* LDAP: Show all LDAP groups
* Use the returned LDAP groups as the reference when debugging LDAP
We need to use the LDAP groups returned as the main reference for
assuming what we were able to match and what wasn't. Before, we were
using the configured groups in LDAP TOML configuration file.
* s/User name/Username
* Add a title to for the LDAP mapping results
* LDAP: UI Updates to debug view
* LDAP: Make it explicit when we weren't able to match teams
(cherry picked from commit b20a258b72)
* API: adds redirect helper to simplify http redirects (#19180)
(cherry picked from commit dd794625dd)
* Dashboard: Fixes back button styles in kiosk mode (#19165)
Fixes: #18114
(cherry picked from commit 38e948a1ad)
* Menu: fix menu button in the mobile view (#19191)
* replace "sandwich" (menu) button with logo(back home) if kiosk=tv
* update navbar initialize padding-left befause menu button is overlapped by the navbar
(cherry picked from commit 5ef40b259d)
* LDAP debug page: deduplicate errors (#19168)
(cherry picked from commit 6b2e95a1f2)
* MSSQL: Revert usage of new connectionstring format (#19203)
This reverts commit 2514209 from #18384. Reason is that it doesn't
work due to xorm 0.7.1 which doesn't support this new connectionstring
format.
Fixes#19189
Ref #18384
Ref #17665
(cherry picked from commit 0f524fc947)
* Docker: Upgrade packages to resolve reported vulnerabilities (#19188)
Fixes#19186
(cherry picked from commit 4d96bc590f)
* FieldDisplay: Update title variable syntax (#19217)
(cherry picked from commit 14f1cf29f0)
* Cloudwatch: Fix autocomplete for Gamelift dimensions (#19145) (#19146)
(cherry picked from commit 79f8433675)
* grafana/ui: Add disabled prop on LinkButton (#19192)
(cherry picked from commit f445369d68)
* plugins: expose whole rxjs to plugins (#19226)
(cherry picked from commit 98c95a8a83)
* Snapshots: store DataFrameDTO instead of MutableDataFrame in snapshot data (#19247)
(cherry picked from commit be8097fca2)
* grafana/toolkit: Add plugin scaffolding (#19207)
(cherry picked from commit 54ebf174a0)
* Alerting: Truncate PagerDuty summary when greater than 1024 characters (#18730)
Requests to PagerDuty fail with an HTTP 400 if the `summary`
attribute contains more than 1024 characters, this fixes this.
API spec:
https://v2.developer.pagerduty.com/docs/send-an-event-events-api-v2Fixes#18727
(cherry picked from commit 8a991244d5)
* grafana/toolkit: Fix toolkit not building @grafana/toolkit (#19253)
* Fix toolkit not building
Weird TS didn't pick this up...
* Update packages/grafana-toolkit/src/cli/index.ts
(cherry picked from commit 809e2ca3c7)
* Docs: Update theming docs (#19248)
(cherry picked from commit 9feac7753b)
* Explore: live tail UI fixes and improvements (#19187)
(cherry picked from commit bf24cbba76)
* Graphite: Changed range expansion from 1m to 1s (#19246)
Fixes#11472
(cherry picked from commit d95318b325)
* MySQL, Postgres, MSSQL: Only debug log when in development (#19239)
Found some additional debug statements in relation to #19049 that
can cause memory issues.
