Commit Graph

79 Commits

Author SHA1 Message Date
mikkancso
18f5f763a9
Connections: Align permissions for Connections page (#60725)
* protect /connection url paths with permissions

These permissions match the original ones at /datasources and /plugins

* add Connections section to navtree only if user has permissions

This commit works only when the easystart plugin is not present.
I'll see what I can do when it is present in the next commit(s).

* update datasources page permissions

The datasources page have Explore buttons on datasource entries,
therefore it makes sense to show this page for those, who can't edit or
create datasources but have explore permissions.
This applies for the traditional Editor role.

* DataSourcesList: link to edit page only if has right to write

If the user doesn't have rights to write datasources, then it's better
to not create a link from cards to the edit page. This way they won't
see the configuration of the data sources either, which is a desirable
outcome.

Also, I moved the query for DataSourcesExplore permission out from the
DataSourcesListView component in the DataSourcesList component, next to
the other permission queries - for the sake of consistency.

* fix permissions for connect data

This way it matches the permissions of the "Plugins" page.

* fix applinks test
2023-01-06 03:11:27 -05:00
Sven Grossmann
386faf5958
OpenSearch: Use aoss servicename if OpenSearch is configured as serverless (#60344)
* Use `aoss` if opensearch is configured as `serverless`
2022-12-14 20:22:26 +01:00
Andreas Christou
c81df0dec0
AzureMonitor: Add custom header support to Azure Monitor (#60269)
* Add integration test for Azure Monitor

- Add Azure Monitor to datasource types
- Update instance creation to correctly set HTTP client options
- Combine custom azure headers and custom grafana headers on HTTP client creation
- Update HTTP client tests

* Test custom azure headers
2022-12-14 15:09:11 +00:00
Kyle Brandt
55d2d872ec
Chore: Missed deprecations due to overly broad lint exclusion (#59732) 2022-12-14 12:32:45 +01:00
Zoltán Bedi
d65899de7b
SQL Datasources: Move database setting to jsonData (#58649)
* Datasource settings: Add deprecation notice for database field

* SQL Datasources: Migrate from settings.database to settings.jsonData.database

* Check jsonData first

* Remove comment from docs
2022-12-13 09:56:52 +01:00
Will Browne
0fca3cf9dd
Datasources: Use context logger in cache service (#59547) 2022-11-30 14:25:04 +01:00
Sasha Melentyev
c02003af3c
Refactor time durations (#58484)
This change uses `time.Second` in place of `1000 * time.Millisecond` and `time.Minute` in place of `60*time.Second`.
2022-11-22 15:09:15 +08:00
Sofia Papagiannaki
9855e74b92
Chore: Refactor quota service (#58643)
Chore: Refactor quota service (#57586)

* Chore: refactore quota service

* Apply suggestions from code review
2022-11-14 21:08:10 +02:00
Sofia Papagiannaki
96cdf77995
Revert "Chore: Refactor quota service (#57586)" (#58394)
This reverts commit 326ea86a57.
2022-11-08 11:52:07 +02:00
Sofia Papagiannaki
326ea86a57
Chore: Refactor quota service (#57586)
* Chore: refactore quota service

* Apply suggestions from code review
2022-11-08 10:25:34 +02:00
Ieva
92531c5596
move data source permission model to enterprise repo (#57615) 2022-10-26 11:49:45 +01:00
Kristin Laemmert
05709ce411
chore: remove sqlstore & mockstore dependencies from (most) packages (#57087)
* chore: add alias for InitTestDB and Session

Adds an alias for the sqlstore InitTestDB and Session, and updates tests using these to reduce dependencies on the sqlstore.Store.

