Commit Graph

319 Commits

Author SHA1 Message Date
Leo Ochoa
12a99fa0b5
typo in sample.ini 2018-10-01 18:47:25 +02:00
Torkel Ödegaard
cb96c6d942 Changed setting to be an alerting setting 2018-09-25 12:17:04 +02:00
Torkel Ödegaard
4dab595ed7 rendering: Added concurrent rendering limits 2018-09-24 16:14:11 +02:00
Torkel Ödegaard
5fbe8eff4f ldap: made minor change to group search, and to docs 2018-09-14 11:28:17 +02:00
Bob Shannon
f257ff0216 Allow oauth email attribute name to be configurable (#13006)
* Allow oauth email attribute name to be configurable

Signed-off-by: Bob Shannon <bshannon@palantir.com>

* Document e-mail determination steps for generic oauth

* Add reference to email_attribute_name

* Re-add e-mail determination docs to new generic-oauth page

* Inherit default e-mail attribute from defaults.ini
2018-09-10 09:45:07 +02:00
bergquist
1e33a3780f spelling errors 2018-09-06 11:51:24 +02:00
bergquist
3ce89cad71 make default values for alerting configurable 2018-09-06 11:26:14 +02:00
Anthony Woods
5c0fbbf7c8 improve remote image rendering (#13102)
* improve remote image rendering

- determine "domain" during Init() so we are not re-parsing settings
  on every request
- if using http-mode via a rednererUrl, then use the AppUrl for the
  page that the renderer loads.  When in http-mode the renderer is likely
  running on another server so trying to use the localhost or even the
  specific IP:PORT grafana is listening on wont work.
- apply the request timeout via a context rather then directly on the http client.
- use a global http client so we can take advantage of connection re-use
- log and handle errors better.

* ensure imagesDir exists

* allow users to define callback_url for remote rendering

- allow users to define the url that a remote rendering service
  should use for connecting back to the grafana instance.
  By default the "root_url" is used.

* improve remote image rendering

- determine "domain" during Init() so we are not re-parsing settings
  on every request
- if using http-mode via a rednererUrl, then use the AppUrl for the
  page that the renderer loads.  When in http-mode the renderer is likely
  running on another server so trying to use the localhost or even the
  specific IP:PORT grafana is listening on wont work.
- apply the request timeout via a context rather then directly on the http client.
- use a global http client so we can take advantage of connection re-use
- log and handle errors better.

* ensure imagesDir exists

* allow users to define callback_url for remote rendering

- allow users to define the url that a remote rendering service
  should use for connecting back to the grafana instance.
  By default the "root_url" is used.

* rendering: fixed issue with renderKey where userId and orgId was in mixed up, added test for RenderCallbackUrl reading logic
2018-09-04 13:42:55 +02:00
Benoît Knecht
7ec146df99 social: add GitLab authentication backend
GitLab could already be used as an authentication backend by properly
configuring `auth.generic_oauth`, but then there was no way to authorize
users based on their GitLab group membership.

This commit adds a `auth.gitlab` backend, similar to `auth.github`, with
an `allowed_groups` option that can be set to a list of groups whose
members should be allowed access to Grafana.
2018-08-14 14:11:48 +02:00
Torkel Ödegaard
277a696fa5
fix: added missing ini default keys, fixes #12800 (#12912) 2018-08-14 08:49:56 +02:00
Emil Flink
5bea54eaaa Support client certificates for LDAP servers 2018-08-03 12:00:20 +02:00
gzzo
cb76fc7f2d
Add auto_assign_org_id to defaults.ini
For #12801
2018-08-02 12:29:47 -04:00
Jan Garaj
e37e8cb38c Add missing tls_skip_verify_insecure (#12748) 2018-07-30 00:02:16 -07:00
Torkel Ödegaard
913b8576f8 docs: minor docs fix 2018-07-18 13:20:28 +02:00
Torkel Ödegaard
c189262bac ldap: Make it possible to define Grafana admins via ldap setup, closes #2469 2018-07-16 16:56:42 +02:00
Carl Bergquist
828fb39ee2
Merge pull request #11643 from mrsiano/generic_oauth
Pass configured/auth headers to a Datasource.
2018-06-21 14:21:59 +02:00
mrsiano
cc1e3a0e3c Pass configured/auth headers to a Datasource.
In some setups (ex openshift), the Datasource will require Grafana
to pass oauth token as header when sending queries.
Also, this PR allow to send any header which is something
Grafana currently does not support.
2018-06-21 14:58:05 +03:00
Anton Sergeyev
2024cf4b56 #11607 fixed formatting 2018-06-14 12:46:29 +05:00
Anton Sergeyev
516839d7b2 #11607 Cleanup time of temporary files is now configurable 2018-06-14 12:35:22 +05:00
Julien Pivotto
a5e6cb9a02 Fix #9847 Add a generic signout_redirect_url to enable oauth logout
Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
2018-05-27 14:52:50 +02:00
David Kaltschmidt
1e6e89121c Settings to enable Explore UI 2018-04-27 11:39:14 +02:00
Mario Trangoni
298ece0a02 conf: fix codespell issues 2018-04-13 20:31:29 +02:00
Daniel Lee
92388f7faf session: update defaults for ConnMaxLifetime
to be the same as the 5.0.3 release defaults
2018-03-20 19:31:01 +01:00
Daniel Lee
1cef373d16 Merge remote-tracking branch 'upstream/master' into update-xorm 2018-03-20 19:21:58 +01:00
DavidLambauer
b90c323e31
Minor format changes
Just fixed some minor inconsistencies in the format of the file. There were some configurations uncommented like so: 

```
; container_name =
```

and some other like so:

```
;container_name =
```

So there is a need for a small perfection here! 

