* chore/backend: move dashboard errors to dashboard service
Dashboard-related models are slowly moving out of the models package and into dashboard services. This commit moves dashboard-related errors; the rest will come in later commits.
There are no logical code changes, this is only a structural (package) move.
* lint lint lint
* add special handling on the plugin gathering side to check whether secrets manager plugins are enabled or not
* show disabled badge in front end if the plugin is not enabled
* Only show error in disabled badge hover if one is present (otherwise it shows "undefined")
* refactor to make use of fields already available in the DTO
* fix typo
* if there is no error returned for the plugin, just show 'disabled'
* fix typo
* Update public/app/features/plugins/admin/components/Badges/PluginDisabledBadge.tsx
Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
* Update frontendsettings.go
add clarifying comment
* fix unit test
* rework task to use new frontend property combined with plugin type to determine if the plugin should be disabled
* Update helpers.test.ts
revert test change
* fix unit test
* bogus commit to trigger precommit
* undo commit
* run precommit manually
Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
* Split Create User
* Use new create user and User from package user
* Add service to wire
* Making create user work
* Replace user from user pkg
* One more
* Move Insert to orguser Service/Store
* Remove unnecessary conversion
* Cleaunp
* Fix Get User and add fakes
* Fixing get org id for user logic, adding fakes and other adjustments
* Add some tests for ourguser service and store
* Fix insert org logic
* Add comment about deprecation
* Fix after merge with main
* Move orguser service/store to org service/store
* Remove orguser from wire
* Unimplement new Create user and use User from pkg user
* Fix wire generation
* Fix lint
* Fix lint - use only User and CrateUserCommand from user pkg
* Remove User and CreateUserCommand from models
* Fix lint 2
* remove feature toggle, add empty state and fix bug with initial starring
* Extract empty message into lingui
* remove full stop
* add empty message in the backend
* remove unused import
* translate starred + empty starred states
* betterer changes
* add case insensitive option
* treat id as case insensitive
* Users: Add integration tests for case insensitive querying
* Prefer config struct to global variable
* change key to case_insensitive_login
* impede conflicting users from logging in
* add tests for impeding user retrieval if conflicting
* nits and picks
Co-authored-by: gamab <gabi.mabs@gmail.com>
* Add check in transaction for conflicting user
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* add update tests
* skip on mysql
* add custom messages for user admin view
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* nit: extra else
* linting mistake
Co-authored-by: gamab <gabi.mabs@gmail.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
This PR completes public dashboards v1 functionality and simplifies public dashboard conventions. It exists as a large PR so that we are not making constant changes to the database schema.
models.PublicDashboardConfig model replaced with models.PublicDashboard directly
dashboard_public_config table renamed to dashboard_public
models.Dashboard.IsPublic removed from the dashboard and replaced with models.PublicDashboard.isEnabled
Routing now uses a uuid v4 as an access token for viewing a public dashboard anonymously, PublicDashboard.Uid only used as database identifier
Frontend utilizes uuid for auth'd operations and access token for anonymous access
Default to time range defined on dashboard when viewing public dashboard
Add audit fields to public dashboard
Co-authored-by: Owen Smallwood <owen.smallwood@grafana.com>, Ezequiel Victorero <ezequiel.victorero@grafana.com>, Jesse Weaver <jesse.weaver@grafana.com>
* WIP
* update for prometheus
* usagestats: tests pass for user duplicate entries
* metrics: added duplicate user entries
* usagestats: adds metrics gauge for duplicate users
* usagestats: skip test for mysql
* sql in oneplace
* only use prometheus register to not panic
* usagestats: RegisterMetricsFunc with loginstats
* fix: remove unused commited code
* refactor: move test to authinfoservice
* Update pkg/models/stats.go
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* removed prometheus metrics, due to sql cpu requirement
* Added: has_duplicate_user_entries and fix tests
* remove unused test
* fix: empty else statement removal
* missing argument to authinfoservice
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* RBAC: Add access control metadata to Folder dto
* Add access control metadata to folder dto response
* Add test to verify that access control metadata is attached
* Attach access control metadata to multiple folders
* Add access control metadata to frontend folder dto
* I18n: Set default locale in server config and expose in grafanaBootData
* put default locale behind feature flag
* update tests now that default locale is behind feature flag
* little bit of PR feedback
* update sample.ini
* backend/dashboard snapshots: refactor leftover models and mocks
* Move all dashboard snapshot-related models into the dashboardsnapshotservice package
* Remove leftover dashboard-related mocks from the mockstore
* Add protobuf config and generated code, and client wrapper
* wire up loading of secretsmanager plugin, using renderer plugin as a model
* update kvstore provider to check if we should use the grpc plugin. return false always in OSS
* add OSS remote plugin check
* refactor wire gen file
* log which secrets manager is being used
* Fix argument types for remote checker
* Turns out if err != nil, then the result is always nil. Return empty values if there is an error.
* remove duplicate import
* ensure atomicity by adding secret management as a step to sql operations and rolling back if necessary
* Update pkg/services/secrets/kvstore/kvstore.go
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Update pkg/services/secrets/kvstore/kvstore.go
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* refactor RemotePluginCheck interface to just return the Plugin client directly
* rename struct to something less silly
* add special error handling for remote secrets management
* switch to errors.as instead of type inference
* remove unnecessary rollback call
* just declare error once
* refactor .proto file according to prior PR suggestions
* re-generate protobuf files and fix compilation errors
* only wrap (ergo display in the front end) errors that are user friendly from the plugin
* rename error type to suggest user friendly only
* rename plugin functions to be more descriptive
* change delete message name
* Revert "change delete message name"
This reverts commit 8ca978301e.
* Revert "rename plugin functions to be more descriptive"
This reverts commit 4355c9b9ff.
* fix pointer to pointer problem
* change plugin user error to just hold a string
* fix sequencing problem with datasource updates
* clean up some return statements
* need to wrap multiple transactions with the InTransaction() func in order to keep the lock
* make linter happy
* revert input var name
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* coremodel: Generate static registry
* Actually make codegen work
Also, remove the per-coremodel assignability test from generator set.
* Make wire gen depend on cue gen
This is necessary now that we're generating a wire set as part of
coremodel registry generation.
* Add wire inject bits to http server
* s/staticregistry/registry/
* move to static and dynamic wording
* Move registry type into registry package
* Use static registry in http handler
* Oi comments
* ServiceAccounts: able to get upgrade status
* Banner with API keys migration info
* Show API keys migration info on Service accounts page
* Migrate individual API keys
* Use transaction for key migration
* Migrate all api keys to service accounts
* Hide api keys after migration
* Migrate API keys separately for each org
* Revert API key
* Revert key API method
* Rename migration actions and reducers
* Fix linter errors
* Tests for migrating single API key
* Tests for migrating all api keys
* More tests
* Fix reverting tokens
* API: rename convert to migrate
* Add api route descriptions to methods
* rearrange methods in api.go
* Refactor: rename and move some methods
* Prevent assigning tokens to non-existing service accounts
* Refactor: ID TO Id
* Refactor: fix error message
* Delete service account if migration failed
* Fix linter errors
* backend/api: refactor PlaylistId to PlaylistUid
* Add org_id to Get and Update playlist functions
Fix migration - no longer pad the uid; fix mysql syntax
The relevant tests are passing using postgres, mysql and the default sqllite backends, but there are a number of other failing tests when using postgres and myself so I'm not entirely confident with those results.
* fix bad query in GetPlaylistItem and add a test that would have caught the mistake in the first place. Reverted the playlist_uid column addition in playlist_item; it became unnecessary after this PR.
Added default value to the new UID column based on PR feedback.
* break this PRs migration into its own function
* Playlists: Update UI to use the updated API
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* backend/sqlstore split: move dashboard snapshot funcs to dashboardsnapshotservice
This commit moves the dashboard snapshot related sql functions in the dashboardsnapshots service. I split the dashboards package up so the interfaces live in dashboarsnapshots and the store and service implementations are in their own packages. This took some minor refactoring, but none of the actual underlying code has changed, just where it lives.
* Fix swagger generation targer using mac
Validate using the swagger binarry instead of the docker container
* API: Make swagger specification more consistent
Fix operation parameter ordering
* Public dashboard query API
* Create new API on service for building metric request
* Flesh out testing, implement BuildPublicDashboardMetricRequest
* Test for errors and missing panels
* WIP: Test for multiple datasources
* Refactor tests, add supporting code for multiple datasources
* Gets the panel data from the pubdash query api
* Adds tests to make sure we get the correct api url from retrieving panel data
* Public dashboard query API
* Create new API on service for building metric request
* Flesh out testing, implement BuildPublicDashboardMetricRequest
* Test for errors and missing panels
* WIP: Test for multiple datasources
* Refactor tests, add supporting code for multiple datasources
* Handle queries from multiple datasources
* Replace dashboard time range with pubdash time range settings
* Fix comments from review, build failure
* removes changes to DataSourceWithBackend.ts regarding getting the pubdash panel query url. Going to do this in a new class, PublicDashboardDataSource.ts
* Include pubdash Uid in dashboard meta
* Creates new PublicDashboardDataSource.ts and adds test
* Passes pubdash uid down to PanelQueryRunner.ts to a PublicDashboardDatasource can be chosen when were looking at a public dashboard
* removes comment
* checks for error when unmarshalling json
* Only replace dashboard time settings with pubdash time settings when pubdash time settings exist
* formatting and added comment
Co-authored-by: Jesse Weaver <jesse.weaver@grafana.com>
Co-authored-by: Jeff Levin <jeff@levinology.com>
This PR adds endpoints for public dashboards to retrieve data from the backend (trusted) query engine. It works by executing queries defined on the backend without any user input and does not support template variables.