* next pass of removing sqlstore imports
* last little bit
* remove mockstore where possible
2022-10-19 09:02:15 -04:00
Selene
ba6c715708
Chore: Delete unused db in orgs and use db in datasources (#57085)
* Delete unused db in orgs and use db in datasources

* Sort imports
2022-10-17 16:27:56 +02:00
Gabriel MABILLE
7595ed0668
FIX: Remove RBAC datasource permissions upon datasource deletion (#56530)
* FIX: Remove RBAC datasource permissions upon datasource deletion

* Use scope provider instead

* Fix test
2022-10-07 08:30:15 -04:00
Ieva
6d5bdf12e8
resolve merge conflicts (#55503) 2022-09-20 13:31:08 -04:00
George Robinson
c4d32dd687
Fix nil logger in SqlStore (#54726) 2022-09-05 18:24:19 +01:00
ying-jeanne
6227528ea0
Chore: SQL Store Split of datasource (#54262)
* refectory datasource

* fix linter
2022-08-26 11:03:38 -04:00
Guilherme Caulada
f25c7f6ddd
Chore: Refactor secrets kvstore to organize testing and migrations (#54249)
* Refactor migrations and tests for secrets kvstore

* Use fake secrets store as a shortcut on tests

* Update wire

* Use global migration logger

* Fix ds proxy tests

* Fix linting issues

* Rename data source test setup function
2022-08-25 18:04:44 -03:00
idafurjes
a14621fff6
Chore: Add user service method SetUsingOrg and GetSignedInUserWithCacheCtx (#53343)
* Chore: Add user service method SetUsingOrg

* Chore: Add user service method GetSignedInUserWithCacheCtx

* Use method GetSignedInUserWithCacheCtx from user service

* Fix lint after rebase

* Fix lint

* Fix lint error

* roll back some changes

* Roll back changes in api and middleware

* Add xorm tags to SignedInUser ID fields
2022-08-11 13:28:55 +02:00
Jo
062d255124
Handle ioutil deprecations (#53526)
* replace ioutil.ReadFile -> os.ReadFile

* replace ioutil.ReadAll -> io.ReadAll

* replace ioutil.TempFile -> os.CreateTemp

* replace ioutil.NopCloser -> io.NopCloser

* replace ioutil.WriteFile -> os.WriteFile

* replace ioutil.TempDir -> os.MkdirTemp

* replace ioutil.Discard -> io.Discard
2022-08-10 15:37:51 +02:00
idafurjes
6afad51761
Move SignedInUser to user service and RoleType and Roles to org (#53445)
* Move SignedInUser to user service and RoleType and Roles to org

* Use go naming convention for roles

* Fix some imports and leftovers

* Fix ldap debug test

* Fix lint

* Fix lint 2

* Fix lint 3

* Fix type and not needed conversion

* Clean up messages in api tests

* Clean up api tests 2
2022-08-10 11:56:48 +02:00
Michael Mandrus
72d9de3a0f
Secrets: Implement Secret Plugin required flag and fatal crash on startup (#52552)
* add special handling on the plugin gathering side to check whether secrets manager plugins are enabled or not

* show disabled badge in front end if the plugin is not enabled

* Only show error in disabled badge hover if one is present (otherwise it shows "undefined")

* refactor to make use of fields already available in the DTO

* fix typo

* if there is no error returned for the plugin, just show 'disabled'

* fix typo

* Update public/app/features/plugins/admin/components/Badges/PluginDisabledBadge.tsx

Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>

* Update frontendsettings.go

add clarifying comment

* fix unit test

* rework task to use new frontend property combined with plugin type to determine if the plugin should be disabled

* Update helpers.test.ts

revert test change

* fix unit test

* show custom uninstall message if the plugin is a secrets manager

* bogus commit to trigger precommit

* undo commit

* run precommit manually

* add some consts

* refactor a bit to pull plugin error management up a level

* re-add code squashed in merge

* fix compile issues

* add code to set plugin error fatal flag after secret migration

* refactor to move plugin startup out of Should Check func

* re-add important check

* make plugin startup errors fatal the first time we set a secret on the plugin

* rename func to make intent clearler

* remove unnecessary duplicate code from plugin mig

* fix compile error

* fix more compile errors

* add some extra logging to secrets migration

* have remote_plugin secret service managed plugin error fatal flag directly

* add blank file for eventual unit tests

* fix linting issues

* changes from PR review

* quick bit of cleanup

* add comment explaining design decision

* move more common test helpers to file

* slightly update to first time Get secret call

* add unit tests

* remove override func from provider

* fix linting issues

* add test cleanup step

* add some comments about refactoring to hacky test function

Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
2022-07-25 12:37:47 -04:00
Artur Wierzbicki
33fc3a683b
Datasources: add datasourceUids filter 2022-07-25 19:24:22 +04:00
Giordano Ricci
5ce4baf6f5
Correlations: Add CreateCorrelation HTTP API (#51630)
* Correlations: add migration

