Commit Graph

596 Commits

Author SHA1 Message Date
Ward Bekker
b255f3db3f
Team Sync: Add group mapping to support team sync in the Generic OAuth provider (#36307)
Added group mapping to support team sync in the Generic OAuth provider.

Co-authored-by: Leonard Gram <leo@xlson.com>
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
Co-authored-by: Dan Cech <dan@aussiedan.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2021-07-01 22:40:46 +02:00
Alexander Emelin
483418dbb0
live: add allowed_origins option (#36318) 2021-07-01 09:30:09 +03:00
Alexander Emelin
98893c0420
Live: experimental HA with Redis (#34851) 2021-06-24 11:07:09 +03:00
Will Browne
89d8dedece
Plugins: Improve wording around allow_loading_unsigned_plugins configuration (#35731)
* improve wording

* Update docs/sources/administration/configuration.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* Update docs/sources/administration/configuration.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* Update conf/sample.ini

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* Update conf/defaults.ini

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
2021-06-15 18:53:11 +02:00
Javier Palomo
6531424c72
Datasource: Add support for max_conns_per_host in dataproxy settings (#35520)
Allow configuring dataproxy.max_conns_per_host for HTTP data sources.

Ref #35519
Ref #35257
2021-06-11 14:18:08 +02:00
Gabriel MABILLE
134dba5101
Provisioning: Update accesscontrol sample file 2021-06-02 17:22:34 +02:00
kay delaney
8143991b94
Security: Update default CSP template and fix firefox CSP issues (#34836)
* Security: Update default content_security_policy_template
- Add 'strict-dynamic' back to script-src
- Add ws(s)://$ROOT_PATH to connect-src
- Change onEvent to on-event in angular templates to fix CSP issues in firefox.
- Add blob: to style-src
2021-05-28 17:01:10 +02:00
Alexander Emelin
6d750c000e
Live: max_connections option with strict default (#34634)
this should help Live to be enabled by default but still
do not affect setups with lots of simultenious users. To
properly handle many WS connections Grafana administrators
should tune infrastructure a bit - for example increase a
number of open files for a process. Will be in more details
in documentation.
2021-05-27 22:03:18 +03:00
Will Browne
c7b58fe186
Plugins: Enable catalog management link to gcom (#34673)
* click out to gcom when config enabled

* set to false

* fix styling for uninstall

* remove advertising config + simplify callout URL

* add entry to configuration.md

* update config name

* update lingo
2021-05-27 12:45:06 +02:00
Dimitris Sotirakis
91657dad18
HTTP Client: Make ResponseHeaderTimeout default timeout in http client (#34597)
* HTTP Client: Add `ResponseHeaderTimeout` - split from `DialContext` timeout

* Fixes according to reviewer's comments

* Use grafana-plugin-sdk-go v0.100.0
2021-05-25 11:32:41 +03:00
Ryan McKinley
a91edd7267
Plugin Admin App: make the catalog look like internal component (#34341)
* Allow Route component usage in app plugins

* i tried

* fix catalog app

* fix catalog app

* fix catalog app

* cleanup imports

* plugin catalog enabled to plugin admin

* rename plugin catalog to plugin admin

* expose catalog url

* update text

* import from react-router-dom

* fix imports -- add logging

* merge changes

* avoid onNavUpdate

* Fixed onNavChange issues

* fix library imports

* more links

Co-authored-by: Dominik Prokop <dominik.prokop@grafana.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
2021-05-20 10:42:26 +02:00
Gabriel MABILLE
d56a653e73
AccessControl: Add provisioning folder to the packaging process (#34398)
* AccessControl: Add provisioning folder to the packaging process
2021-05-20 09:41:39 +02:00
Marcus Efraimsson
348e76fc8e
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439)
Uses new httpclient package from grafana-plugin-sdk-go introduced 
via grafana/grafana-plugin-sdk-go#328. 
Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined 
on DataSource model.
Longer-term the goal is to migrate core HTTP backend data sources to use the 
SDK contracts and using httpclient.Provider for creating HTTP clients and such.

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 23:53:41 +02:00
Arve Knudsen
aed1c013c0
CSP: Relax default template wrt. loading of scripts, due to nonces not working (#34363)
* CSP: Relax default template, due to nonces not working

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* CSP: Add back data: to img-src

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 11:37:14 +02:00
Arve Knudsen
d1a9044171
CSP: Allow all image sources by default (#34265)
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-18 13:41:55 +02:00
Ryan McKinley
edcefe1c8e
Chore: Rename "marketplace" app to "catalog" (#34149) 2021-05-17 08:27:56 -07:00
Will Browne
c39d6ad97d
Plugins: Enable plugin runtime install/uninstall capabilities (#33836)
* add uninstall flow

* add install flow

* small cleanup

* smaller-footprint solution

* cleanup + make bp start auto

* fix interface contract

* improve naming

* accept version arg

* ensure use of shared logger

* make installer a field

* add plugin decommissioning

* add basic error checking

* fix api docs

* making initialization idempotent

* add mutex

* fix comment

* fix test

* add test for decommission

* improve existing test

* add more test coverage

* more tests

* change test func to use read lock

* refactoring + adding test asserts

* improve purging old install flow

* improve dupe checking

* change log name

* skip over dupe scanned

* make test assertion more flexible

* remove trailing line

* fix pointer receiver name

* update comment

* add context to API

* add config flag

* add base http api test + fix update functionality

* simplify existing check

* clean up test

* refactor tests based on feedback

* add single quotes to errs

* use gcmp in tests + fix logo issue

* make plugin list testing more flexible

* address feedback

* fix API test

* fix linter

* undo preallocate

* Update docs/sources/administration/configuration.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* Update docs/sources/administration/configuration.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* Update docs/sources/administration/configuration.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* fix linting issue in test

* add docs placeholder

* update install notes

* Update docs/sources/plugins/marketplace.md

Co-authored-by: Marcus Olsson <marcus.olsson@hey.com>

* update access wording

* add more placeholder docs

* add link to more info

* PR feedback - improved errors, refactor, lock fix

* improve err details

* propagate plugin version errors

* don't autostart renderer

* add H1

* fix imports

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
Co-authored-by: Marcus Olsson <marcus.olsson@hey.com>
2021-05-12 20:05:16 +02:00
Sergey Kostrukov
81ad9769fa
AzureMonitor: Azure settings in Grafana server config (#33728)
* Azure cloud settings

* Fix typos

* Grouped Azure settings

* Doc fixes

* Some settings are not needed

* Updated cloud name aliases
2021-05-12 16:23:37 +02:00
jvoeller
0d044285a9
OAuth: Add support for empty scopes (#32129)
* add parameter empty_scopes to override scope parameter with empty value and thus be able to authenticate against IdPs without scopes. Issue #27503

