grafana

Commit Graph

Author	SHA1	Message	Date
Dimitris Sotirakis	605d056136	Security: Sync security changes on main (#45083 ) * * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search * Teams: Ensure that users searching for teams are only able see teams they have access to * Teams: Require teamGuardian admin privileges to list team members * Teams: Prevent org viewers from administering teams * Teams: Add org_id condition to team count query * Teams: clarify permission requirements in teams api docs * Teams: expand scenarios for team search tests * Teams: mock teamGuardian in tests Co-authored-by: Dan Cech <dcech@grafana.com> * remove duplicate WHERE statement * Fix for CVE-2022-21702 (cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e) * Lint and test fixes (cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981) * check content type properly (cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98) * basic csrf origin check (cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1) * compare origin to host (cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42) * simplify url parsing (cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d) * check csrf for GET requests, only compare origin (cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709) * parse content type properly (cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0) * mentioned get in the comment (cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345) * add content-type: application/json to test HTTP requests * fix pluginproxy test * Fix linter when comparing errors Co-authored-by: Kevin Minehart <kmineh0151@gmail.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com> Co-authored-by: Vardan Torosyan <vardants@gmail.com>	4 years ago
idafurjes	dbb2d3af73	Chore: Fix attribute value (#44368 ) * Fix attribute value * Fix also the value for opentracing	4 years ago
idafurjes	30aa24a183	Chore: Implement OpenTelemtry in Grafana (#42674 ) * Separate Tracer interface to TracerService and Tracer * Fix lint * Fix:Make it possible to start spans for both opentracing and opentelemetry in ds proxy * Add span methods, use span interface for rest of tracing * Fix logs in tracing * Fix tests that are related to tracing * Fix resourcepermissions test * Fix some tests * Fix more tests * Add TracingService to wire cli runner * Remove GlobalTracer from bus * Renaming test function * Remove GlobalTracer from TSDB * Replace GlobalTracer in api * Adjust tests to the InitializeForTests func * Remove GlobalTracer from services * Remove GlobalTracer * Remove bus.NewTest * Remove Tracer interface * Add InitializeForBus * Simplify tests * Clean up tests * Rename TracerService to Tracer * Update pkg/middleware/request_tracing.go Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> * Initialize tracer before passing it to SQLStore initialization in commands * Remove tests for opentracing * Set span attributes correctly, remove unnecessary trace initiliazation form test * Add tracer instance to newSQLStore * Fix changes due to rebase * Add modified tracing middleware test * Fix opentracing implementation tags Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	4 years ago
Alexander Zobnin	becfd776c3	OAuth: Forward id token to the data source (#42422 ) * OAuth: Forward id token to the data source * Add tests * Forward id token in legacy API * Check if id_token is string or not	4 years ago
Tania B	5652bde447	Encryption: Use secrets service (#40251 ) * Use secrets service in pluginproxy * Use secrets service in pluginxontext * Use secrets service in pluginsettings * Use secrets service in provisioning * Use secrets service in authinfoservice * Use secrets service in api * Use secrets service in sqlstore * Use secrets service in dashboardshapshots * Use secrets service in tsdb * Use secrets service in datasources * Use secrets service in alerting * Use secrets service in ngalert * Break cyclic dependancy * Refactor service * Break cyclic dependancy * Add FakeSecretsStore * Setup Secrets Service in sqlstore * Fix * Continue secrets service refactoring * Fix cyclic dependancy in sqlstore tests * Fix secrets service references * Fix linter errors * Add fake secrets service for tests * Refactor SetupTestSecretsService * Update setting up secret service in tests * Fix missing secrets service in multiorg_alertmanager_test * Use fake db in tests and sort imports * Use fake db in datasources tests * Fix more tests * Fix linter issues * Attempt to fix plugin proxy tests * Pass secrets service to getPluginProxiedRequest in pluginproxy tests * Fix pluginproxy tests * Revert using secrets service in alerting and provisioning * Update decryptFn in alerting migration * Rename defaultProvider to currentProvider * Use fake secrets service in alert channels tests * Refactor secrets service test helper * Update setting up secrets service in tests * Revert alerting changes in api * Add comments * Remove secrets service from background services * Convert global encryption functions into vars * Revert "Convert global encryption functions into vars" This reverts commit `498eb19859`. * Add feature toggle for envelope encryption * Rename toggle Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>	4 years ago
