Can be hard for users to understand what user is configured
when encrypting the username field why this reverts to
store the username in cleartext.
Also, we don't encrypt username for data sources.
Ref #25967
Support storing sensitive notification settings securely/encrypted.
Move slack notifier url and api token to secure settings.
Migrating slack notifier to store token and url encrypted is currently
a manual process by saving an existing slack alert notification channel.
saving an existing slack alert notification channel will reset the stored
non-secure url and token.
Closes#25113
Ref #25967
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
The external image storage for GCS creates the JWT Token from a credentials file,
but if your Grafana server runs under a GCE instance with a service account on it,
you can use that instead (you don't have to manage/secure the credentials file).
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Macaron context.QueryBool() seems to modify the request context
that causes the POST and PUT requests to fail with:
"http: proxy error: net/http: HTTP/1.x transport connection broken: http: ContentLength=333 with Body length 0"
* Add stackdriver deep link
* No deep link for SLO queries
* Add tests
* Update docs/sources/features/datasources/stackdriver.md
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
* Enforce resource type
* Navigate to google account chooser first
* Change renamed image reference
Fix misspelling in image name and change it to conform with the rest cloud monitoring images
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
When there is an error message in the HTTP response, this copies that error so it is relayed to the user by being shown in the frontend.
This also makes it so when there is an error the interpolated query string (ExecutedQueryString) is returned so users can see it in the query inspector.
* Update backend
* Update frontend
* Keep old plugin id
* Update docs
* Place doc images to a new directory
* Legacy support for stackdriver-auto alignment
* Consistent plugin name
* Apply suggestions from code review
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Tobias Skarhed <1438972+tskarhed@users.noreply.github.com>
* Update docs
* Update public/app/plugins/datasource/cloud-monitoring/README.md
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Add reference to the data source formerly being named Stackdriver
* Update pkg/models/datasource.go
Co-authored-by: Carl Bergquist <carl@grafana.com>
* Fix gofmt
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Tobias Skarhed <1438972+tskarhed@users.noreply.github.com>
Co-authored-by: Carl Bergquist <carl@grafana.com>
- The Application Insights Service now returns a dataframe. This is a "wide" formatted dataframe with a single time index.
- Multiple "group by" dimensions may now be selected instead of just one with Application Insights.
- Some types are copied / slightly altered from the Azure Go SDK but that SDK is not imported at this time.
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* creating page
* add types select
* adding switches
* start with converting angular templates to json
* converting more alert channels to new format
* convert remaining channels
* typing the form
* add validation, update models
* fix default value in type select
* fix type
* fix issue with validation rule
* add missing settings
* fix type errors
* test notification
* add comments to structs
* fix selectable value and minor things on each channel
* More typings
* fix strictnull
* rename ModelValue -> PropertyName
* rename show -> showWhen
* add enums and adding comments
* fix comment
* break out channel options to component
* use try catch
* adding default case to OptionElement if element not supported
For backend data sources executing in the backend (not through data proxy) make
sure that the timeout applies to cached HTTP client.
Fixes#25863
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
Azure Application Insights Analytics is no longer accessed by the edit button from within the Application Insights service. Instead, there is now an Insights Analytics option in the Service drop down.
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* Settings: Add setting for hiding version number for anonymous users
Fixes#12925
* Hide version string from footer when unavailable
* Settings: Test frontend settings with hide version for anonymous users
* Settings: Add hide version variable to frontend settings
* Make AnonymousHideVersion non-global
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* Settings: Improve test neighbor friendliness, reset state before and after
* Settings: Use T.Cleanup
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Forbid additional redirect urls
* Optionally force login in anonymous mode
* Update LoginCtrl page to ignore redirect parameter
* Modify SignIn to set forceLogin query instead of redirect
* Pass appUrl to frontend and use URL API for updating url query
* Apply suggestions from code review
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Fix SignIn test
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
This ensures that the X-Grafana-User header can be trusted.
If the configuration enabled the setting of this header, the
server can now trust that X-Grafana-User is set/unset by Grafana.
Before this, an anonymous user could simply set the X-Grafana-User
header themselves (using the developer tool for example)
Refactor to allow shared contract between core and external backend plugins
allowing core backend data sources in Grafana to be implemented in same
way as an external backend plugin.
Use v0.67.0 of sdk.
Add tests for verifying plugin is restarted when process is killed.
Enable strict linting for backendplugin packages
* add flux
* add token to datasource config editor
* add backend for flux
* make the interpolated query available in query inspector
* go mod tidy
* Chore: fixes a couple of strict null errors in influxdb plugin
Co-authored-by: kyle <kyle@grafana.com>
Co-authored-by: Lukas Siatka <lukasz.siatka@grafana.com>
* uses plugin-sdk-go v0.66.0, which adds adds the ExecutedQueryString property to FrameMeta and changes s/Title/DisplayName in FieldConfig
* go mod tidy
note: This is just Azure Monitor within the Azure Monitor datasource (not insights, insights analytics, or log analytics yet).
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
Fixes so that ini-sections containing hyphen is replaced with
underscore. Fixes an issue with backend plugin settings.
Ref grafana/grafana-image-renderer#147
* Alerting: Adds support for multiple URLs in Alertmanager notifier
Adds support for multiple URLs in Alertmanager notifier following
alertmanager documentation for high availability setup.
Update the documentation for alertmanager notifier.
Closes#24195
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
Co-authored-by: bergquist <carl.bergquist@gmail.com>
* image and card component
* change height of getting started panel
* progress
* setup basic step
* advanced steps
* step forward and backward
* do checks
* fix button size
* minor styling on butttons
* add correct links
* save tutorial click in localstorage
* types and gradients
* fix gradients
* use spacing variable
* lots of responsiveness
* add links to help
* Getting started work
* redo according to split panel design
* minor touch ups
* new background images
* split up docs card to different hrefs
* welcome bar touch ups
* hide icon on small screens
* transparent false on welcome banner
* fix urls
* source tag in welcome urls
* move images to panel dir, removed unused images
* Nicer loading message
* make the cards look nicer on wide screens
* append utm tag on render instead
* replace width with margin
* new background image for light
* remove target on a element
* removing buttonselect, add tag to href
* more polishing
Co-authored-by: Dominik Prokop <dominik.prokop@grafana.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* azuremonitor: add gzipped and base64 encoded query to metadata
for Azure Log Analytic query responses
* azure monitor: add fields to metadata for log analytics
* azuremonitor: correction to text in query editor
* azuremonitor: adds subscription id to result metadata
* azuremonitor: build deep link url for Log Analytics
Most of the information needed for building the url
comes from the backend. The workspace friendly name
and the resource group that the workspace belongs
to are fetched in a separate API call. This call is
cached otherwise there would be a workspaces call
per query on the dashboard.
