mirror of
https://github.com/grafana/grafana.git
synced 2024-11-29 04:04:00 -06:00
6bb7ab261a
* Stub out frontend user auth * Stub out backend user auth * Add context * Reorganise files * Refactor app registration form * Alert for user auth service principal credentials * AzureMonitor: Add flag for enabling/disabling fallback credentials for current user authentication (#82332) * Rename field * Add fallback setting * Update tests and mock * Remove duplicate setting line * Update name of property * Update frontend settings * Update docs and default config files * Update azure-sdk * Fix lint * Update test * Bump dependency * Update configuration * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Docs review * AzureMonitor: User authentication frontend updates (#83107) * Rename field * Add fallback setting * Update tests and mock * Remove duplicate setting line * Update name of property * Update frontend settings * Update docs and default config files * Add alerts to query editor - Add authenticatedBy property to grafana/data - Update mocks - Update query editor to disable it under certain circumstances - Update tests * Add separate FallbackCredentials component - Reset AppRegistrationCredentials component to only handle clientsecret credentials - Update AzureCredentialsForm - Update selectors - Update tests - Update credentials utility functions logic * Alert when fallback credentials disabled * Update condition * Update azure-sdk * Fix lint * Update test * Remove unneeded conditions * Set auth type correctly * Legacy cloud options * Fix client secret * Remove accidental import * Bump dependency * Add tests * Don't use VerticalGroup component * Remove unused import * Fix lint * Appropriately set oAuthPassThru and disableGrafanaCache properties * Clear azureCredentials on authType change * Correctly retrieve secret * Fix bug in authTypeOptions * Update public/app/plugins/datasource/azuremonitor/components/ConfigEditor/CurrentUserFallbackCredentials.tsx Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com> * Update public/app/plugins/datasource/azuremonitor/components/QueryEditor/QueryEditor.tsx Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com> * Update public/app/plugins/datasource/azuremonitor/components/ConfigEditor/CurrentUserFallbackCredentials.tsx Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com> * Add documentation links * Fix broken link --------- Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com> * AzureMonitor: Update docs for current user authentication (#83440) * Rename field * Add fallback setting * Update tests and mock * Remove duplicate setting line * Update name of property * Update frontend settings * Update docs and default config files * Add alerts to query editor - Add authenticatedBy property to grafana/data - Update mocks - Update query editor to disable it under certain circumstances - Update tests * Add separate FallbackCredentials component - Reset AppRegistrationCredentials component to only handle clientsecret credentials - Update AzureCredentialsForm - Update selectors - Update tests - Update credentials utility functions logic * Alert when fallback credentials disabled * Update condition * Update azure-sdk * Fix lint * Update test * Remove unneeded conditions * Set auth type correctly * Legacy cloud options * Fix client secret * Remove accidental import * Bump dependency * Add tests * Don't use VerticalGroup component * Remove unused import * Update docs * Fix lint * Appropriately set oAuthPassThru and disableGrafanaCache properties * Clear azureCredentials on authType change * Correctly retrieve secret * Feedback * Spelling * Update docs/sources/datasources/azure-monitor/_index.md Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com> * Update