opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-07-28 01:52:07 +08:00
Code Issues Packages Projects Releases Wiki Activity
59,906 Commits 2,375 Branches 619 Tags
Commit Graph

39 Commits

Author SHA1 Message Date
Stephanie Hingtgen
a8886ad5ec Annotations: Use dashboard uids instead of dashboard ids (#106676) 2025-06-13 13:59:24 -05:00
Peter Štibraný
c4d3eb1cd0 Remove support for Google Spanner database. (#105846) 
* Remove support for Google Spanner database.
 2025-05-23 11:35:59 +02:00
Ieva
2cddaf0781 RBAC: Remove dashboard and folder guardians (#104646) 
* replace usage of folder guardians with access control evaluators

* remove NewByFolderUID guardian

* bring up to date

* fix test

* more test fixes, and don't fetch the folder before evaluating lib element access

* change what error is returned

* fix alerting test

* try to fix linter errors

* replace the use of newByFolder guardian with direct access control evaluator checks

* remove newByFolder guardian

* get rid of dashboard and folder guardians

* undo unwanted change

* undo unwanted change

* undo unwanted change

* update code owners
 2025-05-19 09:48:16 +03:00
Georges Chaudy
a4f6953f27 spanner: skip dasbhoard RBAC e2e tests for spanner (#104043) 
* skip dasbhoard RBAC e2e for spanner

* annotations also relying on dashboard find
 2025-04-29 15:50:45 -05:00
Ieva
e385237daf Access control: Make sure that user permission cache is cleared after new dashboard and folder creation (#104193) 
* make sure that user permission cache is cleared after new dashboard and folder creation

* more test fixes

* Update pkg/services/dashboards/service/dashboard_service.go

* check identity type in SetDefaultPermissionsAfterCreate, set default permissions for service accounts

* set SA permissions for folders as well

* fix tests
 2025-04-24 16:02:39 +03:00
Mariell Hoversholm
d0d7078953 App Platform: Remove mutable globals (#102962) 
* App Platform: Remove mutable globals

* chore: clarify why this exists

* fix: support multi-tenant mode

* refactor: call builder providers directly

* CI: Force re-build
 2025-03-27 15:46:09 +01:00
Marco de Abreu
543c0bbccb App platform: Add cleanup job for dashboards when going through /apis (kubectl) (#102506) 
* Add dashboard cleanup job

Change log message

Adjust logic to account for new head RV logic

Don't update lastResourceVersion due to pagination

Save improvements

* Address review feedback

* Update docs.

* Remove docs

* Rename config

---------

Co-authored-by: Marco de Abreu <18629099+marcoabreu@users.noreply.github.com>
 2025-03-22 23:47:27 +01:00
Ieva
163546d40f RBAC: Remove dashboard guardians pt 1 (#102314) 
* replace the usage of dashboard guardians with calling AC evaluators or checking access in middleware

* linting fixes

* fix test

* more test fixes

* remove a todo comment
 2025-03-20 17:38:09 +00:00
Ryan McKinley
5a40c84568 DualWriter: Support managed DualWriter (#100881) 2025-02-19 17:50:39 +03:00
Stephanie Hingtgen
67be9aeed6 K8s: Search fallback: Support all sort by methods (#100776) 2025-02-18 12:30:11 -06:00
Peter Štibraný
1856d47e47 Remove GetResourceClient hack from unified package. (#100636) 
* Remove GetResourceClient hack from unified package.
 2025-02-14 12:34:52 +01:00
Stephanie Hingtgen
df84d928e2 K8s: Folders: Fix legacy search (#100393) 2025-02-11 13:14:25 -06:00
Arati R.
a2097fbc2f Folders: Add user service to folder service implementation (#99518) 
Add user service to folder service implementation
 2025-01-27 14:29:47 +01:00
Ezequiel Victorero
3a94057ec8 PublicDashboards: Delete on folder deletion (#99040) 2025-01-23 17:23:59 -03:00
Todd Treece
2622449718 Dashboards: Use dashboard service in access control (#99053) 2025-01-21 22:57:43 +02:00
Alexander Zobnin
cbb688e910 Zanzana: Remove usage from legacy access control (#98883) 
* Zanzana: Remove usage from legacy access control

