Removes all references and usage of PhantomJS #23375.
Remove direct link rendered image e2e smoke test for now.
Docker: Fix installing chrome in ubuntu custom docker image.
Improve handling of image renderer not available/installed #23593.
Add PhantomJS breaking change and upgrading notes.
Use grabpl v0.2.10.
Closes#13802
Co-authored-by: Kyle Brandt <kyle@grafana.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
Enables adding a section `plugin.<plugin id>` and key/value to
Grafana configuration file which will be converted and sent
as environment variables to the backend plugin.
Also sends some additional environment variables, Grafana
version (GF_VERSION), Grafana edition (GF_EDITION) and
enterprise license path (GF_ENTERPRISE_LICENSE_PATH).
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Fixes#21515,
* Cookie : Increase duration to avoid error
When using oauth2 authentication with multifactor, the 60s delay may be too short
* Introduce new setting for OAuth state cookie max age
Co-authored-by: Sofia Papagiannaki <sofia@grafana.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Add integration with Jeager
Add Jaeger datasource and modify derived fields in loki to allow for opening a trace in Jager in separate split.
Modifies build so that this branch docker images are pushed to docker hub
Add a traceui dir with docker-compose and provision files for demoing.:wq
* Enable docker logger plugin to send logs to loki
* Add placeholder zipkin datasource
* Fixed rebase issues, added enhanceDataFrame to non-legacy code path
* Trace selector for jaeger query field
* Fix logs default mode for Loki
* Fix loading jaeger query field services on split
* Updated grafana image in traceui/compose file
* Fix prettier error
* Hide behind feature flag, clean up unused code.
* Fix tests
* Fix tests
* Cleanup code and review feedback
* Remove traceui directory
* Remove circle build changes
* Fix feature toggles object
* Fix merge issues
* Fix some null errors
* Fix test after strict null changes
* Review feedback fixes
* Fix toggle name
Co-authored-by: David Kaltschmidt <david.kaltschmidt@gmail.com>
* Revert "API: Fix redirect issue when configured to use a subpath (#21652)" (#22671)
This reverts commit 0e2d874ecf.
* Fix redirect validation (#22675)
* Chore: Add test for parse of app url and app sub url
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Fix redirect: prepend subpath only if it's missing (#22676)
* Validate redirect in login oauth (#22677)
* Fix invalid redirect for authenticated user (#22678)
* Login: Use correct path for OAuth logos
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
This feature would provide a way for administrators to limit the minimum
dashboard refresh interval globally.
Filters out the refresh intervals available in the time picker that are lower
than the set minimum refresh interval in the configuration .ini file
Adds the minimum refresh interval as available in the time picker.
If the user tries to enter a refresh interval that is lower than the minimum
in the URL, defaults to the minimum interval.
When trying to update the JSON via the API, rejects the update if the
dashboard's refresh interval is lower than the minimum.
When trying to update a dashboard via provisioning having a lower
refresh interval than the minimum, defaults to the minimum interval
and logs a warning.
Fixes#3356
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Breaking change: If disabled the cookie samesite cookie attribute
will not be set, but if none the attribute will be set and is a
breaking change compared to before where none did not render the
attribute. This was due to a known issue in Safari.
Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
Fixes#19847
* add min_interval_seconds setting to alerting config
It will let operator enforce a minimum time for the scheduler to enqueue evaluations
* Introduce UI modifications
* Update docs
Co-authored-by: Martin <uepoch@users.noreply.github.com>
* Settings: supports env overrrides for dynamic settings
* Settings: makes it possible to explicitly get env override support for dynamic settings
* Make linter happy
Removes send_client_credentials_via_post oauth setting and
use auto-detect mechanism instead.
By these changes also fixes statichcheck errors
Ref #8968
Adds a new setting disable_admin_user and when true the default
admin user will not be created when Grafana starts for the first
time (or no users exists in the system).
Closes#19038
* AuthProxy: Can now login with auth proxy and get a login token
* added unit tests
* renamed setting and updated docs
* AuthProxy: minor tweak
* Fixed tests and namings
* spellfix
* fix
* remove unused setting, probably from merge conflict
* fix
* Renamed ttl config in code to be more consistent with behaviour
* Introduced new setting `sync_ttl` in .ini file
* Keeping the old setting `ldap_sync_ttl` in the .ini file as fallback and compatibility.
