* add support for sortBy field selector
* use label selectors instead of field selectors
* set entity_labels on create & update
* make entity server integration tests work
* test fixes
* be more consistent with handling of empty body, meta or status
* workaround for database is locked errors during migration
* fix double import of sqlite3
* rename functions and tidy up
* refactor update
* disable integration tests until we can fix the database locking issue
* add annotation permissions to dashboard managed role and add migrations for annotation permissions
* fix a bug with conditional access level definitions
* add tests
* Update pkg/services/sqlstore/migrations/accesscontrol/dashboard_permissions.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* apply feedback
* add batching, fix tests and a typo
* add one more test
* undo unneeded change
* undo unwanted change
* only check the default basic permissions for non-OSS instances
* account for all wildcards and simplify the check a bit
* error handling and extra conditionals to avoid test failures
* fix a bug with admin permissions not appearing for folders
* fix the OSS check
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Remove folderID from service tests
* Remove folderID from ngalert migration tests
* Remove tests related to folderIDs
* Roll back change
Before removing FolderID from this test, we need to adjust the code
* Remove FolderID from publicdashboard pkg
* Add back annotations test
* Folders: Expose function for getting all org folders with specific UIDs
* Return all org folders if UIDs is empty
* Filter out not accessible folders by the user
* Modify query to optionally returning a string that contains the UIDs of all parent folders separated by slash.
* Alerting: Add action, scope, role_id to permission table
The existing role_id, action, scope index has the wrong ordering to be most
effectively used in dashboard/folder permission requests.
On a large tests set, the slow database calls were on the order of ~30-40ms, so
when performed individually they don't have that large of a latency impact.
However, when done in bulk in the migration this adds up to some very slow
requests.
After the index is added these same database calls are reduced to ~4-5ms
* Change index to action, scope, role_id
* Make new index unique and drop [role_id, action, scope] index
* Remove FolderID from service tests
* Add models
* Add folderID pack to publicdashboard tests
* Remove folderID from dashboard tests
* Remove folderID from folders
* Remove folderID from ngalert tests
* Remove nolint comment
* Add back some tests after rebase
* Alerting: Increase size of kvstore value type for MySQL to LONGTEXT
alertmanager uses the kvstore to persist its notification log and the current
column limit for MySQL (16.7mb) puts the maximum entries at a level that is
potentially achievable for heavy alerting users (~40-80k entries).
In comparison, the current type for PSQL (TEXT) is effectively unlimited and
I believe SQLIte defaults to 2gb which is also plenty of leeway.
Backend:
* Update the Grafana Alerting engine to provide feedback to HysteresisCommand. The feedback information is stored in state.Manager as a fingerprint of each state. The fingerprint is persisted to the database. Only fingerprints that belong to Pending and Alerting states are considered as "loaded" and provided back to the command.
- add ResultFingerprint to state.State. It's different from other fingerprints we store in the state because it is calculated from the result labels.
- add rule_fingerprint column to alert_instance
- update alerting evaluator to accept AlertingResultsReader via context, and update scheduler to provide it.
- add AlertingResultsFromRuleState that implements the new interface in eval package
- update getExprRequest to patch the hysteresis command.
* Only one "Recovery Threshold" query is allowed to be used in the alert rule and it must be the Condition.
