* Fix swagger generation targer using mac
Validate using the swagger binarry instead of the docker container
* API: Make swagger specification more consistent
Fix operation parameter ordering
* Public dashboard query API
* Create new API on service for building metric request
* Flesh out testing, implement BuildPublicDashboardMetricRequest
* Test for errors and missing panels
* WIP: Test for multiple datasources
* Refactor tests, add supporting code for multiple datasources
* Gets the panel data from the pubdash query api
* Adds tests to make sure we get the correct api url from retrieving panel data
* Public dashboard query API
* Create new API on service for building metric request
* Flesh out testing, implement BuildPublicDashboardMetricRequest
* Test for errors and missing panels
* WIP: Test for multiple datasources
* Refactor tests, add supporting code for multiple datasources
* Handle queries from multiple datasources
* Replace dashboard time range with pubdash time range settings
* Fix comments from review, build failure
* removes changes to DataSourceWithBackend.ts regarding getting the pubdash panel query url. Going to do this in a new class, PublicDashboardDataSource.ts
* Include pubdash Uid in dashboard meta
* Creates new PublicDashboardDataSource.ts and adds test
* Passes pubdash uid down to PanelQueryRunner.ts to a PublicDashboardDatasource can be chosen when were looking at a public dashboard
* removes comment
* checks for error when unmarshalling json
* Only replace dashboard time settings with pubdash time settings when pubdash time settings exist
* formatting and added comment
Co-authored-by: Jesse Weaver <jesse.weaver@grafana.com>
Co-authored-by: Jeff Levin <jeff@levinology.com>
This PR adds endpoints for public dashboards to retrieve data from the backend (trusted) query engine. It works by executing queries defined on the backend without any user input and does not support template variables.
* Public dashboard query API
* Create new API on service for building metric request
* Flesh out testing, implement BuildPublicDashboardMetricRequest
* Test for errors and missing panels
* Refactor tests, add supporting code for multiple datasources
* Handle queries from multiple datasources
* Explicitly pass no user for querying public dashboard
Co-authored-by: Jeff Levin <jeff@levinology.com>
* Query history: Add swagger definitions
* Update
* Remove changes in generated files
* Generate api files
* Add query history into api docs
* Add examples for commands
* Add missing parameters
* Generate api-spec and api-merged
* Fix linting
* Fix showing of example of queries
* Revert "Fix showing of example of queries"
This reverts commit b1eb073fbe.
* Update
* Update
* Feature Flags: introduce a flag for enabling the Data Connections page
* Feature Flags: generate schemas
* Navigation: add navigation weight for the Data Connections page
* NavLink: add a comment pointing out where icon names can be looked up
* NavTree: add a new page called Data Connections
* fix(Api): prefix the navigation IDs with the parent ("data-connections")
* feat(Frontend): add a basic page with four tabs
* feat(Plugins): add a hook for importing an app plugin
* feat(Plugins): add a component for loading app plugins anywhere
* feat(Data Connections): load the cloud-onboarding app under the "Cloud onboarding" tab
* feat(Data Connections): generate a proper nav model to highlight active tabs
* test(Data Connections): add tests
* refactor(Data Connections): update temporary text content
This is only used as a placeholder until the tabs are under development.
* refactor(Data Cnnnections): move /pages to /tabs
* refactor(Data Connections): remove the `types.ts` file as it is not referenced by any module
* feat(Data Connections): only register routes if feature is enabled
* Remove dashbpard version from models
* Fix lint
* Fix api & sqlstore tests
* Remove integration tags
* Fix lint again
* Add integration test to correct namespace
* Lont fix 2
* Change Id to ID in dashVersionMeta
* Inject access control into dashboard service
* Add function to parse id scopes
* Add dashboard as return value
* Update mock
* Return only err to keep service interface
* Add scope resolvers for dashboard id scopes
* Add function to parse uid scopes
* Add dashboard uid scope resolver
* Register scope resolvers for dashboards
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Remove crufty scuemata bits
Buhbye to: cue/ dir with old definitions, CI steps for checking unnecessary
things, and the original dashboard scuemata file.
* Remove grafana-cli cue subcommand
* Remove old testdata
* Don't swallow errors from codegen
* Small nits and tweaks to cuectx package
* WIP - refactor pluggen to use Thema
Also consolidate the embed.FS in the repo root.
* Finish halfway rename
* Convert all panel models.cue to thema
* Rewrite pluggen to use Thema
* Remove pkg/schema, and trim command
* Remove schemaloader service and usages
Will be replaced by coremodel-centric hydrate/dehydrate system Soon™.