docs/sources/datasources/azure-monitor/_index.md Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com> * Update docs/sources/datasources/azure-monitor/_index.md Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com> * Update docs/sources/datasources/azure-monitor/_index.md Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com> --------- Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com> * Docs review * Update docs with additional configuration information * Fix to appropriately hide the query editor * Typo * Update isCredentialsComplete * Update test --------- Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com> Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com>
731 lines
25 KiB
Go
731 lines
25 KiB
Go
package api
|
|
|
|
import (
|
|
"context"
|
|
"crypto/sha256"
|
|
"fmt"
|
|
"hash"
|
|
"net/http"
|
|
"slices"
|
|
"sort"
|
|
"strings"
|
|
|
|
"github.com/grafana/grafana/pkg/api/dtos"
|
|
"github.com/grafana/grafana/pkg/api/webassets"
|
|
"github.com/grafana/grafana/pkg/login/social"
|
|
"github.com/grafana/grafana/pkg/plugins"
|
|
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
|
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
|
|
"github.com/grafana/grafana/pkg/services/datasources"
|
|
"github.com/grafana/grafana/pkg/services/featuremgmt"
|
|
"github.com/grafana/grafana/pkg/services/folder"
|
|
"github.com/grafana/grafana/pkg/services/licensing"
|
|
"github.com/grafana/grafana/pkg/services/pluginsintegration/pluginsettings"
|
|
"github.com/grafana/grafana/pkg/services/pluginsintegration/pluginstore"
|
|
"github.com/grafana/grafana/pkg/services/secrets/kvstore"
|
|
"github.com/grafana/grafana/pkg/setting"
|
|
"github.com/grafana/grafana/pkg/tsdb/grafanads"
|
|
"github.com/grafana/grafana/pkg/util"
|
|
)
|
|
|
|
// Returns a file that is easy to check for changes
|
|
// Any changes to the file means we should refresh the frontend
|
|
func (hs *HTTPServer) GetFrontendAssets(c *contextmodel.ReqContext) {
|
|
hash := sha256.New()
|
|
keys := map[string]any{}
|
|
|
|
// BuildVersion
|
|
hash.Reset()
|
|
_, _ = hash.Write([]byte(setting.BuildVersion))
|
|
_, _ = hash.Write([]byte(setting.BuildCommit))
|
|
_, _ = hash.Write([]byte(fmt.Sprintf("%d", setting.BuildStamp)))
|
|
keys["version"] = fmt.Sprintf("%x", hash.Sum(nil))
|
|
|
|
// Plugin configs
|
|
plugins := []string{}
|
|
for _, p := range hs.pluginStore.Plugins(c.Req.Context()) {
|
|
plugins = append(plugins, fmt.Sprintf("%s@%s", p.Name, p.Info.Version))
|
|
}
|
|
keys["plugins"] = sortedHash(plugins, hash)
|
|
|
|
// Feature flags
|
|
enabled := []string{}
|
|
for flag, set := range hs.Features.GetEnabled(c.Req.Context()) {
|
|
if set {
|
|
enabled = append(enabled, flag)
|
|
}
|
|
}
|
|
keys["flags"] = sortedHash(enabled, hash)
|
|
|
|
// Assets
|
|
hash.Reset()
|
|
dto, err := webassets.GetWebAssets(c.Req.Context(), hs.Cfg, hs.License)
|
|
if err == nil && dto != nil {
|
|
_, _ = hash.Write([]byte(dto.ContentDeliveryURL))
|
|
_, _ = hash.Write([]byte(dto.Dark))
|
|
_, _ = hash.Write([]byte(dto.Light))
|
|
for _, f := range dto.JSFiles {
|
|
_, _ = hash.Write([]byte(f.FilePath))
|
|
_, _ = hash.Write([]byte(f.Integrity))
|
|
}
|
|
}
|
|
keys["assets"] = fmt.Sprintf("%x", hash.Sum(nil))
|
|
|
|
c.JSON(http.StatusOK, keys)
|
|
}
|
|
|
|
func sortedHash(vals []string, hash hash.Hash) string {
|
|
hash.Reset()
|
|
sort.Strings(vals)
|
|
for _, v := range vals {
|
|
_, _ = hash.Write([]byte(v))
|
|
}
|
|
return fmt.Sprintf("%x", hash.Sum(nil))
|
|
}
|
|
|
|
func (hs *HTTPServer) GetFrontendSettings(c *contextmodel.ReqContext) {
|
|
settings, err := hs.getFrontendSettings(c)
|
|
if err != nil {
|
|
c.JsonApiErr(400, "Failed to get frontend settings", err)
|
|
return
|
|
}
|
|
|
|
c.JSON(http.StatusOK, settings)
|
|
}
|
|
|
|
// getFrontendSettings returns a json object with all the settings needed for front end initialisation.
