Commit Graph

493 Commits

Author SHA1 Message Date
Brandon
fbad76007d
Alerting: Limit and clean up old alert rules versions (#89754) 2024-10-05 00:31:21 +03:00
Tobias Skarhed
f49b4d35f2
OAuth: Add custom unauthorized message option in configuration (#93717)
* read custom message from config

* Read error key from bootdata

* oopsie

* Remove console.log

* Update docs and sample/default inis

* Add default key value to the config
2024-09-27 12:11:27 +02:00
Gabriel MABILLE
6137a75552
Docs: document the managed_service_accounts_enabled configuration option (#93883)
* Config: Disclaimer single-org support for managed service accounts

* Add docs update

* Update docs/sources/setup-grafana/configure-grafana/_index.md
2024-09-27 11:07:02 +02:00
Gabriel MABILLE
7928245eb6
ManagedServiceAccounts: Add a config option to disable the feature on-prem (#93571)
* ManagedServiceAccounts: Add a config option to disabled by default

* Update log in pkg/services/extsvcauth/registry/service.go

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2024-09-27 09:11:59 +02:00
Todd Treece
277d82db9a
Live: Add ha_prefix (#93759) 2024-09-25 22:20:35 +02:00
Adela Almasan
f64b121ddb
Canvas: Allow API calls to grafana origin (#91822)
* allow post URL
* check for config
* allow relative paths
* add allowed internal pattern; add checks for method
* update defaults.ini
* add custom header
* update config comment
* use globbing, switch to older middleware - deprecated call
* add codeowner
* update to use current api, add test
* update fall through logic

* Update pkg/middleware/validate_action_url.go

Co-authored-by: Dan Cech <dcech@grafana.com>

* Update pkg/middleware/validate_action_url.go

Co-authored-by: Dan Cech <dcech@grafana.com>

* add more tests

* Update pkg/middleware/validate_action_url_test.go

Co-authored-by: Dan Cech <dcech@grafana.com>

* fix request headers

* add additional tests for all verbs

* fix request headers++

* throw error when method is unknown

---------

Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
Co-authored-by: Brian Gann <bkgann@gmail.com>
Co-authored-by: Brian Gann <briangann@users.noreply.github.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
2024-09-10 10:45:27 -04:00
Alexander Weaver
ac5ebe6e4d
Alerting: Add enablement flag for recording rules (#92032)
* Add enablement flag

* Disable if toggle not enabled
2024-08-19 12:01:00 -05:00
Dan Cech
9020eb4b17
Auth: Update oauthtoken service to use remote cache and server lock (#90572)
* update oauthtoken service to use remote cache and server lock

* remove token cache

* retry is lock is held by an in-flight refresh

* refactor token renewal to avoid race condition

* re-add refresh token expiry cache, but in SyncOauthTokenHook

* Add delta to the cache ttl

* Fix merge

* Change lockTimeConfig

* Always set the token from within the server lock

* Improvements

* early return when user is not authed by OAuth or refresh is disabled

* Allow more time for token refresh, tracing

* Retry on Mysql Deadlock error 1213

* Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go

Co-authored-by: Dan Cech <dcech@grafana.com>

* Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go

Co-authored-by: Dan Cech <dcech@grafana.com>

* Add settings for configuring min wait time between retries

* Add docs for the new setting

* Clean up

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

---------

Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2024-08-19 18:57:37 +02:00
Tom Ratcliffe
8136fbef1f
Chore: Add capability for overriding local development behaviour using env vars (#85603) 2024-08-13 13:07:42 +01:00
lean.dev
b5e32b31b1
Grafana: Enables use of encrypted certificates with password for https (#91418) 2024-08-06 19:18:32 -03:00
Josh Hunt
e55b438f14
E2C: Reduce UI poll interval and make configurable (#91386)
* E2C: Reduce UI poll interval and make configurable

