* Settings: Add setting for hiding version number for anonymous users
Fixes#12925
* Hide version string from footer when unavailable
* Settings: Test frontend settings with hide version for anonymous users
* Settings: Add hide version variable to frontend settings
* Make AnonymousHideVersion non-global
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* Settings: Improve test neighbor friendliness, reset state before and after
* Settings: Use T.Cleanup
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Forbid additional redirect urls
* Optionally force login in anonymous mode
* Update LoginCtrl page to ignore redirect parameter
* Modify SignIn to set forceLogin query instead of redirect
* Pass appUrl to frontend and use URL API for updating url query
* Apply suggestions from code review
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Fix SignIn test
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
This ensures that the X-Grafana-User header can be trusted.
If the configuration enabled the setting of this header, the
server can now trust that X-Grafana-User is set/unset by Grafana.
Before this, an anonymous user could simply set the X-Grafana-User
header themselves (using the developer tool for example)
Refactor to allow shared contract between core and external backend plugins
allowing core backend data sources in Grafana to be implemented in same
way as an external backend plugin.
Use v0.67.0 of sdk.
Add tests for verifying plugin is restarted when process is killed.
Enable strict linting for backendplugin packages
* add flux
* add token to datasource config editor
* add backend for flux
* make the interpolated query available in query inspector
* go mod tidy
* Chore: fixes a couple of strict null errors in influxdb plugin
Co-authored-by: kyle <kyle@grafana.com>
Co-authored-by: Lukas Siatka <lukasz.siatka@grafana.com>
* uses plugin-sdk-go v0.66.0, which adds adds the ExecutedQueryString property to FrameMeta and changes s/Title/DisplayName in FieldConfig
* go mod tidy
note: This is just Azure Monitor within the Azure Monitor datasource (not insights, insights analytics, or log analytics yet).
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
Fixes so that ini-sections containing hyphen is replaced with
underscore. Fixes an issue with backend plugin settings.
Ref grafana/grafana-image-renderer#147
* Alerting: Adds support for multiple URLs in Alertmanager notifier
Adds support for multiple URLs in Alertmanager notifier following
alertmanager documentation for high availability setup.
Update the documentation for alertmanager notifier.
Closes#24195
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
Co-authored-by: bergquist <carl.bergquist@gmail.com>
* image and card component
* change height of getting started panel
* progress
* setup basic step
* advanced steps
* step forward and backward
* do checks
* fix button size
* minor styling on butttons
* add correct links
* save tutorial click in localstorage
* types and gradients
* fix gradients
* use spacing variable
* lots of responsiveness
* add links to help
* Getting started work
* redo according to split panel design
* minor touch ups
* new background images
* split up docs card to different hrefs
* welcome bar touch ups
* hide icon on small screens
* transparent false on welcome banner
* fix urls
* source tag in welcome urls
* move images to panel dir, removed unused images
* Nicer loading message
* make the cards look nicer on wide screens
* append utm tag on render instead
* replace width with margin
* new background image for light
* remove target on a element
* removing buttonselect, add tag to href
* more polishing
Co-authored-by: Dominik Prokop <dominik.prokop@grafana.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* azuremonitor: add gzipped and base64 encoded query to metadata
for Azure Log Analytic query responses
* azure monitor: add fields to metadata for log analytics
* azuremonitor: correction to text in query editor
* azuremonitor: adds subscription id to result metadata
* azuremonitor: build deep link url for Log Analytics
Most of the information needed for building the url
comes from the backend. The workspace friendly name
and the resource group that the workspace belongs
to are fetched in a separate API call. This call is
cached otherwise there would be a workspaces call
per query on the dashboard.
* docs: azure log analytics deep linking
* Apply suggestions from code review
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
* docs: fixing review comments for azure monitor
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
If refresh interval is lower than minimum refresh interval
when importing dashboard, use the minimum refresh interval
instead of returning error.
Fixes#23099
* azuremonitor: add support for log analytics macros
Also adds tests for the kql macros
* azuremonitor: backend implementation for Log Analytics
* azuremonitor: remove gzip header from plugin route
The Go net/http library adds an accept encoding header
for gzip automatically.
https://golang.org/src/net/http/transport.go\#L2454
So no need to specify it manually
* azuremonitor: parses log analytics time series
* azuremonitor: support for table data for Log Analytics
* azuremonitor: for log analytics switch to calling the API...
...from the backend for time series and table queries.
* azuremonitor: fix missing err check
* azuremonitor: support Azure China, Azure Gov...
for log analytics on the backend.
* azuremonitor: review fixes
* azuremonitor: rename test files folder to testdata
To follow Go conventions for test data in tests
* azuremonitor: review fixes
* azuremonitor: better error message for http requests
* azuremonitor: fix for load workspaces on config page
* azuremonitor: strict null check fixes
Co-authored-by: bergquist <carl.bergquist@gmail.com>
* Datasource/Cloudwatch: Adds support for Cloudwatch Logs
* Fix rebase leftover
* Use jsurl for AWS url serialization
* WIP: Temporary workaround for CLIQ metrics
* Only allow up to 20 log groups to be selected
* WIP additional changes
* More changes based on feedback
* More changes based on PR feedback
* Fix strict null errors
Same as #23452 but for assumed roles.
When using service accounts (webIdentity) on EKS in combination
with assuming roles in other AWS accounts Grafana needs to retrieve
the service account credentials first and then needs to assume the
configured role.
When Include image is enabled for an alert notification channel, but there's
no image renderer available/installed when sending notification an error
image will be uploaded/attached explaining that you need to install the
Grafana Image Renderer plugin.
Ref #13802
Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
grafana-plugin-model is legacy and is replaced by new backend
plugins SDK and architecture. Renderer is not part of SDK and
we want to keep it that way for now since it's highly unlikely there
will be more than one kind of renderer plugin.
So this PR adds support for renderer plugin v2.
Also adds support sending a Device Scale Factor parameter to the
plugin v2 remote rendering service and by that replaces #22474.
Adds support sending a Headers parameter to the plugin v2 and
remote rendering service which for now only include
Accect-Language header (the user locale in browser when using
Grafana), ref grafana/grafana-image-renderer#45.
Fixes health check json details response.
Adds image renderer plugin configuration settings in defaults.ini
and sample.ini.
Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
Removes all references and usage of PhantomJS #23375.
Remove direct link rendered image e2e smoke test for now.
Docker: Fix installing chrome in ubuntu custom docker image.
Improve handling of image renderer not available/installed #23593.
Add PhantomJS breaking change and upgrading notes.
Use grabpl v0.2.10.
Closes#13802
Co-authored-by: Kyle Brandt <kyle@grafana.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
* Allow API to assign new user to a specific organization
* Add defer block to test
* Add API tests and return 400 instead of 500 for bad orgId
* Minor test improvements
Enables adding a section `plugin.<plugin id>` and key/value to
Grafana configuration file which will be converted and sent
as environment variables to the backend plugin.
Also sends some additional environment variables, Grafana
version (GF_VERSION), Grafana edition (GF_EDITION) and
enterprise license path (GF_ENTERPRISE_LICENSE_PATH).
