grafana

Commit Graph

Author	SHA1	Message	Date
Torkel Ödegaard	3ee26df41e	PublicDashboards: Variables refactor (#73476 ) Co-authored-by: Juan Cabanas <juan.cabanas@grafana.com> Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com> Co-authored-by: Ryan McKinley <ryantxu@gmail.com>	2 years ago
Karl Persson	e53e22ef2a	Contexthandler: Remove code that is no longer used (#73101 ) * Contexthandler: remove dead code * Contexthandler: Add tests * Update pkg/tests/api/alerting/api_alertmanager_test.go Co-authored-by: Jo <joao.guerreiro@grafana.com> --------- Co-authored-by: Jo <joao.guerreiro@grafana.com>	2 years ago
Karl Persson	144e4887ee	Auth: Use authn.Service for all tests (#72921 ) * Dashboards: Fix tests when authn broker is enabled. StarService was not configured for tests, the call was guarded by !c.IsSignedIn * Change default to be anon user to match expectations from tests * OAuth: rewrite tests to work with authn.Service * Setup template renderer by default * Extract cookie options from cfg instead of relying on global variables * Fix test to work with authn service * Middleware: rewrite auth tests * Remvoe session cookie if we cannot refresh access token	2 years ago
Jo	3353b1a8aa	Auth: Add authed device tagging (#72442 ) * add authed device tagging * fix config * implement feedback * implement feedback * add reverse untag behavior * remove duplicate stat * Update pkg/services/anonymous/anonimpl/impl.go	2 years ago
Jo	e04a6fb08e	Auth: Fix static test fake (#72514 ) fix static fake	2 years ago
Jo	a4a87f6228	Auth: Rename Sessions to Devices in counting (#72432 ) * rename session to device * rename session to device	2 years ago
Jo	ed780ce0e9	Auth: Fix Last Seen being updated on every request (#72036 ) * make sure LastSeen hook has information to decide if update is necessary * make user service check if it should update the user's last seen * do not run last seen hook if is a login request * make service return error when last seen is up to date * fix err * Update pkg/services/contexthandler/contexthandler.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * fix golint --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>	2 years ago
Misi	5efc3386d3	AuthZ: Extend /api/search to work with self-contained permissions (#70749 ) * Search sql filter draft, unfinished * Search works for empty roles * Add current AuthModule to SignedInUser * clean up, changes to the search * Use constant prefixes * Change AuthModule to AuthenticatedBy * Add tests for using the permissions from the SignedInUser * Refactor and simplify code * Fix sql generation for pg and mysql * Fixes, clean up * Add test for empty permission list * Fix * Fix any vs all in case of edit permission * Update pkg/services/authn/authn.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/sqlstore/permissions/dashboard_test.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Fixes, changes based on the review --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>	2 years ago
Michael Mandrus	ff6d6659fb	Query: Fix concurrency handling for mixed datasource queries (#70100 ) * split queries and merge responses * increase concurrency again * update unit test to verify the headers are merged * fix lint issue * fix race condition in unit test * Fix function name and add a bit more documentation about how the func should be used * update function call after rename * check for duplicate header vals * make concurrent query limit configurable * Update conf/sample.ini Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> --------- Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>	2 years ago
Jo	aee5c6dea0	Auth: Use auth broker by default (#69620 ) remove authnservice toggle	2 years ago
Jo	05e71d4c6b	AnonymousAuth: Fix concurrent read-write crash (#68637 ) clone http req before tagging	2 years ago
Jo	5ec0f82baa	Separate authn flow from analytics (#68327 ) * separate authn flow from analytics * lint fix	2 years ago
linoman	15e34505e2	Render analytics identifiers (#67860 ) * Append analytics identifier upon authenticate session * Add id and module upon syncing user to identity * Add authModule & id to `IdentityFromSignedInUser` * Allow req calls in test to use basic auth * Add `intercom_secret` to grafana config in tests * Add test for analytics render in html view	2 years ago
