* WIP
* fix: bug for saving name did not remove edit
* refactor: better error msg
* Display the column Roles even when user can't see the role picker
* Remove spaces when building the search query request
* Disable Edit button and fix token addition and deletion
* Fix the error message text
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
* Copy over most of coremodel from intent-api branch
* Fix import paths
* Fix incorrect provider name
* Add root compgen file, fixup componentroot.yaml
* go mod tidy
* Remove compgen for now
* Add dashboard coremodel
* Remove datasource coremodel, for now
* Tweak comments on dashboard struct model
* devenv: add dashboard testing directly
* Fixup dashboard schema for openness, heatmap
* Update Thema to tip
* Fix wire/registry references
* Fix hclog version
* Refactor GET am config to be extensible
* Extract post config route
* Fix tests
* Remove temporary duplication
* Fix broken test due to layer shift
* Fix duplicated error message
* Properly return 400 on config rejection
* Revert weird half method extraction
* Move things to notifier package and avoid redundant interface
* Simplify documentation
* Split encryption service and depend on minimal abstractions
* Properly initialize things all the way up to the composition root
* Encryption -> Crypto
* Address misc feedback
* Missing docstring
* Few more simple polish improvements
* Unify on MultiOrgAlertmanager. Discover bug in existing test
* Fix rebase conflicts
* Misc feedback, renames, docs
* Access crypto hanging off MultiOrgAlertmanager rather than having a separate API to initialize
* use common traceID context value for opentracing and opentelemetry
* support sampled trace IDs as well
* inject traceID into NormalResponse on errors
* Finally the test passed
* fix the test
* fix linter
* change the function parameter
Co-authored-by: Ying WANG <ying.wang@grafana.com>
* Split preference store
* Chore: Add tests to pref
* Fix preference in wire
* Rename and adjust
* Add pref service test
* Rename methods, add tests
* Rename Preferences to Preference, names IDs correctly
* Fix lint
* Refactor Save
* Refactor upsert
Add new logic for QueryHistory
Rename some fields according to go naming conventions
Refactore tests
* Roll back ID that breaks tests
* Rename Id to ID in UpdatePreferenceQuery
* Use preference as a model to modify store
* Move pref store fakes to pref test file
* Add integration tag for store tests
* Adjust test
Co-authored-by: yangkb09 <yangkb09@gmail.com>
* Alerting: unwrap upsert into insert and update function
* add changelog entry
* remove changelog entry
* rename upsertrule to updaterule
* use directly alertrule model for inserts
* add test for updating a rule with a conflicting name
* Add endpoint for migration
* Check for createdAt
* Query history: Remove returning of dtos
* Query history: Fix CreatedAt
* Refactor based on suggestions
* Insert into table in batches
* OK notifications using previous evaluation data
* copy rule.EvalMatches to avoid changes to the underlying array
* test cases added/modified
* delete trailing newline
* fix double newline in go import
* add change to the changelog
* specify that this only affects legacy alerting (changelog)
* use current eval data instead of prev eval data
* create evalMatch just once
* code comments, renamings, getTemplateMatches() function
* changelog and docs updated
* forbid setting role higher than user's role
* change response code
* can assign API key permissions to non-admin users
* add: assign viewer role directly upon creation
* refactor: add AddSATcommand infavor of AddAPIkey
* refactor: frontend fixes for ServiceAccountToken
Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
* AccessControl: fix value copying in method access and add LogID
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Lint.
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: gamab <gabi.mabs@gmail.com>
* Nav: Show overlay icons based on allowed list
* user essentials mob! 🔱
* Navigation: clean up and use new backend prop to show plus icons and
improve visual styling
* Nav: Fix top padding
* refactor to not use showIconInNavbar in NavBarMenuItem
* remove a missed bit
* refactor icon into const
Co-authored-by: Ashley Harrison <ashley.harrison@grafana.com>
* Update golangci-lint to v1.45.2
Version 1.45.0 added support for Go 1.18:
https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md#v1450
Signed-off-by: Marcelo E. Magallon <marcelo.magallon@grafana.com>
* Linter: fix some lints issue for golangci-lint version 1.45.2
Co-authored-by: Marcelo E. Magallon <marcelo.magallon@grafana.com>
Co-authored-by: Gábor Farkas <gabor.farkas@gmail.com>
* AccessControl: Make the built-in role definitions public
* Add context to RegisterFixedRoles
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Making BuiltInRolesWithParents public to the AccessControl package
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* add check for access to rule's data source in GET APIs
* use more general method GetAlertRules instead of GetNamespaceAlertRules.