Frontend:
* Add hysteresis option to Threshold in UI. It's called "Recovery Threshold"
* Add test for getUnloadEvaluatorTypeFromCondition
* Hide hysteresis in panel expressions
* Refactor isInvalid and add test for it
* Remove unnecesary React.memo
* Add tests for updateEvaluatorConditions
---------
Co-authored-by: Sonia Aguilar <soniaaguilarpeiron@gmail.com>
* first round of entityapi updates
- quote column names and clean up insert/update queries
- replace grn with guid
- streamline table structure
fixes
streamline entity history
move EntitySummary into proto
remove EntitySummary
add guid to json
fix tests
change DB_Uuid to DB_NVarchar
fix folder test
convert interface to any
more cleanup
start entity store under grafana-apiserver dskit target
CRUD working, kind of
rough cut of wiring entity api to kube-apiserver
fake grafana user in context
add key to entity
list working
revert unnecessary changes
move entity storage files to their own package, clean up
use accessor to read/write grafana annotations
implement separate Create and Update functions
* go mod tidy
* switch from Kind to resource
* basic grpc storage server
* basic support for grpc entity store
* don't connect to database unless it's needed, pass user identity over grpc
* support getting user from k8s context, fix some mysql issues
* assign owner to snowflake dependency
* switch from ulid to uuid for guids
* cleanup, rename Search to List
* remove entityListResult
* EntityAPI: remove extra user abstraction (#79033)
* remove extra user abstraction
* add test stub (but
* move grpc context setup into client wrapper, fix lint issue
* remove unused constants
* remove custom json stuff
* basic list filtering, add todo
* change target to storage-server, allow entityStore flag in prod mode
* fix issue with Update
* EntityAPI: make test work, need to resolve expected differences (#79123)
* make test work, need to resolve expected differences
* remove the fields not supported by legacy
* sanitize out the bits legacy does not support
* sanitize out the bits legacy does not support
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* update feature toggle generated files
* remove unused http headers
* update feature flag strategy
* devmode
* update readme
* spelling
* readme
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* Folders: Show folders user has access to at the root level
* Refactor
* Refactor
* Hide parent folders user has no access to
* Skip expensive computation if possible
* Fix tests
* Fix potential nil access
* Fix duplicated folders
* Fix linter error
* Fix querying folders if no managed permissions set
* Update benchmark
* Add special shared with me folder and fetch available non-root folders on demand
* Fix parents query
* Improve db query for folders
* Reset benchmark changes
* Fix permissions for shared with me folder
* Simplify dedup
* Add option to include shared folder permission to user's permissions
* Fix nil UID
* Remove duplicated folders from shared list
* Folders: Fix fetching empty folder
* Nested folders: Show dashboards with directly assigned permissions
* Fix slow dashboards fetch
* Refactor
* Fix cycle dependencies
* Move shared folder to models
* Fix shared folder links
* Refactor
* Use feature flag for permissions
* Use feature flag
* Review comments
* Expose shared folder UID through frontend settings
* Add frontend type for sharedWithMeFolderUID option
* Refactor: apply review suggestions
* Fix parent uid for shared folder
* Fix listing shared dashboards for users with access to all folders
* Prevent creating folder with "shared" UID
* Add tests for shared folders
* Add test for shared dashboards
* Fix linter
* Add metrics for shared with me folder
* Add metrics for shared with me dashboards
* Fix tests
* Tests: add metrics as a dependency
* Fix access control metadata for shared with me folder
* Use constant for shared with me
* Optimize parent folders access check, fetch all folders in one query.
* Use labels for metrics
* Alerting: Keep track of individual org migration status
Save migration status per migrated org.
Change the meaning (and key/value) of the org_id=0 entry
to store the current (previous) config value used by alerting.
This is so we can know when to upgrade/downgrade by
comparing with the new config value in
UnifiedAlerting.IsEnabled.
* remove use of SignedInUserCopies
* add extra safety to not cross assign permissions
unwind circular dependency
dashboardacl->dashboardaccess
fix missing import
* correctly set teams for permissions
* fix missing inits
* nit: check err
* exit early for api keys
* inital changes, db migration
* changes
* Implement basic GetAll, Delete
* Add first batch of tests
* Add more tests
* Add service tests for GetForProvider, List
* Update http_server.go + wire.go
* Lint + update fixed role
* Update CODEOWNERS
* Change API init
* Change roles, rename
* Review with @kalleep
* Revert a mistakenly changed part
* Updates based on @dmihai 's feedback
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* add/update sqlstore-related helper functions
* add documentation & tests for InsertQuery and UpdateQuery, make generated SQL deterministic by sorting columns
* remove old log line
* correctly check permissions to list dashboards on the root
* correctly display the access inherited from general folder for dashboards
* Update pkg/services/sqlstore/permissions/dashboard.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Update dashboard_filter_no_subquery.go
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
This PR replaces the vendored models in the migration with their equivalent ngalert models. It also replaces the raw SQL selects and inserts with service calls.
