Plugins: Only configure plugin proxy transport once (#71735)
only configure plugin proxy transport once
(cherry picked from commit b59ca7fb22)
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
Revert: Allow editors to access GET /datasources (#68632)
Revert "Allow editors to access GET /datasources"
This reverts commit 5a830c43c0.
(cherry picked from commit 6a2bcba078)
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
AccessControl: Allow editors to access GET /api/datasources (#66343)
Allow editors to access GET /datasources
(cherry picked from commit 2c21090931)
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
Auth: Fix orgrole picker disabled if isSynced user (#64033)
* fix: disable orgrolepicker if externaluser is synced
* add disable to role picker
* just took me 2 hours to center the icon
* wip
* fix: check externallySyncedUser for API call
* remove check from store
* add: tests
* refactor authproxy and made tests run
* add: feature toggle
* set feature toggle for tests
* add: IsProviderEnabled
* refactor: featuretoggle name
* IsProviderEnabled tests
* add specific tests for isProviderEnabled
* fix: org_user tests
* add: owner to featuretoggle
* add missing authlabels
* remove fmt
* feature toggle
* change config
* add test for a different authmodule
* test refactor
* gen feature toggle again
* fix basic auth user able to change the org role
* test for basic auth role
* make err.base to error
* lowered lvl of log and input mesg
(cherry picked from commit 3cd952b8ba)
* Navigation: Fix Home logo always going to `/login` (#62658)
* only redirect to /login when anonymous access is disabled
* only search for dashboards when not logged in if anon access is enabled
* fix go logic
* add unit tests
(cherry picked from commit 3336327306)
* remove file i accidentally left in :/
* import correct method
Snapshots: Fix deleting snapshot with non existent dashboard ID (#64345)
* Add test for deleting snapshot for non existent dashboard
* Add test for failure to fetch guardian other than ErrDashboardNotFound
* Fix dashboard snapshot delete
(cherry picked from commit 43095d84e4)
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* move analytics identifiers to backend
* implement hash function
* grab secret from env
* expose and retrieve intercom secret from config
* concat email with appUrl to ensure uniqueness
* revert to just using email
* Revert "revert to just using email"
This reverts commit 8f10f9b1bc.
* add docstring
(cherry picked from commit d61bcdf4ca)
fix(dashboard version service): add DashboardUID to query and responses (#60800)
* fix(dashboard version service): add DashboardUID to query and responses
The DashboardUID was not populated in the response from Get and ListDashboardVersions. This adds the DashboardUID to the Get query (it was already in List) and populated the DashboardUID in the returned DashboardVersionDTOs.
(cherry picked from commit 42be0e106f)
Co-authored-by: Kristin Laemmert <mildwonkey@users.noreply.github.com>
Users: Fix org user always getting org id = 1 on auto assign false (#63708)
* fix org user always getting org id = 1 on auto assign false
* make tests explicit
* use correct cfg in service accounts
* fix api tests
* fix database test of ac
* fix InsertOrgUser returning affected rows as orgID
(cherry picked from commit c8db771939)
Plugins: Fix plugins CDN not working when plugins are not in domain's root path (#63202)
* Plugins CDN: Add support for different CDN root path
* Plugins CDN: Make frontendsettings return the correct CDN base path
* Update comments
* Fix version detection
* Undo frontend changes
* Fix system.js asset path construction
* fix(plugins): translate all plugin css asset paths loaded via cdn
* refactor(plugins): rename extractPluginNameVersionFromUrl and add comments
* Fix typo in comment
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
* Hardcode CDN URL structure
/{id}/{version}/public/plugins/{id}/{assetPath} is not required anymore in the cdn url template config
---------
Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
(cherry picked from commit 966bcd3545)
Co-authored-by: Giuseppe Guerra <giuseppe.guerra@grafana.com>
* Authn: Anon session service (#63052)
* add anon sessions package
* add usage stat fn
* implement count for cache
* add anonservice to authn broker
* lint
* add tests for remote cache count
* move anon service to services
* wrap tagging in goroutine
* make func used
(cherry picked from commit ff78103a24)
* add local cache to protect multiple writes to DB cache
(cherry picked from commit bdb084736b)
Authn: Stat registration (#62934)
* reorganize auth usage stats
* usage stat privilege elevators
* stat count of modified role
* cfg related info
* add authn anon client
* kv store
* ensure anon enabled is collected even if client is not registered
* fix usage stats test
(cherry picked from commit 14a78b58e9)
Plugins: Prefer to use the data source UID when querying (#62776)
(cherry picked from commit 68862ce3e8)
Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
This adds provisioning endpoints for downloading alert rules and alert rule groups in a
format that is compatible with file provisioning. Each endpoint supports both json and
yaml response types via Accept header as well as a query parameter
download=true/false that will set Content-Disposition to recommend initiating a download
or inline display.
This also makes some package changes to keep structs with potential to drift closer
together. Eventually, other alerting file structs should also move into this new file
package, but the rest require some refactoring that is out of scope for this PR.
The old GrafanaComURL setting didn't have the /api suffix so needed it
adding on by the proxy director, but the new GrafanaComAPIURL setting is
assumed to already point directly to the API and doesn't need an
additional suffix.
This is the only place in the codebase that GrafanaComAPIURL is used.
* Add config to remove Snapshot functionality (frontend is hidden and validation in the backend)
* Add test cases
* Remove unused mock on the test
* Moving Snapshot config from globar variables to settings.Cfg
* Removing warnings on code
* API: Add reqSignedIn to router groups
* AuthN: Add fall through in context handler
* AuthN: Add IsAnonymous field
* AuthN: add priority to context aware clients
* ContextHandler: Add comment
* AuthN: Add a simple priority queue
* AuthN: Add Name to client interface
* AuthN: register clients with function
* AuthN: update mock and fake to implement interface
* AuthN: rewrite test without reflection
* AuthN: add comment
* AuthN: fix queue insert
* AuthN: rewrite tests
* AuthN: make the queue generic so we can reuse it for hooks
* ContextHandler: Add fixme for auth headers
* AuthN: remove unused variable
* AuthN: use multierror
* AuthN: write proper tests for queue
* AuthN: Add queue item that can store the value and priority
Co-authored-by: Jo <joao.guerreiro@grafana.com>
* Access Control: Add folder service dependency to the dashboard/folder resolvers
* Expose the function fetching parents to folder interface
* Add generic prepend utility
* Modify dashboard resolvers to return inherited scopes
* add: skip_org_role_sync setting for github
* fix: frontend
* rearranged tests
* refactor: assignGrafanaAdmin skip also
* Add: tests for allowGrafanaAdmin
- both for the case when both settings are set and the setting for only
allowGrafanaAdmin
* Apply suggestions from code review
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update pkg/login/social/github_oauth.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* added vairable inside scope
* Update docs/sources/setup-grafana/configure-security/configure-authentication/github/index.md
* Update docs/sources/setup-grafana/configure-security/configure-authentication/github/index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
During the review of the initial PR adding this (#59506) I removed
a new global variable from the setting package, but forgot to update
the reference to the new setting, so the API URL wasn't actually
being used. This PR updates the proxy endpoint to use the API
URL correctly.
Aside: I'm not a huge fan of how the error is being ignored when parsing
the URL, but I think that should be addressed in a separate PR if anyone
has a suggestion for how we should handle it. (Should we check that the
URL is valid when parsing config?)
* rename routes and fix access control for support bundles
* AccessControl: Hide menu if not authorized
* AccessControl: Add AC guards for create and delete
* lint
