* Alerting: Allow selection of recording rule write target on per-rule basis.
Introduces a new feature flag (`grafanaManagedRecordingRulesDatasources`),
disabled by default, to enable the ability to write recording rules data using
data source settings, and selecting the data source to use on a per-rule basis.
To cope with the scenario of users upgrading, a configuration file option
allows setting the default data source to use, if none is specified in the rule,
emulating the behaviour of recording rules without the flag enabled.
* Lint
* Update conf/sample.ini
Co-authored-by: Alexander Akhmetov <me@alx.cx>
---------
Co-authored-by: Alexander Akhmetov <me@alx.cx>
* feat(auth/JWTAuth): add support for the TlsSkipVerify parameter
* feat(auth/JWTAuth): add param to default.ini and sample.ini
---------
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
* Auth: Add IP address login attempt validation
* LoginAttempt struct IpAddress field must be camelCase to match db ip_address column
* add setting DisableIPAddressLoginProtection
* lint
* add DisableIPAddressLoginProtection setting to tests
* add request object to authenticate password test
* nit suggestions & rename tests
* add login attempt on failed password authentication
* dont need to reset login attempts if successful
* don't change error message
* revert go.work.sum
* Update pkg/services/authn/clients/password.go
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Explore: Add `disableLogsDownload` and hide button to download logs
* change copy
* Explore: Change `disableLogsDownload` to `hide_logs_download`
* change casing in frontend
* also hide from inspector
* add test
* lint
* WIP benchmark dashboard rendering
* Script
* Benchmark with variable and a panel
* Add one more benchmark
* Explicitely enable profiling
* Playwright tests
* update scenes
* Report measurement to faro when config set
* Let user enable metrics reporting in UI
* Fix logging
* Change how performance metrics is enabled per dashboard, now in config file only
* add benchmark run option
* Fix benchmark runs
* fix description for performance config
* remove console.log
* update codeowners
* add back crashDetection init that was lost in merge
* fix yarn.lock
* restore custom.ini
* fix import
* Make sure we have the echoSrv
* fix config type
* Try to limit changes to e2e runs
* remove benchmark
* Fix lint issue
* fix codeowners
---------
Co-authored-by: Dominik Prokop <dominik.prokop@grafana.com>
Co-authored-by: Sergej-Vlasov <sergej.s.vlasov@gmail.com>
* added changes for rebase
* ran go mod tidy and ran a build
* ran a build
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
* updated go.work.sum to upstream
* added newline to match upstream
* added more specificity in documentation
---------
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
* Datasources: Add toggle to control default behaviour of 'Manage alerts via Alerts UI' toggle
* Update documentation with suggestions
Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com>
* added backend support for client_secret_jwt
* added backend support for client_secret_jwt
* added all logic to the exchange function (overloaded social exchange in azuread_oauth to handle managed identity client id)
* ran yarn install to update lock file
* added support for client_secret_jwt when managed_identity_client_id is null
* added audience flag and changed exchange to directly access oauth config using .info
* added logic in setting oauth.Config for supported client authentication values
* added client_authentication, managed_identity_client_id, and audience to sample.ini file
* using provided ctx in ManagedIdentityCallback function
* added frontend support for federated identity credential auth
* added client authentication field
* added Azure AD documentation for Grafana
* added bold font to "Add" keyword in documentation
* minor wording change relating to previous commit
* addressed changing audience to federated_credential_audience, moving validation, and changing managedIdentityCallback to private function
* correction to audience name changing
* fixed orgMappingClientAuthentication function name, and added in logic into validateFederatedCredentialAudience function
* Change docs
* Add iam team as owner of azcore pkg
* added backend support for client_secret_jwt
* added all logic to the exchange function (overloaded social exchange in azuread_oauth to handle managed identity client id)
* ran yarn install to update lock file
* added support for client_secret_jwt when managed_identity_client_id is null
* added audience flag and changed exchange to directly access oauth config using .info
* added logic in setting oauth.Config for supported client authentication values
* added client_authentication, managed_identity_client_id, and audience to sample.ini file
* using provided ctx in ManagedIdentityCallback function
* added frontend support for federated identity credential auth
* added client authentication field
* added Azure AD documentation for Grafana
* added bold font to "Add" keyword in documentation
* minor wording change relating to previous commit
* addressed changing audience to federated_credential_audience, moving validation, and changing managedIdentityCallback to private function
* correction to audience name changing
* fixed orgMappingClientAuthentication function name, and added in logic into validateFederatedCredentialAudience function
* Change docs
* Add iam team as owner of azcore pkg
* updated yarn lock file
* updated doc for correction
* removed wrong changes in pkg directory
* removed newline in dashboard-generate.yaml and unified.ts
* updated yarn.lock to match upstream
* Lint
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* removing unwanted changes
* added back removed newline
* fixed failing test in azuread_oauth_test.go
* Update azuread_oauth.go
removed unnecessary newline, fixed lint
---------
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
Currently the default is 1, this means that by default users will see transient
query errors reflected as alert evaluation failures, when often an immediate
retry is sufficient to evaluate the rule successfully.