It also fills in some gaps in the testing suite around:
- Migration of alert rules: verifying that the actual data model (queries, conditions) are correct 9a7cfa9
- Secure settings migration: verifying that secure fields remain encrypted for all available notifiers and certain fields migrate from plain text to encrypted secure settings correctly e7d3993
Replacing the checks for custom dashboard ACLs will be replaced in a separate targeted PR as it will be complex enough alone.
* signing key wip
use db keyset storage
add signing_key table
add testing for key storage
add ES256 key tests
Remove caching and implement UpdateOrCreate
Stabilize interfaces
* Encrypt private keys
* Fixup signer
* Fixup ext_jwt
* Add GetOrCreatePrivate with automatic key rotation
* use GetOrCreate for ext_jwt
* use GetOrCreate in id
* catch invalid block type
* fix broken test
* remove key generator
* reduce public interface of signing service
* Migrate old alerting templates to use $labels
* Fix imports
* Add test coverage and separate rewriting to Go templates
* Fix lint
* Check for additional closing braces
* Add logging of invalid message templates
* Fix tests
* Small fixes
* Update comments
* Panic on empty token
* Use logtest.Fake
* Fix lint
* Allow for spaces in variable names by not tokenizing spaces
* Add template function to deduplicate Labels in a Value map
* Fix behavior of mapLookupString
* Reference deduplicated labels in migrated message template
* Fix behavior of deduplicateLabelsFunc
* Don't create variable for parent logger
* Add more tests for deduplicateLabelsFunc
* Remove unused function
* Apply suggestions from code review
Co-authored by: Yuri Tseretyan <yuriy.tseretyan@grafana.com>
* Give label val merge function better name
* Extract template migration and escape literal tokens
* Consolidate + simplify template migration
---------
Co-authored-by: William Wernert <william.wernert@grafana.com>
* User: Add sort option to user search
* Switch to an approach that uses the dashboard search options
* Cable user sort on the org endpoint
* Alias user table with u in org store
* Add test and cover orgs/:orgID/users/search endpoint
* Add test to userimpl store
* Simplify the store_test with sortopts.ParseSortQueryParam
* Account for PR feedback
* Positive check
* Update docs
* Update docs
* Switch to ErrOrFallback
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* remove API tagging method and authed tagging
* add anonstore
move debug to after cache
change test order
fix issue where mysql trims to second
* add old device cleanup
lint
utc-ize everything
trim whitespace
* remove dangling setting
* Add delete devices
* Move anonymous authnclient to anonimpl
* Add simple post login hook
* move registration of Background Service
cleanup
* add updated_at index
* do not untag device if login err
* add delete device integration test
* Allow creating correlations for provisioned data sources
* Update docs
* Fix linting
* Add missing props
* Add missing props
* Fix linting
* Fix linting
* Clarify error name
* Removed error handling for a non-existing use case
* Create a list of deleted data datasources based on all configs
* Add org_id to correlations
* Add tests
* Allow org_id to be null in case org_id=0 is used
* Create organization to ensure stable id is generated
* Fix linting
* Ensure backwards compatibility
* Add deprecation information
* Update comments
* Override existing datasSource variable so the UID is retrieved correctly
* Migrate correlations indices
* Default org_id when migrating
* Remove redundant default
* Make PK non-nullable
* Post merge fixes
* Separate data sources / correlations provisioning
* Adjust comments
* Store new data sources in spy store so it can be used to test correlations as well
* Fix linting
* Update tests
* Ensure response is closed
* Avoid creating duplicates during provisioning
* Fix updating provisioned column and update tests
* Rename error message
* Fix linting errors
* Fix linting errors and rename variable
* Update test
* Update pkg/services/sqlstore/migrations/correlations_mig.go
Co-authored-by: Giordano Ricci <me@giordanoricci.com>
* Remove unused error
* Fix lining
---------
Co-authored-by: Giordano Ricci <me@giordanoricci.com>