Adds support for Generic OAuth role mapping. A new
configuration setting for generic oauth is added named
role_attribute_path which accepts a JMESPath expression.
Only Grafana roles named Viewer, Editor or Admin are
accepted.
Closes#9766
* use grafana-plugin-model dependency that uses go modules
* use grafana-plugin-model with updated hashicorp/go-plugin
* use grafana-plugin-model with re-compiled protos
* test using protoc-gen-go v1.2.0 tag
* use grafana-plugin-model with re-compiled protos
* chore: fix deprecation warning for lint
* use latest grafana-plugin-model
Fixes#19454
Don't update total stats metrics if reporting is disabled.
New setting disable_total_stats for turning off update
of total stats (stat_totals_*) metrics.
Ref #19137
* Modify backend to allow expiration of API Keys
* Add middleware test for expired api keys
* Modify frontend to enable expiration of API Keys
* Fix frontend tests
* Fix migration and add index for `expires` field
* Add api key tests for database access
* Substitude time.Now() by a mock for test usage
* Front-end modifications
* Change input label to `Time to live`
* Change input behavior to comply with the other similar
* Add tooltip
* Modify AddApiKey api call response
Expiration should be *time.Time instead of string
* Present expiration date in the selected timezone
* Use kbn for transforming intervals to seconds
* Use `assert` library for tests
* Frontend fixes
Add checks for empty/undefined/null values
* Change expires column from datetime to integer
* Restrict api key duration input
It should be interval not number
* AddApiKey must complain if SecondsToLive is negative
* Declare ErrInvalidApiKeyExpiration
* Move configuration to auth section
* Update docs
* Eliminate alias for models in modified files
* Omit expiration from api response if empty
* Eliminate Goconvey from test file
* Fix test
Do not sleep, use mocked timeNow() instead
* Remove index for expires from api_key table
The index should be anyway on both org_id and expires fields.
However this commit eliminates completely the index for now
since not many rows are expected to be in this table.
* Use getTimeZone function
* Minor change in api key listing
The frontend should display a message instead of empty string
if the key does not expire.
* x_xss_protection
* strict_transport_security (HSTS)
* x_content_type_options
these are currently defaulted to false (off) until the next minor release.
fixes#17509
Adds a new [server] setting `serve_from_sub_path`. By enabling
this setting and using a subpath in `root_url` setting, e.g.
`root_url = http://localhost:3000/grafana`, Grafana will be accessible
on `http://localhost:3000/grafana`. By default it is set to `false`
for compatibility reasons.
Closes#16623
* incapsulates multipleldap logic under one module
* abstracts users upsert and get logic
* changes some of the text error messages and import sort sequence
* heavily refactors the LDAP module – LDAP module now only deals with LDAP related behaviour
* integrates affected auth_proxy module and their tests
* refactoring of the auth_proxy logic
When allow_embedding is false (default) the Grafana backend
will set the http header `X-Frame-Options: deny` in all responses
to non-static content which will instruct browser to not allow
Grafana to be embedded in `<frame>`, `<iframe>`,
`<embed>` or `<object>`.
Closes#14189
* Feature: introduce LdapActiveSyncEnabled setting
We probably remove it after the active sync is done.
But at the moment we do not want to affect the current users
with not fully tested feature
* Chore: move settings in more logical order
* Feature: add cron setting for the ldap settings
* Move ldap configuration read to special function
* Introduce cron setting (no docs for it yet, pending approval)
* Chore: duplicate ldap module as a service
* Feature: implement active sync
This is very early preliminary implementation of active sync.
There is only one thing that's going right for this code - it works.
Aside from that, there is no tests, error handling, docs, transactions,
it's very much duplicative and etc.
