* Alerting: accept mute_timing_intervals through the api for the embedded alertmanager
* add workaround for mutetimeinterval
* add mute timings to routes
* revert changes
* Update pkg/services/ngalert/api/api_alertmanager.go
* Update pkg/services/ngalert/api/api_alertmanager.go
* Update pkg/services/ngalert/api/api_alertmanager.go
* update prometheus/alertmanager dependency
* add some var docs
* Add context to playlist
* Add AddEventListenerCtx and more context
* Update pkg/services/sqlstore/playlist.go
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Update pkg/services/sqlstore/playlist.go
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Update pkg/services/sqlstore/playlist.go
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Fix lint
* Rename listener help function
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* AccessControl: FGAC permissions for orgs endpoint on frontend
Protect org update endpoints
add or refactor missing right messages
cover org page
* removing scopes from orgs
* Perform permission control with global org
* Perform the error handling in case of 403
* Simplify frontend code by requiring read access for sure
* Remove roles I added to decrease the number of changes
* Remove the check for server admin to reduce the number of changes
* change error message
* Cleaning todos
* Remove unecessary changes
* Fix tests
* Update test snapshot
* Update pkg/api/roles.go
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
* Update public/app/features/admin/AdminEditOrgPage.tsx
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
* Format AdminEditOrgPage for linting
* Update public/app/features/admin/AdminEditOrgPage.tsx
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
* Update public/app/features/admin/AdminEditOrgPage.tsx
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* Update public/app/features/admin/AdminListOrgsPage.tsx
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* Commit suggestions
* Commit suggestion canRead canWrite
* fix typo
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* Set up Wire build graph
* Remove enterprise Wire set
* Move runner package outside commands
* Update Makefile (gen-go path)
* Minor prettier fix
* Include new Wire enterprise file into .gitignore
* Update Wire deps
* Update the grabpl version
Co-authored-by: Dan Cech <dcech@grafana.com>
* AccessControl: Check permissions in target org
* Remove org scopes and add an authorizeInOrg middleware
* Use query result org id and perform users permission check globally for GetOrgByName
* Remove scope translation for orgs current
* Suggestion from Ieva
* Replace encryption.Service by secrets.Service on expr.Service
* Replace encryption.Service by secrets.Service on live pkg
* Rename encryption.Service to encryption.Internal to clarify it must be not used
* Add extra fields to OSS types to support enterprise
* WIP service accounts
* Update public/app/features/api-keys/ApiKeysForm.tsx
Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com>
* Create a service account at the same time as the API key
* Use service account credentials when accessing API with APIkey
* Throw better error
* Use Boolean for "create service account button"
* Add GetRole to service, merge RoleDTO and Role structs
This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons:
1. Makes switching between OSS and Enterprise easier
2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise
* Start work cloning permissions onto service account
* If API key is not linked to a service account, continue login as usual
* Fallback to old auth if no service account linked to key
* Commented
* Add CloneUserToServiceAccount
* Update mock.go
* Put graphical bits behind a feature toggle
* Start adding LinkAPIKeyToServiceAccount
* Update pkg/models/user.go
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
* Update pkg/api/apikey.go
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
* Update pkg/api/apikey.go
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
* Finish LinkAPIKeyToServiceAccount
* Update comment
* Handle api key link error
* Update pkg/services/sqlstore/apikey.go
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Feature toggle
* Update pkg/services/accesscontrol/accesscontrol.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Not needed (yet)
* Better error messages for OSS accesscontrol
* Set an invalid user id as default
* ServiceAccountId should be string
* Re-arrange field names
* ServiceAccountId is integer
* Update ossaccesscontrol.go
* Linter
* Remove fronend edits
* Remove console log
* Update ApiKeysForm.tsx
* feat: add serviceaccount deletion
* feat: make sure we do not accidently delete serviceaccount
* feat: ServiceAccount Type
* refactor: userDeletions function
* refactor: serviceaccount deletions\
* refactor: error name and removed attribute for userDeletecommand
* refactor:: remove serviceaccount type for now
* WIP
* add mocked function
* Remove unnecessary db query, move to right place
* Update pkg/services/accesscontrol/mock/mock.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Update pkg/services/accesscontrol/mock/mock.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Update pkg/services/accesscontrol/mock/mock.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Better error messages
* Better and correcter error messages
* add mocked function
* refactor: move function call, add error msg
* add IsServiceAccount and fix table
* add service accounts package
* WIP
* WIP
* working serviceaccountsapi registration
* WIP tests
* test
* test working
* test running for service
* moved the error out of the models package
* fixed own review
* linting errors
* Update pkg/services/serviceaccounts/database/database.go
Co-authored-by: Jeremy Price <Jeremy.price@grafana.com>
* tests running for api
* WIP
* WIP
* removed unused secrets background svc
* removed background svc for serviceaccount infavor or wire.go
* serviceaccounts manager tests
* registering as backend service
Co-authored-by: Jeremy Price <jeremy.price@grafana.com>
Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Add additional api key, move cloneserviceaccount
* Remove TODOs, for now
* Error messages
* Linter
* Security check
* Add comments
* Take service account id from correct variable
* Update user.go
* Configuration: Fix so Timezone is saved when saving preferences
* Updating package.json and yarn.lock
* Chore: force drone reload
* Chore: trying with the git protocol
* Chore: revert back to main
* Chore: deleted cached pa11y file
* Chore: revert
* Chore: trying with YARN_CHECKSUM_BEHAVIOR=reset
* Chore: YARN_CHECKSUM_BEHAVIOR=reset worked but reverting back waiting for other fix
Refactor usage of legacy data contracts. Moves legacy data contracts
to pkg/tsdb/legacydata package.
