Compare commits
1 Commits
release-11
...
v11.2.1
| Author | SHA1 | Date | |
|---|---|---|---|
|
086b47f098 |
444
.drone.yml
444
.drone.yml
File diff suppressed because it is too large
Load Diff
@@ -1,21 +1,38 @@
|
||||
name: publish-technical-documentation-next
|
||||
name: "publish-technical-documentation-next"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
- "main"
|
||||
paths:
|
||||
- "docs/sources/**"
|
||||
workflow_dispatch:
|
||||
jobs:
|
||||
sync:
|
||||
if: github.repository == 'grafana/grafana'
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: "ubuntu-latest"
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: grafana/writers-toolkit/publish-technical-documentation@publish-technical-documentation/v1
|
||||
- name: "Checkout Grafana repo"
|
||||
uses: "actions/checkout@v4"
|
||||
|
||||
- name: "Clone website-sync Action"
|
||||
# WEBSITE_SYNC_TOKEN is a fine-grained GitHub Personal Access Token that expires.
|
||||
# It must be regenerated in the grafanabot GitHub account and requires a Grafana organization
|
||||
# GitHub administrator to update the organization secret.
|
||||
# The IT helpdesk can update the organization secret.
|
||||
run: "git clone --single-branch --no-tags --depth 1 -b master https://grafanabot:${{ secrets.WEBSITE_SYNC_TOKEN }}@github.com/grafana/website-sync ./.github/actions/website-sync"
|
||||
|
||||
- name: "Publish to website repository (next)"
|
||||
uses: "./.github/actions/website-sync"
|
||||
id: "publish-next"
|
||||
with:
|
||||
website_directory: content/docs/grafana/next
|
||||
repository: "grafana/website"
|
||||
branch: "master"
|
||||
host: "github.com"
|
||||
# PUBLISH_TO_WEBSITE_TOKEN is a fine-grained GitHub Personal Access Token that expires.
|
||||
# It must be regenerated in the grafanabot GitHub account and requires a Grafana organization
|
||||
# GitHub administrator to update the organization secret.
|
||||
# The IT helpdesk can update the organization secret.
|
||||
github_pat: "grafanabot:${{ secrets.PUBLISH_TO_WEBSITE_TOKEN }}"
|
||||
source_folder: "docs/sources"
|
||||
target_folder: "content/docs/grafana/next"
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
name: publish-technical-documentation-release
|
||||
name: "publish-technical-documentation-release"
|
||||
|
||||
on:
|
||||
push:
|
||||
@@ -12,18 +12,63 @@ on:
|
||||
jobs:
|
||||
sync:
|
||||
if: github.repository == 'grafana/grafana'
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: "ubuntu-latest"
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: "Checkout Grafana repo"
|
||||
uses: "actions/checkout@v4"
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- uses: grafana/writers-toolkit/publish-technical-documentation-release@publish-technical-documentation-release/v1
|
||||
|
||||
- name: "Checkout Actions library"
|
||||
uses: "actions/checkout@v4"
|
||||
with:
|
||||
repository: "grafana/grafana-github-actions"
|
||||
path: "./actions"
|
||||
|
||||
- name: "Install Actions from library"
|
||||
run: "npm install --production --prefix ./actions"
|
||||
|
||||
- name: "Determine if there is a matching release tag"
|
||||
id: "has-matching-release-tag"
|
||||
uses: "./actions/has-matching-release-tag"
|
||||
with:
|
||||
ref_name: "${{ github.ref_name }}"
|
||||
release_tag_regexp: "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$"
|
||||
release_branch_regexp: "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.x$"
|
||||
release_branch_with_patch_regexp: "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$"
|
||||
website_directory: content/docs/grafana
|
||||
version_suffix: ""
|
||||
|
||||
- name: "Determine technical documentation version"
|
||||
if: "steps.has-matching-release-tag.outputs.bool == 'true'"
|
||||
uses: "./actions/docs-target"
|
||||
id: "target"
|
||||
with:
|
||||
ref_name: "${{ github.ref_name }}"
|
||||
|
||||
- name: "Clone website-sync Action"
|
||||
if: "steps.has-matching-release-tag.outputs.bool == 'true'"
|
||||
# WEBSITE_SYNC_TOKEN is a fine-grained GitHub Personal Access Token that expires.
|
||||
# It must be regenerated in the grafanabot GitHub account and requires a Grafana organization
|
||||
# GitHub administrator to update the organization secret.
|
||||
# The IT helpdesk can update the organization secret.
|
||||
run: "git clone --single-branch --no-tags --depth 1 -b master https://grafanabot:${{ secrets.WEBSITE_SYNC_TOKEN }}@github.com/grafana/website-sync ./.github/actions/website-sync"
|
||||
|
||||
- name: "Switch to HEAD of version branch for tags"
|
||||
# Tags aren't necessarily made to the HEAD of the version branch.
|
||||
# The documentation to be published is always on the HEAD of the version branch.
|
||||
if: "steps.has-matching-release-tag.outputs.bool == 'true' && github.ref_type == 'tag'"
|
||||
run: "git switch --detach origin/${{ steps.target.outputs.target }}.x"
|
||||
|
||||
- name: "Publish to website repository (release)"
|
||||
if: "steps.has-matching-release-tag.outputs.bool == 'true'"
|
||||
uses: "./.github/actions/website-sync"
|
||||
id: "publish-release"
|
||||
with:
|
||||
repository: "grafana/website"
|
||||
branch: "master"
|
||||
host: "github.com"
|
||||
# PUBLISH_TO_WEBSITE_TOKEN is a fine-grained GitHub Personal Access Token that expires.
|
||||
# It must be regenerated in the grafanabot GitHub account and requires a Grafana organization
|
||||
# GitHub administrator to update the organization secret.
|
||||
# The IT helpdesk can update the organization secret.
|
||||
github_pat: "grafanabot:${{ secrets.PUBLISH_TO_WEBSITE_TOKEN }}"
|
||||
source_folder: "docs/sources"
|
||||
target_folder: "content/docs/grafana/${{ steps.target.outputs.target }}"
|
||||
|
||||
29
CHANGELOG.md
29
CHANGELOG.md
@@ -1,32 +1,3 @@
|
||||
<!-- 11.2.1 START -->
|
||||
|
||||
# 11.2.1 (2024-09-26)
|
||||
|
||||
### Features and enhancements
|
||||
|
||||
- **Alerting:** Support for optimistic concurrency in priovisioning Tempate API [#92251](https://github.com/grafana/grafana/pull/92251), [@yuri-tceretian](https://github.com/yuri-tceretian)
|
||||
- **Logs panel:** Enable displayedFields in dashboards and apps [#92675](https://github.com/grafana/grafana/pull/92675), [@matyax](https://github.com/matyax)
|
||||
- **State timeline:** Add pagination support [#92257](https://github.com/grafana/grafana/pull/92257), [@kevinputera](https://github.com/kevinputera)
|
||||
|
||||
### Bug fixes
|
||||
|
||||
- **Authn:** No longer hash service account token twice during authentication [#92639](https://github.com/grafana/grafana/pull/92639), [@kalleep](https://github.com/kalleep)
|
||||
- **CloudMigrations:** Fix snapshot creation on Windows systems [#92981](https://github.com/grafana/grafana/pull/92981), [@macabu](https://github.com/macabu)
|
||||
- **DashGPT:** Fixes issue with generation on Safari [#92952](https://github.com/grafana/grafana/pull/92952), [@kaydelaney](https://github.com/kaydelaney)
|
||||
- **Dashboard:** Fix Annotation runtime error when a data source does not support annotations [#92830](https://github.com/grafana/grafana/pull/92830), [@axelavargas](https://github.com/axelavargas)
|
||||
- **Grafana SQL:** Fix broken import in NumberInput component [#92808](https://github.com/grafana/grafana/pull/92808), [@chessman](https://github.com/chessman)
|
||||
- **Logs:** Show older logs button when infinite scroll is enabled and sort order is descending [#92867](https://github.com/grafana/grafana/pull/92867), [@matyax](https://github.com/matyax)
|
||||
- **RBAC:** Fix an issue with server admins not being able to manage users in orgs that they don't belong to [#92274](https://github.com/grafana/grafana/pull/92274), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
|
||||
- **RBAC:** Fix an issue with server admins not being able to manage users in orgs that they don't belong to (Enterprise)
|
||||
- **Reporting:** Disable dashboardSceneSolo when rendering PDFs the old way (Enterprise)
|
||||
- **Templating:** Fix searching non-latin template variables [#92893](https://github.com/grafana/grafana/pull/92893), [@leeoniya](https://github.com/leeoniya)
|
||||
- **TutorialCard:** Fix link to tutorial not opening [#92647](https://github.com/grafana/grafana/pull/92647), [@eledobleefe](https://github.com/eledobleefe)
|
||||
|
||||
### Plugin development fixes & changes
|
||||
|
||||
- **AutoSizeInput:** Allow to be controlled by value [#92999](https://github.com/grafana/grafana/pull/92999), [@ivanortegaalba](https://github.com/ivanortegaalba)
|
||||
|
||||
<!-- 11.2.1 END -->
|
||||
<!-- 11.2.0 START -->
|
||||
|
||||
# 11.2.0 (2024-08-27)
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
ARG BASE_IMAGE=alpine:3.19.1
|
||||
ARG JS_IMAGE=node:20-alpine
|
||||
ARG JS_PLATFORM=linux/amd64
|
||||
ARG GO_IMAGE=golang:1.22.7-alpine
|
||||
ARG GO_IMAGE=golang:1.22.4-alpine
|
||||
|
||||
ARG GO_SRC=go-builder
|
||||
ARG JS_SRC=js-builder
|
||||
|
||||
2
Makefile
2
Makefile
@@ -8,7 +8,7 @@ WIRE_TAGS = "oss"
|
||||
include .bingo/Variables.mk
|
||||
|
||||
GO = go
|
||||
GO_VERSION = 1.22.7
|
||||
GO_VERSION = 1.22.4
|
||||
GO_LINT_FILES ?= $(shell ./scripts/go-workspace/golangci-lint-includes.sh)
|
||||
GO_TEST_FILES ?= $(shell ./scripts/go-workspace/test-includes.sh)
|
||||
SH_FILES ?= $(shell find ./scripts -name *.sh)
|
||||
|
||||
@@ -13,97 +13,12 @@ labels:
|
||||
menuTitle: Role-based access control (RBAC)
|
||||
title: Grafana Role-based access control (RBAC)
|
||||
weight: 120
|
||||
refs:
|
||||
api-rbac:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/developers/http_api/access_control/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/developer-resources/api-reference/http-api/access_control/
|
||||
rbac-role-definitions:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/rbac-fixed-basic-role-definitions/
|
||||
rbac-role-definitions-basic-role-assignments:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/#basic-role-assignments
|
||||
- pattern: /docs/grafana-cloud/
|
||||
rbac-manage-rbac-roles:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/manage-rbac-roles/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/manage-rbac-roles/
|
||||
rbac-assign-rbac-roles:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/assign-rbac-roles/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/assign-rbac-roles/
|
||||
rbac-basic-role-uid-mapping:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/manage-rbac-roles/#list-permissions-associated-with-roles
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/manage-rbac-roles/#list-permissions-associated-with-roles
|
||||
service-accounts:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/service-accounts/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/service-accounts/
|
||||
alerting:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/alerting/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/alerting-and-irm/alerting/
|
||||
data-sources:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/datasources/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/connect-externally-hosted/data-sources/
|
||||
roles-and-permissions:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/cloud-roles/
|
||||
dashboards:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/dashboards/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/visualizations/dashboards/
|
||||
dashboards-annotate-visualizations:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/dashboards/build-dashboards/annotate-visualizations/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/visualizations/dashboards/build-dashboards/annotate-visualizations/
|
||||
dashboards-create-reports:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/dashboards/create-reports/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/visualizations/dashboards/create-reports/
|
||||
dashboards-manage-library-panels:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/dashboards/build-dashboards/manage-library-panels/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/visualizations/dashboards/build-dashboards/manage-library-panels/
|
||||
dashboards-create-a-dashboard-folder:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/dashboards/manage-dashboards/#create-a-dashboard-folder
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/visualizations/dashboards/manage-dashboards/#create-a-dashboard-folder
|
||||
folder-permissions:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/dashboards/manage-dashboards/#folder-permissions
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/visualizations/dashboards/manage-dashboards/#folder-permissions
|
||||
migrate-api-keys:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/service-accounts/migrate-api-keys/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/service-accounts/migrate-api-keys/
|
||||
---
|
||||
|
||||
# Role-based access control (RBAC)
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
Available in [Grafana Enterprise](/docs/grafana/<GRAFANA_VERSION>/introduction/grafana-enterprise/) and [Grafana Cloud](/docs/grafana-cloud).
|
||||
Available in [Grafana Enterprise]({{< relref "../../../introduction/grafana-enterprise/" >}}) and [Grafana Cloud](/docs/grafana-cloud).
|
||||
{{% /admonition %}}
|
||||
|
||||
RBAC provides a standardized way of granting, changing, and revoking access when it comes to viewing and modifying Grafana resources, such as dashboards, reports, and administrative settings.
|
||||
@@ -128,7 +43,7 @@ RBAC roles contain multiple permissions, each of which has an action and a scope
|
||||
- **Action:** `datasources:read`
|
||||
- **Scope:** `datasources:*`
|
||||
|
||||
For information on the RBAC API refer to [RBAC API](ref:api-rbac).
|
||||
For information on the RBAC API refer to [RBAC API](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/developers/http_api/access_control/#rbac-api).
|
||||
|
||||
### Basic roles
|
||||
|
||||
@@ -162,8 +77,8 @@ You can use RBAC to modify the permissions associated with any basic role, which
|
||||
Note that any modification to any of these basic role is not propagated to the other basic roles.
|
||||
For example, if you modify Viewer basic role and grant additional permission, Editors or Admins won't have that additional grant.
|
||||
|
||||
For more information about the permissions associated with each basic role, refer to [Basic role definitions](ref:rbac-role-definitions-basic-role-assignments).
|
||||
To interact with the API and view or modify basic roles permissions, refer to [the table](ref:rbac-basic-role-uid-mapping) that maps basic role names to the associated UID.
|
||||
For more information about the permissions associated with each basic role, refer to [Basic role definitions]({{< relref "./rbac-fixed-basic-role-definitions/#basic-role-assignments" >}}).
|
||||
To interact with the API and view or modify basic roles permissions, refer to [the table]({{< relref "./manage-rbac-roles/#basic-role-uid-mapping" >}}) that maps basic role names to the associated UID.
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
You cannot use a service account to modify basic roles via the RBAC API. To update basic roles, you must be a Grafana administrator and use basic authentication with the request.
|
||||
@@ -171,31 +86,31 @@ You cannot use a service account to modify basic roles via the RBAC API. To upda
|
||||
|
||||
### Fixed roles
|
||||
|
||||
Grafana Enterprise includes the ability for you to assign discrete fixed roles to users, teams, and service accounts. This gives you fine-grained control over user permissions than you would have with basic roles alone. These roles are called "fixed" because you cannot change or delete fixed roles. You can also create _custom_ roles of your own; see more information in the [custom roles section](#custom-roles) below.
|
||||
Grafana Enterprise includes the ability for you to assign discrete fixed roles to users, teams, and service accounts. This gives you fine-grained control over user permissions than you would have with basic roles alone. These roles are called "fixed" because you cannot change or delete fixed roles. You can also create _custom_ roles of your own; see more information in the [custom roles section]({{< relref "#custom-roles" >}}) below.
|
||||
|
||||
Assign fixed roles when the basic roles do not meet your permission requirements. For example, you might want a user with the basic viewer role to also edit dashboards. Or, you might want anyone with the editor role to also add and manage users. Fixed roles provide users more granular access to create, view, and update the following Grafana resources:
|
||||
|
||||
- [Alerting](ref:alerting)
|
||||
- [Annotations](ref:dashboards-annotate-visualizations)
|
||||
- [API keys](ref:migrate-api-keys)
|
||||
- [Dashboards and folders](ref:dashboards)
|
||||
- [Data sources](ref:data-sources)
|
||||
- [Explore](/docs/grafana/<GRAFANA_VERSION>/explore/)
|
||||
- [Feature Toggles](/docs/grafana/<GRAFANA_VERSION>/administration/feature-toggles/)
|
||||
- [Folders](ref:dashboards-create-a-dashboard-folder)
|
||||
- [LDAP](/docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-security/configure-authentication/ldap/)
|
||||
- [Library panels](ref:dashboards-manage-library-panels)
|
||||
- [Licenses](/docs/grafana/<GRAFANA_VERSION>/administration/stats-and-license/)
|
||||
- [Organizations](/docs/grafana/<GRAFANA_VERSION>/administration/organization-management/)
|
||||
- [Provisioning](/docs/grafana/<GRAFANA_VERSION>/administration/provisioning/)
|
||||
- [Reports](ref:dashboards-create-reports)
|
||||
- [Roles](ref:roles-and-permissions)
|
||||
- [Settings](/docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-grafana/settings-updates-at-runtime/)
|
||||
- [Service accounts](ref:service-accounts)
|
||||
- [Teams](/docs/grafana/<GRAFANA_VERSION>/administration/team-management/)
|
||||
- [Users](/docs/grafana/<GRAFANA_VERSION>/administration/user-management/)
|
||||
- [Alerting]({{< relref "../../../alerting/" >}})
|
||||
- [Annotations]({{< relref "../../../dashboards/build-dashboards/annotate-visualizations" >}})
|
||||
- [API keys](/docs/grafana/<GRAFANA_VERSION>/administration/service-accounts/migrate-api-keys/)
|
||||
- [Dashboards and folders]({{< relref "../../../dashboards/" >}})
|
||||
- [Data sources]({{< relref "../../../datasources/" >}})
|
||||
- [Explore]({{< relref "../../../explore/" >}})
|
||||
- [Feature Toggles]({{< relref "../../feature-toggles/" >}})
|
||||
- [Folders]({{< relref "../../../dashboards/manage-dashboards/#create-a-dashboard-folder" >}})
|
||||
- [LDAP]({{< relref "../../../setup-grafana/configure-security/configure-authentication/ldap/" >}})
|
||||
- [Library panels]({{< relref "../../../dashboards/build-dashboards/manage-library-panels" >}})
|
||||
- [Licenses]({{< relref "../../stats-and-license/" >}})
|
||||
- [Organizations]({{< relref "../../organization-management/" >}})
|
||||
- [Provisioning]({{< relref "../../provisioning/" >}})
|
||||
- [Reports]({{< relref "../../../dashboards/create-reports/" >}})
|
||||
- [Roles]({{< relref "../../" >}})
|
||||
- [Settings]({{< relref "../../../setup-grafana/configure-grafana/settings-updates-at-runtime" >}})
|
||||
- [Service accounts]({{< relref "../../service-accounts/" >}})
|
||||
- [Teams]({{< relref "../../team-management/" >}})
|
||||
- [Users]({{< relref "../../user-management/" >}})
|
||||
|
||||
To learn more about the permissions you can grant for each resource, refer to [RBAC role definitions](ref:rbac-role-definitions).
|
||||
To learn more about the permissions you can grant for each resource, refer to [RBAC role definitions]({{< relref "./rbac-fixed-basic-role-definitions/" >}}).
|
||||
|
||||
### Custom roles
|
||||
|
||||
@@ -211,11 +126,11 @@ Consider creating a custom role when fixed roles do not meet your permissions re
|
||||
|
||||
You can use either of the following methods to create, assign, and manage custom roles:
|
||||
|
||||
- Grafana provisioning: You can use a YAML file to configure roles. For more information about using provisioning to create custom roles, refer to [Manage RBAC roles](ref:rbac-manage-rbac-roles). For more information about using provisioning to assign RBAC roles to users or teams, refer to [Assign RBAC roles](ref:rbac-assign-rbac-roles).
|
||||
- RBAC API: As an alternative, you can use the Grafana HTTP API to create and manage roles. For more information about the HTTP API, refer to [RBAC API](ref:api-rbac).
|
||||
- Grafana provisioning: You can use a YAML file to configure roles. For more information about using provisioning to create custom roles, refer to [Manage RBAC roles]({{< relref "./manage-rbac-roles/" >}}). For more information about using provisioning to assign RBAC roles to users or teams, refer to [Assign RBAC roles]({{< relref "./assign-rbac-roles/" >}}).
|
||||
- RBAC API: As an alternative, you can use the Grafana HTTP API to create and manage roles. For more information about the HTTP API, refer to [RBAC API]({{< relref "../../../developers/http_api/access_control/" >}}).
|
||||
|
||||
### Limitation
|
||||
|
||||
If you have created a folder with the name `General` or `general`, you cannot manage its permissions with RBAC.
|
||||
|
||||
If you set [folder permissions](ref:folder-permissions) for a folder named `General` or `general`, the system disregards the folder when RBAC is enabled.
|
||||
If you set [folder permissions]({{< relref "../../user-management/manage-dashboard-permissions/#grant-dashboard-folder-permissions" >}}) for a folder named `General` or `general`, the system disregards the folder when RBAC is enabled.
|
||||
|
||||
@@ -11,38 +11,12 @@ labels:
|
||||
menuTitle: Assign RBAC roles
|
||||
title: Assign Grafana RBAC roles
|
||||
weight: 40
|
||||
refs:
|
||||
custom-role-actions-scopes:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/custom-role-actions-scopes/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/custom-role-actions-scopes/
|
||||
rbac-grafana-provisioning:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/rbac-grafana-provisioning/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/rbac-grafana-provisioning/
|
||||
manage-rbac-roles-create-custom-roles-using-provisioning:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/manage-rbac-roles/#create-custom-roles-using-provisioning
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/manage-rbac-roles/#create-custom-roles-using-provisioning
|
||||
plan-rbac-rollout-strategy:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/plan-rbac-rollout-strategy/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/plan-rbac-rollout-strategy/
|
||||
rbac-role-definitions:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/rbac-fixed-basic-role-definitions/
|
||||
---
|
||||
|
||||
# Assign RBAC roles
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
Available in [Grafana Enterprise](/docs/grafana/<GRAFANA_VERSION>/introduction/grafana-enterprise/) and [Grafana Cloud](/docs/grafana-cloud).
|
||||
Available in [Grafana Enterprise]({{< relref "../../../../introduction/grafana-enterprise/" >}}) and [Grafana Cloud](/docs/grafana-cloud).
|
||||
{{% /admonition %}}
|
||||
|
||||
In this topic you'll learn how to use the role picker, provisioning, and the HTTP API to assign fixed and custom roles to users and teams.
|
||||
@@ -60,10 +34,10 @@ In both cases, the assignment applies only to the user, team or service account
|
||||
|
||||
**Before you begin:**
|
||||
|
||||
- [Plan your RBAC rollout strategy](ref:plan-rbac-rollout-strategy).
|
||||
- [Plan your RBAC rollout strategy]({{< relref "./plan-rbac-rollout-strategy/" >}}).
|
||||
- Identify the fixed roles that you want to assign to the user, team or service account.
|
||||
|
||||
For more information about available fixed roles, refer to [RBAC role definitions](ref:rbac-role-definitions).
|
||||
For more information about available fixed roles, refer to [RBAC role definitions]({{< relref "./rbac-fixed-basic-role-definitions/" >}}).
|
||||
|
||||
- Ensure that your own user account has the correct permissions:
|
||||
- If you are assigning permissions to a user, team or service account within an organization, you must have organization administrator or server administrator permissions.
|
||||
@@ -78,7 +52,7 @@ In both cases, the assignment applies only to the user, team or service account
|
||||
1. Sign in to Grafana.
|
||||
2. Switch to the organization that contains the user, team or service account.
|
||||
|
||||
For more information about switching organizations, refer to [Switch organizations](/docs/grafana/<GRAFANA_VERSION>/administration/user-management/user-preferences/#switch-organizations).
|
||||
For more information about switching organizations, refer to [Switch organizations]({{< relref "../../../user-management/user-preferences/_index.md#switch-organizations" >}}).
|
||||
|
||||
3. In the left-side menu, click **Administration**, **Users and access**, and then **Users**, **Teams**, or **Service accounts**.
|
||||
4. In the **Role** column, select the fixed role that you want to assign to the user, team, or service account.
|
||||
@@ -99,8 +73,8 @@ Instead of using the Grafana role picker, you can use file-based provisioning to
|
||||
|
||||
**Before you begin:**
|
||||
|
||||
- Refer to [Role provisioning](ref:rbac-grafana-provisioning)
|
||||
- Ensure that the team to which you are adding the fixed role exists. For more information about creating teams, refer to [Manage teams](/docs/grafana/<GRAFANA_VERSION>/administration/team-management/)
|
||||
- Refer to [Role provisioning]({{< relref "./rbac-grafana-provisioning/" >}})
|
||||
- Ensure that the team to which you are adding the fixed role exists. For more information about creating teams, refer to [Manage teams]({{< relref "../../../team-management/" >}})
|
||||
|
||||
**To assign a role to a team:**
|
||||
|
||||
@@ -108,25 +82,25 @@ Instead of using the Grafana role picker, you can use file-based provisioning to
|
||||
|
||||
1. Refer to the following table to add attributes and values.
|
||||
|
||||
| Attribute | Description |
|
||||
| ------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `roles` | Enter the custom role or custom roles you want to create/update. |
|
||||
| `roles > name` | Enter the name of the custom role. |
|
||||
| `roles > version` | Enter the custom role version number. Role assignments are independent of the role version number. |
|
||||
| `roles > global` | Enter `true`. You can specify the `orgId` otherwise. |
|
||||
| `roles > permissions` | Enter the permissions `action` and `scope` values. For more information about permissions actions and scopes, refer to [RBAC permissions, actions, and scopes](ref:custom-role-actions-scopes) |
|
||||
| `teams` | Enter the team or teams to which you are adding the custom role. |
|
||||
| `teams > orgId` | Because teams belong to organizations, you must add the `orgId` value. |
|
||||
| `teams > name` | Enter the name of the team. |
|
||||
| `teams > roles` | Enter the custom or fixed role or roles that you want to grant to the team. |
|
||||
| `teams > roles > name` | Enter the name of the role. |
|
||||
| `teams > roles > global` | Enter `true`, or specify `orgId` of the role you want to assign to the team. Fixed roles are global. |
|
||||
| Attribute | Description |
|
||||
| ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `roles` | Enter the custom role or custom roles you want to create/update. |
|
||||
| `roles > name` | Enter the name of the custom role. |
|
||||
| `roles > version` | Enter the custom role version number. Role assignments are independent of the role version number. |
|
||||
| `roles > global` | Enter `true`. You can specify the `orgId` otherwise. |
|
||||
| `roles > permissions` | Enter the permissions `action` and `scope` values. For more information about permissions actions and scopes, refer to [RBAC permissions, actions, and scopes]({{< relref "./custom-role-actions-scopes/" >}}) |
|
||||
| `teams` | Enter the team or teams to which you are adding the custom role. |
|
||||
| `teams > orgId` | Because teams belong to organizations, you must add the `orgId` value. |
|
||||
| `teams > name` | Enter the name of the team. |
|
||||
| `teams > roles` | Enter the custom or fixed role or roles that you want to grant to the team. |
|
||||
| `teams > roles > name` | Enter the name of the role. |
|
||||
| `teams > roles > global` | Enter `true`, or specify `orgId` of the role you want to assign to the team. Fixed roles are global. |
|
||||
|
||||
For more information about managing custom roles, refer to [Create custom roles using provisioning](ref:manage-rbac-roles-create-custom-roles-using-provisioning).