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Fixes#21515,
* Hangouts: fixes notifications for alerts with empty message
* Update pkg/services/alerting/notifiers/googlechat.go
Co-Authored-By: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Replicate SDK behaviour for WebIdentityRole
Fix#20473
* Use WebIdentityRole in s3 uploader as well
* Use consistent casing
* use WebIdentityRole to assume another role
Co-authored-by: eV <ev@7pr.xyz>
* Part1: Unicons implementation (#23197)
* Create a new Icon component
* Update icons in main sidebar
* Update icons in Useful links and in react components on main site
* Update icons in Useful links and in main top navigation
* Adjust sizing
* Update panel navigation and timepicker
* Update icons in Panel menu
* NewPanelEditor: Fixed so that test alert rule works in new edit mode (#23179)
* Update icons in add panel widget
* Resolve merge conflict
* Fix part of the test errors and type errors
* Fix storybook errors
* Update getAvailableIcons import in storybook knobs
* Fix import path
* Fix SyntaxError: Cannot use import statement outside a module in test environment error
* Remove dynamic imports
* Remove types as using @ts-ignore
* Update snapshot test
* Add @iconscout/react-unicons to the shouldExclude list as it is blundled with es2015 syntax
* Remove color prop from icon, remove color implemetation in mono icons
* Update navbar styling
* Move toPascalCase to utils/string
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Resolve type errors resulted from merge
* Part2: Unicons implementation (#23266)
* Create a new Icon component
* Update icons in main sidebar
* Update icons in Useful links and in react components on main site
* Update icons in Useful links and in main top navigation
* Adjust sizing
* Update panel navigation and timepicker
* Update icons in Panel menu
* Update icons in add panel widget
* Resolve merge conflict
* Fix part of the test errors and type errors
* Fix storybook errors
* Update getAvailableIcons import in storybook knobs
* Fix import path
* Fix SyntaxError: Cannot use import statement outside a module in test environment error
* Remove dynamic imports
* Remove types as using @ts-ignore
* Update snapshot test
* Add @iconscout/react-unicons to the shouldExclude list as it is blundled with es2015 syntax
* Implment icons in Tabs
* Implement icons in search items and empty list
* Update buttons
* Update button-related snapshot tests
* Update icons in modals and page headers
* Create anfular wrapper and update all icons on search screen
* Update sizing, remove colors, update snapshot tests
* Remove color prop from icon, remove color implemetation in mono icons
* Remove color props from monochrome icons
* Complete update of icons for search screen
* Update icons for infor tooltips, playlist, permissions
* Support temporarly font awesome icons used in enterprise grafana
* Part1: Unicons implementation (#23197)
* Create a new Icon component
* Update icons in main sidebar
* Update icons in Useful links and in react components on main site
* Update icons in Useful links and in main top navigation
* Adjust sizing
* Update panel navigation and timepicker
* Update icons in Panel menu
* NewPanelEditor: Fixed so that test alert rule works in new edit mode (#23179)
* Update icons in add panel widget
* Resolve merge conflict
* Fix part of the test errors and type errors
* Fix storybook errors
* Update getAvailableIcons import in storybook knobs
* Fix import path
* Fix SyntaxError: Cannot use import statement outside a module in test environment error
* Remove dynamic imports
* Remove types as using @ts-ignore
* Update snapshot test
* Add @iconscout/react-unicons to the shouldExclude list as it is blundled with es2015 syntax
* Remove color prop from icon, remove color implemetation in mono icons
* Update navbar styling
* Move toPascalCase to utils/string
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Icons update
* Add optional chaining to for isFontAwesome variable
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Part3: Unicons implementation (#23356)
* Create a new Icon component
* Update icons in main sidebar
* Update icons in Useful links and in react components on main site
* Update icons in Useful links and in main top navigation
* Adjust sizing
* Update panel navigation and timepicker
* Update icons in Panel menu
* Update icons in add panel widget
* Resolve merge conflict
* Fix part of the test errors and type errors
* Fix storybook errors
* Update getAvailableIcons import in storybook knobs
* Fix import path
* Fix SyntaxError: Cannot use import statement outside a module in test environment error
* Remove dynamic imports
* Remove types as using @ts-ignore
* Update snapshot test
* Add @iconscout/react-unicons to the shouldExclude list as it is blundled with es2015 syntax
* Implment icons in Tabs
* Implement icons in search items and empty list
* Update buttons
* Update button-related snapshot tests
* Update icons in modals and page headers
* Create anfular wrapper and update all icons on search screen
* Update sizing, remove colors, update snapshot tests
* Remove color prop from icon, remove color implemetation in mono icons
* Remove color props from monochrome icons
* Complete update of icons for search screen
* Update icons for infor tooltips, playlist, permissions
* Support temporarly font awesome icons used in enterprise grafana
* Part1: Unicons implementation (#23197)
* Create a new Icon component
* Update icons in main sidebar
* Update icons in Useful links and in react components on main site
* Update icons in Useful links and in main top navigation
* Adjust sizing
* Update panel navigation and timepicker
* Update icons in Panel menu
* NewPanelEditor: Fixed so that test alert rule works in new edit mode (#23179)
* Update icons in add panel widget
* Resolve merge conflict
* Fix part of the test errors and type errors
* Fix storybook errors
* Update getAvailableIcons import in storybook knobs
* Fix import path
* Fix SyntaxError: Cannot use import statement outside a module in test environment error
* Remove dynamic imports
* Remove types as using @ts-ignore
* Update snapshot test
* Add @iconscout/react-unicons to the shouldExclude list as it is blundled with es2015 syntax
* Remove color prop from icon, remove color implemetation in mono icons
* Update navbar styling
* Move toPascalCase to utils/string
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Update icons in Explore
* Update icons in alerting
* Update + and x buttons
* Update icons in configurations and settings
* Update close icons
* Update icons in rich history
* Update alert messages
* Add optional chaining to for isFontAwesome variable
* Remove icon mock, set up jest.config
* Fix navbar plus icon
* Fir enable-bacground to enableBackgournd
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Merge remote branch origin master to icons-unicons
* Revert "Merge remote branch origin master to icons-unicons"
This reverts commit 3f25d50a39.
* Size-up dashnav icons
* Fix alerting icons, panel headers, update tests
* Fix typecheck error
* Adjustments - add panel icon, spacing
* Set TerserPlugin sourceMap to false to prevent running out of memory when publishing storybook
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* BackendPlugin: (wip) change response format
goes with https://github.com/grafana/grafana-plugin-sdk-go/pull/109
* fix error mapping in wrapper
* latest of my sdk branch
* latest of my sdk branch
* TransformWrapper fixes
* latest of sdk branch (removes extra meta)
* add metadata in wrappers
* also set error string
* sdk: v0.35.0
* Show organization popup in alphabetical order
* GetUserOrgList: Sort organizations by name in API
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Cookie : Increase duration to avoid error
When using oauth2 authentication with multifactor, the 60s delay may be too short
* Introduce new setting for OAuth state cookie max age
Co-authored-by: Sofia Papagiannaki <sofia@grafana.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* wip: add slo support
* Export DataSourcePlugin
* wip: break out metric query editor into its own component
* wip: refactor frontend - keep SLO and Metric query in differnt objects
* wip - load services and slos
* Fix broken test
* Add interactive slo expression builder
* Change order of dropdowns
* Refactoring backend model. slo unit testing in progress
* Unit test migration and SLOs
* Cleanup SLO editor
* Simplify alias by component
* Support alias by for slos
* Support slos in variable queries
* Fix broken last query error
* Update Help section to include SLO aliases
* streamline datasource resource cache
* Break out api specific stuff in datasource to its own file
* Move get projects call to frontend
* Refactor api caching
* Unit test api service
* Fix lint go issue
* Fix typescript strict errors
* Fix test datasource
* Use budget fraction selector instead of budget
* Reset SLO when service is changed
* Handle error in case resource call returned no data
* Show real SLI display name
* Use unsafe prefix on will mount hook
* Store goal in query model since it will be used as soon as graph panel supports adding a threshold
* Add comment to describe why componentWillMount is used
* Interpolate sloid
* Break out SLO aggregation into its own func
* Also test group bys for metricquery test
* Remove not used type fields
* Remove annoying stackdriver prefix from error message
* Default view param to FULL
* Add part about SLO query builder in docs
* Use new images
* Fixes after feedback
* Add one more group by test
* Make stackdriver types internal
* Update docs/sources/features/datasources/stackdriver.md
Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
* Update docs/sources/features/datasources/stackdriver.md
Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
* Update docs/sources/features/datasources/stackdriver.md
Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
* Updates after PR feedback
* add test for when no alias by defined
* fix infinite loop when newVariables feature flag is on
onChange being called in componentDidUpdate produces an
infinite loop when using the new React template variable
implementation.
Also fixes a spelling mistake
* implements feedback for documentation changes
* more doc changes
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
Co-authored-by: Daniel Lee <dan.limerick@gmail.com>
* Add integration with Jeager
Add Jaeger datasource and modify derived fields in loki to allow for opening a trace in Jager in separate split.
