* WIP: working as expected, has to be tested
* Rename query param, small changes
* Remove unused code
* Address feedback
* Cleanup
* Use the feature toggle to control the behaviour
* Use the toggle on the FE too
* Prevent the extra redirect/reload
Co-authored-by: Josh Hunt <joshhunt@users.noreply.github.com>
* Return to login if user is not authenticated
* Add tracking issue
* Align BE redirect constructor to locationSvc
* Pass one
* Fix linter and add new betterer problem (sorry)
* fix swagger
* Add type to tests and update single correlations sql
* Fix provisioning test and other function that needs a type
* Add errors around query/external typing and add tests
* increment number of correlations tested as we added one for testing v1 type placement
* try merging back the swagger that is in main
* try again?
* Style form a little
* Update public/app/features/logs/components/logParser.ts
Co-authored-by: Matias Chomicki <matyax@gmail.com>
* fix bad commit, simplify logic
* Demonstrating type difficulties
* Fix distributed union changes
* Additional type changes
* Update types in form
* Fix swagger
* Add comment around the assertion and explicit typing
---------
Co-authored-by: Matias Chomicki <matyax@gmail.com>
Co-authored-by: Andrej Ocenas <mr.ocenas@gmail.com>
* Add authlib gRPC authenticators for in-proc mode
* implement `StaticRequester` signing in the unified resource client
- [x] when the `claims.AuthInfo` value type is `identity.StaticRequester`, and there's no ID token set, create an internal token and sign it with symmetrical key. This is a workaround for `go-jose` not offering the possibility to create an unsigned token.
- [x] update `IDClaimsWrapper` to support the scenario above
- [x] Switch to using `claims.From()` in `dashboardSqlAccess.SaveDashboard()`
---------
Co-authored-by: gamab <gabriel.mabille@grafana.com>
* Annotations: Optimize search on large number of dashboards
* refactor
* fix batch size
* Return early if no annotations found
* revert go.mod
* return nil in case of error
* Move default limit to the API package
* fix empty access control filter
* Set default limit to 100
* optimize query when number of annotations is less than limit
* Update pkg/services/annotations/annotationsimpl/annotations.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* remove limit from store since it's set in API
* set default limit in Find method (do not break tests)
* Only add limit to the query if it's set
* use limit trick for all searches without dashboard filter
* set default page if not provided
---------
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Unexport store and create new constructor function
* Add ResourceAuthorizer and LegacyAccessClient
* Configure checks for user store
* List with checks if AccessClient is configured
* Allow system user service account to read all users
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Managed Service Accounts: Use AutoAssignOrgID
* Fix the IsExternalServiceAccount function
* Reassign service account role
* Account for AutoAssignOrg
* Update pkg/services/serviceaccounts/models.go
* Simplify IsExternalServiceAccount function
* Add tests
* Easier to understand test
* Revert small change
* feat: supporting code for groupsync extension UI
* Add result of running i18n extraction
* Place the UI behind a feature toggle as well as the license feature
* Also add access checks to route loading of groupsync route with feature toggle
* Add access check on permissions to show External group sync in nav
* fix: New version of multiOrgRoleOptions hook
* Remove OSS route definition
* Apply feedback on nav title
* update RenameReceiverInNotificationSettings in DbStore to check for provisioning
* implement renaming in receiver service and provisioning
* do not patch route when stitching
* fix bug in stitching because it returned new name but the old one was expected
* update receiver service to always return result converted from storage model this makes sure that UID and version are consistent with GET\LIST operations
* use provided metadata.name for UID of domain model because rename changes UID and request fails
* remove rename guard
* update UI to not disable receiver name when k8s api enabled
* create should calculate uid from name because new receiver does not have UID yet.
* Include access control metadata in k8s receiver List & Get
* Add tests for receiver access
* Simplify receiver access provisioning extension
- prevents edge case infinite recursion
- removes read requirement from create
* Alerting: Fix dasboardUid typo in json provisioning api
The json tag for DashboardUID was incorrectly set to dasboardUid in the provisioning api. This change fixes the typo while keeping backwards compatibility for the typo.