* remove unused

* remove zanzana client from services where it's not used

* remove unused metrics

* fix linter
 2025-01-14 10:26:15 +01:00
maicon
766d645d82 Filewalkwithme/unistore refactor folder service to hit folder apiserver (#98409) 
Refactor folder service to use Unified Storage

Signed-off-by: Maicon Costa <maiconscosta@gmail.com>

---------

Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
Co-authored-by: Stephanie Hingtgen <stephanie.hingtgen@grafana.com>
 2025-01-13 18:15:35 -03:00
Stephanie Hingtgen
215eb31c7a Annotations: Fix usage of dashboard table for permissions (#98774) 2025-01-10 08:35:38 -06:00
Stephanie Hingtgen
9488bf2915 Dashboards: use service for quotas (#98756) 2025-01-09 22:21:21 -07:00
maicon
d2639f6080 Ensure all internal Services are using FolderService and not FolderStore (#98370) 
* Ensure all internal Services are using FolderService and not FolderStore

Signed-off-by: Maicon Costa <maiconscosta@gmail.com>

---------

Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
 2024-12-30 13:48:35 -03:00
Arati R.
e399fe6d09 Folders: Set folder creation permission as part of legacy create (#94040) 
* Add folder store to dashboard permissions
* Include folder store in annotation scope resolver
* Add folder store when initialising library elements
* Include folder store in search v2 service initialisation
* Include folder store in GetInheritedScopes
* Add folder store to folder permissions provider
* Include cfg, folder permissions in folder service
* Move setting of folder permissions for folder service create method
 2024-10-01 14:03:02 +02:00
Arati R.
ed75aea21d Folders: Export folder store implementation (#93897) 
* Export folder store implementation

* Rename folder store

* Add folder store as a parameter to folder service

* Add folder store to dash service implementation

* Fix folder store comments
 2024-09-30 10:28:47 +02:00
Jeff Levin
a21a232a8e Revert read replica POC (#93551) 
* Revert "chore: add replDB to team service (#91799)"

This reverts commit c6ae2d7999aa6fc797db39e9d66c6fea70278f83.

* Revert "experiment: use read replica for Get and Find Dashboards (#91706)"

This reverts commit 54177ca619dbb5ded2dcb158405802d8dbdbc982.

* Revert "QuotaService: refactor to use ReplDB for Get queries (#91333)"

This reverts commit 299c142f6a6e8c5673cfdea9f87b56ac304f9834.

* Revert "refactor replCfg to look more like plugins/plugin config (#91142)"

This reverts commit ac0b4bb34d495914cbe8daad85b7c75c31e8070d.

* Revert "chore (replstore): fix registration with multiple sql drivers, again (#90990)"

This reverts commit daedb358dded00d349d9fac6106aaaa6bf18322e.

* Revert "Chore (sqlstore): add validation and testing for repl config (#90683)"

This reverts commit af19f039b62d9945377292a8e679ee258fd56b3d.

* Revert "ReplStore: Add support for round robin load balancing between multiple read replicas (#90530)"

This reverts commit 27b52b1507f5218a7b38046b4d96bc004d949d46.

* Revert "DashboardStore: Use ReplDB and get dashboard quotas from the ReadReplica (#90235)"

This reverts commit 8a6107cd35f6444c0674ee4230d3d6bcfbbd4a58.

* Revert "accesscontrol service read replica (#89963)"

This reverts commit 77a4869fcadf13827d76d5767d4de74812d6dd6d.