Modifies build so that this branch docker images are pushed to docker hub
Add a traceui dir with docker-compose and provision files for demoing.:wq
* Enable docker logger plugin to send logs to loki
* Add placeholder zipkin datasource
* Fixed rebase issues, added enhanceDataFrame to non-legacy code path
* Trace selector for jaeger query field
* Fix logs default mode for Loki
* Fix loading jaeger query field services on split
* Updated grafana image in traceui/compose file
* Fix prettier error
* Hide behind feature flag, clean up unused code.
* Fix tests
* Fix tests
* Cleanup code and review feedback
* Remove traceui directory
* Remove circle build changes
* Fix feature toggles object
* Fix merge issues
* Fix some null errors
* Fix test after strict null changes
* Review feedback fixes
* Fix toggle name
Co-authored-by: David Kaltschmidt <david.kaltschmidt@gmail.com>
data.Frame (that can be series) are converted to as tsdb.TimeSeriesSlice - so new backend plugins can be shimmed into existing alerting
use sdk v0.31.0
* AlertNotifications: Translate notifications IDs to UIDs in alert Rule builder
* Avoid shadowing errors, raise validation error on non-existing notification id
* create a cache for notification Uids to minimize db overhead
* add cache usage test
* avoid caching empty notification Uids
* isolate db in alert notificationUid caching tests
* Hide plugins list from viewers
* Made /api/plugins only return core plugins for users with viewer role
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Revert "API: Fix redirect issue when configured to use a subpath (#21652)" (#22671)
This reverts commit 0e2d874ecf.
* Fix redirect validation (#22675)
* Chore: Add test for parse of app url and app sub url
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Fix redirect: prepend subpath only if it's missing (#22676)
* Validate redirect in login oauth (#22677)
* Fix invalid redirect for authenticated user (#22678)
* Login: Use correct path for OAuth logos
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Use v0.19.0 of SDK.
Support handling of streaming resource response.
Disable gzip/compression middleware for resources
to allow chunked/streaming response to clients the gzip
middleware had to be disabled since it buffers the full
response before sending it to the client.
Closes#22569
Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
* Stats: add active user count query
* License: add info in settings
* Stats: Retrieve active users stats for different roles
+ Clean files and tests
* Stats: add dialect.Quote in queries
* Stats: improve tests (require instead of assert)
* Stats: improve tests (require instead of assert)
* Add fallback to search_base_dns if group_search_base_dns is undefined.
refs: #20862
* removed newline to make lint-go happy
* Added requested changes on ldap.md for last commit
Refs: #21263
Moves common request proxy utilities to proxyutil package with
support for removing X-Forwarded-Host, X-Forwarded-Port,
X-Forwarded-Proto headers, setting X-Forwarded-For header
and cleaning Cookie header.
Using the proxyutil package to prepare and clean request
headers before resource calls.
Closes#21512
* clean PR #17366
* udpate vendor
* [WIP] Implement projects management for stackdriver
* [WIP] Implement projects management for stackdriver
* [WIP] Implement projects management for stackdriver
* Implement projects management for stackdriver
* [WIP][Tests] Fix errors
* clean anonymous struct
* remove await
* don't store project list
* Add default project on query editor
* gofmt
* Fix tests
* Move test data source to backend
* Use segment instead of dropdown. remove ensure default project since it's not being used anymore.
* Fix broken annotation editor
* Load gceDefaultAccount only once when in the config page
* Reset error message on auth type change
* Add metric find query for projects
* Remove debug code
* Fix broken tests
* Fix typings
* Fix lint error
* Slightly different approach - now having a distiction between config page default project, and project that is selectable from the dropdown in the query editor.
* Fix broken tests
* Attempt to fix strict ts errors
* Prevent state from being set multiple times
* Remove noOptionsMessage since it seems to be obosolete in react select
* One more attempt to solve ts strict error
* Interpolate project template variable. Make sure its loaded correctly when opening variable query editor first time
* Implicit any fix
* fix: typescript strict null check fixes
* Return empty array in case project endpoint fails
* Rename project to projectName to prevent clashing with legacy query prop
* Fix broken test
* fix: Stackdriver - template replace on filter label
should have a regex format as that escapes the dots
in the label name which is not valid.
Co-authored-by: Labesse Kévin <kevin@labesse.me>
Co-authored-by: Elias Cédric Laouiti <elias@abtasty.com>
Co-authored-by: Daniel Lee <dan.limerick@gmail.com>
This feature would provide a way for administrators to limit the minimum
dashboard refresh interval globally.
Filters out the refresh intervals available in the time picker that are lower
than the set minimum refresh interval in the configuration .ini file
Adds the minimum refresh interval as available in the time picker.
If the user tries to enter a refresh interval that is lower than the minimum
in the URL, defaults to the minimum interval.
When trying to update the JSON via the API, rejects the update if the
dashboard's refresh interval is lower than the minimum.
When trying to update a dashboard via provisioning having a lower
refresh interval than the minimum, defaults to the minimum interval
and logs a warning.
Fixes#3356
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
By storing render key in remote cache it will enable
image renderer to use public facing url or load
balancer url to render images and thereby remove
the requirement of image renderer having to use the
url of the originating Grafana instance when running
HA setup (multiple Grafana instances).
Fixes#17704
Ref grafana/grafana-image-renderer#91
Suppresses stacktrace in recovery middleware if error is
http.ErrAbortHandler.
Skips writing response error in recovery middleware if
resoonse have already been written.
Skips try rotate of auth token if response have already
been written.
Skips adding default response headers if response have
already been written.
Fixes#15728
Ref #18082
Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
Put the cipher suites with Forward Secrecy at or nearer the top, keeping any TLS v1.3 suites at the top, following best practice guides for the ordering of the rest. There is no change to the selection of suites only reordering.
Now any errors logged by http.ReverseProxy are forwarded to
Grafana's logger and includes more contextual information like
level (error), user id, org id, username, proxy path, referer and
IP address.
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
if the client closes the connection we should not
rotate token since the client will never receive the
new token.
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Start Angular migration
* Add SignupCtrl
* Change name signup
* Add backend call
* Put form in separate file
* Add form model
* Start using react-hook-forms
* Add FormModel to state
* Reduxify
* Connect nav with Redux
* Fix routing and navModel
* Fetch state options on mount
* Add default values and add button margin
* Add errror messages
* Fix title
* Remove files and cleanup
* Add Signup tests
* Add boot config assingnAutoOrg and verifyEmailEnabled
* Remove onmount call
* Remove ctrl and move everything to SignupForm
* Make routeParams optional for testing
* Remove name if it is empty
* Set username
* Make function component
* Fix subpath issues and add link button
* Move redux to SignupPage
* Implement Azure AD oauth
* Use go-jose and cleanup
* Update go-jose in go.mod
* cleanup
* Add unit tests
* Fix scopes
* Add documentation page
* Improve documentation
* Convert extract_role into function.
* Do not use upn and replace unique_name with preferred_username
* Configure login button
* Use official microsoft icon and color from branding guideline.
* Add Azure AD config section in sample.ini.
- Fix bug with NaN in alerting - Closes#21953
- Alert reducers (avg/max/etc) drop null values from their calculation. This change makes it so NaN values are handled in the same way as null values.
It was missing for ldap_login which means that the first signup failed
for users with LDAP+quota enabled. There's also potential cases where we
can't provide a request context (background jobs) which is also covered,
but needs a refactoring.
Drop indices and create new ones and rewrites annotation find query
to address performance issues when querying annotation table and
there is a large amount of rows.
Fixes#21902
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Kyle Brandt <kyle@kbrandt.com>
Add support for passing tags to Pagerduty and allow notification
on specific event categories such as Class, Group and Component.
Ref #19912, #19913
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
As part of the new improvements to JMESPath in #17149 a
commit ensuring Role and Email data could be queried from
id_token was lost.
This refactors and fixes extracting from both token and user
info api consistently where before only either token or
either user info api was used for extracting data/attributes.
Fixes#20243
Co-authored-by: Timo Wendt <timo@tjwendt.de>
Co-authored-by: twendt <timo@tjwendt.de>
Co-authored-by: henninge <henning@eggers.name>
Co-Authored-by: Henning Eggers <henning.eggers@inovex.de>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
6.2-beta1 changed so that data sources, dashboards and alert notifiers
are provisioned on service Init where's before only data sources and
alert notifiers was provisioned on service Init and dashboards was first
provisioned in service Run which happens after Grafana server have
started.