|
||||
For more information about managing custom roles, refer to [Create custom roles using provisioning]({{< relref "./manage-rbac-roles/#create-custom-roles-using-provisioning" >}}).
|
||||
|
||||
1. Reload the provisioning configuration file.
|
||||
|
||||
For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations](/docs/grafana/<GRAFANA_VERSION>/developers/http_api/admin/#reload-provisioning-configurations).
|
||||
For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../../../developers/http_api/admin/#reload-provisioning-configurations" >}}).
|
||||
|
||||
The following example creates the `custom:users:writer` role and assigns it to the `user writers` and `user admins` teams along with the `fixed:users:writer` role:
|
||||
|
||||
|
||||
@@ -14,10 +14,10 @@ weight: 30
|
||||
# Configure RBAC in Grafana
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
Available in [Grafana Enterprise](/docs/grafana/<GRAFANA_VERSION>/introduction/grafana-enterprise/) and [Grafana Cloud](/docs/grafana-cloud).
|
||||
Available in [Grafana Enterprise]({{< relref "../../../../introduction/grafana-enterprise/" >}}) and [Grafana Cloud](/docs/grafana-cloud).
|
||||
{{% /admonition %}}
|
||||
|
||||
The table below describes all RBAC configuration options. Like any other Grafana configuration, you can apply these options as [environment variables](/docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-grafana/#override-configuration-with-environment-variables).
|
||||
The table below describes all RBAC configuration options. Like any other Grafana configuration, you can apply these options as [environment variables]({{< relref "../../../../setup-grafana/configure-grafana/#configure-with-environment-variables" >}}).
|
||||
|
||||
| Setting | Required | Description | Default |
|
||||
| ------------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
|
||||
|
||||
@@ -10,17 +10,6 @@ labels:
|
||||
menuTitle: RBAC permissions, actions, and scopes
|
||||
title: Grafana RBAC permissions, actions, and scopes
|
||||
weight: 80
|
||||
refs:
|
||||
rbac-grafana-provisioning:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/rbac-grafana-provisioning/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/rbac-grafana-provisioning/
|
||||
rbac-fixed-roles:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/#fixed-roles
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/#fixed-roles
|
||||
---
|
||||
|
||||
# RBAC permissions, actions, and scopes
|
||||
@@ -31,7 +20,7 @@ Available in [Grafana Enterprise]({{< relref "../../../../introduction/grafana-e
|
||||
|
||||
A permission is comprised of an action and a scope. When creating a custom role, consider the actions the user can perform and the resource(s) on which they can perform those actions.
|
||||
|
||||
To learn more about the Grafana resources to which you can apply RBAC, refer to [Resources with RBAC permissions](ref:rbac-fixed-roles).
|
||||
To learn more about the Grafana resources to which you can apply RBAC, refer to [Resources with RBAC permissions]({{< relref "../#fixed-roles" >}}).
|
||||
|
||||
- **Action:** An action describes what tasks a user can perform on a resource.
|
||||
- **Scope:** A scope describes where an action can be performed, such as reading a specific user profile. In this example, a permission is associated with the scope `users:<userId>` to the relevant role.
|
||||
@@ -237,28 +226,25 @@ The following list contains role-based access control actions used by Grafana Ad
|
||||
|
||||
The following list contains role-based access control scopes.
|
||||
|
||||
<!-- prettier-ignore-start -->
|
||||
| Scopes | Descriptions |
|
||||
| -------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| <ul><li>`annotations:*`</li><li>`annotations:type:*`</li></ul> | Restrict an action to a set of annotations. For example, `annotations:*` matches any annotation, `annotations:type:dashboard` matches annotations associated with dashboards and `annotations:type:organization` matches organization annotations. |
|
||||
| <ul><li>`apikeys:*`</li><li>`apikeys:id:*`</li></ul> | Restrict an action to a set of API keys. For example, `apikeys:*` matches any API key, `apikey:id:1` matches the API key whose id is `1`. |
|
||||
| <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li></ul> | Restrict an action to a set of dashboards. For example, `dashboards:*` matches any dashboard, and `dashboards:uid:1` matches the dashboard whose UID is `1`. |
|
||||
| <ul><li>`datasources:*`</li><li>`datasources:uid:*`</li></ul> | Restrict an action to a set of data sources. For example, `datasources:*` matches any data source, and `datasources:uid:1` matches the data source whose UID is `1`. |
|
||||
| <ul><li>`folders:*`</li><li>`folders:uid:*`</li></ul> | Restrict an action to a set of folders. For example, `folders:*` matches any folder, and `folders:uid:1` matches the folder whose UID is `1`. Note that permissions granted to a folder cascade down to subfolders located under it. |
|
||||
| <ul><li>`global.users:*`</li><li>`global.users:id:*`</li></ul> | Restrict an action to a set of global users. For example, `global.users:*` matches any user and `global.users:id:1` matches the user whose ID is `1`. |
|
||||
| <ul><li>`library.panels:*`</li><li>`library.panels:uid:*`</li></ul> | Restrict an action to a set of library panels. For example, `library.panels:*` matches any library panel, and `library.panel:uid:1` matches the library panel whose UID is `1`. |
|
||||
| <ul><li>`orgs:*`</li><li>`orgs:id:*`</li></ul> | Restrict an action to a set of organizations. For example, `orgs:*` matches any organization and `orgs:id:1` matches the organization whose ID is `1`. |
|
||||
| <ul><li>`permissions:type:delegate`</li><ul> | The scope is only applicable for roles associated with the Access Control itself and indicates that you can delegate your permissions only, or a subset of it, by creating a new role or making an assignment. |
|
||||
| <ul><li>`permissions:type:escalate`</li><ul> | The scope is required to trigger the reset of basic roles permissions. It indicates that users might acquire additional permissions they did not previously have. |
|
||||
| <ul><li>`plugins:*`</li><li>`plugins:id:*`</li></ul> | Restrict an action to a set of plugins. For example, `plugins:id:grafana-oncall-app` matches Grafana OnCall plugin, and `plugins:*` matches all plugins. |
|
||||
| <ul><li>`provisioners:*`</li><ul> | Restrict an action to a set of provisioners. For example, `provisioners:*` matches any provisioner, and `provisioners:accesscontrol` matches the role-based access control [provisioner](ref:rbac-grafana-provisioning). |
|
||||
| <ul><li>`reports:*`</li><li>`reports:id:*`</li></ul> | Restrict an action to a set of reports. For example, `reports:*` matches any report and `reports:id:1` matches the report whose ID is `1`. |
|
||||
| <ul><li>`roles:*`</li><li>`roles:uid:*`</li></ul> | Restrict an action to a set of roles. For example, `roles:*` matches any role and `roles:uid:randomuid` matches only the role whose UID is `randomuid`. |
|
||||
| <ul><li>`services:accesscontrol`</li><ul> | Restrict an action to target only the role-based access control service. You can use this in conjunction with the `status:accesscontrol` actions. |
|
||||
| <ul><li>`serviceaccounts:*`</li><li>`serviceaccounts:id:*`</li></ul> | Restrict an action to a set of service account from an organization. For example, `serviceaccounts:*` matches any service account and `serviceaccount:id:1` matches the service account whose ID is `1`. |
|
||||
| <ul><li>`settings:*`</li><ul> | Restrict an action to a subset of settings. For example, `settings:*` matches all settings, `settings:auth.saml:*` matches all SAML settings, and `settings:auth.saml:enabled` matches the enable property on the SAML settings. |
|
||||
| <ul><li>`teams:*`</li><li>`teams:id:*`</li></ul> | Restrict an action to a set of teams from an organization. For example, `teams:*` matches any team and `teams:id:1` matches the team whose ID is `1`. |
|
||||
| <ul><li>`users:*`</li><li>`users:id:*`</li></ul> | Restrict an action to a set of users from an organization. For example, `users:*` matches any user and `users:id:1` matches the user whose ID is `1`. |
|
||||
| <ul><li>None</li><ul> | If an action has "None" specified for the scope, then the action doesn't require a scope. For example, the `teams:create` action doesn't require a scope and allows users to create teams. |
|
||||
{ .no-spacing-list }
|
||||
<!-- prettier-ignore-end -->
|
||||
| Scopes | Descriptions |
|
||||
| ----------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `annotations:*`<br>`annotations:type:*` | Restrict an action to a set of annotations. For example, `annotations:*` matches any annotation, `annotations:type:dashboard` matches annotations associated with dashboards and `annotations:type:organization` matches organization annotations. |
|
||||
| `apikeys:*`<br>`apikeys:id:*` | Restrict an action to a set of API keys. For example, `apikeys:*` matches any API key, `apikey:id:1` matches the API key whose id is `1`. |
|
||||
| `dashboards:*`<br>`dashboards:uid:*` | Restrict an action to a set of dashboards. For example, `dashboards:*` matches any dashboard, and `dashboards:uid:1` matches the dashboard whose UID is `1`. |
|
||||
| `datasources:*`<br>`datasources:uid:*` | Restrict an action to a set of data sources. For example, `datasources:*` matches any data source, and `datasources:uid:1` matches the data source whose UID is `1`. |
|
||||
| `folders:*`<br>`folders:uid:*` | Restrict an action to a set of folders. For example, `folders:*` matches any folder, and `folders:uid:1` matches the folder whose UID is `1`. Note that permissions granted to a folder cascade down to subfolders located under it |
|
||||
| `global.users:*` <br> `global.users:id:*` | Restrict an action to a set of global users. For example, `global.users:*` matches any user and `global.users:id:1` matches the user whose ID is `1`. |
|
||||
| `library.panels:*` <br> `library.panels:uid:*` | Restrict an action to a set of library panels. For example, `library.panels:*` matches any library panel, and `library.panel:uid:1` matches the library panel whose UID is `1`. |
|
||||
| `orgs:*` <br> `orgs:id:*` | Restrict an action to a set of organizations. For example, `orgs:*` matches any organization and `orgs:id:1` matches the organization whose ID is `1`. |
|
||||
| `permissions:type:delegate` | The scope is only applicable for roles associated with the Access Control itself and indicates that you can delegate your permissions only, or a subset of it, by creating a new role or making an assignment. |
|
||||
| `permissions:type:escalate` | The scope is required to trigger the reset of basic roles permissions. It indicates that users might acquire additional permissions they did not previously have. |
|
||||
| `plugins:*` <br> `plugins:id:*` | Restrict an action to a set of plugins. For example, `plugins:id:grafana-oncall-app` matches Grafana OnCall plugin, and `plugins:*` matches all plugins. |
|
||||
| `provisioners:*` | Restrict an action to a set of provisioners. For example, `provisioners:*` matches any provisioner, and `provisioners:accesscontrol` matches the role-based access control [provisioner]({{< relref "./rbac-grafana-provisioning/" >}}). |
|
||||
| `reports:*` <br> `reports:id:*` | Restrict an action to a set of reports. For example, `reports:*` matches any report and `reports:id:1` matches the report whose ID is `1`. |
|
||||
| `roles:*` <br> `roles:uid:*` | Restrict an action to a set of roles. For example, `roles:*` matches any role and `roles:uid:randomuid` matches only the role whose UID is `randomuid`. |
|
||||
| `services:accesscontrol` | Restrict an action to target only the role-based access control service. You can use this in conjunction with the `status:accesscontrol` actions. |
|
||||
| `serviceaccounts:*` <br> `serviceaccounts:id:*` | Restrict an action to a set of service account from an organization. For example, `serviceaccounts:*` matches any service account and `serviceaccount:id:1` matches the service account whose ID is `1`. |
|
||||
| `settings:*` | Restrict an action to a subset of settings. For example, `settings:*` matches all settings, `settings:auth.saml:*` matches all SAML settings, and `settings:auth.saml:enabled` matches the enable property on the SAML settings. |
|
||||
| `teams:*` <br> `teams:id:*` | Restrict an action to a set of teams from an organization. For example, `teams:*` matches any team and `teams:id:1` matches the team whose ID is `1`. |
|
||||
| `users:*` <br> `users:id:*` | Restrict an action to a set of users from an organization. For example, `users:*` matches any user and `users:id:1` matches the user whose ID is `1`. |
|
||||
| `n/a` | `n/a` means not applicable. If an action has `n/a` specified for the scope, then the action does not require a scope. For example, the `teams:create` action does not require a scope and allows users to create teams. |
|
||||
|
||||
@@ -12,66 +12,12 @@ labels:
|
||||
menuTitle: Manage RBAC roles
|
||||
title: Manage Grafana RBAC roles
|
||||
weight: 50
|
||||
refs:
|
||||
configure-rbac-configure-rbac-in-grafana:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/configure-rbac/#configure-rbac-in-grafana
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/configure-rbac/#configure-rbac-in-grafana
|
||||
api-rbac-reset-basic-roles-to-their-default:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/developers/http_api/access_control/#reset-basic-roles-to-their-default
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/developer-resources/api-reference/http-api/access_control/#reset-basic-roles-to-their-default
|
||||
api-rbac-delete-a-custom-role:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/developers/http_api/access_control/#delete-a-custom-role
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/developer-resources/api-reference/http-api/access_control/#delete-a-custom-role
|
||||
api-rbac-update-a-role:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/developers/http_api/access_control/#update-a-role
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/developer-resources/api-reference/http-api/access_control/#update-a-role
|
||||
api-rbac-get-a-role:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/developers/http_api/access_control/#get-a-role
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/developer-resources/api-reference/http-api/access_control/#get-a-role
|
||||
api-rbac-create-a-new-custom-role:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/developers/http_api/access_control/#create-a-new-custom-role
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/developer-resources/api-reference/http-api/access_control/#create-a-new-custom-role
|
||||
plan-rbac-rollout-strategy:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/plan-rbac-rollout-strategy/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/plan-rbac-rollout-strategy/
|
||||
custom-role-actions-scopes:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/custom-role-actions-scopes/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/custom-role-actions-scopes/
|
||||
rbac-grafana-provisioning:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/rbac-grafana-provisioning/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/rbac-grafana-provisioning/
|
||||
rbac-role-definitions:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/rbac-fixed-basic-role-definitions/
|
||||
rbac-fixed-basic-role-definitions-basic-role-assignments:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/#basic-role-assignments
|
||||
---
|
||||
|
||||
# Manage RBAC roles
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
Available in [Grafana Enterprise](/docs/grafana/<GRAFANA_VERSION>/introduction/grafana-enterprise/) and [Grafana Cloud](/docs/grafana-cloud).
|
||||
Available in [Grafana Enterprise]({{< relref "../../../../introduction/grafana-enterprise/" >}}) and [Grafana Cloud](/docs/grafana-cloud).
|
||||
{{% /admonition %}}
|
||||
|
||||
{{< table-of-contents >}}
|
||||
@@ -82,7 +28,7 @@ The following example includes the base64 username:password Basic Authorization.
|
||||
|
||||
## List permissions associated with roles
|
||||
|
||||
Use a `GET` command to see the actions and scopes associated with a role. For more information about seeing a list of permissions for each role, refer to [Get a role](ref:api-rbac-get-a-role).
|
||||
Use a `GET` command to see the actions and scopes associated with a role. For more information about seeing a list of permissions for each role, refer to [Get a role]({{< relref "../../../../developers/http_api/access_control/#get-a-role" >}}).
|
||||
|
||||
To see the permissions associated with basic roles, refer to the following basic role UIDs:
|
||||
|
||||
@@ -141,7 +87,7 @@ curl --location --request GET '<grafana_url>/api/access-control/roles/qQui_LCMk'
|
||||
}
|
||||
```
|
||||
|
||||
Refer to the [RBAC HTTP API](ref:api-rbac-get-a-role) for more details.
|
||||
Refer to the [RBAC HTTP API]({{< relref "../../../../developers/http_api/access_control/#get-a-role" >}}) for more details.
|
||||
|
||||
## Create custom roles
|
||||
|
||||
@@ -151,40 +97,40 @@ Create a custom role when basic roles and fixed roles do not meet your permissio
|
||||
|
||||
**Before you begin:**
|
||||
|
||||
- [Plan your RBAC rollout strategy](ref:plan-rbac-rollout-strategy).
|
||||
- Determine which permissions you want to add to the custom role. To see a list of actions and scope, refer to [RBAC permissions, actions, and scopes](ref:custom-role-actions-scopes).
|
||||
- [Enable role provisioning](ref:rbac-grafana-provisioning).
|
||||
- [Plan your RBAC rollout strategy]({{< relref "./plan-rbac-rollout-strategy/" >}}).
|
||||
- Determine which permissions you want to add to the custom role. To see a list of actions and scope, refer to [RBAC permissions, actions, and scopes]({{< relref "./custom-role-actions-scopes/" >}}).
|
||||
- [Enable role provisioning]({{< relref "./rbac-grafana-provisioning/" >}}).
|
||||
- Ensure that you have permissions to create a custom role.
|
||||
- By default, the Grafana Admin role has permission to create custom roles.
|
||||
- A Grafana Admin can delegate the custom role privilege to another user by creating a custom role with the relevant permissions and adding the `permissions:type:delegate` scope.
|
||||
|
||||
### Create custom roles using provisioning
|
||||
|
||||
[File-based provisioning](ref:rbac-grafana-provisioning) is one method you can use to create custom roles.
|
||||
[File-based provisioning]({{< relref "./rbac-grafana-provisioning" >}}) is one method you can use to create custom roles.
|
||||
|
||||
1. Open the YAML configuration file and locate the `roles` section.
|
||||
|
||||
1. Refer to the following table to add attributes and values.
|
||||
|
||||
| Attribute | Description |
|
||||
| ------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `name` | A human-friendly identifier for the role that helps administrators understand the purpose of a role. `name` is required and cannot be longer than 190 characters. We recommend that you use ASCII characters. Role names must be unique within an organization. |
|
||||
| `uid` | A unique identifier associated with the role. The UID enables you to change or delete the role. You can either generate a UID yourself, or let Grafana generate one for you. You cannot use the same UID within the same Grafana instance. |
|
||||
| `orgId` | Identifies the organization to which the role belongs. The [default org ID](/docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-grafana/#auto_assign_org_id) is used if you do not specify `orgId`. |
|
||||
| `global` | Global roles are not associated with any specific organization, which means that you can reuse them across all organizations. This setting overrides `orgId`. |
|
||||
| `displayName` | Human-friendly text that is displayed in the UI. Role display name cannot be longer than 190 ASCII-based characters. For fixed roles, the display name is shown as specified. If you do not set a display name the display name replaces `':'` (a colon) with `' '` (a space). |
|
||||
| `description` | Human-friendly text that describes the permissions a role provides. |
|
||||
| `group` | Organizes roles in the role picker. |
|
||||
| `version` | A positive integer that defines the current version of the role, which prevents overwriting newer changes. |
|
||||
| `hidden` | Hidden roles do not appear in the role picker. |
|
||||
| `state` | State of the role. Defaults to `present`, but if set to `absent` the role will be removed. |
|
||||
| `force` | Can be used in addition to state `absent`, to force the removal of a role and all its assignments. |
|
||||
| `from` | An optional list of roles from which you want to copy permissions. |
|
||||
| `permissions` | Provides users access to Grafana resources. For a list of permissions, refer to [RBAC permissions actions and scopes](ref:rbac-role-definitions). If you do not know which permissions to assign, you can create and assign roles without any permissions as a placeholder. Using the `from` attribute, you can specify additional permissions or permissions to remove by adding a `state` to your permission list. |
|
||||
| Attribute | Description |
|
||||
| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| `name` | A human-friendly identifier for the role that helps administrators understand the purpose of a role. `name` is required and cannot be longer than 190 characters. We recommend that you use ASCII characters. Role names must be unique within an organization. |
|
||||
| `uid` | A unique identifier associated with the role. The UID enables you to change or delete the role. You can either generate a UID yourself, or let Grafana generate one for you. You cannot use the same UID within the same Grafana instance. |
|
||||
| `orgId` | Identifies the organization to which the role belongs. The [default org ID]({{< relref "../../../../setup-grafana/configure-grafana/#auto_assign_org_id" >}}) is used if you do not specify `orgId`. |
|
||||
| `global` | Global roles are not associated with any specific organization, which means that you can reuse them across all organizations. This setting overrides `orgId`. |
|
||||
| `displayName` | Human-friendly text that is displayed in the UI. Role display name cannot be longer than 190 ASCII-based characters. For fixed roles, the display name is shown as specified. If you do not set a display name the display name replaces `':'` (a colon) with `' '` (a space). |
|
||||
| `description` | Human-friendly text that describes the permissions a role provides. |
|
||||
| `group` | Organizes roles in the role picker. |
|
||||
| `version` | A positive integer that defines the current version of the role, which prevents overwriting newer changes. |
|
||||
| `hidden` | Hidden roles do not appear in the role picker. |
|
||||
| `state` | State of the role. Defaults to `present`, but if set to `absent` the role will be removed. |
|
||||
| `force` | Can be used in addition to state `absent`, to force the removal of a role and all its assignments. |
|
||||
| `from` | An optional list of roles from which you want to copy permissions. |
|
||||
| `permissions` | Provides users access to Grafana resources. For a list of permissions, refer to [RBAC permissions actions and scopes]({{< relref "./rbac-fixed-basic-role-definitions/" >}}). If you do not know which permissions to assign, you can create and assign roles without any permissions as a placeholder. Using the `from` attribute, you can specify additional permissions or permissions to remove by adding a `state` to your permission list. |
|
||||
|
||||
1. Reload the provisioning configuration file.
|
||||
|
||||
For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations](/docs/grafana/<GRAFANA_VERSION>/developers/http_api/admin/#reload-provisioning-configurations).
|
||||
For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../../../developers/http_api/admin/#reload-provisioning-configurations" >}}).
|
||||
|
||||
The following example creates a local role:
|
||||
|
||||
@@ -253,7 +199,7 @@ roles:
|
||||
|
||||
### Create custom roles using the HTTP API
|
||||
|
||||
The following examples show you how to create a custom role using the Grafana HTTP API. For more information about the HTTP API, refer to [Create a new custom role](ref:api-rbac-create-a-new-custom-role).
|
||||
The following examples show you how to create a custom role using the Grafana HTTP API. For more information about the HTTP API, refer to [Create a new custom role]({{< relref "../../../../developers/http_api/access_control/#create-a-new-custom-role" >}}).
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
You cannot create a custom role with permissions that you do not have. For example, if you only have `users:create` permissions, then you cannot create a role that includes other permissions.
|
||||
@@ -304,7 +250,7 @@ curl --location --request POST '<grafana_url>/api/access-control/roles/' \
|
||||
}
|
||||
```
|
||||
|
||||
Refer to the [RBAC HTTP API](ref:api-rbac-create-a-new-custom-role) for more details.
|
||||
Refer to the [RBAC HTTP API]({{< relref "../../../../developers/http_api/access_control/#create-a-new-custom-role" >}}) for more details.
|
||||
|
||||
## Update basic role permissions
|
||||
|
||||
@@ -312,7 +258,7 @@ If the default basic role definitions do not meet your requirements, you can cha
|
||||
|
||||
**Before you begin:**
|
||||
|
||||
- Determine the permissions you want to add or remove from a basic role. For more information about the permissions associated with basic roles, refer to [RBAC role definitions](ref:rbac-fixed-basic-role-definitions-basic-role-assignments).
|
||||
- Determine the permissions you want to add or remove from a basic role. For more information about the permissions associated with basic roles, refer to [RBAC role definitions]({{< relref "./rbac-fixed-basic-role-definitions/#basic-role-assignments" >}}).
