* Fix dashboard alert and nootifier migration for MySQL
* Fix POSTing Alertmanager configuration if no current configuration exists
in case the default configuration has not be stored yet
or has failed to get stored
* Change CreatedAt field type
Rules/notifications/etc migration will now be activated with feature flag alone.
When the feature flag is enabled dashboard alerts are migrated into the system.
When the feature flag is removed, all migrated and newly created alerts in the new system are deleted.
makes it so the feature flag can be turned on off, and the migration will be cleared and rerun. All existing NG alert rules, configuration settings, etc are removed when disabling the feature flag.
for https://github.com/grafana/alerting-squad/issues/142
Co-authored-by: Sofia Papagiannaki <sofia@grafana.com>
* Not complete, put migration behind env flag for now:
UALERT_MIG=iDidBackup
* Important to backup, and not expect the same DB to keep working until the env trigger is removed.
* Alerting: Migrate dashboard alert permissions
* Do not use imported models
* Change folder titles
Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
* Add revoked_at field to user auth token to allow soft revokes
* Allow soft token revocations
* Update token revocations and tests
* Return error info on revokedTokenErr
* Override session cookie only when no revokedErr nor API request
* Display modal on revoked token error
* Feedback: Refactor TokenRevokedModal to FC
* Add GetUserRevokedTokens into UserTokenService
* Backendsrv: adds tests and refactors soft token path
* Apply feedback
* Write redirect cookie on token revoked error
* Update TokenRevokedModal style
* Return meaningful error info
* Some UI changes
* Update backend_srv tests
* Minor style fix on backend_srv tests
* Replace deprecated method usage to publish events
* Fix backend_srv tests
* Apply suggestions from code review
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>
* Apply suggestions from code review
* Apply suggestions from code review
Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>
* Minor style fix after PR suggestion commit
* Apply suggestions from code review
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
* Prettier fixes
Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
The annotation_tag and alert_rule_tag tables did not have
PRIMARY KEY defined what cause problems with migration to
MariaDB with Galera setup with
innodb_force_primary_key=1
Or MySQL > 8.0.13 with
sql_require_primary_key=ON
Which can manifest as follows:
MariaDB
Error 1173: This table type requires a primary key
MySQL
ERROR 3750 (HY000): Unable to create or change a table
without a primary key, when the system variable 'sql_require_primary_key' is set.
Extra reading for curious:
https://jfg-mysql.blogspot.com/2017/08/danger-no-pk-with-RBR-and-mariadb-protection.htmlFixes#12971
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* intial frontend resolution/redirection logic
* backend scaffolding
* enough of the frontend to actually test end to end
* bugfixes
* add tests
* cleanup
* explore too hard for now
* fix build
* Docs: add docs
* FE test
* redirect directly from backend
* validate incoming uids
* add last_seen_at
* format documentation
* more documentation feedback
* very shaky migration of get route to middleware
* persist unix timestamps
* add id, orgId to table
* fixes for orgId scoping
* whoops forgot the middleware
* only redirect to absolute URLs under the AppUrl domain
* move lookup route to /goto/:uid, stop manually setting 404 response code
* renaming things according to PR feedback
* tricky deletion
* sneaky readd
* fix test
* more BE renaming
* FE updates -- no more @ts-ignore hacking :) and accounting for subpath
* Simplify code
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* Short URLs: Drop usage of bus
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* ShortURLService: Make injectable
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* Rename file
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* Add handling of url parsing and creating of full shortURL to backend
* Update test, remove unused imports
* Update pkg/api/short_urls.go
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Add correct import
* Pass context to short url service
* Remove not needed error log
* Rename dto and field to denote URL rather than path
* Update api docs based on feedback/suggestion
* Rename files to singular
* Revert to send relative path to backend
* Fixes after review
* Return dto when creating short URL that includes the full url
Use full url to provide shorten URL to the user
* Fix after review
* Fix relative url path when creating new short url
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Ivana <ivana.huckova@gmail.com>
Co-authored-by: Ivana Huckova <30407135+ivanahuckova@users.noreply.github.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Add non-unique indices to alert_notification_state and alert_rule_tag tables for
column alert_id.
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Fixes#22890
* expire with existng cleanup service
* expire with new temp user service
* make Drone happy :)
* add expiry status
* remove other approach
* cleanup
* add test for idempotency
* add migration from datetime to unix ts
* update cmd names
* change lifetime config to duration
* remove unnecessart formatting
* add comment
* update docs
* remove max bound and introduce min error
* simplify sql
* remove comment
* allow any outstanding to exist for at least 24 hours
* revert created ts change
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* add extra state check to cleanup step
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* end 2 end
* fix import
* refactor
* introduce securedata
* check err
* use testify instead of convey
* cleanup test
* cleanup test
* blob time
* rename funcs
Support storing sensitive notification settings securely/encrypted.