* Remove schemaloader from wire
* Remove hangover field on histogram models.cue
* Fix lint errors, some vestiges of trim service
* Remove unused cuetsify cli command
* When getting a public dashboard, backend returns a response structured the same as when you get a regular dashboard
* Updates backend tests for getting public dashboard
* Frontend can load the public dashboard based on the pubdash uid provided
* adds frontend test to make sure public dashboard doesnt render toolbar and submenu
* sorts imports
This PR adds endpoints for saving and retrieving a public dashboard configuration and and api endpoint to retrieve the public dashboard.
All of this is highly experimental and APIs will change. Notably, we will be removing isPublic from the dashboard model and moving it over to the public dashboard table in the next release.
Further context can be found here: https://github.com/grafana/grafana/pull/49131#issuecomment-1145456952
* add isPublic to dashboard
* refactor routes to use route group and add placeholder method for sharing apii
* add sharing pane and utils for public dashboard config to sharing modal
* Sharing modal now persists data through the api
* moves ShareDashboard endpoint to new file and starts adding tests
* generates mocks. Adds tests for public dashboard feature flag
* Adds ability to pass in array of features to enable for the test
* test to update public flag on dashboard WIP
* Adds mock for SaveDashboardSharingConfig
* Fixes tests. Had to use FakeDashboardService
* Adds React tests for public dashboards toggle
* removes semicolons
* refactors SharePublic component to use hooks
* rename from `share publicly` to `public dashboard config`
* checkpoint. debugging tests. need to verify name changes
* checkpoint. test bugs fixed. need to finish returning proper response codes
* finish renaming. fix test
* Update pkg/api/api.go
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* update backend url
* rename internal objects and commands. fix configuration modal labels
* add endpoint for retrieving public dashboard configuration and populate the frontend state from it
* add test for dashboardCanBePublic
* adds backend routes
* copy DashboardPage component into component for public dashboards. WIP
* adds react routes, and doesnt render main nav bar when viewing a public route
* removes extra react route from testing
* updates component name
* Wrap the original dashboard component so we can pass props relevant to public dashboards, turn kiosk mode on/off, etc
* Wraps DashboardPage in PublicDashboardPage component. DashboardPage gets rendered in kiosk mode when public prop is passed.
* removes commented out code from exploratory work
* Makes public dashboard routes require no auth
* extracts helper to own util file to check if were viewing a public page
* Hides panel dropdown when its being viewed publicly
* formatting
* use function from utils file for determining if publicly viewed. If public, hides app notifications, searchwrapper, and commandpalette.
* adds unit tests for util function used to see if page is being viewed publicly
* cant added annotations to panel when being publicly viewed
* removes useless comment
* hides backend and frontend pubdash routes behind feature flag
* consider feature flag when checking url path to see if on public dashboard
* renames function
* still render app notifications when in public view
* Extract pubdash route logic into own file
* fixes failing tests
* Determines path using location locationUtils. This covers the case when grafana is being hosted on a subpath. Updates tests.
* renames pubdash web route to be more understandable
* rename route
* fixes failing test
* fixes failing test. Needed to update pubdash urls
* sets flag on grafana boot config for if viewing public dashboard. Removes hacky check that looks at the url
* fixes failing tests. Uses config to determine if viewing public dashboard
* renders the blue panel timeInfo on public dashboard panel
* Extracts conditional logic for rendering components out into their own functions
* removes publicDashboardView check, and uses dashboard meta instead
* the timeInfo is always displayed on the panel
* After fetch of public dashboard dto, the meta isPublic flag gets set and used to determine if viewing public dashboard for child components. Fixes tests for PanelHeader.
* Fixes failing test. Needed to add isPublic flag to dashboard meta.