Update docs/sources/auth/generic-oauth.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* updated check according to feedback

* Update generic-oauth.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
2021-05-10 13:07:30 -04:00
Serge Zaitsev
7367cfc0a3
Add isolation level db configuration parameter (#33830)
* add isolation level db configuration parameter

* add isolation_level to default.ini and sample.ini

* add note that only mysql supports isolation levels for now

* mention isolation_level in the documentation

* Update docs/sources/administration/configuration.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
2021-05-10 17:54:13 +02:00
Sofia Papagiannaki
540f110220
[Alerting]: Extend quota service to optionally set limits on alerts (#33283)
* Quota: Extend service to set limit on alerts

* Add test for applying quota to alert rules

* Apply suggestions from code review

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

* Get used alert quota only if naglert is enabled

* Set alert limit to zero if nglalert is not enabled
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
2021-05-04 19:16:28 +03:00
Arve Knudsen
7f53dfad88
CSP: Set nonce attribute on Webpack injected bundles (#33298)
* CSP: Set __webpack_nonce__

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-04-26 11:38:24 +02:00
Kristian Klausen
4fc0d42470
OAuth: Add optional strict parsing of role_attribute_path (#28021)
* OAuth: Add strict role mapping

By default the user is assigned the role Viewer if role_attribute_path
doesn't return a role, which is not always desirable. This commit adds a
strict mode, which deny the user access if a role isn't returned.

Fix #26626

* Update docs/sources/auth/generic-oauth.md

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

* Update docs/sources/auth/generic-oauth.md

* Update .gitignore file with WAN

* Removed WAN from .gitignore

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
Co-authored-by: achatterjee-grafana <aparajita.chatterjee@grafana.com>
2021-04-14 15:14:27 -04:00
Jack Westbrook
bd74953f0d
Plugins: Allow a non-dashboard page to be the default home page (#32926)
* feat: introduce home page redirect if default dashboard

* style: clean up

* Apply suggestions from code review

Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com>

* chore(dashboard): remove obsolete setting import

* docs(config): add home_page description

Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com>
2021-04-13 15:27:51 +02:00
Vladimir Kochnev
39a3b0d0b0
Auth: support JWT Authentication (#29995) 2021-03-31 08:40:44 -07:00
Carl Bergquist
862cd473eb
HttpServer: Make read timeout configurable but disabled by default (#31575)
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
2021-03-19 11:21:52 +01:00
Erik Sundell
d512c5a1b4
Cloudwatch: ListMetrics API page limit (#31788)
* add list metrics api page limit

* Update docs/sources/datasources/cloudwatch.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
2021-03-10 07:41:22 +01:00
Erik Sundell
2d660ee502
CloudWatch: Restrict auth provider and assume role usage according to Grafana configuration (#31805)
* restrict usage of providers and assume role according to grafana config

* update docs

* Update docs/sources/datasources/cloudwatch.md

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/tsdb/cloudwatch/cloudwatch.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/tsdb/cloudwatch/session_test.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* pr feedback

* fix failing test

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-03-09 21:20:59 +01:00
Carl Bergquist
3b36636318
Annotations: Make the annotation clean up batch size configurable (#31487)
Signed-off-by: bergquist <carl.bergquist@gmail.com>

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
2021-03-08 14:16:07 +01:00
Erik Sundell
1b149523ed
AWS: Add aws plugin configuration (#31312)
* add new conf and make sure its passed to frontend

* change auth provider name

* goimports

* fixed after feedback

* more updates after feedback

* Update docs/sources/administration/configuration.md

Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>

* Update docs/sources/administration/configuration.md

Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>

* Update docs/sources/administration/configuration.md

Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>

* Update docs/sources/administration/configuration.md

Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>

* Update docs/sources/administration/configuration.md

Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>

* Update conf/sample.ini

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update docs/sources/administration/configuration.md

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/setting/setting.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* updates after pr feedback

* Update conf/defaults.ini

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update conf/defaults.ini

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update conf/sample.ini

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-02-24 18:08:13 +01:00
Carl Bergquist
d1b9fddb4f
Usage stats: Adds source/distributor setting (#31039)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2021-02-10 10:07:32 +01:00
Torkel Ödegaard
c04bc805b5
CDN: Adds support for serving assets over a CDN (#30691)
* CDN: Initial poc support for serving assets over a CDN

* Minor fix

* added build path and test

* fix lint error

* Added edition to cdn path

* Move master builds to a separate path

* Added error handling for the url parsing, changed setting name, and added docs

* Updated sample.ini

* Some property renames

* updated

* Minor update to html

* index template improvements

* Update docs/sources/administration/configuration.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* Update docs/sources/administration/configuration.md

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>

* Added ContentDeliveryPrefix to Licence service

* updated docs

* Updated test mock

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
2021-02-01 10:13:09 +01:00
Sofia Papagiannaki
94a29759ab
Docs: Fix expressions enabled description (#30589) 2021-01-26 18:49:58 +02:00
Sofia Papagiannaki
9ada4b6052
Expressions: Add option to disable feature (#30541)
* Expressions: Add option to disable feature

* Apply suggestions from code review

Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
2021-01-22 19:27:33 +02:00
Arve Knudsen
50b649a869
Middleware: Add CSP support (#29740)
* Middleware: Add support for CSP

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

Co-authored by @iOrcohen
2021-01-12 07:42:32 +01:00
Peter Toft
de563bfaa4
Fix two ini-file typos regarding LDAP (#29843) 2020-12-30 11:09:17 +01:00
ying-jeanne
375e8e4fd0
SQLStore: customise the limit of retrieved datasources per organisation (#29358)
* SQLStore: customise the limit of retrieved datasources per organisation

* update all suggestions regarding nil or 0 as default

* Apply suggestions from code review

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

* correct default.ini description + adding unittest

* Apply suggestions from code review

Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>

* modify unittest name

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
2020-12-28 12:24:42 +01:00
Emil Tullstedt
3ea1fd035f
LDAP: Update use_ssl documentation (#29964) 2020-12-23 09:14:02 +01:00
Domas
7d9a528184
Logging: rate limit fronted logging endpoint (#29272)
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
2020-12-09 16:22:24 +01:00
Agnès Toulet
22788d1d86
Add an option to hide certain users in the UI (#28942)
* Add an option to hide certain users in the UI

* revert changes for admin users routes

* fix sqlstore function name

* Improve slice management

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

* Hidden users: convert slice to map

* filter with user logins instead of IDs

* put HiddenUsers in Cfg struct

* hide hidden users from dashboards/folders permissions list

* Update conf/defaults.ini

Co-authored-by: Torkel Ödegaard <torkel@grafana.com>

* fix params order

* fix tests

* fix dashboard/folder update with hidden user

* add team tests

* add dashboard and folder permissions tests

* fixes after merge

* fix tests

* API: add test for org users endpoints

* update hidden users management for dashboard / folder permissions

* improve dashboard / folder permissions tests

* fixes after merge

* Guardian: add hidden acl tests

* API: add team members tests

* fix team sql syntax for postgres

* api tests update

* fix linter error

* fix tests errors after merge

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
Co-authored-by: Leonard Gram <leo@xlson.com>
2020-11-24 12:10:32 +01:00
Domas
76df096791
Logging: Log frontend errors (#28073)
* basic frontend  Sentry integration

* backend endpoint to capture sentry events

* WIP!