* Correlations: Add CreateCorrelation API

* Correlations: Make correlations work with provisioning

* Handle version changes

* Fix lining error

* lint fixes

* rebuild betterer results

* add a UID to each correlation

* Fix lint errors

* add docs

* better wording in API docs

* remove leftover comment

* handle ds updates

* Fix error message typo

* add bad data test

* make correlations a separate table

* skip readonly check when provisioning correlations

* delete stale correlations when datasources are deleted

* restore provisioned readonly ds

* publish deletion event with full data

* generate swagger and HTTP API docs

* apply source datasource permission to create correlation API

* Fix tests & lint errors

* ignore empty deletion events

* fix last lint errors

* fix more lint error

* Only publish deletion event if datasource was actually deleted

* delete DS provisioning deletes correlations, added & fixed tests

* Fix unmarshalling tests

* Fix linting errors

* Fix deltion event tests

* fix small linting error

* fix lint errors

* update betterer

* fix test

* make path singular

* Revert "make path singular"

This reverts commit 420c3d315e.

* add integration tests

* remove unneeded id from correlations table

* update spec

* update leftover references to CorrelationDTO

* fix tests

* cleanup tests

* fix lint error
2022-07-25 15:19:07 +01:00
Todd Treece
b5d57c45e3
Plugins: Add support for HTTP logger (#46578) 2022-07-21 09:46:47 -04:00
Jean-Philippe Quéméner
50ae42130b
Alerting: take datasources as external alertmanagers into consideration (#52534) 2022-07-20 16:50:49 +02:00
George Robinson
91fd0223a4
Datasources: Allow configuration of the TTL (#52161) 2022-07-15 10:48:52 +01:00
Michael Mandrus
9aa6ce2a50
Datasource: Propagate datasource secret decryption errors to the frontend (#52068)
* update decrypt secrets function signature and add secrets error handling

* remove a couple instances of unnecessary logging since errors are properly handled now

* add unit test

* fix linting issues
2022-07-13 09:27:03 -04:00
Michael Mandrus
dfc7a98d87
add comments (#52124) 2022-07-12 19:21:02 -04:00
Guilherme Caulada
2d8a91a846
Secrets: Improve unified secrets migration and implement compatibility flag (#50463)
* Implement disableSecretsCompatibility flag