Will Browne	b80fbe03f0	Plugins: Refactor Plugin Management (#40477 ) * add core plugin flow * add instrumentation * move func * remove cruft * support external backend plugins * refactor + clean up * remove comments * refactor loader * simplify core plugin path arg * cleanup loggers * move signature validator to plugins package * fix sig packaging * cleanup plugin model * remove unnecessary plugin field * add start+stop for pm * fix failures * add decommissioned state * export fields just to get things flowing * fix comments * set static routes * make image loading idempotent * merge with backend plugin manager * re-use funcs * reorder imports + remove unnecessary interface * add some TODOs + remove unused func * remove unused instrumentation func * simplify client usage * remove import alias * re-use backendplugin.Plugin interface * re order funcs * improve var name * fix log statements * refactor data model * add logic for dupe check during loading * cleanup state setting * refactor loader * cleanup manager interface * add rendering flow * refactor loading + init * add renderer support * fix renderer plugin * reformat imports * track errors * fix plugin signature inheritance * name param in interface * update func comment * fix func arg name * introduce class concept * remove func * fix external plugin check * apply changes from pm-experiment * fix core plugins * fix imports * rename interface * comment API interface * add support for testdata plugin * enable alerting + use correct core plugin contracts * slim manager API * fix param name * fix filter * support static routes * fix rendering * tidy rendering * get tests compiling * fix install+uninstall * start finder test * add finder test coverage * start loader tests * add test for core plugins * load core + bundled test * add test for nested plugin loading * add test files * clean interface + fix registering some core plugins * refactoring * reformat and create sub packages * simplify core plugin init * fix ctx cancel scenario * migrate initializer * remove Init() funcs * add test starter * new logger * flesh out initializer tests * refactoring * remove unused svc * refactor rendering flow * fixup loader tests * add enabled helper func * fix logger name * fix data fetchers * fix case where plugin dir doesn't exist * improve coverage + move dupe checking to loader * remove noisy debug logs * register core plugins automagically * add support for renderer in catalog * make private func + fix req validation * use interface * re-add check for renderer in catalog * tidy up from moving to auto reg core plugins * core plugin registrar * guards * copy over core plugins for test infra * all tests green * renames * propagate new interfaces * kill old manager * get compiling * tidy up * update naming * refactor manager test + cleanup * add more cases to finder test * migrate validator to field * more coverage * refactor dupe checking * add test for plugin class * add coverage for initializer * split out rendering * move * fixup tests * fix uss test * fix frontend settings * fix grafanads test * add check when checking sig errors * fix enabled map * fixup * allow manual setup of CM * rename to cloud-monitoring * remove TODO * add installer interface for testing * loader interface returns * tests passing * refactor + add more coverage * support 'stackdriver' * fix frontend settings loading * improve naming based on package name * small tidy * refactor test * fix renderer start * make cloud-monitoring plugin ID clearer * add plugin update test * add integration tests * don't break all if sig can't be calculated * add root URL check test * add more signature verification tests * update DTO name * update enabled plugins comment * update comments * fix linter * revert fe naming change * fix errors endpoint * reset error code field name * re-order test to help verify * assert -> require * pm check * add missing entry + re-order * re-check * dump icon log * verify manager contents first * reformat * apply PR feedback * apply style changes * fix one vs all loading err * improve log output * only start when no signature error * move log * rework plugin update check * fix test * fix multi loading from cfg.PluginSettings * improve log output #2 * add error abstraction to capture errors without registering a plugin * add debug log * add unsigned warning * e2e test attempt * fix logger * set home path * prevent panic * alternate * ugh.. fix home path * return renderer even if not started * make renderer plugin managed * add fallback renderer icon, update renderer badge + prevent changes when renderer is installed * fix icon loading * rollback renderer changes * use correct field * remove unneccessary block * remove newline * remove unused func * fix bundled plugins base + module fields * remove unused field since refactor * add authorizer abstraction * loader only returns plugins expected to run * fix multi log output	4 years ago