* log user email for frontend logs

* remove debug logging

* lint fixes

* Fix type exports & property names

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* additional struct naming fix

* rename log endpoint, config section & interface

* add sentry sample rate to config

* refac to use EchoSrv

* log user id

* backend tests

* tests for SentryEchoBackend

* sentry echo backend tests

* CustomEndpointTransport tests

* Update pkg/api/frontend_logging_test.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update conf/defaults.ini

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/api/frontend_logging_test.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* don't export unnecesasrily

* update go.sum

* get rid of Convey in tests, use stdlib

* add sentry config to sample.ini

* cleanup to set orig logging handler in test

* Apply suggestions from code review

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* PR feedback changes

* lock sentry version

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-12 12:29:43 +01:00
Carl Bergquist
e3c7d66324
Tracing: Add setting for sampling server (#29011)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2020-11-11 10:21:52 +01:00
Alex Khomenko
9b90ff2961
Disable selecting enterprise plugins with no license (#28758)
* Add unlicensed property to plugins

* Disable selecting unlicensed plugin

* Add customizable plugin market place url

* License: workaround enabled only in enterprise

* linter

* Move licensing info to front end

* Update pkg/services/licensing/oss.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/services/licensing/oss.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/setting/setting.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/setting/setting.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/api/frontendsettings.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update sample.ini

* Update docs

* Update packages/grafana-runtime/src/config.ts

Co-authored-by: Torkel Ödegaard <torkel@grafana.org>

* Update public/app/features/datasources/state/buildCategories.ts

Co-authored-by: Torkel Ödegaard <torkel@grafana.org>

* Update pkg/api/frontendsettings.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/setting/setting.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix spelling

Co-authored-by: Leonard Gram <leo@xlson.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.org>
2020-11-05 12:55:40 +02:00
Alexander Zobnin
8032b43838
OAuth: configurable user name attribute (#28286)
* OAuth: more user-frienly logging

* OAuth: custom user name attribute

* OAuth: remove deprecated nameAttributeName option

* OAuth: nameAttributePath tests

* OAuth: add name_attribute_path config option

* OAuth: docs for name_attribute_path option

* move docs to the separate branch
2020-10-20 09:56:48 +03:00
Carl Bergquist
89ebb97fca
Instrumentation: Adds environment_info metric (#28355)
Signed-off-by: bergquist <carl.bergquist@gmail.com>

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-10-19 16:58:16 +02:00
Will Browne
a189cd1832
Users: Expire old user invites (#27361)
* expire with existng cleanup service

* expire with new temp user service

* make Drone happy :)

* add expiry status

* remove other approach

* cleanup

* add test for idempotency

* add migration from datetime to unix ts

* update cmd names

* change lifetime config to duration

* remove unnecessart formatting

* add comment

* update docs

* remove max bound and introduce min error

* simplify sql

* remove comment

* allow any outstanding to exist for at least 24 hours

* revert created ts change

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>

* add extra state check to cleanup step

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2020-10-13 12:30:09 +02:00
Kyle Hinton
92c2a6c239
Fix: Add additional settings for dataproxy to help with network proxy timeouts (#27841)
* adding additional settings for datasource cache transport

* added documentation for the new changes

* fixing small typo in defaults.ini comment

* fixing small typo in configuration.md comment

* Update conf/defaults.ini keepalive comment per review

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

* Update conf/defaults.ini idle conn comment per review

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

* Update conf/defaults.ini anon user comment per review

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

* Update docs/sources/administration/configuration.md idle conn comment per review

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

* adding suggestions from papagian

* fixing configuration.md

* fixing configuration.md typo

* Apply suggestions from code review aknuds1

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* updating sample.ini

* Apply suggestions for docs from code review papagian

Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>

* Update docs/sources/administration/configuration.md fix typo

Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
2020-10-12 11:36:47 +03:00
Will Browne
7d63b2c473
Auth: Add Sigv4 auth option to datasources (#27552)
* create transport chain

* add frontend

* remove log

* inline field updates

* allow ARN, Credentials + Keys auth in frontend

* configure credentials

* add tests and refactor

* update frontend json field names

* fix tests

* fix comment

* add app config flag

* refactor tests

* add return field for tests

* add flag for UI display

* update comment

* move logic

* fix config

* pass config through props

* update docs

* pr feedback and add docs coverage

* shorten settings filename

* fix imports

* revert docs changes

* remove log line

* wrap up next as round tripper

* only propagate required config

* remove unused import

* remove ARN option and replace with default chain

* make ARN role assume as supplemental

* update docs

* refactor flow

* sign body when necessary

* remove unnecessary wrapper

* remove newline

* Apply suggestions from code review

* PR fixes

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-10-08 10:03:20 +02:00
Wouter Smeenk
39eba5065b
Dashboard: Support configuring default timezone via config file (#27404)
Add a default timezone that the administrator can set in the settings. 
This setting is be used as default for the users timezone preference.
Can be used when creating Grafana instances without administrator 
intervention, in order to give user the correct default timezone.

Fixes #25654
2020-09-15 15:20:53 +02:00
Hansuuuuuuuuuu
8d971ab2f2
Auth: Replace maximum inactive/lifetime settings of days to duration (#27150)
Allows login_maximum_inactive_lifetime_duration and 
login_maximum_lifetime_duration to be configured using 
time.Duration-compatible values while retaining backward compatibility.

Fixes #17554

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2020-09-14 15:57:38 +02:00
Marcos Mendez
4e94c0959a
Image Store: Add support for using signed URLs when uploading images to GCS (#26840)
Enables creating signed URLs when uploading images to Google Cloud Storage. 
By using signed urls, not only is the public URL expiration configurable but the 
images in the bucket are not publicly accessible.