Move slack notifier url and api token to secure settings.
Migrating slack notifier to store token and url encrypted is currently
a manual process by saving an existing slack alert notification channel.
saving an existing slack alert notification channel will reset the stored
non-secure url and token.
Closes#25113
Ref #25967
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Drop indices and create new ones and rewrites annotation find query
to address performance issues when querying annotation table and
there is a large amount of rows.
Fixes#21902
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Kyle Brandt <kyle@kbrandt.com>
* SQLite migrations
* cleanup
* migrate end times
* switch to update with a query
* real migration
* anno migrations
* remove old docs
* set isRegion from time changes
* use <> for is not
* add comment and fix index decleration
* single validation place
* add test
* fix test
* add upgrading docs
* use AnnotationEvent
* fix import
* remove regionId from typescript
* Modify backend to allow expiration of API Keys
* Add middleware test for expired api keys
* Modify frontend to enable expiration of API Keys
* Fix frontend tests
* Fix migration and add index for `expires` field
* Add api key tests for database access
* Substitude time.Now() by a mock for test usage
* Front-end modifications
* Change input label to `Time to live`
* Change input behavior to comply with the other similar
* Add tooltip
* Modify AddApiKey api call response
Expiration should be *time.Time instead of string
* Present expiration date in the selected timezone
* Use kbn for transforming intervals to seconds
* Use `assert` library for tests
* Frontend fixes
Add checks for empty/undefined/null values
* Change expires column from datetime to integer
* Restrict api key duration input
It should be interval not number
* AddApiKey must complain if SecondsToLive is negative
* Declare ErrInvalidApiKeyExpiration
* Move configuration to auth section
* Update docs
* Eliminate alias for models in modified files
* Omit expiration from api response if empty
* Eliminate Goconvey from test file
* Fix test
Do not sleep, use mocked timeNow() instead
* Remove index for expires from api_key table
The index should be anyway on both org_id and expires fields.
However this commit eliminates completely the index for now
since not many rows are expected to be in this table.
* Use getTimeZone function
* Minor change in api key listing
The frontend should display a message instead of empty string
if the key does not expire.
* Users: add is_disabled column
* Users: disable users removed from LDAP
* Auth: return ErrInvalidCredentials for failed LDAP auth
* User: return isDisabled flag in user search api
* User: mark disabled users at the server admin page
* Chore: refactor according to review
* Auth: prevent disabled user from login
* Auth: re-enable user when it found in ldap
* User: add api endpoint for disabling user
* User: use separate endpoints to disable/enable user
* User: disallow disabling external users
* User: able do disable users from admin UI
* Chore: refactor based on review
* Chore: use more clear error check when disabling user
* Fix login tests
* Tests for disabling user during the LDAP login
* Tests for disable user API
* Tests for login with disabled user
* Remove disable user UI stub
* Sync with latest LDAP refactoring
This is basically implementation of the https://github.com/grafana/grafana/issues/8900#issuecomment-435437167
points, except for the type conversion bit.
I tried to implement idea mentioned in cockroachdb ticket (see below).
And it is possible, but it complicates things as lot - not only we have to
have 4 SQL statements instead of one, but we would have to copy the column
structure as well - PK, FG, indexes and stuff, plus there will
be additional downtime with this approach.
So idea for this pull is to prepare our SQL as much as possible, so when
cockroachdb will add support for full type conversions, we could easilly add
support for it as well.
* Add `CASCADE` to `DROP INDEX` statement
* Make string conversions explicit
Thanks @Luit
Ref #8900
Ref cockroach/cockroach#9851
* master: (250 commits)
Firing off an action instead of listening to location changes
Changes after PR Comments
Made ExplorerToolbar connected and refactored away responsabilities from Explore
Removed some split complexity
Fixed some more styling
Fixed close split look and feel
Fixed position of Closesplit
Fixed small issue with TimePicker dropdown position
Simplified some styles and dom elements
Fixed some more with the sidemenu open and smaller screens
Fixed so heading looks good with closed sidemenu
Restructure of component and styling
Refactored out ExploreToolbar from Explore
Fixed reinitialise of Explore
changelog: add notes about closing #13929
changelog: add notes about closing #14558
changelog: add notes about closing #14484
changelog: add notes about closing #13765
changelog: add notes about closing #11503
changelog: add notes about closing #4075
...