* fix default
2024-08-02 10:46:41 +01:00
Josh Hunt
a547b38643
Docs: Update defaults.ini for new faro option (#91384) 2024-08-01 13:54:39 +03:00
Tobias Skarhed
e8c30c86f0
Frontend: Support tracing with Faro (#91237)
Move code from previous PR
2024-07-31 15:13:05 +02:00
Ryan McKinley
68f1a0619d
Snapshots: Remove deprecated option snapshot_remove_expired (#91231) 2024-07-31 08:47:15 +03:00
Michael Mandrus
c0af387766
CloudMigrations: Add a default feedback url (#91018)
add default url
2024-07-26 11:26:18 +01:00
Santiago
b79b38f02c
Alertmanager: Support limits for silences (#90826)
* Alertmanager: support limits for silences

* update grafana/alerting to latest main
2024-07-24 14:22:29 +02:00
Michael Mandrus
ee90cd3031
CloudMigrations: Send local events to gms during the migration process (#90637)
* add gms client function

* add timeout config for endpoint

* report events to gms

* fix lint error

* clean up report calls and make sure reports all have local ids

* extra validation

* improve error logging and fix url
2024-07-20 07:02:31 +03:00
Michael Mandrus
9b7e9d992b
CloudMigrations: Query GMS for a presigned upload url at upload time (#90505)
query GMS for an upload url at upload time
2024-07-17 11:53:21 -04:00
Andrew Hackmann
319a874033
MSSQL: Password auth for Azure AD (#89746)
* Password auth for Azure AD

* rename auth fields

* add azure flag for client password cred enabled

* prettier

* rename flag

* Update go.mod

* Update public/app/plugins/datasource/mssql/azureauth/AzureCredentialsForm.tsx

Co-authored-by: Andreas Christou <andreas.christou@grafana.com>

* Apply suggestions from code review

Co-authored-by: Andreas Christou <andreas.christou@grafana.com>

* update package

* go mod

* prettier

* remove password

* gowork

* remove unused env test

* linter

---------

Co-authored-by: Andreas Christou <andreas.christou@grafana.com>
2024-07-16 14:08:51 -05:00
Michael Mandrus
542a1bf3ac
CloudMigrations: Query Grafana Migration Status for status while the snapshot is in the cloud (#90314)
* implement querying gms for snapshot status

* add some documentation

* provide snapshot resources after snapshot is created

* add rate limiting to backend

* fix compilation error

* fix typo

* add unit tests

* finish merge

* lint

* swagger gen

* more testing

* remove duplicate test

* address a couple PR comments

* update switch statement to a map

* add timeouts to gms client through the http client

* remove extra whitespace

* put method back where it was so the PR is less confusing

* fix tests

* add todo

* fix final unit test
2024-07-15 09:22:57 -04:00
Timur Olzhabayev
f763f2085b
Feat: Extending report interaction with static context that can be appended to all interaction events (#88927)
* Extending report interaction with static context that can be appended to all requests
2024-07-08 16:37:45 +02:00
Alexander Akhmetov
68691c9386
Alerting: Add setting for maximum allowed rule evaluation results (#89468)
* Alerting: Add setting for maximum allowed rule evaluation results

Added a new configuration setting `quota.alerting_rule_evaluation_results` to set the maximum number of alert rule evaluation results per rule. If the limit is exceeded, the evaluation will result in an error.
2024-06-27 09:45:15 +02:00
Yuri Tseretyan
4a5aab54a5
Alerting: Add max limit for Loki query size in state history API (#89646)
* add setting for query limit

* update BuildLogQuery to return error if limit is exceeded

* move tests for BuildLogQuery to separate suite
2024-06-25 09:20:38 -04:00
Rajguru
1b2f110664
Users: Add config option to control how often last_seen is updated (#88721)
Users: Add config option to control how often last_seen is updated

Co-authored-by: Karl Persson <kalle.persson92@gmail.com>
2024-06-24 16:54:56 +02:00
Matthew Jacobson
3228b64fe6
Alerting: Resend resolved notifications for ResolvedRetention duration (#88938)
* Simple replace of State.Resolved with State.ResolvedAt

* Retain ResolvedAt time between Normal->Normal transition

* Introduce ResolvedRetention to keep sending recently resolved alerts

* Make ResolvedRetention configurable with resolved_alert_retention

* Tick-based LastSentAt for testing of ResendDelay and ResolvedRetention

* Do not reset ResolvedAt during Normal->Pending transition

Initially this was done to be inline with Prom ruler. However, Prom ruler
doesn't keep track of Inactive->Pending/Alerting using the same alert instance,
so it's more understandable that they choose not to retain ResolvedAt. In our
case, since we use the same cached instance to represent the transition, it
makes more sense to retain it.