Fixes #26773

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
2020-09-07 19:10:14 +02:00
Torkel Ödegaard
61bd33c241
System: Date formating options (#27216)
* Add support for local time formats in graph panel

* Enfore 24h format for backward compatibility

* Use existing Intl.DateTimeFormatOptions

* Pre-generate time scale, add tests

* Move localTimeFormat, add local format to units

* updated default fallback

* #25602, use navigator.languages to enforce locale in formatting

* Making options

* Worked new system settings

* things are working

* Local browser time formats working

* Support parsing dates in different formats

* settings updated

* Settings starting to work

* Fixed graph issue

* Logs fix

* refactored settings a bit

* Updated and name change

* Progress

* Changed config names

* Updated

* Updated

* Updated test

* Synced description

* fixed ts issue

* Added version notice

* Ts fix

* Updated heatmap and test

* Updated snapshot

* Updated

* fixed ts issue

* Fixes

Co-authored-by: Alex Shpak <alex-shpak@users.noreply.github.com>
2020-09-07 16:19:33 +02:00
Carl Bergquist
20747015f6
Annotation: Add clean up job for old annotations (#26156)
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-09-02 08:07:31 +02:00
Carl Bergquist
8faaa1a520
OAuth: Increase state cookie max age (#27258)
60s can be too short if the oauth provider is slow
for some reason and its defintly too slow if the
OAuth provider requires 2FA.

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
2020-09-01 10:57:43 +02:00
Alexander Zobnin
df11cdad62
Generic OAuth: customize login and id_token attributes (#26577)
* OAuth: add login_attribute_path to generic oauth

* OAuth: remove default client_secret values (able to use empty client_secret)

* OAuth: allow to customize id_token attribute name

* Docs: describe how login_attribute_path and id_token_attribute_name params work

* Docs: review fixes

* Docs: review fixes

* Chore: fix go linter error

* Tests: fix test code style
2020-08-03 17:33:27 +03:00
Josh Soref
7d08a8497a
Chore: fix spelling of GitHub (#26182)
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
2020-07-22 08:12:50 -07:00
Marcus Efraimsson
460b01f1fe
Datasource: Make sure data proxy timeout applies to HTTP client (#25865)
For backend data sources executing in the backend (not through data proxy) make 
sure that the timeout applies to cached HTTP client.

Fixes #25863

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
2020-06-29 11:22:49 +02:00
Carl Bergquist
383aa21ab6
docs: removes invalid comment (#25883) 2020-06-29 09:26:08 +02:00
Carl Bergquist
703f728c0c
Dashboards: Make path to default dashboard configurable (#25595)
Closes #25463

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
2020-06-22 18:00:39 +02:00
Marcus Efraimsson
cc95754e0d
Provisioning: Adds support for enabling app plugins (#25649)
Adds support for enabling app plugins using provisioning. 

Ref #11409

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
2020-06-22 17:49:13 +02:00
Emil Tullstedt
80e9546cec
Settings: Add setting for hiding version number for anonymous users (#24919)
* Settings: Add setting for hiding version number for anonymous users

Fixes #12925

* Hide version string from footer when unavailable

* Settings: Test frontend settings with hide version for anonymous users

* Settings: Add hide version variable to frontend settings

* Make AnonymousHideVersion non-global

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Settings: Improve test neighbor friendliness, reset state before and after

* Settings: Use T.Cleanup

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-06-17 07:39:50 +02:00
Josh Soref
ed92b41d47
Chore: spelling - misc (#24438)
* Chore: spelling - misc

* fix master merge
2020-06-04 06:51:30 +02:00
Carl Bergquist
328ea80cca
switches default value for security settings (#25175)
closes #25163
2020-05-28 10:38:22 +02:00
thameezb
16297da298
Email Notifications: Add StartTLSPolicy config flag (#24574) 2020-05-13 16:33:40 +02:00
Arve Knudsen
96ffcaa134
Plugins: Require signing of external back-end plugins (#24075)
* PluginManager: Require signing of external plugins

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
2020-05-04 10:57:55 +02:00
Marcus Efraimsson
76650e60e4
Image Rendering: New setting to control render request concurrency (#23950)
Fixes #23806

Co-Authored-By: Torkel Ödegaard <torkel@grafana.com>
Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
2020-04-27 17:25:08 +02:00
Marcus Efraimsson
854085dbc6
Dashboard: Enforce min dashboard refresh interval to 5 seconds per default (#23929)
Fixes #22493
2020-04-27 16:51:54 +02:00
Marcus Efraimsson
871ad73414
Backend plugins: Renderer v2 plugin (#23625)
grafana-plugin-model is legacy and is replaced by new backend 
plugins SDK and architecture. Renderer is not part of SDK and 
we want to keep it that way for now since it's highly unlikely there 
will be more than one kind of renderer plugin.
So this PR adds support for renderer plugin v2.
Also adds support sending a Device Scale Factor parameter to the 
plugin v2 remote rendering service and by that replaces #22474.
Adds support sending a Headers parameter to the plugin v2 and
remote rendering service which for now only include 
Accect-Language header (the user locale in browser when using 
Grafana), ref grafana/grafana-image-renderer#45.
Fixes health check json details response.
Adds image renderer plugin configuration settings in defaults.ini 
and sample.ini.

Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
2020-04-21 16:16:41 +02:00
Andrej Ocenas
97bb3dcf2d
Remove file (#23741) 2020-04-21 15:52:08 +02:00
Alexander Zobnin
f023e7a399
SAML Role and Team sync (open source part) (#23391)
* SAML: add default params for role and team sync

* SAML: add org_mapping option

* SAML: support allowed_organizations option

* Chore: expose RedirectWithError from HTTPServer

* Chore: return RedirectResponse (fix superfluous response.writeheader message)

* HTTPServer: expose ValidateRedirectTo() and CookieOptionsFromCfg()

* Config: move SAML section to the enterprise
2020-04-17 10:48:37 +03:00
Andrej Ocenas
1864807b15
Tracing: Performance optimization (#23474)
* Add integration with Jeager
Add Jaeger datasource and modify derived fields in loki to allow for opening a trace in Jager in separate split.
Modifies build so that this branch docker images are pushed to docker hub
Add a traceui dir with docker-compose and provision files for demoing.:wq

* Enable docker logger plugin to send logs to loki

* Add placeholder zipkin datasource

* Fixed rebase issues, added enhanceDataFrame to non-legacy code path

* Trace selector for jaeger query field

* Fix logs default mode for Loki

* Fix loading jaeger query field services on split

* Updated grafana image in traceui/compose file

* Fix prettier error

* Hide behind feature flag, clean up unused code.