Ref #19049
(cherry picked from commit 19f3ec4891)
* Vector: remove toJSON() from interface (#19254)
(cherry picked from commit 6787e7b5ab)
* Update changelog task to generate toolkit changelog too (#19262)
(cherry picked from commit b7752b8c02)
* Dashboard: Hides alpha icon for visualization that is not in alpha/beta stage #19300Fixes#19251
(cherry picked from commit f01836c17a)
* Build: Split up task in the CI pipeline to ease running outside circleci (#18861)
* build: make sign rpm packages not depend on checking out private key
* build: move commands from circleci config into verify signed packages script
* build: split update and publish of deb and rpm into two scripts
* use files argument for sign and verify packages
* validate files argument for sign and verify packages
* update test publish of deb/rpm readme
(cherry picked from commit 4386604751)
* Admin/user: fix textarea postion in 'Pending Invites' to avoid page scrolling (#19288)
* hide textarea element after click 'Copy Invite' button on firefox
(cherry picked from commit 50b4695cf5)
* Alerting: Prevents creating alerts from unsupported queries (#19250)
* Refactor: Makes PanelEditor use state and shows validation message on AlerTab
* Refactor: Makes validation message nicer looking
* Refactor: Changes imports
* Refactor: Removes conditional props
* Refactor: Changes after feedback from PR review
* Refactor: Removes unused action
(cherry picked from commit 9bd6ed887c)
* Chore: Update Slate to 0.47.8 (#19197)
* Chore: Update Slate to 0.47.8
Closes#17430
(cherry picked from commit 68d6da77da)
* DataLinks: Small UX improvements to DataLinksInput (#19313)
Closes#19257
(cherry picked from commit feb6bc6747)
* Multi-LDAP: Do not fail-fast on invalid credentials (#19261)
* Multi-LDAP: Do not fail-fast on invalid credentials
When configuring LDAP authentication, it is very common to have multiple
servers configured. When using user bind (authenticating with LDAP using
the same credentials as the user authenticating to Grafana) we don't
expect all the users to be on all LDAP servers.
Because of this use-case, we should not fail-fast when authenticating on
multiple LDAP server configurations. Instead, we should continue to try
the credentials with the next LDAP server configured.
Fixes#19066
(cherry picked from commit 279249ef56)
* Explore: Fix unsubscribing from Loki websocket (#19263)
(cherry picked from commit 4c1bc59889)
* Plugins: Skips existence of module.js for renderer plugins (#19318)
* Fix: Skips test for module.js for plugins of renderer type
Fixes#19130
* Refactor: Changes after PR comments
* Chore: Fixes go lint issue
(cherry picked from commit 75dcaecc99)
* Keybindings: Improve esc / exit / blur logic (#19320)
* Keybindings: Improve esc / exit / blur logic
* Slight modifications
* removed use of jquery
(cherry picked from commit 08cc4f0c8a)
* Select: Set placeholder color (#19309)
(cherry picked from commit 2c9577fcc5)
* Azure Monitor: Revert support for cross resource queries (#19115)" (#19346)
This reverts commit 88051258e9.
(cherry picked from commit 4dbedb8405)
* Dashboard: Fix export for sharing when panels use default data source (#19315)
* PanelModel: moved datasource: null away from defaults that are removed
* Added unit test
(cherry picked from commit ac3fb6452d)
* Heatmap: use DataFrame rather than LegacyResponseData (#19026)
* merge master
* TimeSeries: datasources with labels should export tags (not labels) (#18977)
* merge master
* export prometheus tags
* Annotations: Add annotations support to Loki (#18949)
* Explore: Unify background color for fresh logs (#18973)
* Singlestat: render lines on the panel when sparklines are enabled (#18984)
* Image rendering: Add deprecation warning when PhantomJS is used for rendering images (#18933)
* Add deprecation warning
* Update pkg/services/rendering/rendering.go
Co-Authored-By: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Units: Adding T,P,E,Z,and Y bytes (#18706)
* Adding T and P for bytes
Luckily, all the hard work was done before; just added in these prefixes for our production environment.
* Future-proofing with other values (why not?)
* Yottaflops?
* Cutting back down to Peta sizes, except for hashes
* Refactor: move ScopedVars to grafana/data (#18992)
* Refactor: Move sql_engine to sub package of tsdb (#18991)
this way importing the tsdb package does not come with xorm dependencies
* use DataFrame in heatmaps
* actually use the setting :)
* remove unused timeSrv
* merge with master / useDataFrames
* fix test function
* merge master
* fix datasource type on snapshot
* reuse DataFrame calcs from graph panel
* update comments
(cherry picked from commit 2474511d03)
* Explore: Do not send explicit maxDataPoints for logs. (#19235)
(cherry picked from commit f203e82b40)
* MySQL, Postgres, MSSQL: Fix validating query with template variables in alert (#19237)
Adds support for validating query in alert for mysql,
postgres and mssql.
Fixes#13155
(cherry picked from commit 96046a7ba6)
* MySQL, Postgres: Update raw sql when query builder updates (#19209)
Raw sql now updates when changing query using
graphical query editor for mysql and postgres.