But this is the overall direction with architecture I'm going for
* Chore: introduce login service
* Chore: gradually switch to ldap service
* Chore: use new approach for auth_proxy
* Chore: use new approach along with refactoring
* Chore: use new ldap interface for auth_proxy
* Chore: improve auth_proxy and subsequently ldap
* Chore: more of the refactoring bits
* Chore: address comments from code review
* Chore: more refactoring stuff
* Chore: make linter happy
* Chore: add cron dep for grafana enterprise
* Chore: initialize config package var
* Chore: disable gosec for now
* Chore: update dependencies
* Chore: remove unused module
* Chore: address review comments
* Chore: make linter happy
* Feature: add cron setting for the ldap settings
* Move ldap configuration read to special function
* Introduce cron setting (no docs for it yet, pending approval)
* Chore: address code review comments
* Chore: remove session storage references
* Small refactoring of the settings module
* Update docs - remove references for the session storage
* Update config files (sample and default configs)
* Add tests for warning during the config load on defined storage cache
* Remove all references to session storage
* Remove macaron session dependency
* Remove leftovers
* Fix: address review comments
* Fix: remove old deps
* Fix: add skipStaticRootValidation = true to tests
* Fix: improve the docs and warning message
As per discussion in here - https://github.com/grafana/grafana/pull/16445/files#r273026255
* Chore: make linter happy
Fixes#16148
Ref #16114
* app pages
* app pages
* workign example
* started alpha support
* remove app stuff
* show warning on alpha/beta panels
* put app back on plugin file
* fix go
* add enum for PluginType and PluginIncludeType
* Refactoring and moving settings to plugins section
fixes#16529
Adds new alert settings for configuring timeouts and retries named
evaluation_timeout_seconds, notification_timeout_seconds
and max_attempts.
Closes#16240
* master: (156 commits)
Fixed issues with the sanitizie input in text panels, added docs, renamed config option
build: removes arm32v6 docker image.
Updated version in package.json to 6.0.0-pre1
Update CHANGELOG.md
build: armv6 docker image.
build: skips building rpm for armv6.
build: builds for armv6.
Explore: mini styling fix for angular query editors
Removed unused props & state in PromQueryField
chore: Remove logging and use the updated config param
chore: Reverse sanitize variable so it defaults to false
feat: wip: Sanitize user input on text panel
fix: Text panel should re-render when panel mode is changed #14922
Minor rename of LogsProps and LogsState
Splitted up LogLabels into LogLabelStats and LogLabel
Refactored out LogRow to a separate file
Removed strange edit
Added link to side menu header and fixed styling
Moved ValueMapping logic and tests to separate files
Fixed data source selection in explore
...
* Allow oauth email attribute name to be configurable
Signed-off-by: Bob Shannon <bshannon@palantir.com>
* Document e-mail determination steps for generic oauth
* Add reference to email_attribute_name
* Re-add e-mail determination docs to new generic-oauth page
* Inherit default e-mail attribute from defaults.ini
* improve remote image rendering
- determine "domain" during Init() so we are not re-parsing settings
on every request
- if using http-mode via a rednererUrl, then use the AppUrl for the
page that the renderer loads. When in http-mode the renderer is likely
running on another server so trying to use the localhost or even the
specific IP:PORT grafana is listening on wont work.
- apply the request timeout via a context rather then directly on the http client.
- use a global http client so we can take advantage of connection re-use
- log and handle errors better.
* ensure imagesDir exists
* allow users to define callback_url for remote rendering
- allow users to define the url that a remote rendering service
should use for connecting back to the grafana instance.
By default the "root_url" is used.
* improve remote image rendering
- determine "domain" during Init() so we are not re-parsing settings
on every request
- if using http-mode via a rednererUrl, then use the AppUrl for the
page that the renderer loads. When in http-mode the renderer is likely
running on another server so trying to use the localhost or even the
specific IP:PORT grafana is listening on wont work.
- apply the request timeout via a context rather then directly on the http client.
- use a global http client so we can take advantage of connection re-use
- log and handle errors better.
* ensure imagesDir exists
* allow users to define callback_url for remote rendering
- allow users to define the url that a remote rendering service
should use for connecting back to the grafana instance.
By default the "root_url" is used.