|
|
//
|
|
//nolint:gocyclo
|
|
func (hs *HTTPServer) getFrontendSettings(c *contextmodel.ReqContext) (*dtos.FrontendSettingsDTO, error) {
|
|
availablePlugins, err := hs.availablePlugins(c.Req.Context(), c.SignedInUser.GetOrgID())
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
apps := make(map[string]*plugins.AppDTO, 0)
|
|
for _, ap := range availablePlugins[plugins.TypeApp] {
|
|
apps[ap.Plugin.ID] = newAppDTO(
|
|
ap.Plugin,
|
|
ap.Settings,
|
|
)
|
|
}
|
|
|
|
dataSources, err := hs.getFSDataSources(c, availablePlugins)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
defaultDS := "-- Grafana --"
|
|
for n, ds := range dataSources {
|
|
if ds.IsDefault {
|
|
defaultDS = n
|
|
}
|
|
}
|
|
|
|
panels := make(map[string]plugins.PanelDTO)
|
|
for _, ap := range availablePlugins[plugins.TypePanel] {
|
|
panel := ap.Plugin
|
|
if panel.State == plugins.ReleaseStateAlpha && !hs.Cfg.PluginsEnableAlpha {
|
|
continue
|
|
}
|
|
|
|
if panel.ID == "datagrid" && !hs.Features.IsEnabled(c.Req.Context(), featuremgmt.FlagEnableDatagridEditing) {
|
|
continue
|
|
}
|
|
|
|
panels[panel.ID] = plugins.PanelDTO{
|
|
ID: panel.ID,
|
|
Name: panel.Name,
|
|
AliasIDs: panel.AliasIDs,
|
|
Info: panel.Info,
|
|
Module: panel.Module,
|
|
BaseURL: panel.BaseURL,
|
|
SkipDataQuery: panel.SkipDataQuery,
|
|
HideFromList: panel.HideFromList,
|
|
ReleaseState: string(panel.State),
|
|
Signature: string(panel.Signature),
|
|
Sort: getPanelSort(panel.ID),
|
|
Angular: panel.Angular,
|
|
}
|
|
}
|
|
|
|
hideVersion := hs.Cfg.AnonymousHideVersion && !c.IsSignedIn
|
|
version := setting.BuildVersion
|
|
commit := setting.BuildCommit
|
|
commitShort := getShortCommitHash(setting.BuildCommit, 10)
|
|
buildstamp := setting.BuildStamp
|
|
versionString := fmt.Sprintf(`%s v%s (%s)`, setting.ApplicationName, version, commitShort)
|
|
|
|
if hideVersion {
|
|
version = ""
|
|
versionString = setting.ApplicationName
|
|
commit = ""
|
|
commitShort = ""
|
|
buildstamp = 0
|
|
}
|
|
|
|
hasAccess := accesscontrol.HasAccess(hs.AccessControl, c)
|
|
secretsManagerPluginEnabled := kvstore.EvaluateRemoteSecretsPlugin(c.Req.Context(), hs.secretsPluginManager, hs.Cfg) == nil
|
|
trustedTypesDefaultPolicyEnabled := (hs.Cfg.CSPEnabled && strings.Contains(hs.Cfg.CSPTemplate, "require-trusted-types-for")) || (hs.Cfg.CSPReportOnlyEnabled && strings.Contains(hs.Cfg.CSPReportOnlyTemplate, "require-trusted-types-for"))
|
|
isCloudMigrationTarget := hs.Features.IsEnabled(c.Req.Context(), featuremgmt.FlagOnPremToCloudMigrations) && hs.Cfg.CloudMigrationIsTarget
|
|
|
|
frontendSettings := &dtos.FrontendSettingsDTO{
|
|
DefaultDatasource: defaultDS,
|
|
Datasources: dataSources,
|
|
MinRefreshInterval: hs.Cfg.MinRefreshInterval,
|
|
Panels: panels,
|
|
Apps: apps,
|
|
AppUrl: hs.Cfg.AppURL,
|
|
AppSubUrl: hs.Cfg.AppSubURL,
|
|
AllowOrgCreate: (hs.Cfg.AllowUserOrgCreate && c.IsSignedIn) || c.IsGrafanaAdmin,
|
|
AuthProxyEnabled: hs.Cfg.AuthProxy.Enabled,
|
|
LdapEnabled: hs.Cfg.LDAPAuthEnabled,
|
|
JwtHeaderName: hs.Cfg.JWTAuth.HeaderName,
|
|
JwtUrlLogin: hs.Cfg.JWTAuth.URLLogin,
|
|
LiveEnabled: hs.Cfg.LiveMaxConnections != 0,
|
|
AutoAssignOrg: hs.Cfg.AutoAssignOrg,
|
|
VerifyEmailEnabled: hs.Cfg.VerifyEmailEnabled,
|
|
SigV4AuthEnabled: hs.Cfg.SigV4AuthEnabled,
|
|
AzureAuthEnabled: hs.Cfg.AzureAuthEnabled,
|
|
RbacEnabled: true,
|
|
ExploreEnabled: hs.Cfg.ExploreEnabled,
|
|
HelpEnabled: hs.Cfg.HelpEnabled,
|
|
ProfileEnabled: hs.Cfg.ProfileEnabled,
|
|
NewsFeedEnabled: hs.Cfg.NewsFeedEnabled,
|
|
QueryHistoryEnabled: hs.Cfg.QueryHistoryEnabled,
|
|
GoogleAnalyticsId: hs.Cfg.GoogleAnalyticsID,
|
|
GoogleAnalytics4Id: hs.Cfg.GoogleAnalytics4ID,
|
|
GoogleAnalytics4SendManualPageViews: hs.Cfg.GoogleAnalytics4SendManualPageViews,
|
|
RudderstackWriteKey: hs.Cfg.RudderstackWriteKey,
|
|