* Revert "Fix: add mapping for the new mysqlRepl driver (#89551)"

This reverts commit ab5a079bcc5b0f0a6929f0a3742eb2859d4a3498.

* Revert "fix: sql instrumentation dual registration error (#89508)"

This reverts commit d988f5c3b064fade6e96511e0024190c22d48e50.

* Revert "Experimental Feature Toggle: databaseReadReplica (#89232)"

This reverts commit 50244ed4a1435cbf3e3c87d4af34fd7937f7c259.
 2024-09-25 15:21:39 -08:00
Yuri Tseretyan
f8fa5286a1 Alerting: Introduce alert rule models in storage (#93187) 
* introduce storage model for alert rule tables
* remove AlertRuleVersion from models because it's not used anywhere other than in storage
* update historian xorm store to use alerting store to fetch rules

* fix folder tests

---------

Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
 2024-09-12 13:20:33 -04:00
Alexander Akhmetov
b2eeb0dd6e Alerting: update rule versions on folder move (#88376) 
* Alerting: update rule versions on folder move (#88361)
* Add tracing to folder.Move and folder.Update
 2024-08-13 12:26:26 +02:00
Ieva
2e2ddc5c42 Folders: Allow folder editors and admins to create subfolders without any additional permissions (#91215) 
* separate permissions for root level folder creation and subfolder creation

* fix tests

* fix tests

* fix tests

* frontend fix

* Update pkg/api/accesscontrol.go

Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>

* fix frontend when action sets are disabled

---------

Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
 2024-08-01 18:20:38 +03:00
Kristin Laemmert
8a6107cd35 DashboardStore: Use ReplDB and get dashboard quotas from the ReadReplica (#90235) 
* Use ReplDB in dashboard store and update all fixtures - no other changes

* just moving dashboard counts for now

* find the missing test fixture
 2024-07-12 10:47:49 -04:00
Alexander Zobnin
87d86e81ce Zanzana: Evaluate permissions alongside with RBAC engine (#90064) 
* Zanzana: Evaluate permissions if feature flag enabled

* Fix tests

* adjust logs

* fix spelling

* remove unused

* only evaluate implemented resources

* refactor
 2024-07-05 11:31:23 +02:00
Jeff Levin
cfe8317d45 Add auth spans and remove deduplication code for scopes (#89804) 
Adds more spans for timing in accesscontrol and remove permission deduplicating code after benchmarking

---------

Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
Co-authored-by: Dave Henderson <dave.henderson@grafana.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
 2024-07-02 22:08:57 -08:00
Alexander Weaver
8491e02caf Alerting: Instrument outbound requests for Loki Historian and Remote Alertmanager with tracing (#89185) 
* Add TracedClient

* Handle errors and status codes

* Wire up tracing to normal ASH and loki annotation mapping

* Add tracing to remote alertmanager

* one more spot

* and not or

* More consistency with other grafana traces, lower cardinality name
 2024-06-14 13:24:12 -05:00
Ieva
167151b211 Chore: Remove use of deprecated method in AC code (#87541) 
* switch from using cfg to using featuremgmt for checking a feature toggle in AC code

* merge test fixes
 2024-05-10 11:56:52 +01:00
Serge Zaitsev
ad5613d7d4 Chore: Remove cfg from folder service (#87212) 
remove cfg from folder service
 2024-05-02 13:18:54 +02:00
Serge Zaitsev
522a98c126 Chore: Make Cfg field private in SQLStore (#85593) 
* make cfg private in sqlstore

* fix db init in tests

* fix case

* fix folder test init

* fix imports

* make another Cfg private

* remove another Cfg

* remove unused variable

* use store cfg, it has side-effects

* fix mutated cfg in tests
 2024-04-24 10:38:40 +02:00
Serge Zaitsev
faa1244518 Chore: Replace sqlstore with db interface (#85366) 
* replace sqlstore with db interface in a few packages