* Allow secret deletion right after migration

* Use dialect.Quote for secure_json_data on secret deletion

Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>

* Set secure_json_data to NULL instead of empty json

* Run toggles_gen_test and use generated flag variable

* Add ID to delete data source secrets command on function call

Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>

* Remove extra query to get datasource on secret deletion

* Fix linting issues with CHANGELOG.md

* Use empty json string when deleting secure json data

* Implement secret migration as a background process

* Refactor secret migration as a background service

* Refactor migration to be inside secret store

* Re-add secret deletion function removed on merge

* Try using transaction to fix db lock during tests

* Disable migration for pipeline debugging

* Try adding sleep to fix database lock

* Remove unecessary time sleep from migration

* Fix merge issue, replace models with datasources

* Try event listener approach

* Fix merge issue, replace models with datasources

* Fix linting issues with unchecked error

* Remove unecessary trainling new line

* Increase wait interval on background secret migration

* Rename secret store migration folder for consistency

* Convert background migration to blocking

* Fix number of arguments on server tests

* Check error value of secret migration provider

* Fix linting issue with method varaible

* Revert unintended change on background services

* Move secret migration service provider to wire.go

* Remove unecessary else from datasource service

* Move transaction inside loop on secret migration

* Remove unecessary GetServices function

* Remove unecessary interface after method removal

* Rename Run to Migrate on secret migration interface

* Rename secret migrations service variable on server

* Use MustBool on datasource secret migration

* Revert changes to GetDataSources

* Implement GetAllDataSources function

* Remove DeleteDataSourceSecrets function

* Move datasource secret migration to datasource service

* Remove unecessary properties from datasource secret migration

* Make DecryptLegacySecrets a private method

* Remove context canceled check on secret migrator

* Log error when fail to unmarshal datasource secret

* Add necessary fields to update command on migration

* Handle high availability on secret migration

* Use kvstore for datasource secret migration status

* Add error check for migration status set on kvstore

* Remove NewSecretMigrationService from server tests

* Use const for strings on datasource secrets migration

* Test all cases for datasources secret migrations

Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
2022-07-12 17:27:37 -03:00
Ryan McKinley
4fa606c600
Export: save all dashboards to git (#48233) 2022-07-05 10:54:07 -07:00
Kristin Laemmert
945f015770
backend/datasources: move datasources models into the datasources service package (#51267)
* backend/datasources: move datasources models into the datasources service pkg
2022-06-27 12:23:15 -04:00
Michael Mandrus
c043a8818a
Secrets: add better error handling for secret plugin failures when updating datasources (#50542)
* Add protobuf config and generated code, and client wrapper

* wire up loading of secretsmanager plugin, using renderer plugin as a model

* update kvstore provider to check if we should use the grpc plugin. return false always in OSS

* add OSS remote plugin check

* refactor wire gen file

* log which secrets manager is being used

* Fix argument types for remote checker

* Turns out if err != nil, then the result is always nil. Return empty values if there is an error.

* remove duplicate import

* ensure atomicity by adding secret management as a step to sql operations and rolling back if necessary

* Update pkg/services/secrets/kvstore/kvstore.go

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>

* Update pkg/services/secrets/kvstore/kvstore.go

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>

* refactor RemotePluginCheck interface to just return the Plugin client directly

* rename struct to something less silly

* add special error handling for remote secrets management

* switch to errors.as instead of type inference

* remove unnecessary rollback call

* just declare error once

* refactor .proto file according to prior PR suggestions

* re-generate protobuf files and fix compilation errors

* only wrap (ergo display in the front end) errors that are user friendly from the plugin

* rename error type to suggest user friendly only

* rename plugin functions to be more descriptive

* change delete message name

* Revert "change delete message name"

This reverts commit 8ca978301e.

* Revert "rename plugin functions to be more descriptive"

This reverts commit 4355c9b9ff.

* fix pointer to pointer problem

* change plugin user error to just hold a string

* fix sequencing problem with datasource updates

* clean up some return statements

* need to wrap multiple transactions with the InTransaction() func in order to keep the lock

* make linter happy

* revert input var name

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2022-06-16 12:26:57 -04:00
Sergey Kostrukov
2d3cc26aa8
Prometheus: Remove Azure code from datasource service (#50737)
Ref #35857
2022-06-14 10:47:06 +02:00
Kevin Lewin
5aab95885f
Alertmanager: Adding SigV4 Authentication to Alertmanager Datasource (#49718)
* adding sigv4 alertmanager

* adding sigv4 alertmanager

* ConfigEditor: Adding Render Prop
2022-06-14 10:15:21 +02:00
Tania
4f8111e24e
Encryption: Fix multiple data keys migration (#49848)
* Add migration

* Migrator: Extend support to rename columns

* Fix getting current key

* Fix column name in migration

* Fix deks reencryption

* Fix caching

* Add back separate caches for byName and byPrefix

* Do not concatenate prefix with uid

* Rename DataKey struc fields

* SQLStore: Add deprecation comments for breaking migrations

* Add comment

* Minor corrections

Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
2022-06-04 12:55:49 +02:00
Marcus Efraimsson
36c3398c6d
Datasource: Remove support for unencrypted passwords (#49987)
* Datasource: Remove support for unencrypted passwords

* regenerate swagger

* [WIP] Remove references to datasource password and basic auth password fields (#50015)

* try delete moar tings

* delete provisioning stuff

* remove from yaml

* update snapshots

* remove lingering snapshot fields

* fix ds http settings

* Re-generate swagger and fix swagger-api-spec make target

Co-authored-by: Will Browne <will.browne@grafana.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2022-06-03 17:38:22 +02:00
Guilherme Caulada
470be98588
Secrets: Fix unified secrets backwards compatibility (#49719)
* Fix unified secrets backwards compatibility

* Add compatibility fix to AddDataSource function

* Allow updating password on fail to decrypt secrets

* If unified secret is corrupt try migrating
2022-06-01 10:45:43 -03:00
Sergey Kostrukov
2b83cf4618
Prometheus: Predefined scopes for Azure authentication (#49557)
* Predefined scopes for Azure Prometheus