If notification state is pending and last update of state was made
less than a minute ago. In the case of a grafana instance is shut down/crashes
between setting pending state and before sending the notification/marks as complete
this logic should allow the notification to be sent after some time instead of
being left in an inconsistent state where no notifications are being sent.
See,
$ gometalinter --vendor --disable-all --enable=megacheck --disable=gotype --deadline 6m ./... | grep SQL
alert.go:43:9⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
alert_notification.go:122:12⚠️ sess.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
annotation.go:226:12⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
dashboard.go:228:9⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
dashboard.go:302:10⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
dashboard.go:416:9⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
dashboard.go:635:12⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
migrations/user_mig.go:137:9⚠️ sess.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
plugin_setting.go:29:10⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
quota.go:41:12⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
quota.go:84:13⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
quota.go:143:12⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
quota.go:186:13⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
quota.go:234:12⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
team.go:172:12⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
team.go:199:17⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
team.go:223:9⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
temp_user.go:99:10⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
temp_user.go:124:10⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
user.go:375:3⚠️ sess.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
user.go:377:3⚠️ sess.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
user.go:379:3⚠️ sess.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
* enable ee build on pr/master
* step1: of including group sync
* disable commit pinning for now
* fixes broken build
* enable team to ldap group sync
* avoid returning error for missing external handler
* services: allow routes to be added before http server start
* services: allows services to add their own migrations
* moves db migrations to ee code base
* build using master branch in ee
* disable enterprise build in .bra.toml
[skip ci]
* removes team sync extensions
* removes commented line
* master: (30 commits)
changelog: add notes about closing #11882
renamed variable in tests
added comment, variableChange -> variableValueChange
added a test
added if to check if new variable has been added
Gravatar fallback does not respect 'AppSubUrl'-setting (#12149)
change admin password after first login
changelog: adds note about closing #11958
revert: reverted singlestat panel position change PR #12004
Revert "provisioning: turn relative symlinked path into absolut paths"
provisioning: turn relative symlinked path into absolut paths
changelog: adds note about closing #11670
elasticsearch: sort bucket keys to fix issue wth response parser tests
docs: what's new in v5.2
changelog: add notes about closing #11167
docs: docker secrets support. (#12141)
alerting: show alerts for user with Viewer role
datasource: added option no-direct-access to ds-http-settings diretive, closes#12138
provisioning: adds fallback if evalsymlink/abs fails
tests: uses different paths depending on os
...
* refactor: tracing service refactoring
* refactor: sqlstore to instance service
* refactor: sqlstore & registory priority
* refactor: sqlstore refactor wip
* sqlstore: progress on getting tests to work again
* sqlstore: progress on refactoring and getting tests working
* sqlstore: connection string fix
* fix: not sure why this test is not working and required changing expires
* fix: updated grafana-cli
* db: add login attempt migrations
* db: add possibility to create login attempts
* db: add possibility to retrieve login attempt count per username
* auth: validation and update of login attempts for invalid credentials
If login attempt count for user authenticating is 5 or more the last 5 minutes
we temporarily block the user access to login
* db: add possibility to delete expired login attempts
* cleanup: Delete login attempts older than 10 minutes
The cleanup job are running continuously and triggering each 10 minute
* fix typo: rename consequent to consequent
* auth: enable login attempt validation for ldap logins
* auth: disable login attempts validation by configuration
Setting is named DisableLoginAttemptsValidation and is false by default
Config disable_login_attempts_validation is placed under security section
#7616
* auth: don't run cleanup of login attempts if feature is disabled
#7616
* auth: rename settings.go to ldap_settings.go
* auth: refactor AuthenticateUser
Extract grafana login, ldap login and login attemp validation together
with their tests to separate files.
Enables testing of many more aspects when authenticating a user.
#7616
* auth: rename login attempt validation to brute force login protection
Setting DisableLoginAttemptsValidation => DisableBruteForceLoginProtection
Configuration disable_login_attempts_validation => disable_brute_force_login_protection
#7616
* teams: add db migration for email column in teams table
* teams: /teams should render index page with a 200 OK
* teams: additional backend functionality for team and team members
Possibility to save/update email for teams.
Possibility to retrive avatar url when searching for teams.
Possibility to retrive avatar url when searching for team members.
* teams: display team avatar and team member avatars
Possibility to save and update email for a team
* teams: create team on separate page instead of modal dialog
* removes readonly editor role
* adds viewersCanEdit setting
This enable you to allow viewers to edit/inspect
dashboards in grafana in their own browser without
allowing them to save dashboards
* remove read only editor option from all dropdowns
* migrates all read only viewers to viewers
* docs: replace readOnlyEditor with viewersCanEdit