Fixes#19063
(cherry picked from commit 7c499ffdd8)
* MySQL: Limit datasource error details returned from the backend (#19373)
Only return certain mysql errors from backend.
The following errors is returned as is from backend:
error code 1064 (parse error)
error code 1054 (bad column/field selected)
error code 1146 (table not exists)
Any other errors is logged and returned as a generic
error.
Restrict use of certain functions:
Do not allow usage of the following in query:
system_user()
session_user()
current_user() or current_user
user()
show grants
Fixes#19360
(cherry picked from commit 3de693af49)
* SQL: Rewrite statistics query (#19178)
* Rewrite statistics query
(cherry picked from commit 56f5106717)
* Release v6.4.0-beta2
* ValueFormats: check for inf (#19376)
(cherry picked from commit 32b73bb496)
* Build: Fix correct sort order of merged pr's in cherrypick task (#19379)
(cherry picked from commit c4a03f482c)
* Add items for navmodel and basic page
* add reducer and actions
* adding user mapping table component
* adding components for ldap tables
* add alert box on error
* close error alert box
* LDAP status page: connect APIs WIP
* LDAP debug: fetch connection status from API
* LDAP debug: fetch user info from API
* LDAP debug: improve connection error view
* LDAP debug: connection error tweaks
* LDAP debug: fix role mapping view
* LDAP debug: role mapping view tweaks
* LDAP debug: add bulk-sync button stub
* LDAP debug: minor refactor
* LDAP debug: show user teams
* LDAP debug: user info refactor
* LDAP debug: initial user page
* LDAP debug: minor refactor, remove unused angular wrapper
* LDAP debug: add sessions to user page
* LDAP debug: tweak user page
* LDAP debug: tweak view for disabled user
* LDAP debug: get sync info from API
* LDAP debug: user sync info
* LDAP debug: sync user button
* LDAP debug: clear error on page load
* LDAP debug: add user last sync info
* LDAP debug: actions refactor
* LDAP debug: roles and teams style tweaks
* Pass showAttributeMapping to LdapUserTeams
* LDAP debug: hide bulk sync button
* LDAP debug: refactor sessions component
* LDAP debug: fix loading user sessions
* LDAP debug: hide sync user button
* LDAP debug: fix fetching unavailable /ldap-sync-status endpoint
* LDAP debug: revert accidentally added fix
* LDAP debug: show error when LDAP is not enabled
* LDAP debug: refactor, move ldap components into ldap/ folder
* LDAP debug: styles refactoring
* LDAP debug: ldap reducer tests
* LDAP debug: ldap user reducer tests
* LDAP debug: fix connection error placement
* Text update
* LdapUser: Minor UI changes moving things around
* AlertBox: Removed icon-on-top as everywhere else it is centered, want to have it be consistent
* LDAP: Allow an user to be synchronised against LDAP
This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand.
A few things to note are:
LDAP needs to be enabled for the sync to work
It only works against users that originally authenticated against LDAP
If the user is the Grafana admin and it needs to be disabled - it will not sync the information
Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
* API: Add `updatedAt` to api/users/:id
This adds the timestamp of when a particular user was last updated to
the `api/users/:id` endpoint.
This helps our administrators understand when was the user information last
updated. Particularly when it comes from external systems e.g. LDAP
Adds the definition of `GetTeamsForLDAPGroupCommand` which handles the lookup of team information based on LDAP groupDNs.
This is an Enterprise only feature. To diferentiate,a response will contain the `team` key as `null` on OSS while on Enterprise the key will contain an empty array `[]` when no teams are found.
* LDAP: Add API endpoint to query the LDAP server(s) status|
This endpoint returns the current status(es) of the configured LDAP server(s).
The status of each server is verified by dialling and if no error is returned we assume the server is operational.
This is the last piece I'll produce as an API before moving into #18759 and see the view come to life.
* Move the ReloadLDAPCfg function to the debug file
Appears to be a better suite place for this.
* LDAP: Return the server information when we find a specific user
We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things:
- Understand in which server we found the user
- Have access the groups specified as part of the server configuration
* LDAP: Adds the /api/admin/ldap/:username endpoint
This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration.