* remove unused GetNamespaceAlertRules.
Tests:
* create a method to generate permissions for rules
* extract method to create RuleSrv
* add tests for RouteGetNamespaceRulesConfig
* chore: remove all remaining uses of golang.org/x/net/context
This PR finishes the work started in #47532, replacing all calls to that package with the stdlib context and using http.NewRequestWithContext to include the context where necessary.
Bonus: small formatting fixes to goimports in these files.
closes#44178
* tweak: use context.Background in favor of TODO for tests
* add feature toggle with new format
* fix some comments ❤️
* Update pkg/infra/log/term/terminal_logger.go
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* move validation at the beginning of method
* remove usage of GetOrgRuleGroups because it is not necessary. All information is already available in memory.
* remove unused method
* pass in user to attribute scope resolver
* add SQL filter to annotation listing
* check annotation FGAC permissions before exposing them for commenting
* remove the requirement to be able to list all annotations from annotation listing endpoint
* adding tests for annotation listing
* remove changes that got moved to a different PR
* unused var
* Update pkg/services/sqlstore/annotation.go
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* remove unneeded check
* remove unneeded check
* undo accidental change
* undo accidental change
* doc update
* move tests
* redo the approach for passing the user in for scope resolution
* accidental change
* cleanup
* error handling
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
For a proxied request, e.g. Grafana's datasource or plugin proxy:
If the request is cancelled, e.g. from the browser, the HTTP status code is
now 499 Client closed request instead of 502 Bad gateway.
If the request times out, e.g. takes longer time than allowed, the HTTP status
code is now 504 Gateway timeout instead of 502 Bad gateway.
This also means that request metrics and logs will get their status codes
adjusted according to above.
Fixes#46337Fixes#46338
* wip: new metrics query editor
* prepend subscriptions to url path
* remove duplicated setQueryValue file
* add tests for new metrics query editor
* wip start extracting resource field into a shared component
* fix query editor test
* fix up backend tests
* move azure monitor specific getters to azure_monitor_datasource
* use existing useAsyncState hook
* extract useAsyncState into separate file
* add datahooks tests
* extract resource field component
* cleanup
* clarify variable names
* remove logs query specific resource field component
* add url_builder test
* add azure_monitor_datasources tests
* address comments
* add types
* pass resourceUri to resource field component
* add test to check we reset the query fields when changing resources
* Remove specific stats from usage stats service
* Create statscollector service
* refactor
* Update and move tests
Mostly equivalent tests to before, but they've been divided over the two
services and removed the behavior driven legacy from GoConvey to
reduce the complexity of the tests.
* Collect featuremgmr metrics (copied over from #47407)
I removed the metrics registration from the feature manager in the merge
and re-add them in this commit. Separated to make things easier to
review.
This test of silence cleanup was flaky because of its use of real wall
time. In CI environments with slow execution, delays could cause the
test to fail. This change mitigates the problem by increasing the end time of
silences in the test.
After Prometheus merges this PR: https://github.com/prometheus/alertmanager/pull/2867
we can make the test fully deterministic by using a fake clock.
Fixes#47470
Signed-off-by: Joe Blubaugh <joe.blubaugh@grafana.com>
* Alerting: Introduce an internal changelog
Please note that this is not intented to replace Grafana's "add to changelog" label. It is _mostly_ for internal consumption of the Alerting team that owns this part of Grafana.
* Fix markdown formatting
* Fix changelog entry
* add FGAC actions for silences table
* redirect users without permissions
* add permissions checks to routes
* add fgac to notifications and contact points
* fgac for notification policies
* fix mute timing authorization
* use consistent naming for checking grafana alertmanager
* tests for fgac in contact points and notification policies
* bump up timeout on rule editor test
* use new permissions util
* break out route evaluation into util
* Remove test timeout
* Change permissions for the alert-notifiers endpoint
* Use signed in handler for alert-notifiers when unified alerting enabled
Co-authored-by: Konrad Lalik <konrad.lalik@grafana.com>
* add unit into request duration
* Update pkg/middleware/logger.go
Co-authored-by: Carl Bergquist <carl.bergquist@gmail.com>
Co-authored-by: Carl Bergquist <carl.bergquist@gmail.com>
* AccessControl: Remove package variables for roles and grants
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Check for inheritance during role registration
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Moving back role definition to accessscontrol
* Make settings reader role public
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Nits
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Forgot to update this
* Account for declaration error
* Fixing pkg/api init ossac
* Account for error in tests
* Update test to verify inheritance
* Nits.
