* introduce storage model for alert rule tables
* remove AlertRuleVersion from models because it's not used anywhere other than in storage
* update historian xorm store to use alerting store to fetch rules
* fix folder tests
---------
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
* Add group and type labels to rule_group_rules metric
* Don't include group to avoid high cardinality
* Add comments
* Reset rule_group_rules before recording new values
* Edit description for rule_group_rules
* Include ruleGroup combo key in labels
* Fix lint
Back-end:
* update alerting module
* update GetSecretKeysForContactPointType to extract secret fields from nested options
* Update RemoveSecretsForContactPoint to support complex settings
* update PostableGrafanaReceiverToEmbeddedContactPoint to support nested secrets
* update Integration to support nested settings in models.Integration
* make sigv4 fields optional
Front-end:
* add UI support for encrypted subform fields
* allow emptying nested secure fields
* Omit non touched secure fields in POST payload when saving a contact point
* Use SecretInput from grafana-ui instead of the new EncryptedInput
* use produce from immer
* rename mapClone
* rename sliceClone
* Don't use produce from immer as we need to delete the fileds afterwards
---------
Co-authored-by: Gilles De Mey <gilles.de.mey@gmail.com>
Co-authored-by: Sonia Aguilar <soniaaguilarpeiron@gmail.com>
Co-authored-by: Matt Jacobson <matthew.jacobson@grafana.com>
* Add split view and basic APIs to extensions
* Add comments
* Update public/app/AppWrapper.tsx
Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
* Moved the .grafana-app element and deduplicate some code
* Remove the provider variants of usePluginLinks/Components
* Change buildPluginSectionNav
* Update comment
* Use eventBus
* Remove non existent exports
* refactor: use a sidecar service to encapsulate the state
* Don't wrap single app in split wrapper
* Use hook splitter
* Remove inline styles
* Type the style props from useSplitter
* Move the overflow style changes to appWrapper
* Deduplicate some common top level providers
* Move modals
* Move routes wrappers to it's own file
* Use better css and add comments
* Remove query rows app extension point
* Fix test
---------
Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
* do it all
* feat(plugins): move loadingStrategy to ds pluginMeta and add to plugin settings endpoint
* support child plugins and update tests
* use relative path for nested plugins
* feat(plugins): support nested plugins in the plugin loader cache by extracting pluginId from path
* feat(grafana-data): add plugin loading strategy to plugin meta and export
* feat(plugins): pass down loadingStrategy to fe plugin loader
* refactor(plugins): make PluginLoadingStrategy an enum
* feat(plugins): add the loading strategy to the fe plugin loader cache
* feat(plugins): load fe plugin js assets as script tags based on be loadingStrategy
* add more tests
* feat(plugins): add loading strategy to plugin preloader
* feat(plugins): make loadingStrategy a maybe and provide fetch fallback
* test(alerting): update config.apps mocks to include loadingStrategy
* fix format
---------
Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
* Remove usage of traceqlStreaming feature toggle and stop checking for Tempo version
* Increase Grafana Live's ClientQueueMaxSize to 4mb to support larger responses from Tempo
* Access control: Use composite cache key for team permissions
* use composite key for teams
* use cache for hotpath (getCachedUserPermissions)
* don't cache empty teams set
* don't pass permissions as argument
* early return if no teams found
* reload cache correctly
* optimize allocations
* Clear user's teams cache
* remove composite cache for teams
* fix linter
* don't clear teams permissions
* pre-allocate memory for basic roles permissions
* Remove kubernetesPlaylists feature_toggle
* Remove unified_storage_mode
* Remove double import
* Read from config instead from feature_toggle
* cover scenario for when unified storage is not defined
* Be temporarily retro compatible with previous feature toggle
* Properly read unified_storage section
* [WIP] Read new format of config
* Fix test
* Fix other tests
* Generate feature flags file
* Use <group>.<resource> schema
* Use <group>.resource format on the FE as well
* Hide UniStore config from Frontend
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
* unwanted changes
* Use feature toggles in the FE. Enforce FTs are present before enabling dual writing
Co-authored-by: Ryan McKinley <ryantxu@users.noreply.github.com>
* use kubernetes playlists feature toggle on the FE
* Remove unwanted code
* Remove configs from the FE
* Remove commented code
* Add more explicit example
---------
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
Co-authored-by: Maicon Costa <maiconscosta@gmail.com>
* Stop redacting receivers by default in receiver_svc
[REDACTED] is only used in provisioning API since response doesn't include
SecureFields. This is not necessary in k8s or notifications api, instead we do
not include the encrypted settings in Settings at all, leaving it to
SecureFields to specify when a secure field exists.