Co-authored-by: Jeff Levin <jeff@levinology.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Split GetDashboarVersions method
* Add sqlstore dialect and tests
* Fix signature of PAtchPreference
* Add GetDialect to sqlstore and remove GetDashboardVersions
* Add GetDialect to db interface
* Implement List
* add deleted test function
* Remove GetDialect from sqlstore interface
* Remove deleted method from mock
* Refactor test
* API: Migrate CSRF to service and support additional options
* minor
* public Csrf service to use in tests
* WIP
* remove fmt
* comment
* WIP
* remove fmt prints
* todo add prefix slash
* remove fmt prints
* linting fix
* remove trimPrefix
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>
* update action names
* correctly retrieve teams for signed in user
* remove test
* undo swagger changes
* undo swagger changes pt2
* add migration from old action names to the new ones
* rename from list to read
* linting
* also update alertign actions
* fix migration
* backend/sqlstore split: remove unused GetDashboardPermissionsForUser from sqlstore
* remove debugging line
* backend/sqlstore: move dashboard permission related functions to dashboard service
* ServiceAccounts: refactor ServiceAccountRoleRow
* Refactor ServiceAccountRoleRow
* Refactor ServiceAccountProfile
* Refactor components
* Change service accounts icon
* Refine service accounts page header
* Improve service accounts filtering
* Change delete button style
* Tweak account id
* Auto focus name field when create service account
* Add disable/enable button
* Enable/disable service accounts
* Optimize updating service account (do not fetch all)
* Remove status column (replace by enable/disable button)
* Add banner with service accounts description
* Add tokens from main page
* Update tokens count when add token from main page
* Fix action buttons column
* Fix tokens count when change role
* Refine table row classes
* Fix buttons
* Simplify working with state
* Show message when service account updated
* Able to filter disabled accounts
* Mark disabled accounts in a table
* Refine disabled account view
* Move non-critical components to separate folder
* Remove confusing focusing
* Fix date picker position when creating new token
* DatePicker: able to set minimum date that can be selected
* Don't allow to select expiration dates prior today
* Set tomorrow as a default token expiration date
* Fix displaying expiration period
* Rename Add token button
* Refine page styles
* Show modal when disabling SA from main page
* Arrange role picker
* Refine SA page styles
* Generate default token name
* More smooth navigation between SA pages
* Stop loading indicator in case of error
* Remove legacy styles usage
* Tweaks after code review
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Get rid of useDisapatch in favor of mapDispatchToProps
* Tests for ServiceAccountsListPage
* Tests for service account page
* Show new role picker only with license
* Get rid of deprecated css classes
* Apply suggestion from code review
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Fix service accounts icon
* Tests for service account create page
* Return service account info when update
* Add behaviour tests for ServiceAccountsListPage
* Fix disabled cursor on confirm button
* More behavior tests for service account page
* Temporary disable service account migration banner
* Use safe where condition
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Apply review suggestions
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Remove autofocus from search
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Preferences: Fix PUT for Navbar and Query History
* Update linting
* Fix linting
* Use models defined in preference package in preferences
* Remove white space
* Revert "Use models defined in preference package in preferences"
This reverts commit 6f7aa9f8d3.
* grant data source reader to all users when running oss or enterprise
without license
* fix asserts in alerting tests
* add oss licensing service for test setup
* fix tests to pass in enterprise
* lint
* fix tests
* set setting.IsEnterprise flag for tests
Co-authored-by: Yuriy Tseretyan <yuriy.tseretyan@grafana.com>
* Add store split for Get Dashboard version method
* Implement dashboard version service
* Fix api tests
* Remove GetDashboarVersion from sqlstore
* Add fakes for Get dashboard version
* Fix sqlstore test
* Add Get Dashboard store test
* Add dashver service test
* Remove useless comments
* pkg/web: store http.Handler internally
* pkg/web: remove injection
Removes any injection code from pkg/web.
It already was no longer functional, as we already only injected into
`http.Handler`, meaning we only inject ctx.Req and ctx.Resp.
Any other types (*Context, *ReqContext) were already accessed using the
http.Request.Context.Value() method.
* *: remove type mappings
Removes any call to the previously removed TypeMapper, as those were
non-functional already.
* pkg/web: remove Context.Invoke
was no longer used outside of pkg/web and also no longer functional
* switch saved items to starred items
* hook up redux properly
* Better query + hook up DashList
* update initial state so it's never undefined
* update GetDashboard call
* use new star service
* add scroll + maxwidth to navbar hover menu, sort starred items alphabetically
* increase height, revert changes to CustomScrollbar
* ellipsis!
* update starred dashboard name in navtree
* sort after renaming
* limit to first 50 starred dashboards found
* chore: replace handmade FakeDashboardService with generated mock
Maintaining a handcrafted FakeDashboardService is not sustainable now that we are in the process of moving the dashboard-related functions out of sqlstore.