* remove from stats

* remove sqlstore in admin test

* remove sqlstore from api plugin tests

* fix another createUser

* remove sqlstore in publicdashboards

* remove sqlstore from orgs

* clean up orguser test

* more clean up in sso

* clean up service accounts

* further cleanup

* more cleanup in accesscontrol

* last cleanup in accesscontrol

* clean up teams

* more removals

* split cfg from db in testenv

* few remaining fixes

* fix test with bus

* pass cfg for testing inside db as an option

* set query retries when no opts provided

* revert golden test data

* rebase and rollback
 2024-04-04 15:04:47 +02:00
Serge Zaitsev
d0679f0993 Chore: Add support bundle for folders (#83360) 
* add support bundle for folders

* fix ProvideService in tests

* add a test for collector
 2024-02-26 11:27:22 +01:00
Dan Cech
790e1feb93 Chore: Update test database initialization (#81673) 
* streamline initialization of test databases, support on-disk sqlite test db

* clean up test databases

* introduce testsuite helper

* use testsuite everywhere we use a test db

* update documentation

* improve error handling

* disable entity integration test until we can figure out locking error
 2024-02-09 09:35:39 -05:00
Alexander Zobnin
959ebf82da Folders: Show dashboards and folders with directly assigned permissions in "Shared" folder (#78465) 
* Folders: Show folders user has access to at the root level

* Refactor

* Refactor

* Hide parent folders user has no access to

* Skip expensive computation if possible

* Fix tests

* Fix potential nil access

* Fix duplicated folders

* Fix linter error

* Fix querying folders if no managed permissions set

* Update benchmark

* Add special shared with me folder and fetch available non-root folders on demand

* Fix parents query

* Improve db query for folders

* Reset benchmark changes

* Fix permissions for shared with me folder

* Simplify dedup

* Add option to include shared folder permission to user's permissions

* Fix nil UID

* Remove duplicated folders from shared list

* Folders: Fix fetching empty folder

* Nested folders: Show dashboards with directly assigned permissions

* Fix slow dashboards fetch

* Refactor

* Fix cycle dependencies

* Move shared folder to models

* Fix shared folder links

* Refactor

* Use feature flag for permissions

* Use feature flag

* Review comments

* Expose shared folder UID through frontend settings

* Add frontend type for sharedWithMeFolderUID option

* Refactor: apply review suggestions

* Fix parent uid for shared folder

* Fix listing shared dashboards for users with access to all folders

* Prevent creating folder with "shared" UID

* Add tests for shared folders

* Add test for shared dashboards

* Fix linter

* Add metrics for shared with me folder

* Add metrics for shared with me dashboards

* Fix tests

* Tests: add metrics as a dependency

* Fix access control metadata for shared with me folder

* Use constant for shared with me

* Optimize parent folders access check, fetch all folders in one query.

* Use labels for metrics
 2023-12-05 16:13:31 +01:00
Kat Yang
2f2ce3edbb Chore: Deprecate ID from Folder (#78281) 
* Chore: Deprecate ID from Folder

* chore: add more linter comments

* chore: add missing lint comment
 2023-11-20 15:44:51 -05:00
William Wernert
1a53a716e9 Annotations: Lift parts of RBAC from xorm store into auth service (#76967) 
* [WIP] Lift RBAC from xorm store

* Cleanup RBAC, fix tests

* Use the scope type map as a map
* Remove dependency on dashboard service
* Make dashboards a map for constant time lookups (useful later)
---
* Lift RBAC tests into a new file to test at service level
* Add necessary access resource structs to xorm store tests

* Move authorization into separate service

* Pass features to searchstore.Builder

* Sort imports

* Code cleanup

* Remove useless scope type check

* Lift permission check into `Authorize()`

* Use clearer language when checking scope types

* Include dashboard permissions in test to ensure they're ignored

* Switch to errutil

* Cleanup sql.Cfg refs
 2023-11-14 18:11:01 -05:00