* Public dashboard query API
* Create new API on service for building metric request
* Flesh out testing, implement BuildPublicDashboardMetricRequest
* Test for errors and missing panels
* Refactor tests, add supporting code for multiple datasources
* Handle queries from multiple datasources
* Explicitly pass no user for querying public dashboard
Co-authored-by: Jeff Levin <jeff@levinology.com>
* Query history: Add swagger definitions
* Update
* Remove changes in generated files
* Generate api files
* Add query history into api docs
* Add examples for commands
* Add missing parameters
* Generate api-spec and api-merged
* Fix linting
* Fix showing of example of queries
* Revert "Fix showing of example of queries"
This reverts commit b1eb073fbe.
* Update
* Update
* Feature Flags: introduce a flag for enabling the Data Connections page
* Feature Flags: generate schemas
* Navigation: add navigation weight for the Data Connections page
* NavLink: add a comment pointing out where icon names can be looked up
* NavTree: add a new page called Data Connections
* fix(Api): prefix the navigation IDs with the parent ("data-connections")
* feat(Frontend): add a basic page with four tabs
* feat(Plugins): add a hook for importing an app plugin
* feat(Plugins): add a component for loading app plugins anywhere
* feat(Data Connections): load the cloud-onboarding app under the "Cloud onboarding" tab
* feat(Data Connections): generate a proper nav model to highlight active tabs
* test(Data Connections): add tests
* refactor(Data Connections): update temporary text content
This is only used as a placeholder until the tabs are under development.
* refactor(Data Cnnnections): move /pages to /tabs
* refactor(Data Connections): remove the `types.ts` file as it is not referenced by any module
* feat(Data Connections): only register routes if feature is enabled
* Remove dashbpard version from models
* Fix lint
* Fix api & sqlstore tests
* Remove integration tags
* Fix lint again
* Add integration test to correct namespace
* Lont fix 2
* Change Id to ID in dashVersionMeta
* Inject access control into dashboard service
* Add function to parse id scopes
* Add dashboard as return value
* Update mock
* Return only err to keep service interface
* Add scope resolvers for dashboard id scopes
* Add function to parse uid scopes
* Add dashboard uid scope resolver
* Register scope resolvers for dashboards
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Remove crufty scuemata bits
Buhbye to: cue/ dir with old definitions, CI steps for checking unnecessary
things, and the original dashboard scuemata file.
* Remove grafana-cli cue subcommand
* Remove old testdata
* Don't swallow errors from codegen
* Small nits and tweaks to cuectx package
* WIP - refactor pluggen to use Thema
Also consolidate the embed.FS in the repo root.
* Finish halfway rename
* Convert all panel models.cue to thema
* Rewrite pluggen to use Thema
* Remove pkg/schema, and trim command
* Remove schemaloader service and usages
Will be replaced by coremodel-centric hydrate/dehydrate system Soon™.
* Remove schemaloader from wire
* Remove hangover field on histogram models.cue
* Fix lint errors, some vestiges of trim service
* Remove unused cuetsify cli command
* When getting a public dashboard, backend returns a response structured the same as when you get a regular dashboard
* Updates backend tests for getting public dashboard
* Frontend can load the public dashboard based on the pubdash uid provided
* adds frontend test to make sure public dashboard doesnt render toolbar and submenu
* sorts imports
This PR adds endpoints for saving and retrieving a public dashboard configuration and and api endpoint to retrieve the public dashboard.
All of this is highly experimental and APIs will change. Notably, we will be removing isPublic from the dashboard model and moving it over to the public dashboard table in the next release.
Further context can be found here: https://github.com/grafana/grafana/pull/49131#issuecomment-1145456952
* add isPublic to dashboard
* refactor routes to use route group and add placeholder method for sharing apii
* add sharing pane and utils for public dashboard config to sharing modal
* Sharing modal now persists data through the api
* moves ShareDashboard endpoint to new file and starts adding tests
* generates mocks. Adds tests for public dashboard feature flag
* Adds ability to pass in array of features to enable for the test
* test to update public flag on dashboard WIP
* Adds mock for SaveDashboardSharingConfig
* Fixes tests. Had to use FakeDashboardService
* Adds React tests for public dashboards toggle
* removes semicolons
* refactors SharePublic component to use hooks
* rename from `share publicly` to `public dashboard config`
* checkpoint. debugging tests. need to verify name changes
* checkpoint. test bugs fixed. need to finish returning proper response codes
* finish renaming. fix test
* Update pkg/api/api.go
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* update backend url
* rename internal objects and commands. fix configuration modal labels
* add endpoint for retrieving public dashboard configuration and populate the frontend state from it
* add test for dashboardCanBePublic
* adds backend routes
* copy DashboardPage component into component for public dashboards. WIP
* adds react routes, and doesnt render main nav bar when viewing a public route
* removes extra react route from testing
* updates component name
* Wrap the original dashboard component so we can pass props relevant to public dashboards, turn kiosk mode on/off, etc
* Wraps DashboardPage in PublicDashboardPage component. DashboardPage gets rendered in kiosk mode when public prop is passed.
* removes commented out code from exploratory work
* Makes public dashboard routes require no auth
* extracts helper to own util file to check if were viewing a public page
* Hides panel dropdown when its being viewed publicly
* formatting
* use function from utils file for determining if publicly viewed. If public, hides app notifications, searchwrapper, and commandpalette.
* adds unit tests for util function used to see if page is being viewed publicly
* cant added annotations to panel when being publicly viewed
* removes useless comment
* hides backend and frontend pubdash routes behind feature flag
* consider feature flag when checking url path to see if on public dashboard
* renames function
* still render app notifications when in public view
* Extract pubdash route logic into own file
* fixes failing tests
* Determines path using location locationUtils. This covers the case when grafana is being hosted on a subpath. Updates tests.
* renames pubdash web route to be more understandable
* rename route
* fixes failing test
* fixes failing test. Needed to update pubdash urls
* sets flag on grafana boot config for if viewing public dashboard. Removes hacky check that looks at the url
* fixes failing tests. Uses config to determine if viewing public dashboard
* renders the blue panel timeInfo on public dashboard panel
* Extracts conditional logic for rendering components out into their own functions
* removes publicDashboardView check, and uses dashboard meta instead
* the timeInfo is always displayed on the panel
* After fetch of public dashboard dto, the meta isPublic flag gets set and used to determine if viewing public dashboard for child components. Fixes tests for PanelHeader.
* Fixes failing test. Needed to add isPublic flag to dashboard meta.
Co-authored-by: Jeff Levin <jeff@levinology.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Split GetDashboarVersions method
* Add sqlstore dialect and tests
* Fix signature of PAtchPreference
* Add GetDialect to sqlstore and remove GetDashboardVersions
* Add GetDialect to db interface
* Implement List
* add deleted test function
* Remove GetDialect from sqlstore interface
* Remove deleted method from mock
* Refactor test
* API: Migrate CSRF to service and support additional options
* minor
* public Csrf service to use in tests
* WIP
* remove fmt
* comment
* WIP
* remove fmt prints
* todo add prefix slash
* remove fmt prints
* linting fix
* remove trimPrefix
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>
* update action names
* correctly retrieve teams for signed in user
* remove test
* undo swagger changes
* undo swagger changes pt2
* add migration from old action names to the new ones
* rename from list to read
* linting
* also update alertign actions
* fix migration
* backend/sqlstore split: remove unused GetDashboardPermissionsForUser from sqlstore
* remove debugging line
* backend/sqlstore: move dashboard permission related functions to dashboard service
* ServiceAccounts: refactor ServiceAccountRoleRow
* Refactor ServiceAccountRoleRow
* Refactor ServiceAccountProfile
* Refactor components
* Change service accounts icon
* Refine service accounts page header
* Improve service accounts filtering
* Change delete button style
* Tweak account id
* Auto focus name field when create service account
* Add disable/enable button
* Enable/disable service accounts
* Optimize updating service account (do not fetch all)
* Remove status column (replace by enable/disable button)
* Add banner with service accounts description
* Add tokens from main page
* Update tokens count when add token from main page
* Fix action buttons column
* Fix tokens count when change role
* Refine table row classes
* Fix buttons
* Simplify working with state
* Show message when service account updated
* Able to filter disabled accounts
* Mark disabled accounts in a table
* Refine disabled account view
* Move non-critical components to separate folder
* Remove confusing focusing
* Fix date picker position when creating new token
* DatePicker: able to set minimum date that can be selected
* Don't allow to select expiration dates prior today
* Set tomorrow as a default token expiration date
* Fix displaying expiration period
* Rename Add token button
* Refine page styles
* Show modal when disabling SA from main page
* Arrange role picker
* Refine SA page styles
* Generate default token name
* More smooth navigation between SA pages
* Stop loading indicator in case of error
* Remove legacy styles usage
* Tweaks after code review
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Get rid of useDisapatch in favor of mapDispatchToProps
* Tests for ServiceAccountsListPage
* Tests for service account page
* Show new role picker only with license
* Get rid of deprecated css classes
* Apply suggestion from code review
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Fix service accounts icon
* Tests for service account create page
* Return service account info when update
* Add behaviour tests for ServiceAccountsListPage
* Fix disabled cursor on confirm button
* More behavior tests for service account page
* Temporary disable service account migration banner
* Use safe where condition
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Apply review suggestions
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Remove autofocus from search
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Preferences: Fix PUT for Navbar and Query History
* Update linting
* Fix linting
* Use models defined in preference package in preferences
* Remove white space
* Revert "Use models defined in preference package in preferences"
This reverts commit 6f7aa9f8d3.
* grant data source reader to all users when running oss or enterprise
without license
* fix asserts in alerting tests
* add oss licensing service for test setup
* fix tests to pass in enterprise
* lint
* fix tests
* set setting.IsEnterprise flag for tests
Co-authored-by: Yuriy Tseretyan <yuriy.tseretyan@grafana.com>
* Add store split for Get Dashboard version method
* Implement dashboard version service
* Fix api tests
* Remove GetDashboarVersion from sqlstore
* Add fakes for Get dashboard version
* Fix sqlstore test
* Add Get Dashboard store test
* Add dashver service test
* Remove useless comments
* pkg/web: store http.Handler internally
* pkg/web: remove injection
Removes any injection code from pkg/web.