* remove dialect global variable
* Add database migrations
* Use short uids as data key ids
* Add support for manual data key rotation
* Fix duplicated mutex unlocks
* Fix migration
* Manage current data keys per name
* Adjust key re-encryption and test
* Modify rename column migration for MySQL compatibility
* Refactor secrets manager and data keys cache
* Multiple o11y adjustments
* Fix stats query
* Apply suggestions from code review
Co-authored-by: Tania <yalyna.ts@gmail.com>
* Fix linter
* Docs: Rotate data encryption keys API endpoint
Co-authored-by: Tania <yalyna.ts@gmail.com>
* Add coremodelValidation feature flag
* coremodels: use stubs when feature flag is off
* api: validate dashboards on save
* Need pointer receiver for FeatureManager
* Update dashboard Go model
* Align doc comments
* Include CoremodelRegistry in test
* Wedge coremodel in on all test cases, ugh
* Ugh fix comment again
* Update pkg/framework/coremodel/staticregistry/provide.go
Co-authored-by: Artur Wierzbicki <wierzbicki.artur.94@gmail.com>
* Update Thema (and its deps) for better errs
* omg whitespace
Co-authored-by: Artur Wierzbicki <wierzbicki.artur.94@gmail.com>
Makes `pkg/web` only accept handles from the following set:
```go
handlerStd = func(http.ResponseWriter, *http.Request)
handlerStdCtx = func(http.ResponseWriter, *http.Request, *web.Context)
handlerStdReqCtx = func(http.ResponseWriter, *http.Request, *models.ReqContext)
handlerReqCtx = func(*models.ReqContext)
handlerReqCtxRes = func(*models.ReqContext) Response
handlerCtx = func(*web.Context)
```
This is a first step to reducing above set to only `http.Handler`.
---
Due to a cyclic import situation between `pkg/models` and `pkg/web`, parts of this PR were put into `pkg/api/response`, even though they definitely do not belong there. This however is _temporary_ until we untangle `models.ReqContext`.
* introduce a fallback handler that checks that role is Viewer.
* update UI nav links to allow alerting tabs for anonymous user
* update rule api to check for Viewer role instead of SignedIn when RBAC is disabled
adds toggle to make a dashboard public
* config struct for public dashboard config
* api endpoints for public dashboard configuration
* ui for toggling public dashboard on and off
* load public dashboard config on share modal
Co-authored-by: Owen Smallwood <owen.smallwood@grafana.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* rename folder to match package name
* backend/sqlstore: move GetDashboard into DashboardService
This is a stepping-stone commit which copies the GetDashboard function - which lets us remove the sqlstore from the interfaces in dashboards - without changing any other callers.
* checkpoint: moving GetDashboard calls into dashboard service
* finish refactoring api tests for dashboardService.GetDashboard
* Refactor: Add UID endpoint for dashboard versions and restore
* Fix: User dashID instead of dash.id
* 💩
* Move apiCmd error handling outside of dashUID check
* fix the panic in test
* Fix handler and update docs
Co-authored-by: Kat Yang <yangkb09@users.noreply.github.com>
* Docs: add deprecated warning to restore and version docs
* Fix hyperlink text
* Add swagger endpoints for restore and versions
* Add deprecated tag on swagger for both endpoints
* Fix: Update access control to be dashboards
* Return UID in response; Update docs to reflect this; Implement Ying suggestion
* Update docs/sources/http_api/dashboard_versions.md
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Update pkg/models/dashboard_version.go
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Update pkg/models/dashboard_version.go
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Update query to refer to DashboardUID
Co-authored-by: Ying WANG <ying.wang@grafana.com>
Co-authored-by: Sofia Papagiannaki <sofia@grafana.com>
Co-authored-by: Kat Yang <yangkb09@users.noreply.github.com>
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Refactor: Add UID endpoint for get dashboard version
* Add initial docs language
* Add new endpoint in swagger
* Change access control to dashboards
* Add parameters to swagger endpoint
* Return UID in response; Update docs to reflect this; Implement Ying suggestion
* Update docs/sources/http_api/dashboard_versions.md
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Update pkg/api/api.go
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Update pkg/models/dashboard_version.go
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Rename UID to DashboardUID for clarity; use dashUID in method
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Add RBAC section to settings
* Default to RBAC enabled settings to true
* Update tests to respect RBAC
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Only require create and permissions for new data source page
* Let users with permissions to create data sources list non-core plugins
* Keep the admin check as fallback when using rbac as well
* Add SQL filter for global user search
* Remove scope requirements from endpoints
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Remove banner when missing permissions to list users
* For OSS allow users to list other users if they have permissions to
write either team, dashboard or folder permissions
* reduce the usage of access control flag further by removing it from SQL store methods
* fixing tests
* fix another test
* linting
* remove AC feature toggle use from API keys
* remove unneeded function
* feature toggles
* return HTTP 207 from ds/query
* add ft check
* add API test