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
You cannot modify the `No Basic Role` permissions.
|
||||
@@ -335,7 +281,7 @@ You cannot modify the `No Basic Role` permissions.
|
||||
|
||||
1. Reload the provisioning configuration file.
|
||||
|
||||
For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations](/docs/grafana/<GRAFANA_VERSION>/developers/http_api/admin/#reload-provisioning-configurations).
|
||||
For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../../../developers/http_api/admin/#reload-provisioning-configurations" >}}).
|
||||
|
||||
The following example modifies the `Grafana Admin` basic role permissions.
|
||||
|
||||
@@ -376,7 +322,7 @@ You can add multiple `fixed`, `basic` or `custom` roles to the `from` section. T
|
||||
Make sure to **increment** the role version for the changes to be accounted for.
|
||||
{{% /admonition %}}
|
||||
|
||||
You can also change basic roles' permissions using the API. Refer to the [RBAC HTTP API](ref:api-rbac-update-a-role) for more details.
|
||||
You can also change basic roles' permissions using the API. Refer to the [RBAC HTTP API]({{< relref "../../../../developers/http_api/access_control/#update-a-role" >}}) for more details.
|
||||
|
||||
## Reset basic roles to their default
|
||||
|
||||
@@ -390,7 +336,7 @@ You have two options to reset the basic roles permissions to their default.
|
||||
|
||||
> Warning: If this option is left to true, permissions will be reset on every boot.
|
||||
|
||||
Use the [reset_basic_roles](ref:configure-rbac-configure-rbac-in-grafana) option to reset
|
||||
Use the [reset_basic_roles]({{< relref "../configure-rbac/#configure-rbac-in-grafana" >}}) option to reset
|
||||
basic roles permissions to their default on Grafana instance boot up.
|
||||
|
||||
1. Open you configuration file and update the rbac section as follow:
|
||||
@@ -423,7 +369,7 @@ An alternative to the configuration option is to use the HTTP endpoint.
|
||||
scope: 'permissions:type:escalate'
|
||||
```
|
||||
|
||||
1. As a `Grafana Admin`, call the API endpoint to reset the basic roles to their default. Refer to the [RBAC HTTP API](ref:api-rbac-reset-basic-roles-to-their-default) for more details.
|
||||
1. As a `Grafana Admin`, call the API endpoint to reset the basic roles to their default. Refer to the [RBAC HTTP API]({{< relref "../../../../developers/http_api/access_control/#reset-basic-roles-to-their-default" >}}) for more details.
|
||||
|
||||
## Delete a custom role using Grafana provisioning
|
||||
|
||||
@@ -449,7 +395,7 @@ Delete a custom role when you no longer need it. When you delete a custom role,
|
||||
|
||||
1. Reload the provisioning configuration file.
|
||||
|
||||
For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations](/docs/grafana/<GRAFANA_VERSION>/developers/http_api/admin/#reload-provisioning-configurations).
|
||||
For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../../../developers/http_api/admin/#reload-provisioning-configurations" >}}).
|
||||
|
||||
The following example deletes a custom role:
|
||||
|
||||
@@ -464,4 +410,4 @@ roles:
|
||||
force: true
|
||||
```
|
||||
|
||||
You can also delete a custom role using the API. Refer to the [RBAC HTTP API](ref:api-rbac-delete-a-custom-role) for more details.
|
||||
You can also delete a custom role using the API. Refer to the [RBAC HTTP API]({{< relref "../../../../developers/http_api/access_control/#delete-a-custom-role" >}}) for more details.
|
||||
|
||||
@@ -11,38 +11,12 @@ labels:
|
||||
menuTitle: Plan your RBAC rollout strategy
|
||||
title: Plan your Grafana RBAC rollout strategy
|
||||
weight: 20
|
||||
refs:
|
||||
api-rbac-update-a-role:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/developers/http_api/access_control/#update-a-role
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/developer-resources/api-reference/http-api/access_control/#update-a-role
|
||||
rbac-fixed-basic-role-definitions-basic-role-assignments:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/#basic-role-assignments
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/rbac-fixed-basic-role-definitions/#basic-role-assignments
|
||||
rbac-fixed-basic-role-definitions-fixed-role-definitions:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/#fixed-role-definitions
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/rbac-fixed-basic-role-definitions/#fixed-role-definitions
|
||||
manage-rbac-roles-update-basic-role-permissions:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/manage-rbac-roles/#update-basic-role-permissions
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/manage-rbac-roles/#update-basic-role-permissions
|
||||
service-accounts:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/service-accounts/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/service-accounts/
|
||||
---
|
||||
|
||||
# Plan your RBAC rollout strategy
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
Available in [Grafana Enterprise](/docs/grafana/<GRAFANA_VERSION>/introduction/grafana-enterprise/) and [Grafana Cloud](/docs/grafana-cloud).
|
||||
Available in [Grafana Enterprise]({{< relref "../../../../introduction/grafana-enterprise/" >}}) and [Grafana Cloud](/docs/grafana-cloud).
|
||||
{{% /admonition %}}
|
||||
|
||||
An RBAC rollout strategy helps you determine _how_ you want to implement RBAC prior to assigning RBAC roles to users and teams.
|
||||
@@ -61,8 +35,8 @@ As a first step in determining your permissions rollout strategy, we recommend t
|
||||
|
||||
To learn more about basic roles and fixed roles, refer to the following documentation:
|
||||
|
||||
- [Basic role definitions](ref:rbac-fixed-basic-role-definitions-basic-role-assignments)
|
||||
- [Fixed role definitions](ref:rbac-fixed-basic-role-definitions-fixed-role-definitions)
|
||||
- [Basic role definitions]({{< relref "./rbac-fixed-basic-role-definitions/#basic-role-assignments" >}})
|
||||
- [Fixed role definitions]({{< relref "./rbac-fixed-basic-role-definitions/#fixed-role-definitions" >}})
|
||||
|
||||
## User and team considerations
|
||||
|
||||
@@ -82,7 +56,7 @@ For example:
|
||||
|
||||
1. Map SAML, LDAP, or Oauth roles to Grafana basic roles (viewer, editor, or admin).
|
||||
|
||||
2. Use the Grafana Enterprise team sync feature to synchronize teams from your SAML, LDAP, or Oauth provider to Grafana. For more information about team sync, refer to [Team sync](/docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-security/configure-team-sync/).
|
||||
2. Use the Grafana Enterprise team sync feature to synchronize teams from your SAML, LDAP, or Oauth provider to Grafana. For more information about team sync, refer to [Team sync]({{< relref "../../../../setup-grafana/configure-security/configure-team-sync/" >}}).
|
||||
|
||||
3. Within Grafana, assign RBAC permissions to users and teams.
|
||||
|
||||
@@ -93,7 +67,7 @@ Consider the following guidelines when you determine if you should modify basic
|
||||
- **Modify basic roles** when Grafana's definitions of what viewers, editors, and admins can do does not match your definition of these roles. You can add or remove permissions from any basic role.
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
Changes that you make to basic roles impact the role definition for all [organizations](/docs/grafana/<GRAFANA_VERSION>/administration/organization-management/) in the Grafana instance. For example, when you add the `fixed:users:writer` role's permissions to the viewer basic role, all viewers in any org in the Grafana instance can create users within that org.
|
||||
Changes that you make to basic roles impact the role definition for all [organizations]({{< relref "../../../organization-management/" >}}) in the Grafana instance. For example, when you add the `fixed:users:writer` role's permissions to the viewer basic role, all viewers in any org in the Grafana instance can create users within that org.
|
||||
{{% /admonition %}}
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
@@ -123,13 +97,13 @@ If you have a use case that you'd like to share, feel free to contribute to this
|
||||
|
||||
1. In Grafana, create a team with the name `Internal employees`.
|
||||
1. Assign the `fixed:datasources:explorer` role to the `Internal employees` team.
|
||||
1. Add internal employees to the `Internal employees` team, or map them from a SAML, LDAP, or Oauth team using [Team Sync](/docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-security/configure-team-sync/).
|
||||
1. Add internal employees to the `Internal employees` team, or map them from a SAML, LDAP, or Oauth team using [Team Sync]({{< relref "../../../../setup-grafana/configure-security/configure-team-sync/" >}}).
|
||||
1. Assign the viewer role to both internal employees and contractors.
|
||||
|
||||
### Limit viewer, editor, or admin permissions
|
||||
|
||||
1. Review the list of permissions associated with the basic role.
|
||||
1. [Change the permissions of the basic role](ref:manage-rbac-roles-update-basic-role-permissions).
|
||||
1. [Change the permissions of the basic role]({{< relref "./manage-rbac-roles/#update-basic-role-permissions" >}}).
|
||||
|
||||
### Allow only members of one team to manage Alerts
|
||||
|
||||
@@ -194,9 +168,9 @@ curl --location --request POST '<grafana_url>/api/access-control/roles/' \
|
||||
|
||||
### Enable an editor to create custom roles
|
||||
|
||||
By default, only a Grafana Server Admin can create and manage custom roles. If you want your `Editors` to do the same, [update the `Editor` basic role permissions](ref:manage-rbac-roles-update-basic-role-permissions). There are two ways to achieve this:
|
||||
By default, only a Grafana Server Admin can create and manage custom roles. If you want your `Editors` to do the same, [update the `Editor` basic role permissions]({{< ref "./manage-rbac-roles.md#update-basic-role-permissions" >}}). There are two ways to achieve this:
|
||||
|
||||
- Add the following permissions to the `basic:editor` role, using provisioning or the [RBAC HTTP API](ref:api-rbac-update-a-role):
|
||||
- Add the following permissions to the `basic:editor` role, using provisioning or the [RBAC HTTP API]({{< relref "../../../../developers/http_api/access_control/#update-a-role" >}}):
|
||||
|
||||
| action | scope |
|
||||
| -------------- | --------------------------- |
|
||||
@@ -238,9 +212,9 @@ By default, only a Grafana Server Admin can create and manage custom roles. If y
|
||||
|
||||
### Enable viewers to create reports
|
||||
|
||||
If you want your `Viewers` to create reports, [update the `Viewer` basic role permissions](ref:manage-rbac-roles-update-basic-role-permissions). There are two ways to achieve this:
|
||||
If you want your `Viewers` to create reports, [update the `Viewer` basic role permissions]({{< ref "./manage-rbac-roles.md#update-basic-role-permissions" >}}). There are two ways to achieve this:
|
||||
|
||||
- Add the following permissions to the `basic:viewer` role, using provisioning or the [RBAC HTTP API](ref:api-rbac-update-a-role):
|
||||
- Add the following permissions to the `basic:viewer` role, using provisioning or the [RBAC HTTP API]({{< relref "../../../../developers/http_api/access_control/#update-a-role" >}}):
|
||||
|
||||
| Action | Scope |
|
||||
| ---------------- | ------------------------------- |
|
||||
@@ -279,11 +253,11 @@ If you want your `Viewers` to create reports, [update the `Viewer` basic role pe
|
||||
global: true
|
||||
```
|
||||
|
||||
> **Note:** The `fixed:reports:writer` role assigns more permissions than just creating reports. For more information about fixed role permission assignments, refer to [Fixed role definitions](ref:rbac-fixed-basic-role-definitions-fixed-role-definitions).
|
||||
> **Note:** The `fixed:reports:writer` role assigns more permissions than just creating reports. For more information about fixed role permission assignments, refer to [Fixed role definitions]({{< relref "./rbac-fixed-basic-role-definitions/#fixed-role-definitions" >}}).
|
||||
|
||||
### Prevent a Grafana Admin from creating and inviting users
|
||||
|
||||
To prevent a Grafana Admin from creating users and inviting them to join an organization, you must [update a basic role permission](ref:manage-rbac-roles-update-basic-role-permissions).
|
||||
To prevent a Grafana Admin from creating users and inviting them to join an organization, you must [update a basic role permission]({{< relref "./manage-rbac-roles/#update-basic-role-permissions" >}}).
|
||||
The permissions to remove are:
|
||||
|
||||
| Action | Scope |
|
||||
@@ -293,7 +267,7 @@ The permissions to remove are:
|
||||
|
||||
There are two ways to achieve this:
|
||||
|
||||
- Use [RBAC HTTP API](ref:api-rbac-update-a-role).
|
||||
- Use [RBAC HTTP API]({{< relref "../../../../developers/http_api/access_control/#update-a-role" >}}).
|
||||
|
||||
As an example, here is a small bash script that fetches the role, modifies it using `jq` and updates it:
|
||||
|
||||
@@ -332,7 +306,7 @@ There are two ways to achieve this:
|
||||
### Prevent Viewers from accessing an App Plugin
|
||||
|
||||
By default, Viewers, Editors and Admins have access to all App Plugins that their organization role allows them to access.
|
||||
To change this default behavior and prevent Viewers from accessing an App plugin, you must [update a basic role's permissions](ref:manage-rbac-roles-update-basic-role-permissions).
|
||||
To change this default behavior and prevent Viewers from accessing an App plugin, you must [update a basic role's permissions]({{< relref "./manage-rbac-roles/#update-basic-role-permissions" >}}).
|
||||
|
||||
In this example, three App plugins have been installed and enabled:
|
||||
| Name | ID | Required Org role |
|
||||
@@ -355,7 +329,7 @@ If you want to revoke their access to the On Call App plugin, you need to:
|
||||
|
||||
Here are two ways to achieve this:
|
||||
|
||||
- Use [RBAC HTTP API](ref:api-rbac-update-a-role).
|
||||
- Use [RBAC HTTP API]({{< relref "../../../../developers/http_api/access_control/#update-a-role" >}}).
|
||||
|
||||
As an example, here is a small bash script that fetches the role, modifies it using `jq` and updates it:
|
||||
|
||||
@@ -423,7 +397,7 @@ A user will be added to the default organization automatically but won't have an
|
||||
|
||||
Using Service Accounts is an efficient way to facilitate M2M communications. However, they can pose a security threat if not scoped appropriately. To limit the scope of a service account, you can begin by creating a Service Account with `No Basic Role` and then assign the necessary permissions for the account.
|
||||
|
||||
1. Refer to [Service Accounts](ref:service-accounts) and add a new Service Account.
|
||||
1. Refer to [Service Accounts](https://grafana.com/docs/grafana/latest/administration/service-accounts/) and add a new Service Account.
|
||||
1. Set the basic role to `No Basic Role`.
|
||||
1. Set the fixed roles needed for the Service Account.
|
||||
|
||||
|
||||
@@ -11,66 +11,35 @@ labels:
|
||||
menuTitle: RBAC role definitions
|
||||
title: Grafana RBAC role definitions
|
||||
weight: 70
|
||||
refs:
|
||||
rbac-basic-roles:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/#basic-roles
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/#basic-roles
|
||||
rbac-terraform-provisioning:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/rbac-terraform-provisioning/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/rbac-terraform-provisioning/
|
||||
rbac-manage-rbac-roles:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/manage-rbac-roles/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/manage-rbac-roles/
|
||||
plan-rbac-rollout-strategy-create-a-custom-role-to-access-alerts-in-a-folder:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/plan-rbac-rollout-strategy/#create-a-custom-role-to-access-alerts-in-a-folder
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/plan-rbac-rollout-strategy/#create-a-custom-role-to-access-alerts-in-a-folder
|
||||
oncall:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/oncall/<GRAFANA_VERSION>/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/alerting-and-irm/oncall/
|
||||
available-grafana-oncall-rbac-roles--granted-actions:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/oncall/<GRAFANA_VERSION>/user-and-team-management/#available-grafana-oncall-rbac-roles--granted-actions
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/alerting-and-irm/oncall/user-and-team-management/#available-grafana-oncall-rbac-roles--granted-actions
|
||||
---
|
||||
|
||||
# RBAC role definitions
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
Available in [Grafana Enterprise](/docs/grafana/<GRAFANA_VERSION>/introduction/grafana-enterprise/) and [Grafana Cloud](/docs/grafana-cloud).
|
||||
Available in [Grafana Enterprise]({{< relref "../../../../introduction/grafana-enterprise/" >}}) and [Grafana Cloud](/docs/grafana-cloud).
|
||||
{{% /admonition %}}
|
||||
|
||||
The following tables list permissions associated with basic and fixed roles.
|
||||
|
||||
## Basic role assignments
|
||||
|
||||
| Basic role | UID | Associated fixed roles | Description |
|
||||
| ------------- | --------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| Grafana Admin | `basic_grafana_admin` | `fixed:roles:reader`<br>`fixed:roles:writer`<br>`fixed:users:reader`<br>`fixed:users:writer`<br>`fixed:org.users:reader`<br>`fixed:org.users:writer`<br>`fixed:ldap:reader`<br>`fixed:ldap:writer`<br>`fixed:stats:reader`<br>`fixed:settings:reader`<br>`fixed:settings:writer`<br>`fixed:provisioning:writer`<br>`fixed:organization:reader`<br>`fixed:organization:maintainer`<br>`fixed:licensing:reader`<br>`fixed:licensing:writer`<br>`fixed:datasources.caching:reader`<br>`fixed:datasources.caching:writer`<br>`fixed:dashboards.insights:reader`<br>`fixed:datasources.insights:reader`<br>`fixed:plugins:maintainer`<br>`fixed:authentication.config:writer`<br>`fixed:library.panels:creator`<br>`fixed:library.panels:reader`<br>`fixed:library.panels:general.reader`<br>`fixed:library.panels:writer`<br>`fixed:library.panels:general.writer` | Default [Grafana server administrator](/docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/#grafana-server-administrators) assignments. |
|
||||
| Admin | `basic_admin` | `fixed:reports:reader`<br>`fixed:reports:writer`<br>`fixed:datasources:reader`<br>`fixed:datasources:writer`<br>`fixed:organization:writer`<br>`fixed:datasources.permissions:reader`<br>`fixed:datasources.permissions:writer`<br>`fixed:teams:writer`<br>`fixed:dashboards:reader`<br>`fixed:dashboards:writer`<br>`fixed:dashboards.permissions:reader`<br>`fixed:dashboards.permissions:writer`<br>`fixed:dashboards.public:writer`<br>`fixed:folders:reader`<br>`fixed:folders:writer`<br>`fixed:folders.permissions:reader`<br>`fixed:folders.permissions:writer`<br>`fixed:alerting:writer`<br>`fixed:apikeys:reader`<br>`fixed:apikeys:writer`<br>`fixed:alerting.provisioning.secrets:reader`<br>`fixed:alerting.provisioning:writer`<br>`fixed:datasources.caching:reader`<br>`fixed:datasources.caching:writer`<br>`fixed:dashboards.insights:reader`<br>`fixed:datasources.insights:reader`<br>`fixed:plugins:writer`<br>`fixed:library.panels:creator`<br>`fixed:library.panels:reader`<br>`fixed:library.panels:general.reader`<br>`fixed:library.panels:writer`<br>`fixed:library.panels:general.writer`<br>`fixed:alerting.provisioning.status:writer` | Default [Grafana organization administrator](ref:rbac-basic-roles) assignments. |
|
||||
| Editor | `basic_editor` | `fixed:datasources:explorer`<br>`fixed:dashboards:creator`<br>`fixed:folders:creator`<br>`fixed:annotations:writer`<br>`fixed:teams:creator` if the `editors_can_admin` configuration flag is enabled<br>`fixed:alerting:writer`<br>`fixed:dashboards.insights:reader`<br>`fixed:datasources.insights:reader`<br>`fixed:library.panels:creator`<br>`fixed:library.panels:general.reader`<br>`fixed:library.panels:general.writer`<br>`fixed:alerting.provisioning.status:writer` | Default [Editor](ref:rbac-basic-roles) assignments. |
|
||||
| Viewer | `basic_viewer` | `fixed:datasources.id:reader`<br>`fixed:organization:reader`<br>`fixed:annotations:reader`<br>`fixed:annotations.dashboard:writer`<br>`fixed:alerting:reader`<br>`fixed:plugins.app:reader`<br>`fixed:dashboards.insights:reader`<br>`fixed:datasources.insights:reader`<br>`fixed:library.panels:general.reader`<br>`fixed:datasources:explorer` if the `viewers_can_edit` configuration flag is enabled | Default [Viewer](ref:rbac-basic-roles) assignments. |
|
||||
| No Basic Role | n/a | | Default [No Basic Role](ref:rbac-basic-roles) |
|
||||
| Basic role | UID | Associated fixed roles | Description |
|
||||
| ------------- | --------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- |
|
||||
| Grafana Admin | `basic_grafana_admin` | `fixed:roles:reader`<br>`fixed:roles:writer`<br>`fixed:users:reader`<br>`fixed:users:writer`<br>`fixed:org.users:reader`<br>`fixed:org.users:writer`<br>`fixed:ldap:reader`<br>`fixed:ldap:writer`<br>`fixed:stats:reader`<br>`fixed:settings:reader`<br>`fixed:settings:writer`<br>`fixed:provisioning:writer`<br>`fixed:organization:reader`<br>`fixed:organization:maintainer`<br>`fixed:licensing:reader`<br>`fixed:licensing:writer`<br>`fixed:datasources.caching:reader`<br>`fixed:datasources.caching:writer`<br>`fixed:dashboards.insights:reader`<br>`fixed:datasources.insights:reader`<br>`fixed:plugins:maintainer`<br>`fixed:authentication.config:writer`<br>`fixed:library.panels:creator`<br>`fixed:library.panels:reader`<br>`fixed:library.panels:general.reader`<br>`fixed:library.panels:writer`<br>`fixed:library.panels:general.writer` | Default [Grafana server administrator]({{< relref "../../#grafana-server-administrators" >}}) assignments. |
|
||||
| Admin | `basic_admin` | `fixed:reports:reader`<br>`fixed:reports:writer`<br>`fixed:datasources:reader`<br>`fixed:datasources:writer`<br>`fixed:organization:writer`<br>`fixed:datasources.permissions:reader`<br>`fixed:datasources.permissions:writer`<br>`fixed:teams:writer`<br>`fixed:dashboards:reader`<br>`fixed:dashboards:writer`<br>`fixed:dashboards.permissions:reader`<br>`fixed:dashboards.permissions:writer`<br>`fixed:dashboards.public:writer`<br>`fixed:folders:reader`<br>`fixed:folders:writer`<br>`fixed:folders.permissions:reader`<br>`fixed:folders.permissions:writer`<br>`fixed:alerting:writer`<br>`fixed:apikeys:reader`<br>`fixed:apikeys:writer`<br>`fixed:alerting.provisioning.secrets:reader`<br>`fixed:alerting.provisioning:writer`<br>`fixed:datasources.caching:reader`<br>`fixed:datasources.caching:writer`<br>`fixed:dashboards.insights:reader`<br>`fixed:datasources.insights:reader`<br>`fixed:plugins:writer`<br>`fixed:library.panels:creator`<br>`fixed:library.panels:reader`<br>`fixed:library.panels:general.reader`<br>`fixed:library.panels:writer`<br>`fixed:library.panels:general.writer`<br>`fixed:alerting.provisioning.status:writer` | Default [Grafana organization administrator]({{< relref "../#basic-roles" >}}) assignments. |
|
||||
| Editor | `basic_editor` | `fixed:datasources:explorer`<br>`fixed:dashboards:creator`<br>`fixed:folders:creator`<br>`fixed:annotations:writer`<br>`fixed:teams:creator` if the `editors_can_admin` configuration flag is enabled<br>`fixed:alerting:writer`<br>`fixed:dashboards.insights:reader`<br>`fixed:datasources.insights:reader`<br>`fixed:library.panels:creator`<br>`fixed:library.panels:general.reader`<br>`fixed:library.panels:general.writer`<br>`fixed:alerting.provisioning.status:writer` | Default [Editor]({{< relref "../#basic-roles" >}}) assignments. |
|
||||
| Viewer | `basic_viewer` | `fixed:datasources.id:reader`<br>`fixed:organization:reader`<br>`fixed:annotations:reader`<br>`fixed:annotations.dashboard:writer`<br>`fixed:alerting:reader`<br>`fixed:plugins.app:reader`<br>`fixed:dashboards.insights:reader`<br>`fixed:datasources.insights:reader`<br>`fixed:library.panels:general.reader`<br>`fixed:datasources:explorer` if the `viewers_can_edit` configuration flag is enabled | Default [Viewer]({{< relref "../#basic-roles" >}}) assignments. |
|
||||
| No Basic Role | n/a | | Default [No Basic Role]({{< relref "../#basic-roles" >}}) |
|
||||
|
||||
## Fixed role definitions
|
||||
|
||||
The following table has the existing built-in fixed role definitions. Other fixed roles might be added by plugins installed in Grafana.
|
||||
The UUID presented here can be used as an identifier for [Terraform provisioning](ref:rbac-terraform-provisioning).
|
||||
The UUID presented here can be used as an identifier for [Terraform provisioning](../rbac-terraform-provisioning).
|
||||
|
||||
{{< admonition type="caution" >}}
|
||||
These UUIDs won't be available if your instance was created before Grafana v10.2.0.
|
||||
|
||||
To learn how to use the roles API to determine the role UUIDs, refer to [Manage RBAC roles](ref:rbac-manage-rbac-roles).
|
||||
To learn how to use the roles API to determine the role UUIDs, refer to [Manage RBAC roles](/docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/manage-rbac-roles/).
|
||||
{{< /admonition >}}
|
||||
|
||||
| Fixed role | UUID | Permissions | Description |
|
||||
@@ -160,7 +129,7 @@ Access to Grafana alert rules is an intersection of many permissions:
|
||||
|
||||
There is only one exclusion at this moment. Role `fixed:alerting.provisioning:writer` does not require user to have any additional permissions and provides access to all aspects of the alerting configuration via special provisioning API.
|
||||
|
||||
For more information about the permissions required to access alert rules, refer to [Create a custom role to access alerts in a folder](ref:plan-rbac-rollout-strategy-create-a-custom-role-to-access-alerts-in-a-folder).
|
||||
For more information about the permissions required to access alert rules, refer to [Create a custom role to access alerts in a folder]({{< relref "./plan-rbac-rollout-strategy/#create-a-custom-role-to-access-alerts-in-a-folder" >}}).
|
||||
|
||||
### Grafana OnCall roles (beta)
|
||||
|
||||
@@ -170,17 +139,17 @@ Available from Grafana 9.4 in early access.