It already was no longer functional, as we already only injected into
`http.Handler`, meaning we only inject ctx.Req and ctx.Resp.
Any other types (*Context, *ReqContext) were already accessed using the
http.Request.Context.Value() method.
* *: remove type mappings
Removes any call to the previously removed TypeMapper, as those were
non-functional already.
* pkg/web: remove Context.Invoke
was no longer used outside of pkg/web and also no longer functional
* switch saved items to starred items
* hook up redux properly
* Better query + hook up DashList
* update initial state so it's never undefined
* update GetDashboard call
* use new star service
* add scroll + maxwidth to navbar hover menu, sort starred items alphabetically
* increase height, revert changes to CustomScrollbar
* ellipsis!
* update starred dashboard name in navtree
* sort after renaming
* limit to first 50 starred dashboards found
* chore: replace handmade FakeDashboardService with generated mock
Maintaining a handcrafted FakeDashboardService is not sustainable now that we are in the process of moving the dashboard-related functions out of sqlstore.
* remove dialect global variable
* Add database migrations
* Use short uids as data key ids
* Add support for manual data key rotation
* Fix duplicated mutex unlocks
* Fix migration
* Manage current data keys per name
* Adjust key re-encryption and test
* Modify rename column migration for MySQL compatibility
* Refactor secrets manager and data keys cache
* Multiple o11y adjustments
* Fix stats query
* Apply suggestions from code review
Co-authored-by: Tania <yalyna.ts@gmail.com>
* Fix linter
* Docs: Rotate data encryption keys API endpoint
Co-authored-by: Tania <yalyna.ts@gmail.com>
* Add coremodelValidation feature flag
* coremodels: use stubs when feature flag is off
* api: validate dashboards on save
* Need pointer receiver for FeatureManager
* Update dashboard Go model
* Align doc comments
* Include CoremodelRegistry in test
* Wedge coremodel in on all test cases, ugh
* Ugh fix comment again
* Update pkg/framework/coremodel/staticregistry/provide.go
Co-authored-by: Artur Wierzbicki <wierzbicki.artur.94@gmail.com>
* Update Thema (and its deps) for better errs
* omg whitespace
Co-authored-by: Artur Wierzbicki <wierzbicki.artur.94@gmail.com>
Makes `pkg/web` only accept handles from the following set:
```go
handlerStd = func(http.ResponseWriter, *http.Request)
handlerStdCtx = func(http.ResponseWriter, *http.Request, *web.Context)
handlerStdReqCtx = func(http.ResponseWriter, *http.Request, *models.ReqContext)
handlerReqCtx = func(*models.ReqContext)
handlerReqCtxRes = func(*models.ReqContext) Response
handlerCtx = func(*web.Context)
```
This is a first step to reducing above set to only `http.Handler`.
---
Due to a cyclic import situation between `pkg/models` and `pkg/web`, parts of this PR were put into `pkg/api/response`, even though they definitely do not belong there. This however is _temporary_ until we untangle `models.ReqContext`.
* introduce a fallback handler that checks that role is Viewer.
* update UI nav links to allow alerting tabs for anonymous user
* update rule api to check for Viewer role instead of SignedIn when RBAC is disabled
adds toggle to make a dashboard public
* config struct for public dashboard config
* api endpoints for public dashboard configuration
* ui for toggling public dashboard on and off
* load public dashboard config on share modal
Co-authored-by: Owen Smallwood <owen.smallwood@grafana.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* rename folder to match package name
* backend/sqlstore: move GetDashboard into DashboardService
This is a stepping-stone commit which copies the GetDashboard function - which lets us remove the sqlstore from the interfaces in dashboards - without changing any other callers.
* checkpoint: moving GetDashboard calls into dashboard service
* finish refactoring api tests for dashboardService.GetDashboard
* Refactor: Add UID endpoint for dashboard versions and restore
* Fix: User dashID instead of dash.id
* 💩
* Move apiCmd error handling outside of dashUID check
* fix the panic in test
* Fix handler and update docs
Co-authored-by: Kat Yang <yangkb09@users.noreply.github.com>
* Docs: add deprecated warning to restore and version docs
* Fix hyperlink text
* Add swagger endpoints for restore and versions
* Add deprecated tag on swagger for both endpoints
* Fix: Update access control to be dashboards
* Return UID in response; Update docs to reflect this; Implement Ying suggestion
* Update docs/sources/http_api/dashboard_versions.md
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Update pkg/models/dashboard_version.go
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Update pkg/models/dashboard_version.go
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Update query to refer to DashboardUID
Co-authored-by: Ying WANG <ying.wang@grafana.com>
Co-authored-by: Sofia Papagiannaki <sofia@grafana.com>
Co-authored-by: Kat Yang <yangkb09@users.noreply.github.com>
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Refactor: Add UID endpoint for get dashboard version
* Add initial docs language
* Add new endpoint in swagger
* Change access control to dashboards
* Add parameters to swagger endpoint
* Return UID in response; Update docs to reflect this; Implement Ying suggestion
* Update docs/sources/http_api/dashboard_versions.md
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Update pkg/api/api.go
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Update pkg/models/dashboard_version.go
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Rename UID to DashboardUID for clarity; use dashUID in method
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Add RBAC section to settings
* Default to RBAC enabled settings to true
* Update tests to respect RBAC
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Only require create and permissions for new data source page
* Let users with permissions to create data sources list non-core plugins
* Keep the admin check as fallback when using rbac as well
* Add SQL filter for global user search
* Remove scope requirements from endpoints
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Remove banner when missing permissions to list users
* For OSS allow users to list other users if they have permissions to
write either team, dashboard or folder permissions
* reduce the usage of access control flag further by removing it from SQL store methods
* fixing tests
* fix another test
* linting
* remove AC feature toggle use from API keys
* remove unneeded function
* feature toggles
* return HTTP 207 from ds/query
* add ft check
* add API test
* add 207 check for qr
* change to OR
* revert check
* add explicit toggle check for cloudwatch
* remove unused import
* remove from defaults.ini
* add status codes to md and update swagger
* new fangled http api tests pattern
* update swagger
* Update docs/sources/http_api/data_source.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* add missing word and reformat
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Fix secure json data reset on datasource update
* Update fillWithSecureJSONData to use DecryptedValues
* Remove unecessary conversion
* Move fillWithSecureJsonData logic to datasource service
* Add sanity check for nil secure json data
* replace dashboardid with dashboardUID in annotation API
* add some tests
* modify some docs and add uid into get endpoint
* rebase with main
* add map for avoiding too much retrieve on dashboards
* Move ApiKeyDTO to dtos package
* Add access control filter to api keys
* pass user in GetApiKeysQuery
* Add api key metadata to DTO
* Remove scope all requirement from get api keys endpoint
* Handle api key access control metadata in frondend
* #45498: add entity events table
* #45498: add entity events service
* #45498: hook up entity events service to http server
* #45498: use `dashboards.id` rather than `uid` and `org_id` in grn
* Update pkg/services/entityevents/service.go
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* #45498: move entityeventsservice to services/store
* #45498: add null check
* #45498: rename
* #45498: fix comment
* #45498: switch grn back to uid
* Search: listen for updates (#47719)
* #45498: wire entity event service with searchv2
* load last event id before building index for org 1
* fix service init in integration tests
* depend on required subset of event store methods
* Update pkg/services/sqlstore/migrations/entity_events_mig.go
Co-authored-by: Alexander Emelin <frvzmb@gmail.com>
* #45498: pointer receiver
* #45498: mockery!
* #45498: add entity events service to background services
* dashboard query pagination, allow queries while re-indexing
* log level cleanups, use rlock, add comments
* fix lint, check feature toggle in search v2 service
* use unix time for event created column
* add missing changes for created column
* fix integration tests init
* log re-index execution times on info level
* #45498: fix entityEventsService tests
* #45498: save events on dashboard delete
* use camel case for log labels
* formatting
* #45498: rename grn to entityid
* #45498: add `IsDisabled` to entityEventsService
* #45498: remove feature flag from migration
* better context usage, fix capacity, comments/cleanups
* replace print with logger
* Revert "#45498: remove feature flag from migration"
This reverts commit ed23968898.
* revert:revert:revert conditional feature flag
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
Co-authored-by: Alexander Emelin <frvzmb@gmail.com>
* Add test for decrypted values on datasource service
* Add debug log when fail to parse secure json fields
* Fix minor import issue
* Refactor encJson to json and simplejson to sjson on tests
* wip: Implement kvstore for secrets
* wip: Refactor kvstore for secrets
* wip: Add format key function to secrets kvstore sql
* wip: Add migration for secrets kvstore
* Remove unused Key field from secrets kvstore
* Remove secret values from debug logs
* Integrate unified secrets with datasources
* Fix minor issues and tests for kvstore
* Create test service helper for secret store
* Remove encryption tests from datasources
* Move secret operations after datasources
* Fix datasource proxy tests
* Fix legacy data tests
* Add Name to all delete data source commands
* Implement decryption cache on sql secret store
* Fix minor issue with cache and tests
* Use secret type on secret store datasource operations
* Add comments to make create and update clear
* Rename itemFound variable to isFound
* Improve secret deletion and cache management
* Add base64 encoding to sql secret store
* Move secret retrieval to decrypted values function
* Refactor decrypt secure json data functions
* Fix expr tests
* Fix datasource tests
* Fix plugin proxy tests
* Fix query tests
* Fix metrics api tests
* Remove unused fake secrets service from query tests
* Add rename function to secret store
* Add check for error renaming secret
* Remove bus from tests to fix merge conflicts
* Add background secrets migration to datasources
* Get datasource secure json fields from secrets
* Move migration to secret store
* Revert "Move migration to secret store"
This reverts commit 7c3f872072.