* Fix tests

* Fix tests

* Cleanup code and review feedback

* Remove traceui directory

* Remove circle build changes

* Fix feature toggles object

* Fix merge issues

* Add trace ui in Explore

* WIP

* WIP

* WIP

* Make jaeger datasource return trace data instead of link

* Allow js in jest tests

* Return data from Jaeger datasource

* Take yarn.lock from master

* Fix missing component

* Update yarn lock

* Fix some ts and lint errors

* Fix merge

* Fix type errors

* Make tests pass again

* Add tests

* Fix es5 compatibility

* Add header with minimap

* Fix sizing issue due to column resizer handle

* Fix issues with sizing, search functionality, duplicate react, tests

* Refactor TraceView component, fix tests

* Fix type errors

* Add dark theme styling

* Add tests for hooks

* More color changes

* Fix tests to deal with additional theme wrappers.

* Add memoization

* Fix duplicate identifier

Co-authored-by: David Kaltschmidt <david.kaltschmidt@gmail.com>
2020-04-15 16:04:01 +02:00
Andrej Ocenas
008bee8f27
Tracing: Adds header and minimap (#23315)
* Add integration with Jeager
Add Jaeger datasource and modify derived fields in loki to allow for opening a trace in Jager in separate split.
Modifies build so that this branch docker images are pushed to docker hub
Add a traceui dir with docker-compose and provision files for demoing.:wq

* Enable docker logger plugin to send logs to loki

* Add placeholder zipkin datasource

* Fixed rebase issues, added enhanceDataFrame to non-legacy code path

* Trace selector for jaeger query field

* Fix logs default mode for Loki

* Fix loading jaeger query field services on split

* Updated grafana image in traceui/compose file

* Fix prettier error

* Hide behind feature flag, clean up unused code.

* Fix tests

* Fix tests

* Cleanup code and review feedback

* Remove traceui directory

* Remove circle build changes

* Fix feature toggles object

* Fix merge issues

* Add trace ui in Explore

* WIP

* WIP

* WIP

* Make jaeger datasource return trace data instead of link

* Allow js in jest tests

* Return data from Jaeger datasource

* Take yarn.lock from master

* Fix missing component

* Update yarn lock

* Fix some ts and lint errors

* Fix merge

* Fix type errors

* Make tests pass again

* Add tests

* Fix es5 compatibility

* Add header with minimap

* Fix sizing issue due to column resizer handle

* Fix issues with sizing, search functionality, duplicate react, tests

* Refactor TraceView component, fix tests

* Fix type errors

* Add tests for hooks

Co-authored-by: David Kaltschmidt <david.kaltschmidt@gmail.com>
2020-04-08 17:16:22 +02:00
Alexander Zobnin
7afdfd2ef4
Okta OAuth provider (team sync support) (#22972)
* Okta OAuth support

* Chore: fix linter error

* Chore: move IsEmailAllowed to SocialBase

* Chore: move IsSignupAllowed to SocialBase

* Chore: review fixes

* Okta: support allowed_groups

* Okta: default config

* Chore: move extractEmail() to OktaClaims struct

* Chore: review fixes

* generic_oauth_test: Handle error cases

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* generic_oauth_test: Handle error cases

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Docs: Okta OAuth

* Chore: don't return expected errors from searchJSONForAttr

* Docs: role mapping

* Chore: review fixes (searchJSONForAttr)

* Docs: review fixes

* Update docs/sources/auth/okta.md

Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>

* Update docs/sources/auth/okta.md

Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>

* Chore: log error if searchJSONForAttr failed

* Docs: add Okta login link

* Docs: review fixes

* Docs: add reference to the org roles

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-04-02 17:35:48 +03:00
rtrompier
474dac1501
OAuth : Introduce new setting for configuring max age of OAuth state cookie (#23195)
* Cookie : Increase duration to avoid error

When using oauth2 authentication with multifactor, the 60s delay may be too short

* Introduce new setting for OAuth state cookie max age

Co-authored-by: Sofia Papagiannaki <sofia@grafana.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-03-30 17:44:58 +03:00
lfroment
72628c8ea0
Dashboard: Adds support for a global minimum dashboard refresh interval (#19416)
This feature would provide a way for administrators to limit the minimum 
dashboard refresh interval globally.
Filters out the refresh intervals available in the time picker that are lower 
than the set minimum refresh interval in the configuration .ini file
Adds the minimum refresh interval as available in the time picker.
If the user tries to enter a refresh interval that is lower than the minimum 
in the URL, defaults to the minimum interval.
When trying to update the JSON via the API, rejects the update if the 
dashboard's refresh interval is lower than the minimum.
When trying to update a dashboard via provisioning having a lower 
refresh interval than the minimum, defaults to the minimum interval 
and logs a warning. 

Fixes #3356

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2020-02-28 14:32:01 +01:00
Alexander Zobnin
f2fc7aa3aa
Azure OAuth: enable teamsync (#22160)
* Azure OAuth: extract groups from token for teamsync

* Docs: changed some headers

* Azure OAuth: fix tests

* Azure OAuth: fix linter error (simplify)

* Azure OAuth: add allowed_groups option

* Azure OAuth: docs for team sync and allowed_groups

* Azure OAuth: tests for allowed_groups

* Update docs/sources/auth/azuread.md

Co-Authored-By: Leonard Gram <leo@xlson.com>

Co-authored-by: Leonard Gram <leo@xlson.com>
2020-02-14 14:03:00 +03:00
twendt
ff6a082e23
Auth: Azure AD OAuth (#20030)
* Implement Azure AD oauth

* Use go-jose and cleanup

* Update go-jose in go.mod

* cleanup

* Add unit tests

* Fix scopes

* Add documentation page

* Improve documentation

* Convert extract_role into function.

* Do not use upn and replace unique_name with preferred_username

* Configure login button

* Use official microsoft icon and color from branding guideline.

* Add Azure AD config section in sample.ini.
2020-02-13 12:12:25 +03:00
Marcus Efraimsson
a1579283a6
Add disabled option for cookie samesite attribute (#21472)
Breaking change: If disabled the cookie samesite cookie attribute
will not be set, but if none the attribute will be set and is a
breaking change compared to before where none did not render the
attribute. This was due to a known issue in Safari.

Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

Fixes #19847
2020-01-14 17:41:54 +01:00
Sofia Papagiannaki
d135f1229d
Alerting: new min_interval_seconds options to enforce a minimum eval frequency (#21188)
* add min_interval_seconds setting to alerting config

It will let operator enforce a minimum time for the scheduler to enqueue evaluations

* Introduce UI modifications

* Update docs

Co-authored-by: Martin <uepoch@users.noreply.github.com>
2020-01-14 11:13:34 +02:00
Paul Emmerich
42032f6c03 ImgUploader: add support for non-amazon S3 (#20354)
* imguploader: add support for non-Amazon S3 endpoints and forcing of path-style S3 addressing

fixes #11240

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-01-02 15:10:20 +01:00
Alexander Morozov
06bf7e8ef1 OAuth: Removes send_client_credentials_via_post setting (#20044)
Removes send_client_credentials_via_post oauth setting and 
use auto-detect mechanism instead.
By these changes also fixes statichcheck errors

Ref #8968
2019-12-12 20:00:56 +01:00
Sofia Papagiannaki
21fed8c5f1
OAuth: Add missing setting from defaults.ini (#20691) 2019-11-27 11:08:08 +02:00
Marcus Efraimsson
4a2104a1de
Chore: Sync defaults.ini with sample.ini (#20645)
Make sure that configuration sections/keys from defaults.ini 
is mirrored in the sample.ini.