* docs: azure log analytics deep linking
* Apply suggestions from code review
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
* docs: fixing review comments for azure monitor
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
If refresh interval is lower than minimum refresh interval
when importing dashboard, use the minimum refresh interval
instead of returning error.
Fixes#23099
* azuremonitor: add support for log analytics macros
Also adds tests for the kql macros
* azuremonitor: backend implementation for Log Analytics
* azuremonitor: remove gzip header from plugin route
The Go net/http library adds an accept encoding header
for gzip automatically.
https://golang.org/src/net/http/transport.go\#L2454
So no need to specify it manually
* azuremonitor: parses log analytics time series
* azuremonitor: support for table data for Log Analytics
* azuremonitor: for log analytics switch to calling the API...
...from the backend for time series and table queries.
* azuremonitor: fix missing err check
* azuremonitor: support Azure China, Azure Gov...
for log analytics on the backend.
* azuremonitor: review fixes
* azuremonitor: rename test files folder to testdata
To follow Go conventions for test data in tests
* azuremonitor: review fixes
* azuremonitor: better error message for http requests
* azuremonitor: fix for load workspaces on config page
* azuremonitor: strict null check fixes
Co-authored-by: bergquist <carl.bergquist@gmail.com>
* Datasource/Cloudwatch: Adds support for Cloudwatch Logs
* Fix rebase leftover
* Use jsurl for AWS url serialization
* WIP: Temporary workaround for CLIQ metrics
* Only allow up to 20 log groups to be selected
* WIP additional changes
* More changes based on feedback
* More changes based on PR feedback
* Fix strict null errors
Same as #23452 but for assumed roles.
When using service accounts (webIdentity) on EKS in combination
with assuming roles in other AWS accounts Grafana needs to retrieve
the service account credentials first and then needs to assume the
configured role.
When Include image is enabled for an alert notification channel, but there's
no image renderer available/installed when sending notification an error
image will be uploaded/attached explaining that you need to install the
Grafana Image Renderer plugin.
Ref #13802
Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
grafana-plugin-model is legacy and is replaced by new backend
plugins SDK and architecture. Renderer is not part of SDK and
we want to keep it that way for now since it's highly unlikely there
will be more than one kind of renderer plugin.
So this PR adds support for renderer plugin v2.
Also adds support sending a Device Scale Factor parameter to the
plugin v2 remote rendering service and by that replaces #22474.
Adds support sending a Headers parameter to the plugin v2 and
remote rendering service which for now only include
Accect-Language header (the user locale in browser when using
Grafana), ref grafana/grafana-image-renderer#45.
Fixes health check json details response.
Adds image renderer plugin configuration settings in defaults.ini
and sample.ini.
Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
Removes all references and usage of PhantomJS #23375.
Remove direct link rendered image e2e smoke test for now.
Docker: Fix installing chrome in ubuntu custom docker image.
Improve handling of image renderer not available/installed #23593.
Add PhantomJS breaking change and upgrading notes.
Use grabpl v0.2.10.
Closes#13802
Co-authored-by: Kyle Brandt <kyle@grafana.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
* Allow API to assign new user to a specific organization
* Add defer block to test
* Add API tests and return 400 instead of 500 for bad orgId
* Minor test improvements
Enables adding a section `plugin.<plugin id>` and key/value to
Grafana configuration file which will be converted and sent
as environment variables to the backend plugin.
Also sends some additional environment variables, Grafana
version (GF_VERSION), Grafana edition (GF_EDITION) and
enterprise license path (GF_ENTERPRISE_LICENSE_PATH).
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Fixes#21515,
* Hangouts: fixes notifications for alerts with empty message
* Update pkg/services/alerting/notifiers/googlechat.go
Co-Authored-By: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Replicate SDK behaviour for WebIdentityRole
Fix#20473
* Use WebIdentityRole in s3 uploader as well
* Use consistent casing
* use WebIdentityRole to assume another role
Co-authored-by: eV <ev@7pr.xyz>
* Part1: Unicons implementation (#23197)
* Create a new Icon component
* Update icons in main sidebar
* Update icons in Useful links and in react components on main site
* Update icons in Useful links and in main top navigation
* Adjust sizing
* Update panel navigation and timepicker
* Update icons in Panel menu
* NewPanelEditor: Fixed so that test alert rule works in new edit mode (#23179)
* Update icons in add panel widget
* Resolve merge conflict
* Fix part of the test errors and type errors
* Fix storybook errors
* Update getAvailableIcons import in storybook knobs
* Fix import path
* Fix SyntaxError: Cannot use import statement outside a module in test environment error
* Remove dynamic imports
* Remove types as using @ts-ignore
* Update snapshot test
* Add @iconscout/react-unicons to the shouldExclude list as it is blundled with es2015 syntax
* Remove color prop from icon, remove color implemetation in mono icons
* Update navbar styling
* Move toPascalCase to utils/string
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Resolve type errors resulted from merge
* Part2: Unicons implementation (#23266)
* Create a new Icon component
* Update icons in main sidebar
* Update icons in Useful links and in react components on main site
* Update icons in Useful links and in main top navigation
* Adjust sizing
* Update panel navigation and timepicker
* Update icons in Panel menu
* Update icons in add panel widget
* Resolve merge conflict
* Fix part of the test errors and type errors
* Fix storybook errors
* Update getAvailableIcons import in storybook knobs
* Fix import path
* Fix SyntaxError: Cannot use import statement outside a module in test environment error
* Remove dynamic imports
* Remove types as using @ts-ignore
* Update snapshot test
* Add @iconscout/react-unicons to the shouldExclude list as it is blundled with es2015 syntax
* Implment icons in Tabs
* Implement icons in search items and empty list
* Update buttons
* Update button-related snapshot tests
* Update icons in modals and page headers
* Create anfular wrapper and update all icons on search screen
* Update sizing, remove colors, update snapshot tests
* Remove color prop from icon, remove color implemetation in mono icons
* Remove color props from monochrome icons
* Complete update of icons for search screen
* Update icons for infor tooltips, playlist, permissions
* Support temporarly font awesome icons used in enterprise grafana
* Part1: Unicons implementation (#23197)
* Create a new Icon component
* Update icons in main sidebar
* Update icons in Useful links and in react components on main site
* Update icons in Useful links and in main top navigation
* Adjust sizing
* Update panel navigation and timepicker
* Update icons in Panel menu