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
This feature is behind the `accessControlOnCall` feature toggle.
|
||||
You can enable feature toggles through configuration file or environment variables. See configuration [docs](/docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-grafana/#feature_toggles) for details.
|
||||
You can enable feature toggles through configuration file or environment variables. See configuration [docs]({{< relref "../../../../setup-grafana/configure-grafana/#feature_toggles" >}}) for details.
|
||||
{{% /admonition %}}
|
||||
|
||||
If you are using [Grafana OnCall](ref:oncall), you can try out the integration between Grafana OnCall and RBAC.
|
||||
For a detailed list of the available OnCall RBAC roles, refer to the table in [Available Grafana OnCall RBAC roles and granted actions](ref:available-grafana-oncall-rbac-roles--granted-actions).
|
||||
If you are using [Grafana OnCall](https://grafana.com/docs/oncall/latest/get-started/), you can try out the integration between Grafana OnCall and RBAC.
|
||||
For a detailed list of the available OnCall RBAC roles, refer to the table in [Available Grafana OnCall RBAC roles and granted actions](https://grafana.com/docs/oncall/latest/user-and-team-management/#available-grafana-oncall-rbac-roles--granted-actions).
|
||||
|
||||
The following table lists the default RBAC OnCall role assignments to the basic roles:
|
||||
|
||||
| Basic role | Associated fixed roles | Description |
|
||||
| ------------- | ----------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| Grafana Admin | `plugins:grafana-oncall-app:admin` | Default [Grafana server administrator](/docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/#grafana-server-administrators) assignments. |
|
||||
| Admin | `plugins:grafana-oncall-app:admin` | Default [Grafana organization administrator](ref:rbac-basic-roles) assignments. |
|
||||
| Editor | `plugins:grafana-oncall-app:editor` | Default [Editor](ref:rbac-basic-roles) assignments. |
|
||||
| Viewer | `plugins:grafana-oncall-app:reader` | Default [Viewer](ref:rbac-basic-roles) assignments. |
|
||||
| Basic role | Associated fixed roles | Description |
|
||||
| ------------- | ----------------------------------- | ------------------------------------------------------------------------------------------------------- |
|
||||
| Grafana Admin | `plugins:grafana-oncall-app:admin` | Default [Grafana server administrator]({{< relref "../#grafana-server-administrators" >}}) assignments. |
|
||||
| Admin | `plugins:grafana-oncall-app:admin` | Default [Grafana organization administrator]({{< relref "../#basic-roles" >}}) assignments. |
|
||||
| Editor | `plugins:grafana-oncall-app:editor` | Default [Editor]({{< relref "../#basic-roles" >}}) assignments. |
|
||||
| Viewer | `plugins:grafana-oncall-app:reader` | Default [Viewer]({{< relref "../#basic-roles" >}}) assignments. |
|
||||
|
||||
@@ -11,51 +11,15 @@ labels:
|
||||
menuTitle: Provisioning RBAC with Grafana
|
||||
title: Provisioning RBAC with Grafana
|
||||
weight: 60
|
||||
refs:
|
||||
api-rbac-create-and-manage-custom-roles:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/developers/http_api/access_control/#create-and-manage-custom-roles
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/developer-resources/api-reference/http-api/access_control/#create-and-manage-custom-roles
|
||||
rbac-terraform-provisioning:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/rbac-terraform-provisioning/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/rbac-terraform-provisioning/
|
||||
rbac-manage-rbac-roles:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/manage-rbac-roles/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/manage-rbac-roles/
|
||||
rbac-assign-rbac-roles:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/assign-rbac-roles/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/assign-rbac-roles/
|
||||
service-accounts:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/service-accounts/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/service-accounts/
|
||||
manage-rbac-roles-create-custom-roles-using-provisioning:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/manage-rbac-roles/#create-custom-roles-using-provisioning
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/manage-rbac-roles/#create-custom-roles-using-provisioning
|
||||
assign-rbac-roles-assign-a-fixed-role-to-a-basic-role-using-provisioning:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/assign-rbac-roles/#assign-a-fixed-role-to-a-basic-role-using-provisioning
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/assign-rbac-roles/##assign-a-fixed-role-to-a-basic-role-using-provisioning
|
||||
---
|
||||
|
||||
# Provisioning RBAC with Grafana
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
Available in [Grafana Enterprise](/docs/grafana/<GRAFANA_VERSION>/introduction/grafana-enterprise/) and [Grafana Cloud](/docs/grafana-cloud).
|
||||
Available in [Grafana Enterprise]({{< relref "../../../../introduction/grafana-enterprise/" >}}) and [Grafana Cloud](/docs/grafana-cloud).
|
||||
{{% /admonition %}}
|
||||
|
||||
You can create, change or remove [Custom roles](ref:manage-rbac-roles-create-custom-roles-using-provisioning) and create or remove [basic role assignments](ref:assign-rbac-roles-assign-a-fixed-role-to-a-basic-role-using-provisioning), by adding one or more YAML configuration files in the `provisioning/access-control/` directory.
|
||||
You can create, change or remove [Custom roles]({{< relref "./manage-rbac-roles/#create-custom-roles-using-provisioning" >}}) and create or remove [basic role assignments]({{< relref "./assign-rbac-roles/#assign-a-fixed-role-to-a-basic-role-using-provisioning" >}}), by adding one or more YAML configuration files in the `provisioning/access-control/` directory.
|
||||
|
||||
Grafana performs provisioning during startup. After you make a change to the configuration file, you can reload it during runtime. You do not need to restart the Grafana server for your changes to take effect.
|
||||
|
||||
@@ -73,13 +37,13 @@ Grafana performs provisioning during startup. After you make a change to the con
|
||||
|
||||
1. Add RBAC provisioning details to the configuration file.
|
||||
|
||||
Refer to [Manage RBAC roles](ref:rbac-manage-rbac-roles) and [Assign RBAC roles](ref:rbac-assign-rbac-roles) for instructions.
|
||||
Refer to [Manage RBAC roles]({{< relref "./manage-rbac-roles/" >}}) and [Assign RBAC roles]({{< relref "./assign-rbac-roles/" >}}) for instructions.
|
||||
|
||||
Refer to [example role provisioning file](#example-role-configuration-file-using-grafana-provisioning) for a complete example of a provisioning file.
|
||||
Refer to [example role provisioning file]({{< relref "#example-role-configuration-file-using-grafana-provisioning" >}}) for a complete example of a provisioning file.
|
||||
|
||||
1. Reload the provisioning configuration file.
|
||||
|
||||
For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations](/docs/grafana/<GRAFANA_VERSION>/developers/http_api/admin/#reload-provisioning-configurations).
|
||||
For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../../../developers/http_api/admin/#reload-provisioning-configurations" >}}).
|
||||
|
||||
## Example role configuration file using Grafana provisioning
|
||||
|
||||
@@ -167,6 +131,6 @@ teams:
|
||||
|
||||
## Useful Links
|
||||
|
||||
[Provisioning RBAC setup with Terraform](ref:rbac-terraform-provisioning)
|
||||
[Provisioning RBAC setup with Terraform]({{< relref "./rbac-terraform-provisioning">}})
|
||||
|
||||
[Grafana provisioning](https://grafana.com/docs/grafana/latest/administration/provisioning/)
|
||||
|
||||
@@ -10,43 +10,12 @@ labels:
|
||||
menuTitle: Provisioning RBAC with Terraform
|
||||
title: Provisioning RBAC with Terraform
|
||||
weight: 60
|
||||
refs:
|
||||
api-rbac-create-and-manage-custom-roles:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/developers/http_api/access_control/#create-and-manage-custom-roles
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/developer-resources/api-reference/http-api/access_control/#create-and-manage-custom-roles
|
||||
rbac-grafana-provisioning:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/rbac-grafana-provisioning/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/rbac-grafana-provisioning/
|
||||
service-accounts:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/service-accounts/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/service-accounts/
|
||||
service-accounts-create-a-service-account-in-grafana:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/service-accounts/#create-a-service-account-in-grafana
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/service-accounts/#create-a-service-account-in-grafana
|
||||
service-accounts-assign-roles-to-a-service-account-in-grafana:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/service-accounts/#assign-roles-to-a-service-account-in-grafana
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/service-accounts/#assign-roles-to-a-service-account-in-grafana
|
||||
service-accounts-to-add-a-token-to-a-service-account:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/service-accounts/#to-add-a-token-to-a-service-account
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/service-accounts/#to-add-a-token-to-a-service-account
|
||||
---
|
||||
|
||||
# Provisioning RBAC with Terraform
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
Available in [Grafana Enterprise](/docs/grafana/<GRAFANA_VERSION>/introduction/grafana-enterprise/) and [Grafana Cloud](/docs/grafana-cloud).
|
||||
Available in [Grafana Enterprise]({{< relref "../../../../introduction/grafana-enterprise/" >}}) and [Grafana Cloud](/docs/grafana-cloud).
|
||||
{{% /admonition %}}
|
||||
|
||||
You can create, change or remove [Custom roles](https://registry.terraform.io/providers/grafana/grafana/latest/docs/resources/role) and create or remove [basic and custom role assignments](https://registry.terraform.io/providers/grafana/grafana/latest/docs/resources/role_assignment), by using [Terraform's Grafana provider](https://registry.terraform.io/providers/grafana/grafana/latest/docs).
|
||||
@@ -59,15 +28,15 @@ You can create, change or remove [Custom roles](https://registry.terraform.io/pr
|
||||
|
||||
## Create a Service Account Token for provisioning
|
||||
|
||||
We recommend using service account tokens for provisioning. [Service accounts](ref:service-accounts) support fine grained permissions, which allows you to easily authenticate and use the minimum set of permissions needed to provision your RBAC infrastructure.
|
||||
We recommend using service account tokens for provisioning. [Service accounts]({{< relref "../../../service-accounts/" >}}) support fine grained permissions, which allows you to easily authenticate and use the minimum set of permissions needed to provision your RBAC infrastructure.
|
||||
|
||||
To create a service account token for provisioning, complete the following steps.
|
||||
|
||||
1. [Create a new service account](ref:service-accounts-create-a-service-account-in-grafana) for your CI pipeline.
|
||||
1. [Assign permissions to service account](ref:service-accounts-assign-roles-to-a-service-account-in-grafana):
|
||||
1. [Create a new service account]({{< relref "../../../service-accounts/#create-a-service-account-in-grafana" >}}) for your CI pipeline.
|
||||
1. [Assign permissions to service account]({{< relref "../../../service-accounts/#assign-roles-to-a-service-account-in-grafana" >}}):
|
||||
- You will need roles “Role reader”, "Role writer" and roles including any permissions that will be provisioned. For example, to create or assign a role that allows creating users, a service account needs permissions to create users.
|
||||
- Alternatively, you can assign "Admin" basic role to the service account.
|
||||
1. [Create a new service account token](ref:service-accounts-to-add-a-token-to-a-service-account) for use in Terraform.
|
||||
1. [Create a new service account token]({{< relref "../../../service-accounts/#to-add-a-token-to-a-service-account" >}}) for use in Terraform.
|
||||
|
||||
Alternatively, you can use basic authentication. To view all the supported authentication formats, see [here](https://registry.terraform.io/providers/grafana/grafana/latest/docs#authentication).
|
||||
|
||||
@@ -178,11 +147,11 @@ resource "grafana_role_assignment" "my_new_role_assignment" {
|
||||
|
||||
|
||||
Note that instead of using a provisioned role, you can also look up the `uid` of an already existing fixed or custom role and use that instead.
|
||||
You can use the [API endpoint for listing roles](ref:api-rbac-create-and-manage-custom-roles) to look up role `uid`s.
|
||||
You can use the [API endpoint for listing roles](https://grafana.com/docs/grafana/latest/developers/http_api/access_control/#create-and-manage-custom-roles) to look up role `uid`s.
|
||||
Similarly, you can look up and use `id`s of users, teams and service accounts that have not been provisioned to assign roles to them.
|
||||
|
||||
## Useful Links
|
||||
|
||||
[RBAC setup with Grafana provisioning](ref:rbac-grafana-provisioning)
|
||||
[RBAC setup with Grafana provisioning]({{< relref "./rbac-grafana-provisioning">}})
|
||||
|
||||
[Grafana Cloud Terraform provisioning](/docs/grafana-cloud/developer-resources/infrastructure-as-code/terraform/)
|
||||
[Grafana Cloud Terraform provisioning](/docs/grafana-cloud/infrastructure-as-code/terraform/)
|
||||
|
||||
@@ -27,7 +27,7 @@ filters = accesscontrol:debug accesscontrol.evaluator:debug dashboard.permission
|
||||
## Enable audit logging
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
Available in [Grafana Enterprise](/docs/grafana/<GRAFANA_VERSION>/introduction/grafana-enterprise/) version 7.3 and later, and [Grafana Cloud](/docs/grafana-cloud).
|
||||
Available in [Grafana Enterprise]({{< relref "../../../../introduction/grafana-enterprise/" >}}) version 7.3 and later, and [Grafana Cloud](/docs/grafana-cloud).
|
||||
{{% /admonition %}}
|
||||
|
||||
You can enable auditing in the Grafana configuration file.
|
||||
@@ -38,11 +38,11 @@ enabled = true
|
||||
```
|
||||
|
||||
All permission and role updates, and role assignments are added to audit logs.
|
||||
Learn more about [access control audit logs](/docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-security/audit-grafana/#access-control).
|
||||
Learn more about [access control audit logs]({{< relref "../../../../setup-grafana/configure-security/audit-grafana/#access-control" >}}).
|
||||
|
||||
## Missing dashboard, folder or data source permissions
|
||||
|
||||
[Dashboard and folder permissions](/docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/#dashboard-permissions) and [data source permissions](/docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/#data-source-permissions) can go out of sync if a Grafana instance version is upgraded, downgraded and then upgraded again.
|
||||
[Dashboard and folder permissions]({{< relref "../../#dashboard-permissions" >}}) and [data source permissions]({{< relref "../../#data-source-permissions" >}}) can go out of sync if a Grafana instance version is upgraded, downgraded and then upgraded again.
|
||||
This happens when an instance is downgraded from a version that uses RBAC to a version that uses the legacy access control, and dashboard, folder or data source permissions are updated.
|
||||
These permission updates will not be applied to RBAC, so permissions will be out of sync when the instance is next upgraded to a version with RBAC.
|
||||
|
||||
|
||||
@@ -15,56 +15,15 @@ labels:
|
||||
menuTitle: Service accounts
|
||||
title: Service accounts
|
||||
weight: 800
|
||||
refs:
|
||||
service-accounts:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/service-accounts/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/service-accounts/
|
||||
migrate-api-keys:
|
||||
- pattern: /docs/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/service-accounts/migrate-api-keys/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/service-accounts/migrate-api-keys/
|
||||
roles-and-permissions:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/cloud-roles/
|
||||
rbac:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/
|
||||
rbac-assign-rbac-roles:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/assign-rbac-roles/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/access-control/assign-rbac-roles/
|
||||
api-create-service-account:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/developers/http_api/serviceaccount/#create-service-account
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/developer-resources/api-reference/http-api/serviceaccount/#create-service-account
|
||||
api-create-service-account-tokens:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/developers/http_api/serviceaccount/#create-service-account-tokens
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/developer-resources/api-reference/http-api/serviceaccount/#create-service-account-tokens
|
||||
api-update-service-account:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/developers/http_api/serviceaccount/#update-service-account
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/developer-resources/api-reference/http-api/serviceaccount/#update-service-account
|
||||
---
|
||||
|
||||
# Service accounts
|
||||
|
||||
You can use a service account to run automated workloads in Grafana, such as dashboard provisioning, configuration, or report generation. Create service accounts and tokens to authenticate applications, such as Terraform, with the Grafana API.
|
||||
|
||||
{{< admonition type="note" >}}
|
||||
Service accounts replace [API keys](ref:migrate-api-keys) as the primary way to authenticate applications that interact with Grafana.
|
||||
{{< /admonition >}}
|
||||
{{% admonition type="note" %}}
|
||||
Service accounts replace [API keys](/docs/grafana/<GRAFANA_VERSION>/administration/service-accounts/migrate-api-keys/) as the primary way to authenticate applications that interact with Grafana.
|
||||
{{% /admonition %}}
|
||||
|
||||
A common use case for creating a service account is to perform operations on automated or triggered tasks. You can use service accounts to:
|
||||
|
||||
@@ -73,17 +32,15 @@ A common use case for creating a service account is to perform operations on aut
|
||||
- Set up an external SAML authentication provider
|
||||
- Interact with Grafana without signing in as a user
|
||||
|
||||
In [Grafana Enterprise](/docs/grafana/<GRAFANA_VERSION>/introduction/grafana-enterprise/), you can also use service accounts in combination with [role-based access control](ref:rbac) to grant very specific permissions to applications that interact with Grafana.
|
||||
In [Grafana Enterprise]({{< relref "../../introduction/grafana-enterprise/" >}}), you can also use service accounts in combination with [role-based access control]({{< relref "../roles-and-permissions/access-control/" >}}) to grant very specific permissions to applications that interact with Grafana.
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
Service accounts can only act in the organization they are created for. If you have the same task that is needed for multiple organizations, we recommend creating service accounts in each organization.
|
||||
|
||||
Service accounts can't be used for instance-wide operations, such as global user management and organization management. For these tasks, you need to use a user with [Grafana server administrator permissions](ref:roles-and-permissions).
|
||||
{{% /admonition %}}
|
||||
|
||||
{{< vimeo 742056367 >}}
|
||||
|
||||
_Video shows service accounts in Grafana v9.1. Refer to [Create a service account in Grafana](#create-a-service-account-in-grafana) for current instructions._
|
||||
_Video shows service accounts in Grafana v9.1. Refer to [Create a service account in Grafana]({{< relref "#create-a-service-account-in-grafana" >}}) for current instructions._
|
||||
|
||||
## Service account tokens
|
||||
|
||||
@@ -105,19 +62,19 @@ The added benefits of service accounts to API keys include:
|
||||
- Service accounts resemble Grafana users and can be enabled/disabled, granted specific permissions, and remain active until they are deleted or disabled. API keys are only valid until their expiry date.
|
||||
- Service accounts can be associated with multiple tokens.
|
||||
- Unlike API keys, service account tokens are not associated with a specific user, which means that applications can be authenticated even if a Grafana user is deleted.
|
||||
- You can grant granular permissions to service accounts by leveraging [role-based access control](ref:rbac). For more information about permissions, refer to [About users and permissions](ref:roles-and-permissions).
|
||||
- You can grant granular permissions to service accounts by leveraging [role-based access control]({{< relref "../roles-and-permissions/access-control/" >}}). For more information about permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/" >}}).
|
||||
|
||||
## Create a service account in Grafana
|
||||
|
||||
A service account can be used to run automated workloads in Grafana, like dashboard provisioning, configuration, or report generation. For more information about how you can use service accounts, refer to [About service accounts](ref:service-accounts).
|
||||
A service account can be used to run automated workloads in Grafana, like dashboard provisioning, configuration, or report generation. For more information about how you can use service accounts, refer to [About service accounts]({{< ref "#about-service-accounts" >}}).
|
||||
|
||||
For more information about creating service accounts via the API, refer to [Create a service account in the HTTP API](ref:api-create-service-account).
|
||||
For more information about creating service accounts via the API, refer to [Create a service account in the HTTP API]({{< relref "../../developers/http_api/serviceaccount/#create-service-account" >}}).
|
||||
|
||||
Note that the user who created a service account will also be able to read, update and delete the service account that they created, as well as permissions associated with that service account.
|
||||
|
||||
### Before you begin
|
||||
|
||||
- Ensure you have permission to create and edit service accounts. By default, the organization administrator role is required to create and edit service accounts. For more information about user permissions, refer to [About users and permissions](ref:roles-and-permissions).
|
||||
- Ensure you have permission to create and edit service accounts. By default, the organization administrator role is required to create and edit service accounts. For more information about user permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/#" >}}).
|
||||
|
||||
### To create a service account
|
||||
|
||||
@@ -133,13 +90,13 @@ Note that the user who created a service account will also be able to read, upda
|
||||
|
||||
## Add a token to a service account in Grafana
|
||||
|
||||
A service account token is a generated random string that acts as an alternative to a password when authenticating with Grafana’s HTTP API. For more information about service accounts, refer to [About service accounts in Grafana](ref:service-accounts).
|
||||
A service account token is a generated random string that acts as an alternative to a password when authenticating with Grafana’s HTTP API. For more information about service accounts, refer to [About service accounts in Grafana]({{< ref "#about-service-accounts" >}}).
|
||||
|
||||
You can create a service account token using the Grafana UI or via the API. For more information about creating a service account token via the API, refer to [Create service account tokens using the HTTP API](ref:api-create-service-account-tokens).
|
||||
You can create a service account token using the Grafana UI or via the API. For more information about creating a service account token via the API, refer to [Create service account tokens using the HTTP API]({{< relref "../../developers/http_api/serviceaccount/#create-service-account-tokens" >}}).
|
||||
|
||||
### Before you begin
|
||||
|
||||
- Ensure you have permission to create and edit service accounts. By default, the organization administrator role is required to create and edit service accounts. For more information about user permissions, refer to [About users and permissions](ref:roles-and-permissions).
|
||||
- Ensure you have permission to create and edit service accounts. By default, the organization administrator role is required to create and edit service accounts. For more information about user permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/#" >}}).
|
||||
|
||||
### Service account token expiration dates
|
||||
|
||||
@@ -161,9 +118,9 @@ By default, service account tokens don't have an expiration date, meaning they w
|
||||
## Assign roles to a service account in Grafana
|
||||
|
||||
You can assign roles to a Grafana service account to control access for the associated service account tokens.
|
||||
You can assign roles to a service account using the Grafana UI or via the API. For more information about assigning a role to a service account via the API, refer to [Update service account using the HTTP API](ref:api-update-service-account).
|
||||
You can assign roles to a service account using the Grafana UI or via the API. For more information about assigning a role to a service account via the API, refer to [Update service account using the HTTP API]({{< relref "../../developers/http_api/serviceaccount/#update-service-account" >}}).
|
||||
|
||||
In [Grafana Enterprise](/docs/grafana/<GRAFANA_VERSION>/introduction/grafana-enterprise/), you can also [assign RBAC roles](ref:rbac-assign-rbac-roles) to grant very specific permissions to applications that interact with Grafana.
|
||||
In [Grafana Enterprise]({{< relref "../../introduction/grafana-enterprise/" >}}), you can also [assign RBAC roles]({{< relref "../roles-and-permissions/access-control/assign-rbac-roles" >}}) to grant very specific permissions to applications that interact with Grafana.
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
Since Grafana 10.2.0, the `No Basic Role` is available for organization users or service accounts. This role has no permissions. Permissions can be granted with RBAC.
|
||||
@@ -171,7 +128,7 @@ Since Grafana 10.2.0, the `No Basic Role` is available for organization users or
|
||||
|
||||
### Before you begin
|
||||
|
||||
- Ensure you have permission to update service accounts roles. By default, the organization administrator role is required to update service accounts permissions. For more information about user permissions, refer to [About users and permissions](ref:roles-and-permissions).
|
||||
- Ensure you have permission to update service accounts roles. By default, the organization administrator role is required to update service accounts permissions. For more information about user permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/#" >}}).
|
||||
|
||||
### To assign a role to a service account
|
||||
|
||||
@@ -187,7 +144,7 @@ To control what and who can do with the service account you can assign permissio
|
||||
|
||||
### Before you begin
|
||||
|
||||
- Ensure you have permission to update user and team permissions of a service accounts. By default, the organization administrator role is required to update user and teams permissions for a service account. For more information about user permissions, refer to [About users and permissions](ref:roles-and-permissions).
|
||||
- Ensure you have permission to update user and team permissions of a service accounts. By default, the organization administrator role is required to update user and teams permissions for a service account. For more information about user permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/#" >}}).
|
||||
- Ensure you have permission to read teams.
|
||||
|
||||
### User and team permissions for a service account
|
||||
@@ -226,7 +183,7 @@ This can help you diagnose permissions-related issues with token authorization.
|
||||
|
||||
These endpoints provide details on a service account's token.
|
||||
If you haven't added a token to a service account, do so before proceeding.
|
||||
For details, refer to [Add a token to a service account](#add-a-token-to-a-service-account-in-grafana).
|
||||
For details, refer to [Add a token to a service account]({{< relref "#add-a-token-to-a-service-account-in-grafana" >}}).
|
||||
|
||||
### List a service account token's permissions
|
||||
|
||||
|
||||
@@ -15,38 +15,17 @@ labels:
|
||||
menuTitle: Migrate API keys
|
||||
title: Migrate API keys to service account tokens
|
||||
weight: 700
|
||||
refs:
|
||||
service-accounts:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/service-accounts/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/service-accounts/
|
||||
service-accounts-benefits:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/service-accounts/#service-account-benefits
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/service-accounts/#service-account-benefits
|
||||
roles-and-permissions:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/cloud-roles/
|
||||
api-service-account:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/developers/http_api/serviceaccount/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/developer-resources/api-reference/http-api/serviceaccount/
|
||||
---
|
||||
|
||||
# Migrate API keys to service account tokens
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
API keys are deprecated. [Service accounts](ref:service-accounts) now replace API keys for authenticating with the **HTTP APIs** and interacting with Grafana.
|
||||
API keys are deprecated. [Service accounts](/docs/grafana/latest/administration/service-accounts/) now replace API keys for authenticating with the **HTTP APIs** and interacting with Grafana.
|
||||
{{% /admonition %}}
|
||||
|
||||
API keys specify a role—either **Admin**, **Editor**, or **Viewer**—that determine the permissions associated with interacting with Grafana.
|
||||
|
||||
Compared to API keys, service accounts have limited scopes that provide more security. For more information on the benefits of service accounts, refer to [service account benefits](ref:service-accounts-benefits).
|
||||
Compared to API keys, service accounts have limited scopes that provide more security. For more information on the benefits of service accounts, refer to [service account benefits](/docs/grafana/latest/administration/service-accounts/#service-account-benefits).
|
||||
|
||||
When you migrate an API key to a service account, a service account is created with a service account token. Your existing API key—now migrated to a service account token—will continue working as before.
|
||||
|
||||
@@ -64,7 +43,7 @@ To follow these instructions, you need at least one of the following:
|
||||
- Editor permissions
|
||||
- Service account writer
|
||||
|
||||
For more information about permissions, refer to [Roles and permissions](ref:roles-and-permissions).
|
||||
For more information about permissions, refer to [Roles and permissions]({{< relref "../roles-and-permissions/#" >}}).
|
||||
|
||||
#### Steps
|
||||
|
||||
@@ -85,7 +64,7 @@ To migrate a single API key to a service account, complete the following steps:
|
||||
|
||||
## Migrate API keys using the HTTP API
|
||||
|
||||
This section shows you how to programmatically migrate API keys to Grafana service accounts using the HTTP API. For API additional information, refer to [Service account HTTP APIs](ref:api-service-account).
|
||||
This section shows you how to programmatically migrate API keys to Grafana service accounts using the HTTP API. For API additional information, refer to [Service account HTTP APIs](/docs/grafana/latest/developers/http_api/serviceaccount/).
|
||||
|
||||
#### Before you begin
|
||||
|
||||
|
||||
@@ -16,7 +16,7 @@ labels:
|
||||
- cloud
|
||||
- enterprise
|
||||
- oss
|
||||
title: Configure recording rules
|
||||
title: Create recording rules
|
||||
weight: 300
|
||||
refs:
|
||||
configure-grafana:
|
||||
@@ -29,31 +29,22 @@ refs:
|
||||
destination: /docs/grafana-cloud/alerting-and-irm/alerting/fundamentals/alert-rules/annotation-label/
|
||||
---
|
||||
|
||||
# Configure recording rules
|
||||
|
||||
{{< admonition type="note" >}}
|
||||
In Grafana Cloud, you can only create data source-managed recording rules.
|
||||
|
||||
In Grafana OSS and Enterprise, you can create both Grafana-managed and data source-managed recording rules if you enable the `grafanaManagedRecordingRules` feature flag.
|
||||
|
||||
For more information on enabling feature toggles, refer to [Configure feature toggles](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-grafana/feature-toggles).
|
||||
{{< /admonition >}}
|
||||
# Create recording rules
|
||||
|
||||
You can create and manage recording rules for an external Grafana Mimir or Loki instance.
|
||||
Recording rules calculate frequently needed expressions or computationally expensive expressions in advance and save the result as a new set of time series. Querying this new time series is faster, especially for dashboards since they query the same expression every time the dashboards refresh.