* Allow override of audience
2022-05-30 17:43:32 +02:00
Karl Persson
60bc3e4e5c
AccessControl: Let users with data source create permissions list non-core plugins (#48897)
* Only require create and permissions for new data source page

* Let users with permissions to create data sources list non-core plugins

* Keep the admin check as fallback when using rbac as well
2022-05-13 10:30:26 +02:00
Karl Persson
61772a66b6
AccessControl: Create own interface and impl for each permission service (#48871)
* Create own interfaces for team, folder, dashboard and data source permissions services
* Remove service container and inject them individually
2022-05-10 15:48:47 +02:00
Guilherme Caulada
2533f21015
DataSource: Fix secure json data reset on datasource update (#48557)
* Fix secure json data reset on datasource update

* Update fillWithSecureJSONData to use DecryptedValues

* Remove unecessary conversion

* Move fillWithSecureJsonData logic to datasource service

* Add sanity check for nil secure json data
2022-05-02 11:29:13 -03:00
Karl Persson
de50f39c12
Access Control: Refactor scope resolvers with support to resolve into several scopes (#48202)
* Refactor Scope resolver to support resolving into several scopes

* Change permission evaluator to match at least one of passed scopes
2022-05-02 09:29:30 +02:00
Guilherme Caulada
53e9bf47db
Secrets: Implement tests and debug log improvements on unified secrets (#48213)
* Add test for decrypted values on datasource service

* Add debug log when fail to parse secure json fields

* Fix minor import issue

* Refactor encJson to json and simplejson to sjson on tests
2022-04-25 15:12:44 -03:00
Guilherme Caulada
a367ad730c
Secrets: Implement basic unified secret store service (#45804)
* wip: Implement kvstore for secrets

* wip: Refactor kvstore for secrets

* wip: Add format key function to secrets kvstore sql

* wip: Add migration for secrets kvstore

* Remove unused Key field from secrets kvstore

* Remove secret values from debug logs

* Integrate unified secrets with datasources

* Fix minor issues and tests for kvstore

* Create test service helper for secret store

* Remove encryption tests from datasources

* Move secret operations after datasources

* Fix datasource proxy tests

* Fix legacy data tests

* Add Name to all delete data source commands

* Implement decryption cache on sql secret store

* Fix minor issue with cache and tests

* Use secret type on secret store datasource operations

* Add comments to make create and update clear

* Rename itemFound variable to isFound

* Improve secret deletion and cache management

* Add base64 encoding to sql secret store

* Move secret retrieval to decrypted values function

* Refactor decrypt secure json data functions

* Fix expr tests

* Fix datasource tests

* Fix plugin proxy tests

* Fix query tests

* Fix metrics api tests

* Remove unused fake secrets service from query tests

* Add rename function to secret store

* Add check for error renaming secret

* Remove bus from tests to fix merge conflicts

* Add background secrets migration to datasources

* Get datasource secure json fields from secrets

* Move migration to secret store

* Revert "Move migration to secret store"

This reverts commit 7c3f872072.

* Add secret service to datasource service on tests

* Fix datasource tests

* Remove merge conflict on wire

* Add ctx to data source http transport on prometheus stats collector

* Add ctx to data source http transport on stats collector test
2022-04-25 13:57:45 -03:00
Ieva
68ca5b2e05
Access control: refactor RBAC checks (#48107)
* refactor RBAC checks

* fix a test

* another test fix

* and another
2022-04-25 10:42:09 +02:00
Serge Zaitsev
e86b6662a1
Chore: Remove bus.Bus field (#47695)
* Chore: Remove bus.Bus field

* fix integration test
2022-04-13 15:24:13 +02:00
Serge Zaitsev
18e93c7077
Chore: Remove bus (#47511)
* Chore: Remove bus

* remove unused const
2022-04-08 16:15:06 +02:00
Sergey Kostrukov
5675496f6b
Migrate to Grafana Azure SDK (#47232) 2022-04-04 11:23:13 +02:00
Yuriy Tseretyan
e94d0c1b96
Alerting: update rule test endpoints to respect data source permissions (#47169)
* make eval.Evaluator an interface
* inject Evaluator to TestingApiSrv
* move conditionEval to RouteTestGrafanaRuleConfig because it is the only place where it is used
* update rule test api to check data source permissions
2022-04-02 02:00:23 +02:00