* Add secret service to datasource service on tests
* Fix datasource tests
* Remove merge conflict on wire
* Add ctx to data source http transport on prometheus stats collector
* Add ctx to data source http transport on stats collector test
* Replace sequential IDs with UID for dashboard permossion
* Add back endpoint with id
* Rename parameter from dashboarUid->uid and add swagger definitions for endpoints
* Generate swagger json
* Add deprecated to swagger and docs
* Add deprecated comment in the api.go
* Add model for POST body
* Fix model post body for endpoint
* Generate spec with enterprise
* Implement preference service
* Adjust wire.go
* Fix integration test user
* Fix api pref tests
* Fix a11y error
Co-authored-by: Alexandra Vargas <alexa1866@gmail.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Update API Keys UI to adjust based on users permissions
Since API Keys support now RBAC we need to ensure that UI
is adjusted based on the user permissions.
* Applying PR suggestions
* use common traceID context value for opentracing and opentelemetry
* support sampled trace IDs as well
* inject traceID into NormalResponse on errors
* Finally the test passed
* fix the test
* fix linter
* change the function parameter
Co-authored-by: Ying WANG <ying.wang@grafana.com>
* forbid setting role higher than user's role
* change response code
* can assign API key permissions to non-admin users
* add: assign viewer role directly upon creation
* refactor: add AddSATcommand infavor of AddAPIkey
* refactor: frontend fixes for ServiceAccountToken
Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
* Nav: Show overlay icons based on allowed list
* user essentials mob! 🔱
* Navigation: clean up and use new backend prop to show plus icons and
improve visual styling
* Nav: Fix top padding
* refactor to not use showIconInNavbar in NavBarMenuItem
* remove a missed bit
* refactor icon into const
Co-authored-by: Ashley Harrison <ashley.harrison@grafana.com>
* Update golangci-lint to v1.45.2
Version 1.45.0 added support for Go 1.18:
https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md#v1450
Signed-off-by: Marcelo E. Magallon <marcelo.magallon@grafana.com>
* Linter: fix some lints issue for golangci-lint version 1.45.2
Co-authored-by: Marcelo E. Magallon <marcelo.magallon@grafana.com>
Co-authored-by: Gábor Farkas <gabor.farkas@gmail.com>
* AccessControl: Make the built-in role definitions public
* Add context to RegisterFixedRoles
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Making BuiltInRolesWithParents public to the AccessControl package
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* pass in user to attribute scope resolver
* add SQL filter to annotation listing
* check annotation FGAC permissions before exposing them for commenting
* remove the requirement to be able to list all annotations from annotation listing endpoint
* adding tests for annotation listing
* remove changes that got moved to a different PR
* unused var
* Update pkg/services/sqlstore/annotation.go
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* remove unneeded check
* remove unneeded check
* undo accidental change
* undo accidental change
* doc update
* move tests
* redo the approach for passing the user in for scope resolution
* accidental change
* cleanup
* error handling
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
For a proxied request, e.g. Grafana's datasource or plugin proxy:
If the request is cancelled, e.g. from the browser, the HTTP status code is
now 499 Client closed request instead of 502 Bad gateway.
If the request times out, e.g. takes longer time than allowed, the HTTP status
code is now 504 Gateway timeout instead of 502 Bad gateway.
This also means that request metrics and logs will get their status codes
adjusted according to above.
Fixes#46337Fixes#46338
* add FGAC actions for silences table
* redirect users without permissions
* add permissions checks to routes
* add fgac to notifications and contact points
* fgac for notification policies
* fix mute timing authorization
* use consistent naming for checking grafana alertmanager
* tests for fgac in contact points and notification policies
* bump up timeout on rule editor test
* use new permissions util
* break out route evaluation into util
* Remove test timeout
* Change permissions for the alert-notifiers endpoint
* Use signed in handler for alert-notifiers when unified alerting enabled
Co-authored-by: Konrad Lalik <konrad.lalik@grafana.com>
* AccessControl: Remove package variables for roles and grants
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Check for inheritance during role registration
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Moving back role definition to accessscontrol
* Make settings reader role public
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Nits
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Forgot to update this
* Account for declaration error
* Fixing pkg/api init ossac
* Account for error in tests
* Update test to verify inheritance
* Nits.
* Place br inheritance behind a feature toggle
* Parent -> Parents
* Nit.
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Use Wiring to initialize Avatar Cache Server
Create AvatarCacheServer Provider function and pass it in as an
argument to HTTPServer. Also convert CacheServer to a singleton
so that we keep all cached Avatar info in one place for easier access
* Refactor avatar cache server and add 'isCustom' check
Avatar cache server needs to perform two similar fetches
back-to-back; break up functions to allow for easy reuse.
Then add handling to see if a user has a custom avatar.
* Add additional accessors so that /recents api can easily use the cache
* Minor mods to avatar server to facilitiate unit testing
* add unit tests for avatar fetching
* add error handling in case we somehow fetch gravatars while they are disabled
* linting: read error return value in unit test
* Use http package status codes
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* Use http package status codes
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* Use http package status codes
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* Incorporate suggestions from PR
-avoid mutating arguments
-change error handler function to private and make name more descriptive
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* adds oauth support to call resource requests
* adds oauth docs for call resource
* fixes case where dsUID is empty
* improve datasource error handling
* use uid:s for folder and dashboard permissions
* evaluate folder and dashboard permissions based on uids
* add dashboard.uid to accept list
* Check for exact suffix
* Check parent folder on create
* update test
* drop dashboard:create actions with dashboard scope
* fix typo
* AccessControl: test id 0 scope conversion
* AccessControl: store only parent folder UID
* AccessControl: extract general as a constant
* FolderServices: Prevent creation of a folder uid'd general
* FolderServices: Test folder creation prevention
* Update pkg/services/guardian/accesscontrol_guardian.go
* FolderServices: fix mock call expect
* FolderServices: remove uneeded mocks
Co-authored-by: jguer <joao.guerreiro@grafana.com>
* Expose option to disable help menu
* Expose option to disable profile menu
* Add Profile FeatureTogglePage
* Update public/app/features/profile/FeatureTogglePage.tsx
Uptake PR wording suggestion.
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Fix front end lint issue
* Fix back end lint issue
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Add ResourceAttribute
* Add ResourceAttribute option
* Set ResourceAttribute option
* Change resolvers to return uid based scopes
* update swagger to correct scope
* use ResourceAttribute for endpoint scope
* bump role version
* Add support for different attributes for access control metadata
* evaluate data source metadata based on uid
* Fix test
* uncomment benchmarks
* Use resourceID
* use evaluator for access control metadata
* update comment
* Set default permissions based on uid
* Add attribute to accesscontrol filter
* validate that scopes has correct attribute
* lint
* Update comment
* remove attribute parameter and extend prefix
* refactor to use scope prefix
* Get metadata with prefix
* fix test
* fix comparision
* remove unused type
* fix attribute index
* fix typo
* restructure logic
* Get metadata by uid
* fix imports
Co-authored-by: jguer <joao.guerreiro@grafana.com>
* Move DeleteDashboard funtion into dashboards store service, remove bus and update tests
* Remove bus from folder service and update more tests
* Fix mock
* Add option to set ResourceAttribute for a permissions service
* Use prefix in access control sql filter to parse scopes
* Use prefix in access control metadata to check access
* Data sources: Sent user ID when creating data source
* Data sources: Grant a data source creator edit permissions
* Use edit permisison and only append if user id is in command
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Use bookmark icon for Saved Items, add support for solid bookmark icon
* Add some unit tests
* Refactor utils into own file
* Update test title
* Fix import
* consistent function style
* replace bus in guardian with sqlstore
* fix a couple of tests
* replace bus in the rest of the tests
* allow init guardian from other packages
* make linter happy
* init guardian in library elements
* fix another test in libraryelements
* fix more tests
* move guardian mock one level deeper
* fix more tests
* rename init functions
* First attempt at creating new navbar_preferences table in db
* Apply to every nav item instead of just home
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* Chore: introduce initTestDB options for features
* fix unit tests
* Add another unit test and some logic for detecting if a preference already exists
* tidy up
* Only override IsFeatureToggleEnabled if it's defined
* Extract setNavPreferences out into it's own function, initialise features correctly
* Make the linter happy
* Use new structure
* user essentials mob! 🔱
* user essentials mob! 🔱
* Split NavbarPreferences from Preferences
* user essentials mob! 🔱
* user essentials mob! 🔱
* Fix lint error
* Start adding tests
* Change internal db structure to be a generic json object
* GetJsonData -> GetPreferencesJsonData
* Stop using simplejson + add some more unit tests
* Update pkg/api/preferences.go
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Updates following review comments
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* Change patch to upsert, add a unit test
* remove commented out code
* introduce patch user/org preferences methods
* Return Navbar preferences in the get call
* Fix integration test by instantiating JsonData
* Address review comments
* Rename HideFromNavbar -> Hide
* add swagger:model comment
* Add patch to the preferences documentation
* Add openapi annotations
* Add a short description
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* Update unit tests
* remove unneeded url
* remove outdated comment
* Update integration tests
* update generated swagger
Co-authored-by: Alexandra Vargas <alexa1866@gmail.com>
Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Refactors GetPluginDashboards/LoadPluginDashboard by moving database
interaction from plugin management to the plugindashboards service.
Fixes#44553
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
* Move call to create permissions into folder service
* Inject cfg, feature toggles and permissions services into dashboard
service
* Move logic to set default permissions on create dashboard from api to
service
* Move call to set default permissions on import dashboard to dashboard
service
* Set permissions for provisioned dashboard and folders in service
* create scope provider
* move datasource actions and scopes to datasource package + add provider
* change usages to use datasource scopes and update data source name resolver to use provider
* move folder permissions to dashboard package and update usages
* adds an api endpoint for use with public dashboards that validates orgId, dashboard, and panel when running a query. This feature is in ALPHA and should not be enabled yet. Testing is based on new mock sqlstore.