Misi	4cac95d1c2	Auth: Remove the session cookie only if it's invalid or revoked (#65984 ) Remove the cookie if it's invalid or revoked	2 years ago
Michael Mandrus	5626461b3c	Caching: Refactor enterprise query caching middleware to a wire service (#65616 ) * define initial service and add to wire * update caching service interface * add skipQueryCache header handler and update metrics query function to use it * add caching service as a dependency to query service * working caching impl * propagate cache status to frontend in response * beginning of improvements suggested by Lean - separate caching logic from query logic. * more changes to simplify query function * Decided to revert renaming of function * Remove error status from cache request * add extra documentation * Move query caching duration metric to query package * add a little bit of documentation * wip: convert resource caching * Change return type of query service QueryData to a QueryDataResponse with Headers * update codeowners * change X-Cache value to const * use resource caching in endpoint handlers * write resource headers to response even if it's not a cache hit * fix panic caused by lack of nil check * update unit test * remove NONE header - shouldn't show up in OSS * Convert everything to use the plugin middleware * revert a few more things * clean up unused vars * start reverting resource caching, start to implement in plugin middleware * revert more, fix typo * Update caching interfaces - resource caching now has a separate cache method * continue wiring up new resource caching conventions - still in progress * add more safety to implementation * remove some unused objects * remove some code that I left in by accident * add some comments, fix codeowners, fix duplicate registration * fix source of panic in resource middleware * Update client decorator test to provide an empty response object * create tests for caching middleware * fix unit test * Update pkg/services/caching/service.go Co-authored-by: Arati R. <33031346+suntala@users.noreply.github.com> * improve error message in error log * quick docs update * Remove use of mockery. Update return signature to return an explicit hit/miss bool * create unit test for empty request context * rename caching metrics to make it clear they pertain to caching * Update pkg/services/pluginsintegration/clientmiddleware/caching_middleware.go Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> * Add clarifying comments to cache skip middleware func * Add comment pointing to the resource cache update call * fix unit tests (missing dependency) * try to fix mystery syntax error * fix a panic * Caching: Introduce feature toggle to caching service refactor (#66323) * introduce new feature toggle * hide calls to new service behind a feature flag * remove licensing flag from toggle (misunderstood what it was for) * fix unit tests * rerun toggle gen --------- Co-authored-by: Arati R. <33031346+suntala@users.noreply.github.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	2 years ago
Joan López de la Franca Beltran	87a0c95164	Rendering: Experimental support to use JWTs as auth method (#60841 ) * Rendering: Add support for auth through JWT * Goimports * Apply review suggestions * Correct feature toggle ref * Minor changes	2 years ago
Karl Persson	e4d998dc1a	ApiKeyGenPrefix: rename package (#65623 ) * Rename package to satokengen to make it clearer that it is for service account tokens	2 years ago
Karl Persson	382b24742a	Auth: Add feature flag to move token rotation to client (#65060 ) * FeatureToggle: Add toggle to use a new way of rotating tokens * API: Add endpoints to perform token rotation, one endpoint for api request and one endpoint for redirectsd * Auth: Aling not authorized handling between auth middleware and access control middleware * API: add utility function to get redirect for login * API: Handle token rotation redirect for login page * Frontend: Add job scheduling for token rotation and make call to token rotation as fallback in retry request * ContextHandler: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated * AuthN: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated * Cookies: Add option NotHttpOnly * AuthToken: Add helper function to get next rotation time and another function to check if token need to be rotated * AuthN: Add function to delete session cookie and set expiry cookie Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>	2 years ago
