The GrafanaComURL setting is currently used in two places:
- the /api/gnet endpoint, which proxies all requests to the URL
configured in GrafanaComURL
- OAuth logins using grafana.com, where the auth URL, token URL and
redirect URL are all configured to use the GrafanaComURL.
This has worked fine until now because almost all Grafana instances have
just used the default value, https://grafana.com. However, we now have a
few different grafana.com's, some of which are behind IAP. The IAP
causes the /api/gnet proxy to fail because the required cookies are not
present in the request (how could they be?). Setting the
[grafana_net.url] setting to an internal-only URL improves the situation
slightly - the proxy works again just fine - but breaks any OAuth logins
using grafana.com, because the user must be redirected to a publicly
accessible URL.
This commit adds an additional setting, `[grafana_com.api_url]`,
which can be used to tell Grafana to use the new API URL when proxying
requests to the grafana.com API, while still using the existing
`GrafanaComURL` setting for other things.
The setting will fall back to the GrafanaComURL setting + "/api" if unset.
* Add new configuration option for SA tokens
* Add new expiry date option to frontend components
* Add backend validation
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Add configuration options for `renderKey` lifetime
* Rename config key to `render_key_lifetime`
* Update conf/defaults.ini
Co-authored-by: Joan López de la Franca Beltran <5459617+joanlopez@users.noreply.github.com>
* Add `render_key_lifetime` to sample.ini
Co-authored-by: Joan López de la Franca Beltran <5459617+joanlopez@users.noreply.github.com>
* LDAP: Add skip_org_role_sync option
* Document the new config option
* Nit on docs
* Update docs/sources/setup-grafana/configure-security/configure-authentication/ldap.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Docs suggestions
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Add test, Fix disabled user when no role
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* NewIA: Plugin nav config
* progress
* Progress
* Things are working
* Add monitoring node
* Add alerts and incidents
* added experiment with standalone page
* Refactoring by adding a type for navtree root
* First test working
* More tests
* more tests
* Progress on richer config and sorting
* Sort weight working
* Path config
* Improving logic for not including admin or cfg nodes, making it the last step so that enterprise can add admin nodes without having to worry about the section not existing
* fixed index routes
* removed file
* Fixes
* Fixing tests
* Fixing more tests and adding support for weight config
* Updates
* Remove unused fake
* More fixes
* Minor tweak
* Minor fix
* Can now control position using sortweight even when existing items have no sortweight
* Added tests for frontend standalone page logic
* more tests
* Remove unused fake and fixed lint issue
* Moving reading settings to navtree impl package
* remove nav_id setting prefix
* Remove old test file
* Fix trailing newline
* Fixed bug with adding nil node
* fixing lint issue
* remove some code we have to rethink
* move read settings to PrivideService and switch to util.SplitString
* feat: allow jwt role to be set
* chore: update documentation
* fix: cr suggestions
* fix: lint issues
* respect org auto assign and default org ID
* add server admin to devenv
Co-authored-by: jguer <joao.guerreiro@grafana.com>
* Auth: check of auth_token in url and resolve user if present
* check if auth_token is passed in url
* Auth: Pass auth_token for request if present in path
* no need to decode token in index
* temp
* use loadURLToken and set authorization header
* cache token in memory and strip it from url
* Use loadURLToken
* Keep token in url
* strip sensitive query strings from url used by context logger
* adapt login by url to jwt token
* add jwt iframe devenv
* add jwt iframe devenv instructions
* add access note
* add test for cleaning request
* ensure jwt token is not carried into handlers
* do not reshuffle queries, might be important
* add correct db dump location
* prefer set token instead of cached token
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* add case insensitive option
* treat id as case insensitive
* Users: Add integration tests for case insensitive querying
* Prefer config struct to global variable
* change key to case_insensitive_login
* impede conflicting users from logging in
* add tests for impeding user retrieval if conflicting
* nits and picks
Co-authored-by: gamab <gabi.mabs@gmail.com>
* Add check in transaction for conflicting user
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* add update tests
* skip on mysql
* add custom messages for user admin view
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* nit: extra else
* linting mistake
Co-authored-by: gamab <gabi.mabs@gmail.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* I18n: Set default locale in server config and expose in grafanaBootData
* put default locale behind feature flag
* update tests now that default locale is behind feature flag
* little bit of PR feedback
* update sample.ini
* Add RBAC section to settings
* Default to RBAC enabled settings to true
* Update tests to respect RBAC
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Expose option to disable help menu
* Expose option to disable profile menu
* Add Profile FeatureTogglePage
* Update public/app/features/profile/FeatureTogglePage.tsx
Uptake PR wording suggestion.
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Fix front end lint issue
* Fix back end lint issue
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
