* RBAC: Stop reading enabeld from ini file and always set to true
* Migrations: Add a migration for rbac to reset data migrations if rbac
was disabled
* If rbac was disabled we reset the data and data migrations that rbac
has to perform to get it to a correct state
* Migrator: Store migration logs on migrator and add function to clear it from the
in-memory stored logs
* update tests
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* RBAC: Feature to override default assignments
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
* Add test and trim spaces
* Pass linting
* Apply the rbac overrides to fixed_authentication.config_writer
* Removing from the default ini file for now
* Add grants overrides section to cfg
* slimmer handleGrantOverrides function
---------
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
* remove dashboard previews backend
* remove dashboard previews backend
* bring back the migration
* bring back the migration
* bring back the migration
* define 3 feature toggles for rollout phases
* Pass feature toggles along
* Implement first feature toggle
* Try a different strategy with fall-throughs to specific configurations
* Apply toggle overrides once outside of backend composition
* Emit log messages when we coerce backends
* Run code generator for feature toggle files
* Improve wording in flag descs
* Re-run generator
* Use code-generated constants instead of plain strings
* Use converted enum values rather than strings for pre-parsing
* fix: disable orgrolepicker if externaluser is synced
* add disable to role picker
* just took me 2 hours to center the icon
* wip
* fix: check externallySyncedUser for API call
* remove check from store
* add: tests
* refactor authproxy and made tests run
* add: feature toggle
* set feature toggle for tests
* add: IsProviderEnabled
* refactor: featuretoggle name
* IsProviderEnabled tests
* add specific tests for isProviderEnabled
* fix: org_user tests
* add: owner to featuretoggle
* add missing authlabels
* remove fmt
* feature toggle
* change config
* add test for a different authmodule
* test refactor
* gen feature toggle again
* fix basic auth user able to change the org role
* test for basic auth role
* make err.base to error
* lowered lvl of log and input mesg
* Rename RecordStatesAsync to Record
* Rename QueryStates to Query
* Implement fanout writes
* Implement primary queries
* Simplify error joining
* Add test for query path
* Add tests for writes and error propagation
* Allow fanout backend to be configured
* Touch up log messages and config validation
* Consistent documentation for all backend structs
* Parse and normalize backend names more consistently against an enum
* Touch-ups to documentation
* Improve clarity around multi-record blocking
* Keep primary and secondaries more distinct
* Rename fanout backend to multiple backend
* Simplify config keys for multi backend mode
* move analytics identifiers to backend
* implement hash function
* grab secret from env
* expose and retrieve intercom secret from config
* concat email with appUrl to ensure uniqueness
* revert to just using email
* Revert "revert to just using email"
This reverts commit 8f10f9b1bc.
* add docstring
* Setting: Remove global DisableLoginForm and add it to cfg
* Setting: Remove unused BasicAuthEnabled global
* Setting: Remove global OAuthAutoLogin and use from cfg
* Setting: Remove global AnonymousEnabled
* Setting: Remove global values for AuthProxy settings
* structure dtos and private methods
* add basic LDAP service
* use LDAP service in ldap debug API
* lower non fatal error
* remove unused globals
* wip
* remove final globals
* fix tests to use cfg enabled
* restructure errors
* remove logger from globals
* use ldap service in authn
* use ldap service in context handler
* fix failed tests
* fix ldap middleware provides
* fix provides in auth_test.go
* add: deprecaation notice for overall setting
* add: deprecation notice for configuration files
* chore: update docs with deprecation notice
* refactor: change to note the new setting instead
* Update pkg/setting/setting.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* refactor: based on review comments
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* WIP
* Update pkg/services/login/authinfo.go
* fix: merge
* change order to internal last
* adds: docs
* add: configuration for defaults and sample
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Jo <joao.guerreiro@grafana.com>
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
---------
Co-authored-by: Jo <joao.guerreiro@grafana.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Add config to remove Snapshot functionality (frontend is hidden and validation in the backend)
* Add test cases
* Remove unused mock on the test
* Moving Snapshot config from globar variables to settings.Cfg
* Removing warnings on code
* add: skip_org_role_sync setting for github
* fix: frontend
* rearranged tests
* refactor: assignGrafanaAdmin skip also
* Add: tests for allowGrafanaAdmin
- both for the case when both settings are set and the setting for only
allowGrafanaAdmin
* Apply suggestions from code review
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update pkg/login/social/github_oauth.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* added vairable inside scope
* Update docs/sources/setup-grafana/configure-security/configure-authentication/github/index.md
* Update docs/sources/setup-grafana/configure-security/configure-authentication/github/index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Add new config option
* Add frontend control
* Condition new auth broker with config option
* Condition old auth broker with config option
Co-authored-by: Jo <joao.guerreiro@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Create loki client type and ping method
* Expose TestConnection on client
* Configure and ping Loki URL
* Close response body reader if present
* Add 30 second timeout
* Remove duplicate close
* [WIP] Auth: add backend skipOrgRoleSync to AzureAD OAuth
- add: skipOrgRoleSync
- rename: skipOrgRoleSync to skipOrgRoleSyncBase (to make it clear that
it is the base version of SocialBase)
- add: tests for skipOrgRoleSync in AzureAD
TODO:
- [ ] frontend changes
* add: docs
* refactor: remove role from basicinfo
* add: settings for grafanacom
* add: settigns for frontend
* add: logic for azureAD user skip org role
* add: docs for skip_org_role_sync
* refactor: docs a bit
* add: tests for userinfo
* refactor: to only extract if skiporgrolesync false
* refactor: based on review comments
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
This commit adds a customizable timeout for screenshots called
capture_timeout. The default value is 10 seconds, and the maximum
value is 30 seconds. This timeout should be less than the minimum
Interval of all Evaluation Groups to avoid back pressure on alert
rule evaluation.
The GrafanaComURL setting is currently used in two places:
- the /api/gnet endpoint, which proxies all requests to the URL
configured in GrafanaComURL
- OAuth logins using grafana.com, where the auth URL, token URL and
redirect URL are all configured to use the GrafanaComURL.
This has worked fine until now because almost all Grafana instances have
just used the default value, https://grafana.com. However, we now have a
few different grafana.com's, some of which are behind IAP. The IAP
causes the /api/gnet proxy to fail because the required cookies are not
present in the request (how could they be?). Setting the
[grafana_net.url] setting to an internal-only URL improves the situation
slightly - the proxy works again just fine - but breaks any OAuth logins
using grafana.com, because the user must be redirected to a publicly
accessible URL.
This commit adds an additional setting, `[grafana_com.api_url]`,
which can be used to tell Grafana to use the new API URL when proxying
requests to the grafana.com API, while still using the existing
`GrafanaComURL` setting for other things.
The setting will fall back to the GrafanaComURL setting + "/api" if unset.