* Add alerting-squad as CODEOWNER for services/provisioning/alerting
* introduce storage model for alert rule tables
* remove AlertRuleVersion from models because it's not used anywhere other than in storage
* update historian xorm store to use alerting store to fetch rules
* fix folder tests
---------
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
* Add group and type labels to rule_group_rules metric
* Don't include group to avoid high cardinality
* Add comments
* Reset rule_group_rules before recording new values
* Edit description for rule_group_rules
* Include ruleGroup combo key in labels
* Fix lint
Back-end:
* update alerting module
* update GetSecretKeysForContactPointType to extract secret fields from nested options
* Update RemoveSecretsForContactPoint to support complex settings
* update PostableGrafanaReceiverToEmbeddedContactPoint to support nested secrets
* update Integration to support nested settings in models.Integration
* make sigv4 fields optional
Front-end:
* add UI support for encrypted subform fields
* allow emptying nested secure fields
* Omit non touched secure fields in POST payload when saving a contact point
* Use SecretInput from grafana-ui instead of the new EncryptedInput
* use produce from immer
* rename mapClone
* rename sliceClone
* Don't use produce from immer as we need to delete the fileds afterwards
---------
Co-authored-by: Gilles De Mey <gilles.de.mey@gmail.com>
Co-authored-by: Sonia Aguilar <soniaaguilarpeiron@gmail.com>
Co-authored-by: Matt Jacobson <matthew.jacobson@grafana.com>
* Add split view and basic APIs to extensions
* Add comments
* Update public/app/AppWrapper.tsx
Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
* Moved the .grafana-app element and deduplicate some code
* Remove the provider variants of usePluginLinks/Components
* Change buildPluginSectionNav
* Update comment
* Use eventBus
* Remove non existent exports
* refactor: use a sidecar service to encapsulate the state
* Don't wrap single app in split wrapper
* Use hook splitter
* Remove inline styles
* Type the style props from useSplitter
* Move the overflow style changes to appWrapper
* Deduplicate some common top level providers
* Move modals
* Move routes wrappers to it's own file
* Use better css and add comments
* Remove query rows app extension point
* Fix test
---------
Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
* do it all
* feat(plugins): move loadingStrategy to ds pluginMeta and add to plugin settings endpoint
* support child plugins and update tests
* use relative path for nested plugins
* feat(plugins): support nested plugins in the plugin loader cache by extracting pluginId from path
* feat(grafana-data): add plugin loading strategy to plugin meta and export
* feat(plugins): pass down loadingStrategy to fe plugin loader
* refactor(plugins): make PluginLoadingStrategy an enum
* feat(plugins): add the loading strategy to the fe plugin loader cache
* feat(plugins): load fe plugin js assets as script tags based on be loadingStrategy
* add more tests
* feat(plugins): add loading strategy to plugin preloader
* feat(plugins): make loadingStrategy a maybe and provide fetch fallback
* test(alerting): update config.apps mocks to include loadingStrategy
* fix format
---------
Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
* Remove usage of traceqlStreaming feature toggle and stop checking for Tempo version
* Increase Grafana Live's ClientQueueMaxSize to 4mb to support larger responses from Tempo
* Access control: Use composite cache key for team permissions
* use composite key for teams
* use cache for hotpath (getCachedUserPermissions)
* don't cache empty teams set
* don't pass permissions as argument
* early return if no teams found
* reload cache correctly
* optimize allocations
* Clear user's teams cache
* remove composite cache for teams
* fix linter
* don't clear teams permissions
* pre-allocate memory for basic roles permissions
* Remove kubernetesPlaylists feature_toggle
* Remove unified_storage_mode
* Remove double import
* Read from config instead from feature_toggle
* cover scenario for when unified storage is not defined
* Be temporarily retro compatible with previous feature toggle
* Properly read unified_storage section
* [WIP] Read new format of config
* Fix test
* Fix other tests
* Generate feature flags file
* Use <group>.<resource> schema
* Use <group>.resource format on the FE as well
* Hide UniStore config from Frontend
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
* unwanted changes
* Use feature toggles in the FE. Enforce FTs are present before enabling dual writing
Co-authored-by: Ryan McKinley <ryantxu@users.noreply.github.com>
* use kubernetes playlists feature toggle on the FE
* Remove unwanted code
* Remove configs from the FE
* Remove commented code
* Add more explicit example
---------
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
Co-authored-by: Maicon Costa <maiconscosta@gmail.com>
* Stop redacting receivers by default in receiver_svc
[REDACTED] is only used in provisioning API since response doesn't include
SecureFields. This is not necessary in k8s or notifications api, instead we do
not include the encrypted settings in Settings at all, leaving it to
SecureFields to specify when a secure field exists.
