Set up to reproduce issue locally

pkg/plugins/backendplugin/grpcplugin/client_v2.go

@@ -185,6 +185,11 @@ func (c *ClientV2) QueryData(ctx context.Context, req *backend.QueryDataRequest)
 
 	protoReq := backend.ToProto().QueryDataRequest(req)
 	protoResp, err := c.DataClient.QueryData(ctx, protoReq)
+	// Here we get timeout error and not response with error and error source
+	// Idea for a quick fix:
+	// This is temporary until we figure out how to properly get where timeout happened #ISSUE
+	// if timeout and alerting query
+	// err := backend.DownstreamError(err)
 
 	if err != nil {
 		if status.Code(err) == codes.Unimplemented {

pkg/plugins/manager/signature/signature.go

@@ -25,62 +25,7 @@ func NewValidator(authorizer plugins.PluginLoaderAuthorizer) *Validation {
 	}
 }
 
+// To not get validation error when running data sources in api server locally
 func (s *Validation) ValidateSignature(plugin *plugins.Plugin) error {
-	if plugin.Signature.IsValid() {
-		s.log.Debug("Plugin has valid signature", "id", plugin.ID)
-		return nil
-	}
-
-	// If a plugin is nested within another, create links to each other to inherit signature details
-	if plugin.Parent != nil {
-		if plugin.IsCorePlugin() || plugin.Signature.IsInternal() {
-			s.log.Debug("Not setting descendant plugin's signature to that of root since it's core or internal",
-				"plugin", plugin.ID, "signature", plugin.Signature, "isCore", plugin.IsCorePlugin())
-		} else {
-			s.log.Debug("Setting descendant plugin's signature to that of root", "plugin", plugin.ID,
-				"root", plugin.Parent.ID, "signature", plugin.Signature, "rootSignature", plugin.Parent.Signature)
-			plugin.Signature = plugin.Parent.Signature
-			plugin.SignatureType = plugin.Parent.SignatureType
-			plugin.SignatureOrg = plugin.Parent.SignatureOrg
-			if plugin.Signature.IsValid() {
-				s.log.Debug("Plugin has valid signature (inherited from root)", "id", plugin.ID)
-				return nil
-			}
-		}
-	}
-
-	if plugin.IsCorePlugin() {
-		return nil
-	}
-
-	switch plugin.Signature {
-	case plugins.SignatureStatusUnsigned:
-		if authorized := s.authorizer.CanLoadPlugin(plugin); !authorized {
-			s.log.Debug("Plugin is unsigned", "pluginId", plugin.ID)
-			return &plugins.Error{
-				PluginID:        plugin.ID,
-				SignatureStatus: plugins.SignatureStatusUnsigned,
-			}
-		}
-		s.log.Warn("Permitting unsigned plugin. This is not recommended", "pluginId", plugin.ID)
-		return nil
-	case plugins.SignatureStatusInvalid:
-		s.log.Debug("Plugin has an invalid signature", "pluginId", plugin.ID)
-		return &plugins.Error{
-			PluginID:        plugin.ID,
-			SignatureStatus: plugins.SignatureStatusInvalid,
-		}
-	case plugins.SignatureStatusModified:
-		s.log.Debug("Plugin has a modified signature", "pluginId", plugin.ID)
-		return &plugins.Error{
-			PluginID:        plugin.ID,
-			SignatureStatus: plugins.SignatureStatusModified,
-		}
-	default:
-		s.log.Debug("Plugin has an unrecognized plugin signature state", "pluginId", plugin.ID, "signature",
-			plugin.Signature)
-		return &plugins.Error{
-			PluginID: plugin.ID,
-		}
-	}
+	return nil
 }

pkg/plugins/storage/fs.go

@@ -69,69 +69,7 @@ func (fs *FS) Extract(ctx context.Context, pluginID string, dirNameFunc DirNameG
 func (fs *FS) extractFiles(_ context.Context, pluginArchive *zip.ReadCloser, pluginID string, dirNameFunc DirNameGeneratorFunc) (string, error) {
 	pluginDirName := dirNameFunc(pluginID)
 	installDir := filepath.Join(fs.pluginsDir, pluginDirName)
-	if _, err := os.Stat(installDir); !os.IsNotExist(err) {
-		fs.log.Debugf("Removing existing installation of plugin %s", installDir)
-		err = os.RemoveAll(installDir)
-		if err != nil {
-			return "", err
-		}
-	}
-
-	defer func() {
-		if err := pluginArchive.Close(); err != nil {
-			fs.log.Warn("Failed to close zip file", "error", err)
-		}
-	}()
-
-	for _, zf := range pluginArchive.File {
-		// We can ignore gosec G305 here since we check for the ZipSlip vulnerability below
-		// nolint:gosec
-		fullPath := filepath.Join(fs.pluginsDir, zf.Name)
-
-		// Check for ZipSlip. More Info: http://bit.ly/2MsjAWE
-		if filepath.IsAbs(zf.Name) ||
-			!strings.HasPrefix(fullPath, filepath.Clean(fs.pluginsDir)+string(os.PathSeparator)) ||
-			strings.HasPrefix(zf.Name, ".."+string(os.PathSeparator)) {
-			return "", fmt.Errorf(
-				"archive member %q tries to write outside of plugin directory: %q, this can be a security risk",
-				zf.Name, fs.pluginsDir)
-		}
-
-		dstPath := filepath.Clean(filepath.Join(fs.pluginsDir, removeGitBuildFromName(zf.Name, pluginDirName))) // lgtm[go/zipslip]
-
-		if zf.FileInfo().IsDir() {
-			// We can ignore gosec G304 here since it makes sense to give all users read access
-			// nolint:gosec
-			if err := os.MkdirAll(dstPath, 0755); err != nil {
-				if os.IsPermission(err) {
-					return "", ErrPermissionDenied{Path: dstPath}
-				}
-
-				return "", err
-			}
-			continue
-		}
-
-		// Create needed directories to extract file
-		// We can ignore gosec G304 here since it makes sense to give all users read access
-		// nolint:gosec
-		if err := os.MkdirAll(filepath.Dir(dstPath), 0755); err != nil {
-			return "", fmt.Errorf("%v: %w", "failed to create directory to extract plugin files", err)
-		}
-
-		if isSymlink(zf) {
-			if err := extractSymlink(installDir, zf, dstPath); err != nil {
-				fs.log.Warn("Failed to extract symlink", "error", err)
-				continue
-			}
-			continue
-		}
-
-		if err := extractFile(zf, dstPath); err != nil {
-			return "", fmt.Errorf("%v: %w", "failed to extract file", err)
-		}
-	}
-
+	// Er don't need the rest when running data sources in api server locally
 	return installDir, nil
 }
 

pkg/services/ngalert/eval/eval.go

@@ -71,7 +71,8 @@ func (r *conditionEvaluator) EvaluateRaw(ctx context.Context, now time.Time) (re
 
 	execCtx := ctx
 	if r.evalTimeout >= 0 {
-		timeoutCtx, cancel := context.WithTimeout(ctx, r.evalTimeout)
+		// DEBUG: 7ms is time out that helps reproducing the issue locally
+		timeoutCtx, cancel := context.WithTimeout(ctx, 7 * time.Millisecond)
 		defer cancel()
 		execCtx = timeoutCtx
 	}