RudderstackDataPlaneUrl: hs.Cfg.RudderstackDataPlaneURL,
|
|
RudderstackSdkUrl: hs.Cfg.RudderstackSDKURL,
|
|
RudderstackConfigUrl: hs.Cfg.RudderstackConfigURL,
|
|
RudderstackIntegrationsUrl: hs.Cfg.RudderstackIntegrationsURL,
|
|
FeedbackLinksEnabled: hs.Cfg.FeedbackLinksEnabled,
|
|
ApplicationInsightsConnectionString: hs.Cfg.ApplicationInsightsConnectionString,
|
|
ApplicationInsightsEndpointUrl: hs.Cfg.ApplicationInsightsEndpointUrl,
|
|
DisableLoginForm: hs.Cfg.DisableLoginForm,
|
|
DisableUserSignUp: !hs.Cfg.AllowUserSignUp,
|
|
LoginHint: hs.Cfg.LoginHint,
|
|
PasswordHint: hs.Cfg.PasswordHint,
|
|
ExternalUserMngInfo: hs.Cfg.ExternalUserMngInfo,
|
|
ExternalUserMngLinkUrl: hs.Cfg.ExternalUserMngLinkUrl,
|
|
ExternalUserMngLinkName: hs.Cfg.ExternalUserMngLinkName,
|
|
ViewersCanEdit: hs.Cfg.ViewersCanEdit,
|
|
AngularSupportEnabled: hs.Cfg.AngularSupportEnabled,
|
|
EditorsCanAdmin: hs.Cfg.EditorsCanAdmin,
|
|
DisableSanitizeHtml: hs.Cfg.DisableSanitizeHtml,
|
|
TrustedTypesDefaultPolicyEnabled: trustedTypesDefaultPolicyEnabled,
|
|
CSPReportOnlyEnabled: hs.Cfg.CSPReportOnlyEnabled,
|
|
DateFormats: hs.Cfg.DateFormats,
|
|
SecureSocksDSProxyEnabled: hs.Cfg.SecureSocksDSProxy.Enabled && hs.Cfg.SecureSocksDSProxy.ShowUI,
|
|
DisableFrontendSandboxForPlugins: hs.Cfg.DisableFrontendSandboxForPlugins,
|
|
PublicDashboardAccessToken: c.PublicDashboardAccessToken,
|
|
PublicDashboardsEnabled: hs.Cfg.PublicDashboardsEnabled,
|
|
CloudMigrationIsTarget: isCloudMigrationTarget,
|
|
SharedWithMeFolderUID: folder.SharedWithMeFolderUID,
|
|
RootFolderUID: accesscontrol.GeneralFolderUID,
|
|
LocalFileSystemAvailable: hs.Cfg.LocalFileSystemAvailable,
|
|
|
|
BuildInfo: dtos.FrontendSettingsBuildInfoDTO{
|
|
HideVersion: hideVersion,
|
|
Version: version,
|
|
VersionString: versionString,
|
|
Commit: commit,
|
|
CommitShort: commitShort,
|
|
Buildstamp: buildstamp,
|
|
Edition: hs.License.Edition(),
|
|
LatestVersion: hs.grafanaUpdateChecker.LatestVersion(),
|
|
HasUpdate: hs.grafanaUpdateChecker.UpdateAvailable(),
|
|
Env: hs.Cfg.Env,
|
|
},
|
|
|
|
LicenseInfo: dtos.FrontendSettingsLicenseInfoDTO{
|
|
Expiry: hs.License.Expiry(),
|
|
StateInfo: hs.License.StateInfo(),
|
|
LicenseUrl: hs.License.LicenseURL(hasAccess(licensing.PageAccess)),
|
|
Edition: hs.License.Edition(),
|
|
EnabledFeatures: hs.License.EnabledFeatures(),
|
|
},
|
|
|
|
FeatureToggles: hs.Features.GetEnabled(c.Req.Context()),
|
|
AnonymousEnabled: hs.Cfg.AnonymousEnabled,
|
|
AnonymousDeviceLimit: hs.Cfg.AnonymousDeviceLimit,
|
|
RendererAvailable: hs.RenderService.IsAvailable(c.Req.Context()),
|
|
RendererVersion: hs.RenderService.Version(),
|
|
RendererDefaultImageWidth: hs.Cfg.RendererDefaultImageWidth,
|
|
RendererDefaultImageHeight: hs.Cfg.RendererDefaultImageHeight,
|
|
RendererDefaultImageScale: hs.Cfg.RendererDefaultImageScale,
|
|
SecretsManagerPluginEnabled: secretsManagerPluginEnabled,
|
|
Http2Enabled: hs.Cfg.Protocol == setting.HTTP2Scheme,
|
|
GrafanaJavascriptAgent: hs.Cfg.GrafanaJavascriptAgent,
|
|
PluginCatalogURL: hs.Cfg.PluginCatalogURL,
|
|
PluginAdminEnabled: hs.Cfg.PluginAdminEnabled,
|
|
PluginAdminExternalManageEnabled: hs.Cfg.PluginAdminEnabled && hs.Cfg.PluginAdminExternalManageEnabled,
|
|
PluginCatalogHiddenPlugins: hs.Cfg.PluginCatalogHiddenPlugins,
|
|
ExpressionsEnabled: hs.Cfg.ExpressionsEnabled,
|
|
AwsAllowedAuthProviders: hs.Cfg.AWSAllowedAuthProviders,
|
|
AwsAssumeRoleEnabled: hs.Cfg.AWSAssumeRoleEnabled,
|
|
SupportBundlesEnabled: isSupportBundlesEnabled(hs),
|
|
|
|
Azure: dtos.FrontendSettingsAzureDTO{
|
|
Cloud: hs.Cfg.Azure.Cloud,
|
|
ManagedIdentityEnabled: hs.Cfg.Azure.ManagedIdentityEnabled,
|
|
WorkloadIdentityEnabled: hs.Cfg.Azure.WorkloadIdentityEnabled,
|
|
UserIdentityEnabled: hs.Cfg.Azure.UserIdentityEnabled,
|
|