* add 207 check for qr
* change to OR
* revert check
* add explicit toggle check for cloudwatch
* remove unused import
* remove from defaults.ini
* add status codes to md and update swagger
* new fangled http api tests pattern
* update swagger
* Update docs/sources/http_api/data_source.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* add missing word and reformat
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Fix secure json data reset on datasource update
* Update fillWithSecureJSONData to use DecryptedValues
* Remove unecessary conversion
* Move fillWithSecureJsonData logic to datasource service
* Add sanity check for nil secure json data
* replace dashboardid with dashboardUID in annotation API
* add some tests
* modify some docs and add uid into get endpoint
* rebase with main
* add map for avoiding too much retrieve on dashboards
* Move ApiKeyDTO to dtos package
* Add access control filter to api keys
* pass user in GetApiKeysQuery
* Add api key metadata to DTO
* Remove scope all requirement from get api keys endpoint
* Handle api key access control metadata in frondend
* #45498: add entity events table
* #45498: add entity events service
* #45498: hook up entity events service to http server
* #45498: use `dashboards.id` rather than `uid` and `org_id` in grn
* Update pkg/services/entityevents/service.go
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* #45498: move entityeventsservice to services/store
* #45498: add null check
* #45498: rename
* #45498: fix comment
* #45498: switch grn back to uid
* Search: listen for updates (#47719)
* #45498: wire entity event service with searchv2
* load last event id before building index for org 1
* fix service init in integration tests
* depend on required subset of event store methods
* Update pkg/services/sqlstore/migrations/entity_events_mig.go
Co-authored-by: Alexander Emelin <frvzmb@gmail.com>
* #45498: pointer receiver
* #45498: mockery!
* #45498: add entity events service to background services
* dashboard query pagination, allow queries while re-indexing
* log level cleanups, use rlock, add comments
* fix lint, check feature toggle in search v2 service
* use unix time for event created column
* add missing changes for created column
* fix integration tests init
* log re-index execution times on info level
* #45498: fix entityEventsService tests
* #45498: save events on dashboard delete
* use camel case for log labels
* formatting
* #45498: rename grn to entityid
* #45498: add `IsDisabled` to entityEventsService
* #45498: remove feature flag from migration
* better context usage, fix capacity, comments/cleanups
* replace print with logger
* Revert "#45498: remove feature flag from migration"
This reverts commit ed23968898.
* revert:revert:revert conditional feature flag
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
Co-authored-by: Alexander Emelin <frvzmb@gmail.com>
* Add test for decrypted values on datasource service
* Add debug log when fail to parse secure json fields
* Fix minor import issue
* Refactor encJson to json and simplejson to sjson on tests
* wip: Implement kvstore for secrets
* wip: Refactor kvstore for secrets
* wip: Add format key function to secrets kvstore sql
* wip: Add migration for secrets kvstore
* Remove unused Key field from secrets kvstore
* Remove secret values from debug logs
* Integrate unified secrets with datasources
* Fix minor issues and tests for kvstore
* Create test service helper for secret store
* Remove encryption tests from datasources
* Move secret operations after datasources
* Fix datasource proxy tests
* Fix legacy data tests
* Add Name to all delete data source commands
* Implement decryption cache on sql secret store
* Fix minor issue with cache and tests
* Use secret type on secret store datasource operations
* Add comments to make create and update clear
* Rename itemFound variable to isFound
* Improve secret deletion and cache management
* Add base64 encoding to sql secret store
* Move secret retrieval to decrypted values function
* Refactor decrypt secure json data functions
* Fix expr tests
* Fix datasource tests
* Fix plugin proxy tests
* Fix query tests
* Fix metrics api tests
* Remove unused fake secrets service from query tests
* Add rename function to secret store
* Add check for error renaming secret
* Remove bus from tests to fix merge conflicts
* Add background secrets migration to datasources
* Get datasource secure json fields from secrets
* Move migration to secret store
* Revert "Move migration to secret store"
This reverts commit 7c3f872072.
* Add secret service to datasource service on tests
* Fix datasource tests
* Remove merge conflict on wire
* Add ctx to data source http transport on prometheus stats collector
* Add ctx to data source http transport on stats collector test
* Replace sequential IDs with UID for dashboard permossion
* Add back endpoint with id
* Rename parameter from dashboarUid->uid and add swagger definitions for endpoints
* Generate swagger json
* Add deprecated to swagger and docs
* Add deprecated comment in the api.go
* Add model for POST body
* Fix model post body for endpoint
* Generate spec with enterprise
* Implement preference service
* Adjust wire.go
* Fix integration test user
* Fix api pref tests
* Fix a11y error
Co-authored-by: Alexandra Vargas <alexa1866@gmail.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Update API Keys UI to adjust based on users permissions
Since API Keys support now RBAC we need to ensure that UI
is adjusted based on the user permissions.