Refactor pkg/expr to be a proper service/dependency that can be provided
to wire to remove some unneeded dependencies to SSE in ngalert and other places.
Refactor pkg/expr to not use the legacydata,RequestHandler and use
backend.QueryDataHandler instead.
This commit fixes an issue in alerting where NoDataFound is false
when using the AND operator to compare two conditions in an alert
rule and one of the conditions has no data.
* API: return resource ID when deleting datasource and library element
* keep status codes consistent
* fix element ID
* add test
* improve response struct
* update endpoints documentation
* LibraryElementIDResponse -> DeleteLibraryElementResponse
* do not suppress NoData state
* extract conversion of state to postable alert + tests
* create a special alert instance if nodata
* use NoData when converting from Keep Last State instead of Alerting
* add silence during migration if NoData is mapped to KeepLastState.
* Use secrets service in pluginproxy
* Use secrets service in pluginxontext
* Use secrets service in pluginsettings
* Use secrets service in provisioning
* Use secrets service in authinfoservice
* Use secrets service in api
* Use secrets service in sqlstore
* Use secrets service in dashboardshapshots
* Use secrets service in tsdb
* Use secrets service in datasources
* Use secrets service in alerting
* Use secrets service in ngalert
* Break cyclic dependancy
* Refactor service
* Break cyclic dependancy
* Add FakeSecretsStore
* Setup Secrets Service in sqlstore
* Fix
* Continue secrets service refactoring
* Fix cyclic dependancy in sqlstore tests
* Fix secrets service references
* Fix linter errors
* Add fake secrets service for tests
* Refactor SetupTestSecretsService
* Update setting up secret service in tests
* Fix missing secrets service in multiorg_alertmanager_test
* Use fake db in tests and sort imports
* Use fake db in datasources tests
* Fix more tests
* Fix linter issues
* Attempt to fix plugin proxy tests
* Pass secrets service to getPluginProxiedRequest in pluginproxy tests
* Fix pluginproxy tests
* Revert using secrets service in alerting and provisioning
* Update decryptFn in alerting migration
* Rename defaultProvider to currentProvider
* Use fake secrets service in alert channels tests
* Refactor secrets service test helper
* Update setting up secrets service in tests
* Revert alerting changes in api
* Add comments
* Remove secrets service from background services
* Convert global encryption functions into vars
* Revert "Convert global encryption functions into vars"
This reverts commit 498eb19859.
* Add feature toggle for envelope encryption
* Rename toggle
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
* move evaluation function out of loop
* extract updateRule function
* isolate alertRule change. update returns new rule and the evaluation accepts the rule as argument
* extract retry loop into a function
* add function wide log context.
* refactor metrics + add tests + replace timeNow with schedule.clock
* refactor goconvey in some provisioning subpackages
* fix goconvey in provisioning/datasources
* remove goconvey from notifiers subpackage
* finally resolve goconvey in dashboards subpackage
* Added an option to discord notifier to use discord's webhook name (useful for customizing notifications).
* Support ngalert system with discord username toggle
* Added ngalert discord test
* Apply suggestions from code review
Co-authored-by: gotjosh <josue.abreu@gmail.com>
* Docs updated with discord username setting
* Fix api integration test
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: gotjosh <josue.abreu@gmail.com>
* refactor goconvey in teamguardian package
* use proper order of parameters in equality assertion
Co-authored-by: ying-jeanne <74549700+ying-jeanne@users.noreply.github.com>
Co-authored-by: ying-jeanne <74549700+ying-jeanne@users.noreply.github.com>
* Alerting: Validate contact point configuration during the migration
This minimises the chances of generating broken configuration as part of the migration. Originally, we wanted to generate it and not produce a hard stop in Grafana but this strategy has the chance to avoid delivering notifications for our users.
We now think it's better to hard stop the migration and let the user take care of resolving the configuration manually.
* Add extra fields to OSS types to support enterprise
* Create a service account at the same time as the API key
* Use service account credentials when accessing API with APIkey
* Add GetRole to service, merge RoleDTO and Role structs
This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons:
1. Makes switching between OSS and Enterprise easier
2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise
* If API key is not linked to a service account, continue login as usual
* Fallback to old auth if no service account linked to key
* Add CloneUserToServiceAccount
* Adding LinkAPIKeyToServiceAccount
* Handle api key link error
* Better error messages for OSS accesscontrol
* Set an invalid user id as default
* Re-arrange field names
* ServiceAccountId is integer
* Better error messages
Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com>
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