Fixes #20622
2019-11-26 17:14:26 +01:00
Thomas Casteleyn
9fa18a2df5 Configuration: Update root_url to reflect the default value (#20278) 2019-11-11 10:05:32 +01:00
Shavonn Brown
3e5abe7c21 Admin: Adds setting to disable creating initial admin user (#19505)
Adds a new setting disable_admin_user and when true the default 
admin user will not be created when Grafana starts for the first 
time (or no users exists in the system).

Closes #19038
2019-11-08 11:11:03 +01:00
Jon Gyllenswärd
3111c3620b AuthProxy: additions to ttl config change (#20249)
* fixes according to feedback

* additions to config and docs
2019-11-08 10:51:15 +01:00
Torkel Ödegaard
be2bf1a297
AuthProxy: Can now login with auth proxy and get a login token (#20175)
* AuthProxy: Can now login with auth proxy and get a login token

* added unit tests

* renamed setting and updated docs

* AuthProxy: minor tweak

* Fixed tests and namings

* spellfix

* fix

* remove unused setting, probably from merge conflict

* fix
2019-11-07 17:48:56 +01:00
Jon Gyllenswärd
53f8088316
Auth Proxy: replace ini setting ldap_sync_ttl with sync_ttl (#20191)
* Renamed ttl config in code to be more consistent with behaviour
* Introduced new setting `sync_ttl` in .ini file
* Keeping the old setting `ldap_sync_ttl` in the .ini file as fallback and compatibility.
2019-11-07 11:24:54 +01:00
Martin Reinhardt
7a3d1c0e4b OAuth: Generic OAuth role mapping support (#17149)
Adds support for Generic OAuth role mapping. A new 
configuration setting for generic oauth is added named 
role_attribute_path which accepts a JMESPath expression.
Only Grafana roles named Viewer, Editor or Admin are
accepted.

Closes #9766
2019-11-05 21:56:42 +01:00
Scott Brenner
aa87f62c3a Quick typo fix (#19759) 2019-10-11 14:57:29 +01:00
Marcus Efraimsson
75bf31b5c7
docs: image rendering (#19183)
Adds a new "Image Rendering" page in Administration section.
Updates configuration page with rendering settings and also 
default.ini and sample.ini.
Updates and cleanup pages that referencing image rendering.

Ref #18914
2019-09-17 19:24:03 +02:00
Marcus Efraimsson
80592e3361
Metrics: Adds setting for turning off total stats metrics (#19142)
Don't update total stats metrics if reporting is disabled.
New setting disable_total_stats for turning off update 
of total stats (stat_totals_*) metrics.

Ref #19137
2019-09-17 09:32:24 +02:00
Ryan McKinley
7d32caeac2 Transformers: configure result transformations after query(alpha) (#18740) 2019-09-09 08:58:57 +02:00
Marcus Efraimsson
964c2e722f
Snapshot: Fix http api (#18830)
(cherry picked from commit be2e2330f5)
2019-09-02 15:15:46 +02:00
Bob Shannon
056dbc7012 OAuth: Support JMES path lookup when retrieving user email (#14683)
Add support for fetching e-mail with JMES path

Signed-off-by: Bob Shannon <bobs@dropbox.com>
2019-08-26 18:11:40 +02:00
kay delaney
fb0cec5591
Backend: Adds support for HTTP/2 (#18358)
* Backend: Adds support for HTTP/2

* Adds mozilla recommended ciphers

* Updates sample.ini and config documentation
2019-08-16 16:06:54 +01:00
Kyle Brandt
f689b60426
remotecache: support SSL with redis (#18511)
* update go-redis lib from v2 -> v5
* add ssl option to the redis connection string
fixes #18498
2019-08-13 06:51:13 -04:00
Torkel Ödegaard
f68b8b73f0
LDAP: Align ldap example with the devenv testdata (#18343) 2019-08-02 12:00:13 +02:00
gotjosh
87a794fe0a
Docs: Update documentation with new SAML features (#18163)
* Update defaults.ini and sample.ini with the SAML assertion mapping
fields

* Document Grafana's ability to map ACS attributes while a Grafana user is created
2019-07-23 09:20:07 +01:00
Alexander Zobnin
e47546d529
Docs: SAML idp_metadata_url option (#18181) 2019-07-18 18:45:59 +03:00
gotjosh
d006f7c916
Docs: SAML (#18069)
* docs: Link to SAML docs and document configuration options

- Document configuration options `defaults.ini` and `sample.ini`
- Add the SAML documentation
- Link to the SAML documentation from "what's new in 6.3"
2019-07-17 13:46:51 +01:00
Oleg Gaidarenko
e2cf7c9698
LDAP: finishing touches (#17945)
* LDAP:Docs: `active_sync_enabled` setting

Mention `active_sync_enabled` setting and enable it by default

* LDAP: move "disableExternalUser" method

Idea behind new design of the LDAP module is to minimise conflation
between other parts of the system, so it would decoupled as much as
possible from stuff like database, HTTP transport and etc.

Following "Do One Thing and Do It Well" Unix philosophy principal, other things
could be better fitted on the consumer side of things.

Which what this commit trying to archive

* LDAP: correct user/admin binding

The second binding was not happening, so if the admin login/password
in LDAP configuration was correct, anyone could had login as anyone using
incorrect password
2019-07-05 17:49:00 +03:00
gotjosh
e6b8a1529b
SAML: Configuration defaults, examples and dependencies (#17954)
* Add SAML configuration options

* Add crewjam/saml as a depdency

Needed as part of the enterprise SAML integration.