* Capitalize logs messages
* Unified Storage: First iteration Dual Write Syncer
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
Co-authored-by: Leonor Oliveira <9090754+leonorfmartins@users.noreply.github.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
* model fixed roles for dashboards and folders
* Correctly translate fixed role assignments
* minor refactor
* assign fixed roles to teams
* fix linter errors
* Migrate general folder permissions for fixed roles
* fix dashboards:create permission
* Access control: Use composite cache key for team permissions
* use composite key for teams
* use cache for hotpath (getCachedUserPermissions)
* fix linter
* fix sorting
---------
Co-authored-by: Jeff Levin <jeff@levinology.com>
* add uid to template and populate it
* update delete method to support both uid and name
* update UpdateTemplate to support search by UID and fallback to name + support renaming of the template
* update upsert to exit if template not found and uid is specified
* update Get method to address by name or uid
---------
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
* Replace global authz abstraction with one compatible with uid scope
* Replace GettableApiReceiver with models.Receiver in receiver_svc
* GrafanaIntegrationConfig -> models.Integration
* Implement Create/Update methods
* Add optimistic concurrency to receiver API
* Add scope to ReceiversRead & ReceiversReadSecrets
migrates existing permissions to include implicit global scope
* Add receiver create, update, delete actions
* Check if receiver is used by rules before delete
* On receiver name change update in routes and notification settings
* Improve errors
* Linting
* Include read permissions are requirements for create/update/delete
* Alias ngalert/models to ngmodels to differentiate from v0alpha1 model
* Ensure integration UIDs are valid, unique, and generated if empty
* Validate integration settings on create/update
* Leverage UidToName to GetReceiver instead of GetReceivers
* Remove some unnecessary uses of simplejson
* alerting.notifications.receiver -> alerting.notifications.receivers
* validator -> provenanceValidator
* Only validate the modified receiver
stops existing invalid receivers from preventing modification of a valid
receiver.
* Improve error in Integration.Encrypt
* Remove scope from alert.notifications.receivers:create
* Add todos for receiver renaming
* Use receiverAC precondition checks in k8s api
* Linting
* Optional optimistic concurrency for delete
* make update-workspace
* More specific auth checks in k8s authorize.go
* Add debug log when delete optimistic concurrency is skipped
* Improve error message on authorizer.DecisionDeny
* Keep error for non-forbidden errutil errors
* WIP
* Validate new field, and add value in provisioning if not defined in correct spot
* Simplify logic, use correct value
* fix tests
* Fix linter errors
* fix swagger and tests
* 😬
* Auto-generation isnt doing this..
* Fix linter
* test if nullable is the issue…
* Change structure on the frontend fields
* Try with backtick
* try programatic quoting
* Try only quote non-ints
* quoting, no backticks
* Remove debugging
* feat(nameHeaders): add feature flag
* add safe parsing of headers
* use headers in loki datasource
* Loki: add option to pass headers to Loki
* Loki: add datasource tests for dashboard names
* cleanup
* DataSourceWithBackend: add test
* rename to `sanitizeHeader`
* Loki: add condition when to add headers
* Loki: add e2e tests
* Loki: change test name
* feat: Add new read filtering to datasources guardian
* Apply suggestion to use datasources read guardian check for frontend settings
---------
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
* chore: add tracing to quote API and service methods with contexts
I also fixed a typo (overriden -> overridden) and removed a method that looked like it wasn't useful anymore. (It seemed to exist to return an error, but never returned an error, and so just added many lines of unnecessary error checking).
* chore: Bump Go to 1.23.0
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
* update swagger files
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
* chore: update .bingo/README.md formatting to satisfy prettier
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
* chore(lint): Fix new lint errors found by golangci-lint 1.60.1 and Go 1.23
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
* keep golden file
* update openapi
* add name to expected output
* chore(lint): rearrange imports to a sensible order
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
---------
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* chore: add spans to publicdashboards service methods
* add tracing to test service
* test fixture whackamole
* move tracer to a package var
* Update pkg/services/publicdashboards/service/service.go
Co-authored-by: Dave Henderson <dave.henderson@grafana.com>
---------
Co-authored-by: Dave Henderson <dave.henderson@grafana.com>
* update oauthtoken service to use remote cache and server lock
* remove token cache
* retry is lock is held by an in-flight refresh
* refactor token renewal to avoid race condition
* re-add refresh token expiry cache, but in SyncOauthTokenHook
* Add delta to the cache ttl
* Fix merge
* Change lockTimeConfig
* Always set the token from within the server lock
* Improvements
* early return when user is not authed by OAuth or refresh is disabled
* Allow more time for token refresh, tracing
* Retry on Mysql Deadlock error 1213
* Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* Add settings for configuring min wait time between retries
* Add docs for the new setting
* Clean up
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
---------
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* add RenameTimeIntervalInNotificationSettings to storage
* update dependencies when the time interval is renamed
---------
Co-authored-by: William Wernert <william.wernert@grafana.com>
* Alerting: Fix duplicated silences in remote primary mode bug
* test that a new silence id returned by calling CreateSilence() on the internal Alertmanager is ignored
* Cloud migrations: GetSnapshotList only returns snapshots that belong to a session that exists
* Cloud migrations: test GetSnapshotList
* add one more test case for GetSnapshotList
* fix test
* store encryption key for testing
* Alerting: Add rule_group label to grafana_alerting_rule_group_rules metric (#62361)
* Alerting: Delete rule group metrics when the rule group is deleted
This commit addresses the issue where the GroupRules metric (a GaugeVec)
keeps its value and is not deleted when an alert rule is removed from the rule registry.