* Applying PR suggestions
* use common traceID context value for opentracing and opentelemetry
* support sampled trace IDs as well
* inject traceID into NormalResponse on errors
* Finally the test passed
* fix the test
* fix linter
* change the function parameter
Co-authored-by: Ying WANG <ying.wang@grafana.com>
* forbid setting role higher than user's role
* change response code
* can assign API key permissions to non-admin users
* add: assign viewer role directly upon creation
* refactor: add AddSATcommand infavor of AddAPIkey
* refactor: frontend fixes for ServiceAccountToken
Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
* Nav: Show overlay icons based on allowed list
* user essentials mob! 🔱
* Navigation: clean up and use new backend prop to show plus icons and
improve visual styling
* Nav: Fix top padding
* refactor to not use showIconInNavbar in NavBarMenuItem
* remove a missed bit
* refactor icon into const
Co-authored-by: Ashley Harrison <ashley.harrison@grafana.com>
* Update golangci-lint to v1.45.2
Version 1.45.0 added support for Go 1.18:
https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md#v1450
Signed-off-by: Marcelo E. Magallon <marcelo.magallon@grafana.com>
* Linter: fix some lints issue for golangci-lint version 1.45.2
Co-authored-by: Marcelo E. Magallon <marcelo.magallon@grafana.com>
Co-authored-by: Gábor Farkas <gabor.farkas@gmail.com>
* AccessControl: Make the built-in role definitions public
* Add context to RegisterFixedRoles
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Making BuiltInRolesWithParents public to the AccessControl package
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* pass in user to attribute scope resolver
* add SQL filter to annotation listing
* check annotation FGAC permissions before exposing them for commenting
* remove the requirement to be able to list all annotations from annotation listing endpoint
* adding tests for annotation listing
* remove changes that got moved to a different PR
* unused var
* Update pkg/services/sqlstore/annotation.go
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* remove unneeded check
* remove unneeded check
* undo accidental change
* undo accidental change
* doc update
* move tests
* redo the approach for passing the user in for scope resolution
* accidental change
* cleanup
* error handling
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
For a proxied request, e.g. Grafana's datasource or plugin proxy:
If the request is cancelled, e.g. from the browser, the HTTP status code is
now 499 Client closed request instead of 502 Bad gateway.
If the request times out, e.g. takes longer time than allowed, the HTTP status
code is now 504 Gateway timeout instead of 502 Bad gateway.
This also means that request metrics and logs will get their status codes
adjusted according to above.
Fixes#46337Fixes#46338
* add FGAC actions for silences table
* redirect users without permissions
* add permissions checks to routes
* add fgac to notifications and contact points
* fgac for notification policies
* fix mute timing authorization
* use consistent naming for checking grafana alertmanager
* tests for fgac in contact points and notification policies
* bump up timeout on rule editor test
* use new permissions util
* break out route evaluation into util
* Remove test timeout
* Change permissions for the alert-notifiers endpoint
* Use signed in handler for alert-notifiers when unified alerting enabled
Co-authored-by: Konrad Lalik <konrad.lalik@grafana.com>
* AccessControl: Remove package variables for roles and grants
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Check for inheritance during role registration
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Moving back role definition to accessscontrol
* Make settings reader role public
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Nits
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Forgot to update this
* Account for declaration error
* Fixing pkg/api init ossac
* Account for error in tests
* Update test to verify inheritance
* Nits.
* Place br inheritance behind a feature toggle
* Parent -> Parents
* Nit.
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Use Wiring to initialize Avatar Cache Server
Create AvatarCacheServer Provider function and pass it in as an
argument to HTTPServer. Also convert CacheServer to a singleton
so that we keep all cached Avatar info in one place for easier access
* Refactor avatar cache server and add 'isCustom' check
Avatar cache server needs to perform two similar fetches
back-to-back; break up functions to allow for easy reuse.
Then add handling to see if a user has a custom avatar.