idafurjes	e822c8a24d	CloudMonitoring: Migrate to use backend plugin SDK contracts (#38650 ) * Use SDK contracts for cloudmonitoring * Get build running, tests passing and do some refactoring (#38754) * fix build+tests and refactor * remove alerting stuff * remove unused field * fix plugin fetch * end to end * resp rename * tidy annotations * reformatting * update refID * reformat imports * fix styling * clean up unmarshalling * uncomment + fix tests * appease linter * remove spaces * remove old cruft * add check for empty queries * update tests * remove pm as dep * adjust proxy route contract * fix service loading * use UNIX val * fix endpoint + resp * h@ckz for frontend * fix resp * fix interval * always set custom meta * remove unused param * fix labels fetch * fix linter * fix test + remove unused field * apply pr feedback * fix grafana-auto intervals * fix tests * resolve conflicts * fix bad merge * fix conflicts * remove bad logger import Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> Co-authored-by: Will Browne <will.browne@grafana.com>	4 years ago
Joan López de la Franca Beltran	722c414fef	Encryption: Refactor securejsondata.SecureJsonData to stop relying on global functions (#38865 ) * Encryption: Add support to encrypt/decrypt sjd * Add datasources.Service as a proxy to datasources db operations * Encrypt ds.SecureJsonData before calling SQLStore * Move ds cache code into ds service * Fix tlsmanager tests * Fix pluginproxy tests * Remove some securejsondata.GetEncryptedJsonData usages * Add pluginsettings.Service as a proxy for plugin settings db operations * Add AlertNotificationService as a proxy for alert notification db operations * Remove some securejsondata.GetEncryptedJsonData usages * Remove more securejsondata.GetEncryptedJsonData usages * Fix lint errors * Minor fixes * Remove encryption global functions usages from ngalert * Fix lint errors * Minor fixes * Minor fixes * Remove securejsondata.DecryptedValue usage * Refactor the refactor * Remove securejsondata.DecryptedValue usage * Move securejsondata to migrations package * Move securejsondata to migrations package * Minor fix * Fix integration test * Fix integration tests * Undo undesired changes * Fix tests * Add context.Context into encryption methods * Fix tests * Fix tests * Fix tests * Trigger CI * Fix test * Add names to params of encryption service interface * Remove bus from CacheServiceImpl * Add logging * Add keys to logger Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Add missing key to logger Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Undo changes in markdown files * Fix formatting * Add context to secrets service * Rename decryptSecureJsonData to decryptSecureJsonDataFn * Name args in GetDecryptedValueFn * Add template back to NewAlertmanagerNotifier * Copy GetDecryptedValueFn to ngalert * Add logging to pluginsettings * Fix pluginsettings test Co-authored-by: Tania B <yalyna.ts@gmail.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	4 years ago
Serge Zaitsev	c3ab2fdeb7	Macaron: remove custom Request type (#37874 ) * remove macaron.Request, use http.Request instead * remove com dependency from bindings module * fix another c.Req.Request	5 years ago
Marcus Efraimsson	a6b2e1865c	Datasource: Improve default timeout settings for HTTP client provider (#36621 ) Make sure that default timeout settings are based on configuration parameters. This now applies for core data sources using old TSDB contracts and new SDK contracts. Before it was only applied for old TSDB contracts. Also moves global setting variables to non-global (setting.Cfg).	5 years ago
idafurjes	60ac54d969	Chore: Refactor OAuth/social package to service (#35403 ) * Creating SocialService * Add GetOAuthProviders as socialService method * Add OAuthTokenService * Add GetOAuthHttpClient method to SocialService * Rename services, access socialMap from GetConnector * Fix tests by mocking oauthtoken methods * Move NewAuthService into Init * Move OAuthService to social pkg * Refactor OAuthService to OAuthProvider * Fix nil map error, rename file, simplify tests * Fix bug for Forward OAuth Identify * Remove file after rebase	5 years ago