UserIdentityFallbackCredentialsEnabled: hs.Cfg.Azure.UserIdentityFallbackCredentialsEnabled,
|
|
},
|
|
|
|
Caching: dtos.FrontendSettingsCachingDTO{
|
|
Enabled: hs.Cfg.SectionWithEnvOverrides("caching").Key("enabled").MustBool(true),
|
|
},
|
|
RecordedQueries: dtos.FrontendSettingsRecordedQueriesDTO{
|
|
Enabled: hs.Cfg.SectionWithEnvOverrides("recorded_queries").Key("enabled").MustBool(true),
|
|
},
|
|
Reporting: dtos.FrontendSettingsReportingDTO{
|
|
Enabled: hs.Cfg.SectionWithEnvOverrides("reporting").Key("enabled").MustBool(true),
|
|
},
|
|
Analytics: dtos.FrontendSettingsAnalyticsDTO{
|
|
Enabled: hs.Cfg.SectionWithEnvOverrides("analytics").Key("enabled").MustBool(true),
|
|
},
|
|
|
|
UnifiedAlerting: dtos.FrontendSettingsUnifiedAlertingDTO{
|
|
MinInterval: hs.Cfg.UnifiedAlerting.MinInterval.String(),
|
|
},
|
|
|
|
Oauth: hs.getEnabledOAuthProviders(),
|
|
SamlEnabled: hs.samlEnabled(),
|
|
SamlName: hs.samlName(),
|
|
TokenExpirationDayLimit: hs.Cfg.SATokenExpirationDayLimit,
|
|
|
|
SnapshotEnabled: hs.Cfg.SnapshotEnabled,
|
|
|
|
SqlConnectionLimits: dtos.FrontendSettingsSqlConnectionLimitsDTO{
|
|
MaxOpenConns: hs.Cfg.SqlDatasourceMaxOpenConnsDefault,
|
|
MaxIdleConns: hs.Cfg.SqlDatasourceMaxIdleConnsDefault,
|
|
ConnMaxLifetime: hs.Cfg.SqlDatasourceMaxConnLifetimeDefault,
|
|
},
|
|
}
|
|
|
|
if hs.Cfg.UnifiedAlerting.StateHistory.Enabled {
|
|
frontendSettings.UnifiedAlerting.AlertStateHistoryBackend = hs.Cfg.UnifiedAlerting.StateHistory.Backend
|
|
frontendSettings.UnifiedAlerting.AlertStateHistoryPrimary = hs.Cfg.UnifiedAlerting.StateHistory.MultiPrimary
|
|
}
|
|
|
|
if hs.Cfg.UnifiedAlerting.Enabled != nil {
|
|
frontendSettings.UnifiedAlertingEnabled = *hs.Cfg.UnifiedAlerting.Enabled
|
|
}
|
|
|
|
// It returns false if the provider is not enabled or the skip org role sync is false.
|
|
parseSkipOrgRoleSyncEnabled := func(info *social.OAuthInfo) bool {
|
|
if info == nil {
|
|
return false
|
|
}
|
|
return info.SkipOrgRoleSync
|
|
}
|
|
|
|
oauthProviders := hs.SocialService.GetOAuthInfoProviders()
|
|
frontendSettings.Auth = dtos.FrontendSettingsAuthDTO{
|
|
AuthProxyEnableLoginToken: hs.Cfg.AuthProxy.EnableLoginToken,
|
|
OAuthSkipOrgRoleUpdateSync: hs.Cfg.OAuthSkipOrgRoleUpdateSync,
|
|
SAMLSkipOrgRoleSync: hs.Cfg.SAMLSkipOrgRoleSync,
|
|
LDAPSkipOrgRoleSync: hs.Cfg.LDAPSkipOrgRoleSync,
|
|
JWTAuthSkipOrgRoleSync: hs.Cfg.JWTAuth.SkipOrgRoleSync,
|
|
GoogleSkipOrgRoleSync: parseSkipOrgRoleSyncEnabled(oauthProviders[social.GoogleProviderName]),
|
|
GrafanaComSkipOrgRoleSync: parseSkipOrgRoleSyncEnabled(oauthProviders[social.GrafanaComProviderName]),
|
|
GenericOAuthSkipOrgRoleSync: parseSkipOrgRoleSyncEnabled(oauthProviders[social.GenericOAuthProviderName]),
|
|
AzureADSkipOrgRoleSync: parseSkipOrgRoleSyncEnabled(oauthProviders[social.AzureADProviderName]),
|
|
GithubSkipOrgRoleSync: parseSkipOrgRoleSyncEnabled(oauthProviders[social.GitHubProviderName]),
|
|
GitLabSkipOrgRoleSync: parseSkipOrgRoleSyncEnabled(oauthProviders[social.GitlabProviderName]),
|
|
OktaSkipOrgRoleSync: parseSkipOrgRoleSyncEnabled(oauthProviders[social.OktaProviderName]),
|
|
DisableLogin: hs.Cfg.DisableLogin,
|
|
BasicAuthStrongPasswordPolicy: hs.Cfg.BasicAuthStrongPasswordPolicy,
|
|
}
|
|
|
|
if hs.pluginsCDNService != nil && hs.pluginsCDNService.IsEnabled() {
|
|
cdnBaseURL, err := hs.pluginsCDNService.BaseURL()
|
|
if err != nil {
|
|
return nil, fmt.Errorf("plugins cdn base url: %w", err)
|
|
}
|
|
frontendSettings.PluginsCDNBaseURL = cdnBaseURL
|
|
}
|
|
|
|
if hs.Cfg.GeomapDefaultBaseLayerConfig != nil {
|
|
frontendSettings.GeomapDefaultBaseLayerConfig = &hs.Cfg.GeomapDefaultBaseLayerConfig
|
|
}
|
|
|
|
if !hs.Cfg.GeomapEnableCustomBaseLayers {
|
|
frontendSettings.GeomapDisableCustomBaseLayer = true
|
|
}
|
|
|
|
// Set the kubernetes namespace
|
|