Co-authored-by: Jesse Weaver <jesse.weaver@grafana.com>
Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
* Chore: Remove deprecated no-op option PreferServerCipherSuites
from the tls configs.
Per golang docs: "PreferServerCipherSuites is a legacy field and has no effect."
* Add actions and scopes
* add resource service for dashboard and folder
* Add dashboard guardian with fgac permission evaluation
* Add CanDelete function to guardian interface
* Add CanDelete property to folder and dashboard dto and set values
* change to correct function name
* Add accesscontrol to folder endpoints
* add access control to dashboard endpoints
* check access for nav links
* Add fixed roles for dashboard and folders
* use correct package
* add hack to override guardian Constructor if accesscontrol is enabled
* Add services
* Add function to handle api backward compatability
* Add permissionServices to HttpServer
* Set permission when new dashboard is created
* Add default permission when creating new dashboard
* Set default permission when creating folder and dashboard
* Add access control filter for dashboard search
* Add to accept list
* Add accesscontrol to dashboardimport
* Disable access control in tests
* Add check to see if user is allow to create a dashboard
* Use SetPermissions
* Use function to set several permissions at once
* remove permissions for folder and dashboard on delete
* update required permission
* set permission for provisioning
* Add CanCreate to dashboard guardian and set correct permisisons for
provisioning
* Dont set admin on folder / dashboard creation
* Add dashboard and folder permission migrations
* Add tests for CanCreate
* Add roles and update descriptions
* Solve uid to id for dashboard and folder permissions
* Add folder and dashboard actions to permission filter
* Handle viewer_can_edit flag
* set folder and dashboard permissions services
* Add dashboard permissions when importing a new dashboard
* Set access control permissions on provisioning
* Pass feature flags and only set permissions if access control is enabled
* only add default permissions for folders and dashboards without folders
* Batch create permissions in migrations
* Remove `dashboards:edit` action
* Remove unused function from interface
* Update pkg/services/guardian/accesscontrol_guardian_test.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* ServiceAccounts: Fix token-apikey cross deletion
* ServiceAccounts: separate API key store and service account token store
* ServiceAccounts: hide service account tokens from API Keys page
* ServiceAccounts: uppercase statement
* ServiceAccounts: fix and add new tests for SAT store
* ServiceAccounts: remove service account ID from add API key
* ServiceAccounts: clear up errors
* Create DashAlertService service
* Remove no used dashboard service from plugin's manager that generates dependency cycle in Enterprise
* Remove bus for dashboard permissions
* Remove bus from dashboard extractor service
* Add missing argument
* Fix wire
* Fix lint
* More goimports
* Use datasource service instead sql calls
* Fix integration test
* Use PluginSettingsService instead of SQLStore in plugins
* Fix pluginproxy use of pluginsettings methods
* Fix additional pluginsettings methods
* Remove dispatch from plugindashboards
* Fix lint and adjust mock
* Remove unused pluginsettings
* Rename pluginsetting Service and ServiceImpl and add binding to wire
* Move pluginsettings binding in wire file
* make getordbyname a method
* remove one dispatch from plugins provisioner
* remove bus from the plugins provisioner, skip test for now
* remove bus from datasource provisioning
* resolve tests in notifier provisioning
* remove bus from the dashboards provisioning service
* fix missing struct field
* fix getorgbyid method calls
* pass org store into dashboard provisioner
* fix test function prototype
* fix tests
* attempt to fix tests after the rebase
* fix integration test
* avoid using transaction
* remove comments
* Chore: add setting to skip org assignment for external users
Introduce 'skip_org_role_update_sync' setting to skip any kind of org assignment during the login of external users.
As a consequence manual organization assignments won't be overridden during the upsert of an external user.
Part of #22605
* Chore: Rename skip_org_role_update_sync to oauth_skip_org_role_update_sync and relocate it to auth section
* Chore: replace global setting access where possible
* Chore: Remove x from health
* Chore: Remove x from dashboard and user
* Chore: Remove x from alert notification
* Chore: Remove x from stats
* Fix: Update func signature in stats test
* Refactor: Remove x from GetDashboardTags
* Chore: Remove x from dashboard
* Chore: Remove x from Stats
* Fix: Update refs of HasAdminPermissionInFolders
* Fix: Adjust funcs in tests to be sqlStore methods
* Fix: Fix database folder test sqlstore methods
* Add providers to folder and dashboard services
* Refactor folder and dashboard services
* Move store implementation to its own file due wire cannot allow us to cast to SQLStore
* Add store in some places and more missing dependencies
* Bad merge fix
* Remove old functions from tests and few fixes
* Fix provisioning
* Remove store from http server and some test fixes
* Test fixes
* Fix dashboard and folder tests
* Fix library tests
* Fix provisioning tests
* Fix plugins manager tests
* Fix alert and org users tests
* Refactor service package and more test fixes
* Fix dashboard_test tets
* Fix api tests
* Some lint fixes
* Fix lint
* More lint :/
* Move dashboard integration tests to dashboards service and fix dependencies
* Lint + tests
* More integration tests fixes
* Lint
* Lint again
* Fix tests again and again anda again
* Update searchstore_test
* Fix goimports
* More go imports
* More imports fixes
* Fix lint
* Move UnprovisionDashboard function into dashboard service and remove bus
* Use search service instead of bus
* Fix test
* Fix go imports
* Use nil in tests
* filter teams for editors to only show the teams that they are members of
* frontend changes to only allow clicking on teams that the user can edit
* update frontend test snapshots
* extend docs
* reword
* remove the comment for now
* Update backend tests
* reword the warning, and add it back in
* docs feedback
Co-authored-by: gamab <gabi.mabs@gmail.com>
* AccessControl: Add endpoint to get user permissions
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* Fix SA tests
* Linter is wrong :p
* Wait I was wrong
* Adding the route for teams:creator too
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* show teams page for user who can't list teams but can create teams
* Fixing buttons and routes
* Small refactor
Co-authored-by: gamab <gabi.mabs@gmail.com>
* AccessControl: Filter team members
* Modify GetTeamMembersByUser comment
* Fix postgres failing test due to quoting
* Rename GetTeamMembersByUser to GetUserTeamMemberships
* Update TeamStore interface
* Remove bus from datasource api
* Add DatasourcePermissionService and use it in api
* Fix wire and rename
* Fix import in wire
* Fix bug
* Rename Service to OSS service
* Roll back fix
* * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search
* Teams: Ensure that users searching for teams are only able see teams they have access to
* Teams: Require teamGuardian admin privileges to list team members
* Teams: Prevent org viewers from administering teams
* Teams: Add org_id condition to team count query
* Teams: clarify permission requirements in teams api docs
* Teams: expand scenarios for team search tests
* Teams: mock teamGuardian in tests
Co-authored-by: Dan Cech <dcech@grafana.com>
* remove duplicate WHERE statement
* Fix for CVE-2022-21702
(cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e)
* Lint and test fixes
(cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981)
* check content type properly
(cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98)
* basic csrf origin check
(cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1)
* compare origin to host
(cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42)
* simplify url parsing
(cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d)
* check csrf for GET requests, only compare origin
(cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709)
* parse content type properly
(cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0)
* mentioned get in the comment
(cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345)
* add content-type: application/json to test HTTP requests
* fix pluginproxy test
* Fix linter when comparing errors
Co-authored-by: Kevin Minehart <kmineh0151@gmail.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
* add SQL migrations
* dashboard previews from sql: poc
* added todos
* refactor: use the same enums where possible
* use useEffect, always return json
* added todo
* refactor + delete files after use
* refactor + fix manual thumbnail upload
* refactor: move all interactions with sqlStore to thumbnail repo
* refactor: remove file operations in thumb crawler/service
* refactor: fix dashboard_thumbs sql store
* refactor: extracted thumbnail fetching/updating to a hook
* refactor: store thumbnails in redux store
* refactor: store thumbnails in redux store
* refactor: private'd repo methods
* removed redux storage, saving images as blobs
* allow for configurable rendering timeouts
* added 1) query for dashboards with stale thumbnails, 2) command for marking thumbnails as stale
* use sql-based queue in crawler
* ui for marking thumbnails as stale
* replaced `stale` boolean prop with `state` enum
* introduce rendering session
* compilation errors
* fix crawler stop button
* rename thumbnail state frozen to locked
* #44449: fix merge conflicts
* #44449: remove thumb methods from `Store` interface
* #44449: clean filepath, defer file closing
* #44449: fix rendering.Theme cyclic import
* #44449: linting
* #44449: linting
* #44449: mutex'd crawlerStatus access
* #44449: added integration tests for `sqlstore.dashboard_thumbs`
* #44449: added comments to explain the `ThumbnailState` enum
* #44449: use os.ReadFile rather then os.Open
* #44449: always enable dashboardPreviews feature during integration tests
* #44449: remove sleep time, adjust number of threads
* #44449: review fix: add `orgId` to `DashboardThumbnailMeta`
* #44449: review fix: automatic parsing of thumbnailState
* #44449: lint fixes
* #44449: review fix: prefer `WithDbSession` over `WithTransactionalDbSession`
* #44449: review fix: add a comment explaining source of the filepath
* #44449: review fix: added filepath validation
* #44449: review fixes https://github.com/grafana/grafana/pull/45063/files @fzambia
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
Co-authored-by: Alexander Emelin <frvzmb@gmail.com>
* API: Using go-swagger for extracting OpenAPI specification from source code
* Merge Grafana Alerting spec
* Include enterprise endpoints (if enabled)
* Serve SwaggerUI under feature flag
* Fix building dev docker images
* Configure swaggerUI
* Add missing json tags
Co-authored-by: Ying WANG <ying.wang@grafana.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Fixing a couple bugs, adds some tests and hopefully decrease
lock contention when logging.