Marcus Efraimsson	348e76fc8e	Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439 ) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Sergey Kostrukov	81f6c806e1	Azure token provider with support for Managed Identities (#33807 ) * Azure token provider * Configuration for Azure token provider * Authentication via Azure SDK for Go * Fix typo * ConcurrentTokenCache for Azure credentials * Resolve AAD authority for selected Azure cloud * Fixes * Generic AccessToken and fixes * Tests and wordings * Tests for getAccessToken * Tests for getClientSecretCredential * Tests for token cache	5 years ago
Sofia Papagiannaki	fcd674ec58	Fix deleting prom rules endpoints via ds_proxy (#33491 )	5 years ago
Owen Diehl	dadccdda06	Allows posting to prom rules endpoints via ds_proxy (#32946 ) * allows posting to prom rules endpoints via ds_proxy * prom proxy routes via plugin and fix proxy route matching bug * bump ci	5 years ago
Zoltán Bedi	7a2ab93e7a	Prometheus: Allow exemplars endpoint in data source proxy (#32802 )	5 years ago
Marcus Efraimsson	c0edf88f9f	Data proxy: Fix encoded characters in URL path should be proxied encoded (#30597 ) Fix encoded characters in URL path should be proxied as encoded in the data proxy. Fixes #26870 Fixes #31438 Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Ivana Huckova	dce67db6ba	Prometheus: Use configured HTTP method for /series and /labels endpoints (#31401 ) * Run post-friendly request with set method first * Improve messaging, retry only when post and specific status code * Add comments * Fix backend * Update public/app/plugins/datasource/prometheus/datasource.ts	5 years ago
Carl Bergquist	15a6508d4a	trace user login and datasource name instead of id (#29183 ) id's are not very helpful when debugging a system. Signed-off-by: bergquist <carl.bergquist@gmail.com>	5 years ago
Arve Knudsen	e503188b6f	Data source proxy: Convert 401 from data source to 400 (#28962 ) * Data source proxy: Convert 401 from data source to 400 Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	3d3a7cbba8	Chore: Fix staticcheck issues (#28860 ) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Undo changes Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix test Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix test Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Bill Oley	b3a868169b	OAuth: Support Forward OAuth Identity for backend data source plugins (#27055 ) Adds support for the Forward OAuth Identity feature in backend data source plugins. Earlier this feature has only been supported for non-backend data source plugins. Fixes #26023 Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	5 years ago
Bill Oley	19caa100dc	OAuth: Fix token refresh failure when custom SSL settings are configured for OAuth provider (#27523 ) OAuth token refresh fails when custom SSL settings are configured for oauth provider. These changes makes sure that custom SSL settings are applied for HTTP client before refreshing token. Fixes #27514	6 years ago
Sean Lafferty	900eb8070e	Proxy: Fix updating refresh token in OAuth pass-thru (#26885 ) * Handle updating refresh token in oauth pass-thru Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>	6 years ago
Arve Knudsen	d4e4cb4c71	Chore: Enable Go linter gocritic (#26224 ) * Chore: Enable gocritic linter Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	6 years ago
Arve Knudsen	d352c213b3	API: Recognize MSSQL data source URLs (#25629 ) * API: Recognize MSSQL URLs Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Move MSSQL URL validation into mssql package Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	6 years ago
Robbert Gurdeep Singh	034abaa73a	Security: Use Header.Set and Header.Del for X-Grafana-User header (#25495 ) This ensures that the X-Grafana-User header can be trusted. If the configuration enabled the setting of this header, the server can now trust that X-Grafana-User is set/unset by Grafana. Before this, an anonymous user could simply set the X-Grafana-User header themselves (using the developer tool for example)	6 years ago
Arve Knudsen	164242f5fd	Data sources: Don't fail if URL doesn't specify protocol (#24497 )	6 years ago
Daniel Lee	52154b465b	dsproxy: adds support for url params for plugin routes (#23503 ) * dsproxy: adds support for url params for plugin routes * docs: fixes after review * pluginproxy: rename Params to URLParams * Update pkg/plugins/app_plugin.go Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com> * Apply suggestions from code review Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com> Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com> * pluginproxy: rename struct Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>	6 years ago
Arve Knudsen	7d88018531	DataSourceProxy: Handle URL parsing error (#23731 ) * pluginproxy: Handle URL parsing error * pkg/api: Validate data source URLs * pkg/api: Return 400 for URL validation error	6 years ago