frontendSettings.Namespace = hs.namespacer(c.SignedInUser.OrgID)
|
|
|
|
// experimental scope features
|
|
if hs.Features.IsEnabled(c.Req.Context(), featuremgmt.FlagScopeFilters) {
|
|
frontendSettings.ListScopesEndpoint = hs.Cfg.ScopesListScopesURL
|
|
frontendSettings.ListDashboardScopesEndpoint = hs.Cfg.ScopesListDashboardsURL
|
|
}
|
|
|
|
return frontendSettings, nil
|
|
}
|
|
|
|
func isSupportBundlesEnabled(hs *HTTPServer) bool {
|
|
return hs.Cfg.SectionWithEnvOverrides("support_bundles").Key("enabled").MustBool(true)
|
|
}
|
|
|
|
func getShortCommitHash(commitHash string, maxLength int) string {
|
|
if len(commitHash) > maxLength {
|
|
return commitHash[:maxLength]
|
|
}
|
|
return commitHash
|
|
}
|
|
|
|
func (hs *HTTPServer) getFSDataSources(c *contextmodel.ReqContext, availablePlugins AvailablePlugins) (map[string]plugins.DataSourceDTO, error) {
|
|
orgDataSources := make([]*datasources.DataSource, 0)
|
|
if c.SignedInUser.GetOrgID() != 0 {
|
|
query := datasources.GetDataSourcesQuery{OrgID: c.SignedInUser.GetOrgID(), DataSourceLimit: hs.Cfg.DataSourceLimit}
|
|
dataSources, err := hs.DataSourcesService.GetDataSources(c.Req.Context(), &query)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if c.IsPublicDashboardView() {
|
|
// If RBAC is enabled, it will filter out all datasources for a public user, so we need to skip it
|
|
orgDataSources = dataSources
|
|
} else {
|
|
filtered, err := hs.dsGuardian.New(c.SignedInUser.OrgID, c.SignedInUser).FilterDatasourcesByQueryPermissions(dataSources)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
orgDataSources = filtered
|
|
}
|
|
}
|
|
|
|
dataSources := make(map[string]plugins.DataSourceDTO)
|
|
|
|
for _, ds := range orgDataSources {
|
|
url := ds.URL
|
|
|
|
if ds.Access == datasources.DS_ACCESS_PROXY {
|
|
url = "/api/datasources/proxy/uid/" + ds.UID
|
|
}
|
|
|
|
dsDTO := plugins.DataSourceDTO{
|
|
ID: ds.ID,
|
|
UID: ds.UID,
|
|
Type: ds.Type,
|
|
Name: ds.Name,
|
|
URL: url,
|
|
IsDefault: ds.IsDefault,
|
|
Access: string(ds.Access),
|
|
ReadOnly: ds.ReadOnly,
|
|
}
|
|
|
|
ap, exists := availablePlugins.Get(plugins.TypeDataSource, ds.Type)
|
|
if !exists {
|
|
c.Logger.Error("Could not find plugin definition for data source", "datasource_type", ds.Type)
|
|
continue
|
|
}
|
|
plugin := ap.Plugin
|
|
dsDTO.Type = plugin.ID
|
|
dsDTO.Preload = plugin.Preload
|
|
dsDTO.Module = plugin.Module
|
|
dsDTO.PluginMeta = &plugins.PluginMetaDTO{
|
|
JSONData: plugin.JSONData,
|
|
Signature: plugin.Signature,
|
|
Module: plugin.Module,
|
|
BaseURL: plugin.BaseURL,
|
|
Angular: plugin.Angular,
|
|
}
|
|
|
|
if ds.JsonData == nil {
|
|
dsDTO.JSONData = make(map[string]any)
|
|
} else {
|
|
dsDTO.JSONData = ds.JsonData.MustMap()
|
|
}
|
|
|
|
if ds.Access == datasources.DS_ACCESS_DIRECT {
|
|
if ds.BasicAuth {
|
|
password, err := hs.DataSourcesService.DecryptedBasicAuthPassword(c.Req.Context(), ds)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
dsDTO.BasicAuth = util.GetBasicAuthHeader(
|
|
ds.BasicAuthUser,
|
|
password,
|
|
)
|
|
}
|
|
if ds.WithCredentials {
|
|
dsDTO.WithCredentials = ds.WithCredentials
|
|
}
|
|
|
|
if ds.Type == datasources.DS_INFLUXDB_08 {
|
|
password, err := hs.DataSourcesService.DecryptedPassword(c.Req.Context(), ds)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
dsDTO.Username = ds.User
|
|
dsDTO.Password = password
|
|
dsDTO.URL = url + "/db/" + ds.Database
|
|
}
|
|
|
|
if ds.Type == datasources.DS_INFLUXDB {
|
|
password, err := hs.DataSourcesService.DecryptedPassword(c.Req.Context(), ds)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
dsDTO.Username = ds.User
|
|
dsDTO.Password = password
|
|
dsDTO.URL = url
|
|
}
|
|
}
|
|
|
|
// Update `jsonData.database` for outdated provisioned SQL datasources created WITHOUT the `jsonData` object in their configuration.
