Azure: Fix for username assertion (#87853)
Fix for username assertion
- Allow setting username assertion in INI
- Correctly set the azsettings value
- Update tests
(cherry picked from commit edae5fc791)
Co-authored-by: Andreas Christou <andreas.christou@grafana.com>
JWT: Find login and email claims with JMESPATH (#85305)
* add function to static function to static service
* find email and login claims with jmespath
* rename configuration files
* Replace JWTClaims struct for map
* check for subclaims error
(cherry picked from commit e4250a72db)
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
samlsettings: api integration (#84300)
* add strategy and tests
* use settings provider service and remove multiple providers strategy
* Move SAML strategy to ssosettings service
* Update codeowners file
* reload from settings provider
* add saml as configurable provider
* Add new SAML strategy
* rename old saml settings interface
* update saml string references
* use OSS license
* validate saml provider depends on license for List
* add tests for list rendering including saml
* change the licensing validation to service init
* replace service struct for provider
(cherry picked from commit fc205db466)
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
* server: reload of grafana server certs when renewed without restart.
Signed-off-by: Rao, B V Chalapathi <b_v_chalapathi.rao@nokia.com>
* server: reload of grafana server certs when renewed without restart.
Signed-off-by: Rao, B V Chalapathi <b_v_chalapathi.rao@nokia.com>
* Update http_server.go
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update http_server.go
Address the comments
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Dan Cech <dan@aussiedan.com>
* Update http_server.go
Align the spaces
* Update http_server.go
* Update http_server.go
* Update pkg/api/http_server.go
Co-authored-by: Dan Cech <dan@aussiedan.com>
---------
Signed-off-by: Rao, B V Chalapathi <b_v_chalapathi.rao@nokia.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Dan Cech <dan@aussiedan.com>
* poc
* add logger, skip hook when user is not assigned to default org
* Add tests, move to hook folder
* docs
* Skip for OrgId < 1
* Address feedback
* Update docs/sources/setup-grafana/configure-grafana/_index.md
* lint
* Move the hook to org_sync.go
* Update pkg/services/authn/authnimpl/sync/org_sync.go
* Handle the case when GetUserOrgList returns error
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* hard disable for legacy alerting
* remove alerting section from configuration file
* update documentation to not refer to deleted section
* remove AlertingEnabled from usage in UA setting parsing
* add a middleware that appens headers for IP range AC to data source proxy requests
* update code
* add tests
* fix a mistake
* add logging
* refactor to reuse code
* small cleanup
* skip the plugins middleware if the header is already set
* skip the plugins middleware if the header is already set
* Introduce environment.local_filesystem_available
* Only show TLS client cert, client key, client ca when local_filesystem_available is true
* Rename LocalFSAvailable to LocalFileSystemAvailable
* introduce new config section [unified_alerting.state_history.annotations] and deprecate settings in [alerting]
Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com>
* add password service interface
* add password service implementation
* add tests for password service
* add password service wiring
* add feature toggle
* Rework from service interface to static function
* Replace previous password validations
* Add codeowners to password service
* add error logs
* update config files
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Add config for limit of rules per rule group
* Warn when editing big groups through normal API
* Warn on prov api writes for groups
* Wire up comp root, tests
* Also add warning to state manager warm
* Drop unnecessary conversion
* merge JSON search logic
* document public methods
* improve test coverage
* use separate JWT setting struct
* correct use of cfg.JWTAuth
* add group tests
* fix DynMap typing
* add settings to default ini
* add groups option to devenv path
* fix test
* lint
* revert jwt-proxy change
* remove redundant check
* fix parallel test
* add feature toggle
* add a middleware that appens headers for IP range AC
* sort imports
* sign IP range header and only append it if the request is going to allow listed data sources
* sign a random generated string instead of IP, also change the name of the middleware to make it more generic
* remove the DS IP range AC options from the config file; remove unwanted change
* add test
* sanitize the URLs when comparing
* cleanup and fixes
* check if X-Real-Ip is present, and set the internal request header if it is not present
* use split string function from the util package
This PR has two steps that together create a functional dry-run capability for the migration.
By enabling the feature flag alertingPreviewUpgrade when on legacy alerting it will:
a. Allow all Grafana Alerting background services except for the scheduler to start (multiorg alertmanager, state manager, routes, …).
b. Allow the UI to show Grafana Alerting pages alongside legacy ones (with appropriate in-app warnings that UA is not actually running).
c. Show a new “Alerting Upgrade” page and register associated /api/v1/upgrade endpoints that will allow the user to upgrade their organization live without restart and present a summary of the upgrade in a table.
* (WIP) Alerting: Use the forked Alertmanager for remote secondary mode
* fall back to using internal AM in case of error
* remove TODOs, clean up .ini file, add orgId as part of remote AM config struct
* log warnings and errors, fall back to remoteSecondary, fall back to internal AM only
* extract logic to decide remote Alertmanager mode to a separate function, switch on mode
* tests
* make linter happy
* remove func to decide remote Alertmanager mode
* refactor factory function and options
* add default case to switch statement
* remove ineffectual assignment