|
||||
|
||||
For more information on recording rules in Prometheus, refer to [Defining recording rules in Prometheus](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/).
|
||||
|
||||
**Note:**
|
||||
|
||||
Recording rules are run as instant rules, which means that they run every 10s. To overwrite this configuration, update the min_interval in your custom configuration file.
|
||||
|
||||
[min_interval](ref:configure-grafana) sets the minimum interval to enforce between rule evaluations. The default value is 10s which equals the scheduler interval. Rules will be adjusted if they are less than this value or if they are not multiple of the scheduler interval (10s). Higher values can help with resource management as fewer evaluations are scheduled over time.
|
||||
|
||||
This setting has precedence over each individual rule frequency. If a rule frequency is lower than this value, then this value is enforced.
|
||||
|
||||
## Configure data source-managed recording rules
|
||||
|
||||
Configure data source-managed recording rules.
|
||||
|
||||
### Before you begin
|
||||
## Before you begin
|
||||
|
||||
- Verify that you have write permission to the Prometheus or Loki data source. Otherwise, you will not be able to create or update Grafana Mimir managed alerting rules.
|
||||
|
||||
@@ -63,122 +54,25 @@ Configure data source-managed recording rules.
|
||||
|
||||
- **Grafana Mimir** - use the `/prometheus` prefix. The Prometheus data source supports both Grafana Mimir and Prometheus, and Grafana expects that both the [Query API](/docs/mimir/latest/operators-guide/reference-http-api/#querier--query-frontend) and [Ruler API](/docs/mimir/latest/operators-guide/reference-http-api/#ruler) are under the same URL. You cannot provide a separate URL for the Ruler API.
|
||||
|
||||
To configure data-source managed recording rules, complete the following steps.
|
||||
## Create recording rules
|
||||
|
||||
To create recording rules, follow these steps.
|
||||
|
||||
1. Click **Alerts & IRM** -> **Alerting** ->
|
||||
**Alert rules**.
|
||||
1. Scroll to the **Data source-managed section** and click **+New recording rule**.
|
||||
1. Select **Rule type** -> **Recording**.
|
||||
1. Click **+New recording rule**.
|
||||
|
||||
#### Enter recording rule name
|
||||
1. Enter recording rule name.
|
||||
|
||||
The recording rule name must be a Prometheus metric name and contain no whitespace.
|
||||
|
||||
#### Define recording rule
|
||||
|
||||
Select your data source and enter a query.
|
||||
|
||||
#### Add namespace and group
|
||||
|
||||
1. From the **Namespace** dropdown, select an existing rule namespace or add a new one.
|
||||
|
||||
Namespaces can contain one or more rule groups and only have an organizational purpose.
|
||||
|
||||
1. From the **Group** dropdown, select an existing group within the selected namespace or add a new one.
|
||||
|
||||
Newly created rules are appended to the end of the group. Rules within a group are run sequentially at a regular interval, with the same evaluation time.
|
||||
|
||||
#### Add labels
|
||||
|
||||
1. Add custom labels selecting existing key-value pairs from the drop down, or add new labels by entering the new key or value.
|
||||
The recording rule name must be a Prometheus metric name and contain no whitespace.
|
||||
|
||||
1. Define recording rule.
|
||||
- Select your Loki or Prometheus data source.
|
||||
- Enter a query.
|
||||
1. Add namespace and group.
|
||||
- From the **Namespace** dropdown, select an existing rule namespace or add a new one. Namespaces can contain one or more rule groups and only have an organizational purpose.
|
||||
- From the **Group** dropdown, select an existing group within the selected namespace or add a new one. Newly created rules are appended to the end of the group. Rules within a group are run sequentially at a regular interval, with the same evaluation time.
|
||||
1. Add labels.
|
||||
- Add custom labels selecting existing key-value pairs from the drop down, or add new labels by entering the new key or value .
|
||||
1. Click **Save rule** to save the rule or **Save rule and exit** to save the rule and go back to the Alerting page.
|
||||
|
||||
## Configure Grafana-managed recording rules
|
||||
|
||||
Configure Grafana-managed recording rules.
|
||||
|
||||
{{< admonition type="note" >}}
|
||||
This feature is only available for Grafana OSS and Enterprise users. It is not available in Grafana Cloud.
|
||||
{{< /admonition >}}
|
||||
|
||||
### Before you begin
|
||||
|
||||
- Enable the `grafanaManagedRecordingRules` [feature flag](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-grafana/feature-toggles/).
|
||||
|
||||
To configure Grafana-managed recording rules, complete the following steps.
|
||||
|
||||
1. Click **Alerts & IRM** -> **Alerting** ->
|
||||
**Alert rules**.
|
||||
1. Scroll to the **Grafana-managed section** and click **+New recording rule**.
|
||||
|
||||
#### Enter a recording rule and metric name
|
||||
|
||||
Enter a names to identify your recording rule and metric. The metric name must be a Prometheus metric name and contain no whitespace.
|
||||
|
||||
For more information, refer to [Metrics and labels](https://prometheus.io/docs/concepts/data_model/#metric-names-and-labels).
|
||||
|
||||
#### Define recording rule
|
||||
|
||||
Define a query to get the data you want to measure and a condition that needs to be met before an alert rule fires.
|
||||
|
||||
1. Select a data source.
|
||||
1. From the **Options** dropdown, specify a time range.
|
||||
|
||||
{{< admonition type="note" >}}
|
||||
Grafana Alerting only supports fixed relative time ranges, for example, `now-24hr: now`.
|
||||
|
||||
It does not support absolute time ranges: `2021-12-02 00:00:00 to 2021-12-05 23:59:592` or semi-relative time ranges: `now/d to: now`.
|
||||
{{< /admonition >}}
|
||||
|
||||
1. Add a query.
|
||||
|
||||
To add multiple queries, click **Add query**.
|
||||
|
||||
All alert rules are managed by Grafana by default. If you want to switch to a data source-managed alert rule, click **Switch to data source-managed alert rule**.
|
||||
|
||||
2. Add one or more [expressions].
|
||||
|
||||
a. For each expression, select either **Classic condition** to create a single alert rule, or choose from the **Math**, **Reduce**, and **Resample** options to generate separate alert for each series.
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
When using Prometheus, you can use an instant vector and built-in functions, so you don't need to add additional expressions.
|
||||
{{% /admonition %}}
|
||||
|
||||
b. Click **Preview** to verify that the expression is successful.
|
||||
|
||||
3. To add a recovery threshold, turn the **Custom recovery threshold** toggle on and fill in a value for when your alert rule should stop firing.
|
||||
|
||||
You can only add one recovery threshold in a query and it must be the alert condition.
|
||||
|
||||
4. Click **Set as alert condition** on the query or expression you want to set as your alert condition.
|
||||
|
||||
#### Set evaluation behavior
|
||||
|
||||
Use alert rule evaluation to determine how frequently an alert rule should be evaluated and how quickly it should change its state.
|
||||
|
||||
To do this, you need to make sure that your alert rule is in the right evaluation group and set a pending period time that works best for your use case.
|
||||
|
||||
1. Select a folder or click **+ New folder**.
|
||||
1. Select an evaluation group or click **+ New evaluation group**.
|
||||
|
||||
If you are creating a new evaluation group, specify the interval for the group.
|
||||
|
||||
All rules within the same group are evaluated concurrently over the same time interval.
|
||||
|
||||
1. Enter a pending period.
|
||||
|
||||
The pending period is the period in which an alert rule can be in breach of the condition until it fires.
|
||||
|
||||
Once a condition is met, the alert goes into the **Pending** state. If the condition remains active for the duration specified, the alert transitions to the **Firing** state, else it reverts to the **Normal** state.
|
||||
|
||||
1. Turn on pause alert notifications, if required.
|
||||
|
||||
{{< admonition type="note" >}}
|
||||
You can pause alert rule evaluation to prevent noisy alerting while tuning your alerts.
|
||||
Pausing stops alert rule evaluation and doesn't create any alert instances.
|
||||
This is different to mute timings, which stop notifications from being delivered, but still allows for alert rule evaluation and the creation of alert instances.
|
||||
{{< /admonition >}}
|
||||
|
||||
#### Add labels
|
||||
|
||||
Add labels to your rule for searching, silencing, or routing to a notification policy.
|
||||
|
||||
@@ -43,35 +43,33 @@ refs:
|
||||
|
||||
# Configure data source-managed alert rules
|
||||
|
||||
Create data source-managed alert rules for Grafana Mimir or Grafana Loki data sources, which have been configured to support rule creation.
|
||||
|
||||
To configure your Grafana Mimir or Loki data source for alert rule creation, enable either the Loki Ruler API or the Mimir Ruler API.
|
||||
|
||||
For more information, refer to [Loki Ruler API](/docs/loki/<GRAFANA_VERSION>/api/#ruler) or [Mimir Ruler API](/docs/mimir/<GRAFANA_VERSION>/references/http-api/#ruler).
|
||||
Create alert rules for an external Grafana Mimir or Loki instance that has ruler API enabled; these are called data source-managed alert rules.
|
||||
|
||||
**Note**:
|
||||
|
||||
Alert rules for a Grafana Mimir or Loki instance can be edited or deleted by users with Editor or Admin roles.
|
||||
Alert rules for an external Grafana Mimir or Loki instance can be edited or deleted by users with Editor or Admin roles.
|
||||
|
||||
If you delete an alerting resource created in the UI, you can no longer retrieve it.
|
||||
To make a backup of your configuration and to be able to restore deleted alerting resources, create your alerting resources using file provisioning, Terraform, or the Alerting API.
|
||||
|
||||
## Before you begin
|
||||
|
||||
- Verify that you have write permission to the Mimir or Loki data source. Otherwise, you cannot create or update Grafana Mimir or Loki-managed alert rules.
|
||||
- Verify that you have write permission to the Prometheus or Loki data source. Otherwise, you will not be able to create or update Grafana Mimir managed alert rules.
|
||||
|
||||
- Enable the Mimir or Loki Ruler API.
|
||||
- For Grafana Mimir and Loki data sources, enable the Ruler API by configuring their respective services.
|
||||
|
||||
- **Loki** - The `local` rule storage type, default for the Loki data source, supports only viewing of rules. To edit rules, configure one of the other rule storage types.
|
||||
|
||||
- **Grafana Mimir** - use the `/prometheus` prefix. The Prometheus data source supports both Grafana Mimir and Prometheus, and Grafana expects that both the [Query API](/docs/mimir/latest/operators-guide/reference-http-api/#querier--query-frontend) and [Ruler API](/docs/mimir/latest/operators-guide/reference-http-api/#ruler) are under the same URL. You cannot provide a separate URL for the Ruler API.
|
||||
|
||||
Watch this video to learn more about how to create a Mimir-managed alert rule: {{< vimeo 720001865 >}}
|
||||
Watch this video to learn more about how to create a Mimir managed alert rule: {{< vimeo 720001865 >}}
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
If you do not want to manage alert rules for a particular Loki or Mimir data source, go to its settings and clear the **Manage alerts via Alerting UI** checkbox.
|
||||
If you do not want to manage alert rules for a particular Loki or Prometheus data source, go to its settings and clear the **Manage alerts via Alerting UI** checkbox.
|
||||
{{% /admonition %}}
|
||||
|
||||
In the following sections, we’ll guide you through the process of creating your data source-managed alert rules.
|
||||
|
||||
To create a data source-managed alert rule, use the in-product alert creation flow and follow these steps to help you.
|
||||
|
||||
## Set alert rule name
|
||||
|
||||
@@ -53,7 +53,7 @@ To create a notification template that contains more than one template:
|
||||
|
||||
## Preview notification templates
|
||||
|
||||
Preview how your notification templates should look before using them in your contact points, helping you understand the result of the template you are creating as well as enabling you to fix any errors before saving it.
|
||||
Preview how your notification templates will look before using them in your contact points, helping you understand the result of the template you are creating as well as enabling you to fix any errors before saving it.
|
||||
|
||||
**Note:** This feature is only for Grafana Alertmanager.
|
||||
|
||||
@@ -81,7 +81,7 @@ To preview your notification templates:
|
||||
|
||||
c. Click **Add alert data**.
|
||||
|
||||
d. Click **Refresh preview** to see what your template content should look like and the corresponding payload data.
|
||||
d. Click **Refresh preview** to see what your template content will look like and the corresponding payload data.
|
||||
|
||||
If there are any errors in your template, they are displayed in the Preview and you can correct them before saving.
|
||||
|
||||
@@ -162,86 +162,6 @@ Resolved alerts:
|
||||
{{ template "email.message" . }}
|
||||
```
|
||||
|
||||
## Group multiple alert instances into one email notification
|
||||
|
||||
To make alerts more concise, you can group multiple instances of a firing alert into a single email notification in a table format. This way, you avoid long, repetitive emails and make alerts easier to digest.
|
||||
|
||||
Follow these steps to create a custom notification template that consolidates alert instances into a table.
|
||||
|
||||
1. Modify the alert rule to include an annotation that is referenced in the notification template later on.
|
||||
1. Enter a name for the **custom annotation**: In this example, _ServerInfo_.
|
||||
1. Enter the following code as the value for the annotation. It retrieves the server's instance name and a corresponding metric value, formatted as a table row:
|
||||
|
||||
```
|
||||
{{ index $labels "instance" }}{{- "\t" -}}{{ index $values "A"}}{{- "\n" -}}
|
||||
```
|
||||
|
||||
This line of code returns the labels and their values in the form of a table. Assuming $labels has `{"instance": "node1"}` and $values has `{"A": "123"}`, the output would be:
|
||||
|
||||
```
|
||||
node1 123
|
||||
```
|
||||
|
||||
1. Create a notification template that references the _ServerInfo_ annotation.
|
||||
|
||||
```go
|
||||
{{ define "Table" }}
|
||||
{{- "\nHost\t\tValue\n" -}}
|
||||
{{ range .Alerts -}}
|
||||
{{ range .Annotations.SortedPairs -}}
|
||||
{{ if (eq .Name "ServerInfo") -}}
|
||||
{{ .Value -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{ end }}
|
||||
```
|
||||
|
||||
The notification template outputs a list of server information from the "ServerInfo" annotation for each alert instance.
|
||||
|
||||
1. Navigate to your contact point in Grafana
|
||||
1. In the **Message** field, reference the template by name (see **Optional Email settings** section):
|
||||
|
||||
```
|
||||
{{ template "Table" . }}
|
||||
```
|
||||
|
||||
This generates a neatly formatted table in the email, grouping information for all affected servers into a single notification.
|
||||
|
||||
## Conditional notification template
|
||||
|
||||
Template alert notifications based on a label. In this example the label represents a namespace.
|
||||
|
||||
1. Use the following code in your notification template to display different messages based on the namespace:
|
||||
|
||||
```go
|
||||
{{ define "my_conditional_notification" }}
|
||||
{{ if eq .CommonLabels.namespace "namespace-a" }}
|
||||
Alert: CPU limits have reached 80% in namespace-a.
|
||||
{{ else if eq .CommonLabels.namespace "namespace-b" }}
|
||||
Alert: CPU limits have reached 80% in namespace-b.
|
||||
{{ else if eq .CommonLabels.namespace "namespace-c" }}
|
||||
Alert: CPU limits have reached 80% in namespace-c.
|
||||
{{ else }}
|
||||
Alert: CPU limits have reached 80% for {{ .CommonLabels.namespace }} namespace.
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
```
|
||||
|
||||
`.CommonLabels` is a map containing the labels that are common to all the alerts firing.
|
||||
|
||||
Make sure to replace the `.namespace` label with a label that exists in your alert rule.
|
||||
|
||||
1. Replace `namespace-a`, `namespace-b`, and `namespace-c` with your specific namespace values.
|
||||
1. Navigate to your contact point in Grafana
|
||||
1. In the **Message** field, reference the template by name (see **Optional settings** section):
|
||||
|
||||
```
|
||||
{{ template "my_conditional_notification" . }}
|
||||
```
|
||||
|
||||
This template alters the content of alert notifications depending on the namespace value.
|
||||
|
||||
## Template the title of a Slack message
|
||||
|
||||
Template the title of a Slack message to contain the number of firing and resolved alerts:
|
||||
|
||||
@@ -69,7 +69,7 @@ Grafana supports two different alert rule types: Grafana-managed alert rules and
|
||||
|
||||
## Grafana-managed alert rules
|
||||
|
||||
Grafana-managed alert rules are the most flexible alert rule type. They allow you to create alert rules that can act on data from any of the [supported data sources](#supported-data-sources), and use multiple data sources in a single alert rule. You can also add expressions to transform your data and set alert conditions. Using images in alert notifications is also supported.
|
||||
Grafana-managed alert rules are the most flexible alert rule type. They allow you to create alerts that can act on data from any of the [supported data sources](#supported-data-sources), and use multiple data sources in a single alert rule.
|
||||
|
||||
Additionally, you can also add [expressions to transform your data](ref:expression-queries), set custom alert conditions, and include [images in alert notifications](ref:notification-images).
|
||||
|
||||
@@ -87,11 +87,9 @@ Find the public data sources supporting Alerting in the [Grafana Plugins directo
|
||||
|
||||
## Data source-managed alert rules
|
||||
|
||||
Data source-managed alert rules can be used for Grafana Mimir or Grafana Loki data sources which have been configured to support rule creation.
|
||||
Data source-managed alert rules can improve query performance via [recording rules](#recording-rules) and ensure high-availability and fault tolerance when implementing a distributed architecture.
|
||||
|
||||
They can improve query performance via [recording rules](#recording-rules) and ensure high-availability and fault tolerance when implementing a distributed architecture.
|
||||
|
||||
They are only supported for Grafana Mimir or Grafana Loki data sources with the Ruler API enabled. For more information, refer to the [Loki Ruler API](/docs/loki/<GRAFANA_VERSION>/api/#ruler) or [Mimir Ruler API](/docs/mimir/<GRAFANA_VERSION>/references/http-api/#ruler).
|
||||
They are only supported for Prometheus-based or Loki data sources with the Ruler API enabled. For more information, refer to the [Loki Ruler API](/docs/loki/<GRAFANA_VERSION>/api/#ruler) or [Mimir Ruler API](/docs/mimir/<GRAFANA_VERSION>/references/http-api/#ruler).
|
||||
|
||||
{{< figure src="/media/docs/alerting/mimir-managed-alerting-architecture-v2.png" max-width="750px" caption="Mimir-managed alerting architecture" >}}
|
||||
|
||||
@@ -100,7 +98,7 @@ They are only supported for Grafana Mimir or Grafana Loki data sources with the
|
||||
1. Alert rules are evaluated by the Alert Rule Evaluation Engine.
|
||||
1. Firing and resolved alert instances are forwarded to [handle their notifications](ref:notifications).
|
||||
|
||||
## Recording rules
|
||||
### Recording rules
|
||||
|
||||
A recording rule allows you to pre-compute frequently needed or computationally expensive expressions and save their result as a new set of time series. This is useful if you want to run alerts on aggregated data or if you have dashboards that query computationally expensive expressions repeatedly.
|
||||
|
||||
@@ -116,7 +114,7 @@ When choosing which alert rule type to use, consider the following comparison be
|
||||
| ------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| Create alert rules<wbr /> based on data from any of the supported data sources | Yes | No. You can only create alert rules that are based on Prometheus-based data. |
|
||||
| Mix and match data sources | Yes | No |
|
||||
| Includes support for recording rules | Yes. Only for Grafana OSS users with the `grafanaManagedRecordingRules` feature flag enabled. | Yes |
|
||||
| Includes support for recording rules | No | Yes |
|
||||
| Add expressions to transform<wbr /> your data and set alert conditions | Yes | No |
|
||||
| Use images in alert notifications | Yes | No |
|
||||
| Organization | Organize and manage access with folders | Use namespaces |
|
||||
|
||||
@@ -34,46 +34,35 @@ Grafana Alerting is based on the architecture of the Prometheus alerting system.
|
||||
|
||||
{{< figure src="/media/docs/alerting/alerting-alertmanager-architecture.png" max-width="750px" alt="A diagram with the alert generator and alert manager architecture" >}}
|
||||
|
||||
This architecture decouples alert rule evaluation from notification handling, allowing alerts to be forwarded to other Alertmanagers.
|
||||
Grafana has its own pre-configured Alertmanager, referred to as "Grafana" in the user interface:
|
||||
|
||||
Grafana can use different Alertmanagers. It’s important to note that each Alertmanager manages its own independent alerting resources, such as:
|
||||
- **Grafana Alertmanager** is the default internal Alertmanager if you run Grafana on-premises or as open source. It can receive alerts from Grafana but cannot receive alerts from external alert generators such as Mimir or Loki.
|
||||
|
||||
- Contact points and notification templates
|
||||
- Notification policies and mute timings
|
||||
- Silences
|
||||
- Active notifications
|
||||
- **Cloud Alertmanager** runs in Grafana Cloud and can receive Grafana-managed alerts and Data sources-managed alerts like Mimir, Loki, and Prometheus.
|
||||
|
||||
Use the `Choose Alertmanager` on these pages to switch between Alertmanagers.
|
||||
Grafana Alerting also supports sending alerts to **External Alertmanagers**, such as the [Prometheus Alertmanager](https://prometheus.io/docs/alerting/latest/alertmanager/), which can receive alerts from Grafana, Loki, Mimir, and Prometheus.
|
||||
|
||||
{{< figure src="/media/docs/alerting/alerting-choose-alertmanager.png" max-width="750px" alt="A screenshot choosing an Alertmanager in the notification policies UI" >}}
|
||||
|
||||
## Types of Alertmanagers in Grafana
|
||||
|
||||
Grafana can be configured to manage both Grafana-managed and data source-managed alerts using various Alertmanagers, depending on your infrastructure and alerting requirements.
|
||||
|
||||
- **Grafana Alertmanager**: Grafana has its own built-in Alertmanager, referred to as "Grafana" in the user interface. It is the default Alertmanager and can only handle Grafana-managed alerts.
|
||||
|
||||
- **Cloud Alertmanager**: Each Grafana Cloud instance comes preconfigured with an additional Alertmanager (`grafanacloud-STACK_NAME-ngalertmanager`) from the Mimir (Prometheus) instance running in the Grafana Cloud Stack.
|
||||
|
||||
The Cloud Alertmanager is available exclusively in Grafana Cloud and can handle both Grafana-managed and data source-managed alerts.
|
||||
|
||||
Some Grafana Cloud services, such as **Kubernetes Monitoring** and **Synthetic Monitoring** use the Cloud Alertmanager to create and manage alerts.
|
||||
|
||||
- **Other Alertmanagers**: Grafana Alerting also supports sending alerts to other Alertmanagers, such as the [Prometheus Alertmanager](https://prometheus.io/docs/alerting/latest/alertmanager/), which can handle Grafana-managed alerts and data sources-managed alerts such as alerts from Loki, Mimir, and Prometheus.
|
||||
|
||||
You can use a combination of Alertmanagers. The decision often depends on your alerting setup and where your alerts are being generated. Here are two examples of when you may want to add an Alertmanager and send your alerts there instead of using the built-in Grafana Alertmanager.
|
||||
You can use both internal and external Alertmanagers. The decision often depends on your alerting setup and where your alerts are being generated. Here are two examples of when you may want to [add an external Alertmanager](#add-an-external-alertmanager) and send your alerts there instead of the default Grafana Alertmanager:
|
||||
|
||||
1. You may already have Alertmanagers on-premises in your own Cloud infrastructure that you still want to use because you have other alert generators, such as Prometheus.
|
||||
|
||||
2. You want to use both Prometheus on-premises and hosted Grafana to send alerts to the same Alertmanager that runs in your Cloud infrastructure.
|
||||
|
||||
## Add an Alertmanager
|
||||
## Add an external Alertmanager
|
||||
|
||||
From Grafana, you can configure and administer your own Alertmanager to receive Grafana alerts.
|
||||
From Grafana, you can configure and administer your own external Alertmanager to receive Grafana alerts.
|
||||
|
||||
After adding an Alertmanager, you can use the Grafana Alerting UI to manage notification policies, contact points, and other alerting resources from within Grafana, with support for HTTP basic authentication credentials.
|
||||
{{% admonition type="note" %}}
|
||||
Grafana Alerting does not support sending alerts to the AWS Managed Service for Prometheus due to the lack of sigv4 support in Prometheus.
|
||||
{{% /admonition %}}
|
||||
|
||||
Alertmanagers should be configured as data sources using Grafana Configuration from the main Grafana navigation menu. To add an Alertmanager, complete the following steps.
|
||||
After you have added the Alertmanager, you can use the Grafana Alerting UI to manage silences, contact points, and notification policies. A drop-down option in these pages allows you to switch between alertmanagers.
|
||||
|
||||
{{< figure src="/media/docs/alerting/alerting-choose-alertmanager.png" max-width="750px" alt="A screenshot choosing an Alertmanager in the notification policies UI" >}}
|
||||
|
||||
External alertmanagers should now be configured as data sources using Grafana Configuration from the main Grafana navigation menu. This enables you to manage the contact points and notification policies of external alertmanagers from within Grafana and also encrypts HTTP basic authentication credentials.
|
||||
|
||||
To add an external Alertmanager, complete the following steps.
|
||||
|
||||
1. Click **Connections** in the left-side menu.
|
||||
1. On the Connections page, search for `Alertmanager`.
|
||||
@@ -89,14 +78,10 @@ Alertmanagers should be configured as data sources using Grafana Configuration f
|
||||
|
||||
1. Click **Save & test**.
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
Grafana Alerting does not support sending alerts to the AWS Managed Service for Prometheus due to the lack of sigv4 support in Prometheus.
|
||||
{{% /admonition %}}
|
||||
|
||||
## Manage Alertmanager configurations
|
||||
|
||||
{{< admonition type="note" >}}
|
||||
On the Settings page, you can manage your Alertmanager configurations and configure where Grafana-managed alert instances are forwarded.
|
||||
|
||||
- Manage which Alertmanagers receive alert instances from Grafana-managed rules without navigating and editing data sources.
|
||||
- Manage version snapshots for the built-in Alertmanager, which allows administrators to roll back unintentional changes or mistakes in the Alertmanager configuration.
|
||||
- Compare the historical snapshot with the latest configuration to see which changes were made.
|
||||
{{< /admonition >}}
|
||||
|
||||
@@ -60,7 +60,6 @@ Since gossiping of notifications and silences uses both TCP and UDP port `9094`,
|
||||
You must have at least one (1) Grafana instance added to the `ha_peers` section.