|
|
// In these cases, the `Database` value is defined (if at all) on the root level of the provisioning config object.
|
|
// This is done for easier warning/error checking on the front end.
|
|
if (ds.Type == datasources.DS_MSSQL) || (ds.Type == datasources.DS_MYSQL) || (ds.Type == datasources.DS_POSTGRES) {
|
|
// Only update if the value isn't already assigned.
|
|
if dsDTO.JSONData["database"] == nil || dsDTO.JSONData["database"] == "" {
|
|
dsDTO.JSONData["database"] = ds.Database
|
|
}
|
|
}
|
|
|
|
if (ds.Type == datasources.DS_INFLUXDB) || (ds.Type == datasources.DS_ES) {
|
|
dsDTO.Database = ds.Database
|
|
}
|
|
|
|
if ds.Type == datasources.DS_PROMETHEUS {
|
|
// add unproxied server URL for link to Prometheus web UI
|
|
ds.JsonData.Set("directUrl", ds.URL)
|
|
}
|
|
|
|
dataSources[ds.Name] = dsDTO
|
|
}
|
|
|
|
// add data sources that are built in (meaning they are not added via data sources page, nor have any entry in
|
|
// the datasource table)
|
|
for _, ds := range hs.pluginStore.Plugins(c.Req.Context(), plugins.TypeDataSource) {
|
|
if ds.BuiltIn {
|
|
dto := plugins.DataSourceDTO{
|
|
Type: string(ds.Type),
|
|
Name: ds.Name,
|
|
JSONData: make(map[string]any),
|
|
PluginMeta: &plugins.PluginMetaDTO{
|
|
JSONData: ds.JSONData,
|
|
Signature: ds.Signature,
|
|
Module: ds.Module,
|
|
BaseURL: ds.BaseURL,
|
|
Angular: ds.Angular,
|
|
},
|
|
}
|
|
if ds.Name == grafanads.DatasourceName {
|
|
dto.ID = grafanads.DatasourceID
|
|
dto.UID = grafanads.DatasourceUID
|
|
}
|
|
dataSources[ds.Name] = dto
|
|
}
|
|
}
|
|
|
|
return dataSources, nil
|
|
}
|
|
|
|
func newAppDTO(plugin pluginstore.Plugin, settings pluginsettings.InfoDTO) *plugins.AppDTO {
|
|
app := &plugins.AppDTO{
|
|
ID: plugin.ID,
|
|
Version: plugin.Info.Version,
|
|
Path: plugin.Module,
|
|
Preload: false,
|
|
Angular: plugin.Angular,
|
|
}
|
|
|
|
if settings.Enabled {
|
|
app.Preload = plugin.Preload
|
|
}
|
|
|
|
return app
|
|
}
|
|
|
|
func getPanelSort(id string) int {
|
|
sort := 100
|
|
switch id {
|
|
case "timeseries":
|
|
sort = 1
|
|
case "barchart":
|
|
sort = 2
|
|
case "stat":
|
|
sort = 3
|
|
case "gauge":
|
|
sort = 4
|
|
case "bargauge":
|
|
sort = 5
|
|
case "table":
|
|
sort = 6
|
|
case "singlestat":
|
|
sort = 7
|
|
case "piechart":
|
|
sort = 8
|
|
case "state-timeline":
|
|
sort = 9
|
|
case "heatmap":
|
|
sort = 10
|
|
case "status-history":
|
|
sort = 11
|
|
case "histogram":
|
|
sort = 12
|
|
case "graph":
|
|
sort = 13
|
|
case "text":
|
|
sort = 14
|
|
case "alertlist":
|
|
sort = 15
|
|
case "dashlist":
|
|
sort = 16
|
|
case "news":
|
|
sort = 17
|
|
}
|
|
return sort
|
|
}
|
|
|
|
type availablePluginDTO struct {
|
|
Plugin pluginstore.Plugin
|
|
Settings pluginsettings.InfoDTO
|
|
}
|
|
|
|
// AvailablePlugins represents a mapping from plugin types (panel, data source, etc.) to plugin IDs to plugins
|
|
// For example ["panel"] -> ["piechart"] -> {pie chart plugin DTO}
|
|
type AvailablePlugins map[plugins.Type]map[string]*availablePluginDTO
|
|
|
|
func (ap AvailablePlugins) Get(pluginType plugins.Type, pluginID string) (*availablePluginDTO, bool) {
|
|
p, exists := ap[pluginType][pluginID]
|
|
if exists {
|
|
return p, true
|
|
}
|
|
for _, p = range ap[pluginType] {
|
|
if p.Plugin.ID == pluginID || slices.Contains(p.Plugin.AliasIDs, pluginID) {
|
|
return p, true
|
|
}
|
|
}
|
|
return nil, false
|
|
}
|
|
|
|