* Place br inheritance behind a feature toggle
* Parent -> Parents
* Nit.
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Clean up orgId when user organization is removed
* Add a test for removing user org
* Fix linting errors
* Update comment
* Fix linting errors
* Make removing user org more explicit
* Use Wiring to initialize Avatar Cache Server
Create AvatarCacheServer Provider function and pass it in as an
argument to HTTPServer. Also convert CacheServer to a singleton
so that we keep all cached Avatar info in one place for easier access
* Refactor avatar cache server and add 'isCustom' check
Avatar cache server needs to perform two similar fetches
back-to-back; break up functions to allow for easy reuse.
Then add handling to see if a user has a custom avatar.
* Add additional accessors so that /recents api can easily use the cache
* Minor mods to avatar server to facilitiate unit testing
* add unit tests for avatar fetching
* add error handling in case we somehow fetch gravatars while they are disabled
* linting: read error return value in unit test
* Use http package status codes
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* Use http package status codes
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* Use http package status codes
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* Incorporate suggestions from PR
-avoid mutating arguments
-change error handler function to private and make name more descriptive
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* Base-line API for provisioning notification policies
* Wire API up, some simple tests
* Return provenance status through API
* Fix missing call
* Transactions
* Clarity in package dependencies
* Unify receivers in definitions
* Fix issue introduced by receiver change
* Drop unused internal test implementation
* FGAC hooks for provisioning routes
* Polish, swap names
* Asserting on number of exposed routes
* Don't bubble up updated object
* Integrate with new concurrency token feature in store
* Back out duplicated changes
* Remove redundant tests
* Regenerate and create unit tests for API layer
* Integration tests for auth
* Address linter errors
* Put route behind toggle
* Use alternative store API and fix feature toggle in tests
* Fixes, polish
* Fix whitespace
* Re-kick drone
* Rename services to provisioning
* Alerting: Accurately set value for prom-compatible APIs
Sets the value fields for the prometheus compatible API based on a combination of condition `refID` and the values extracted from the different frames.
* Fix an extra test
* Ensure a consitent ordering
* Address review comments
* address review comments
* adds oauth support to call resource requests
* adds oauth docs for call resource
* fixes case where dsUID is empty
* improve datasource error handling
* Fix inherited scopes for dashboard to use folder uid
* Add inherited evaluators
* Slight modification of the commments
* Add test for inheritance
* Nit.
* extract shared function from tests
* Nit. Extra line
* Remove unused comment
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: gamab <gabi.mabs@gmail.com>
* Add basic UI for custom ruler URL
* Add build info fetching for alerting data sources
* Add keeping data sources build info in the store
* Use data source build info to construct data source urls
* Remove unused code
* Add custom ruler support in prometheus api calls
* Migrate actions
* Use thunk condition to prevent multiple data source buildinfo fetches
* Unify prom and ruler rules loading
* Upgrade RuleEditor tests
* Upgrade RuleList tests
* Upgrade PanelAlertTab tests
* Upgrade actions tests
* Build info refactoring
* Get rid of lotex ruler support action
* Add prom ruler availability checking when the buildinfo is not available
* Add rulerUrlBuilder tests
* Improve prometheus data source validation, small build info refactoring
* Change prefix based on Prometheus subtype
* Use the correct path
* Revert config routing
* Add deprecation notice for /api/prom prefix
* Add tests to the datasource subtype
* Remove custom ruler support
* Remove deprecation notice
* Prevent fetching ruler rules when ruler api is not available
* Add build info tests
* Unify naming of ruler methods
* Fix test
* Change buildinfo data source validation
* Use strings for subtype params and unveil mimir
* organise imports
* frontend changes and wordsmithing
* fix test suite
* add a nicer verbose message for prometheus datasources
* detect Mimir datasource
* fix test
* fix buildinfo test for Mimir
* shrink vectors
* add some code documentation
* DRY prepareRulesFilterQueryParams
* clarify that Prometheus does not support managing rules
* Improve buildinfo error handling
Co-authored-by: gotjosh <josue.abreu@gmail.com>
Co-authored-by: gillesdemey <gilles.de.mey@gmail.com>
* CloudWatch: Handle new error codes for MetricInsights
* Changes/test to support case where only the first GetMetricDataOutput returns errors and refactoring
* Fix Potential file inclusion via variable
* Fix gosec 304 by assigning a new variable
* fix goimports issue
* make eval.Evaluator an interface
* inject Evaluator to TestingApiSrv
* move conditionEval to RouteTestGrafanaRuleConfig because it is the only place where it is used
* update rule test api to check data source permissions
* Use alert:create action for folder search with edit permissions. This matches the action that is used to query dashboards (the update will be addressed later)
* Update rule store to use FindDashboards instead of folder service to list folders the user has access to view alerts. Folder service does not support query type and additional filters.