This should help alleviate some odd situations where temporarily entering
Pending will stop future resolved notifications that would have happened
because of ResolvedRetention.

* Pointers for ResolvedAt & LastSentAt

To avoid awkward time.Time{}.Unix() defaults on persist
2024-06-20 16:33:03 -04:00
William Wernert
c62cc25513
Alerting: Configure recording rule writer from config.ini (#89056) 2024-06-12 16:04:46 -04:00
Jacob Valdemar
eb76ea47a0
Alerting: Add ha_reconnect_timeout configuration option (#88823)
* Docs: Update "Configure high availability" guide with ha_reconnect_timeout configuration

---------

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2024-06-11 13:25:48 -04:00
Kristin Laemmert
90418dc00b
Chore: update sample.ini file (#86941)
rebase
2024-06-10 09:22:16 -04:00
Misi
9a44296bc2
Auth: Add org to role mappings support to AzureAD/Entra integration (#88861)
* Added implementation and tests

* Add docs, simplify implementation

* Remove unused func

* Update docs
2024-06-10 12:08:30 +02:00
Karl Persson
f3efd95bb4
Auth: Add org to role mappings support to Google integration (#88891)
* Auth: Implement org role mapping for google oauth provider

* Update docs

* Remove unused function

Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
2024-06-07 14:07:35 +02:00
Misi
4f2a9a47f3
Auth: Add org to role mappings support to Okta integration (#88770)
* Add org mapping support to Okta

* Update docs and configs

* Prettier docs

* Apply suggestions from code review

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Improve tests

---------

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2024-06-06 10:35:06 +02:00
Fayzal Ghantiwala
80f54778f3
Alerting: Add option to use Redis in cluster mode for Alerting HA (#88696)
* Add config option to use Redis in cluster mode

* Use UniversalOptions
2024-06-05 17:02:25 +01:00
Karl Persson
f28905f8c4
Auth: Add org to role mappings support to Gitlab integration (#88751)
* Conf: Add org_mapping and org_attribute_path to github and gitlab conf

* Gitlab: Implement org role mapping

* Update docs
---------

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2024-06-05 16:15:53 +02:00
Fayzal Ghantiwala
67b9e3b269
Alerting: Update HA Redis TLS docs (#88538)
* Update HA Redis TLS doc

* Add test for regular TLS

* Update docs

* Update prom registry
2024-05-31 13:23:45 +01:00
Misi
ed6b3e9e7c
Auth: Introduce pre-logout hooks + add GCOM LogoutHook (#88475)
* Introduce preLogoutHooks in authn service

* Add gcom_logout_hook

* Config the api token from the Grafana config file

* Simplify

* Add tests for logout hook

* Clean up

* Update

* Address PR comment

* Fix
2024-05-30 15:52:16 +02:00
Jon Cole
67b90ceba5
Azure: Load custom clouds from ini file (#87667)
* Load custom clouds from config file

* Update docs

* Use the correct list of clouds, add test, fix error condition handling

* Remove on custom cloud from sample.ini and docs

* Remove unnecessary else block

* Use cached json instead of serializing with each request

* Update grafana-azure-sdk-go version to v2.0.4

* update configure-grafana entry for clouds_config

* fix lint errors

* fix lint errors

---------

Co-authored-by: Jeremy Angel (from Dev Box) <jeremyangel@microsoft.com>
2024-05-24 17:40:04 +01:00
Mathieu Parent
b8c9ae0eb7
OIDC: Support Generic OAuth org to role mappings (#87394)
* Social: link to OrgRoleMapper