* NewPanelEditor: Fixed so that test alert rule works in new edit mode (#23179)
* Update icons in add panel widget
* Resolve merge conflict
* Fix part of the test errors and type errors
* Fix storybook errors
* Update getAvailableIcons import in storybook knobs
* Fix import path
* Fix SyntaxError: Cannot use import statement outside a module in test environment error
* Remove dynamic imports
* Remove types as using @ts-ignore
* Update snapshot test
* Add @iconscout/react-unicons to the shouldExclude list as it is blundled with es2015 syntax
* Remove color prop from icon, remove color implemetation in mono icons
* Update navbar styling
* Move toPascalCase to utils/string
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Icons update
* Add optional chaining to for isFontAwesome variable
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Part3: Unicons implementation (#23356)
* Create a new Icon component
* Update icons in main sidebar
* Update icons in Useful links and in react components on main site
* Update icons in Useful links and in main top navigation
* Adjust sizing
* Update panel navigation and timepicker
* Update icons in Panel menu
* Update icons in add panel widget
* Resolve merge conflict
* Fix part of the test errors and type errors
* Fix storybook errors
* Update getAvailableIcons import in storybook knobs
* Fix import path
* Fix SyntaxError: Cannot use import statement outside a module in test environment error
* Remove dynamic imports
* Remove types as using @ts-ignore
* Update snapshot test
* Add @iconscout/react-unicons to the shouldExclude list as it is blundled with es2015 syntax
* Implment icons in Tabs
* Implement icons in search items and empty list
* Update buttons
* Update button-related snapshot tests
* Update icons in modals and page headers
* Create anfular wrapper and update all icons on search screen
* Update sizing, remove colors, update snapshot tests
* Remove color prop from icon, remove color implemetation in mono icons
* Remove color props from monochrome icons
* Complete update of icons for search screen
* Update icons for infor tooltips, playlist, permissions
* Support temporarly font awesome icons used in enterprise grafana
* Part1: Unicons implementation (#23197)
* Create a new Icon component
* Update icons in main sidebar
* Update icons in Useful links and in react components on main site
* Update icons in Useful links and in main top navigation
* Adjust sizing
* Update panel navigation and timepicker
* Update icons in Panel menu
* NewPanelEditor: Fixed so that test alert rule works in new edit mode (#23179)
* Update icons in add panel widget
* Resolve merge conflict
* Fix part of the test errors and type errors
* Fix storybook errors
* Update getAvailableIcons import in storybook knobs
* Fix import path
* Fix SyntaxError: Cannot use import statement outside a module in test environment error
* Remove dynamic imports
* Remove types as using @ts-ignore
* Update snapshot test
* Add @iconscout/react-unicons to the shouldExclude list as it is blundled with es2015 syntax
* Remove color prop from icon, remove color implemetation in mono icons
* Update navbar styling
* Move toPascalCase to utils/string
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Update icons in Explore
* Update icons in alerting
* Update + and x buttons
* Update icons in configurations and settings
* Update close icons
* Update icons in rich history
* Update alert messages
* Add optional chaining to for isFontAwesome variable
* Remove icon mock, set up jest.config
* Fix navbar plus icon
* Fir enable-bacground to enableBackgournd
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Merge remote branch origin master to icons-unicons
* Revert "Merge remote branch origin master to icons-unicons"
This reverts commit 3f25d50a39.
* Size-up dashnav icons
* Fix alerting icons, panel headers, update tests
* Fix typecheck error
* Adjustments - add panel icon, spacing
* Set TerserPlugin sourceMap to false to prevent running out of memory when publishing storybook
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* BackendPlugin: (wip) change response format
goes with https://github.com/grafana/grafana-plugin-sdk-go/pull/109
* fix error mapping in wrapper
* latest of my sdk branch
* latest of my sdk branch
* TransformWrapper fixes
* latest of sdk branch (removes extra meta)
* add metadata in wrappers
* also set error string
* sdk: v0.35.0
* Show organization popup in alphabetical order
* GetUserOrgList: Sort organizations by name in API
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Cookie : Increase duration to avoid error
When using oauth2 authentication with multifactor, the 60s delay may be too short
* Introduce new setting for OAuth state cookie max age
Co-authored-by: Sofia Papagiannaki <sofia@grafana.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* wip: add slo support
* Export DataSourcePlugin
* wip: break out metric query editor into its own component
* wip: refactor frontend - keep SLO and Metric query in differnt objects
* wip - load services and slos
* Fix broken test
* Add interactive slo expression builder
* Change order of dropdowns
* Refactoring backend model. slo unit testing in progress
* Unit test migration and SLOs
* Cleanup SLO editor
* Simplify alias by component
* Support alias by for slos
* Support slos in variable queries
* Fix broken last query error
* Update Help section to include SLO aliases
* streamline datasource resource cache
* Break out api specific stuff in datasource to its own file
* Move get projects call to frontend
* Refactor api caching
* Unit test api service
* Fix lint go issue
* Fix typescript strict errors
* Fix test datasource
* Use budget fraction selector instead of budget
* Reset SLO when service is changed
* Handle error in case resource call returned no data
* Show real SLI display name
* Use unsafe prefix on will mount hook
* Store goal in query model since it will be used as soon as graph panel supports adding a threshold
* Add comment to describe why componentWillMount is used
* Interpolate sloid
* Break out SLO aggregation into its own func
* Also test group bys for metricquery test
* Remove not used type fields
* Remove annoying stackdriver prefix from error message
* Default view param to FULL
* Add part about SLO query builder in docs
* Use new images
* Fixes after feedback
* Add one more group by test
* Make stackdriver types internal
* Update docs/sources/features/datasources/stackdriver.md
Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
* Update docs/sources/features/datasources/stackdriver.md
Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
* Update docs/sources/features/datasources/stackdriver.md
Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
* Updates after PR feedback
* add test for when no alias by defined
* fix infinite loop when newVariables feature flag is on
onChange being called in componentDidUpdate produces an
infinite loop when using the new React template variable
implementation.
Also fixes a spelling mistake
* implements feedback for documentation changes
* more doc changes
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
Co-authored-by: Daniel Lee <dan.limerick@gmail.com>
* Add integration with Jeager
Add Jaeger datasource and modify derived fields in loki to allow for opening a trace in Jager in separate split.