* Do not check whether the user can save to folder if FGAC is enabled because it is checked on API level.
* Azure Monitor: allow metrics call to use resource uri
* test case when only resource uri is provided
* remove logs
* Rename json field name from resource to resourceUri
* Group legacy URL builder params test cases
* move comment to the correct position
* Add clarifications in comments
Co-authored-by: Sarah Zinger <sarah.zinger@grafana.com>
Co-authored-by: Sarah Zinger <sarah.zinger@grafana.com>
* AccessControl: Add a feature flag for the builtin role simplification
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Update standardDeatureFlags instead
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* use uid:s for folder and dashboard permissions
* evaluate folder and dashboard permissions based on uids
* add dashboard.uid to accept list
* Check for exact suffix
* Check parent folder on create
* update test
* drop dashboard:create actions with dashboard scope
* fix typo
* AccessControl: test id 0 scope conversion
* AccessControl: store only parent folder UID
* AccessControl: extract general as a constant
* FolderServices: Prevent creation of a folder uid'd general
* FolderServices: Test folder creation prevention
* Update pkg/services/guardian/accesscontrol_guardian.go
* FolderServices: fix mock call expect
* FolderServices: remove uneeded mocks
Co-authored-by: jguer <joao.guerreiro@grafana.com>
* Expose option to disable help menu
* Expose option to disable profile menu
* Add Profile FeatureTogglePage
* Update public/app/features/profile/FeatureTogglePage.tsx
Uptake PR wording suggestion.
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Fix front end lint issue
* Fix back end lint issue
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* __unixEpochGroup to support arithmetic argument
Following call generates wrong expression :
$__unixEpochGroupAlias(height+42,$__interval)
=> floor(height+42/60)*60 AS "time"
instead of
=> floor((height+42)/60)*60 AS "time"
* Update test of __unixEpochGroup related to issue #46764
* require legacy Editor for post, put, delete endpoints
* require user to be signed in on group level because handler that checks that user has role Editor does not check it is signed in
* verify that the user has access to all data sources used by the rule that needs to be deleted from the group
* if a user is not authorized to access the rule, the rule is removed from the list to delete
* Add ResourceAttribute
* Add ResourceAttribute option
* Set ResourceAttribute option
* Change resolvers to return uid based scopes
* update swagger to correct scope
* use ResourceAttribute for endpoint scope
* bump role version
* Add support for different attributes for access control metadata
* evaluate data source metadata based on uid
* Fix test
* uncomment benchmarks
* Use resourceID
* use evaluator for access control metadata
* update comment
* Set default permissions based on uid
* Add attribute to accesscontrol filter
* validate that scopes has correct attribute
* lint
* Update comment
* remove attribute parameter and extend prefix
* refactor to use scope prefix
* Get metadata with prefix
* fix test
* fix comparision
* remove unused type
* fix attribute index
* fix typo
* restructure logic
* Get metadata by uid
* fix imports
Co-authored-by: jguer <joao.guerreiro@grafana.com>
* rename GetRuleGroupAlertRules to GetAlertRules
* make rule group optional in GetAlertRulesQuery
* simplify FakeStore. the current structure did not support optional rule group
update method getEvaluatorForAlertRule to accept permissions evaluator and exit on the first negative result, which is more effective than returning an evaluator that in fact is a bunch of slices.