* rendering: fixed issue with renderKey where userId and orgId was in mixed up, added test for RenderCallbackUrl reading logic
* rendering: headless chrome progress
* renderer: minor change
* grpc: version hell
* updated grpc libs
* wip: minor progess
* rendering: new image rendering plugin is starting to work
* feat: now phantomjs works as well and updated alerting to use new rendering service
* refactor: renamed renderer package and service to rendering to make renderer name less confusing (rendering is internal service that handles the renderer plugin now)
* rendering: now render key is passed and render auth is working in plugin mode
* removed unneeded lines from gitignore
* rendering: now plugin mode supports waiting for all panels to complete rendering
* fix: LastSeenAt fix for render calls, was not set which causes a lot of updates to Last Seen at during rendering, this should fix sqlite db locked issues in seen in previous releases
* change: changed render tz url parameter to use proper timezone name as chrome does not handle UTC offset TZ values
* fix: another update to tz param generation
* renderer: added http mode to renderer service, new ini setting [rendering] server_url
* refactor: tracing service refactoring
* refactor: sqlstore to instance service
* refactor: sqlstore & registory priority
* refactor: sqlstore refactor wip
* sqlstore: progress on getting tests to work again
* sqlstore: progress on refactoring and getting tests working
* sqlstore: connection string fix
* fix: not sure why this test is not working and required changing expires
* fix: updated grafana-cli
* wip: start on refactoring settings
* settings: progress on settings refactor
* refactor: progress on settings refactoring
* fix: fixed failing test
* settings: moved smtp settings from global to instance
This commit fixes the following golint warnings:
pkg/api/avatar/avatar.go:229:12: should omit type *http.Client from declaration of var client; it will be inferred from the right-hand side
pkg/login/brute_force_login_protection.go:13:26: should omit type time.Duration from declaration of var loginAttemptsWindow; it will be inferred from the right-hand side
pkg/metrics/graphitebridge/graphite.go:58:26: should omit type []string from declaration of var metricCategoryPrefix; it will be inferred from the right-hand side
pkg/metrics/graphitebridge/graphite.go:69:22: should omit type []string from declaration of var trimMetricPrefix; it will be inferred from the right-hand side
pkg/models/alert.go:37:36: should omit type error from declaration of var ErrCannotChangeStateOnPausedAlert; it will be inferred from the right-hand side
pkg/models/alert.go:38:36: should omit type error from declaration of var ErrRequiresNewState; it will be inferred from the right-hand side
pkg/models/datasource.go:61:28: should omit type map[string]bool from declaration of var knownDatasourcePlugins; it will be inferred from the right-hand side
pkg/plugins/update_checker.go:16:13: should omit type http.Client from declaration of var httpClient; it will be inferred from the right-hand side
pkg/services/alerting/engine.go:103:24: should omit type time.Duration from declaration of var unfinishedWorkTimeout; it will be inferred from the right-hand side
pkg/services/alerting/engine.go:105:19: should omit type time.Duration from declaration of var alertTimeout; it will be inferred from the right-hand side
pkg/services/alerting/engine.go:106:19: should omit type int from declaration of var alertMaxAttempts; it will be inferred from the right-hand side
pkg/services/alerting/notifier.go:143:23: should omit type map[string]*NotifierPlugin from declaration of var notifierFactories; it will be inferred from the right-hand side
pkg/services/alerting/rule.go:136:24: should omit type map[string]ConditionFactory from declaration of var conditionFactories; it will be inferred from the right-hand side
pkg/services/alerting/conditions/evaluator.go:12:15: should omit type []string from declaration of var defaultTypes; it will be inferred from the right-hand side
pkg/services/alerting/conditions/evaluator.go:13:15: should omit type []string from declaration of var rangedTypes; it will be inferred from the right-hand side
pkg/services/alerting/notifiers/opsgenie.go:44:19: should omit type string from declaration of var opsgenieAlertURL; it will be inferred from the right-hand side
pkg/services/alerting/notifiers/pagerduty.go:43:23: should omit type string from declaration of var pagerdutyEventApiUrl; it will be inferred from the right-hand side
pkg/services/alerting/notifiers/telegram.go:21:17: should omit type string from declaration of var telegramApiUrl; it will be inferred from the right-hand side
pkg/services/provisioning/dashboards/config_reader_test.go:11:24: should omit type string from declaration of var simpleDashboardConfig; it will be inferred from the right-hand side