Modifies build so that this branch docker images are pushed to docker hub
Add a traceui dir with docker-compose and provision files for demoing.:wq
* Enable docker logger plugin to send logs to loki
* Add placeholder zipkin datasource
* Fixed rebase issues, added enhanceDataFrame to non-legacy code path
* Trace selector for jaeger query field
* Fix logs default mode for Loki
* Fix loading jaeger query field services on split
* Updated grafana image in traceui/compose file
* Fix prettier error
* Hide behind feature flag, clean up unused code.
* Fix tests
* Fix tests
* Cleanup code and review feedback
* Remove traceui directory
* Remove circle build changes
* Fix feature toggles object
* Fix merge issues
* Fix some null errors
* Fix test after strict null changes
* Review feedback fixes
* Fix toggle name
Co-authored-by: David Kaltschmidt <david.kaltschmidt@gmail.com>
data.Frame (that can be series) are converted to as tsdb.TimeSeriesSlice - so new backend plugins can be shimmed into existing alerting
use sdk v0.31.0
* AlertNotifications: Translate notifications IDs to UIDs in alert Rule builder
* Avoid shadowing errors, raise validation error on non-existing notification id
* create a cache for notification Uids to minimize db overhead
* add cache usage test
* avoid caching empty notification Uids
* isolate db in alert notificationUid caching tests
* Hide plugins list from viewers
* Made /api/plugins only return core plugins for users with viewer role
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Revert "API: Fix redirect issue when configured to use a subpath (#21652)" (#22671)
This reverts commit 0e2d874ecf.
* Fix redirect validation (#22675)
* Chore: Add test for parse of app url and app sub url
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Fix redirect: prepend subpath only if it's missing (#22676)
* Validate redirect in login oauth (#22677)
* Fix invalid redirect for authenticated user (#22678)
* Login: Use correct path for OAuth logos
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Use v0.19.0 of SDK.
Support handling of streaming resource response.
Disable gzip/compression middleware for resources
to allow chunked/streaming response to clients the gzip
middleware had to be disabled since it buffers the full
response before sending it to the client.
Closes#22569
Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
* Stats: add active user count query
* License: add info in settings
* Stats: Retrieve active users stats for different roles
+ Clean files and tests
* Stats: add dialect.Quote in queries
* Stats: improve tests (require instead of assert)
* Stats: improve tests (require instead of assert)
* Add fallback to search_base_dns if group_search_base_dns is undefined.
refs: #20862
* removed newline to make lint-go happy
* Added requested changes on ldap.md for last commit
Refs: #21263
Moves common request proxy utilities to proxyutil package with
support for removing X-Forwarded-Host, X-Forwarded-Port,
X-Forwarded-Proto headers, setting X-Forwarded-For header
and cleaning Cookie header.
Using the proxyutil package to prepare and clean request
headers before resource calls.
Closes#21512
* clean PR #17366
* udpate vendor
* [WIP] Implement projects management for stackdriver
* [WIP] Implement projects management for stackdriver
* [WIP] Implement projects management for stackdriver
* Implement projects management for stackdriver
* [WIP][Tests] Fix errors
* clean anonymous struct
* remove await
* don't store project list
* Add default project on query editor
* gofmt
* Fix tests
* Move test data source to backend
* Use segment instead of dropdown. remove ensure default project since it's not being used anymore.
* Fix broken annotation editor
* Load gceDefaultAccount only once when in the config page
* Reset error message on auth type change
* Add metric find query for projects
* Remove debug code
* Fix broken tests
* Fix typings
* Fix lint error
* Slightly different approach - now having a distiction between config page default project, and project that is selectable from the dropdown in the query editor.
* Fix broken tests
* Attempt to fix strict ts errors
* Prevent state from being set multiple times
* Remove noOptionsMessage since it seems to be obosolete in react select
* One more attempt to solve ts strict error
* Interpolate project template variable. Make sure its loaded correctly when opening variable query editor first time
* Implicit any fix
* fix: typescript strict null check fixes
* Return empty array in case project endpoint fails
* Rename project to projectName to prevent clashing with legacy query prop
* Fix broken test
* fix: Stackdriver - template replace on filter label
should have a regex format as that escapes the dots
in the label name which is not valid.
Co-authored-by: Labesse Kévin <kevin@labesse.me>
Co-authored-by: Elias Cédric Laouiti <elias@abtasty.com>
Co-authored-by: Daniel Lee <dan.limerick@gmail.com>
This feature would provide a way for administrators to limit the minimum
dashboard refresh interval globally.
Filters out the refresh intervals available in the time picker that are lower
than the set minimum refresh interval in the configuration .ini file
Adds the minimum refresh interval as available in the time picker.
If the user tries to enter a refresh interval that is lower than the minimum
in the URL, defaults to the minimum interval.
When trying to update the JSON via the API, rejects the update if the
dashboard's refresh interval is lower than the minimum.
When trying to update a dashboard via provisioning having a lower
refresh interval than the minimum, defaults to the minimum interval
and logs a warning.
Fixes#3356
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
By storing render key in remote cache it will enable
image renderer to use public facing url or load
balancer url to render images and thereby remove
the requirement of image renderer having to use the
url of the originating Grafana instance when running
HA setup (multiple Grafana instances).
Fixes#17704
Ref grafana/grafana-image-renderer#91
Suppresses stacktrace in recovery middleware if error is
http.ErrAbortHandler.
Skips writing response error in recovery middleware if
resoonse have already been written.
Skips try rotate of auth token if response have already
been written.
Skips adding default response headers if response have
already been written.
Fixes#15728
Ref #18082
Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
Put the cipher suites with Forward Secrecy at or nearer the top, keeping any TLS v1.3 suites at the top, following best practice guides for the ordering of the rest. There is no change to the selection of suites only reordering.
Now any errors logged by http.ReverseProxy are forwarded to
Grafana's logger and includes more contextual information like
level (error), user id, org id, username, proxy path, referer and
IP address.
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
if the client closes the connection we should not
rotate token since the client will never receive the
new token.