John McBride	b017e437d8	Fix typo in oauth error (#23270 ) fixes: #23269	6 years ago
Carl Bergquist	3fdd2648b1	Chore: Avoid aliasing importing models in api package (#22492 )	6 years ago
Marcus Efraimsson	e6cec8dbdc	Backend plugins: Prepare and clean request headers before resource calls (#22321 ) Moves common request proxy utilities to proxyutil package with support for removing X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto headers, setting X-Forwarded-For header and cleaning Cookie header. Using the proxyutil package to prepare and clean request headers before resource calls. Closes #21512	6 years ago
Carl Bergquist	ff9556229a	Data proxy: Log proxy errors using Grafana logger (#22174 ) Now any errors logged by http.ReverseProxy are forwarded to Grafana's logger and includes more contextual information like level (error), user id, org id, username, proxy path, referer and IP address. Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	6 years ago
Anthony Woods	f56f54b1a3	Auth: Rotate auth tokens at the end of requests (#21347 ) By rotating the auth tokens at the end of the request we ensure that there is minimum delay between a new token being generated and the client receiving it. Adds auth token slow load test which uses random latency for all tsdb queries.. Cleans up datasource proxy response handling. DefaultHandler in middleware tests should write a response, the responseWriter BeforeFuncs wont get executed unless a response is written. Fixes #18644 Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	6 years ago
Marcus Efraimsson	dfa2f3d2fb	Chore: Log actual error when oauth pass thru fails (#20419 ) Logs the actual error when failing to retreive access token when OAuth pass true is enabled for a datasource. Ref: #20407	6 years ago
Weeco	8cd93f0b88	Datasource: Add custom headers on alerting queries (#19508 ) * Add custom headers on alerting queries Reference issue #15381 Signed-off-by: Martin Schneppenheim <martin.schneppenheim@rewe-digital.com> * Fix datasource transport tests * Migrate decrypting header test to models pkg * Check correct header * Add HTTP transport test Fixes #15381	6 years ago
Arve Knudsen	0a2d5e16dd	pkg/api: Check errors (#19657 ) * pkg/api: Check errors * pkg/api: Remove unused function HashEmail	6 years ago
Maxim Ivanov	151fe240fc	OAuth: Fix for wrong user token updated on OAuth refresh in DS proxy (#17541 )	7 years ago
zhulongcheng	2fff8f77dc	move log package to /infra (#17023 ) ref #14679 Signed-off-by: zhulongcheng <zhulongcheng.me@gmail.com>	7 years ago
Marcus Efraimsson	e210725d3d	DataProxy: Restore Set-Cookie header after proxy request (#16838 ) If Grafana rotates the user's auth token during a request to the data source proxy it will set the Set-Cookie header with new auth token in response before proxying the request to the datasource. Before this fix the Set-Cookie response header was cleared after the proxied request was finished to make sure that proxied datasources cannot affect cookies in users browsers. This had the consequence of accidentally also clearing the new auth token set in Set-Cookie header. With this fix the original Set-Cookie value in response header is now restored after the proxied datasource request is finished. The existing logic of clearing Set-Cookie response header from proxied request have been left intact. Fixes #16757	7 years ago
Andrej Ocenas	66f6e16916	Security: Store datasource passwords encrypted in secureJsonData (#16175 ) * Store passwords in secureJsonData * Revert unnecessary refactors * Fix for nil jsonSecureData value * Remove copied encryption code from migration * Fix wrong field reference * Remove migration and provisioning changes * Use password getters in datasource proxy * Refactor password handling in datasource configs * Add provisioning warnings * Update documentation * Remove migration command, moved to separate PR * Remove unused code * Set the upgrade version * Remove unused code * Remove double reference	7 years ago
Sean Lafferty	b696492891	Rename dispatched commands to make them easy to grok	7 years ago
Andrej Ocenas	697a87b7b2	Add check so that header is not sent for anonymous users	7 years ago
Andrej Ocenas	bbdc1c0e64	Add custom header with grafana user and a config switch for it	7 years ago
Sean Lafferty	8d8119aa98	Change import path for social since it has moved	7 years ago
Sean Lafferty	7e62394d01	Add function in ds_proxy to handle oauthPassThru headers	7 years ago
Sean Lafferty	3b15e110a5	Get most recent oauth token from db, rather than lookup by auth_module	7 years ago
Marcus Efraimsson	a1cd550df4	revert ds_proxy timeout and implement dataproxy timeout correctly	7 years ago
Sean Lafferty	5a59cdf0ef	Add oauth pass-thru option for datasources	7 years ago

1 2

91 Commits (f67e02cb2f367aee13e46b04d6232edc13875c19)