* Vendor github.com/stretchr/testify/require

The package require implements the same assertions as the `assert` package but stops test execution when a test fails.
2019-07-05 11:27:14 +01:00
Torkel Ödegaard
57c220c93d
Docs: added version notice to new ldap feature docs (#17929) 2019-07-04 14:39:11 +02:00
Sofia Papagiannaki
dc9ec7dc91
Auth: Allow expiration of API keys (#17678)
* Modify backend to allow expiration of API Keys

* Add middleware test for expired api keys

* Modify frontend to enable expiration of API Keys

* Fix frontend tests

* Fix migration and add index for `expires` field

* Add api key tests for database access

* Substitude time.Now() by a mock for test usage

* Front-end modifications

* Change input label to `Time to live`
* Change input behavior to comply with the other similar
* Add tooltip

* Modify AddApiKey api call response

Expiration should be *time.Time instead of string

* Present expiration date in the selected timezone

* Use kbn for transforming intervals to seconds

* Use `assert` library for tests

* Frontend fixes

Add checks for empty/undefined/null values

* Change expires column from datetime to integer

* Restrict api key duration input

It should be interval not number

* AddApiKey must complain if SecondsToLive is negative

* Declare ErrInvalidApiKeyExpiration

* Move configuration to auth section

* Update docs

* Eliminate alias for models in modified files

* Omit expiration from api response if empty

* Eliminate Goconvey from test file

* Fix test

Do not sleep, use mocked timeNow() instead

* Remove index for expires from api_key table

The index should be anyway on both org_id and expires fields.
However this commit eliminates completely the index for now
since not many rows are expected to be in this table.

* Use getTimeZone function

* Minor change in api key listing

The frontend should display a message instead of empty string
if the key does not expire.
2019-06-26 09:47:03 +03:00
Oleg Gaidarenko
31d2905490 LDAP:Docs: add information on LDAP sync feature and update LDAP sync default (#17689)
* Docs: for LDAP active sync feature
2019-06-25 12:54:13 +02:00
Sergey Goppikov
dda8b731e8 Settings: Fix typo in defaults.ini (#17707)
`backround` -> `backGround`
2019-06-23 17:38:30 +02:00
Kyle Brandt
49f0f0e89e
config: fix connstr for remote_cache (#17675)
fixes #17643 and adds test to check for commented out lines (but will only catch `;`, not `#`).
2019-06-20 10:15:21 -04:00
Oleg Gaidarenko
1c08e58605
LDAP: small improvements to various LDAP parts (#17662)
* Add multildap config example

* Publicize mocks for multildap module
2019-06-19 15:46:04 +02:00
Kyle Brandt
599514ad68
middleware: add security related HTTP(S) response headers (#17522)
* x_xss_protection
  * strict_transport_security (HSTS)
  * x_content_type_options

these are currently defaulted to false (off) until the next minor release.

fixes #17509
2019-06-12 13:15:50 +02:00
Kyle Brandt
c09fe3c3b4
remote_cache: Fix redis (#17483)
* wip: fix remote cache for redis
connstr parsing and non-negative expires for #17377
TODO: finish parse, check zero case, find out why negative duration in the first place

* finish parse.
Still TODO, find out negative value, and decide if would be better to make database specific entries in the .ini file

* update ini files

* remove accidental uncomment in defaults.ini

* auth_proxy: expiration non-negative so expiration is not in the past

* fix test, revert neg in redis

* review: use errutil
2019-06-10 15:27:08 +02:00
Tom McClellan
34f314552d Config: Add comment before log_queries in sample ini file (#17462) 2019-06-06 11:13:27 +02:00
Jonathan Rockway
02975256d1 Tracing: allow propagation with Zipkin headers (#17009)
Closes #17006
2019-06-05 13:12:05 +02:00
Abhilash Gnan
04d473b3e5 HTTP Server: Serve Grafana with a custom URL path prefix (#17048)
Adds a new [server] setting `serve_from_sub_path`. By enabling 
this setting and using a subpath in `root_url` setting, e.g.
`root_url = http://localhost:3000/grafana`, Grafana will be accessible 
on `http://localhost:3000/grafana`. By default it is set to `false` 
for compatibility reasons.

Closes #16623
2019-05-27 17:47:29 +02:00
Marcus Efraimsson
1c1427520d
Security: Add new setting allow_embedding (#16853)
When allow_embedding is false (default) the Grafana backend 
will set the http header `X-Frame-Options: deny` in all responses 
to non-static content which will instruct browser to not allow 
Grafana to be embedded in `<frame>`, `<iframe>`, 
`<embed>` or `<object>`.

Closes #14189
2019-05-06 09:56:23 +02:00
Oleg Gaidarenko
66c9297c36
Feature: introduce LdapActiveSyncEnabled setting (#16787)
* Feature: introduce LdapActiveSyncEnabled setting

We probably remove it after the active sync is done.
But at the moment we do not want to affect the current users
with not fully tested feature

* Chore: move settings in more logical order
2019-04-27 09:03:59 +03:00
Oleg Gaidarenko
62b85a886e
LDAP Refactoring to support syncronizing more than one user at a time. (#16705)
* Feature: add cron setting for the ldap settings

* Move ldap configuration read to special function

* Introduce cron setting (no docs for it yet, pending approval)

* Chore: duplicate ldap module as a service

* Feature: implement active sync

This is very early preliminary implementation of active sync.
There is only one thing that's going right for this code - it works.

Aside from that, there is no tests, error handling, docs, transactions,
it's very much duplicative and etc.

But this is the overall direction with architecture I'm going for

* Chore: introduce login service

* Chore: gradually switch to ldap service

* Chore: use new approach for auth_proxy

* Chore: use new approach along with refactoring

* Chore: use new ldap interface for auth_proxy

* Chore: improve auth_proxy and subsequently ldap

* Chore: more of the refactoring bits

* Chore: address comments from code review

* Chore: more refactoring stuff

* Chore: make linter happy

* Chore: add cron dep for grafana enterprise

* Chore: initialize config package var

* Chore: disable gosec for now

* Chore: update dependencies

* Chore: remove unused module

* Chore: address review comments

* Chore: make linter happy
2019-04-26 15:47:16 +03:00
Oleg Gaidarenko
78cd9058a3
Feature: add cron setting for the ldap settings (#16673)
* Feature: add cron setting for the ldap settings

* Move ldap configuration read to special function

* Introduce cron setting (no docs for it yet, pending approval)

* Chore: address code review comments
2019-04-25 17:12:56 +03:00
Josh
fca5ee4bea Provisioning: Support FolderUid in Dashboard Provisioning Config (#16559)
* add folderUid to DashbaordsAsConfig structs and DashbardProviderConfigs struct, set these values in mapping func
look for new folderUid values in config_reader tests
set dashboard folder Uid explicitly in file_reader, which has no affect when not given

* formatting and docstrings

* add folderUid to DashbaordsAsConfig structs and DashbardProviderConfigs struct, set these values in mapping func
look for new folderUid values in config_reader tests
set dashboard folder Uid explicitly in file_reader, which has no affect when not given

* formatting and docstrings

* add folderUid option, as well as documentation for the rest of the fields

* add blank folderUid in devenv example.