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Start Angular migration
* Add SignupCtrl
* Change name signup
* Add backend call
* Put form in separate file
* Add form model
* Start using react-hook-forms
* Add FormModel to state
* Reduxify
* Connect nav with Redux
* Fix routing and navModel
* Fetch state options on mount
* Add default values and add button margin
* Add errror messages
* Fix title
* Remove files and cleanup
* Add Signup tests
* Add boot config assingnAutoOrg and verifyEmailEnabled
* Remove onmount call
* Remove ctrl and move everything to SignupForm
* Make routeParams optional for testing
* Remove name if it is empty
* Set username
* Make function component
* Fix subpath issues and add link button
* Move redux to SignupPage
* Implement Azure AD oauth
* Use go-jose and cleanup
* Update go-jose in go.mod
* cleanup
* Add unit tests
* Fix scopes
* Add documentation page
* Improve documentation
* Convert extract_role into function.
* Do not use upn and replace unique_name with preferred_username
* Configure login button
* Use official microsoft icon and color from branding guideline.
* Add Azure AD config section in sample.ini.
- Fix bug with NaN in alerting - Closes#21953
- Alert reducers (avg/max/etc) drop null values from their calculation. This change makes it so NaN values are handled in the same way as null values.
It was missing for ldap_login which means that the first signup failed
for users with LDAP+quota enabled. There's also potential cases where we
can't provide a request context (background jobs) which is also covered,
but needs a refactoring.
Drop indices and create new ones and rewrites annotation find query
to address performance issues when querying annotation table and
there is a large amount of rows.
Fixes#21902
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Kyle Brandt <kyle@kbrandt.com>
Add support for passing tags to Pagerduty and allow notification
on specific event categories such as Class, Group and Component.
Ref #19912, #19913
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
As part of the new improvements to JMESPath in #17149 a
commit ensuring Role and Email data could be queried from
id_token was lost.
This refactors and fixes extracting from both token and user
info api consistently where before only either token or
either user info api was used for extracting data/attributes.
Fixes#20243
Co-authored-by: Timo Wendt <timo@tjwendt.de>
Co-authored-by: twendt <timo@tjwendt.de>
Co-authored-by: henninge <henning@eggers.name>
Co-Authored-by: Henning Eggers <henning.eggers@inovex.de>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
6.2-beta1 changed so that data sources, dashboards and alert notifiers
are provisioned on service Init where's before only data sources and
alert notifiers was provisioned on service Init and dashboards was first
provisioned in service Run which happens after Grafana server have
started.
This change reverts so that dashboard provisioning are first happening
in service Run, after Grafana server have started.
Fixes#21133
* Calculate min period based on time range and no of queries
* Use hardcoded array of periods if period is not defined actively by the user
* Fix broken tests
* Use a smaller max period for auto interval
* Fix broken tests
* Test period calculation
* Test min retention period
* Fix broken test
* Rewrite angular segments for filter and group by in react
* wip: refactoring
* Update metric find queries
* Remove old maps used to create labels - use one map for all types instead
* Use value as label (again) for filters ang groupby
* Remove old filter
* Remove not used code
* Fixes after pr feedback
* Fix broken tests and add new metadata tests
* Add index file to make imports cleaner
* Cleanup. Remove old angular filter code
* Fix broken tests
* Use type switching instead of if statements
* Use globals for regex
* Updates after pr feedback
* Make sure it's possible to filter using the same key multiple times
* Replace metric select with segment component
* Pass template vars as props
* Refactor meta labels code
* Reorder template variables
* Fix broken tests
* Reset metric value when changing service
* Fix lint issue.
* Make tests independant of element order
* Include kubernetes.io in regex
* Add instruction in help section
* svc alerting - use a shorter ctx to upload the img
This will prevent timeout on img upload to cancel the notifications from being sent
* components img uploader - pass the ctx to aws lib
* make webdavuploader use the ctx
* make azureblobuploader use the ctx
* rename uploadImage() to renderAndUploadImage()
for better clarity about what this method work
* Use timeout + 2s for plugin renderer (same as service and phantomjs)
* Make sure that original EvalContext is updated after render and upload
* Verify notification sent even if render or image upload times out
* fix lint
* fixes after review
Co-authored-by: Edouard Hur <3418467+hekmon@users.noreply.github.com>
Fixes#21018
* wip: react rewrite
* Cleanup
* Break out non annontations specific fields
* Cleanup. Make annontations editor a functional component
* Remove redundant classnames
* Add paneldata to props
* Cleanup
* Fix rebase merge problem
* Updates after pr feedback
* Fix conflict with master
Adds support for collecting metrics from backend plugins and
exposing them thru Grafana's Prometheus metrics endpoint.
Enables to check health of backend plugin by using the route
`/api/plugins/<plugin id>/health`.
Uses sdk v0.6.0.
Closes#20984
By rotating the auth tokens at the end of the request we ensure
that there is minimum delay between a new token being generated
and the client receiving it.
Adds auth token slow load test which uses random latency for all
tsdb queries..
Cleans up datasource proxy response handling.
DefaultHandler in middleware tests should write a response, the
responseWriter BeforeFuncs wont get executed unless a response
is written.
Fixes#18644
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
#21350 introduced a bug regarding import of plugin dashboards.
This should fix this and add custom validation if not importing
plugin dashboard and dashboard property is missing.
Ref #21350
Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
Breaking change: If disabled the cookie samesite cookie attribute
will not be set, but if none the attribute will be set and is a
breaking change compared to before where none did not render the
attribute. This was due to a known issue in Safari.
Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
Fixes#19847
* add min_interval_seconds setting to alerting config
It will let operator enforce a minimum time for the scheduler to enqueue evaluations
* Introduce UI modifications
* Update docs
Co-authored-by: Martin <uepoch@users.noreply.github.com>
OpsGenie's model works heavily off of the priority of an alert,
e.g. routing and escalation. Currently this plugin only supports
the default "P3".
Setting a tag og_priority to the correct P-value, e.g. P1, P2, P3,
P4 or P5, will call the OpsGenie API with the correct priority value
set.
Add fallbackText to Google Chat notifications.
Definition of fallbackText: A plain-text description of the message's
cards, used when the actual cards cannot be displayed,
e.g. mobile notifications.
Fixes#21463
When an alert is sent by e-mail, the process sends an e-mail to
each recipient separately. This PR is a single delivery to all recipients.
For companies that use e-mail extensively, this is necessary in order
not to overload the sending queue.