|
||||
1. Set `[ha_listen_address]` to the instance IP address using a format of `host:port` (or the [Pod's](https://kubernetes.io/docs/concepts/workloads/pods/) IP in the case of using Kubernetes).
|
||||
By default, it is set to listen to all interfaces (`0.0.0.0`).
|
||||
1. Set `[ha_advertise_address]` to the instance's hostname or IP address in the format "host:port". Use this setting when the instance is behind NAT (Network Address Translation), such as in Docker Swarm or Kubernetes service, where external and internal addresses differ. This address helps other cluster instances communicate with it. The setting is optional.
|
||||
1. Set `[ha_peer_timeout]` in the `[unified_alerting]` section of the custom.ini to specify the time to wait for an instance to send a notification via the Alertmanager. The default value is 15s, but it may increase if Grafana servers are located in different geographic regions or if the network latency between them is high.
|
||||
|
||||
For a demo, see this [example using Docker Compose](https://github.com/grafana/alerting-ha-docker-examples/tree/main/memberlist).
|
||||
@@ -76,7 +75,6 @@ database for HA and cannot support the meshing of all Grafana servers.
|
||||
1. Optional: Set the username and password if authentication is enabled on the Redis server using `ha_redis_username` and `ha_redis_password`.
|
||||
1. Optional: Set `ha_redis_prefix` to something unique if you plan to share the Redis server with multiple Grafana instances.
|
||||
1. Optional: Set `ha_redis_tls_enabled` to `true` and configure the corresponding `ha_redis_tls_*` fields to secure communications between Grafana and Redis with Transport Layer Security (TLS).
|
||||
1. Set `[ha_advertise_address]` to `ha_advertise_address = "${POD_IP}:9094"` This is required if the instance doesn't have an IP address that is part of RFC 6890 with a default route.
|
||||
|
||||
For a demo, see this [example using Docker Compose](https://github.com/grafana/alerting-ha-docker-examples/tree/main/redis).
|
||||
|
||||
|
||||
@@ -60,8 +60,6 @@ refs:
|
||||
service-accounts:
|
||||
- pattern: /docs/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/service-accounts/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/account-management/authentication-and-permissions/service-accounts/
|
||||
rbac-role-definitions:
|
||||
- pattern: /docs/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/
|
||||
|
||||
@@ -335,11 +335,11 @@ You can customize the branding options.
|
||||
|
||||
Report branding:
|
||||
|
||||
- **Company logo:** Company logo displayed in the report PDF. It can be configured by specifying a URL, or by uploading a file. The maximum file size is 16 MB. Defaults to the Grafana logo.
|
||||
- **Company logo:** Company logo displayed in the report PDF. It can be configured by specifying a URL, or by uploading a file. Defaults to the Grafana logo.
|
||||
|
||||
Email branding:
|
||||
|
||||
- **Company logo:** Company logo displayed in the report email. It can be configured by specifying a URL, or by uploading a file. The maximum file size is 16 MB. Defaults to the Grafana logo.
|
||||
- **Company logo:** Company logo displayed in the report email. It can be configured by specifying a URL, or by uploading a file. Defaults to the Grafana logo.
|
||||
- **Email footer:** Toggle to enable the report email footer. Select **Sent by** or **None**.
|
||||
- **Footer link text:** Text of the link in the report email footer. Defaults to `Grafana`.
|
||||
- **Footer link URL:** Link of the report email footer.
|
||||
|
||||
@@ -46,11 +46,6 @@ refs:
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/explore/explore-inspector/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/explore/explore-inspector/
|
||||
explore-traces-app:
|
||||
- pattern: /docs/grafana/
|
||||
destination: /docs/grafana/<GRAFANA_VERSION>/explore/simplified-exploration/traces/
|
||||
- pattern: /docs/grafana-cloud/
|
||||
destination: /docs/grafana-cloud/visualizations/simplified-exploration/traces/
|
||||
---
|
||||
|
||||
# Query tracing data
|
||||
@@ -60,10 +55,6 @@ The queries use [TraceQL](/docs/tempo/latest/traceql), the query language design
|
||||
|
||||
For general documentation on querying data sources in Grafana, refer to [Query and transform data](ref:query-transform-data).
|
||||
|
||||
{{< admonition type="tip" >}}
|
||||
Don't know TraceQL? Try [Explore Traces](ref:explore-traces-app), an intuitive, queryless app that lets you explore your tracing data using RED metrics.
|
||||
{{< /admonition >}}
|
||||
|
||||
## Before you begin
|
||||
|
||||
You can compose TraceQL queries in Grafana and Grafana Cloud using **Explore** and a Tempo data source.
|
||||
|
||||
@@ -7,41 +7,12 @@ keywords:
|
||||
title: Simplified exploration
|
||||
menuTitle: Simplified exploration
|
||||
weight: 100
|
||||
hero:
|
||||
title: Simplified exploration with the Explore apps
|
||||
level: 1
|
||||
width: 100
|
||||
height: 100
|
||||
description: Use Explore Profiles to investigate and identify issues using profiling data.
|
||||
cards:
|
||||
title_class: pt-0 lh-1
|
||||
items:
|
||||
- title: Explore Metrics
|
||||
href: ./metrics/
|
||||
description: Quickly find related metrics with a few clicks, without needing to write PromQL queries to retrieve metrics.
|
||||
height: 24
|
||||
- title: Explore Logs
|
||||
href: ./logs/
|
||||
description: Visualize log volumes to easily detect anomalies or significant changes over time, without needing to compose LogQL queries.
|
||||
height: 24
|
||||
- title: Explore Traces
|
||||
href: ./traces/
|
||||
description: Use Rate, Errors, and Duration (RED) metrics derived from traces to investigate and understand errors and latency issues within complex distributed systems.
|
||||
height: 24
|
||||
- title: Explore Profiles
|
||||
href: ./profiles/
|
||||
description: View and analyze high-level service performance, identify problem processes for optimization, and diagnose issues to determine root causes.
|
||||
height: 24
|
||||
---
|
||||
|
||||
# Simplified exploration
|
||||
|
||||
The Grafana Explore apps are designed for effortless data exploration through intuitive, queryless interactions.
|
||||
Introducing the Grafana Explore apps, designed for effortless data exploration through intuitive, queryless interactions.
|
||||
|
||||
Easily explore telemetry signals with these specialized tools, tailored specifically for the Grafana databases to provide quick and accurate insights.
|
||||
|
||||
To learn more, read [A queryless experience for exploring metrics, logs, traces, and profiles: Introducing the Explore apps suite for Grafana](https://grafana.com/blog/2024/09/24/queryless-metrics-logs-traces-profiles/).
|
||||
|
||||
{{< youtube id="MSHeWWsHaIA" >}}
|
||||
|
||||
{{< card-grid key="cards" type="simple" >}}
|
||||
{{< section >}}
|
||||
|
||||
@@ -16,6 +16,10 @@ weight: 200
|
||||
|
||||
Grafana Explore Metrics is a query-less experience for browsing **Prometheus-compatible** metrics. Quickly find related metrics with just a few simple clicks, without needing to write PromQL queries to retrieve metrics.
|
||||
|
||||
{{% admonition type="caution" %}}
|
||||
Explore Metrics is currently in [public preview](/docs/release-life-cycle/). Grafana Labs offers limited support, and breaking changes might occur prior to the feature being made generally available.
|
||||
{{% /admonition %}}
|
||||
|
||||
With Explore Metrics, you can:
|
||||
|
||||
- Easily segment metrics based on their labels, so you can immediately spot anomalies and identify issues.
|
||||
|
||||
@@ -25,94 +25,16 @@ refs:
|
||||
|
||||
# Gauge
|
||||
|
||||
Gauges are single-value visualizations that allow you to quickly visualize where a value falls within a defined or calculated min and max range. With repeat options, you can display multiple gauges, each corresponding to a different series, column, or row.
|
||||
Gauges are single-value visualizations that can repeat a gauge for every series, column or row.
|
||||
|
||||
{{< figure src="/static/img/docs/v66/gauge_panel_cover.png" max-width="1025px" alt="A gauge visualization">}}
|
||||
|
||||
You can use gauges if you need to track:
|
||||
|
||||
- Service level objectives (SLOs)
|
||||
- How full a piece of equipment is
|
||||
- How fast a vehicle is moving within a set of limits
|
||||
- Network latency
|
||||
- Equipment state with setpoint and alarm thresholds
|
||||
- CPU consumption (0-100%)
|
||||
- RAM availability
|
||||
|
||||
## Configure a time series visualization
|
||||
{{< docs/play title="Grafana Gauge Visualization" url="https://play.grafana.org/d/KIhkVD6Gk/" >}}
|
||||
|
||||
The following video provides beginner steps for creating gauge panels. You'll learn the data requirements and caveats, special customizations, and much more:
|
||||
|
||||
{{< youtube id="QwXj3y_YpnE" >}}
|
||||
|
||||
{{< docs/play title="Grafana Gauge Visualization" url="https://play.grafana.org/d/KIhkVD6Gk/" >}}
|
||||
|
||||
## Supported data formats
|
||||
|
||||
To create a gauge visualization you need a dataset containing at least one numeric field. These values are identified by the field name. Additional text fields aren’t required but can be used for identification and labeling.
|
||||
|
||||
### Example - One value
|
||||
|
||||
| GaugeName | GaugeValue |
|
||||
| --------- | ---------- |
|
||||
| MyGauge | 5 |
|
||||
|
||||
|
||||
|
||||
This dataset generates a visualization with one empty gauge showing the numeric value. This is because the gauge visualization automatically defines the upper and lower range from the minimum and maximum values in the dataset. This dataset has only one value, so it’s set as both minimum and maximum.
|
||||
|
||||
If you only have one value, but you want to define a different minimum and maximum, you can set them manually in the [Standard options](#standard-options) settings to generate a more typical looking gauge.
|
||||
|
||||
|
||||
|
||||
### Example - One row, multiple values
|
||||
|
||||
The gauge visualization can support multiple fields in a dataset. <!-- In this case, multiple gauges are displayed. -->
|
||||
|
||||
| Identifier | value1 | value2 | value3 |
|
||||
| ---------- | ------ | ------ | ------ |
|
||||
| Gauges | 5 | 3 | 10 |
|
||||
|
||||
|
||||
|
||||
When there are multiple values in the dataset, the visualization displays multiple gauges and automatically defines the minimum and maximum. In this case, those are 3 and 10. Because the minimum and maximum values are defined, each gauge is shaded in to show that value in relation to the minimum and maximum.
|
||||
|
||||
### Example - Multiple rows and values
|
||||
|
||||
The gauge visualization can display datasets with multiple rows of data or even multiple datasets.
|
||||
|
||||
| Identifier | value1 | value2 | value3 |
|
||||
| ---------- | ------ | ------ | ------ |
|
||||
| Gauges | 5 | 3 | 10 |
|
||||
| Indicators | 6 | 9 | 15 |
|
||||
| Defaults | 1 | 4 | 8 |
|
||||
|
||||
|
||||
|
||||
By default, the visualization is configured to [calculate](#value-options) a single value per column or series and to display only the last row of data. However, it derives the minimum and maximum from the full dataset, even if those values aren’t visible.
|
||||
|
||||
In this example, that means only the last row of data is displayed in the gauges and the minimum and maximum values are 1 and 10. The value 1 is displayed because it’s in the last row, while 10 is not.
|
||||
|
||||
If you want to show one gauge per table cell, you can change the **Show** setting from **Calculate** to **All values**, and each gauge is labeled by concatenating the text column with each value's column name.
|
||||
|
||||
|
||||
|
||||
### Example - Defined min and max
|
||||
|
||||
You can also define minimum and maximum values as part of the dataset.
|
||||
|
||||
| Identifier | value | max | min |
|
||||
| ---------- | ----- | --- | --- |
|
||||
| Gauges | 5 | 10 | 2 |
|
||||
|
||||
|
||||
|
||||
If you don’t want to display gauges for the `min` and `max` values, you can configure only one field to be displayed as described in the [value options](#value-options) section.
|
||||
|
||||
|
||||
|
||||
Even when minimum and maximum values aren’t displayed, the visualization still pulls the range from them.
|
||||
|
||||
## Panel options
|
||||
|
||||
{{< docs/shared lookup="visualizations/panel-options.md" source="grafana" version="<GRAFANA_VERSION>" >}}
|
||||
@@ -213,10 +135,6 @@ Adjust the sizes of the gauge text.
|
||||
|
||||
{{< docs/shared lookup="visualizations/thresholds-options-2.md" source="grafana" version="<GRAFANA_VERSION>" >}}
|
||||
|
||||
Last, gauge colors and thresholds (the outer bar markers) of the gauge can be configured as described above.
|
||||
|
||||
|
||||
|
||||
## Field overrides
|
||||
|
||||
{{< docs/shared lookup="visualizations/overrides-options.md" source="grafana" version="<GRAFANA_VERSION>" >}}
|
||||
|
||||
@@ -127,22 +127,197 @@ The table visualization helps with debugging when you need to know exactly what
|
||||
|
||||
|
||||
|
||||
## Sort column
|
||||
|
||||
Click a column title to change the sort order from default to descending to ascending. Each time you click, the sort order changes to the next option in the cycle. You can sort multiple columns by holding the `shift` key and clicking the column name.
|
||||
|
||||
|
||||
|
||||
## Data set selector
|
||||
|
||||
If the data queried contains multiple data sets, a table displays a drop-down list at the bottom, so you can select the data set you want to visualize.
|
||||
|
||||
|
||||
|
||||
## Panel options
|
||||
|
||||
{{< docs/shared lookup="visualizations/panel-options.md" source="grafana" version="<GRAFANA_VERSION>" >}}
|
||||
|
||||
## Table options
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
If you are using a table created before Grafana 7.0, then you need to migrate to the new table version in order to see these options. To migrate, on the Panel tab, click **Table** visualization. Grafana updates the table version and you can then access all table options.
|
||||
{{% /admonition %}}
|
||||
|
||||
### Show header
|
||||
|
||||
Show or hide column names imported from your data source.
|
||||
|
||||
### Column width
|
||||
|
||||
By default, Grafana automatically calculates the column width based on the table size and the minimum column width. This field option can override the setting and define the width for all columns in pixels.
|
||||
|
||||
For example, if you enter `100` in the field, then when you click outside the field, all the columns will be set to 100 pixels wide.
|
||||
|
||||
### Minimum column width
|
||||
|
||||
By default, the minimum width of the table column is 150 pixels. This field option can override that default and will define the new minimum column width for the table in pixels.
|
||||
|
||||
For example, if you enter `75` in the field, then when you click outside the field, all the columns will scale to no smaller than 75 pixels wide.
|
||||
|
||||
For small-screen devices, such as smartphones or tablets, reduce the default `150` pixel value to`50` to allow table-based panels to render correctly in dashboards.
|
||||
|
||||
### Column alignment
|
||||
|
||||
Choose how Grafana should align cell contents:
|
||||
|
||||
- Auto (default)
|
||||
- Left
|
||||
- Center
|
||||
- Right
|
||||
|
||||
### Column filter
|
||||
|
||||
You can temporarily change how column data is displayed. For example, you can order values from highest to lowest or hide specific values. For more information, refer to [Filter table columns](#filter-table-columns).
|
||||
|
||||
### Pagination
|
||||
|
||||
Use this option to enable or disable pagination. It is a front-end option that does not affect queries. When enabled, the page size automatically adjusts to the height of the table.
|
||||
|
||||
## Cell options
|
||||
|
||||
### Cell type
|
||||
|
||||
By default, Grafana automatically chooses display settings. You can override the settings by choosing one of the following options to set the default for all fields. Additional configuration is available for some cell types.
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
If you set these in the Field tab, then the type will apply to all fields, including the time field. Many options will work best if you set them in the Override tab so that they can be restricted to one or more fields.
|
||||
{{% /admonition %}}
|
||||
|
||||
#### Auto
|
||||
|
||||
The **Auto** cell type automatically displays values, with sensible defaults applied.
|
||||
|
||||
#### Color text
|
||||
|
||||
If thresholds are set, then the field text is displayed in the appropriate threshold color.
|
||||
|
||||
{{< figure src="/static/img/docs/tables/color-text.png" max-width="500px" caption="Color text" class="docs-image--no-shadow" >}}
|
||||
|
||||
#### Color background (gradient or solid)
|
||||
|
||||
If thresholds are set, then the field background is displayed in the appropriate threshold color.
|
||||
|
||||
{{< figure src="/static/img/docs/tables/color-background.png" max-width="500px" caption="Color background" class="docs-image--no-shadow" >}}
|
||||
|
||||
Toggle the **Apply to entire row** switch, to apply the background color that's configured for the cell to the whole row.
|
||||
|
||||
{{< figure src="/static/img/docs/tables/colored-rows.png" max-width="500px" alt="Colored row background" class="docs-image--no-shadow" >}}
|
||||
|
||||
#### Gauge
|
||||
|
||||
Cells can be displayed as a graphical gauge, with several different presentation types.
|
||||
|
||||
{{< admonition type="note" >}}
|
||||
The maximum and minimum values of the gauges are configured automatically from the smallest and largest values in your whole data set. If you don't want the max/min values to be pulled from the whole data set, you can configure them for each column with field overrides.
|
||||
{{< /admonition >}}
|
||||
|
||||
##### Basic
|
||||
|
||||
The basic mode will show a simple gauge with the threshold levels defining the color of gauge.
|
||||
|
||||
{{< figure src="/static/img/docs/tables/basic-gauge.png" max-width="500px" caption="Gradient gauge" class="docs-image--no-shadow" >}}
|
||||
|
||||
##### Gradient
|
||||
|
||||
The threshold levels define a gradient.
|
||||
|
||||
{{< figure src="/static/img/docs/tables/gradient-gauge.png" max-width="500px" caption="Gradient gauge" class="docs-image--no-shadow" >}}
|
||||
|
||||
##### LCD
|
||||
|
||||
The gauge is split up in small cells that are lit or unlit.
|
||||
|
||||
{{< figure src="/static/img/docs/tables/lcd-gauge.png" max-width="500px" caption="LCD gauge" class="docs-image--no-shadow" >}}
|
||||
|
||||
##### Label Options
|
||||
|
||||
Additionally, labels displayed alongside of the gauges can be set to be colored by value, match the theme text color, or be hidden.
|
||||
|
||||
**Value Color**
|
||||
|
||||
{{< figure src="/static/img/docs/tables/value-color-mode.png" max-width="500px" caption="Color Label by Value" class="docs-image--no-shadow" >}}
|
||||
|
||||
**Text Color**
|
||||
|
||||
{{< figure src="/static/img/docs/tables/text-color-mode.png" max-width="500px" caption="Color Label by theme color" class="docs-image--no-shadow" >}}
|
||||
|
||||
**Hidden**
|
||||
|
||||
{{< figure src="/static/img/docs/tables/hidden-mode.png" max-width="500px" caption="Hide Label" class="docs-image--no-shadow" >}}
|
||||
|
||||
#### Data links
|
||||
|
||||
If you've configured data links, when the cell type is **Auto** mode, the cell text becomes clickable. If you change the cell type to **Data links**, the cell text reflects the titles of the configured data links. To control the application of data link text more granularly use a **Cell option > Cell type > Data links** field override.
|
||||
|
||||
#### JSON view
|
||||
|
||||
Shows value formatted as code. If a value is an object the JSON view allowing browsing the JSON object will appear on hover.
|
||||
|
||||
{{< figure src="/static/img/docs/tables/json-view.png" max-width="500px" caption="JSON view" class="docs-image--no-shadow" >}}
|
||||
|
||||
#### Image
|
||||
|
||||
> Only available in Grafana 7.3+
|
||||
|
||||
If you have a field value that is an image URL or a base64 encoded image you can configure the table to display it as an image.
|
||||
|
||||
{{< figure src="/static/img/docs/v73/table_hover.gif" max-width="900px" caption="Table hover" >}}
|
||||
|
||||
Use the **Alt text** option to set the alternative text of an image. The text will be available for screen readers and in cases when images can't be loaded.
|
||||
|
||||
Use the **Title text** option to set the text that's displayed when the image is hovered over with a cursor.
|
||||
|
||||
#### Sparkline
|
||||
|
||||
Shows values rendered as a sparkline. You can show sparklines using the [Time series to table transformation](ref:time-series-to-table-transformation) on data with multiple time series to process it into a format the table can show.
|
||||
|
||||
{{< figure src="/static/img/docs/tables/sparkline2.png" max-width="500px" caption="Sparkline" class="docs-image--no-shadow" >}}
|
||||
|
||||
You can be customize sparklines with many of the same options as the [Time series panel](ref:time-series-panel) including line width, fill opacity, and more. You can also change the color of the sparkline by updating the [color scheme](ref:color-scheme) in the _Standard options_ section of the panel configuration.
|
||||
|
||||
### Wrap text
|
||||
|
||||
{{< admonition type="note" >}}
|
||||
Text wrapping is in [public preview](https://grafana.com/docs/release-life-cycle/#public-preview), however, it’s available to use by default. We’d love hear from you about how this new feature is working. To provide feedback, you can open an issue in the [Grafana GitHub repository](https://github.com/grafana/grafana).
|
||||
{{< /admonition >}}
|
||||
|
||||
Toggle the **Wrap text** switch to wrap text in the cell with the longest content in your table. To wrap the text in a specific column only, use the Wrap Text option in a [field override](ref:field-override).
|
||||
|
||||
### Cell value inspect
|
||||
|
||||
Enables value inspection from table cell. The raw value is presented in a modal window.
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
Cell value inspection is only available when cell display mode is set to Auto, Color text, Color background or JSON View.
|
||||
{{% /admonition %}}
|
||||
|
||||
## Turn on column filtering
|
||||
|
||||
1. In Grafana, navigate to the dashboard with the table with the columns that you want to filter.
|
||||
1. On the table panel you want to filter, open the panel editor.
|
||||
1. Expand the the **Table** options section.
|
||||
1. Toggle on the [**Column filter** switch](#table-options).
|
||||
1. Click the **Field** tab.
|
||||
1. In Table options, turn on the **Column filter** option.
|
||||
|
||||
A filter icon appears next to each column title.
|
||||
|
||||
{{< figure src="/static/img/docs/tables/column-filter-with-icon.png" max-width="350px" alt="Column filtering turned on" class="docs-image--no-shadow" >}}
|
||||
{{< figure src="/static/img/docs/tables/column-filter-with-icon.png" max-width="500px" caption="Column filtering turned on" class="docs-image--no-shadow" >}}
|
||||
|
||||
### Filter column values
|
||||
|
||||
To filter column values, click the filter (funnel) icon next to a column title. Grafana displays the filter options for that column.
|
||||
|
||||
{{< figure src="/static/img/docs/tables/filter-column-values.png" max-width="300px" alt="Filter column values" class="docs-image--no-shadow" >}}
|
||||
{{< figure src="/static/img/docs/tables/filter-column-values.png" max-width="500px" caption="Filter column values" class="docs-image--no-shadow" >}}
|
||||
|
||||
Click the check box next to the values that you want to display. Enter text in the search field at the top to show those values in the display so that you can select them rather than scroll to find them.
|
||||
|
||||
@@ -158,202 +333,41 @@ Click the check box above the **Ok** and **Cancel** buttons to add or remove all
|
||||
|
||||
Columns with filters applied have a blue funnel displayed next to the title.
|
||||
|
||||
{{< figure src="/static/img/docs/tables/filtered-column.png" max-width="100px" alt="Filtered column" class="docs-image--no-shadow" >}}
|
||||
{{< figure src="/static/img/docs/tables/filtered-column.png" max-width="500px" caption="Filtered column" class="docs-image--no-shadow" >}}
|
||||
|
||||
To remove the filter, click the blue funnel icon and then click **Clear filter**.
|
||||
|
||||
## Sort columns
|
||||
## Table footer
|
||||
|
||||
Click a column title to change the sort order from default to descending to ascending. Each time you click, the sort order changes to the next option in the cycle. You can sort multiple columns by holding the `shift` key and clicking the column name.
|
||||
You can use the table footer to show [calculations](ref:calculations) on fields.
|
||||
|
||||
{{< figure src="/static/img/docs/tables/sort-descending.png" max-width="350px" alt="Sort descending" class="docs-image--no-shadow" >}}
|
||||
After you enable the table footer:
|
||||
|
||||
## Dataset selector
|
||||
1. Select the **Calculation**
|
||||
2. Select the **Fields** that you want to calculate
|
||||
|
||||
If the data queried contains multiple datasets, a table displays a drop-down list at the bottom, so you can select the dataset you want to visualize.
|
||||
The system applies the calculation to all numeric fields if you do not select a field.
|
||||
|
||||
{{< figure src="/media/docs/grafana/panels-visualizations/TablePanelMultiSet.png" max-width="650px" alt="Table visualization with multiple datasets" class="docs-image--no-shadow" >}}
|
||||
### Count rows
|
||||
|
||||
## Configuration options
|
||||
If you want to show the number of rows in the dataset instead of the number of values in the selected fields, select the **Count** calculation and enable **Count rows**.
|
||||
|
||||
### Panel options
|
||||
|
||||
{{< docs/shared lookup="visualizations/panel-options.md" source="grafana" version="<GRAFANA_VERSION>" >}}
|
||||
|
||||
### Table options
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
If you are using a table created before Grafana 7.0, then you need to migrate to the new table version in order to see these options. To migrate, on the Panel tab, click **Table** visualization. Grafana updates the table version and you can then access all table options.
|
||||
{{% /admonition %}}
|
||||
|
||||
| Option | Description |
|
||||
| -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| Show table header | Show or hide column names imported from your data source. |
|
||||
| Cell height | Set the height of the cell. Choose from **Small**, **Medium**, and **Large**. |
|
||||
| Enable pagination | Toggle the switch to control how many table rows are visible at once. When switched on, the page size automatically adjusts to the height of the table. This option doesn't affect queries. |
|
||||
| Minimum column width | Define the lower limit of the column width, in pixels. By default, the minimum width of the table column is 150 pixels. For small-screen devices, such as smartphones or tablets, reduce the default `150` pixel value to `50` to allow table-based panels to render correctly in dashboards. |
|
||||
| Column width | Define a column width, in pixels, rather than allowing the width to be set automatically. By default, Grafana calculates the column width based on the table size and the minimum column width. |
|
||||
| Column alignment | Set how Grafana should align cell contents. Choose from: **Auto** (default), **Left**, **Center**, and **Right**. |
|
||||
| Column filter | Temporarily change how column data is displayed. For example, you can order values from highest to lowest or hide specific values. For more information, refer to [Filter table columns](#filter-table-columns). |
|
||||
|
||||
### Table footer options
|
||||
|
||||
Toggle the **Show table footer** switch on and off to control the display of the footer. When the toggle is switched on, you can use the table footer to show [calculations](ref:calculations) on fields.
