20b08ccaab
* Revert "Revert: Future-proofing query and data source model in Dashboard Sche… (#107985)" This reverts commit13a89d4ae3. * Revert "Revert "Schema V2: Simplify annotations v1<->v2 conversions" (#107984)" This reverts commit2b8c5bea1a. * make gen apps * e2e update * Use v2alpha2 by default (#108177) * Use v2alpha2 by default * Apply only DS changes to alpha2 * Use v2alpha2 by default except to query * Create a v2 index in @grafana/schema * Update path and apply lint * Update tests * Update imports to v2 status * Fix failing openapi test * Schemav2 breaking changes: conversion implementation (#108224) * provision v2alpha1 dashboard * Run conversions for DS refactor * Run snapshot testing on conversions * Normalize output name * Update snapshots to include all panel and variable cases * fix lint * fix lint * fix test and go lint * more go lint --------- Co-authored-by: Ivan Ortega <ivanortegaalba@gmail.com> Co-authored-by: Haris Rozajac <haris.rozajac12@gmail.com> * Schema v2: Introduce group/datasource convention to GroupBy and AdHoc variable (#108237) * Schema v2: Introduce group/datasource convention to GroupBy and AdHoc variables * add conversion * App Installer: Authorizer support (#108419) * Chore: use `satisfies` and remove a load of `any`s (#108397) use satisfies and remove a load of anys * improve logging and fail unified-storage migration with more than 0 errors (#108471) improve logging and fail unified-storage migration with more than 0 errors * fix conversion test * Secrets: Create more granular fixed roles for SecureValues (#108382) * Provisioning: Fix bug in job progress recording (#108440) Fix bug in job progress recording * Provisioning: Fix ImportAllPanelsFromLocalRepository test (#108441) * Provisioning: Skip flaky test * Fix flaky provisioning test * Fix lint --------- Co-authored-by: Roberto Jimenez Sanchez <roberto.jimenez@grafana.com> * BulkDeleteProvisionedResource: Move progress bar into a second step (#108417) * Move progress bar into a second step --------- Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * [Dashboard Schema Codegen] Move dashboard CUE codegen block back up into kind body (#108476) [Dashboard Schema Codegen] Move dashboard CUE codegen block back up into kind body to make sure new versions have the same settings. --------- Co-authored-by: Haris Rozajac <haris.rozajac12@gmail.com> Co-authored-by: Todd Treece <360020+toddtreece@users.noreply.github.com> Co-authored-by: Ashley Harrison <ashley.harrison@grafana.com> Co-authored-by: Will Assis <35489495+gassiss@users.noreply.github.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: Roberto Jiménez Sánchez <jszroberto@gmail.com> Co-authored-by: Roberto Jimenez Sanchez <roberto.jimenez@grafana.com> Co-authored-by: Yunwen Zheng <yunwen.zheng@grafana.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Austin Pond <IfSentient@users.noreply.github.com> Co-authored-by: Ivan Ortega <ivanortegaalba@gmail.com> * Dashboard Schema V2: Refactor VizConfigKind to follow DataQueryKind convention (#108148) * Dashboards API: Register v2alpha2 API * Prepare conversion functions * Fix test * Refactor VizConfigKind to follow DataQueryKind convention * fix tests * use new dataquerykind convention alpha 2 * add conversion * fix tests * fix tests * fix another test * Fix merge --------- Co-authored-by: Dominik Prokop <dominik.prokop@grafana.com> * fix k8s codegen * Update e2e-playwright/dashboards/TestV2Dashboard.json * Update e2e/dashboards/TestV2Dashboard.json * revert app generation for non-related apps * try again * another try * also revert folder and secret app generation * v2alpha1 provisioned dashboard * Fix kind * Fix conversion snapshots * Update API discovery registry * Rename to v2beta1 * Rename migrations * Update apps/dashboard/pkg/apis/dashboard/v2beta1/doc.go Co-authored-by: Stephanie Hingtgen <stephanie.hingtgen@grafana.com> * Ensure conditional rendering and other non changed properties --------- Co-authored-by: Ivan Ortega <ivanortegaalba@gmail.com> Co-authored-by: Haris Rozajac <haris.rozajac12@gmail.com> Co-authored-by: Todd Treece <360020+toddtreece@users.noreply.github.com> Co-authored-by: Ashley Harrison <ashley.harrison@grafana.com> Co-authored-by: Will Assis <35489495+gassiss@users.noreply.github.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: Roberto Jiménez Sánchez <jszroberto@gmail.com> Co-authored-by: Roberto Jimenez Sanchez <roberto.jimenez@grafana.com> Co-authored-by: Yunwen Zheng <yunwen.zheng@grafana.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Austin Pond <IfSentient@users.noreply.github.com> Co-authored-by: Haris Rozajac <58232930+harisrozajac@users.noreply.github.com> Co-authored-by: Stephanie Hingtgen <stephanie.hingtgen@grafana.com>
Authorization
This package contains the authorization server implementation.
Feature toggles
The following feature toggles need to be activated:
[feature_toggles]
authZGRPCServer = true
grpcServer = true
Configuration
To configure the authorization server and client, use the "authorization" section of the configuration ini file.
The remote_address setting, specifies the address where the authorization server is located (ex: server.example.org:10000).
The mode setting can be set to either cloud, grpc or inproc. When set to cloud (or grpc), the client will connect to the specified address. When set to inproc the client will use inprocgrpc (relying on go channels) to wrap a local instantiation of the server.
The listen setting determines whether the authorization server should listen for incoming requests. When set to true, the authorization service will be registered to the Grafana GRPC server.
The default configuration does not register the authorization service on the Grafana GRPC server and binds the client to it inproc:
[authorization]
remote_address = ""
listen = false
mode = "inproc"
Example
Here is an example to connect the authorization client to a remote grpc server.
[authorization]
remote_address = "server.example.org:10000"
listen = false
mode = "grpc"
Here is an example to register the authorization service on the Grafana GRPC server and connect the client to it through grpc.
app_mode = development
[authorization]
remote_address = "localhost:10000"
listen = true
mode = "grpc"
Here is an example to connect the authorization client to a remote grpc server and use access token authentication.
[environment]
stack_id = 11
[authorization]
remote_address = "server.example.org:10000"
mode = "cloud"
listen = false
[grpc_client_authentication]
token = "ReplaceWithToken"
token_exchange_url = "signing-server.example.org/path/to/signing"
token_namespace = "stacks-11"