Replaces #18013Fixes#12650
Co-authored-by: Henrique Oliveira <holiiveira@users.noreply.github.com>
* Settings: supports env overrrides for dynamic settings
* Settings: makes it possible to explicitly get env override support for dynamic settings
* Make linter happy
* Refactor redirect_to cookie with secure flag in middleware
* Refactor redirect_to cookie with secure flag in api/login
* Refactor redirect_to cookie with secure flag in api/login_oauth
* Removed the deletion of 'Set-Cookie' header to prevent logout
* Removed the deletion of 'Set-Cookie' at top of api/login.go
* Add HttpOnly flag on redirect_to cookies where missing
* Refactor duplicated code
* Add tests
* Refactor cookie options
* Replace local function for deleting cookie
* Delete redundant calls
Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
* Footer: Single footer implementation for both react & angular pages
* Export type
* Updates
* Use footer links in help menu
* Updates & Fixes
* Updated snapshot
* updated snapshot
* added alert state validation before changing its state
* modified boolean condition
* converted most occurring string into const
* referred the const of alert models
* imguploader: add support for non-Amazon S3 endpoints and forcing of path-style S3 addressing
fixes#11240
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Pagerduty notifier: configurable severity
Instead of hardcoding `critical` make it configurable per notification channel instance.
* fix html
* Add a test to ensure default severity is correct
* Notifications doc
* Add a non-default test
* Add err check on NewJson (all tests)
* Add default severity (critical) to AlertNotificationEditCtrl class
Adds support for region annotations in Postgres, MySQL and
MSSQL data sources by adding a column named timeend to
annotation query.
Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
Closes#20918
Ref #10589
Removes send_client_credentials_via_post oauth setting and
use auto-detect mechanism instead.
By these changes also fixes statichcheck errors
Ref #8968
Moving info log from phantomjs to rendering service
so it's logged for all kinds of renderers.
Add debug log for image renderer plugin and remote
renderer.
Profiling and tracing can now be enabled/disabled separately.
Adds argument for trace file path.
Support overriding profiling and tracing argument using
environment variables.
Update docs.
Fixes#20576
* refactor to multiple rows
* added name for org user struct
* added name getorgusers
* added user name to tableview
* made test pass
* updated userMocks to user name field
* added missing UsersTable snapshot
* added name on teammembers page, be able to search query for name, login and email
* added the updated snapshots
* conform to same sorting as output form
* conform to previous way of using it
* sort first by login and after by email, as it was before
Backend plugins is recommended to use hclog with json
formatting to get proper log output in grafana server log.
Old hclog-wrapper.go that I deleted while back is still in
the repo so deletes that.
* Remove highres flag since it's not being used
* Remove not used code. Init id field correctly
* Fix broken tests
* Remove GMS related calculations
* Rename period field
* Add breaking changes to changelog. Also update upgrading docs
* Update snapshot
* Update docs after feedback
* Changes after feedback
Problem was that yaml unmarshal returned nested maps as
map[interface{}]interface{} which are then not marshal-able
to json because of that interface{} key type. This adds explicit
casting of the keys in the yaml value types to string which
then makes the values marshal-able to JSON in DB.
Fixes: #11537
* Util: Optionally allow empty input in SplitHostPortDefault
Due to a recent change the SQL Server tests failed because passing an
empty datasource url in `util.SplitHostPortDefault` was no more allowed.
This fix contains the following modifications:
- Modifies the util.SplitHostPortDefault not to return an error for empty input.
- Modifies the util.SplitHostPort to return an error for empty input.
- Introduces an additional test for empty input.
The ordering of links in the navigation bar is currently based the order of the slice containing the navigation tree. Since Grafana supports adding more links to the navigation bar with `RunIndexDataHooks` which runs at the very end of the function this means that any link registered through a hook will be placed last in the slice and be displayed last in the menu. With this PR the ordering can be specified with a weight which allows for placing links created by extensions in a more intuitive place where applicable.
Stable sorting is used to ensure that the current FIFO ordering is preserved when either no weight is set or two items shares the same weight.
* CloudWatch: Datasource improvements
* Add statistic as template variale
* Add wildcard to list of values
* Template variable intercept dimension key
* Return row specific errors when transformation error occured
* Add meta feedback
* Make it possible to retrieve values without known metrics
* Add curated dashboard for EC2
* Fix broken tests
* Use correct dashboard name
* Display alert in case multi template var is being used for some certain props in the cloudwatch query
* Minor fixes after feedback
* Update dashboard json
* Update snapshot test
* Make sure region default is intercepted in cloudwatch link
* Update dashboards
* Include ec2 dashboard in ds
* Do not include ec2 dashboard in beta1
* Display actual region
* LDAP: last org admin (that's going to be removed) can login
Previously, if you tried to login with LDAP but were that last org admin
of an org that you would no longer be an admin of after sync (which
happens at login), you wouldn't be able to login due to an error.
Adds a new setting disable_admin_user and when true the default
admin user will not be created when Grafana starts for the first
time (or no users exists in the system).
Closes#19038
* AuthProxy: Can now login with auth proxy and get a login token
* added unit tests
* renamed setting and updated docs
* AuthProxy: minor tweak
* Fixed tests and namings
* spellfix
* fix
* remove unused setting, probably from merge conflict
* fix
The arching goal of this commit is to enable single user
synchronisation with LDAP. Also, it included minor fixes of style,
error messages and minor bug fixing.
The changes are:
- bug: The `multildap` package has its own errors when the user is
not found. We fixed the conditional branch on this error by asserting
on the `multildap` errors as opposed to the `ldap` one
- bug: The previous interface usage of `RevokeAllUserTokens` did not
work as expected. This replaces the manual injection of the service by
leveraging the service injected as part of the `server` struct.
- chore: Better error messages around not finding the user in LDAP.
- fix: Enable the single sync button and disable it when we receive an
error from LDAP. Please note, that you can enable it by dispatching
the error. This allows you to try again without having to reload the
page.
- fix: Move the sync info to the top, then move the sync button above
that information and clearfix to have more harmony with the UI.
* Renamed ttl config in code to be more consistent with behaviour
* Introduced new setting `sync_ttl` in .ini file
* Keeping the old setting `ldap_sync_ttl` in the .ini file as fallback and compatibility.
Adds support for Generic OAuth role mapping. A new
configuration setting for generic oauth is added named
role_attribute_path which accepts a JMESPath expression.
Only Grafana roles named Viewer, Editor or Admin are
accepted.
Closes#9766
* LDAP Debug: No longer shows incorrectly matching groups based on role
Org Role was used as a shortcut to figure out what groups were matching
and which weren't. That lead to too all groups matching a specific role
to show up for a user if that user got that role.
* LDAP Debug: Fixes ordering of matches
The order of groups in the ldap.toml file is important, only the first
match for an organisation will be used. This means we have to iterate
based on the config and stop matching when a match is found.