I also removed some unnecessary line breaks, bullying my eyes... 

![<3](https://media.giphy.com/media/dTJd5ygpxkzWo/giphy.gif)
2018-03-18 10:17:48 +01:00
Daniel Lee
9cdd7cb04c database: expose SetConnMaxLifetime as config setting
For MySQL, setting this to be shorter than the wait_timeout MySQL setting
solves the issue with connection errors after the session has timed out for
the connection to the database via xorm.
2018-03-16 01:09:00 +01:00
Laurent Godet
59704ee939 Fix Github OAuth not working with private Organizations (#11028)
* Fix Github OAuth not working with private organizations

* Update documentation
2018-02-28 13:08:15 +01:00
Daniel Lee
fe49182b9d snapshots: fixes cleanup of old snapshots
Snapshot cleanup did not work due to time.Now syntax error. Added test
for it as well to catch any future errors.

Added error and debug logging so that it is possible to see any errors in the future.

Removed an unused configuration value and deprecated the remove expired snapshots
setting.
2018-02-22 16:12:16 +01:00
bergquist
4dc6074e79 provisioning: dont ignore sample yaml files
closes #10963
2018-02-20 08:40:37 +01:00
Scott Brenner
2d03ab1770
Update sample.ini 2018-02-15 10:41:26 -08:00
Scott Brenner
7535cefed9
Update ldap.toml 2018-02-15 10:41:15 -08:00
Scott Brenner
b8b6dc6d6d
Minor typo fix 2018-02-15 10:37:23 -08:00
bergquist
dba087463a provisioing: always skip sample.yaml files 2018-02-14 11:33:58 +01:00
bergquist
b010e4df93 provisioning: support camelcase for dashboards configs 2018-02-14 10:30:08 +01:00
bergquist
4a35244cb9 provisioning: support camcelCase provisioning files 2018-02-14 10:30:08 +01:00
Scott Brenner
e57c8d0357
Minor typo fix
Minor typo fix
2018-02-12 13:59:19 -08:00
bergquist
e93fe9db25 provisioning: update sample config to use path 2018-02-09 15:25:31 +01:00
Leonard Gram
b549d29319 Merge branch 'master' into provisioning 2018-02-08 11:01:09 +01:00
Marcus Efraimsson
3d1c624c12 WIP: Protect against brute force (frequent) login attempts (#10031)
* db: add login attempt migrations

* db: add possibility to create login attempts

* db: add possibility to retrieve login attempt count per username

* auth: validation and update of login attempts for invalid credentials

If login attempt count for user authenticating is 5 or more the last 5 minutes
we temporarily block the user access to login

* db: add possibility to delete expired login attempts

* cleanup: Delete login attempts older than 10 minutes

The cleanup job are running continuously and triggering each 10 minute

* fix typo: rename consequent to consequent

* auth: enable login attempt validation for ldap logins

* auth: disable login attempts validation by configuration

Setting is named DisableLoginAttemptsValidation and is false by default
Config disable_login_attempts_validation is placed under security section
#7616

* auth: don't run cleanup of login attempts if feature is disabled

#7616

* auth: rename settings.go to ldap_settings.go

* auth: refactor AuthenticateUser

Extract grafana login, ldap login and login attemp validation together
with their tests to separate files.
Enables testing of many more aspects when authenticating a user.
#7616

* auth: rename login attempt validation to brute force login protection

Setting DisableLoginAttemptsValidation => DisableBruteForceLoginProtection
Configuration disable_login_attempts_validation => disable_brute_force_login_protection
#7616
2018-01-26 10:41:41 +01:00
bergquist
1508755422 cfg: remove local as default image uploader
ref #9967
2018-01-24 21:31:07 +01:00
bergquist
67a9e6a71d provisioing: add lookup table provisioned dashboards 2018-01-23 21:52:55 +01:00
bergquist
5546828b9f cfg: adds info about local img uploader to docs 2018-01-22 11:11:30 +01:00
Martin Szulecki
c82e23d96e imguploader: Add support for new internal image store (#6922) 2018-01-12 21:40:12 +01:00
Mahmoud Saada
af15e3c0d0 Implement Azure Blob external image uploader 2017-12-27 08:53:00 -05:00
Carl Bergquist
35106537f2 Replace Read Only Editor role with ViewersCanEdit setting (#10166)
* removes readonly editor role

* adds viewersCanEdit setting

This enable you to allow viewers to edit/inspect
dashboards in grafana in their own browser without
allowing them to save dashboards

* remove read only editor option from all dropdowns

* migrates all read only viewers to viewers

* docs: replace readOnlyEditor with viewersCanEdit
2017-12-13 18:53:42 +01:00
bergquist
5f5cdad97a improve error handling for datasources as cfg 2017-12-08 10:50:11 +01:00
bergquist
c766802325 improve sample datasource.yaml 2017-12-08 10:28:38 +01:00
bergquist
79d7213e11 fixes issue with datasource/dash as cfg and gitignore 2017-12-08 06:52:47 +01:00
bergquist
5006f9e4c5 dashboards as cfg: update docs to use /provisioning 2017-12-07 15:55:00 +01:00
bergquist
2e610cb256 dashboards as cfg: move dash/ds config files to /provisioning/* 2017-12-07 15:27:01 +01:00