* Capitalize logs messages
* Unified Storage: First iteration Dual Write Syncer
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
Co-authored-by: Leonor Oliveira <9090754+leonorfmartins@users.noreply.github.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
* model fixed roles for dashboards and folders
* Correctly translate fixed role assignments
* minor refactor
* assign fixed roles to teams
* fix linter errors
* Migrate general folder permissions for fixed roles
* fix dashboards:create permission
* Access control: Use composite cache key for team permissions
* use composite key for teams
* use cache for hotpath (getCachedUserPermissions)
* fix linter
* fix sorting
---------
Co-authored-by: Jeff Levin <jeff@levinology.com>
* add uid to template and populate it
* update delete method to support both uid and name
* update UpdateTemplate to support search by UID and fallback to name + support renaming of the template
* update upsert to exit if template not found and uid is specified
* update Get method to address by name or uid
---------
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
* Replace global authz abstraction with one compatible with uid scope
* Replace GettableApiReceiver with models.Receiver in receiver_svc
* GrafanaIntegrationConfig -> models.Integration
* Implement Create/Update methods
* Add optimistic concurrency to receiver API
* Add scope to ReceiversRead & ReceiversReadSecrets
migrates existing permissions to include implicit global scope
* Add receiver create, update, delete actions
* Check if receiver is used by rules before delete
* On receiver name change update in routes and notification settings
* Improve errors
* Linting
* Include read permissions are requirements for create/update/delete
* Alias ngalert/models to ngmodels to differentiate from v0alpha1 model
* Ensure integration UIDs are valid, unique, and generated if empty
* Validate integration settings on create/update
* Leverage UidToName to GetReceiver instead of GetReceivers
* Remove some unnecessary uses of simplejson
* alerting.notifications.receiver -> alerting.notifications.receivers
* validator -> provenanceValidator
* Only validate the modified receiver
stops existing invalid receivers from preventing modification of a valid
receiver.
* Improve error in Integration.Encrypt
* Remove scope from alert.notifications.receivers:create
* Add todos for receiver renaming
* Use receiverAC precondition checks in k8s api
* Linting
* Optional optimistic concurrency for delete
* make update-workspace
* More specific auth checks in k8s authorize.go
* Add debug log when delete optimistic concurrency is skipped
* Improve error message on authorizer.DecisionDeny
* Keep error for non-forbidden errutil errors
* WIP
* Validate new field, and add value in provisioning if not defined in correct spot
* Simplify logic, use correct value
* fix tests
* Fix linter errors
* fix swagger and tests
* 😬
* Auto-generation isnt doing this..
* Fix linter
* test if nullable is the issue…
* Change structure on the frontend fields
* Try with backtick
* try programatic quoting
* Try only quote non-ints
* quoting, no backticks
* Remove debugging
* feat(nameHeaders): add feature flag
* add safe parsing of headers
* use headers in loki datasource
* Loki: add option to pass headers to Loki
* Loki: add datasource tests for dashboard names
* cleanup
* DataSourceWithBackend: add test
* rename to `sanitizeHeader`
* Loki: add condition when to add headers
* Loki: add e2e tests
* Loki: change test name
* feat: Add new read filtering to datasources guardian
* Apply suggestion to use datasources read guardian check for frontend settings
---------
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
* chore: add tracing to quote API and service methods with contexts
I also fixed a typo (overriden -> overridden) and removed a method that looked like it wasn't useful anymore. (It seemed to exist to return an error, but never returned an error, and so just added many lines of unnecessary error checking).