Previously, when an alert rule with orgID=1 was active, the metric was:
grafana_alerting_rule_group_rules{org="1",state="active"} 1
However, after deleting this rule, subsequent calls to updateRulesMetrics
did not update the gauge value, causing the metric to incorrectly remain at 1.
The fix ensures that when updateRulesMetrics is called it
also deletes the group rule metrics with the corresponding label values if needed.
* PluginDetailsRight panel is added. All the details were moved from the top to the right panel
* Add feature toggle pluginsDetailsRightPanel,Fix build, fix review comments
* Fix the typo
Co-authored-by: Giuseppe Guerra <giuseppe.guerra@grafana.com>
* hasAccessToExplore
* changes after review, add translations
* fix betterer
* fix betterer
* fix css error
* fix betterer
* fix translation labels, fix position of the right panel
* fix the build
* add condition to show updatedAt for plugin details
* add test to check 2 new fields at plugin details right panel;
* change the gap and remove report abuse button from core plugins
* add more tests
---------
Co-authored-by: Giuseppe Guerra <giuseppe.guerra@grafana.com>
* Refactor identity struct to store type in separate field
* Update ResolveIdentity to take string representation of typedID
* Add IsIdentityType to requester interface
* Use IsIdentityType from interface
* Remove usage of TypedID
* Remote typedID struct
* fix GetInternalID
* Remove kubernetesPlaylists feature_toggle
* Remove unified_storage_mode
* Remove double import
* Regenerate feature-toggles
* Read from config instead from feature_toggle
* cover scenario for when unified storage is not defined
* Handle namespace and group query string params in Ruler API
* Use the new namespace and group query params when slashes in names
* Add validation, add group handling in GMA Api
* Move constants
* Use checkForPathSeparator function
* Fix linter issue
* support optimistic concurrency in template service
* update request handler to get version from query parameter
* return not found if a new template is set with version
* update PUT api to set version
* update documentation + for mute timings
---------
Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com>
* Feature (quota service): Use ReplDB for quota service Gets
This adds the replDB to the quota service, as well as some more test helper functions to simplify updating tests. My intent is that the helper functions can be removed when this is fully rolled out (or not) and we're consistently using the ReplDB interface (or not!)
* test updates
* Add migration to enable TraceQL streaming for Tempo datasources
* lint
* Always run migration but exit early if feature flag is disabled
* Require feature toggle OR datasource config to enable streaming
* minor performance improvement
* apply a warning to any non-core plugins that successfully migrate
* commit frontend wip while I refactor some stuff
* update api
* repurpose error dialog to be a generic details dialog
* whitespace
* add unit test
* fixes from testing
* fix migration summary
* add comment
* fix localization stuff
* fix backend test
* reduce number of queries to the db
* some PR feedback
* whitespace
This PR adds instrumentation for loading frontend SPA along with select methods in the dashboard service, and cleans up span handling in sqlstore.