No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
* SQLite migrations
* cleanup
* migrate end times
* switch to update with a query
* real migration
* anno migrations
* remove old docs
* set isRegion from time changes
* use <> for is not
* add comment and fix index decleration
* single validation place
* add test
* fix test
* add upgrading docs
* use AnnotationEvent
* fix import
* remove regionId from typescript
Existing /api/alert-notifications now requires at least editor access.
Existing /api/alert-notifiers now requires at least editor access.
New /api/alert-notifications/lookup returns less information than
/api/alert-notifications and can be access by any authenticated user.
Existing /api/org/users now requires org admin role.
New /api/org/users/lookup returns less information than
/api/org/users and can be access by users that are org admins,
admin in any folder or admin of any team.
UserPicker component now uses /api/org/users/lookup instead
of /api/org/users.
Fixes#17318
* Do not set SameSite login_error cookie attribute if cookie_samesite is none
* Do not set SameSite grafana_session cookie attribute if cookie_samesite is none
* Update middleware tests
* Fix CreateTeam api endpoint
No team member should be created for requests
authenticated by API tokens.
* Update middleware test
Assert that `isAnonymous` is set for `SignedInUser`
authenticated via API key.
* Add test for team creation
Assert that no team member is created if the signed in user
is anomymous.
* Revert "Fix CreateTeam api endpoint"
This reverts commit 9fcc4e67f5.
* Revert "Update middleware test"
This reverts commit 75f767e58d.
* Fix CreateTeam api endpoint
No team member should be created for requests
authenticated by API tokens.
* Update team test
* Change error to warning and update tests
The `oauth_state` cookie used to be created with the SameSite value set
according to the `cookie_samesite` configuration.
However, due to a Safari bug SameSite=None or SameSite=invalid are treated
as Strict which results in "missing saved state" OAuth login failures
because the cookie is not sent with the redirect requests to the OAuth
provider.
This commit always creates the `oauth_state` cookie with SameSite=Lax
to compensate for this.
Allow non admins to see plugins list but only with readme. Any config tabs are hidden from the plugin page. Also plugin panel does not show action buttons (like Enable) for non admins.
* Metrics: remove unused metrics
Metric `M_Grafana_Version` is not used anywhere, nor the mentioned
`M_Grafana_Build_Version`. Seems to be an artefact?
* Metrics: make the naming consistent
* Metrics: add comments to exported vars
* Metrics: use proper naming
Fixes#18110
* API: Duplicate API Key Name Handle With Useful HTTP Code
* 17447: make changes requested during review
- use dialect.IsUniqueContraintViolation
- change if statement to match others
- return error properly
* Revert "17447: make changes requested during review"
This reverts commit a4a674ea83.
* API: useful http code on duplicate api key error w/ tests
* API: API Key Duplicate Handling
fixed small typo associated with error
* Minor fix for nil pointer when trying to log error
* Do not return error if a dashboard is created
Only log the failures
* Do not return error if the folder is created
Only log the failures
* Users: show badges for each auth provider
* Chore: don't use functions in angular bindings
* Users: minor style changes to labels
* Chore: convert auth labels on the backed side, deduplicate frontend code
* Users: use authLabels everywhere instead of authModule
* User: fix edit user page style
* Users: minor fixes after review
* Add tests for login view
* Fix OAuth auto login redirect loop
login_error cookie is only set when the OAuth login fails
for some reason. Therefore, the login view should return
immediately if a login_error cookie exists before trying
to login the user using OAuth again.