This change reverts so that dashboard provisioning are first happening
in service Run, after Grafana server have started.
Fixes#21133
* Calculate min period based on time range and no of queries
* Use hardcoded array of periods if period is not defined actively by the user
* Fix broken tests
* Use a smaller max period for auto interval
* Fix broken tests
* Test period calculation
* Test min retention period
* Fix broken test
* Rewrite angular segments for filter and group by in react
* wip: refactoring
* Update metric find queries
* Remove old maps used to create labels - use one map for all types instead
* Use value as label (again) for filters ang groupby
* Remove old filter
* Remove not used code
* Fixes after pr feedback
* Fix broken tests and add new metadata tests
* Add index file to make imports cleaner
* Cleanup. Remove old angular filter code
* Fix broken tests
* Use type switching instead of if statements
* Use globals for regex
* Updates after pr feedback
* Make sure it's possible to filter using the same key multiple times
* Replace metric select with segment component
* Pass template vars as props
* Refactor meta labels code
* Reorder template variables
* Fix broken tests
* Reset metric value when changing service
* Fix lint issue.
* Make tests independant of element order
* Include kubernetes.io in regex
* Add instruction in help section
* svc alerting - use a shorter ctx to upload the img
This will prevent timeout on img upload to cancel the notifications from being sent
* components img uploader - pass the ctx to aws lib
* make webdavuploader use the ctx
* make azureblobuploader use the ctx
* rename uploadImage() to renderAndUploadImage()
for better clarity about what this method work
* Use timeout + 2s for plugin renderer (same as service and phantomjs)
* Make sure that original EvalContext is updated after render and upload
* Verify notification sent even if render or image upload times out
* fix lint
* fixes after review
Co-authored-by: Edouard Hur <3418467+hekmon@users.noreply.github.com>
Fixes#21018
* wip: react rewrite
* Cleanup
* Break out non annontations specific fields
* Cleanup. Make annontations editor a functional component
* Remove redundant classnames
* Add paneldata to props
* Cleanup
* Fix rebase merge problem
* Updates after pr feedback
* Fix conflict with master
Adds support for collecting metrics from backend plugins and
exposing them thru Grafana's Prometheus metrics endpoint.
Enables to check health of backend plugin by using the route
`/api/plugins/<plugin id>/health`.
Uses sdk v0.6.0.
Closes#20984
By rotating the auth tokens at the end of the request we ensure
that there is minimum delay between a new token being generated
and the client receiving it.
Adds auth token slow load test which uses random latency for all
tsdb queries..
Cleans up datasource proxy response handling.
DefaultHandler in middleware tests should write a response, the
responseWriter BeforeFuncs wont get executed unless a response
is written.
Fixes#18644
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
#21350 introduced a bug regarding import of plugin dashboards.
This should fix this and add custom validation if not importing
plugin dashboard and dashboard property is missing.
Ref #21350
Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
Breaking change: If disabled the cookie samesite cookie attribute
will not be set, but if none the attribute will be set and is a
breaking change compared to before where none did not render the
attribute. This was due to a known issue in Safari.
Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
Fixes#19847
* add min_interval_seconds setting to alerting config
It will let operator enforce a minimum time for the scheduler to enqueue evaluations
* Introduce UI modifications
* Update docs
Co-authored-by: Martin <uepoch@users.noreply.github.com>
OpsGenie's model works heavily off of the priority of an alert,
e.g. routing and escalation. Currently this plugin only supports
the default "P3".
Setting a tag og_priority to the correct P-value, e.g. P1, P2, P3,
P4 or P5, will call the OpsGenie API with the correct priority value
set.
Add fallbackText to Google Chat notifications.
Definition of fallbackText: A plain-text description of the message's
cards, used when the actual cards cannot be displayed,
e.g. mobile notifications.
Fixes#21463
When an alert is sent by e-mail, the process sends an e-mail to
each recipient separately. This PR is a single delivery to all recipients.
For companies that use e-mail extensively, this is necessary in order
not to overload the sending queue.
Replaces #18013Fixes#12650
Co-authored-by: Henrique Oliveira <holiiveira@users.noreply.github.com>
* Settings: supports env overrrides for dynamic settings
* Settings: makes it possible to explicitly get env override support for dynamic settings
* Make linter happy
* Refactor redirect_to cookie with secure flag in middleware
* Refactor redirect_to cookie with secure flag in api/login
* Refactor redirect_to cookie with secure flag in api/login_oauth
* Removed the deletion of 'Set-Cookie' header to prevent logout
* Removed the deletion of 'Set-Cookie' at top of api/login.go
* Add HttpOnly flag on redirect_to cookies where missing
* Refactor duplicated code
* Add tests
* Refactor cookie options
* Replace local function for deleting cookie
* Delete redundant calls
Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
* Footer: Single footer implementation for both react & angular pages
* Export type
* Updates
* Use footer links in help menu
* Updates & Fixes
* Updated snapshot
* updated snapshot
* added alert state validation before changing its state
* modified boolean condition
* converted most occurring string into const
* referred the const of alert models
* imguploader: add support for non-Amazon S3 endpoints and forcing of path-style S3 addressing
fixes#11240
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Pagerduty notifier: configurable severity
Instead of hardcoding `critical` make it configurable per notification channel instance.
* fix html
* Add a test to ensure default severity is correct
* Notifications doc
* Add a non-default test
* Add err check on NewJson (all tests)
* Add default severity (critical) to AlertNotificationEditCtrl class
Adds support for region annotations in Postgres, MySQL and
MSSQL data sources by adding a column named timeend to
annotation query.
Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
Closes#20918
Ref #10589
Removes send_client_credentials_via_post oauth setting and
use auto-detect mechanism instead.
By these changes also fixes statichcheck errors
Ref #8968
Moving info log from phantomjs to rendering service
so it's logged for all kinds of renderers.
Add debug log for image renderer plugin and remote
renderer.
Profiling and tracing can now be enabled/disabled separately.
Adds argument for trace file path.
Support overriding profiling and tracing argument using
environment variables.
Update docs.
Fixes#20576
* refactor to multiple rows
* added name for org user struct
* added name getorgusers
* added user name to tableview
* made test pass
* updated userMocks to user name field
* added missing UsersTable snapshot
* added name on teammembers page, be able to search query for name, login and email
* added the updated snapshots
* conform to same sorting as output form
* conform to previous way of using it
* sort first by login and after by email, as it was before
Backend plugins is recommended to use hclog with json
formatting to get proper log output in grafana server log.
Old hclog-wrapper.go that I deleted while back is still in
the repo so deletes that.
* Remove highres flag since it's not being used
* Remove not used code. Init id field correctly
* Fix broken tests
* Remove GMS related calculations
* Rename period field
* Add breaking changes to changelog. Also update upgrading docs
* Update snapshot
* Update docs after feedback
* Changes after feedback
Problem was that yaml unmarshal returned nested maps as
map[interface{}]interface{} which are then not marshal-able
to json because of that interface{} key type. This adds explicit
casting of the keys in the yaml value types to string which
then makes the values marshal-able to JSON in DB.
Fixes: #11537
* Util: Optionally allow empty input in SplitHostPortDefault
Due to a recent change the SQL Server tests failed because passing an
empty datasource url in `util.SplitHostPortDefault` was no more allowed.
This fix contains the following modifications:
- Modifies the util.SplitHostPortDefault not to return an error for empty input.
- Modifies the util.SplitHostPort to return an error for empty input.
- Introduces an additional test for empty input.
The ordering of links in the navigation bar is currently based the order of the slice containing the navigation tree. Since Grafana supports adding more links to the navigation bar with `RunIndexDataHooks` which runs at the very end of the function this means that any link registered through a hook will be placed last in the slice and be displayed last in the menu. With this PR the ordering can be specified with a weight which allows for placing links created by extensions in a more intuitive place where applicable.
Stable sorting is used to ensure that the current FIFO ordering is preserved when either no weight is set or two items shares the same weight.