We might want to think about showing further matches as potential
matches that are shadowed by the first match. That would possibly make
it easier to understand why one match is used instead of another one.
* LDAP Debug: never display more than one match for the same LDAP group/mapping.
* LDAP Debug: show all matches, even if they aren't used
* Update public/app/features/admin/ldap/LdapUserGroups.tsx
Co-Authored-By: gotjosh <josue.abreu@gmail.com>
* Update public/app/features/admin/ldap/LdapUserGroups.tsx
Co-Authored-By: gotjosh <josue.abreu@gmail.com>
* Licensing: supplies a service to handle licensing information
* Licensing: uses the license service further
Uses the license service instead of settings.isEnterprise:
- external team members
- saml
- usage stats
* Licensing: fixes broken tests due to new Licensing service dependency
* Licensing: fixes linting errors
* Licensing: exposes license expiry information to the frontend
Fixes so that all notification channels configured for an alert should
try to send notification even if one notification channel fails to send
a notification.
Signed-off-by: Abhilash Gnan <abhilashgnan@gmail.com>
Fixes#19768
* pkg/cmd: Check errors
* pkg/cmd: Make sure server waits on services, even in case of error
* pkg/cmd: Inform of error to show help
* pkg/cmd: Only warn on failure to send systemd notification
* pkg/cmd: Don't log errors stemming from context cancelation
* pkg/cmd: Don't fail if unable to write to systemd
* Rename GrafanaServerImpl to Server
* Make flag dependencies explicit
* Extract method for building service graph
* Document and clarify methods
* Rename HttpServer to HTTPServer
fix pkg/services/search/service.go:52:3: s.bus undefined (type *SearchService has no field or method bus, but does have Bus)
fixes issue introduced by #19765
* Convert Azure Application Insights datasource to Go
Allows for alerting of Application Insights data source
Closes: #15153
* Fix timeGrainReset
* Default time interval for querys for alerts
* Fix a few rename related bugs
* Update readme to indicate App Insights alerting
* Fix typo and add tests to ensure migration is happening
* Address code review feedback (mostly typos and unintended changes)
* Chore: Upgrade to Go 1.13
Fixes: #18878
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* Chore: Upgrade lint tools in order to work with Go 1.13
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* Chore: Fix Go linting issues
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* Fix: Handle empty nested keys on YAML provisioning datasources
As we provision a datasource via a YAML file, we attempt to transform the
file into sensible Go types that the provisioning code can use.
While this happens, there is a chance some of the keys nested within
the YAML array are empty.
This fix allows the YAML parser to handle empty keys by null checking
the return of `reflect.TypeOf` which according to the documentation:
> TypeOf returns the reflection Type that represents the dynamic type of i. If i is a nil interface value, TypeOf returns nil.
Can return nil.
* Add tests
* API: Add `createdAt` and `updatedAt` to api/users/lookup
In the past, we have added both `updatedAt` (#19004) and `createdAt` (#19475) to /api/users/:id
Turns out, api/users/lookup uses the same DTO for both. This fixes the serialization of both `createdAt` and `updatedAt`for this endpoint.
Also, adds a test to ensure no further regressions.
* Updated API documentation
* use grafana-plugin-model dependency that uses go modules
* use grafana-plugin-model with updated hashicorp/go-plugin
* use grafana-plugin-model with re-compiled protos
* test using protoc-gen-go v1.2.0 tag
* use grafana-plugin-model with re-compiled protos
* chore: fix deprecation warning for lint
* use latest grafana-plugin-model
Fixes#19454
Only return certain mysql errors from backend.
The following errors is returned as is from backend:
error code 1064 (parse error)
error code 1054 (bad column/field selected)
error code 1146 (table not exists)
Any other errors is logged and returned as a generic
error.
Restrict use of certain functions:
Do not allow usage of the following in query:
system_user()
session_user()
current_user() or current_user
user()
show grants
Fixes#19360
* Multi-LDAP: Do not fail-fast on invalid credentials
When configuring LDAP authentication, it is very common to have multiple
servers configured. When using user bind (authenticating with LDAP using
the same credentials as the user authenticating to Grafana) we don't
expect all the users to be on all LDAP servers.
Because of this use-case, we should not fail-fast when authenticating on
multiple LDAP server configurations. Instead, we should continue to try
the credentials with the next LDAP server configured.
Fixes#19066
* Update README.md
Capitalized the G and S in "Getting Started," and moved "guide" to match the section title in the docs.
* Fixed sentence structure. Changed "download" to "grafana.com/get" and changed "get" to "download".
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* LDAP: Show all LDAP groups
* Use the returned LDAP groups as the reference when debugging LDAP
We need to use the LDAP groups returned as the main reference for
assuming what we were able to match and what wasn't. Before, we were
using the configured groups in LDAP TOML configuration file.
* s/User name/Username
* Add a title to for the LDAP mapping results
* LDAP: UI Updates to debug view
* LDAP: Make it explicit when we weren't able to match teams
This reverts commit 2514209 from #18384. Reason is that it doesn't
work due to xorm 0.7.1 which doesn't support this new connectionstring
format.
Fixes#19189
Ref #18384
Ref #17665
* Add new query mode picker with different states for each query. Also really simple migration script
* Populate cross resource dropdowns
* Cleanup. Handle change events
* Add multi select picker for subscriptions
* Fix markup issue
* Prepare for new query mode
* More cleanup
* Handle multiple queries both in ds and backend
* Refactoring
* Improve migration
* Add support for multiselect display name
* Use multiselect also for locations and resources
* Add more typings
* Fix migrations
* Custom multiselect built for array of options instead of variables
* Add url builder test
* fix datasource tests
* UI fixes
* Improve query editor init
* Fix brokens tests
* Cleanup
* Fix tslint issue
* Change query mode display name
* Make sure alerting works for single queries
* Friendly error for multi resources
* Add temporary typings
Don't update total stats metrics if reporting is disabled.
New setting disable_total_stats for turning off update
of total stats (stat_totals_*) metrics.