Switching from using sync.RWMutex to go-kit SwapLogger.
Fixes bug when creating a new logger from an existing one that
screwed up the keyvals and/or lost the logger name.
Ref #44681
* ServiceAccounts: move token handlers to specific file
* ServiceAccounts: move Add API key to Service account
* APIKeys: api keys can still be used even when service accounts are enabled
* APIKeys: legacy endpoint can't be used to add SA tokens
* ServiceAccount: add tests for creation with nil and non-nil service account ids
* ServiceAccounts: fix unnasigned cfg and AC typo
* Test: test service account token adding
* fix linting error
* ServiceAccounts: Handle Token deletion
* rename token funcs
* rename token funcs and api wrapping
* add token deletion tests
* review
Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
* remove bus
* Update pkg/api/apikey.go
Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
* Remove bus from dashboard api
* Polish api dashboard tests
* Remove Delete Slug method
* Fix sqlstore dashboard test
* Remove bus from dashboard permission
* Remove GetDashboardsBySlug from sqlstore
* Chore: Remove bus from admin users
* Mock authinfoservice
* Update user id
* attempt to fix the tests in admin users api
* fix type cast
* revert skipped tests
Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
* assign handlers to httpserver
* turn sqlstore mock in to a pointer
* add search service interface
* fix tests for alerting and other apis
* once again, make linter happy
* AccessControl: Change teams permissions page when frontend is hit
* Implement frontend changes for group sync
* Changing the org/teams/edit permissions
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Fixing routes
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Use props straight away no need to go through the state
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Update public/app/features/teams/TeamPages.tsx
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* add actions for team group sync
* extend the hook to allow specifying whether the user is external
* move user struct to type package
* interface for permission service to allow mocking it
* reuse existing permissions
* test fix
* refactor
* linting
* Chore: Remove bus from password
* Refactor: Remove bus from password.go and adjust tests
* remove sqlstore dependency from notifications
* Chore: Remove bus from password
* Refactor: Remove bus from password.go and adjust tests
* remove sqlstore dependency (again)
* remove fmt printf
* fix dependencies in http server
* fix renamed method in tests
Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
Moves the request tracing middleware earlier in the chain, just after the tracing middleware
and before the log middleware. With these changes we'll be able to track
authentication/authorization status failures that currently exits early and don't execute the
request tracing middleware. In addition, there might be some other routes now being tracked
with this that we didn't do before.
Fixes#39590
* checks for empty URLs added
* check for TimeSeriesTypeNot to fix InfluxDB alerts
* log a warning when a data frame is ignored
* fix: add brittle Prometheus URL input selector
needs a proper aria-label or test-data-id selector
* test: add URL input aria-label
needs to use the grafana/e2e-selectors package
* test: run ci
* add URL validation for specific data sources, e2e tests
* Update pkg/api/datasource/validation.go
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* delete duplicated logs
* delete unnecessary leading newline
Co-authored-by: gillesdemey <gilles.de.mey@gmail.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* I18n: Translate navigation items
* improve comment, remove console.log
* update mock macros
* Mark up all phrases for translation
* added deprecate text comment, moved translations to a seperate file
* use TestProvider in NavBarItem
* use TestProvider in nav tests
* remove text deprecation comment
* update translations
* Create config to enable/disable query history
* Create add to query history functionality
* Add documentation
* Add test
* Refactor
* Add test
* Fix built errors and linting errors
* Refactor
* Remove old tests
* Refactor, adjust based on feedback, add new test
* Update default value
* AccessControl: Add AC to team preferences
* Apply suggestions from code review
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Moves/refactor Grafana specific functionality related to plugin dashboards
out to specific services for importing dashboards and keep app plugin dashboards
up-to-date.
Fixes#44257
* AccessControl: Add access control actions and scopes to team update and delete
* AccessControl: Add tests for AC guards in update/delete
* AccessControl: add fixed role for team writer
* AccessControl: ensure team related AC is deleted with team
* Update pkg/api/team_test.go
* Chore: Remove bus from user api
* Adu authinfoservice interface
* User authinfoservice.Service instead of authinfoservice.Implementation in HTTPServer
* Rename Implementation to authInfoService
* AccessControl: cover team permissions
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Add background service as a consumer to resource_services
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Define actions in roles.go
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Remove action from accesscontrol model
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* As suggested by kalle
* move some changes from branch to the skeleton PR
* Add background service as a consumer to resource_services
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* moving resourceservice to the main wire file pt2
* move team related actions so that they can be reused
* PR feedback
* fix
* typo
* Access Control: adding hooks for team member endpoints (#43991)
* AccessControl: cover team permissions
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Add background service as a consumer to resource_services
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Define actions in roles.go
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Remove action from accesscontrol model
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* As suggested by kalle
* add access control to list and add team member endpoint, and hooks for adding team members
* member permission type is 0
* add ID scope for team permission checks
* add more team actions, use Member for member permission name
* protect team member update endpoint with FGAC permissions
* update SQL functions for teams and the corresponding tests
* also protect team member removal endpoint with FGAC permissions and add a hook to permission service
* a few small fixes, provide team permission service to test setup
* AccessControl: cover team permissions
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Add background service as a consumer to resource_services
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Define actions in roles.go
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Remove action from accesscontrol model
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* As suggested by kalle
* move some changes from branch to the skeleton PR
* remove resource services from wireexts
* remove unneeded actions
* linting fix
* remove comments
* feedback fixes
* feedback
* simplifying
* remove team member within the same transaction
* fix a mistake with the error
* call the correct sql fction
* linting
* Access control: tests for team member endpoints (#44177)
* tests for team member endpoints
* clean up and fix the tests
* fixing tests take 2
* don't import enterprise test license
* don't import enterprise test license
* remove unused variable
Co-authored-by: gamab <gabi.mabs@gmail.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Refactor: Change sqlstore.inTransaction to SQLStore.WithTransactionalDBSession in misc files
* Refactor: Change .inTransaction in org.go file
* Refactor: Update init() to proper SQLStore handlers
* Refactor: Update funcs in tests to be sqlStore methods
* Refactor: Update API funcs to receive HTTPServer
* Fix: define methods on sqlstore
* Adjust GetSignedInUser calls
* Refactor: Add sqlStore to Service struct
* Chore: Add back black spaces to remove file from PR
Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com>
* Add PRO badge
* Allow adding extra content
* Add extra content for the new navbar
* Use highlight text instead of extra content
* Trigger extra events
* Remove ExtraContent
* Update public/app/core/components/NavBar/NavFeatureHighlight.tsx
Co-authored-by: Ashley Harrison <ashley.harrison@grafana.com>
* Remove redundant i
* Add UpgradeBox
* Move highlight to menu trigger
* Clear navbar next
* Cleanup
* Fix UpgradeBox styles
* Add arrow icon
Co-authored-by: Ashley Harrison <ashley.harrison@grafana.com>
* Check if datasource is read-only when making an update
* Standardize api returning a 404 if datasource is not found while making an update
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>, Jesse Weaver<pianohacker@gmail.com>
* Separate Tracer interface to TracerService and Tracer
* Fix lint
* Fix:Make it possible to start spans for both opentracing and opentelemetry in ds proxy
* Add span methods, use span interface for rest of tracing
* Fix logs in tracing
* Fix tests that are related to tracing
* Fix resourcepermissions test
* Fix some tests
* Fix more tests
* Add TracingService to wire cli runner
* Remove GlobalTracer from bus
* Renaming test function
* Remove GlobalTracer from TSDB
* Replace GlobalTracer in api
* Adjust tests to the InitializeForTests func
* Remove GlobalTracer from services
* Remove GlobalTracer
* Remove bus.NewTest
* Remove Tracer interface
* Add InitializeForBus
* Simplify tests
* Clean up tests
* Rename TracerService to Tracer
* Update pkg/middleware/request_tracing.go
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Initialize tracer before passing it to SQLStore initialization in commands
* Remove tests for opentracing
* Set span attributes correctly, remove unnecessary trace initiliazation form test
* Add tracer instance to newSQLStore
* Fix changes due to rebase
* Add modified tracing middleware test
* Fix opentracing implementation tags
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* refactor: use server admin listing serviceaccounts
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* setup route for specifc service account
* add routes to index
* main issue with spelling mistakes
* feat: make routes /serviceacconts/id for navModel
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* Update pkg/services/serviceaccounts/manager/service.go
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* AccessControl: POC scope attribute resolution
Refactor based on ScopeMutators
test errors and calls to cache
Add comments to tests
Rename logger
Create keywordMutator only once
* AccessControl: Add AttributeScopeResolver registration
Co-authored-by: gamab <gabriel.mabille@grafana.com>
* AccessControl: Add AttributeScopeResolver to datasources
Co-authored-by: gamab <gabriel.mabille@grafana.com>
* Test evaluation with translation
* fix imports
* AccessControl: Test attribute resolver
* Fix trailing white space
* Make ScopeResolver public for enterprise redefine
* Handle wildcard
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
Co-authored-by: jguer <joao.guerreiro@grafana.com>
* AccessControl: Add user metadata to user detail view
* AccessControl: Do not present delete or disable buttons based on ac metadata in admin/users
* AccessControl: do not allow password changing or user editing without permission
* AccessControl: Fetch global:users scope for admin
* AccessControl: optimize org.user metadata fetch
* Chore: early return if ac metadata is not available
* Feature highlights: add toggle setting
* Settings: Use provider for 'feature_highlights' section
* Fix frontendsettings API tests
* Document the toggle
Co-authored-by: Joan López de la Franca Beltran <5459617+joanlopez@users.noreply.github.com>
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
* AccessControl: Add access control metadata to OrgUserDTO
* AccessControl: get User AC metadata
* AccessControl: return User Access Control metadata when requested
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Change default options for cloned service account
* Run in background
* Add endpoint to upgrade api keys to service accounts
* AccessControl: Provide scope to frontend
* Covering datasources with accesscontrol metadata
* Write benchmark tests for GetResourcesMetadata
* Add accesscontrol util and interface
* Add the hasPermissionInMetadata function in the frontend access control code
* Use IsDisabled rather that performing a feature toggle check
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* add permission structure to signedinuser
* add middleware to load user permissions into signedinuser struct
* apply LoadPermissionsMiddleware to http server
* check for permissions in signedinuser struct
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* add model for data source
* add model for panels
* add omitempty
* make consistent with main
* dont emit bools
* resolve conflicts
* remove file
* remove file
* update field name
* always pass jsonData
* minify the changes
* remove dupe line
* Add interface Tracer, add Opentelemetry
* Fix lint
* Fix failing tests and return error if config not parsed fo opentelemetry
* Update defaults.ini
Add comment with jaeger url
* go mod tidy
* Remove comments that are not needed
* Move OpentracingSpan to tracing.go
* Add opentelemetry to sample.ini
Get rid of using legacydata.RequestHandler in HTTPServer, /api/tsdb/query and pkg/expr
with the goal of deprecating /api/tsdb/query and remove it completely eventually. This is
the first step of cleaning up the HTTP API query endpoint.
