* Implement initial check with schema for generic resources
* Implement List and add tests
* Add namespace type and change to folder_resource name
* Handle namespace grants for typed resources
* Run tests as integration tests
* Add support for verb in list requests
* FIX: Remove the checks for lbac rules inside of datasources
* Remove json validation for lbac rules
* Preserve lbac rules in updates
* Refactored test to remove the table structure
* refactor: change to allow naming and concise override instead of complex branching
* refactor to make sure we set an empty field for updates
* bugfix
* check for datasources.JsonData
* fix merge
* add datasource to check for field presence only
* add function call for readability
* Introduce new models RoutingTree, RouteDefaults and Route and api-server to serve them that is backed by provisioning notification policy service.
* update method UpdatePolicyTree of notification policy service to return route and new version
* declare new actions alert.notifications.routes:read and alert.notifications.routes:write and two corresponding fixed roles.
---------
Co-authored-by: Tom Ratcliffe <tom.ratcliffe@grafana.com>
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
* extracted in-proc mode to #93124
* allow insecure conns in dev mode + refactoring
* removed ModeCloud, relying on ModeGrpc and stackID instead to discover if we're running in Cloud
* remove the NamespaceAuthorizer would fail in legacy mode. It will be added back in the future.
* use FlagAppPlatformGrpcClientAuth to enable new behavior, instead of legacy
* extracted authz package changes in #95120
* extracted server side changes in #95086
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: gamab <gabriel.mabille@grafana.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
* fix: Change users permissions search to use a consistent key without collisions
* Move HashString to cacheutils
* Change error handling logic for what to do with a cache key
* Add a test that confirms search cache key consistency
* ds-querier: return QDR instead of k8s error
After parseQuery we know the request is a valid k8s request but we don't
know if the query is valid, therefore this change returns a QDR that
other systems, e.g. alerting ruler, can de-serialize properly.
Co-authored-by: Gábor Farkas <gabor.farkas@gmail.com>
* ds-querier: fix tests
Co-authored-by: Sarah Zinger <sarah.zinger@grafana.com>
* tweak status
* refactor refID to empty
---------
Co-authored-by: Gábor Farkas <gabor.farkas@gmail.com>
Co-authored-by: Sarah Zinger <sarah.zinger@grafana.com>
* no orgname
* format code
* update unit test
* delete contextSrv
* fix unit test
* run prettier
---------
Co-authored-by: Laura Benz <laura.benz@grafana.com>
* add admin permissions upon creation of a folder w. SA
* Update pkg/services/folder/folderimpl/folder.go
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Grant service account permissions for creation of dashboards
* Grant service account admin permissions upon creating a datasource
* fetch user using the userservice with the userid
* Revert "fetch user using the userservice with the userid"
This reverts commit 23cba78752.
* revert back to original datasource creation
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* All objects should have an UID
* Now with a different error message
* Simplify create on DW 2: use the same object to write to both storages
* Run only one test
* Add check for status code
* Add name if it's not present in mode2
* Populate UID in legacy
* Remove logs and commented code
* Change dualwriter1
* Remove commented code
* Fix list test
* remove get on update from dualwriter 2
* Get object before updating. Better var renaming
* Finish rebasing
* Comment test
* Uncomment tests
* Update legacy first. Add preconditions
* Remove preconditions
* Fix update test
* copy RV from unified to legacy objects
* revert changes to playlist xorm store
* Improve logging. Add go routines for mode3
* Add tests for async funcs in mode3
* Lint
* Lint
* Lint. Start to fix tests
* Fix watcher tests
* Fix store tests
* Fiinish fixing watcher tests
* Fix server tests
* add name check
* Update pkg/apiserver/rest/dualwriter_mode1.go
Co-authored-by: Bruno Abrantes <bruno.abrantes@grafana.com>
* All objects should have an UID
* Now with a different error message
* Simplify create on DW 2: use the same object to write to both storages
* Run only one test
* Add check for status code
* Add name if it's not present in mode2
* Populate UID in legacy
* Remove logs and commented code
* Change dualwriter1
* Remove commented code
* Fix list test
* remove get on update from dualwriter 2
* Get object before updating. Better var renaming
* Finish rebasing
* Comment test
* Uncomment tests
* Fix update test
* revert changes to playlist xorm store
* Improve logging. Add go routines for mode3
* Lint
* Fix watcher tests
* Fiinish fixing watcher tests
* Add mode 5 with etcd test case. Add early check to fail on populated RV in payload
* we can't set RV to the found object when updating
* Lint
* Don't fail on update playlists
* Name should not be different when updating and it should be not empty on creating
* Fix tests
* Update pkg/apiserver/rest/dualwriter_mode2.go
Co-authored-by: Todd Treece <360020+toddtreece@users.noreply.github.com>
* Lint
* Fix mode 5 tests
* Lint
* Add generateName condition on every mode. Fix tests
* Lint
* Add condition on where name or generate name have to be set
* Fix test
* Lint
* Fix folders test
* We dont need to send name for mode1
* Fail if UID is not present
* Remove change from not running test
* Remove unused line
* Lint
* Update pkg/storage/unified/apistore/store.go
Co-authored-by: Todd Treece <360020+toddtreece@users.noreply.github.com>
* Improve error message
* Fix broken watcher test
* Fail on name mismatch on update
* Remove log
* Make sure UIDs match on create in both stores
* Lint
* Write first to unified storage
* Remove uid setting
* Remove RV only in mode2
* Fix test. Remove log line
* test
* No need to asser on RV in mode3
* Remove RV check due to race condition
* Update dualwriter.go
Co-authored-by: Georges Chaudy <chaudyg@gmail.com>
* Update pkg/storage/unified/client.go
* remove unused parameter
* log an error for object is missing UID instead of returning an error
* remove obj.SetResourceVersion("")
* log an error for object is missing UID instead of returning an error
* FInalise merge
* Move RV check to where it was
* Remove name check
* Remove server check for backwards compatibility
* Remove unused fn
* Move test checks for another PR
* Dont commit go work sum changes
* Only log error if RV is present for now.
---------
Co-authored-by: Todd Treece <todd.treece@grafana.com>
Co-authored-by: Bruno Abrantes <bruno.abrantes@grafana.com>
Co-authored-by: Todd Treece <360020+toddtreece@users.noreply.github.com>
Co-authored-by: Georges Chaudy <chaudyg@gmail.com>
Previously all receiver modifications were denied with alertingApiServer
enabled. This allows pure creates and deletes through as these specific
cases can be handled simply and without risk of rbac shenanigans.
* Fix: Fix panic when json data are nil
* Use Interface()
* Feedback
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
* Need to check inside the if statement
---------
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
* Implement uidToResourceID
* add middleware
* Move uidToResourceID to alerting package
* Only hash uid if it's too long
* Use hashed uid in access control
* Move ReceiverUidToResourceId to ScopeProvider
* resolve uid in middleware only if param exists
* Tests
* Linting
---------
Co-authored-by: Yuri Tseretyan <yuriy.tseretyan@grafana.com>