Enabling retries by default leads to a better experience out of the box.
* Add setting to adjust number of login attempts before user login gets locked
* Ensure at least one attempt can be made
* Update documentation with new setting
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
* initial passwordless client
* passwordless login page
* Working basic e2e flow
* Add todo comments
* Improve the passwordless login flow
* improved passwordless login, backend for passwordless signup
* add expiration to emails
* update email templates & render username & name fields on signup
* improve email templates
* change login page text while awaiting passwordless code
* fix merge conflicts
* use claims.TypeUser
* add initial passwordless tests
* better error messages
* simplified error name
* remove completed TODOs
* linting & minor test improvements & rename passwordless routes
* more linting fixes
* move code generation to its own func, use locationService to get query params
* fix ampersand in email templates & use passwordless api routes in LoginCtrl
* txt emails more closely match html email copy
* move passwordless auth behind experimental feature toggle
* fix PasswordlessLogin property failing typecheck
* make update-workspace
* user correct placeholder
* Update emails/templates/passwordless_verify_existing_user.txt
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update emails/templates/passwordless_verify_existing_user.mjml
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update emails/templates/passwordless_verify_new_user.txt
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update emails/templates/passwordless_verify_new_user.txt
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update emails/templates/passwordless_verify_new_user.mjml
Co-authored-by: Dan Cech <dcech@grafana.com>
* use & in email templates
* Update emails/templates/passwordless_verify_existing_user.txt
Co-authored-by: Dan Cech <dcech@grafana.com>
* remove IP address validation
* struct for passwordless settings
* revert go.work.sum changes
* mock locationService.getSearch in failing test
---------
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
* Use a enable configuration to enable frontend sandbox
* Modify settings to load enableFrontendSandbox
* Check for signature type
* Update commment
* Fix e2e tests for the frontend sandbox
* Modify logic so a custom check function is used instead of a list of checks
* Fixes flaky test
* fix comment
* Update comment
* Empty commit
* Empty commit
* ManagedServiceAccounts: Add a config option to disabled by default
* Update log in pkg/services/extsvcauth/registry/service.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* allow post URL
* check for config
* allow relative paths
* add allowed internal pattern; add checks for method
* update defaults.ini
* add custom header
* update config comment
* use globbing, switch to older middleware - deprecated call
* add codeowner
* update to use current api, add test
* update fall through logic
* Update pkg/middleware/validate_action_url.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update pkg/middleware/validate_action_url.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* add more tests
* Update pkg/middleware/validate_action_url_test.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* fix request headers
* add additional tests for all verbs
* fix request headers++
* throw error when method is unknown
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
Co-authored-by: Brian Gann <bkgann@gmail.com>
Co-authored-by: Brian Gann <briangann@users.noreply.github.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
* update oauthtoken service to use remote cache and server lock
* remove token cache
* retry is lock is held by an in-flight refresh
* refactor token renewal to avoid race condition
* re-add refresh token expiry cache, but in SyncOauthTokenHook
* Add delta to the cache ttl
* Fix merge
* Change lockTimeConfig
* Always set the token from within the server lock
* Improvements
* early return when user is not authed by OAuth or refresh is disabled
* Allow more time for token refresh, tracing
* Retry on Mysql Deadlock error 1213
* Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* Add settings for configuring min wait time between retries
* Add docs for the new setting
* Clean up
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
---------
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Steve Simpson
Lucy Chen
Tania
Filip "Ret2Me" Poplewski
Jean-Philippe Quéméner
Eric Leijonmarck
Nicolas Simonds
colin-stuart
Nathan Marrs
Ben Sully
Sven Grossmann
Oscar Kilhed
John Naizer
Matheus Macabu
Alexander Akhmetov
Hugo Kiyodi Oshiro
Karl Persson
Isabella Siu
Tom Ratcliffe
Andres Martinez Gotor
Fayzal Ghantiwala
Josh Hunt
Tobias Skarhed
Esteban Beltran
Igor
Yves Siegrist
Brandon
Gabriel MABILLE
Todd Treece
Adela Almasan
Alexander Weaver
Dan Cech
Mihai Doarna
lean.dev
Ryan McKinley
Michael Mandrus