---------
Co-authored-by: Dave Henderson <dave.henderson@grafana.com>
* Check for RBAC permissions when hitting query history endpoints; extract checking logic into a middleware
* Fix lint errors
* Fix test
* Use permissions for patch path; rename callback handler
* refactor replCfg to look more like plugins/plugin config
* validateReplicaConfigs must handle inconsistencies in type names due to the WithHooks suffix
* refactor `selectorString` and remove Selector struct
* move code from selector string to BuildLogQuery
* batch requests by folder UID
* update historian annotation store to handle multiple queries
* sort folder uids to make consistent queries
* add logs to loki http
* log batch size but not content. content is logged by the client
* send dashboard commands instead of dashboards
* move status updates before goroutine to ensure frontend polls
* fix syncing issues between snapshot state and resources
* make sessionUid a requirement for modifying snapshots
* move the function I meant to move earlier
* remove accidental commit
* another accidental commit
* verify UpdateSnapshot is called with sessionUid
* revert
* pass in session uid everywhere
* forgot to save
* fix unit test
* fix typo
* tiny tweak
* RBAC sync: Fix removal of roles which need to be added
* Optimize code
* cleanup: appease the linter
---------
Co-authored-by: Victor Cinaglia <victor@grafana.com>
* handle metadata map nil
* remove double context
* clean up logging in scheduler
* do not reuse loggers from previous ticks
* log the dropped tick
* log tick instead of ticknum
* replace with processing tick logs
* log sending notifications
* update logging in persister to fetch context
* logs to historian
moved them upstream to be able to log when store is overridden
* E2C: Add stat rollup to MigrationSummary
* fix report event url
* open form in new page
* sort folders by heirarchy
* undo accidental commit
* remove another commit
* make folder sorting dynamic
---------
Co-authored-by: joshhunt <josh@trtr.co>
* rename to getMuteTimingByName
* add UID to api model of MuteTiming
* update GetMuteTiming to search by UID
* update UpdateMuteTiming to support search by UID
* update DeleteMuteTiming to support uid
* make sure UID is populated
* update usages
* use base64 url-safe, no padding encoding for UID
* make the resource store the default unified storage backend
* add integration tests
* fix test non passing
* Update pkg/storage/unified/sql/test/integration_test.go
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* lint
* fix tests
* fix no rows
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* store encryption key in unified secrets table
* fix local dev mode
* make metadata more realistic
* fix tests
* fix sql queries against postgres
* fix stats endpoint
* Cfg: Move rbac settings to own struct
* Cfg: Add setting to control if resource should generate managed permissions when created
* Dashboards: Check if we should generate default permissions when dashboard is created
* Folders: Check if we should generate default permissions when folder is created
* Datasource: Check if we should generate default permissions when datasource is created
* ServiceAccount: Check if we should generate default permissions when service account is created
* Cfg: Add option to specify resources for wich we should default seed
* ManagedPermissions: Move providers to their own files
* Dashboards: Default seed all possible managed permissions if configured
* Folders: Default seed all possible managed permissions if configured
* Cfg: Remove service account from list
* RBAC: Move utility function
* remove managed permission settings from the config file examples, change the setting names
* remove ini file changes from the PR
* fix setting reading
* fix linting errors
* fix tests
* fix wildcard role seeding
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: jguer <me@jguer.space>
* Itroduce watcher and mode4
* Logging
* Mode4 should be initialized from the dual writer for observability
* Comment watch while it's not implemented
* Lint
* Use mode log when dual writer is initiated
* Use error from logger
* check that a user doesn't have higher plugin access on the destination folder than they have on the source folder when moving folders
* Update pkg/services/folder/folderimpl/folder_test.go
---------
Co-authored-by: Jo <joao.guerreiro@grafana.com>
* cleanup dependencies and improve list method
* Improve Resource Server API, remove unnecessary dependencies
* Reduce the API footprint of ResourceDBInterface and its implementation
* Improve LifecycleHooks to use context
* Improve testing
* reduce API size and improve code
* sqltemplate: add DialectForDriver func and improve naming
* improve lifecycle API
* many small fixes after adding more tests
* Navigation: Show list of pinned ites on the navigation
* Rename section to 'Bookmarks'
* Internationalization
* Rename everything to bookmarks
* Update public/app/core/reducers/navBarTree.ts
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Ignore empty message as well
* Dont update navigation if there is an error patching
---------
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* add gms client function
* add timeout config for endpoint
* report events to gms
* fix lint error
* clean up report calls and make sure reports all have local ids
* extra validation
* improve error logging and fix url
* Add permissions check for viewer without viewers_can_edit
* Add test
* fix lint
* Add role checks on other handlers
* Linter and fix Go issue
* Fix conflict
* Remove invalid way of testing for error
* initial commit
* Action sets stored
remove the dependancy for actionsets
got the actionsets registered
storing the permissions
* fix golanglinting
* remove unused struct field
* wip
* actionset registry for a plugin from the actionsetservice
* update to make declareactionset the primary way of plugin registration and modification
* declare actually extends actionsets
* tests fixed
* tests skipped
* skip tests
* skip tests
* skip tests
* skip tests
* change to warning instead
* remove step from pipeline to see if it fails due to plugin not registering
* reintroduce step but remove features dependancy
* add back the tests that were failing
* remove comments and another skip test
* fix a comment and remove unneeded changes
* fix and clean up, put the behaviour behind a feature toggle
* clean up
* fixing tests
* hard-code allowed action sets for plugins
* Apply suggestions from code review
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* small cleanup
---------
Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* change the rule-group to be hashed when exporting to HCL
Signed-off-by: Aviv Guiser <avivguiser@gmail.com>
---------
Signed-off-by: Aviv Guiser <avivguiser@gmail.com>
* Add success case and tests for writer using metrics
* Use testable version of clock
* Assert a specific series was written
* Fix linter
* Fix manually constructed writer