pkg/services/provisioning/dashboards/config_reader_test.go:12:24: should omit type string from declaration of var oldVersion; it will be inferred from the right-hand side
pkg/services/provisioning/dashboards/config_reader_test.go:13:24: should omit type string from declaration of var brokenConfigs; it will be inferred from the right-hand side
pkg/services/provisioning/dashboards/file_reader.go:22:30: should omit type time.Duration from declaration of var checkDiskForChangesInterval; it will be inferred from the right-hand side
pkg/services/provisioning/dashboards/file_reader.go:24:23: should omit type error from declaration of var ErrFolderNameMissing; it will be inferred from the right-hand side
pkg/services/provisioning/datasources/config_reader_test.go:15:34: should omit type string from declaration of var twoDatasourcesConfig; it will be inferred from the right-hand side
pkg/services/provisioning/datasources/config_reader_test.go:16:34: should omit type string from declaration of var twoDatasourcesConfigPurgeOthers; it will be inferred from the right-hand side
pkg/services/provisioning/datasources/config_reader_test.go:17:34: should omit type string from declaration of var doubleDatasourcesConfig; it will be inferred from the right-hand side
pkg/services/provisioning/datasources/config_reader_test.go:18:34: should omit type string from declaration of var allProperties; it will be inferred from the right-hand side
pkg/services/provisioning/datasources/config_reader_test.go:19:34: should omit type string from declaration of var versionZero; it will be inferred from the right-hand side
pkg/services/provisioning/datasources/config_reader_test.go:20:34: should omit type string from declaration of var brokenYaml; it will be inferred from the right-hand side
pkg/services/sqlstore/stats.go:16:25: should omit type time.Duration from declaration of var activeUserTimeLimit; it will be inferred from the right-hand side
pkg/services/sqlstore/migrator/mysql_dialect.go:69:14: should omit type bool from declaration of var hasLen1; it will be inferred from the right-hand side
pkg/services/sqlstore/migrator/mysql_dialect.go:70:14: should omit type bool from declaration of var hasLen2; it will be inferred from the right-hand side
pkg/services/sqlstore/migrator/postgres_dialect.go:95:14: should omit type bool from declaration of var hasLen1; it will be inferred from the right-hand side
pkg/services/sqlstore/migrator/postgres_dialect.go:96:14: should omit type bool from declaration of var hasLen2; it will be inferred from the right-hand side
pkg/setting/setting.go:42:15: should omit type string from declaration of var Env; it will be inferred from the right-hand side
pkg/setting/setting.go:161:18: should omit type bool from declaration of var LdapAllowSignup; it will be inferred from the right-hand side
pkg/setting/setting.go:473:30: should omit type bool from declaration of var skipStaticRootValidation; it will be inferred from the right-hand side
pkg/tsdb/interval.go:14:21: should omit type time.Duration from declaration of var defaultMinInterval; it will be inferred from the right-hand side
pkg/tsdb/interval.go:15:21: should omit type time.Duration from declaration of var year; it will be inferred from the right-hand side
pkg/tsdb/interval.go:16:21: should omit type time.Duration from declaration of var day; it will be inferred from the right-hand side
pkg/tsdb/cloudwatch/credentials.go:26:24: should omit type map[string]cache from declaration of var awsCredentialCache; it will be inferred from the right-hand side
pkg/tsdb/influxdb/query.go:15:27: should omit type *regexp.Regexp from declaration of var regexpOperatorPattern; it will be inferred from the right-hand side
pkg/tsdb/influxdb/query.go:16:27: should omit type *regexp.Regexp from declaration of var regexpMeasurementPattern; it will be inferred from the right-hand side
pkg/tsdb/mssql/mssql_test.go:25:14: should omit type string from declaration of var serverIP; it will be inferred from the right-hand side
* extensions: import and build
* bus: use predefined error
* enterprise: build script for enterprise packages
* poc: auto registering services and dependency injection
(cherry picked from commit b5b1ef875f905473af41e49f8071cb9028edc845)
* poc: backend services registry progress
(cherry picked from commit 97be69725881241bfbf1e7adf0e66801d6b0af3d)
* poc: minor update
(cherry picked from commit 03d7a6888b81403f458b94305792e075568f0794)
* ioc: introduce manuel ioc
* enterprise: adds setting for enterprise
* build: test and build specific ee commit
* cleanup: test testing code
* removes example hello service
This changes forks the mysql part of the Macaron session middleware.
In the forked mysql file:
- takes in a config setting for SetConnMaxLifetime (this solves wait_timeout
problem if it is set to a shorter interval than wait_timeout)
- removes the panic when an error is returned in the Exist function.