* Fix test
Use 'index-template' instead of 'index' for testing
* Add some comments
* Teams: show proper label for each auth provider
Teams: don't sore AuthModule in team_member table, use JOIN to get it instead
* Teams: fix AddTeamMember after last changes
* Teams: add more auth provider labels
* Teams: show external sync badge if LDAP is not enabled
* Teams: tests for getting auth module
* Build: use golangci-lint as a make command
* Since gometalinter was deprecated in favor of golangci-lint so it was
replaced by it. Responsibilities held by the gometalinter was moved to
golangci-lint
* There was some changes in implementation (that was also mentioned in
the code comment) between the tools, which uncovered couple errors
in the code. Those issues were either solved or disabled by
the inline comments
* Introduce the golangci-lint config, to make their
configuration more manageable
* Build: replace backend-lint.sh script with make
* OAuth: github team sync POC
* OAuth: minor refactor of github module
* OAuth: able to use team shorthands for github team sync
* support passing a list of groups via auth-proxy header
* Modify backend to allow expiration of API Keys
* Add middleware test for expired api keys
* Modify frontend to enable expiration of API Keys
* Fix frontend tests
* Fix migration and add index for `expires` field
* Add api key tests for database access
* Substitude time.Now() by a mock for test usage
* Front-end modifications
* Change input label to `Time to live`
* Change input behavior to comply with the other similar
* Add tooltip
* Modify AddApiKey api call response
Expiration should be *time.Time instead of string
* Present expiration date in the selected timezone
* Use kbn for transforming intervals to seconds
* Use `assert` library for tests
* Frontend fixes
Add checks for empty/undefined/null values
* Change expires column from datetime to integer
* Restrict api key duration input
It should be interval not number
* AddApiKey must complain if SecondsToLive is negative
* Declare ErrInvalidApiKeyExpiration
* Move configuration to auth section
* Update docs
* Eliminate alias for models in modified files
* Omit expiration from api response if empty
* Eliminate Goconvey from test file
* Fix test
Do not sleep, use mocked timeNow() instead
* Remove index for expires from api_key table
The index should be anyway on both org_id and expires fields.
However this commit eliminates completely the index for now
since not many rows are expected to be in this table.
* Use getTimeZone function
* Minor change in api key listing
The frontend should display a message instead of empty string
if the key does not expire.
* batch disable users
* batch revoke users tokens
* split batch disable user and revoke token
* API: get users with auth info and isExternal flag
* fix tests for batch disable users
* Users: refactor /api/users/search endpoint
* Users: use alias for "user" table
* Chore: add BatchDisableUsers() to the bus
* Users: order user list by id explicitly
* Users: return AuthModule from /api/users/:id endpoint
* Users: do not return unused fields
* Users: fix SearchUsers method after last changes
* User: return auth module as array for future purposes
* User: tests for SearchUsers()
* User: return only latest auth module in SearchUsers()
* User: fix JOIN, get only most recent auth module
* tsdb: add support for setting debug flag of tsdb query
* alerting: adds debug flag in eval context
Debug flag is set when testing an alert rule and this debug
flag is used to return more debug information in test aler rule
response. This debug flag is also provided to tsdb queries so
datasources can optionally add support for returning additional
debug data
* alerting: improve test alert rule ui
Adds buttons for expand/collapse json and copy json to clipboard,
very similar to how the query inspector works.
* elasticsearch: implement support for tsdb query debug flag
* elasticsearch: embedding client response in struct
* alerting: return proper query model when testing rule
* LDAP: use only one struct
* Use only models.ExternalUserInfo
* Add additional helper method :/
* Move all the helpers to one module
* LDAP: refactoring
* Rename some of the public methods and change their behaviour
* Remove outdated methods
* Simplify logic
* More tests
There is no and never were tests for settings.go, added tests for helper
methods (cover is now about 100% for them). Added tests for the main
LDAP logic, but there is some stuff to add. Dial() is not tested and not
decoupled. It might be a challenge to do it properly
* Restructure tests:
* they wouldn't depend on external modules
* more consistent naming
* logical division
* More guards for erroneous paths
* Login: make login service an explicit dependency
* LDAP: remove no longer needed test helper fns
* LDAP: remove useless import
* LDAP: Use new interface in multildap module
* LDAP: corrections for the groups of multiple users
* In case there is several users their groups weren't detected correctly
* Simplify helpers module
* Feature: Parse user agent string in user auth token api response (#16222)
* Adding UA Parser Go modules attempt (#16222)
* Bring user agent vals up per req
* fix tests
* doc update
* update to flatten, no maps
* update doc
gotjosh
Marcus Efraimsson
Sofia Papagiannaki
Alexander Zobnin
Peter Holmberg
Dominik Prokop
548017
Ryan McKinley
kay delaney
Torkel Ödegaard
Andrej Ocenas
Oleg Gaidarenko
Anthony Templeton
Leonard Gram
Carl Bergquist
Maxim Ivanov
Mario Trangoni
Shavonn Brown