Serge Zaitsev	743d66396a	Chore: Remove result field from API keys commands and queries (#65055 ) * Chore: remove result field from api keys * fix shadowing * actually shadowing was all right	2 years ago
Karl Persson	8ef2afda87	ContextHandler: Always initiate permission map on signed in user (#64541 )	2 years ago
Karl Persson	bb217f7e5d	AuthN: Only mark IsSignedIn if user is not anonymous (#63833 ) Contexthandler: Only mark IsSignedIn if user is not anonymous	2 years ago
Jo	635a456fa4	Authn: Add separate context for session tagging (#63561 ) add context	2 years ago
Jo	ff78103a24	Authn: Anon session service (#63052 ) * add anon sessions package * add usage stat fn * implement count for cache * add anonservice to authn broker * lint * add tests for remote cache count * move anon service to services * wrap tagging in goroutine * make func used	2 years ago
Carl Bergquist	9d66b18b9c	Instrumentation: removes option to return uname as header (#62929 ) Signed-off-by: bergquist <carl.bergquist@gmail.com>	2 years ago
idafurjes	982939111b	Rename Id to ID for annotation models (#62886 ) * Rename Id to ID for annotation models * Add xorm tags * Rename Id to ID for API key models * Add xorm tags	2 years ago
Karl Persson	ce5e067d28	ContextHandler: add all configured auth header to context (#62775 ) * ContextHandler: Always store list of possible auth headers in context and remove individual calls	2 years ago
Misi	7c1d9769ca	Auth: Rotate token patch (#62676 ) * Use singleflight.Group * Align tests * Cleanup	2 years ago
Kristin Laemmert	9256a520a4	chore: move user_auth models to (mostly) login service (#62269 ) * chore: move user_auth models to (mostly) login service	2 years ago
idafurjes	6c5a573772	Chore: Move ReqContext to contexthandler service (#62102 ) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports	2 years ago
Eric Leijonmarck	c5cb5be3cc	Auth: Fix catch both both ErrInvalidAPIKey for context with APIKey (#62193 ) * fix: capture both ErrInvalidAPIKey * rename of variable	2 years ago
Karl Persson	95ea4bad6f	AuthN: Rebuild Authenticate so we only have to call it once in context handler (#61705 ) * API: Add reqSignedIn to router groups * AuthN: Add fall through in context handler * AuthN: Add IsAnonymous field * AuthN: add priority to context aware clients * ContextHandler: Add comment * AuthN: Add a simple priority queue * AuthN: Add Name to client interface * AuthN: register clients with function * AuthN: update mock and fake to implement interface * AuthN: rewrite test without reflection * AuthN: add comment * AuthN: fix queue insert * AuthN: rewrite tests * AuthN: make the queue generic so we can reuse it for hooks * ContextHandler: Add fixme for auth headers * AuthN: remove unused variable * AuthN: use multierror * AuthN: write proper tests for queue * AuthN: Add queue item that can store the value and priority Co-authored-by: Jo <joao.guerreiro@grafana.com>	2 years ago
Kristin Laemmert	cd08f2575a	chore: move jwt models into auth/jwt (#61862 ) * chore: move jwt models into auth/jwt	2 years ago
Karl Persson	1454b1b40a	Reqcontext: Add methods to write responses bases on errutil.Error (#60889 ) * ReqContext: Add methods to reqcontext used to handle errutil.Error * ReqContext: Pass all public field in response from errutil.Error	2 years ago
Karl Persson	766fa4e7d5	AuthN: Add last seen sync hooks for user and api keys (#61571 ) * AUthN: Add last seen sync hooks for user / service account and move api key last seen to own hook * ContextHandler: only run sync for last seen if auth.Service is not enabled	2 years ago
Karl Persson	b44b6fc5c6	AuthN: Add auth proxy client (#61555 ) * AuthN: set up boilerplate for proxy client * AuthN: Implement Test for proxy client * AuthN: parse accept list in constructor * AuthN: add proxy client interface * AuthN: handle error * AuthN: Implement the proxy client interface for ldap * AuthN: change reciever name * AuthN: add grafana as a proxy client * AuthN: for error returned * AuthN: add tests for grafana proxy auth * AuthN: swap order of grafan and ldap auth * AuthN: Parse additional proxy headers in proxy client and pass down	2 years ago