* CloudWatch: Datasource improvements
* Add statistic as template variale
* Add wildcard to list of values
* Template variable intercept dimension key
* Return row specific errors when transformation error occured
* Add meta feedback
* Make it possible to retrieve values without known metrics
* Add curated dashboard for EC2
* Fix broken tests
* Use correct dashboard name
* Display alert in case multi template var is being used for some certain props in the cloudwatch query
* Minor fixes after feedback
* Update dashboard json
* Update snapshot test
* Make sure region default is intercepted in cloudwatch link
* Update dashboards
* Include ec2 dashboard in ds
* Do not include ec2 dashboard in beta1
* Display actual region
* LDAP: last org admin (that's going to be removed) can login
Previously, if you tried to login with LDAP but were that last org admin
of an org that you would no longer be an admin of after sync (which
happens at login), you wouldn't be able to login due to an error.
Adds a new setting disable_admin_user and when true the default
admin user will not be created when Grafana starts for the first
time (or no users exists in the system).
Closes#19038
* AuthProxy: Can now login with auth proxy and get a login token
* added unit tests
* renamed setting and updated docs
* AuthProxy: minor tweak
* Fixed tests and namings
* spellfix
* fix
* remove unused setting, probably from merge conflict
* fix
The arching goal of this commit is to enable single user
synchronisation with LDAP. Also, it included minor fixes of style,
error messages and minor bug fixing.
The changes are:
- bug: The `multildap` package has its own errors when the user is
not found. We fixed the conditional branch on this error by asserting
on the `multildap` errors as opposed to the `ldap` one
- bug: The previous interface usage of `RevokeAllUserTokens` did not
work as expected. This replaces the manual injection of the service by
leveraging the service injected as part of the `server` struct.
- chore: Better error messages around not finding the user in LDAP.
- fix: Enable the single sync button and disable it when we receive an
error from LDAP. Please note, that you can enable it by dispatching
the error. This allows you to try again without having to reload the
page.
- fix: Move the sync info to the top, then move the sync button above
that information and clearfix to have more harmony with the UI.
* Renamed ttl config in code to be more consistent with behaviour
* Introduced new setting `sync_ttl` in .ini file
* Keeping the old setting `ldap_sync_ttl` in the .ini file as fallback and compatibility.
Adds support for Generic OAuth role mapping. A new
configuration setting for generic oauth is added named
role_attribute_path which accepts a JMESPath expression.
Only Grafana roles named Viewer, Editor or Admin are
accepted.
Closes#9766
* LDAP Debug: No longer shows incorrectly matching groups based on role
Org Role was used as a shortcut to figure out what groups were matching
and which weren't. That lead to too all groups matching a specific role
to show up for a user if that user got that role.
* LDAP Debug: Fixes ordering of matches
The order of groups in the ldap.toml file is important, only the first
match for an organisation will be used. This means we have to iterate
based on the config and stop matching when a match is found.
We might want to think about showing further matches as potential
matches that are shadowed by the first match. That would possibly make
it easier to understand why one match is used instead of another one.
* LDAP Debug: never display more than one match for the same LDAP group/mapping.
* LDAP Debug: show all matches, even if they aren't used
* Update public/app/features/admin/ldap/LdapUserGroups.tsx
Co-Authored-By: gotjosh <josue.abreu@gmail.com>
* Update public/app/features/admin/ldap/LdapUserGroups.tsx
Co-Authored-By: gotjosh <josue.abreu@gmail.com>
* Licensing: supplies a service to handle licensing information
* Licensing: uses the license service further
Uses the license service instead of settings.isEnterprise:
- external team members
- saml
- usage stats
* Licensing: fixes broken tests due to new Licensing service dependency
* Licensing: fixes linting errors
* Licensing: exposes license expiry information to the frontend
Fixes so that all notification channels configured for an alert should
try to send notification even if one notification channel fails to send
a notification.
Signed-off-by: Abhilash Gnan <abhilashgnan@gmail.com>
Fixes#19768
* pkg/cmd: Check errors
* pkg/cmd: Make sure server waits on services, even in case of error
* pkg/cmd: Inform of error to show help
* pkg/cmd: Only warn on failure to send systemd notification
* pkg/cmd: Don't log errors stemming from context cancelation
* pkg/cmd: Don't fail if unable to write to systemd
* Rename GrafanaServerImpl to Server
* Make flag dependencies explicit
* Extract method for building service graph
* Document and clarify methods
* Rename HttpServer to HTTPServer
fix pkg/services/search/service.go:52:3: s.bus undefined (type *SearchService has no field or method bus, but does have Bus)
fixes issue introduced by #19765
* Convert Azure Application Insights datasource to Go
Allows for alerting of Application Insights data source
Closes: #15153
* Fix timeGrainReset
* Default time interval for querys for alerts
* Fix a few rename related bugs
* Update readme to indicate App Insights alerting
* Fix typo and add tests to ensure migration is happening
* Address code review feedback (mostly typos and unintended changes)
* Chore: Upgrade to Go 1.13
Fixes: #18878
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* Chore: Upgrade lint tools in order to work with Go 1.13
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* Chore: Fix Go linting issues
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* Fix: Handle empty nested keys on YAML provisioning datasources
As we provision a datasource via a YAML file, we attempt to transform the
file into sensible Go types that the provisioning code can use.
While this happens, there is a chance some of the keys nested within
the YAML array are empty.
This fix allows the YAML parser to handle empty keys by null checking
the return of `reflect.TypeOf` which according to the documentation:
> TypeOf returns the reflection Type that represents the dynamic type of i. If i is a nil interface value, TypeOf returns nil.
Can return nil.
* Add tests
* API: Add `createdAt` and `updatedAt` to api/users/lookup
In the past, we have added both `updatedAt` (#19004) and `createdAt` (#19475) to /api/users/:id
Turns out, api/users/lookup uses the same DTO for both. This fixes the serialization of both `createdAt` and `updatedAt`for this endpoint.
Also, adds a test to ensure no further regressions.
* Updated API documentation
* use grafana-plugin-model dependency that uses go modules
* use grafana-plugin-model with updated hashicorp/go-plugin
* use grafana-plugin-model with re-compiled protos
* test using protoc-gen-go v1.2.0 tag
* use grafana-plugin-model with re-compiled protos
* chore: fix deprecation warning for lint
* use latest grafana-plugin-model
Fixes#19454
Only return certain mysql errors from backend.
The following errors is returned as is from backend:
error code 1064 (parse error)
error code 1054 (bad column/field selected)
error code 1146 (table not exists)
Any other errors is logged and returned as a generic
error.
Restrict use of certain functions:
Do not allow usage of the following in query:
system_user()
session_user()
current_user() or current_user
user()
show grants
Fixes#19360
* Multi-LDAP: Do not fail-fast on invalid credentials
When configuring LDAP authentication, it is very common to have multiple
servers configured. When using user bind (authenticating with LDAP using
the same credentials as the user authenticating to Grafana) we don't
expect all the users to be on all LDAP servers.
Because of this use-case, we should not fail-fast when authenticating on
multiple LDAP server configurations. Instead, we should continue to try
the credentials with the next LDAP server configured.
Fixes#19066
* Update README.md
Capitalized the G and S in "Getting Started," and moved "guide" to match the section title in the docs.
* Fixed sentence structure. Changed "download" to "grafana.com/get" and changed "get" to "download".
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* Docs: Replace "datasources" with "data sources" (#19111)
* LDAP: Show all LDAP groups
* Use the returned LDAP groups as the reference when debugging LDAP
We need to use the LDAP groups returned as the main reference for
assuming what we were able to match and what wasn't. Before, we were
using the configured groups in LDAP TOML configuration file.
* s/User name/Username
* Add a title to for the LDAP mapping results
* LDAP: UI Updates to debug view
* LDAP: Make it explicit when we weren't able to match teams
This reverts commit 2514209 from #18384. Reason is that it doesn't
work due to xorm 0.7.1 which doesn't support this new connectionstring
format.
