* Updates to all except alert rules
* Return 400 when rules fail to validate, add testinfra
* More sane package aliases
* More package alias renames
* One more bug in contact point validation
* remove unused function
Co-authored-by: Jean-Philippe Quémémer <jeanphilippe.quemener@grafana.com>
Co-authored-by: Jean-Philippe Quéméner <JohnnyQQQQ@users.noreply.github.com>
* Alerting: Fix force_migration when alerting is disabled
This commit fixes a bug where force_migration must be set to true
when both unified and legacy alerting is disabled.
* Update comment
* Fix typo in comment
Co-authored-by: Armand Grillet <armand.grillet@outlook.com>
* Alerting: move group update to alert rule service
* rename validateAlertRuleInterval to validateRuleGroupInterval
* init baseinterval correctly
* add seconds suffix
* extract validation function for reusability
* add context to err message
After migrating to unified alerting, users must explicitly allow rolling
back to legacy alerting by setting force_migration = true in config.
This updates the panic message to clarify why that's required and what
the consequences of rolling back will be.
Fixes#50469
The ng_alert_notification email template did not include templating for
linked or embedded images. This change updates that.
Additionally, this change supports embedding an image for each alert in
an email batch.
Fixes#50315
* optional custom description for OpsGenie
* custom title and message, tests
* update changelog
* check for empty / whitespace only strings
* truncate the title to 130 characters if needed
* unnecessary validation removed
* truncate title to 127 characters and add three dots
* Remove dashbpard version from models
* Fix lint
* Fix api & sqlstore tests
* Remove integration tags
* Fix lint again
* Add integration test to correct namespace
* Lont fix 2
* Change Id to ID in dashVersionMeta
This PR renames the configuration key enabled to capture. This is needed as we already have a configuration key with the name enabled.
Fixes#50328
Co-authored-by: Jean-Philippe Quéméner <JohnnyQQQQ@users.noreply.github.com>
* Alerting: decapitalize log lines and use "err" as the key for errors
Found using (logger|log).(Warn|Debug|Info|Error)\([A-Z] and (logger|log).(Warn|Debug|Info|Error)\(.+"error"
* Inject access control into dashboard service
* Add function to parse id scopes
* Add dashboard as return value
* Update mock
* Return only err to keep service interface
* Add scope resolvers for dashboard id scopes
* Add function to parse uid scopes
* Add dashboard uid scope resolver
* Register scope resolvers for dashboards
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Remove crufty scuemata bits
Buhbye to: cue/ dir with old definitions, CI steps for checking unnecessary
things, and the original dashboard scuemata file.
* Remove grafana-cli cue subcommand
* Remove old testdata
* Don't swallow errors from codegen
* Small nits and tweaks to cuectx package
* WIP - refactor pluggen to use Thema
Also consolidate the embed.FS in the repo root.
* Finish halfway rename
* Convert all panel models.cue to thema
* Rewrite pluggen to use Thema
* Remove pkg/schema, and trim command
* Remove schemaloader service and usages
Will be replaced by coremodel-centric hydrate/dehydrate system Soon™.
* Remove schemaloader from wire
* Remove hangover field on histogram models.cue
* Fix lint errors, some vestiges of trim service
* Remove unused cuetsify cli command
* change migration logic
* linting
* linting
* fix an issue with the migration logic
* make tests runnable against other DBs
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Add migration
* Migrator: Extend support to rename columns
* Fix getting current key
* Fix column name in migration
* Fix deks reencryption
* Fix caching
* Add back separate caches for byName and byPrefix
* Do not concatenate prefix with uid
* Rename DataKey struc fields
* SQLStore: Add deprecation comments for breaking migrations
* Add comment
* Minor corrections
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
This PR adds endpoints for saving and retrieving a public dashboard configuration and and api endpoint to retrieve the public dashboard.
All of this is highly experimental and APIs will change. Notably, we will be removing isPublic from the dashboard model and moving it over to the public dashboard table in the next release.