- retries the exist query once
- retries the GC query once
Snapshot cleanup did not work due to time.Now syntax error. Added test
for it as well to catch any future errors.
Added error and debug logging so that it is possible to see any errors in the future.
Removed an unused configuration value and deprecated the remove expired snapshots
setting.
* db: add login attempt migrations
* db: add possibility to create login attempts
* db: add possibility to retrieve login attempt count per username
* auth: validation and update of login attempts for invalid credentials
If login attempt count for user authenticating is 5 or more the last 5 minutes
we temporarily block the user access to login
* db: add possibility to delete expired login attempts
* cleanup: Delete login attempts older than 10 minutes
The cleanup job are running continuously and triggering each 10 minute
* fix typo: rename consequent to consequent
* auth: enable login attempt validation for ldap logins
* auth: disable login attempts validation by configuration
Setting is named DisableLoginAttemptsValidation and is false by default
Config disable_login_attempts_validation is placed under security section
#7616
* auth: don't run cleanup of login attempts if feature is disabled
#7616
* auth: rename settings.go to ldap_settings.go
* auth: refactor AuthenticateUser
Extract grafana login, ldap login and login attemp validation together
with their tests to separate files.
Enables testing of many more aspects when authenticating a user.
#7616
* auth: rename login attempt validation to brute force login protection
Setting DisableLoginAttemptsValidation => DisableBruteForceLoginProtection
Configuration disable_login_attempts_validation => disable_brute_force_login_protection
#7616
* removes readonly editor role
* adds viewersCanEdit setting
This enable you to allow viewers to edit/inspect
dashboards in grafana in their own browser without
allowing them to save dashboards
* remove read only editor option from all dropdowns
* migrates all read only viewers to viewers
* docs: replace readOnlyEditor with viewersCanEdit
TLS was not being verified in a number of places:
- connections to grafana.com
- connections to OAuth providers when TLS client authentication was
enabled
- connections to self-hosted Grafana installations when using the CLI
tool
TLS should always be verified unless the user explicitly enables an
option to skip verification.
Removes some instances where `InsecureSkipVerify` is explicitly set to
`false`, the default, to help avoid confusion and make it more difficult
to regress on this fix by accident.
Adds a `--insecure` flag to `grafana-cli` to skip TLS verification.
Adds a `tls_skip_verify_insecure` setting for OAuth.
Adds a `app_tls_skip_verify_insecure` setting under a new `[plugins]`
section.
I'm not super happy with the way the global setting is used by
`pkg/api/app_routes.go` but that seems to be the existing pattern used.
* webpack poc, this is not going to work for plugins, dam
* tech: webpack and systemjs for plugins starting to work
* tech: webpack and systemjs combo starting to work
* tech: webpack + karma tests progress
* tech: webpack + karma progress
* tech: working on tests
* tech: webpack
* tech: webpack + karma, all tests pass
* tech: webpack + karma, all tests pass
* tech: webpack all tests pass
* webpack: getting closer
* tech: webpack progress
* webpack: further build refinements
* webpack: ng annotate fixes
* webpack: optimized build fix
* tech: minor fix for elasticsearch
* tech: webpack + ace editor
* tech: restored lodash move mixin compatability
* tech: added enzyme react test and upgraded to react v16
* tech: package version fix
* tech: added testdata to built in bundle
* webpack: sass progress
* tech: prod & dev build is working for the sass
* tech: clean up unused grunt stuff and moved to scripts folder
* tech: added vendor and manifest chunks, updated readme and docs
* tech: webpack finishing touches
* refactor util encryption library so it doesn't have to import log
* add util.SplitString to handle space and/or comma-separated config lines
* go fmt
- adds the option to use ldap groups for authorization in combination with an auth proxy
- adds an option to limit where auth proxy requests come from by configure a list of ip's
- fixes a security issue, session could be reused
* break out go and js build commands
* support oauth providers that return errors via redirect
* remove extra call to get grafana.net org membership
* removed GitHub specifics from generic OAuth
* readded ability to name generic source
* revert to a backward-compatible state, refactor and clean up
* streamline oauth user creation, make generic oauth support more generic
Ensure that settings with the word 'secret' in the name are redacted just
as ones with 'password' in the name are. For example, the Google Auth
client secret should be redacted now.