* add folderUid to provisioning sample yaml

* instead of just warning, return error if unmarshalling dashboard provisioning file fails

* Removing the error handling and adding comment

* Add duplicity check for folder Uids


Co-authored-by: swtch1 <joshua.thornton@protonmail.com>
2019-04-24 08:57:42 +02:00
Oleg Gaidarenko
db584b3d28
Chore: remove session storage references (#16445)
* Chore: remove session storage references

* Small refactoring of the settings module

* Update docs - remove references for the session storage

* Update config files (sample and default configs)

* Add tests for warning during the config load on defined storage cache

* Remove all references to session storage

* Remove macaron session dependency

* Remove leftovers

* Fix: address review comments

* Fix: remove old deps

* Fix: add skipStaticRootValidation = true to tests

* Fix: improve the docs and warning message

As per discussion in here - https://github.com/grafana/grafana/pull/16445/files#r273026255

* Chore: make linter happy

Fixes #16148
Ref #16114
2019-04-22 18:58:24 +03:00
Carl Bergquist
490515aec6
build: partially replace gometalinter with golangci-lint (#16610)
we still use gometalinter for goconst since it doesn't 
report errors for duplicated in test files
2019-04-16 10:27:07 +02:00
Ryan McKinley
3c21a121eb Plugins: Unifying alpha state & options for all plugins (#16530)
* app pages

* app pages

* workign example

* started alpha support

* remove app stuff

* show warning on alpha/beta panels

* put app back on plugin file

* fix go

* add enum for PluginType and PluginIncludeType

* Refactoring and moving settings to plugins section

fixes #16529
2019-04-12 13:46:42 +02:00
kleph
7ddb770e3b Configuration: Improve session_lifetime comments (#16238) 2019-03-29 13:10:20 +07:00
Zzy
1b84a924a3 Alerting: Makes timeouts and retries configurable (#16259)
Adds new alert settings for configuring timeouts and retries named 
evaluation_timeout_seconds, notification_timeout_seconds 
and max_attempts.

Closes #16240
2019-03-29 12:58:37 +07:00
Oleg Gaidarenko
04b3afcd15
Chore: Implement revive (#16200)
Since we do not like some of the default golint rules,
this commit proposes to use https://github.com/mgechev/revive.

And potential revive speed-up should't hurt :).

Right now, presented config (./conf/revive.toml) is permissive,
we might improve it over time however. Fixes for found revive
issues in the code are very limited so it wouldn't be large to review.

Also in this commit:

* Add annotations for makefile commands and declare phony targets

* Rename "gometalinter" script and CI command to "lint"
  since we are doing there a bit more then using gometalinter package

* Add Makefile rules to .editorconfig

* Documentation which mentioned "golint" replaced with revive

Fixes #16109
Ref #16160
2019-03-27 17:53:49 +01:00
Hugo Häggmark
a90b3e331e config: updated feature toggle name 2019-03-19 13:59:39 +01:00
Andrej Ocenas
697a87b7b2 Add check so that header is not sent for anonymous users 2019-03-14 16:33:21 +01:00
Andrej Ocenas
bbdc1c0e64 Add custom header with grafana user and a config switch for it 2019-03-14 16:33:19 +01:00
Carl Bergquist
291ffcb75b
Merge pull request #15457 from bergquist/distributed_cache
Distributed cache
2019-03-14 16:16:39 +01:00
Torkel Ödegaard
06f7a49a61 Refactoring / fixing password hint PR #15868 2019-03-11 13:33:57 +01:00
bergquist
7e7427637c renames distcache -> remotecache 2019-03-11 10:49:55 +01:00
bergquist
daa3b17951 code layouts and comments 2019-03-11 10:49:42 +01:00
bergquist
98f5432659 memcache -> memcached
https://github.com/memcached/memcached
2019-03-11 10:49:09 +01:00
bergquist
196cdf9710 adds config to default settings 2019-03-11 10:49:09 +01:00
Woodward, Joshua
946e542412 Make password hint configurable from settings/defaults.ini 2019-03-07 14:00:04 -08:00
Hugo Häggmark
8f62082482 Added feature toggle to defaults.ini and sample.ini after PR comments 2019-02-22 14:39:22 +01:00
bergquist
170783c292 make hourly cleanup the default behavior 2019-02-07 10:51:35 +01:00
Marcus Efraimsson
1a140ee199
run token cleanup job when grafana starts, then each hour 2019-02-06 22:27:08 +01:00
Marcus Efraimsson
85ef2ca738
fix spelling 2019-02-06 09:43:45 +01:00
Marcus Efraimsson
3c2fd02bc0
refactor login/auth token configuration settings
remove login section and reuse existing sections security and auth
2019-02-05 21:09:55 +01:00
bergquist
a6bd2c73a0 introduce samesite setting for login cookie
ref #15067
2019-02-01 11:47:21 +01:00
Carl Bergquist
c6f80ecec2
Merge pull request #14229 from pbakulev/configurable-alert-notification
Configurable alert notification
2019-01-28 22:47:12 +01:00
bergquist
8f0e65a150 renames alert_notifications -> notifiers 2019-01-28 20:39:09 +01:00
Marcus Efraimsson
f701c610fb
Merge pull request #15054 from RangerRick/master
add global datasource proxy timeout setting
2019-01-28 18:21:27 +01:00
bergquist
6a8643b3d1 Merge branch 'master' into configurable-alert-notification
* master: (250 commits)
  Firing off an action instead of listening to location changes
  Changes after PR Comments
  Made ExplorerToolbar connected and refactored away responsabilities from Explore
  Removed some split complexity
  Fixed some more styling
  Fixed close split look and feel
  Fixed position of Closesplit
  Fixed small issue with TimePicker dropdown position
  Simplified some styles and dom elements
  Fixed some more with the sidemenu open and smaller screens
  Fixed so heading looks good with closed sidemenu
  Restructure of component and styling
  Refactored out ExploreToolbar from Explore
  Fixed reinitialise of Explore
  changelog: add notes about closing #13929
  changelog: add notes about closing #14558
  changelog: add notes about closing #14484
  changelog: add notes about closing #13765
  changelog: add notes about closing #11503
  changelog: add notes about closing #4075
  ...
2019-01-28 14:16:43 +01:00
bergquist
6e672eb291 enable explore by default
closes #15037
2019-01-28 13:02:54 +01:00
Marcus Efraimsson
e4924795a2
change default rotate_token_minutes to 10 minutes 2019-01-25 13:30:26 +01:00
Benjamin Reed
9108fd1b9d add global datasource proxy timeout setting
closes grafana#5699
2019-01-24 14:06:48 -05:00
bergquist
d6edaa1328 moves cookie https setting to [security] 2019-01-24 19:04:58 +01:00
bergquist
9153b6ed96 improves readability of loginping handler 2019-01-24 15:17:09 +01:00