|
||||
|
||||
After you activate the table footer, make selections in the following options:
|
||||
|
||||
- **Calculation** - The calculation that you want to apply.
|
||||
- **Fields** - The fields to which you want to apply the calculations. The system applies the calculation to all numeric fields if you do not select a field.
|
||||
- **Count rows** - This options is displayed if you select the **Count** calculation. If you want to show the number of rows in the dataset instead of the number of values in the selected fields, toggle on the **Count rows** switch.
|
||||
|
||||
### Cell options
|
||||
|
||||
Cell options allow you to control how data is displayed in a table.
|
||||
|
||||
#### Cell type
|
||||
|
||||
By default, Grafana automatically chooses display settings. You can override the settings by choosing one of the following options to set the default for all fields. Additional configuration is available for some cell types.
|
||||
|
||||
{{% admonition type="note" %}}
|
||||
If you set these in the Field tab, then the type will apply to all fields, including the time field. Many options will work best if you set them in the Override tab so that they can be restricted to one or more fields.
|
||||
{{% /admonition %}}
|
||||
|
||||
| Cell type | Description |
|
||||
| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| Auto | The **Auto** cell type automatically displays values, with sensible defaults applied. |
|
||||
| [Sparkline](#sparkline) | Shows values rendered as a sparkline. |
|
||||
| [Colored text](#colored-text) | If thresholds are set, then the field text is displayed in the appropriate threshold color. |
|
||||
| [Colored background](#colored-background) | If thresholds are set, then the field background is displayed in the appropriate threshold color. |
|
||||
| [Gauge](#gauge) | Cells can be displayed as a graphical gauge, with several different presentation types. You can set the [Gauge display mode](#gauge-display-mode) and the [Value display](#value-display) options. |
|
||||
| Data links | If you've configured data links, when the cell type is **Auto** mode, the cell text becomes clickable. If you change the cell type to **Data links**, the cell text reflects the titles of the configured data links. To control the application of data link text more granularly use a **Cell option > Cell type > Data links** field override. |
|
||||
| [JSON View](#json-view) | Shows value formatted as code. |
|
||||
| [Image](#image) | If you have a field value that is an image URL or a base64 encoded image you can configure the table to display it as an image. |
|
||||
|
||||
##### Sparkline
|
||||
|
||||
Shows values rendered as a sparkline. You can show sparklines using the [Time series to table transformation](ref:time-series-to-table-transformation) on data with multiple time series to process it into a format the table can show.
|
||||
|
||||
{{< figure src="/static/img/docs/tables/sparkline2.png" max-width="500px" alt="Sparkline" class="docs-image--no-shadow" >}}
|
||||
|
||||
You can customize sparklines with many of the same options as the [time series visualization](ref:time-series-panel) including line style and width, fill opacity, gradient mode, and more. You can also change the color of the sparkline by updating the [color scheme](ref:color-scheme) in the **Standard options** section of the panel configuration.
|
||||
|
||||
##### Colored text
|
||||
|
||||
If thresholds are set, then the field text is displayed in the appropriate threshold color.
|
||||
|
||||
{{< figure src="/static/img/docs/tables/color-text.png" max-width="500px" alt="Color text" class="docs-image--no-shadow" >}}
|
||||
|
||||
{{< admonition type="note" >}}
|
||||
This is an experimental feature.
|
||||
{{< /admonition >}}
|
||||
|
||||
##### Colored background
|
||||
|
||||
If thresholds are set, then the field background is displayed in the appropriate threshold color.
|
||||
|
||||
{{< figure src="/static/img/docs/tables/color-background.png" max-width="500px" alt="Color background" class="docs-image--no-shadow" >}}
|
||||
|
||||
Choose between **Basic** and **Gradient** to set the **Background display mode**.
|
||||
|
||||
Toggle the **Apply to entire row** switch, to apply the background color that's configured for the cell to the whole row.
|
||||
|
||||
{{< figure src="/static/img/docs/tables/colored-rows.png" max-width="500px" alt="Colored row background" class="docs-image--no-shadow" >}}
|
||||
|
||||
##### Gauge
|
||||
|
||||
Cells can be displayed as a graphical gauge, with several different presentation types controlled by the gauge display mode and the value display.
|
||||
|
||||
{{< admonition type="note" >}}
|
||||
The maximum and minimum values of the gauges are configured automatically from the smallest and largest values in your whole data set. If you don't want the max/min values to be pulled from the whole data set, you can configure them for each column with field overrides.
|
||||
{{< /admonition >}}
|
||||
|
||||
###### Gauge display mode
|
||||
|
||||
You can set three gauge display modes.
|
||||
|
||||
- **Basic** - Shows a simple gauge with the threshold levels defining the color of gauge.
|
||||
|
||||
{{< figure src="/static/img/docs/tables/basic-gauge.png" max-width="500px" alt="Gradient gauge" class="docs-image--no-shadow" >}}
|
||||
|
||||
- **Gradient** - The threshold levels define a gradient.
|
||||
|
||||
{{< figure src="/static/img/docs/tables/gradient-gauge.png" max-width="500px" alt="Gradient gauge" class="docs-image--no-shadow" >}}
|
||||
|
||||
- **Retro LCD** - The gauge is split up in small cells that are lit or unlit.
|
||||
|
||||
{{< figure src="/static/img/docs/tables/lcd-gauge.png" max-width="500px" alt="LCD gauge" class="docs-image--no-shadow" >}}
|
||||
|
||||
###### Value display
|
||||
|
||||
Labels displayed alongside of the gauges can be set to be colored by value, match the theme text color, or be hidden.
|
||||
|
||||
- **Value color**
|
||||
|
||||
{{< figure src="/static/img/docs/tables/value-color-mode.png" max-width="500px" alt="Color Label by Value" class="docs-image--no-shadow" >}}
|
||||
|
||||
- **Text color**
|
||||
|
||||
{{< figure src="/static/img/docs/tables/text-color-mode.png" max-width="500px" alt="Color Label by theme color" class="docs-image--no-shadow" >}}
|
||||
|
||||
- **Hidden**
|
||||
|
||||
{{< figure src="/static/img/docs/tables/hidden-mode.png" max-width="500px" alt="Hide Label" class="docs-image--no-shadow" >}}
|
||||
|
||||
##### JSON View
|
||||
|
||||
Shows value formatted as code. If a value is an object the JSON view allowing browsing the JSON object will appear on hover.
|
||||
|
||||
{{< figure src="/static/img/docs/tables/json-view.png" max-width="350px" alt="JSON view" class="docs-image--no-shadow" >}}
|
||||
|
||||
##### Image
|
||||
|
||||
{{< admonition type="note" >}}
|
||||
Only available in Grafana 7.3+
|
||||
{{< /admonition >}}
|
||||
|
||||
If you have a field value that is an image URL or a base64 encoded image you can configure the table to display it as an image.
|
||||
|
||||
{{< figure src="/static/img/docs/v73/table_hover.gif" max-width="900px" alt="Table hover" >}}
|
||||
|
||||
- **Alt text** - Set the alternative text of an image. The text will be available for screen readers and in cases when images can't be loaded.
|
||||
- **Title text** - Set the text that's displayed when the image is hovered over with a cursor.
|
||||
|
||||
#### Wrap text
|
||||
|
||||
{{< admonition type="note" >}}
|
||||
Text wrapping is in [public preview](https://grafana.com/docs/release-life-cycle/#public-preview), however, it’s available to use by default. We’d love hear from you about how this new feature is working. To provide feedback, you can open an issue in the [Grafana GitHub repository](https://github.com/grafana/grafana).
|
||||
{{< /admonition >}}
|
||||
|
||||
Toggle the **Wrap text** switch to wrap text in the cell with the longest content in your table. To wrap the text in a specific column only, use the Wrap Text option in a [field override](ref:field-override).
|
||||
|
||||
This option isn't available when you set the cell type to **Gauge** or Data links,JSON View, Image.
|
||||
|
||||
#### Cell value inspect
|
||||
|
||||
Enables value inspection from table cells. When the **Cell inspect value** switch is toggled on, clicking the inspect icon in a cell opens the **Inspect value** drawer.
|
||||
|
||||
The **Inspect value** drawer has two tabs, **Plain text** and **Code editor**. Grafana attempts to automatically detect the type of data in the cell and opens the drawer with the associated tab showing. However, you can switch back and forth between tabs.
|
||||
|
||||
Cell value inspection is only available when the **Cell type** selection is **Auto**, **Colored text**, **Colored background**, or **JSON View**.
|
||||
|
||||
This option isn't available when you set the cell type to **Gauge** or Data links, Image, .
|
||||
|
||||
### Standard options
|
||||
## Standard options
|
||||
|
||||
{{< docs/shared lookup="visualizations/standard-options.md" source="grafana" version="<GRAFANA_VERSION>" >}}
|
||||
|
||||
### Data links
|
||||
## Data links
|
||||
|
||||
{{< docs/shared lookup="visualizations/datalink-options.md" source="grafana" version="<GRAFANA_VERSION>" >}}
|
||||
|
||||
### Value mappings
|
||||
## Value mappings
|
||||
|
||||
{{< docs/shared lookup="visualizations/value-mappings-options.md" source="grafana" version="<GRAFANA_VERSION>" >}}
|
||||
|
||||
### Thresholds
|
||||
## Thresholds
|
||||
|
||||
{{< docs/shared lookup="visualizations/thresholds-options-2.md" source="grafana" version="<GRAFANA_VERSION>" >}}
|
||||
|
||||
### Field overrides
|
||||
## Field overrides
|
||||
|
||||
{{< docs/shared lookup="visualizations/overrides-options.md" source="grafana" version="<GRAFANA_VERSION>" >}}
|
||||
|
||||
@@ -39,7 +39,7 @@ On Windows, the `sample.ini` file is located in the same directory as `defaults.
|
||||
|
||||
### macOS
|
||||
|
||||
By default, the configuration file is located at `/opt/homebrew/etc/grafana/grafana.ini` or `/usr/local/etc/grafana/grafana.ini`. For a Grafana instance installed using Homebrew, edit the `grafana.ini` file directly. Otherwise, add a configuration file named `custom.ini` to the `conf` folder to override the settings defined in `conf/defaults.ini`.
|
||||
By default, the configuration file is located at `/usr/local/etc/grafana/grafana.ini`. For a Grafana instance installed using Homebrew, edit the `grafana.ini` file directly. Otherwise, add a configuration file named `custom.ini` to the `conf` folder to override the settings defined in `conf/defaults.ini`.
|
||||
|
||||
## Remove comments in the .ini files
|
||||
|
||||
|
||||
@@ -61,7 +61,7 @@ Grafana requires a database to store its configuration data, such as users, data
|
||||
Grafana supports the following databases:
|
||||
|
||||
- [SQLite 3](https://www.sqlite.org/index.html)
|
||||
- [MySQL 8.0+](https://www.mysql.com/support/supportedplatforms/database.html)
|
||||
- [MySQL 5.7+](https://www.mysql.com/support/supportedplatforms/database.html)
|
||||
- [PostgreSQL 12+](https://www.postgresql.org/support/versioning/)
|
||||
|
||||
By default Grafana uses an embedded SQLite database, which is stored in the Grafana installation location.
|
||||
|
||||
@@ -1659,9 +1659,9 @@ Status: Accepted
|
||||
|
||||
{{% responsive-table %}}
|
||||
|
||||
| Name | Type | Go type | Required | Default | Description | Example |
|
||||
| -------- | ------ | -------- | :------: | ------- | ------------------------------------------------------- | ------- |
|
||||
| template | string | `string` | | | | |
|
||||
| Name | Type | Go type | Required | Default | Description | Example |
|
||||
| -------- | ------ | -------- | :------: | ------- | ------------------------------------------------------- | ------- |
|
||||
| template | string | `string` | | | | |
|
||||
| version | string | `string` | | | Version of resource. Should be empty for new templates. | |
|
||||
|
||||
{{% /responsive-table %}}
|
||||
|
||||
@@ -8,11 +8,11 @@ comments: |
|
||||
|
||||
A threshold is a value or limit you set for a metric that’s reflected visually when it’s met or exceeded. Thresholds are one way you can conditionally style and color your visualizations based on query results.
|
||||
|
||||
For each threshold, set the following options:
|
||||
Set the following options:
|
||||
|
||||
| Option | Description |
|
||||
| --------------- | -------------------------------------------- |
|
||||
| Value | Set the value for each threshold. |
|
||||
| Thresholds mode | Choose from **Absolute** and **Percentage**. |
|
||||
- **Value** - Set the value for each threshold.
|
||||
- **Thresholds mode** - Choose from:
|
||||
- **Absolute**
|
||||
- **Percentage**
|
||||
|
||||
To learn more, refer to [Configure thresholds](../../configure-thresholds/).
|
||||
|
||||
@@ -180,10 +180,6 @@ _Generally available in all editions of Grafana_
|
||||
|
||||
Explore now supports forward direction search for Loki logs searches. This allows users to seamlessly browse logs in a time range in forward chronological order (for example, tracing a specific user's actions using logs).
|
||||
|
||||
{{< figure src="/static/img/logs/forward_search.png" alt="Explore logs with the Direction option selected" caption-align="left" >}}
|
||||
|
||||
To use this feature, select **Forward** for the **Direction** option. Note that in the screenshot above, logs are rendered beginning from the starting time period of the query, not the end.
|
||||
|
||||
[Documentation](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/datasources/loki/query-editor/)
|
||||
|
||||
## Data sources
|
||||
|
||||
2
go.mod
2
go.mod
@@ -1,6 +1,6 @@
|
||||
module github.com/grafana/grafana
|
||||
|
||||
go 1.22.7
|
||||
go 1.22.4
|
||||
|
||||
// contains openapi encoder fixes. remove ASAP
|
||||
replace cuelang.org/go => github.com/grafana/cue v0.0.0-20230926092038-971951014e3f // @grafana/grafana-as-code
|
||||
|
||||
2
go.work
2
go.work
@@ -1,4 +1,4 @@
|
||||
go 1.22.7
|
||||
go 1.22.4
|
||||
|
||||
// The `skip:golangci-lint` comment tag is used to exclude the package from the `golangci-lint` GitHub Action.
|
||||
// The module at the root of the repo (`.`) is excluded because ./pkg/... is included manually in the `golangci-lint` configuration.
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
"$schema": "node_modules/lerna/schemas/lerna-schema.json",
|
||||
"npmClient": "yarn",
|
||||
"version": "11.2.2"
|
||||
"version": "11.2.1"
|
||||
}
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
"license": "AGPL-3.0-only",
|
||||
"private": true,
|
||||
"name": "grafana",
|
||||
"version": "11.2.2",
|
||||
"version": "11.2.1",
|
||||
"repository": "github:grafana/grafana",
|
||||
"scripts": {
|
||||
"build": "NODE_ENV=production nx exec --verbose -- webpack --config scripts/webpack/webpack.prod.js",
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"author": "Grafana Labs",
|
||||
"license": "Apache-2.0",
|
||||
"name": "@grafana/data",
|
||||
"version": "11.2.2",
|
||||
"version": "11.2.1",
|
||||
"description": "Grafana Data Library",
|
||||
"keywords": [
|
||||
"typescript"
|
||||
@@ -36,7 +36,7 @@
|
||||
},
|
||||
"dependencies": {
|
||||
"@braintree/sanitize-url": "7.0.1",
|
||||
"@grafana/schema": "11.2.2",
|
||||
"@grafana/schema": "11.2.1",
|
||||
"@types/d3-interpolate": "^3.0.0",
|
||||
"@types/string-hash": "1.1.3",
|
||||
"d3-interpolate": "3.0.1",
|
||||
|
||||
@@ -1,9 +1,8 @@
|
||||
import { createTheme } from '../themes/createTheme';
|
||||
import { DataFrame, Field, FieldType } from '../types/dataFrame';
|
||||
import { Field, FieldType } from '../types/dataFrame';
|
||||
import { FieldColorModeId } from '../types/fieldColor';
|
||||
|
||||
import { fieldColorModeRegistry, FieldValueColorCalculator, getFieldSeriesColor } from './fieldColor';
|
||||
import { cacheFieldDisplayNames } from './fieldState';
|
||||
|
||||
function getTestField(mode: string, fixedColor?: string, name = 'name'): Field {
|
||||
return {
|
||||
@@ -56,67 +55,6 @@ describe('fieldColorModeRegistry', () => {
|
||||
expect(calcFn1(12, 34, undefined)).toEqual(calcFn2(56, 78, undefined));
|
||||
});
|
||||
|
||||
it('Palette uses displayName with Value fields', () => {
|
||||
let frames: DataFrame[] = [
|
||||
{
|
||||
length: 0,
|
||||
fields: [
|
||||
{
|
||||
name: 'Time',
|
||||
type: FieldType.time,
|
||||
values: [],
|
||||
config: {},
|
||||
},
|
||||
{
|
||||
name: 'Value',
|
||||
labels: { foo: 'bar' },
|
||||
type: FieldType.number,
|
||||
values: [],
|
||||
config: {
|
||||
color: {
|
||||
mode: FieldColorModeId.PaletteClassicByName,
|
||||
},
|
||||
},
|
||||
state: {},
|
||||
},
|
||||
],
|
||||
},
|
||||
{
|
||||
length: 0,
|
||||
fields: [
|
||||
{
|
||||
name: 'Time',
|
||||
type: FieldType.time,
|
||||
values: [],
|
||||
config: {},
|
||||
},
|
||||
{
|
||||
name: 'Value',
|
||||
labels: { foo: 'baz' },
|
||||
type: FieldType.number,
|
||||
values: [],
|
||||
config: {
|
||||
color: {
|
||||
mode: FieldColorModeId.PaletteClassicByName,
|
||||
},
|
||||
},
|
||||
state: {},
|
||||
},
|
||||
],
|
||||
},
|
||||
];
|
||||
|
||||
cacheFieldDisplayNames(frames);
|
||||
|
||||
const mode = fieldColorModeRegistry.get(FieldColorModeId.PaletteClassicByName);
|
||||
|
||||
const calcFn1 = mode.getCalculator(frames[0].fields[1], createTheme());
|
||||
const calcFn2 = mode.getCalculator(frames[1].fields[1], createTheme());
|
||||
|
||||
expect(calcFn1(0, 0)).toEqual('#82B5D8');
|
||||
expect(calcFn2(0, 0)).toEqual('#FCE2DE');
|
||||
});
|
||||
|
||||
it('When color.seriesBy is set to last use that instead of v', () => {
|
||||
const field = getTestField('continuous-GrYlRd');
|
||||
|
||||
|
||||
@@ -218,7 +218,7 @@ export class FieldColorSchemeMode implements FieldColorMode {
|
||||
}
|
||||
} else if (this.useSeriesName) {
|
||||
return (_: number, _percent: number, _threshold?: Threshold) => {
|
||||
return colors[Math.abs(stringHash(field.state?.displayName ?? field.name)) % colors.length];
|
||||
return colors[Math.abs(stringHash(field.name)) % colors.length];
|
||||
};
|
||||
} else {
|
||||
return (_: number, _percent: number, _threshold?: Threshold) => {
|
||||
|
||||
@@ -309,63 +309,6 @@ describe('applyFieldOverrides', () => {
|
||||
expect(config.decimals).toEqual(1);
|
||||
});
|
||||
|
||||
it('displayName should be able to reference itself', () => {
|
||||
const data = applyFieldOverrides({
|
||||
data: [f0], // the frame
|
||||
fieldConfig: {
|
||||
defaults: {
|
||||
displayName: '${__field.displayName} and more!',
|
||||
},
|
||||
overrides: [],
|
||||
},
|
||||
replaceVariables: (v, scopedVars) => {
|
||||
const dataContext = scopedVars?.__dataContext?.value;
|
||||
if (dataContext) {
|
||||
// Trying to fake what would happen with the real interpolation function
|
||||
return getFieldDisplayName(dataContext.field, dataContext.frame) + ' and more!';
|
||||
}
|
||||
return v;
|
||||
},
|
||||
theme: createTheme(),
|
||||
fieldConfigRegistry: customFieldRegistry,
|
||||
})[0];
|
||||
|
||||
const valueColumn = data.fields[1];
|
||||
const displayName = getFieldDisplayName(valueColumn, data);
|
||||
|
||||
expect(displayName).toEqual('value and more!');
|
||||
});
|
||||
|
||||
it('displayName should be able to reference itself in an override', () => {
|
||||
const data = applyFieldOverrides({
|
||||
data: [f0], // the frame
|
||||
fieldConfig: {
|
||||
defaults: {},
|
||||
overrides: [
|
||||
{
|
||||
matcher: { id: FieldMatcherID.byName, options: 'value' },
|
||||
properties: [{ id: 'displayName', value: '${__field.displayName} and more!' }],
|
||||
},
|
||||
],
|
||||
},
|
||||
replaceVariables: (v, scopedVars) => {
|
||||
const dataContext = scopedVars?.__dataContext?.value;
|
||||
if (dataContext) {
|
||||
// Trying to fake what would happen with the real interpolation function
|
||||
return getFieldDisplayName(dataContext.field, dataContext.frame) + ' and more!';
|
||||
}
|
||||
return v;
|
||||
},
|
||||
theme: createTheme(),
|
||||
fieldConfigRegistry: customFieldRegistry,
|
||||
})[0];
|
||||
|
||||
const valueColumn = data.fields[1];
|
||||
const displayName = getFieldDisplayName(valueColumn, data);
|
||||
|
||||
expect(displayName).toEqual('value and more!');
|
||||
});
|
||||
|
||||
it('will apply set min/max when asked', () => {
|
||||
const data = applyFieldOverrides({
|
||||
data: [f0], // the frame
|
||||
|
||||
@@ -162,8 +162,6 @@ export function applyFieldOverrides(options: ApplyFieldOverrideOptions): DataFra
|
||||
const { range, newGlobalRange } = calculateRange(config, field, globalRange, options.data!);
|
||||
globalRange = newGlobalRange;
|
||||
|
||||
// Clear any cached displayName as it can change during field overrides process
|
||||
field.state!.displayName = null;
|
||||
field.state!.seriesIndex = seriesIndex;
|
||||
field.state!.range = range;
|
||||
field.type = type;
|
||||
|
||||
@@ -55,14 +55,13 @@ describe('Stats Calculators', () => {
|
||||
it('should calculate basic stats', () => {
|
||||
const stats = reduceField({
|
||||
field: basicTable.fields[0],
|
||||
reducers: [ReducerID.first, ReducerID.last, ReducerID.mean, ReducerID.count, ReducerID.diffperc],
|
||||
reducers: [ReducerID.first, ReducerID.last, ReducerID.mean, ReducerID.count],
|
||||
});
|
||||
|
||||
expect(stats.first).toEqual(10);
|
||||
expect(stats.last).toEqual(20);
|
||||
expect(stats.mean).toEqual(15);
|
||||
expect(stats.count).toEqual(2);
|
||||
expect(stats.diffperc).toEqual(100);
|
||||
});
|
||||
|
||||
it('should handle undefined field data without crashing', () => {
|
||||
|
||||
@@ -582,7 +582,7 @@ export function doStandardCalcs(field: Field, ignoreNulls: boolean, nullAsZero:
|
||||
}
|
||||
|
||||
if (isNumber(calcs.firstNotNull) && isNumber(calcs.diff)) {
|
||||
calcs.diffperc = (calcs.diff / calcs.firstNotNull) * 100;
|
||||
calcs.diffperc = calcs.diff / calcs.firstNotNull;
|
||||
}
|
||||
return calcs;
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"author": "Grafana Labs",
|
||||
"license": "Apache-2.0",
|
||||
"name": "@grafana/e2e-selectors",
|
||||
"version": "11.2.2",
|
||||
"version": "11.2.1",
|
||||
"description": "Grafana End-to-End Test Selectors Library",
|
||||
"keywords": [
|
||||
"cli",
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "@grafana/eslint-plugin",
|
||||
"description": "ESLint rules for use within the Grafana repo. Not suitable (or supported) for external use.",
|
||||
"version": "11.2.2",
|
||||
"version": "11.2.1",
|
||||
"main": "./index.cjs",
|
||||
"author": "Grafana Labs",
|
||||
"license": "Apache-2.0",
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"author": "Grafana Labs",
|
||||
"license": "Apache-2.0",
|
||||
"name": "@grafana/flamegraph",
|
||||
"version": "11.2.2",
|
||||
"version": "11.2.1",
|
||||
"description": "Grafana flamegraph visualization component",
|
||||
"keywords": [
|
||||
"grafana",
|
||||
@@ -44,8 +44,8 @@
|
||||
],
|
||||
"dependencies": {
|
||||
"@emotion/css": "11.11.2",
|
||||
"@grafana/data": "11.2.2",
|
||||
"@grafana/ui": "11.2.2",
|
||||
"@grafana/data": "11.2.1",
|
||||
"@grafana/ui": "11.2.1",
|
||||
"@leeoniya/ufuzzy": "1.0.14",
|
||||
"d3": "^7.8.5",
|
||||
"lodash": "4.17.21",
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@grafana/saga-icons",
|
||||
"version": "11.2.2",
|
||||
"version": "11.2.1",
|
||||
"private": true,
|
||||
"description": "Icons for Grafana",
|
||||
"author": "Grafana Labs",
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
"license": "AGPL-3.0-only",
|
||||
"name": "@grafana/o11y-ds-frontend",
|
||||
"private": true,
|
||||
"version": "11.2.2",
|
||||
"version": "11.2.1",
|
||||
"description": "Library to manage traces in Grafana.",
|
||||
"sideEffects": false,
|
||||
"repository": {
|
||||
@@ -18,12 +18,12 @@
|
||||
},
|
||||
"dependencies": {
|
||||
"@emotion/css": "11.11.2",
|
||||
"@grafana/data": "11.2.2",
|
||||
"@grafana/e2e-selectors": "11.2.2",
|
||||
"@grafana/data": "11.2.1",
|
||||
"@grafana/e2e-selectors": "11.2.1",
|
||||
"@grafana/experimental": "1.7.13",
|
||||
"@grafana/runtime": "11.2.2",
|
||||
"@grafana/schema": "11.2.2",
|
||||
"@grafana/ui": "11.2.2",
|
||||
"@grafana/runtime": "11.2.1",
|
||||
"@grafana/schema": "11.2.1",
|
||||
"@grafana/ui": "11.2.1",
|
||||
"react-select": "5.8.0",
|
||||
"react-use": "17.5.1",
|
||||
"rxjs": "7.8.1",
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"name": "@grafana/plugin-configs",
|
||||
"description": "Shared dependencies and files for core plugins",
|
||||
"private": true,
|
||||
"version": "11.2.2",
|
||||
"version": "11.2.1",
|
||||
"dependencies": {
|
||||
"tslib": "2.6.3"
|
||||
},
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"author": "Grafana Labs",
|
||||
"license": "AGPL-3.0-only",
|
||||
"name": "@grafana/prometheus",
|
||||
"version": "11.2.2",
|
||||
"version": "11.2.1",
|
||||
"description": "Grafana Prometheus Library",
|
||||
"keywords": [
|
||||
"typescript"
|
||||
@@ -38,12 +38,12 @@
|
||||
"dependencies": {
|
||||
"@emotion/css": "11.11.2",
|
||||
"@floating-ui/react": "0.26.22",
|
||||
"@grafana/data": "11.2.2",
|
||||
"@grafana/data": "11.2.1",
|
||||
"@grafana/experimental": "1.7.13",
|
||||
"@grafana/faro-web-sdk": "1.9.0",
|
||||
"@grafana/runtime": "11.2.2",
|
||||
"@grafana/schema": "11.2.2",
|
||||
"@grafana/ui": "11.2.2",
|
||||
"@grafana/runtime": "11.2.1",
|
||||
"@grafana/schema": "11.2.1",
|
||||
"@grafana/ui": "11.2.1",
|
||||
"@hello-pangea/dnd": "16.6.0",
|
||||
"@leeoniya/ufuzzy": "1.0.14",
|
||||
"@lezer/common": "1.2.1",
|
||||
@@ -76,7 +76,7 @@
|
||||
},
|
||||
"devDependencies": {
|
||||
"@emotion/eslint-plugin": "11.11.0",
|
||||
"@grafana/e2e-selectors": "11.2.2",
|
||||
"@grafana/e2e-selectors": "11.2.1",
|
||||
"@grafana/tsconfig": "^1.3.0-rc1",
|
||||
"@rollup/plugin-image": "3.0.3",
|
||||
"@rollup/plugin-node-resolve": "15.2.3",
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"author": "Grafana Labs",
|
||||
"license": "Apache-2.0",
|
||||
"name": "@grafana/runtime",
|
||||
"version": "11.2.2",
|
||||
"version": "11.2.1",
|
||||
"description": "Grafana Runtime Library",
|
||||
"keywords": [
|
||||
"grafana",
|
||||
@@ -37,11 +37,11 @@
|
||||
"postpack": "mv package.json.bak package.json"
|
||||
},
|
||||
"dependencies": {
|
||||
"@grafana/data": "11.2.2",
|
||||
"@grafana/e2e-selectors": "11.2.2",
|
||||
"@grafana/data": "11.2.1",
|
||||
"@grafana/e2e-selectors": "11.2.1",
|
||||
"@grafana/faro-web-sdk": "^1.3.6",
|
||||
"@grafana/schema": "11.2.2",
|
||||
"@grafana/ui": "11.2.2",
|
||||
"@grafana/schema": "11.2.1",
|
||||
"@grafana/ui": "11.2.1",
|
||||
"history": "4.10.1",
|
||||
"lodash": "4.17.21",
|
||||
"rxjs": "7.8.1",
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"author": "Grafana Labs",
|
||||
"license": "Apache-2.0",
|
||||
"name": "@grafana/schema",
|
||||
"version": "11.2.2",
|
||||
"version": "11.2.1",
|
||||
"description": "Grafana Schema Library",
|
||||
"keywords": [
|
||||
"typescript"
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
//
|
||||
// Run 'make gen-cue' from repository root to regenerate.