Further context can be found here: https://github.com/grafana/grafana/pull/49131#issuecomment-1145456952
* Split GetDashboarVersions method
* Add sqlstore dialect and tests
* Fix signature of PAtchPreference
* Add GetDialect to sqlstore and remove GetDashboardVersions
* Add GetDialect to db interface
* Implement List
* add deleted test function
* Remove GetDialect from sqlstore interface
* Remove deleted method from mock
* Refactor test
* update action names
* correctly retrieve teams for signed in user
* remove test
* undo swagger changes
* undo swagger changes pt2
* add migration from old action names to the new ones
* rename from list to read
* linting
* also update alertign actions
* fix migration
The image file upload code as it is now simply doesn't work - it's
missing several important steps in the file upload process. There is
more information in the fixed issue as to the steps required.
After this change, screenshots will still be attached to slack messages
when external image storage is used with Grafana (an S3 bucket, for
example).
Fixes#50056
* Alerting: Remove double quotes from matchers
With #38629 a new Alertmanager configuration object was introduced with `object_matchers`, it was meant to circumvent around the fact that Prometheus label names don't support a set of characters that Grafana needs to support for alerts, silences, matchers, etc. (with a common example being elasticsearch's `.`).
This new object does not include the label of sanitzation or validation that its Prometheus equivalent supports in `matchers` and therefore are semantically not equivalent.
This triggered the problem that when the migration is run, we use `matchers` as the object to populate in configuration for routing policies, but when the UI does its first save this object is transformed to `object_matchers`.
Matchers that were previously running just fine would immediately stop working as soon as the configuration is saved.
This problem surfaced with the introduction of #49952 where we stopped stripping double quotes from matchers (not just regex but _all_ of them).
* Add comment explaining rationale and future removal
Co-authored-by: Alex Weaver <weaver.alex.d@gmail.com>
* backend/sqlstore split: remove unused GetDashboardPermissionsForUser from sqlstore
* remove debugging line
* backend/sqlstore: move dashboard permission related functions to dashboard service
* update authz to exclude entire group if user does not have access to rule
* change rule update authz to not return changes because if user does not have access to any rule in group, they do not have access to the rule
* a new query that returns alerts in group by UID of alert that belongs to that group
* collect all affected groups during calculate changes
* update authorize to check access to groups
* update tests for calculateChanges to assert new fields
* add authorization tests
* Fix unified secrets backwards compatibility
* Add compatibility fix to AddDataSource function
* Allow updating password on fail to decrypt secrets
* If unified secret is corrupt try migrating
* ServiceAccounts: refactor ServiceAccountRoleRow
* Refactor ServiceAccountRoleRow
* Refactor ServiceAccountProfile
* Refactor components
* Change service accounts icon
* Refine service accounts page header
* Improve service accounts filtering
* Change delete button style
* Tweak account id
* Auto focus name field when create service account
* Add disable/enable button
* Enable/disable service accounts
* Optimize updating service account (do not fetch all)
* Remove status column (replace by enable/disable button)
* Add banner with service accounts description
* Add tokens from main page
* Update tokens count when add token from main page
* Fix action buttons column
* Fix tokens count when change role
* Refine table row classes
* Fix buttons
* Simplify working with state
* Show message when service account updated
* Able to filter disabled accounts
* Mark disabled accounts in a table
* Refine disabled account view
* Move non-critical components to separate folder
* Remove confusing focusing
* Fix date picker position when creating new token
* DatePicker: able to set minimum date that can be selected
* Don't allow to select expiration dates prior today
* Set tomorrow as a default token expiration date
* Fix displaying expiration period
* Rename Add token button
* Refine page styles
* Show modal when disabling SA from main page
* Arrange role picker
* Refine SA page styles
* Generate default token name
* More smooth navigation between SA pages
* Stop loading indicator in case of error
* Remove legacy styles usage
* Tweaks after code review
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Get rid of useDisapatch in favor of mapDispatchToProps
* Tests for ServiceAccountsListPage
* Tests for service account page
* Show new role picker only with license
* Get rid of deprecated css classes
* Apply suggestion from code review
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Fix service accounts icon
* Tests for service account create page
* Return service account info when update
* Add behaviour tests for ServiceAccountsListPage
* Fix disabled cursor on confirm button
* More behavior tests for service account page
* Temporary disable service account migration banner
* Use safe where condition
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Apply review suggestions
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Remove autofocus from search
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
Tests that file bytes are correctly read from storage when an image is
available without a URL. Tests that not found and success cases are both
handled.