* Add additional accessors so that /recents api can easily use the cache
* Minor mods to avatar server to facilitiate unit testing
* add unit tests for avatar fetching
* add error handling in case we somehow fetch gravatars while they are disabled
* linting: read error return value in unit test
* Use http package status codes
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* Use http package status codes
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* Use http package status codes
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* Incorporate suggestions from PR
-avoid mutating arguments
-change error handler function to private and make name more descriptive
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* adds oauth support to call resource requests
* adds oauth docs for call resource
* fixes case where dsUID is empty
* improve datasource error handling
* use uid:s for folder and dashboard permissions
* evaluate folder and dashboard permissions based on uids
* add dashboard.uid to accept list
* Check for exact suffix
* Check parent folder on create
* update test
* drop dashboard:create actions with dashboard scope
* fix typo
* AccessControl: test id 0 scope conversion
* AccessControl: store only parent folder UID
* AccessControl: extract general as a constant
* FolderServices: Prevent creation of a folder uid'd general
* FolderServices: Test folder creation prevention
* Update pkg/services/guardian/accesscontrol_guardian.go
* FolderServices: fix mock call expect
* FolderServices: remove uneeded mocks
Co-authored-by: jguer <joao.guerreiro@grafana.com>
* Expose option to disable help menu
* Expose option to disable profile menu
* Add Profile FeatureTogglePage
* Update public/app/features/profile/FeatureTogglePage.tsx
Uptake PR wording suggestion.
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Fix front end lint issue
* Fix back end lint issue
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Add ResourceAttribute
* Add ResourceAttribute option
* Set ResourceAttribute option
* Change resolvers to return uid based scopes
* update swagger to correct scope
* use ResourceAttribute for endpoint scope
* bump role version
* Add support for different attributes for access control metadata
* evaluate data source metadata based on uid
* Fix test
* uncomment benchmarks
* Use resourceID
* use evaluator for access control metadata
* update comment
* Set default permissions based on uid
* Add attribute to accesscontrol filter
* validate that scopes has correct attribute
* lint
* Update comment
* remove attribute parameter and extend prefix
* refactor to use scope prefix
* Get metadata with prefix
* fix test
* fix comparision
* remove unused type
* fix attribute index
* fix typo
* restructure logic
* Get metadata by uid
* fix imports
Co-authored-by: jguer <joao.guerreiro@grafana.com>
* Move DeleteDashboard funtion into dashboards store service, remove bus and update tests
* Remove bus from folder service and update more tests
* Fix mock
* Add option to set ResourceAttribute for a permissions service
* Use prefix in access control sql filter to parse scopes
* Use prefix in access control metadata to check access
* Data sources: Sent user ID when creating data source
* Data sources: Grant a data source creator edit permissions
* Use edit permisison and only append if user id is in command
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Use bookmark icon for Saved Items, add support for solid bookmark icon
* Add some unit tests
* Refactor utils into own file
* Update test title
* Fix import
* consistent function style
* replace bus in guardian with sqlstore
* fix a couple of tests
* replace bus in the rest of the tests
* allow init guardian from other packages
* make linter happy
* init guardian in library elements
* fix another test in libraryelements
* fix more tests
* move guardian mock one level deeper
* fix more tests
* rename init functions
* First attempt at creating new navbar_preferences table in db
* Apply to every nav item instead of just home
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* Chore: introduce initTestDB options for features
* fix unit tests
* Add another unit test and some logic for detecting if a preference already exists
* tidy up
* Only override IsFeatureToggleEnabled if it's defined
* Extract setNavPreferences out into it's own function, initialise features correctly
* Make the linter happy
* Use new structure
* user essentials mob! 🔱
* user essentials mob! 🔱
* Split NavbarPreferences from Preferences
* user essentials mob! 🔱
* user essentials mob! 🔱
* Fix lint error
* Start adding tests
* Change internal db structure to be a generic json object
* GetJsonData -> GetPreferencesJsonData
* Stop using simplejson + add some more unit tests
* Update pkg/api/preferences.go
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Updates following review comments
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* Change patch to upsert, add a unit test
* remove commented out code
* introduce patch user/org preferences methods
* Return Navbar preferences in the get call
* Fix integration test by instantiating JsonData
* Address review comments
* Rename HideFromNavbar -> Hide
* add swagger:model comment
* Add patch to the preferences documentation
* Add openapi annotations
* Add a short description
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* Update unit tests
* remove unneeded url
* remove outdated comment
* Update integration tests
* update generated swagger
Co-authored-by: Alexandra Vargas <alexa1866@gmail.com>
Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Refactors GetPluginDashboards/LoadPluginDashboard by moving database
interaction from plugin management to the plugindashboards service.