Fixes#19189
Ref #18384
Ref #17665
* Add new query mode picker with different states for each query. Also really simple migration script
* Populate cross resource dropdowns
* Cleanup. Handle change events
* Add multi select picker for subscriptions
* Fix markup issue
* Prepare for new query mode
* More cleanup
* Handle multiple queries both in ds and backend
* Refactoring
* Improve migration
* Add support for multiselect display name
* Use multiselect also for locations and resources
* Add more typings
* Fix migrations
* Custom multiselect built for array of options instead of variables
* Add url builder test
* fix datasource tests
* UI fixes
* Improve query editor init
* Fix brokens tests
* Cleanup
* Fix tslint issue
* Change query mode display name
* Make sure alerting works for single queries
* Friendly error for multi resources
* Add temporary typings
Don't update total stats metrics if reporting is disabled.
New setting disable_total_stats for turning off update
of total stats (stat_totals_*) metrics.
Ref #19137
* Add items for navmodel and basic page
* add reducer and actions
* adding user mapping table component
* adding components for ldap tables
* add alert box on error
* close error alert box
* LDAP status page: connect APIs WIP
* LDAP debug: fetch connection status from API
* LDAP debug: fetch user info from API
* LDAP debug: improve connection error view
* LDAP debug: connection error tweaks
* LDAP debug: fix role mapping view
* LDAP debug: role mapping view tweaks
* LDAP debug: add bulk-sync button stub
* LDAP debug: minor refactor
* LDAP debug: show user teams
* LDAP debug: user info refactor
* LDAP debug: initial user page
* LDAP debug: minor refactor, remove unused angular wrapper
* LDAP debug: add sessions to user page
* LDAP debug: tweak user page
* LDAP debug: tweak view for disabled user
* LDAP debug: get sync info from API
* LDAP debug: user sync info
* LDAP debug: sync user button
* LDAP debug: clear error on page load
* LDAP debug: add user last sync info
* LDAP debug: actions refactor
* LDAP debug: roles and teams style tweaks
* Pass showAttributeMapping to LdapUserTeams
* LDAP debug: hide bulk sync button
* LDAP debug: refactor sessions component
* LDAP debug: fix loading user sessions
* LDAP debug: hide sync user button
* LDAP debug: fix fetching unavailable /ldap-sync-status endpoint
* LDAP debug: revert accidentally added fix
* LDAP debug: show error when LDAP is not enabled
* LDAP debug: refactor, move ldap components into ldap/ folder
* LDAP debug: styles refactoring
* LDAP debug: ldap reducer tests
* LDAP debug: ldap user reducer tests
* LDAP debug: fix connection error placement
* Text update
* LdapUser: Minor UI changes moving things around
* AlertBox: Removed icon-on-top as everywhere else it is centered, want to have it be consistent
* LDAP: Allow an user to be synchronised against LDAP
This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand.
A few things to note are:
LDAP needs to be enabled for the sync to work
It only works against users that originally authenticated against LDAP
If the user is the Grafana admin and it needs to be disabled - it will not sync the information
Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
* API: Add `updatedAt` to api/users/:id
This adds the timestamp of when a particular user was last updated to
the `api/users/:id` endpoint.
This helps our administrators understand when was the user information last
updated. Particularly when it comes from external systems e.g. LDAP
Adds the definition of `GetTeamsForLDAPGroupCommand` which handles the lookup of team information based on LDAP groupDNs.
This is an Enterprise only feature. To diferentiate,a response will contain the `team` key as `null` on OSS while on Enterprise the key will contain an empty array `[]` when no teams are found.
* LDAP: Add API endpoint to query the LDAP server(s) status|
This endpoint returns the current status(es) of the configured LDAP server(s).
The status of each server is verified by dialling and if no error is returned we assume the server is operational.
This is the last piece I'll produce as an API before moving into #18759 and see the view come to life.
* Move the ReloadLDAPCfg function to the debug file
Appears to be a better suite place for this.
* LDAP: Return the server information when we find a specific user
We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things:
- Understand in which server we found the user
- Have access the groups specified as part of the server configuration
* LDAP: Adds the /api/admin/ldap/:username endpoint
This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration.
No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
* Emails: resurrect template notification
* Phantomjs (oh yeah, there is another dev dep phantom :-) was failing for
the generation of the html templates so I had to update the dependencies
in order to fix it. While doing that I update the scripts field and docs
for it as well. yarn.lock is included
* Move splitting of the emails to separate helper function, since more services
coming up that would need to use this functionality
* Add support for enterprise specific email letters. Probably could
be done in the better way, but it's not a priority right now
* Auth: change the error HTTP status codes
* Use 407 HTTP status code for incorrect credentials error
* Improve proxy auth logs
* Remove no longer needed TODO comment
Fixes#18439
It seems `ldap` module introduced new error type of which
multildap module didn't know about.
This broke the multildap login logic
Fixes#18491
Ref #18587
* SQLite migrations
* cleanup
* migrate end times
* switch to update with a query
* real migration
* anno migrations
* remove old docs
* set isRegion from time changes
* use <> for is not
* add comment and fix index decleration
* single validation place
* add test
* fix test
* add upgrading docs
* use AnnotationEvent
* fix import
* remove regionId from typescript
Existing /api/alert-notifications now requires at least editor access.
Existing /api/alert-notifiers now requires at least editor access.
New /api/alert-notifications/lookup returns less information than
/api/alert-notifications and can be access by any authenticated user.
Existing /api/org/users now requires org admin role.
New /api/org/users/lookup returns less information than
/api/org/users and can be access by users that are org admins,
admin in any folder or admin of any team.
UserPicker component now uses /api/org/users/lookup instead
of /api/org/users.
Fixes#17318
* Do not set SameSite login_error cookie attribute if cookie_samesite is none
* Do not set SameSite grafana_session cookie attribute if cookie_samesite is none
* Update middleware tests
* Fix CreateTeam api endpoint
No team member should be created for requests
authenticated by API tokens.
* Update middleware test
Assert that `isAnonymous` is set for `SignedInUser`
authenticated via API key.
* Add test for team creation
Assert that no team member is created if the signed in user
is anomymous.
* Revert "Fix CreateTeam api endpoint"
This reverts commit 9fcc4e67f5.
* Revert "Update middleware test"
This reverts commit 75f767e58d.
* Fix CreateTeam api endpoint
No team member should be created for requests
authenticated by API tokens.
* Update team test
* Change error to warning and update tests
This commit addresses half of #13749 by making sure GetMetricData
works for alerting. Math Expressions (compound metrics) will still not
work for alerting, this would require a bigger refactoring of Grafana's
alerting service. However, with this commit at least alerting for basic
metrics with non empty query Id will work.
Fixes half of #13749
* Auth: Do not search for the user twice
Previously `initContextWithBasicAuth` did not use `LoginUserQuery`, doing
`GetUserByLoginQuery` only i.e. looking user in DB only, things changed when
this function started to check LDAP provider via `LoginUserQuery` (#6940),
however, this request was placed after `GetUserByLoginQuery`, so we first
looking in DB then in the LDAP - if LDAP user hasn't logged in we will
not find it in DB, so `LoginUserQuery` will never be reached.
`LoginUserQuery` request already performs `GetUserByLoginQuery`
request in correct sequence. So we can just remove redundant request.
* Correct sequence execution during authentification &
introduce tests for it
* Move basic auth tests to separate test file, since main test file already
pretty large
* Introduce `testing.go` for the middleware module
* Remove redundant test helper function
* Make handler names more explicit
Ref 5777f65d05Fixes#18329
* Auth: address review comment
* added alert rule tags in webhook notifications
* fix: don't include whole list of Tag objects but only key/value pairs in Webhook JSON
* marked webhook alerts to support alert rule tags
* Add tests for errors basic auth cases and moves tests to separate test-case.
Also names test cases consistently
* Add additional test helper
Ref 82661b9f69
* LDAP: nitpicks
* Add more tests
* Correct and clarify comment for Login() method
* Rename methods (hail consistency!)
* Uppercases first letter of the logs everywhere
* Moves method definitions around to more appropriate places
Fixes#18295
* Auth: consistently return same basic auth errors
* Put repeated errors in consts and return only those consts as error strings
* Add tests for errors basic auth cases and moves tests to separate test-case.
