Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Enable deletion of public snapshot #14109
Currently the way that Grafana handles external snapshots has a few problems that make it difficult to manage external snapshots, as they do not show up in the snapshot list and cannot easily be deleted.
Firstly, when external snapshots are recorded in the local database, they have the
When deleting a snapshot, the delete controls offered on the snapshot list and on the confirmation screen of the share modal should both call the local API to remove the snapshot from the local database.
The biggest question in my mind is whether the request to the external snapshot server should come from the Grafana server or be done from the front-end. Currently at creation time the browser makes the request to the external server directly, then makes a separate request to the local API to register the external snapshot. The advantage of doing things that way is that it's possible to publish snapshots to external servers that require browser authentication, which wouldn't be possible if the request was made by the Grafana server.
The problem arises with handling deletion, in order to delete directly from the external snapshot server the client would need the
The cleanest way to handle this would be for the user to make a request directly to the local API, which would then make the delete request to the external snapshot server (using the
An alternative would be to provide a dedicated endpoint that the frontend could use to get the
At this point I'm tending toward just having the Grafana server make the request to the external snapshot server in both create and delete cases, as it makes things much simpler than having to coordinate via the frontend, and would also supporting deleting external snapshots via the API without having to make 1 call to get the
If we went that way, at creation time the frontend would no longer have to deal with the external server and could just call the local API specifying
The biggest advantage of these changes would be that a user who creates an external snapshot would be able to delete it from within their Grafana instance, rather than having to ask the maintainer of the external snapshot server to remove it for them, and an administrator could easily see which external snapshots have been created, etc.
It's also worth noting that currently the internal record for an external snapshot includes the complete snapshot data, which could be a problem for instances with a lot of external snapshots that never expire as they will never be removed from the local database. It may be worth considering not storing the snapshot data for external snapshots in the local database to save space.
I'm wondering how important this is given that the remote server itself is also periodically running the cleanup script.
I'm also of the opinion that it makes the most sense to have the local Grafana server make the requests. However, do you know if this browser authentication behavior is something a lot of users rely upon? I'm not familiar enough with the codebase. Is this done via SSO?
Yes, in theory at least the remote server should have removed it.
Right now the publish request is made directly from the user's browser, so it's more of a theoretical possibility that a snapshot server might have some sort of authentication like SSO. In practice I doubt that it would be an issue as those cases would be able to just use local snapshots.