* OIDC: support Generic Oauth org to role mappings

Fixes: #73448
Signed-off-by: Mathieu Parent <math.parent@gmail.com>

* Handle when getAllOrgs fails in the org_role_mapper

* Add more tests

* OIDC: ensure orgs are evaluated from API when not from token

Signed-off-by: Mathieu Parent <math.parent@gmail.com>

* OIDC: ensure AutoAssignOrg is applied with OrgMapping without RoleAttributeStrict

Signed-off-by: Mathieu Parent <math.parent@gmail.com>

* Extend docs

* Fix test, lint

---------

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
2024-05-23 09:55:45 +02:00
Andreas Christou
edae5fc791
Azure: Fix for username assertion (#87853)
Fix for username assertion

- Allow setting username assertion in INI
- Correctly set the azsettings value
- Update tests
2024-05-16 11:50:02 -05:00
Fayzal Ghantiwala
7a2fbad0c8
Alerting: Add options to configure TLS for HA using Redis (#87567)
* Add Alerting HA Redis Client TLS configs

* Add test to ping miniredis with mTLS

* Update .ini files and docs

* Add tests for unified alerting ha redis TLS settings

* Fix malformed go.sum

* Add modowner

* Fix lint error

* Update docs and use dstls config
2024-05-14 14:21:42 +01:00
Steve Simpson
5c89b8fe12
gRPC Server: Make message size limits configurable. (#86982)
* gRPC Server: Make message size limits configurable.

* Fix mistake, don't add opts twice

* Apply suggestions from code review

Co-authored-by: Todd Treece <360020+toddtreece@users.noreply.github.com>

---------

Co-authored-by: Todd Treece <360020+toddtreece@users.noreply.github.com>
2024-04-30 16:18:03 +02:00
Sofia Papagiannaki
ebf68f34fe
Chore: Fix spelling (#85435)
Fix spelling
2024-04-08 11:08:43 +03:00
Santiago
c7573bb0f7
Alerting: Make retention period configurable for the notification log (#85605)
* Alerting: Make retention period configurable for the notification log

* update sample.ini

* fix outdated comment (on disk -> kvstore)

* skip checking cyclomatic complexity for ReadUnifiedAlertingSettings
2024-04-05 12:25:43 +02:00
linoman
e4250a72db
JWT: Find login and email claims with JMESPATH (#85305)
* add function to static function to static service

* find email and login claims with jmespath

* rename configuration files

* Replace JWTClaims struct for map

* check for subclaims error
2024-03-28 17:25:26 +01:00
Ryan McKinley
713970d00a
SQLStore: Cleanup migrationLocking (#85054) 2024-03-25 10:09:15 +03:00
Sofia Papagiannaki
33b653534e
SQLStore: Enable migration locking by default (#84983)
* Introduce new configuration for migration locking

* Remove feature toggle

* Fix test and turn it into an integration

* Fix docs
2024-03-22 21:22:29 +02:00
Timur Olzhabayev
e9db9106c1
Chore: Disable angular support by default (#84738)
* Flipping angular support to disabled by default
2024-03-22 17:09:53 +01:00
chalapat
65c0669f01
Server: Reload TLS certs without a server restart (#83589)
* server: reload of grafana server certs when renewed without restart.

Signed-off-by: Rao, B V Chalapathi <b_v_chalapathi.rao@nokia.com>

* server: reload of grafana server certs when renewed without restart.

Signed-off-by: Rao, B V Chalapathi <b_v_chalapathi.rao@nokia.com>

* Update http_server.go

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update http_server.go

Address the comments

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Dan Cech <dan@aussiedan.com>

* Update http_server.go

Align the spaces

* Update http_server.go

* Update http_server.go

* Update pkg/api/http_server.go

Co-authored-by: Dan Cech <dan@aussiedan.com>

---------

Signed-off-by: Rao, B V Chalapathi <b_v_chalapathi.rao@nokia.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Dan Cech <dan@aussiedan.com>
2024-03-22 17:13:22 +02:00
Eric Leijonmarck
bb792ff540
Auth: Remove oauth skip org role sync (#84972)
* remove oauth wide skip org role sync