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Alexander Emelin <frvzmb@gmail.com>
* Chore: Refactor api handlers to use web.Bind
* fix comments
* fix comment
* trying to fix most of the tests and force routing.Wrap type check
* fix library panels tests
* fix frontend logging tests
* allow passing nil as a response to skip writing
* return nil instead of the response
* rewrite login handler function types
* remove handlerFuncCtx
* make linter happy
* remove old bindings from the libraryelements
* restore comments
* update AlertingEnabled and UnifiedAlertingSettings.Enabled to be pointers
* add a pseudo migration to fix the AlertingEnabled and UnifiedAlertingSettings.Enabled if the latter is not defined
* update the default configuration file to make default value for both 'enabled' flags be undefined
Misc
* update Migrator to expose DB engine. This is needed for a ualert migration to access the database while the list of migrations is created.
* add more verbose failure when migrations do not match
Co-authored-by: gotjosh <josue@grafana.com>
Co-authored-by: Yuriy Tseretyan <yuriy.tseretyan@grafana.com>
Co-authored-by: gillesdemey <gilles.de.mey@gmail.com>
* Add context to playlist
* Add AddEventListenerCtx and more context
* Update pkg/services/sqlstore/playlist.go
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Update pkg/services/sqlstore/playlist.go
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Update pkg/services/sqlstore/playlist.go
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Fix lint
* Rename listener help function
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* AccessControl: FGAC permissions for orgs endpoint on frontend
Protect org update endpoints
add or refactor missing right messages
cover org page
* removing scopes from orgs
* Perform permission control with global org
* Perform the error handling in case of 403
* Simplify frontend code by requiring read access for sure
* Remove roles I added to decrease the number of changes
* Remove the check for server admin to reduce the number of changes
* change error message
* Cleaning todos
* Remove unecessary changes
* Fix tests
* Update test snapshot
* Update pkg/api/roles.go
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
* Update public/app/features/admin/AdminEditOrgPage.tsx
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
* Format AdminEditOrgPage for linting
* Update public/app/features/admin/AdminEditOrgPage.tsx
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
* Update public/app/features/admin/AdminEditOrgPage.tsx
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* Update public/app/features/admin/AdminListOrgsPage.tsx
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* Commit suggestions
* Commit suggestion canRead canWrite
* fix typo
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* AccessControl: Check permissions in target org
* Remove org scopes and add an authorizeInOrg middleware
* Use query result org id and perform users permission check globally for GetOrgByName
* Remove scope translation for orgs current
* Suggestion from Ieva
* API: Fix dashboard quota limit for imports
* fix: refactor TestDashboardQuota to check if dashboard saved
* Refactor: incorporate Sofia suggestions into tests
* refactor: add fields to TestDashboard struct
* write import test
* refactor(pkg/api/frontendsettings): group plugin catalog settings
* feat(plugins/admin): add a default config value for `pluginCatalogHiddenPlugins`
* chore(grafana/config): add type for `pluginCatalogHiddenPlugins`
* feat(plugins/admin): hide plugins from the catalog based on the grafana config
* fix(plugins/admin): fix a rebase typo
* fix(plugins/admin): remove unnecessary filtering
* 8.2.4: Fine-grained access control enables organization admins to create/modify/delete user roles in other organization
* Revert back calls with ScopeOrgID
Co-authored-by: gamab <gabi.mabs@gmail.com>
* Replace encryption.Service by secrets.Service on expr.Service
* Replace encryption.Service by secrets.Service on live pkg
* Rename encryption.Service to encryption.Internal to clarify it must be not used
* fix(catalog): prefer rendering installed version over latest version
* feat(catalog): signify installed version in version history
* feat(catalog): introduce installedVersion and latestVersion
* refactor(catalog): use latestVersion for installation, simplify plugindetails header logic
* refactor(catalog): clean up installedVersion and latestVersion
* feat(catalog): use table-layout so versions list table has consistent column widths
* test(catalog): update failing tests
* removed the need of having a latest version in the plugin catalog type root level.
* fixed flaky test depending on what locale it was being running with.
* added missing test to verify version for a remote plugin.
* fixed version in header.
* preventing the UI from break if no versions are available.
* fixed failing test due to missing mock data.
* added todo as a reminder.
* refactor(catalog): prefer grafana plugin icons over gcom notfound images
* refactor(Plugins/Admin): change constant name
* refactor(Plugins/Admin): add comment to make condition easier to understand
* chore: update go modules
* feat(Backend/Plugins): add "dependencies" field to `PluginListItem`
* feat(Plugins/Admin): show the grafana dependency for the installed version
* refactor(Plugins/Admin): use the local version of links
* refactor(Plugins/Admin): prefer the local version for `.type`
* refactor(Plugins/ADmin): prefer the local `.description` field
* fix(Plugins/Admin): fix tests
* test(plugins/api): update the expected response for the `api/plugins` tests
* chore(Plugins/Admin): add todo comments to check preferation of remote/local values
* feat(backend/api): always send the grafana version as a header when proxying to GCOM
* feat(plugins/admin): use the `isCompatible` flag to get the latest compatible version
* feat(plugins/admin): show the latest compatible version in the versions list
* fix(plugins/admin): show the grafana dependency for the latest compatible version
* fix(plugins/admin): update the version list when installing/uninstalling a plugin
* test(plugins/admin): add some test-cases for the latest-compatible-version
* fix(plugins/admin): show the grafana dependency for the installed version (if installed)
* feat(plugins/backend): add the `dependencies.grafanaDependency` property to the plugin object
* test(plugins/backend): fix tests by adjusting expected response json
Co-authored-by: Marcus Andersson <marcus.andersson@grafana.com>
Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
* Add additional api key, move cloneserviceaccount
* Remove TODOs, for now
* Error messages
* Linter
* Security check
* Add comments
* Take service account id from correct variable
* Update user.go
* making it possible to cache plugins based on the version.
* feat(plugincache): introduce function to invalidate entries
* removed todo's
* added tests for the cache buster.
* fixed tests.
* fixed failing tests.
Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
Refactor usage of legacy data contracts. Moves legacy data contracts
to pkg/tsdb/legacydata package.
Refactor pkg/expr to be a proper service/dependency that can be provided
to wire to remove some unneeded dependencies to SSE in ngalert and other places.
Refactor pkg/expr to not use the legacydata,RequestHandler and use
backend.QueryDataHandler instead.
* API: return resource ID when deleting datasource and library element
* keep status codes consistent
* fix element ID
* add test
* improve response struct
* update endpoints documentation
* LibraryElementIDResponse -> DeleteLibraryElementResponse
* Use secrets service in pluginproxy
* Use secrets service in pluginxontext
* Use secrets service in pluginsettings
* Use secrets service in provisioning
* Use secrets service in authinfoservice
* Use secrets service in api
* Use secrets service in sqlstore
* Use secrets service in dashboardshapshots
* Use secrets service in tsdb
* Use secrets service in datasources
* Use secrets service in alerting
* Use secrets service in ngalert
* Break cyclic dependancy
* Refactor service
* Break cyclic dependancy
* Add FakeSecretsStore
* Setup Secrets Service in sqlstore
* Fix
* Continue secrets service refactoring
* Fix cyclic dependancy in sqlstore tests
* Fix secrets service references
* Fix linter errors
* Add fake secrets service for tests
* Refactor SetupTestSecretsService
* Update setting up secret service in tests
* Fix missing secrets service in multiorg_alertmanager_test
* Use fake db in tests and sort imports
* Use fake db in datasources tests
* Fix more tests
* Fix linter issues
* Attempt to fix plugin proxy tests
* Pass secrets service to getPluginProxiedRequest in pluginproxy tests
* Fix pluginproxy tests
* Revert using secrets service in alerting and provisioning
* Update decryptFn in alerting migration
* Rename defaultProvider to currentProvider
* Use fake secrets service in alert channels tests
* Refactor secrets service test helper
* Update setting up secrets service in tests
* Revert alerting changes in api
* Add comments
* Remove secrets service from background services
* Convert global encryption functions into vars
* Revert "Convert global encryption functions into vars"
This reverts commit 498eb19859.