Fixes#44553
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
* Move call to create permissions into folder service
* Inject cfg, feature toggles and permissions services into dashboard
service
* Move logic to set default permissions on create dashboard from api to
service
* Move call to set default permissions on import dashboard to dashboard
service
* Set permissions for provisioned dashboard and folders in service
* create scope provider
* move datasource actions and scopes to datasource package + add provider
* change usages to use datasource scopes and update data source name resolver to use provider
* move folder permissions to dashboard package and update usages
* adds an api endpoint for use with public dashboards that validates orgId, dashboard, and panel when running a query. This feature is in ALPHA and should not be enabled yet. Testing is based on new mock sqlstore.
Co-authored-by: Jesse Weaver <jesse.weaver@grafana.com>
Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
* Chore: Remove deprecated no-op option PreferServerCipherSuites
from the tls configs.
Per golang docs: "PreferServerCipherSuites is a legacy field and has no effect."
* Add actions and scopes
* add resource service for dashboard and folder
* Add dashboard guardian with fgac permission evaluation
* Add CanDelete function to guardian interface
* Add CanDelete property to folder and dashboard dto and set values
* change to correct function name
* Add accesscontrol to folder endpoints
* add access control to dashboard endpoints
* check access for nav links
* Add fixed roles for dashboard and folders
* use correct package
* add hack to override guardian Constructor if accesscontrol is enabled
* Add services
* Add function to handle api backward compatability
* Add permissionServices to HttpServer
* Set permission when new dashboard is created
* Add default permission when creating new dashboard
* Set default permission when creating folder and dashboard
* Add access control filter for dashboard search
* Add to accept list
* Add accesscontrol to dashboardimport
* Disable access control in tests
* Add check to see if user is allow to create a dashboard
* Use SetPermissions
* Use function to set several permissions at once
* remove permissions for folder and dashboard on delete
* update required permission
* set permission for provisioning
* Add CanCreate to dashboard guardian and set correct permisisons for
provisioning
* Dont set admin on folder / dashboard creation
* Add dashboard and folder permission migrations
* Add tests for CanCreate
* Add roles and update descriptions
* Solve uid to id for dashboard and folder permissions
* Add folder and dashboard actions to permission filter
* Handle viewer_can_edit flag
* set folder and dashboard permissions services
* Add dashboard permissions when importing a new dashboard
* Set access control permissions on provisioning
* Pass feature flags and only set permissions if access control is enabled
* only add default permissions for folders and dashboards without folders
* Batch create permissions in migrations
* Remove `dashboards:edit` action
* Remove unused function from interface
* Update pkg/services/guardian/accesscontrol_guardian_test.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* ServiceAccounts: Fix token-apikey cross deletion
* ServiceAccounts: separate API key store and service account token store
* ServiceAccounts: hide service account tokens from API Keys page
* ServiceAccounts: uppercase statement
* ServiceAccounts: fix and add new tests for SAT store
* ServiceAccounts: remove service account ID from add API key
* ServiceAccounts: clear up errors
* Create DashAlertService service
* Remove no used dashboard service from plugin's manager that generates dependency cycle in Enterprise
* Remove bus for dashboard permissions
* Remove bus from dashboard extractor service
* Add missing argument
* Fix wire
* Fix lint
* More goimports
* Use datasource service instead sql calls
* Fix integration test
* Use PluginSettingsService instead of SQLStore in plugins
* Fix pluginproxy use of pluginsettings methods
* Fix additional pluginsettings methods
* Remove dispatch from plugindashboards
* Fix lint and adjust mock
* Remove unused pluginsettings
* Rename pluginsetting Service and ServiceImpl and add binding to wire
* Move pluginsettings binding in wire file
* make getordbyname a method
* remove one dispatch from plugins provisioner
* remove bus from the plugins provisioner, skip test for now
* remove bus from datasource provisioning
* resolve tests in notifier provisioning
* remove bus from the dashboards provisioning service
* fix missing struct field
* fix getorgbyid method calls
* pass org store into dashboard provisioner
* fix test function prototype
* fix tests
* attempt to fix tests after the rebase
* fix integration test
* avoid using transaction
* remove comments
* Chore: add setting to skip org assignment for external users
Introduce 'skip_org_role_update_sync' setting to skip any kind of org assignment during the login of external users.
As a consequence manual organization assignments won't be overridden during the upsert of an external user.
Part of #22605
* Chore: Rename skip_org_role_update_sync to oauth_skip_org_role_update_sync and relocate it to auth section
* Chore: replace global setting access where possible