* Add validator for mute timing and make it provisionable
* Add tests to ensure prometheus validators are running and errors are propagated
* Internal API for manipulating mute timings
* Define and generate API layer
* Wire up generated code
* Implement API handlers
* Tests for golang layer
* Fix reference bug
* Fix linter and auth tests
* Resolve semantic errors and regenerate
* Remove pointless comment
* Extract out provisioning path param keys, simplify
* Expected number of paths
* Alerting: Do not include button in googlechat notification if URL invalid
* Apply suggestions from code review
Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com>
* Alerting: Add test case for invalid external URL in googlechat notifier
Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com>
Adds three functions:
`withStoredImages` iterates over a list of models.Alerts, extracting a stored image's data from storage, if available, and executing a user-provided function.
`withStoredImage` does this for an image attached to a specific alert.
`openImage` finds and opens an image file on disk.
Moves `store.Image` to `models.Image`
Simplifies `channels.ImageStore` interface and updates notifiers that use it to use the simpler methods.
Updates all pkg/alert/notifier/channels to use withStoredImage routines.
* Add store split for Get Dashboard version method
* Implement dashboard version service
* Fix api tests
* Remove GetDashboarVersion from sqlstore
* Add fakes for Get dashboard version
* Fix sqlstore test
* Add Get Dashboard store test
* Add dashver service test
* Remove useless comments
* pkg/web: store http.Handler internally
* pkg/web: remove injection
Removes any injection code from pkg/web.
It already was no longer functional, as we already only injected into
`http.Handler`, meaning we only inject ctx.Req and ctx.Resp.
Any other types (*Context, *ReqContext) were already accessed using the
http.Request.Context.Value() method.
* *: remove type mappings
Removes any call to the previously removed TypeMapper, as those were
non-functional already.
* pkg/web: remove Context.Invoke
was no longer used outside of pkg/web and also no longer functional
* chore: replace artisnal FakeDashboardService with generated mock
Maintaining a handcrafted FakeDashboardService is not sustainable now that we are in the process of moving the dashboard-related functions out of sqlstore.
* sqlstore: finish removing Find and SearchDashboards
Find and SearchDashboards were previously copied into the dashboard service. This commit completes that work, removing Find and SearchDashboards from the sqlstore and updating callers to use the dashboard service.
* dashboards: remove SearchDashboards from Store interface
SearchDashboards is a wrapper around FindDashboard that transforms the results, so it's been moved out of the Store entirely and the functionality moved into the Dashboard Service's search implementation.
The database tests depended heavily on the transformation, so I added testSearchDashboards, a copy of search dashboards, instead of (heavily) refactoring all the tests.
* Add IsServiceAccount to query
* test for excluding service accounts in query
* align test
* test update
* added logging
* should fix tests
* moved test to bottom
* add back setup function
* Remove IsServiceAccount from query
Instead use false for is_service_account
and when the time comes to implement service accounts
for team. we deal with it
* missed teamtest
* formatting
* Support for documenting stable vs unstable alerting routes
* empty commit, restart drone
* Touch-up references in root makefile and drop trailing escape newline
* Rebase and regenerate
* Extend README with docs for this change
* chore: replace handmade FakeDashboardService with generated mock
Maintaining a handcrafted FakeDashboardService is not sustainable now that we are in the process of moving the dashboard-related functions out of sqlstore.
* remove dialect global variable
If an image token is present in an alert instance, the email notifier will attempt to find a public URL for the image token. If found, it will add that to the email as the `ImageLink` field. If only local file data is available, the notifier will attach the file to the outgoing email using the `EmbeddedImage` field.
* AccessControl: Add migration for seeding managed inherited permissions
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* AccessControl: move to single file
* AccessControl: Add tests for managed permission migration
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* AccessControl: Ensure no duplicate insertion
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Remove commented code
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Add code migration constant
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Ensure DB is clean between tests
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Update pkg/services/sqlstore/migrations/accesscontrol/managed_permission_migrator.go
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Adds an array of image_urls to the OpsGenie details field in a message, if image urls are available.
```json
{
"message": "Alert with Images!",
"details": {
"image_urls": ["http://www.example.com"]
}
}
```
If there are screenshot images with URLs, they will be attached to the
Microsoft teams notification in the first sections, as a slice of image
objects.
* Add prefixed API key gen.