Eric Leijonmarck	07bbc0716c	Auth: Fix correct error for updateapikey in context handler (#61544 ) * fix: correct error for updateapikey * refactor: send the correct err forward * update: based on review	2 years ago
Jo	0c8ad80575	Authn: JWT client (#61157 ) * add jwt client * alias JWT verifier * debug implementation * add tests for jwt client * add constant for JWT module * Feedback Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>	2 years ago
Karl Persson	c5f77b6a46	AuthN: Set LookupTokenErr and fall through in case of error (#61217 ) ContextHandler: Set LookupTokenErr and fall through in case of error during authentication	2 years ago
Jo	a226903ec6	AuthN: Add session client (#60894 ) * add basic session client * populate UserToken in ReqContext * token rotation as a post auth hook * fixed in context handler * add session token rotation * add session token tests * use namespacedID constructor	2 years ago
Karl Persson	da24a9d74e	AuthN: Add render auth client (#60914 ) * AuthN: Add boilderplate for render auth client * AuthN: Implement test function for render auth client * AuthN: Implement Authenticate for render arender auth client * ContextHandler: Perform render auth if flag is enabled	2 years ago
Karl Persson	9fbb29c588	AuthN: Add client to perform basic authentication (#60877 ) * AuthN: Add basic auth client boilerplate * AuthN: Implement test function for basic auth client * AuthN: Implement the authentication method for basic auth * AuthN: Add tests for basic auth authentication * ContextHandler: perform basic auth authentication through authn service if feature toggle is enabled * AuthN: Add providers for sync services and pass required dependencies	2 years ago
Karl Persson	1b1a14b6f6	ContextHandler: Get token from req context when performing rotation (#60533 ) ContextHandler: get token from req context when performing end of request rotation	2 years ago
Karl Persson	2e53a58bc3	Authn: Add client for api keys (#60339 ) * AuthN: Add functionallity to test if auth client should be used * AuthN: Add bolierplate client for api keys and register it * AuthN: Add tests for api key client * Inject service * AuthN: Update client names * ContextHandler: Set authn service * AuthN: Implement authentication for api key client * ContextHandler: Use authn service for api keys if flag is enabled * AuthN: refactor authentication method to return additional value to indicate if client could perform authentication * update prefixes * Add namespaced id to identity * AuthN: Expand the Identity struct to include required fields from signed in user * Add error for disabled service account * Add function to write error response based on errutil.Error * Add error to log * Return errors based on errutil.Error * pass error * update log message * Fix namespaced ids * Add tests * Lint	2 years ago
Carl Bergquist	1b676d0d49	Contexthandler: Add uname as response header (#59930 ) Signed-off-by: bergquist <carl.bergquist@gmail.com>	2 years ago
Karl Persson	22be025284	Auth: Add anonymous authn client (#59637 ) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client	3 years ago
Jo	fee50be1bb	Sessions: Remove invalid session cookie if it's invalid/expired/missing (#59556 ) only remove invalid session cookie if it's invalid/expired/missing	3 years ago
Karl Persson	062c5b805c	Auth: Merge ActiveAuthTokenService into UserAuthTokenService (#59032 ) * Auth: Merge UserTokenService and ActiveAuthTokenService * Auth: Rename function	3 years ago
Misi	9c98314e9f	OAuth: Refactor OAuth parameters handling to support obtaining refresh tokens for Google OAuth (#58782 ) * Add ApprovalForce to AuthCodeOptions * Extract access token validity check to a function * Refactor * Oauth: set options internally instead of exposing new function * Align tests * Remove unused function Co-authored-by: Karl Persson <kalle.persson@grafana.com>	3 years ago
Karl Persson	fef1e1d5bc	Auth: Refactor auth package (#58920 ) * Auth: move interface to its own file * Auth: move to test package * Auth: move quota consts to auth file * Auth: move service to impl package * Auth: move interfaces and related models to auth package * Auth: Create sub package and type alias to avoid circular dependency	3 years ago
Sofia Papagiannaki	ab36252c86	Quota: Fix failure when checking session limits (#58865 )	3 years ago

1 2 3

110 Commits (0e2b741fc33ae5382fb27b4659f2b3ecd13f2afe)