Also names test cases consistently
* Add more error logs and makes their messages consistent
* A bit of code style
* Add additional test helper
* Auth: do not expose even incorrect password
* Auth: address review comments
Use `Debug` for the cases when it's an user error
The `oauth_state` cookie used to be created with the SameSite value set
according to the `cookie_samesite` configuration.
However, due to a Safari bug SameSite=None or SameSite=invalid are treated
as Strict which results in "missing saved state" OAuth login failures
because the cookie is not sent with the redirect requests to the OAuth
provider.
This commit always creates the `oauth_state` cookie with SameSite=Lax
to compensate for this.
* Auth Proxy: Include additional headers as part of the cache key
Auth proxy has support to send additional user attributes as part of the
authentication flow. These attributes (e.g. Groups) need to be monitored
as part of the process in case of change.
This commit changes the way we compute the cache key to include all of the
attributes sent as part of the authentication request. That way, if we
change any user attributes we'll upsert the user information.
Allow non admins to see plugins list but only with readme. Any config tabs are hidden from the plugin page. Also plugin panel does not show action buttons (like Enable) for non admins.
* LDAP: improve POSIX support
* Correctly abtain DN attributes result
* Allow more flexibility with comparison mapping between POSIX group & user
* Add devenv for POSIX LDAP server
* Correct the docs
Fixes#18140
* Reapply MetricNamespace support
* Fixing tests
* refactor: move metricnamespace param to backend
* refactor: remove unused function
* azuremonitor: migration for new metric namespace field
* azuremonitor: add template query for metric namespace with a sub
* docs: template queries for azure monitor
Adds new lines for the metricnamespace template function and fixes
some messed up lines
Adds pulse waveform. Is predictable in the sense that the start of the waveform is aligned to epoch time (instead of the start of the query time). This makes a useful signal for manual testing of alerting in the devenv.
* Metrics: remove unused metrics
Metric `M_Grafana_Version` is not used anywhere, nor the mentioned
`M_Grafana_Build_Version`. Seems to be an artefact?
* Metrics: make the naming consistent
* Metrics: add comments to exported vars
* Metrics: use proper naming
Fixes#18110
* Add support for `is_disabled` to `CreateUser()`
* Add support for `is_disabled` to `SearchUsers()`
Had to add it as a `string` type not as `bool`, since if that's property
is omitted, we would have add it to SQL request, which might be dangerous
* Restructure desctructive tests and add more
* API: Duplicate API Key Name Handle With Useful HTTP Code
* 17447: make changes requested during review
- use dialect.IsUniqueContraintViolation
- change if statement to match others
- return error properly
* Revert "17447: make changes requested during review"
This reverts commit a4a674ea83.
* API: useful http code on duplicate api key error w/ tests
* API: API Key Duplicate Handling
fixed small typo associated with error
* Minor fix for nil pointer when trying to log error
* Do not return error if a dashboard is created
Only log the failures
* Do not return error if the folder is created
Only log the failures
* Users: show badges for each auth provider
* Chore: don't use functions in angular bindings
* Users: minor style changes to labels
* Chore: convert auth labels on the backed side, deduplicate frontend code
* Users: use authLabels everywhere instead of authModule
* User: fix edit user page style
* Users: minor fixes after review
* Add tests for login view
* Fix OAuth auto login redirect loop
login_error cookie is only set when the OAuth login fails
for some reason. Therefore, the login view should return
immediately if a login_error cookie exists before trying
to login the user using OAuth again.
* Fix test
Use 'index-template' instead of 'index' for testing
* Add some comments
* LDAP:Docs: `active_sync_enabled` setting
Mention `active_sync_enabled` setting and enable it by default
* LDAP: move "disableExternalUser" method
Idea behind new design of the LDAP module is to minimise conflation
between other parts of the system, so it would decoupled as much as
possible from stuff like database, HTTP transport and etc.
Following "Do One Thing and Do It Well" Unix philosophy principal, other things
could be better fitted on the consumer side of things.
Which what this commit trying to archive
* LDAP: correct user/admin binding
The second binding was not happening, so if the admin login/password
in LDAP configuration was correct, anyone could had login as anyone using
incorrect password
* Add SAML configuration options
* Add crewjam/saml as a depdency
Needed as part of the enterprise SAML integration.
* Vendor github.com/stretchr/testify/require
The package require implements the same assertions as the `assert` package but stops test execution when a test fails.
* feat: AzureMonitor implements legend key on backend
To be able to remove the duplicated query logic on the
frontend, the backend code needs to implement alias
patterns for legend keys as well as allowing the default
list of allowed time grains to be overridden. Some metrics
do not support all the time grains and the auto timegrain
calculation can be incorrect if the list is not overridden.
* feat: AzureMonitor - removes duplicate query logic on frontend
* AzureMonitor small refactoring
Extracted method and tidied up the auto time grain
code.
* azuremonitor: support for auto time grains for alerting
Converts allowed timegrains into ms and saves in dashboard json.
This makes queries for alerting with an auto time grain work in
the same way as the frontend.
* chore: typings -> implicitAny count down to 3413
* azuremonitor: add more typings
* LDAP: Divide the requests
Active Directory does indeed have a limitation with 1000 results
per search (default of course).
However, that limitation can be workaround with the pagination search feature,
meaning `pagination` number is how many times LDAP compatible server will be
requested by the client with specified amount of users (like 1000). That feature
already embeded with LDAP compatible client (including our `go-ldap`).
But slapd server has by default stricter settings. First, limitation is not 1000
but 500, second, pagination workaround presumably (information about it a bit
scarce and I still not sure on some of the details from my own testing)
cannot be workaround with pagination feature.
See
https://www.openldap.org/doc/admin24/limits.htmlhttps://serverfault.com/questions/328671/paging-using-ldapsearchhashicorp/vault#4162 - not sure why they were hitting the limit in
the first place, since `go-ldap` doesn't have one by default.
But, given all that, for me `ldapsearch` command with same request
as with `go-ldap` still returns more then 500 results, it can even return
as much as 10500 items (probably more).
So either there is some differences with implementation of the LDAP search
between `go-ldap` module and `ldapsearch` or I am missing a step :/.
In the wild (see serverfault link), apparently, people still hitting that
limitation even with `ldapsearch`, so it still seems to be an issue.
But, nevertheless, I'm still confused by this incoherence.
To workaround it, I divide the request by no more then
500 items per search
* Teams: show proper label for each auth provider
Teams: don't sore AuthModule in team_member table, use JOIN to get it instead
* Teams: fix AddTeamMember after last changes
* Teams: add more auth provider labels
* Teams: show external sync badge if LDAP is not enabled
* Teams: tests for getting auth module
* Build: use golangci-lint as a make command
* Since gometalinter was deprecated in favor of golangci-lint so it was
replaced by it. Responsibilities held by the gometalinter was moved to
golangci-lint
* There was some changes in implementation (that was also mentioned in
the code comment) between the tools, which uncovered couple errors
in the code. Those issues were either solved or disabled by
the inline comments
* Introduce the golangci-lint config, to make their
configuration more manageable
* Build: replace backend-lint.sh script with make
* Docs: correct link to the Grafana build-container.
* Docs: documents usage on the gopath when upgrading deps.
* Dev docs: info for upgrading deps only in one location.
* Add LDAP config instead sed use
* Add container name
* Add SizeLimit option to client and to server.
Probably useless at this point, but it's better to have it then otherwise
* OAuth: github team sync POC
* OAuth: minor refactor of github module
* OAuth: able to use team shorthands for github team sync
* support passing a list of groups via auth-proxy header
* Modify backend to allow expiration of API Keys
* Add middleware test for expired api keys
* Modify frontend to enable expiration of API Keys
* Fix frontend tests
* Fix migration and add index for `expires` field
* Add api key tests for database access
* Substitude time.Now() by a mock for test usage
* Front-end modifications
* Change input label to `Time to live`
* Change input behavior to comply with the other similar
* Add tooltip
* Modify AddApiKey api call response
Expiration should be *time.Time instead of string
* Present expiration date in the selected timezone
* Use kbn for transforming intervals to seconds
* Use `assert` library for tests
* Frontend fixes
Add checks for empty/undefined/null values
* Change expires column from datetime to integer
* Restrict api key duration input
It should be interval not number
* AddApiKey must complain if SecondsToLive is negative
* Declare ErrInvalidApiKeyExpiration
* Move configuration to auth section
* Update docs
* Eliminate alias for models in modified files
* Omit expiration from api response if empty
* Eliminate Goconvey from test file
* Fix test
Do not sleep, use mocked timeNow() instead
* Remove index for expires from api_key table
The index should be anyway on both org_id and expires fields.