* we are warning from config

* set it to false

* removed from config ini files and updated docs
2024-03-22 15:34:05 +01:00
Andreas Christou
6bb7ab261a
AzureMonitor: User authentication support (#81918)
* Stub out frontend user auth

* Stub out backend user auth

* Add context

* Reorganise files

* Refactor app registration form

* Alert for user auth service principal credentials

* AzureMonitor: Add flag for enabling/disabling fallback credentials for current user authentication (#82332)

* Rename field

* Add fallback setting

* Update tests and mock

* Remove duplicate setting line

* Update name of property

* Update frontend settings

* Update docs and default config files

* Update azure-sdk

* Fix lint

* Update test

* Bump dependency

* Update configuration

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Docs review

* AzureMonitor: User authentication frontend updates (#83107)

* Rename field

* Add fallback setting

* Update tests and mock

* Remove duplicate setting line

* Update name of property

* Update frontend settings

* Update docs and default config files

* Add alerts to query editor

- Add authenticatedBy property to grafana/data
- Update mocks
- Update query editor to disable it under certain circumstances
- Update tests

* Add separate FallbackCredentials component

- Reset AppRegistrationCredentials component to only handle clientsecret credentials
- Update AzureCredentialsForm
- Update selectors
- Update tests
- Update credentials utility functions logic

* Alert when fallback credentials disabled

* Update condition

* Update azure-sdk

* Fix lint

* Update test

* Remove unneeded conditions

* Set auth type correctly

* Legacy cloud options

* Fix client secret

* Remove accidental import

* Bump dependency

* Add tests

* Don't use VerticalGroup component

* Remove unused import

* Fix lint

* Appropriately set oAuthPassThru and disableGrafanaCache properties

* Clear azureCredentials on authType change

* Correctly retrieve secret

* Fix bug in authTypeOptions

* Update public/app/plugins/datasource/azuremonitor/components/ConfigEditor/CurrentUserFallbackCredentials.tsx

Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com>

* Update public/app/plugins/datasource/azuremonitor/components/QueryEditor/QueryEditor.tsx

Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com>

* Update public/app/plugins/datasource/azuremonitor/components/ConfigEditor/CurrentUserFallbackCredentials.tsx

Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com>

* Add documentation links

* Fix broken link

---------

Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com>

* AzureMonitor: Update docs for current user authentication (#83440)

* Rename field

* Add fallback setting

* Update tests and mock

* Remove duplicate setting line

* Update name of property

* Update frontend settings

* Update docs and default config files

* Add alerts to query editor

- Add authenticatedBy property to grafana/data
- Update mocks
- Update query editor to disable it under certain circumstances
- Update tests

* Add separate FallbackCredentials component

- Reset AppRegistrationCredentials component to only handle clientsecret credentials
- Update AzureCredentialsForm
- Update selectors
- Update tests
- Update credentials utility functions logic

* Alert when fallback credentials disabled

* Update condition

* Update azure-sdk

* Fix lint

* Update test

* Remove unneeded conditions

* Set auth type correctly

* Legacy cloud options

* Fix client secret

* Remove accidental import

* Bump dependency

* Add tests

* Don't use VerticalGroup component

* Remove unused import

* Update docs

* Fix lint

* Appropriately set oAuthPassThru and disableGrafanaCache properties

* Clear azureCredentials on authType change

* Correctly retrieve secret

* Feedback

* Spelling

* Update docs/sources/datasources/azure-monitor/_index.md

Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com>

* Update docs/sources/datasources/azure-monitor/_index.md

Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com>

* Update docs/sources/datasources/azure-monitor/_index.md

Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com>

* Update docs/sources/datasources/azure-monitor/_index.md

Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com>

---------

Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com>

* Docs review

* Update docs with additional configuration information

* Fix to appropriately hide the query editor

* Typo

* Update isCredentialsComplete

* Update test

---------

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com>
Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com>
2024-03-19 16:32:24 +00:00
William Wernert
97f37b2e6f
Alerting: Clamp Loki ASH range query to configured max_query_length (#83986)
* Clamp range in loki http client to configured max_query_length

Defaults to 721h to match Loki default
2024-03-15 18:59:45 +02:00