folder has failed
Before we only used to log the error
* Fix failing test
During failed nested folder creation
call the dashboard store deletion instead of the service one.
* move original stats service into a separate package
* add stats service to wire
* move GetAdminStats
* switch to using stats.Service
* add missing package
* fix api tests
* Remove DeleteUser from sqlstore
* Use Delete instead of DeleteUser
* Remove unused method
* Remove DeleteUserSession from sqlstore
* Add fake for DeleteUseraccessControl
* Use user service, add fakes to tests
* Add comments to sqlstore
* Correct typo
* Add quota service initialisation
* Add config to acimpl initialisation
* Add routing to initialisation
* Making user provideStore private
* Use InTransaction instead of session
* Add cfg to userimpl
* Fix lint
* Make ProvideStore public again - enterprise tests
* Fix back ProvideStore to public
* Wrap merge user in transaction
* Delete DeleteUserAccessControl use DeleteUSerPermissions instead
* Add feature mgmt into acimpl
* DeleteUserAccessControl from ac database
* Remove case insensitive clause
* RBAC: Add an endpoint to see all user permissions
Co-authored-by: Joey Orlando <joey.orlando@grafana.com>
* Fix mock
* Add feature flag
* Fix merging
* Return normal permissions instead of simplified ones
* Fix test
* Fix tests
* Fix tests
* Create benchtests
* Split function to get basic roles
* Comments
* Reorg
* Add two more tests to the bench
* bench comment
* Re-ran the test
* Rename GetUsersPermissions to SearchUsersPermissions and prepare search options
* Remove from model unused struct
* Start adding option to get permissions by Action+Scope
* Wrong import
* Action and Scope
* slightly tweak users permissions actionPrefix query param validation logic
* Fix xor check
* Lint
* Account for suggeston
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Add search
* Remove comment on global scope
* use union all and update test to make it run on all dbs
* Fix MySQL needs a space
* Account for suggestion.
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Joey Orlando <joey.orlando@grafana.com>
Co-authored-by: Joey Orlando <joseph.t.orlando@gmail.com>
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