However this commit eliminates completely the index for now
since not many rows are expected to be in this table.
* Use getTimeZone function
* Minor change in api key listing
The frontend should display a message instead of empty string
if the key does not expire.
* batch disable users
* batch revoke users tokens
* split batch disable user and revoke token
* API: get users with auth info and isExternal flag
* fix tests for batch disable users
* Users: refactor /api/users/search endpoint
* Users: use alias for "user" table
* Chore: add BatchDisableUsers() to the bus
* Users: order user list by id explicitly
* Users: return AuthModule from /api/users/:id endpoint
* Users: do not return unused fields
* Users: fix SearchUsers method after last changes
* User: return auth module as array for future purposes
* User: tests for SearchUsers()
* User: return only latest auth module in SearchUsers()
* User: fix JOIN, get only most recent auth module
* tsdb: add support for setting debug flag of tsdb query
* alerting: adds debug flag in eval context
Debug flag is set when testing an alert rule and this debug
flag is used to return more debug information in test aler rule
response. This debug flag is also provided to tsdb queries so
datasources can optionally add support for returning additional
debug data
* alerting: improve test alert rule ui
Adds buttons for expand/collapse json and copy json to clipboard,
very similar to how the query inspector works.
* elasticsearch: implement support for tsdb query debug flag
* elasticsearch: embedding client response in struct
* alerting: return proper query model when testing rule
* Feature: Introduce a grafana-cli wrapper
When our users install the *nix packed version of grafana, tendency is to use the services and scripts installed as part of the package for grafana-server. These leverage the default configuration options by specifying the several default paths.
This introduces a similar approach for the grafana-cli binary. We exposed it through a wrapper to ensure a proper configuration is in place. To enable that, we add the .real suffix to the original binary (grafana-cli.real) and then use a bash script named grafana-cli as the wrapper.
* Make the config and homepath flags global
* Introduce `configOverrides` as a global flag
This flag allows us to pass configuration overrides as a string.
The string follows the convention of configuration arguments separated by a space e.g. "cfg:default.paths.data=/dev/nullX cfg:default.paths.logs=/dev/nullX"
Also, it is backwards compatible with similar the previous configuration method through tailing arguments. Tailing arguments take presedence over the configuration options string.
* Only log configuration information in debug mode
* Move the grafana-cli binary to $GRAFANA_HOME/bin
As part of the package install process, we copy all the release files and
directories into the grafana home directory. This includes the /bin folder
from where we copied the binaries into their respective destinations.
After that, the /bin folder gets deleted as we don't want to keep
duplicates of the binaries around.
As part of this commit, we moved the re-creation of /bin within
grafana-home and the copy of the original binary (again) after the
folder gets deleted.
`grafana-cli` uses the third-party library to define the flags and not
the standard library. Using `flag.Parse` conflicts with the defined
flags from our third-party library.
In the case where `flag.Parse` is used, the CLI assumes that definitions
provided are not needed and will not define them; producing errors of
the kind `flag provided but not defined --example-flag`.
Using the context to read any arguments (including flags) is the
recommended approach by the third-party library.
grafana-cli should allow configuration overrides to be received from the command line. e.g.
```
grafana-cli admin reset-password cfg:default.paths.logs=custom/log/directory/
```
Seems like we missed the inclusion of `flag.Parse` as we run the command, to be able to consume them.
Additionally, it'll be useful for the user to know whenever these are being overriden or not - hence the addition of logging the configuration to be used as we run the command.
* LDAP: use only one struct
* Use only models.ExternalUserInfo
* Add additional helper method :/
* Move all the helpers to one module
* LDAP: refactoring
* Rename some of the public methods and change their behaviour
* Remove outdated methods
* Simplify logic
* More tests
There is no and never were tests for settings.go, added tests for helper
methods (cover is now about 100% for them). Added tests for the main
LDAP logic, but there is some stuff to add. Dial() is not tested and not
decoupled. It might be a challenge to do it properly
* Restructure tests:
* they wouldn't depend on external modules
* more consistent naming
* logical division
* More guards for erroneous paths
* Login: make login service an explicit dependency
* LDAP: remove no longer needed test helper fns
* LDAP: remove useless import
* LDAP: Use new interface in multildap module
* LDAP: corrections for the groups of multiple users
* In case there is several users their groups weren't detected correctly
* Simplify helpers module
* Implementation of optimistic lock pattern
Try to insert the remote cache key and handle integrity error
* Remove transaction
Integrity error inside a transaction results in deadlock
* Remove check for existing remote cache key
Is no longer needed since integrity constrain violations are handled
* Add check for integrity constrain violation
Do not update the row if the insert statement fails
for other than an integrity constrain violation
* Handle failing inserts because of deadlocks
If the insert statement fails because of a deadlock
try to update the row
* Add utility function for returning SQL error code
Useful for debugging
* Add logging for failing expired cache key deletion
Do not shallow it completely
* Revert "Add utility function for returning SQL error code"
This reverts commit 8e0b82c79633e7d8bc350823cbbab2ac7a58c0a5.
* Better log for failing deletion of expired cache key
* Add some comments
* Remove check for existing cache key
Attempt to insert the key without checking if it's already there
and handle the error situations
* Do not propagate deadlocks created during update
Most probably somebody else is trying to insert/update
the key at the same time so it is safe enough to ignore it
* x_xss_protection
* strict_transport_security (HSTS)
* x_content_type_options
these are currently defaulted to false (off) until the next minor release.
fixes#17509
* Feature: Parse user agent string in user auth token api response (#16222)
* Adding UA Parser Go modules attempt (#16222)
* Bring user agent vals up per req
* fix tests
* doc update
* update to flatten, no maps
* update doc
* wip: fix remote cache for redis
connstr parsing and non-negative expires for #17377
TODO: finish parse, check zero case, find out why negative duration in the first place
* finish parse.
Still TODO, find out negative value, and decide if would be better to make database specific entries in the .ini file
* update ini files
* remove accidental uncomment in defaults.ini
* auth_proxy: expiration non-negative so expiration is not in the past
* fix test, revert neg in redis
* review: use errutil
xorm introduced some changes in
https://github.com/go-xorm/xorm/pull/824 and
https://github.com/go-xorm/xorm/pull/876 which by default will use
public as the postgres schema and this was a breaking change compared
to before. Grafana has implemented a custom postgres dialect so above
changes wasn't a problem here. However, Grafana's custom database
migration was using xorm dialect to check if the migration table exists
or not.
For those using a custom search_path (schema) in postgres configured on
server, database or user level the migration table check would not find
the migration table since it was looking in public schema due to xorm
changes above. This had the consequence that Grafana's database
migration failed the second time since migration had already run
migrations in another schema.
This change will make xorm use an empty default schema for postgres and
by that mimic the functionality of how it was functioning before
xorm's changes above.
Fixes#16720
Co-Authored-By: Carl Bergquist <carl@grafana.com>
* Refactor: Removes replaceUrl from actions
* Refactor: Moves saveState thunk to epic
* Refactor: Moves thunks to epics
* Wip: removes resulttype and queries once
* Refactor: LiveTailing uses observer in query
* Refactor: Creates epics folder for epics and move back actioncreators
* Tests: Adds tests for epics and reducer
* Fix: Checks for undefined as well
* Refactor: Cleans up previous live tailing implementation
* Chore: merge with master
* Fix: Fixes url issuses and prom graph in Panels
* Refactor: Removes supportsStreaming and adds sockets to DataSourcePluginMeta instead
* Refactor: Changes the way we create TimeSeries
* Refactor: Renames sockets to streaming
* Refactor: Changes the way Explore does incremental updates
* Refactor: Removes unused method
* Refactor: Adds back Loading indication