* Retrieve API Key by hash
* Handle prefixed API keys for login
* Add placeholder key generator
* fix spelling
* add get by hash sqlstore test
* reformat query
* quote usage of reserved keyword key
* use constant
* improve error handling and pre-select key type
Co-authored-by: Victor Cinaglia <victor@grafana.com>
* nits
Co-authored-by: Victor Cinaglia <victor@grafana.com>
* Add database migrations
* Use short uids as data key ids
* Add support for manual data key rotation
* Fix duplicated mutex unlocks
* Fix migration
* Manage current data keys per name
* Adjust key re-encryption and test
* Modify rename column migration for MySQL compatibility
* Refactor secrets manager and data keys cache
* Multiple o11y adjustments
* Fix stats query
* Apply suggestions from code review
Co-authored-by: Tania <yalyna.ts@gmail.com>
* Fix linter
* Docs: Rotate data encryption keys API endpoint
Co-authored-by: Tania <yalyna.ts@gmail.com>
This change adds a field to state.State and models.AlertInstance
that indicate the "Reason" that an instance has its current state. This
helps us account for cases where the state is "Normal" but the
underlying evaluation returned "NoData" or "Error", for example.
Fixes#42606
Signed-off-by: Joe Blubaugh <joe.blubaugh@grafana.com>
This change extracts screenshot data from alert messages via a private annotation `__alertScreenshotToken__` and attaches a URL to a Slack message or uploads the data to an image upload endpoint if needed.
This change also implements a few foundational functions for use in other notifiers.
The State Manager will now take screenshots when an alert instance
switches to an Alerting or Resolved state.
Signed-off-by: Joe Blubaugh joe.blubaugh@grafana.com
This commit adds a pkg/services/screenshot package for taking and uploading screenshots of Grafana dashboards. It supports taking screenshots of both dashboards and individual panels within a dashboard, using the rendering service.
The screenshot package has the following services, most of which can be composed:
BrowserScreenshotService (Takes screenshots with headless Chrome)
CachableScreenshotService (Caches screenshots taken with another service such as BrowserScreenshotService)
NoopScreenshotService (A no-op screenshot service for tests)
SingleFlightScreenshotService (Prevents duplicate screenshots when taking screenshots of the same dashboard or panel in parallel)
ScreenshotUnavailableService (A screenshot service that returns ErrScreenshotsUnavailable)
UploadingScreenshotService (A screenshot service that uploads taken screenshots)
The screenshot package does not support wire dependency injection yet. ngalert constructs its own version of the service. See https://github.com/grafana/grafana/issues/49296
This PR also adds an ImageScreenshotService to ngAlert. This is used to take screenshots with a screenshotservice and then store their location reference for use by alert instances and notifiers.
* Add coremodelValidation feature flag
* coremodels: use stubs when feature flag is off
* api: validate dashboards on save
* Need pointer receiver for FeatureManager
* Update dashboard Go model
* Align doc comments
* Include CoremodelRegistry in test
* Wedge coremodel in on all test cases, ugh
* Ugh fix comment again
* Update pkg/framework/coremodel/staticregistry/provide.go
Co-authored-by: Artur Wierzbicki <wierzbicki.artur.94@gmail.com>
* Update Thema (and its deps) for better errs
* omg whitespace
Co-authored-by: Artur Wierzbicki <wierzbicki.artur.94@gmail.com>
Makes `pkg/web` only accept handles from the following set:
```go
handlerStd = func(http.ResponseWriter, *http.Request)
handlerStdCtx = func(http.ResponseWriter, *http.Request, *web.Context)
handlerStdReqCtx = func(http.ResponseWriter, *http.Request, *models.ReqContext)
handlerReqCtx = func(*models.ReqContext)
handlerReqCtxRes = func(*models.ReqContext) Response
handlerCtx = func(*web.Context)
```
This is a first step to reducing above set to only `http.Handler`.
---
Due to a cyclic import situation between `pkg/models` and `pkg/web`, parts of this PR were put into `pkg/api/response`, even though they definitely do not belong there. This however is _temporary_ until we untangle `models.ReqContext`.
* introduce a fallback handler that checks that role is Viewer.
* update UI nav links to allow alerting tabs for anonymous user
* update rule api to check for Viewer role instead of SignedIn when RBAC is disabled
* Login: Fix mismatching label on user auth_module
* Login: ensure previous auth was set to differing
* Login: ensure only one entry of auth is updated
* compare both entries
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* remove noop
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