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export interface Options {
|
||||
limit: number;
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
import * as common from '@grafana/schema';
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export interface Options extends common.OptionsWithLegend, common.OptionsWithTooltip, common.OptionsWithTextFormatting {
|
||||
/**
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
import * as common from '@grafana/schema';
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export interface Options extends common.SingleStatBaseOptions {
|
||||
displayMode: common.BarGaugeDisplayMode;
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
import * as common from '@grafana/schema';
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export enum VizDisplayMode {
|
||||
Candles = 'candles',
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
import * as ui from '@grafana/schema';
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export enum HorizontalConstraint {
|
||||
Center = 'center',
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
import * as common from '@grafana/schema';
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export interface MetricStat {
|
||||
/**
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
//
|
||||
// Run 'make gen-cue' from repository root to regenerate.
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export interface Options {
|
||||
/**
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
//
|
||||
// Run 'make gen-cue' from repository root to regenerate.
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export interface Options {
|
||||
selectedSeries: number;
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
//
|
||||
// Run 'make gen-cue' from repository root to regenerate.
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export type UpdateConfig = {
|
||||
render: boolean,
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
import * as common from '@grafana/schema';
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export type BucketAggregation = (DateHistogram | Histogram | Terms | Filters | GeoHashGrid | Nested);
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
import * as common from '@grafana/schema';
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export interface Options extends common.SingleStatBaseOptions {
|
||||
minVizHeight: number;
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
import * as ui from '@grafana/schema';
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export interface Options {
|
||||
basemap: ui.MapLayerOptions;
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
import * as ui from '@grafana/schema';
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
/**
|
||||
* Controls the color mode of the heatmap
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
import * as common from '@grafana/schema';
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export interface Options extends common.OptionsWithLegend, common.OptionsWithTooltip {
|
||||
/**
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
import * as common from '@grafana/schema';
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export interface Options {
|
||||
dedupStrategy: common.LogsDedupStrategy;
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
import * as common from '@grafana/schema';
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export enum QueryEditorMode {
|
||||
Builder = 'builder',
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
//
|
||||
// Run 'make gen-cue' from repository root to regenerate.
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export interface Options {
|
||||
/**
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
//
|
||||
// Run 'make gen-cue' from repository root to regenerate.
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export interface ArcOption {
|
||||
/**
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
import * as common from '@grafana/schema';
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
/**
|
||||
* Select the pie chart display style.
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
import * as common from '@grafana/schema';
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export interface Options extends common.SingleStatBaseOptions {
|
||||
colorMode: common.BigValueColorMode;
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
import * as ui from '@grafana/schema';
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export interface Options extends ui.OptionsWithLegend, ui.OptionsWithTooltip, ui.OptionsWithTimezones {
|
||||
/**
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
import * as ui from '@grafana/schema';
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export interface Options extends ui.OptionsWithLegend, ui.OptionsWithTooltip, ui.OptionsWithTimezones {
|
||||
/**
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
import * as ui from '@grafana/schema';
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export interface Options {
|
||||
/**
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
//
|
||||
// Run 'make gen-cue' from repository root to regenerate.
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export enum TextMode {
|
||||
Code = 'code',
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
import * as common from '@grafana/schema';
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
export interface Options extends common.OptionsWithTimezones {
|
||||
legend: common.VizLegendOptions;
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
import * as common from '@grafana/schema';
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
/**
|
||||
* Identical to timeseries... except it does not have timezone settings
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
import * as common from '@grafana/schema';
|
||||
|
||||
export const pluginVersion = "11.2.2";
|
||||
export const pluginVersion = "11.2.1";
|
||||
|
||||
/**
|
||||
* Auto is "table" in the UI
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
"license": "AGPL-3.0-only",
|
||||
"private": true,
|
||||
"name": "@grafana/sql",
|
||||
"version": "11.2.2",
|
||||
"version": "11.2.1",
|
||||
"repository": {
|
||||
"type": "git",
|
||||
"url": "http://github.com/grafana/grafana.git",
|
||||
@@ -15,11 +15,11 @@
|
||||
},
|
||||
"dependencies": {
|
||||
"@emotion/css": "11.11.2",
|
||||
"@grafana/data": "11.2.2",
|
||||
"@grafana/e2e-selectors": "11.2.2",
|
||||
"@grafana/data": "11.2.1",
|
||||
"@grafana/e2e-selectors": "11.2.1",
|
||||
"@grafana/experimental": "1.7.13",
|
||||
"@grafana/runtime": "11.2.2",
|
||||
"@grafana/ui": "11.2.2",
|
||||
"@grafana/runtime": "11.2.1",
|
||||
"@grafana/ui": "11.2.1",
|
||||
"@react-awesome-query-builder/ui": "6.6.2",
|
||||
"immutable": "4.3.7",
|
||||
"lodash": "4.17.21",
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"author": "Grafana Labs",
|
||||
"license": "Apache-2.0",
|
||||
"name": "@grafana/ui",
|
||||
"version": "11.2.2",
|
||||
"version": "11.2.1",
|
||||
"description": "Grafana Components Library",
|
||||
"keywords": [
|
||||
"grafana",
|
||||
@@ -50,10 +50,10 @@
|
||||
"@emotion/css": "11.11.2",
|
||||
"@emotion/react": "11.11.4",
|
||||
"@floating-ui/react": "0.26.22",
|
||||
"@grafana/data": "11.2.2",
|
||||
"@grafana/e2e-selectors": "11.2.2",
|
||||
"@grafana/data": "11.2.1",
|
||||
"@grafana/e2e-selectors": "11.2.1",
|
||||
"@grafana/faro-web-sdk": "^1.3.6",
|
||||
"@grafana/schema": "11.2.2",
|
||||
"@grafana/schema": "11.2.1",
|
||||
"@hello-pangea/dnd": "16.6.0",
|
||||
"@leeoniya/ufuzzy": "1.0.14",
|
||||
"@monaco-editor/react": "4.6.0",
|
||||
|
||||
@@ -41,7 +41,7 @@ describe('BigValue', () => {
|
||||
/>
|
||||
);
|
||||
|
||||
expect(screen.getByText('0.5%')).toBeInTheDocument();
|
||||
expect(screen.getByText('50%')).toBeInTheDocument();
|
||||
});
|
||||
|
||||
it('should render without percent change', () => {
|
||||
|
||||
@@ -27,7 +27,6 @@ export const PercentChange = ({ percentChange, styles }: Props) => {
|
||||
);
|
||||
};
|
||||
|
||||
// percentChange is expected to be a value between 0-100
|
||||
export const percentChangeString = (percentChange: number) => {
|
||||
return (percentChange / 100).toLocaleString(undefined, { style: 'percent', maximumSignificantDigits: 3 });
|
||||
return percentChange.toLocaleString(undefined, { style: 'percent', maximumSignificantDigits: 3 });
|
||||
};
|
||||
|
||||
@@ -43,15 +43,6 @@ export interface AxisProps {
|
||||
}
|
||||
|
||||
export const UPLOT_AXIS_FONT_SIZE = 12;
|
||||
|
||||
// for panels with small heights, we increase tick density by reducing the minumum tick spacing
|
||||
// all values in CSS pixels
|
||||
const Y_TICK_SPACING_PANEL_HEIGHT = 150;
|
||||
const Y_TICK_SPACING_NORMAL = 30;
|
||||
const Y_TICK_SPACING_SMALL = 15;
|
||||
|
||||
const X_TICK_SPACING_NORMAL = 40;
|
||||
|
||||
const labelPad = 8;
|
||||
|
||||
export class UPlotAxisBuilder extends PlotConfigBuilder<AxisProps, Axis> {
|
||||
@@ -71,18 +62,20 @@ export class UPlotAxisBuilder extends PlotConfigBuilder<AxisProps, Axis> {
|
||||
|
||||
// for axis left & right
|
||||
if (axis.side !== 2 || !scale) {
|
||||
return plotDim <= Y_TICK_SPACING_PANEL_HEIGHT ? Y_TICK_SPACING_SMALL : Y_TICK_SPACING_NORMAL;
|
||||
return 30;
|
||||
}
|
||||
|
||||
const defaultSpacing = 40;
|
||||
|
||||
if (scale.time) {
|
||||
const maxTicks = plotDim / X_TICK_SPACING_NORMAL;
|
||||
const maxTicks = plotDim / defaultSpacing;
|
||||
const increment = (scaleMax - scaleMin) / maxTicks;
|
||||
const sample = formatTime(self, [scaleMin], axisIdx, X_TICK_SPACING_NORMAL, increment);
|
||||
const sample = formatTime(self, [scaleMin], axisIdx, defaultSpacing, increment);
|
||||
const width = measureText(sample[0], UPLOT_AXIS_FONT_SIZE).width + 18;
|
||||
return width;
|
||||
}
|
||||
|
||||
return X_TICK_SPACING_NORMAL;
|
||||
return defaultSpacing;
|
||||
}
|
||||
|
||||
/** height of x axis or width of y axis in CSS pixels alloted for values, gap & ticks, but excluding axis label */
|
||||
|
||||
@@ -22,8 +22,6 @@ import (
|
||||
"github.com/grafana/grafana/pkg/web"
|
||||
)
|
||||
|
||||
const defaultAnnotationsLimit = 100
|
||||
|
||||
// swagger:route GET /annotations annotations getAnnotations
|
||||
//
|
||||
// Find Annotations.
|
||||
@@ -50,9 +48,6 @@ func (hs *HTTPServer) GetAnnotations(c *contextmodel.ReqContext) response.Respon
|
||||
MatchAny: c.QueryBool("matchAny"),
|
||||
SignedInUser: c.SignedInUser,
|
||||
}
|
||||
if query.Limit == 0 {
|
||||
query.Limit = defaultAnnotationsLimit
|
||||
}
|
||||
|
||||
// When dashboard UID present in the request, we ignore dashboard ID
|
||||
if query.DashboardUID != "" {
|
||||
|
||||
@@ -28,13 +28,7 @@ func checkAppEnabled(pluginStore pluginstore.Store, pluginSettings pluginsetting
|
||||
})
|
||||
if err != nil {
|
||||
if errors.Is(err, pluginsettings.ErrPluginSettingNotFound) {
|
||||
// If the plugin is auto enabled, we don't want to return an error because auto enabling allows us
|
||||
// to enable plugins that are not explicitly configured.
|
||||
if p.AutoEnabled {
|
||||
return
|
||||
}
|
||||
|
||||
c.JsonApiErr(http.StatusNotFound, "Plugin setting not found", nil)
|
||||
c.JsonApiErr(http.StatusNotFound, "Plugin not found", nil)
|
||||
return
|
||||
}
|
||||
c.JsonApiErr(http.StatusInternalServerError, "Failed to get plugin settings", err)
|
||||
|
||||
@@ -41,11 +41,6 @@ func TestHTTPServer_CheckEnabled(t *testing.T) {
|
||||
pluginID: "grafana-test-app_disabled",
|
||||
expectedCode: 404,
|
||||
},
|
||||
{
|
||||
name: "should not set an error code if the plugin is auto enabled, without a saved plugin setting",
|
||||
pluginID: "grafana-test-app_autoEnabled",
|
||||
expectedCode: 0,
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
@@ -55,7 +50,6 @@ func TestHTTPServer_CheckEnabled(t *testing.T) {
|
||||
{JSONData: plugins.JSONData{ID: "mysql"}},
|
||||
{JSONData: plugins.JSONData{Type: plugins.TypeApp, ID: "grafana-test-app"}},
|
||||
{JSONData: plugins.JSONData{Type: plugins.TypeApp, ID: "grafana-test-app_disabled"}},
|
||||
{JSONData: plugins.JSONData{Type: plugins.TypeApp, ID: "grafana-test-app_autoEnabled", AutoEnabled: true}},
|
||||
},
|
||||
}
|
||||
hs.PluginSettings = &pluginsettings.FakePluginSettings{Plugins: map[string]*pluginsettings.DTO{
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
module github.com/grafana/grafana/pkg/apimachinery
|
||||
|
||||
go 1.22.7
|
||||
go 1.22.4
|
||||
|
||||
require (
|
||||
github.com/grafana/authlib v0.0.0-20240730122259-a0d13672efb1
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
module github.com/grafana/grafana/pkg/apiserver
|
||||
|
||||
go 1.22.7
|
||||
go 1.22.4
|
||||
|
||||
require (
|
||||
github.com/google/go-cmp v0.6.0
|
||||
|
||||
@@ -11,8 +11,6 @@ import (
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/urfave/cli/v2"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -32,12 +30,6 @@ func logError(message string, err error) int {
|
||||
return 1
|
||||
}
|
||||
|
||||
func RunCmdCLI(c *cli.Context) error {
|
||||
os.Exit(RunCmd())
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// RunCmd runs the build command and returns the exit code
|
||||
func RunCmd() int {
|
||||
opts := BuildOptsFromFlags()
|
||||
|
||||
@@ -2,6 +2,20 @@ package main
|
||||
|
||||
import "github.com/urfave/cli/v2"
|
||||
|
||||
// ArgCountWrapper will cause the action to fail if there were not exactly `num` args provided.
|
||||
func ArgCountWrapper(num int, action cli.ActionFunc) cli.ActionFunc {
|
||||
return func(ctx *cli.Context) error {
|
||||
if ctx.NArg() != num {
|
||||
if err := cli.ShowSubcommandHelp(ctx); err != nil {
|
||||
return cli.Exit(err.Error(), 1)
|
||||
}
|
||||
return cli.Exit("", 1)
|
||||
}
|
||||
|
||||
return action(ctx)
|
||||
}
|
||||
}
|
||||
|
||||
// ArgCountWrapper will cause the action to fail if there were more than `num` args provided.
|
||||
func MaxArgCountWrapper(max int, action cli.ActionFunc) cli.ActionFunc {
|
||||
return func(ctx *cli.Context) error {
|
||||
|
||||
68
pkg/build/cmd/buildbackend.go
Normal file
68
pkg/build/cmd/buildbackend.go
Normal file
@@ -0,0 +1,68 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"log"
|
||||
|
||||
"github.com/urfave/cli/v2"
|
||||
|
||||
"github.com/grafana/grafana/pkg/build/compilers"
|
||||
"github.com/grafana/grafana/pkg/build/config"
|
||||
"github.com/grafana/grafana/pkg/build/errutil"
|
||||
"github.com/grafana/grafana/pkg/build/grafana"
|
||||
"github.com/grafana/grafana/pkg/build/syncutil"
|
||||
)
|
||||
|
||||
func BuildBackend(ctx *cli.Context) error {
|
||||
metadata, err := config.GenerateMetadata(ctx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
version := metadata.GrafanaVersion
|
||||
|
||||
var (
|
||||
edition = config.Edition(ctx.String("edition"))
|
||||
cfg = config.Config{
|
||||
NumWorkers: ctx.Int("jobs"),
|
||||
}
|
||||
)
|
||||
|
||||
buildConfig, err := config.GetBuildConfig(metadata.ReleaseMode.Mode)
|
||||
if err != nil {
|
||||
return fmt.Errorf("could not get version / package info for mode '%s': %w", metadata.ReleaseMode.Mode, err)
|
||||
}
|
||||
|
||||
const grafanaDir = "."
|
||||
|
||||
log.Printf("Building Grafana back-end, version %q, %s edition, variants [%v]",
|
||||
version, edition, buildConfig.Variants)
|
||||
|
||||
p := syncutil.NewWorkerPool(cfg.NumWorkers)
|
||||
defer p.Close()
|
||||
|
||||
if err := compilers.Install(); err != nil {
|
||||
return cli.Exit(err.Error(), 1)
|
||||
}
|
||||
|
||||
g, _ := errutil.GroupWithContext(ctx.Context)
|
||||
for _, variant := range buildConfig.Variants {
|
||||
variant := variant
|
||||
|
||||
opts := grafana.BuildVariantOpts{
|
||||
Variant: variant,
|
||||
Edition: edition,
|
||||
Version: version,
|
||||
GrafanaDir: grafanaDir,
|
||||
}
|
||||
|
||||
p.Schedule(g.Wrap(func() error {
|
||||
return grafana.BuildVariant(ctx.Context, opts)
|
||||
}))
|
||||
}
|
||||
if err := g.Wait(); err != nil {
|
||||
return cli.Exit(err.Error(), 1)
|
||||
}
|
||||
|
||||
log.Println("Successfully built back-end binaries!")
|
||||
return nil
|
||||
}
|
||||
51
pkg/build/cmd/builddocker.go
Normal file
51
pkg/build/cmd/builddocker.go
Normal file
@@ -0,0 +1,51 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"log"
|
||||
|
||||
"github.com/urfave/cli/v2"
|
||||
|
||||
"github.com/grafana/grafana/pkg/build/config"
|
||||
"github.com/grafana/grafana/pkg/build/docker"
|
||||
"github.com/grafana/grafana/pkg/build/gcloud"
|
||||
)
|
||||
|
||||
func BuildDocker(c *cli.Context) error {
|
||||
if err := docker.Init(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
metadata, err := config.GenerateMetadata(c)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
useUbuntu := c.Bool("ubuntu")
|
||||
buildConfig, err := config.GetBuildConfig(metadata.ReleaseMode.Mode)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
shouldSave := buildConfig.Docker.ShouldSave
|
||||
if shouldSave {
|
||||
if err := gcloud.ActivateServiceAccount(); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
edition := config.Edition(c.String("edition"))
|
||||
|
||||
version := metadata.GrafanaVersion
|
||||
|
||||
log.Printf("Building Docker images, version %s, %s edition, Ubuntu based: %v...", version, edition,
|
||||
useUbuntu)
|
||||
|
||||
for _, arch := range buildConfig.Docker.Architectures {
|
||||
if _, err := docker.BuildImage(version, arch, ".", useUbuntu, shouldSave, edition, metadata.ReleaseMode.Mode); err != nil {
|
||||
return cli.Exit(err.Error(), 1)
|
||||
}
|
||||
}
|
||||
|
||||
log.Println("Successfully built Docker images!")
|
||||
return nil
|
||||
}
|
||||
39
pkg/build/cmd/buildfrontend.go
Normal file
39
pkg/build/cmd/buildfrontend.go
Normal file
@@ -0,0 +1,39 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"log"
|
||||
|
||||
"github.com/urfave/cli/v2"
|
||||
|
||||
"github.com/grafana/grafana/pkg/build/config"
|
||||
"github.com/grafana/grafana/pkg/build/errutil"
|
||||
"github.com/grafana/grafana/pkg/build/frontend"
|
||||
"github.com/grafana/grafana/pkg/build/syncutil"
|
||||
)
|
||||
|
||||
func BuildFrontend(c *cli.Context) error {
|
||||
metadata, err := config.GenerateMetadata(c)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
cfg, mode, err := frontend.GetConfig(c, metadata)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
p := syncutil.NewWorkerPool(cfg.NumWorkers)
|
||||
defer p.Close()
|
||||
|
||||
g, _ := errutil.GroupWithContext(c.Context)
|
||||
if err := frontend.Build(mode, frontend.GrafanaDir, p, g); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := g.Wait(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
log.Println("Successfully built Grafana front-end!")
|
||||
|
||||
return nil
|
||||
}
|
||||
38
pkg/build/cmd/buildfrontendpackages.go
Normal file
38
pkg/build/cmd/buildfrontendpackages.go
Normal file
@@ -0,0 +1,38 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"log"
|
||||
|
||||
"github.com/grafana/grafana/pkg/build/config"
|
||||
"github.com/grafana/grafana/pkg/build/errutil"
|
||||
"github.com/grafana/grafana/pkg/build/frontend"
|
||||
"github.com/grafana/grafana/pkg/build/syncutil"
|
||||
"github.com/urfave/cli/v2"
|
||||
)
|
||||
|
||||
func BuildFrontendPackages(c *cli.Context) error {
|
||||
metadata, err := config.GenerateMetadata(c)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
cfg, mode, err := frontend.GetConfig(c, metadata)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
p := syncutil.NewWorkerPool(cfg.NumWorkers)
|
||||
defer p.Close()
|
||||
|
||||
g, _ := errutil.GroupWithContext(c.Context)
|
||||
if err := frontend.BuildFrontendPackages(cfg.PackageVersion, mode, frontend.GrafanaDir, p, g); err != nil {
|
||||
return cli.Exit(err.Error(), 1)
|
||||
}
|
||||
if err := g.Wait(); err != nil {
|
||||
return cli.Exit(err.Error(), 1)
|
||||
}
|
||||
|
||||
log.Println("Successfully built Grafana front-end packages!")
|
||||
|
||||
return nil
|
||||
}
|
||||
53
pkg/build/cmd/buildinternalplugins.go
Normal file
53
pkg/build/cmd/buildinternalplugins.go
Normal file
@@ -0,0 +1,53 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"context"
|
||||
"log"
|
||||
|
||||
"github.com/urfave/cli/v2"
|
||||
|
||||
"github.com/grafana/grafana/pkg/build/config"
|
||||
"github.com/grafana/grafana/pkg/build/errutil"
|
||||
"github.com/grafana/grafana/pkg/build/plugins"
|
||||
"github.com/grafana/grafana/pkg/build/syncutil"
|
||||
)
|
||||
|
||||
func BuildInternalPlugins(c *cli.Context) error {
|
||||
cfg := config.Config{
|
||||
NumWorkers: c.Int("jobs"),
|
||||
}
|
||||
|
||||
const grafanaDir = "."
|
||||
metadata, err := config.GenerateMetadata(c)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
buildConfig, err := config.GetBuildConfig(metadata.ReleaseMode.Mode)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
log.Println("Building internal Grafana plug-ins...")
|
||||
|
||||
ctx := context.Background()
|
||||
|
||||
p := syncutil.NewWorkerPool(cfg.NumWorkers)
|
||||
defer p.Close()
|
||||
|
||||
var g *errutil.Group
|
||||
g, ctx = errutil.GroupWithContext(ctx)
|
||||
if err := plugins.Build(ctx, grafanaDir, p, g, buildConfig); err != nil {
|
||||
return cli.Exit(err.Error(), 1)
|
||||
}
|
||||
if err := g.Wait(); err != nil {
|
||||
return cli.Exit(err.Error(), 1)
|
||||
}
|
||||
|
||||
if err := plugins.Download(ctx, grafanaDir, p); err != nil {
|
||||
return cli.Exit(err.Error(), 1)
|
||||
}
|
||||
|
||||
log.Println("Successfully built Grafana plug-ins!")
|
||||
|
||||
return nil
|
||||
}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user