* chore: Bump Go to 1.23.0
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
* update swagger files
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
* chore: update .bingo/README.md formatting to satisfy prettier
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
* chore(lint): Fix new lint errors found by golangci-lint 1.60.1 and Go 1.23
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
* keep golden file
* update openapi
* add name to expected output
* chore(lint): rearrange imports to a sensible order
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
---------
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* chore: add spans to publicdashboards service methods
* add tracing to test service
* test fixture whackamole
* move tracer to a package var
* Update pkg/services/publicdashboards/service/service.go
Co-authored-by: Dave Henderson <dave.henderson@grafana.com>
---------
Co-authored-by: Dave Henderson <dave.henderson@grafana.com>
* update oauthtoken service to use remote cache and server lock
* remove token cache
* retry is lock is held by an in-flight refresh
* refactor token renewal to avoid race condition
* re-add refresh token expiry cache, but in SyncOauthTokenHook
* Add delta to the cache ttl
* Fix merge
* Change lockTimeConfig
* Always set the token from within the server lock
* Improvements
* early return when user is not authed by OAuth or refresh is disabled
* Allow more time for token refresh, tracing
* Retry on Mysql Deadlock error 1213
* Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* Add settings for configuring min wait time between retries
* Add docs for the new setting
* Clean up
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
---------
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* add RenameTimeIntervalInNotificationSettings to storage
* update dependencies when the time interval is renamed
---------
Co-authored-by: William Wernert <william.wernert@grafana.com>
* Alerting: Fix duplicated silences in remote primary mode bug
* test that a new silence id returned by calling CreateSilence() on the internal Alertmanager is ignored
* Cloud migrations: GetSnapshotList only returns snapshots that belong to a session that exists
* Cloud migrations: test GetSnapshotList
* add one more test case for GetSnapshotList
* fix test
* store encryption key for testing
* Alerting: Add rule_group label to grafana_alerting_rule_group_rules metric (#62361)
* Alerting: Delete rule group metrics when the rule group is deleted
This commit addresses the issue where the GroupRules metric (a GaugeVec)
keeps its value and is not deleted when an alert rule is removed from the rule registry.
Previously, when an alert rule with orgID=1 was active, the metric was:
grafana_alerting_rule_group_rules{org="1",state="active"} 1
However, after deleting this rule, subsequent calls to updateRulesMetrics
did not update the gauge value, causing the metric to incorrectly remain at 1.
The fix ensures that when updateRulesMetrics is called it
also deletes the group rule metrics with the corresponding label values if needed.
* PluginDetailsRight panel is added. All the details were moved from the top to the right panel
* Add feature toggle pluginsDetailsRightPanel,Fix build, fix review comments
* Fix the typo
Co-authored-by: Giuseppe Guerra <giuseppe.guerra@grafana.com>
* hasAccessToExplore
* changes after review, add translations
* fix betterer
* fix betterer
* fix css error
* fix betterer
* fix translation labels, fix position of the right panel
* fix the build
* add condition to show updatedAt for plugin details
* add test to check 2 new fields at plugin details right panel;
* change the gap and remove report abuse button from core plugins
* add more tests
---------
Co-authored-by: Giuseppe Guerra <giuseppe.guerra@grafana.com>
* Refactor identity struct to store type in separate field
* Update ResolveIdentity to take string representation of typedID
* Add IsIdentityType to requester interface
* Use IsIdentityType from interface
* Remove usage of TypedID
* Remote typedID struct
* fix GetInternalID
* Remove kubernetesPlaylists feature_toggle
* Remove unified_storage_mode
* Remove double import
* Regenerate feature-toggles
* Read from config instead from feature_toggle
* cover scenario for when unified storage is not defined
* Handle namespace and group query string params in Ruler API
* Use the new namespace and group query params when slashes in names
* Add validation, add group handling in GMA Api
* Move constants
* Use checkForPathSeparator function
* Fix linter issue
* support optimistic concurrency in template service
* update request handler to get version from query parameter
* return not found if a new template is set with version
* update PUT api to set version
* update documentation + for mute timings
---------
Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com>