func (hs *HTTPServer) availablePlugins(ctx context.Context, orgID int64) (AvailablePlugins, error) {
|
|
ap := make(AvailablePlugins)
|
|
|
|
pluginSettingMap, err := hs.pluginSettings(ctx, orgID)
|
|
if err != nil {
|
|
return ap, err
|
|
}
|
|
|
|
apps := make(map[string]*availablePluginDTO)
|
|
for _, app := range hs.pluginStore.Plugins(ctx, plugins.TypeApp) {
|
|
if s, exists := pluginSettingMap[app.ID]; exists {
|
|
app.Pinned = s.Pinned
|
|
apps[app.ID] = &availablePluginDTO{
|
|
Plugin: app,
|
|
Settings: *s,
|
|
}
|
|
}
|
|
}
|
|
ap[plugins.TypeApp] = apps
|
|
|
|
dataSources := make(map[string]*availablePluginDTO)
|
|
for _, ds := range hs.pluginStore.Plugins(ctx, plugins.TypeDataSource) {
|
|
if s, exists := pluginSettingMap[ds.ID]; exists {
|
|
dataSources[ds.ID] = &availablePluginDTO{
|
|
Plugin: ds,
|
|
Settings: *s,
|
|
}
|
|
}
|
|
}
|
|
ap[plugins.TypeDataSource] = dataSources
|
|
|
|
panels := make(map[string]*availablePluginDTO)
|
|
for _, p := range hs.pluginStore.Plugins(ctx, plugins.TypePanel) {
|
|
if s, exists := pluginSettingMap[p.ID]; exists {
|
|
panels[p.ID] = &availablePluginDTO{
|
|
Plugin: p,
|
|
Settings: *s,
|
|
}
|
|
}
|
|
}
|
|
ap[plugins.TypePanel] = panels
|
|
|
|
return ap, nil
|
|
}
|
|
|
|
func (hs *HTTPServer) pluginSettings(ctx context.Context, orgID int64) (map[string]*pluginsettings.InfoDTO, error) {
|
|
pluginSettings := make(map[string]*pluginsettings.InfoDTO)
|
|
|
|
// fill settings from database
|
|
if pss, err := hs.PluginSettings.GetPluginSettings(ctx, &pluginsettings.GetArgs{OrgID: orgID}); err != nil {
|
|
return nil, err
|
|
} else {
|
|
for _, ps := range pss {
|
|
pluginSettings[ps.PluginID] = ps
|
|
}
|
|
}
|
|
|
|
// fill settings from app plugins
|
|
for _, plugin := range hs.pluginStore.Plugins(ctx, plugins.TypeApp) {
|
|
// ignore settings that already exist
|
|
if _, exists := pluginSettings[plugin.ID]; exists {
|
|
continue
|
|
}
|
|
|
|
// add new setting which is enabled depending on if AutoEnabled: true
|
|
pluginSetting := &pluginsettings.InfoDTO{
|
|
PluginID: plugin.ID,
|
|
OrgID: orgID,
|
|
Enabled: plugin.AutoEnabled,
|
|
Pinned: plugin.AutoEnabled,
|
|
PluginVersion: plugin.Info.Version,
|
|
}
|
|
|
|
pluginSettings[plugin.ID] = pluginSetting
|
|
}
|
|
|
|
// fill settings from all remaining plugins (including potential app child plugins)
|
|
for _, plugin := range hs.pluginStore.Plugins(ctx) {
|
|
// ignore settings that already exist
|
|
if _, exists := pluginSettings[plugin.ID]; exists {
|
|
continue
|
|
}
|
|
|
|
// add new setting which is enabled by default
|
|
pluginSetting := &pluginsettings.InfoDTO{
|
|
PluginID: plugin.ID,
|
|
OrgID: orgID,
|
|
Enabled: true,
|
|
Pinned: false,
|
|
PluginVersion: plugin.Info.Version,
|
|
}
|
|
|
|
// if plugin is included in an app, check app settings
|
|
if plugin.IncludedInAppID != "" {
|
|
// app child plugins are disabled unless app is enabled
|
|
pluginSetting.Enabled = false
|
|
if p, exists := pluginSettings[plugin.IncludedInAppID]; exists {
|
|
pluginSetting.Enabled = p.Enabled
|
|
}
|
|
}
|
|
pluginSettings[plugin.ID] = pluginSetting
|
|
}
|
|
|
|
return pluginSettings, nil
|
|
}
|
|
|
|
func (hs *HTTPServer) getEnabledOAuthProviders() map[string]any {
|
|
providers := make(map[string]any)
|
|
for key, oauth := range hs.SocialService.GetOAuthInfoProviders() {
|
|
providers[key] = map[string]string{
|
|
"name": oauth.Name,
|
|
"icon": oauth.Icon,
|
|
}
|
|
}
|
|
return providers
|
|
}
|