Ref #19137
* Add items for navmodel and basic page
* add reducer and actions
* adding user mapping table component
* adding components for ldap tables
* add alert box on error
* close error alert box
* LDAP status page: connect APIs WIP
* LDAP debug: fetch connection status from API
* LDAP debug: fetch user info from API
* LDAP debug: improve connection error view
* LDAP debug: connection error tweaks
* LDAP debug: fix role mapping view
* LDAP debug: role mapping view tweaks
* LDAP debug: add bulk-sync button stub
* LDAP debug: minor refactor
* LDAP debug: show user teams
* LDAP debug: user info refactor
* LDAP debug: initial user page
* LDAP debug: minor refactor, remove unused angular wrapper
* LDAP debug: add sessions to user page
* LDAP debug: tweak user page
* LDAP debug: tweak view for disabled user
* LDAP debug: get sync info from API
* LDAP debug: user sync info
* LDAP debug: sync user button
* LDAP debug: clear error on page load
* LDAP debug: add user last sync info
* LDAP debug: actions refactor
* LDAP debug: roles and teams style tweaks
* Pass showAttributeMapping to LdapUserTeams
* LDAP debug: hide bulk sync button
* LDAP debug: refactor sessions component
* LDAP debug: fix loading user sessions
* LDAP debug: hide sync user button
* LDAP debug: fix fetching unavailable /ldap-sync-status endpoint
* LDAP debug: revert accidentally added fix
* LDAP debug: show error when LDAP is not enabled
* LDAP debug: refactor, move ldap components into ldap/ folder
* LDAP debug: styles refactoring
* LDAP debug: ldap reducer tests
* LDAP debug: ldap user reducer tests
* LDAP debug: fix connection error placement
* Text update
* LdapUser: Minor UI changes moving things around
* AlertBox: Removed icon-on-top as everywhere else it is centered, want to have it be consistent
* LDAP: Allow an user to be synchronised against LDAP
This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand.
A few things to note are:
LDAP needs to be enabled for the sync to work
It only works against users that originally authenticated against LDAP
If the user is the Grafana admin and it needs to be disabled - it will not sync the information
Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
* API: Add `updatedAt` to api/users/:id
This adds the timestamp of when a particular user was last updated to
the `api/users/:id` endpoint.
This helps our administrators understand when was the user information last
updated. Particularly when it comes from external systems e.g. LDAP
Adds the definition of `GetTeamsForLDAPGroupCommand` which handles the lookup of team information based on LDAP groupDNs.
This is an Enterprise only feature. To diferentiate,a response will contain the `team` key as `null` on OSS while on Enterprise the key will contain an empty array `[]` when no teams are found.
* LDAP: Add API endpoint to query the LDAP server(s) status|
This endpoint returns the current status(es) of the configured LDAP server(s).
The status of each server is verified by dialling and if no error is returned we assume the server is operational.
This is the last piece I'll produce as an API before moving into #18759 and see the view come to life.
* Move the ReloadLDAPCfg function to the debug file
Appears to be a better suite place for this.
* LDAP: Return the server information when we find a specific user
We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things:
- Understand in which server we found the user
- Have access the groups specified as part of the server configuration
* LDAP: Adds the /api/admin/ldap/:username endpoint
This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration.
No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
* Emails: resurrect template notification
* Phantomjs (oh yeah, there is another dev dep phantom :-) was failing for
the generation of the html templates so I had to update the dependencies
in order to fix it. While doing that I update the scripts field and docs
for it as well. yarn.lock is included
* Move splitting of the emails to separate helper function, since more services
coming up that would need to use this functionality
* Add support for enterprise specific email letters. Probably could
be done in the better way, but it's not a priority right now
* Auth: change the error HTTP status codes
* Use 407 HTTP status code for incorrect credentials error
* Improve proxy auth logs
* Remove no longer needed TODO comment
Fixes#18439
It seems `ldap` module introduced new error type of which
multildap module didn't know about.
This broke the multildap login logic
Fixes#18491
Ref #18587
* SQLite migrations
* cleanup
* migrate end times
* switch to update with a query
* real migration
* anno migrations
* remove old docs
* set isRegion from time changes
* use <> for is not
* add comment and fix index decleration
* single validation place
* add test
* fix test
* add upgrading docs
* use AnnotationEvent
* fix import
* remove regionId from typescript
Existing /api/alert-notifications now requires at least editor access.
Existing /api/alert-notifiers now requires at least editor access.
New /api/alert-notifications/lookup returns less information than
/api/alert-notifications and can be access by any authenticated user.
Existing /api/org/users now requires org admin role.
New /api/org/users/lookup returns less information than
/api/org/users and can be access by users that are org admins,
admin in any folder or admin of any team.
UserPicker component now uses /api/org/users/lookup instead
of /api/org/users.
Fixes#17318
* Do not set SameSite login_error cookie attribute if cookie_samesite is none
* Do not set SameSite grafana_session cookie attribute if cookie_samesite is none
* Update middleware tests
* Fix CreateTeam api endpoint
No team member should be created for requests
authenticated by API tokens.
* Update middleware test
Assert that `isAnonymous` is set for `SignedInUser`
authenticated via API key.
* Add test for team creation
Assert that no team member is created if the signed in user
is anomymous.
* Revert "Fix CreateTeam api endpoint"
This reverts commit 9fcc4e67f5.
* Revert "Update middleware test"
This reverts commit 75f767e58d.
* Fix CreateTeam api endpoint
No team member should be created for requests
authenticated by API tokens.
* Update team test
* Change error to warning and update tests
This commit addresses half of #13749 by making sure GetMetricData
works for alerting. Math Expressions (compound metrics) will still not
work for alerting, this would require a bigger refactoring of Grafana's
alerting service. However, with this commit at least alerting for basic
metrics with non empty query Id will work.
Fixes half of #13749
* Auth: Do not search for the user twice
Previously `initContextWithBasicAuth` did not use `LoginUserQuery`, doing
`GetUserByLoginQuery` only i.e. looking user in DB only, things changed when
this function started to check LDAP provider via `LoginUserQuery` (#6940),
however, this request was placed after `GetUserByLoginQuery`, so we first
looking in DB then in the LDAP - if LDAP user hasn't logged in we will
not find it in DB, so `LoginUserQuery` will never be reached.
`LoginUserQuery` request already performs `GetUserByLoginQuery`
request in correct sequence. So we can just remove redundant request.
* Correct sequence execution during authentification &
introduce tests for it
* Move basic auth tests to separate test file, since main test file already
pretty large
* Introduce `testing.go` for the middleware module
* Remove redundant test helper function
* Make handler names more explicit
Ref 5777f65d05Fixes#18329
* Auth: address review comment
* added alert rule tags in webhook notifications
* fix: don't include whole list of Tag objects but only key/value pairs in Webhook JSON
* marked webhook alerts to support alert rule tags