* Add feature toggle for envelope encryption
* Rename toggle
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
* Navigation: Remove plus button behind feature toggle
* Navigation: Add home button behind feature toggle
* Navigation: Move settings/admin to bottom section behind feature toggle
* Navigation: Refactor grafana logo to be a NavBarItem
* Navigation: Create new PluginSection and styling changes to support new sections
* Navigation: Hack to use mobile menu as a mega menu for now
* Navigation: Only render plugin section if there are items
* Navigation: mobile menu is always 100% width if toggle is off
* Navigation: Reset width back to 48 and fix broken css property
* Navigation: Create generic NavBarSection component to reduce repetition
* Navigation: Don't show sublinks for core items
* Navigation: Comments from UX review
* Navigation: Remove mobile menu hack
* Navigation: Unit tests for enrichConfigItems and other minor review comments
* Navigation: Move section logic to backend
* Navigation: Refactor alerting links out into a separate function
* Navigation: More tests for isLinkActive
* Linting...
* Navigation: Create new NavBar component for when feature toggle is enabled
* AccessControl: Create FGAC roles for orgs
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
* Protect datasource tsdb and proxy endpoints with access control
* Add datasource query permissions to fixed admin role
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Mitch Seaman <mjseaman@users.noreply.github.com>
* Add extra fields to OSS types to support enterprise
* Create a service account at the same time as the API key
* Use service account credentials when accessing API with APIkey
* Add GetRole to service, merge RoleDTO and Role structs
This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons:
1. Makes switching between OSS and Enterprise easier
2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise
* If API key is not linked to a service account, continue login as usual
* Fallback to old auth if no service account linked to key
* Add CloneUserToServiceAccount
* Adding LinkAPIKeyToServiceAccount
* Handle api key link error
* Better error messages for OSS accesscontrol
* Set an invalid user id as default
* Re-arrange field names
* ServiceAccountId is integer
* Better error messages
Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com>
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* context all the things
* apply feedback
* rollback some alerting changes
* rollback some alerting changes #2
* more rollbacks
* more rollbacks #2
* more rollbacks #3
* more rollbacks #4
* fix integration test
* add missing context
* add missing and remove incorrect dispatch
* Add global week start option to shared preferences
* Add default_week_start to configuration docs
* Add week start option to dashboards
* Add week start argument to tsdb time range parser
* Fix strict check issues
* Add tests for week start
* Change wording on default_week_start documentation
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Update week_start column to be a nullable field
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Update configuration to include browser option
* Update WeekStartPicker container selector
Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com>
* Add menuShouldPortal to WeekStartPicker to remove deprecation warning
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Add inputId to WeekStartPicker
* Use e2e selector on WeekStartPicker aria-label
* Simplify WeekStartPicker onChange condition
* Specify value type on WeekStartPicker weekStarts
* Remove setWeekStart side effect from reducer
* Fix updateLocale failing to reset week start
* Store week start as string to handle empty values
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Encryption: Add support to encrypt/decrypt sjd
* Add datasources.Service as a proxy to datasources db operations
* Encrypt ds.SecureJsonData before calling SQLStore
* Move ds cache code into ds service
* Fix tlsmanager tests
* Fix pluginproxy tests
* Remove some securejsondata.GetEncryptedJsonData usages
* Add pluginsettings.Service as a proxy for plugin settings db operations
* Add AlertNotificationService as a proxy for alert notification db operations
* Remove some securejsondata.GetEncryptedJsonData usages
* Remove more securejsondata.GetEncryptedJsonData usages
* Fix lint errors
* Minor fixes
* Remove encryption global functions usages from ngalert
* Fix lint errors
* Minor fixes
* Minor fixes
* Remove securejsondata.DecryptedValue usage
* Refactor the refactor
* Remove securejsondata.DecryptedValue usage
* Move securejsondata to migrations package
* Move securejsondata to migrations package
* Minor fix
* Fix integration test
* Fix integration tests
* Undo undesired changes
* Fix tests
* Add context.Context into encryption methods
* Fix tests
* Fix tests
* Fix tests
* Trigger CI
* Fix test
* Add names to params of encryption service interface
* Remove bus from CacheServiceImpl
* Add logging
* Add keys to logger
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Add missing key to logger
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Undo changes in markdown files
* Fix formatting
* Add context to secrets service
* Rename decryptSecureJsonData to decryptSecureJsonDataFn
* Name args in GetDecryptedValueFn
* Add template back to NewAlertmanagerNotifier
* Copy GetDecryptedValueFn to ngalert
* Add logging to pluginsettings
* Fix pluginsettings test
Co-authored-by: Tania B <yalyna.ts@gmail.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Extract search users to a new service
* Fix wire provider
* Fix common_test and remove RouteRegister
* Remove old endpoints
* Fix test
* Create search filters using interfaces
* Move Enterprise filter, rename filter for filters and allow use filters with params
* Each filter has unique key
* Back activeLast30Days filter to OSS
* Fix tests
* Delete unusued param
* Move filters to searchusers service and small refactor
* Fix tests
* rename Bind to BindMiddleware
* make things private
* removed unused part of data bindings
* provide json and form binding helpers
* add example of binding migration in login api
* implement validation
* fix tests
* remove debug output
* put new bind api into macaron pacakge
* revert bind api breaking change
* refactor licenseURL function to use context and export permission evaluation fction
* remove provisioning file
* refactor licenseURL to take in a bool to avoid circular dependencies
* remove function for appending nav link, as it was only used once and move the function to create admin node
* better argument names
* create a function for permission checking
* extend permission checking when displaying server stats
* enable the use of enterprise access control actions when evaluating permissions
* import ordering
* move licensing FGAC action definitions to models package to allow access from oss
* move evaluatePermissions for routes to context serve
* change permission evaluator to take in more permissions
* move licensing FGAC actions again to appease wire
* avoid index out of bounds issue in case no children are passed in when creating server admin node
* simplify syntax for permission checking
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* update loading state for server stats
* linting
* more linting
* fix test
* fix a frontend test
* update "licensing.reports:read" action naming
* UI doesn't allow reading only licensing reports and not the rest of licensing info
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Extract search users to a new service
* Fix wire provider
* Fix common_test and remove RouteRegister
* Remove old endpoints
* Fix test
* Add indexes to dashboards and orgs tables
* Fix lint
* Add context to star and stats
* Use WithTransactionalDbSession
* Add additional ctx
* Remove convey
* Fix star handler name
* Use WithDbSession, use DispatchCtx
* Remove xorm from star
Require guardian.New to take context.Context as first argument.
Migrates the GetDashboardAclInfoListQuery to be dispatched using context.
Ref #36734
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: sam boyer <sam.boyer@grafana.com>
* Move legacy accesscontrol to middleware layer
* Remove bus usage for this endpoint
* Add tests for legacy accesscontrol
* Fix tests for org user and remove one more bus usage
* Added test for FolderAdmin as suggested in the review
* pass url parameters through context.Context
* fix url param names without colon prefix
* change context params to vars
* replace url vars in tests using new api
* rename vars to params
* add some comments
* rename seturlvars to seturlparams
* Chore: GetDashboardQuery should be dispatched using DispatchCtx
* Fix after merge
* Changes after review
* Various fixes
* Use GetDashboardCtx function instead of GetDashboard
* AccessControl: add one-dimensional permissions to datasources in the backend
* AccessControl: add one-dimensional permissions to datasources in the frontend (#38080)
Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com>
* Add encryption service
* Add tests for encryption service
* Inject encryption service into http server
* Replace encryption global function usage in login tests
* Migrate to Wire
* Move Encryption bindings to OSS Wire set
* Chore: Refactor securedata to remove global encryption calls from dashboard snapshots
* Fix dashboard snapshot tests
* Remove no longer user test
* Add dashboard snapshots service tests
* Refactor service initialization
* Set up dashboard snapshots service as a background service
Co-authored-by: Tania B <yalyna.ts@gmail.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Add encryption service
* Add tests for encryption service
* Inject encryption service into http server
* Replace encryption global function usage in login tests
* Migrate to Wire
* Refactor authinfoservice to use encryption service
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
Co-authored-by: Joan López de la Franca Beltran <5459617+joanlopez@users.noreply.github.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Sidemenu: Attempt to refactor BottomNavLinks to use SideMenuDropDown
* BottomNavLinks: Rewrite existing enzyme tests in RTL
* BottomNavLinks: Use object spreading instead of slicing
* Add encryption service
* Add tests for encryption service
* Inject encryption service into http server
* Replace encryption global function usage in login tests
* Apply suggestions from code review
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Migrate to Wire
* Undo non-desired changes
* Move Encryption bindings to OSS Wire set
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
Co-authored-by: Joan López de la Franca Beltran <5459617+joanlopez@users.noreply.github.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* simplify some dependency injection in macaron
* remove unused internal server error handler from macaron
* remove internal server error handler from the router
* remove unused combo router api
* remove unused parts of the macaron router
* Add short url validation
Path should not contain string ../
* Update pkg/api/short_url.go
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Fixes#30144
Co-authored-by: dsotirakis <sotirakis.dim@gmail.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com>
Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
Co-authored-by: Leon Sorokin <leeoniya@gmail.com>
Co-authored-by: Andrej Ocenas <mr.ocenas@gmail.com>
Co-authored-by: spinillos <selenepinillos@gmail.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: Leonard Gram <leo@xlson.com>
Introduces org-level isolation for the Alertmanager and its components.
Silences, Alerts and Contact points are not separated by org and are not shared between them.
Co-authored with @davidmparrott and @papagian
* add a more flexible way to create permissions
* update interface for accesscontrol to use new eval interface
* use new eval interface
* update middleware to use new eval interface
* remove evaluator function and move metrics to service
* add tests for accesscontrol middleware
* Remove failed function from interface and update inejct to create a new
evaluator
* Change name
* Support Several sopes for a permission
* use evaluator and update fakeAccessControl
* Implement String that will return string representation of permissions
for an evaluator
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Add check before delete org
* Fix comment
* Simpify check if signed in user belongs to the org
* Add check on login if user has and existing org
change error code to 400, when org can not be deleted
* Roll back last commit, regarding an different issue
