* Implement initial check with schema for generic resources
* Implement List and add tests
* Add namespace type and change to folder_resource name
* Handle namespace grants for typed resources
* Run tests as integration tests
* Add support for verb in list requests
* FIX: Remove the checks for lbac rules inside of datasources
* Remove json validation for lbac rules
* Preserve lbac rules in updates
* Refactored test to remove the table structure
* refactor: change to allow naming and concise override instead of complex branching
* refactor to make sure we set an empty field for updates
* bugfix
* check for datasources.JsonData
* fix merge
* add datasource to check for field presence only
* add function call for readability
* Introduce new models RoutingTree, RouteDefaults and Route and api-server to serve them that is backed by provisioning notification policy service.
* update method UpdatePolicyTree of notification policy service to return route and new version
* declare new actions alert.notifications.routes:read and alert.notifications.routes:write and two corresponding fixed roles.
---------
Co-authored-by: Tom Ratcliffe <tom.ratcliffe@grafana.com>
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
* UniStore: add FoldersCreate Endpoint test
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
---------
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
* extracted in-proc mode to #93124
* allow insecure conns in dev mode + refactoring
* removed ModeCloud, relying on ModeGrpc and stackID instead to discover if we're running in Cloud
* remove the NamespaceAuthorizer would fail in legacy mode. It will be added back in the future.
* use FlagAppPlatformGrpcClientAuth to enable new behavior, instead of legacy
* extracted authz package changes in #95120
* extracted server side changes in #95086
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: gamab <gabriel.mabille@grafana.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
* fix: Change users permissions search to use a consistent key without collisions
* Move HashString to cacheutils
* Change error handling logic for what to do with a cache key
* Add a test that confirms search cache key consistency
* ds-querier: return QDR instead of k8s error
After parseQuery we know the request is a valid k8s request but we don't
know if the query is valid, therefore this change returns a QDR that
other systems, e.g. alerting ruler, can de-serialize properly.
Co-authored-by: Gábor Farkas <gabor.farkas@gmail.com>
* ds-querier: fix tests
Co-authored-by: Sarah Zinger <sarah.zinger@grafana.com>
* tweak status
* refactor refID to empty
---------
Co-authored-by: Gábor Farkas <gabor.farkas@gmail.com>
Co-authored-by: Sarah Zinger <sarah.zinger@grafana.com>
* no orgname
* format code
* update unit test
* delete contextSrv
* fix unit test
* run prettier
---------
Co-authored-by: Laura Benz <laura.benz@grafana.com>
* add admin permissions upon creation of a folder w. SA
* Update pkg/services/folder/folderimpl/folder.go
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Grant service account permissions for creation of dashboards
* Grant service account admin permissions upon creating a datasource
* fetch user using the userservice with the userid
* Revert "fetch user using the userservice with the userid"
This reverts commit 23cba78752.
* revert back to original datasource creation
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* All objects should have an UID
* Now with a different error message
* Simplify create on DW 2: use the same object to write to both storages
* Run only one test
* Add check for status code
* Add name if it's not present in mode2
* Populate UID in legacy
* Remove logs and commented code
* Change dualwriter1
* Remove commented code
* Fix list test
* remove get on update from dualwriter 2
* Get object before updating. Better var renaming
* Finish rebasing
* Comment test
* Uncomment tests
* Update legacy first. Add preconditions
* Remove preconditions
* Fix update test
* copy RV from unified to legacy objects
* revert changes to playlist xorm store
* Improve logging. Add go routines for mode3
* Add tests for async funcs in mode3
* Lint
* Lint
* Lint. Start to fix tests
* Fix watcher tests
* Fix store tests
* Fiinish fixing watcher tests
* Fix server tests
* add name check
* Update pkg/apiserver/rest/dualwriter_mode1.go
Co-authored-by: Bruno Abrantes <bruno.abrantes@grafana.com>
* All objects should have an UID
* Now with a different error message
* Simplify create on DW 2: use the same object to write to both storages
* Run only one test
* Add check for status code
* Add name if it's not present in mode2
* Populate UID in legacy
* Remove logs and commented code
* Change dualwriter1
* Remove commented code
* Fix list test
* remove get on update from dualwriter 2
* Get object before updating. Better var renaming
* Finish rebasing
* Comment test
* Uncomment tests
* Fix update test
* revert changes to playlist xorm store
* Improve logging. Add go routines for mode3
* Lint
* Fix watcher tests
* Fiinish fixing watcher tests
* Add mode 5 with etcd test case. Add early check to fail on populated RV in payload
* we can't set RV to the found object when updating
* Lint
* Don't fail on update playlists
* Name should not be different when updating and it should be not empty on creating
* Fix tests
* Update pkg/apiserver/rest/dualwriter_mode2.go
Co-authored-by: Todd Treece <360020+toddtreece@users.noreply.github.com>
* Lint
* Fix mode 5 tests
* Lint
* Add generateName condition on every mode. Fix tests
* Lint
* Add condition on where name or generate name have to be set
* Fix test
* Lint
* Fix folders test
* We dont need to send name for mode1
* Fail if UID is not present
* Remove change from not running test
* Remove unused line
* Lint
* Update pkg/storage/unified/apistore/store.go
Co-authored-by: Todd Treece <360020+toddtreece@users.noreply.github.com>
* Improve error message
* Fix broken watcher test
* Fail on name mismatch on update
* Remove log
* Make sure UIDs match on create in both stores
* Lint
* Write first to unified storage
* Remove uid setting
* Remove RV only in mode2
* Fix test. Remove log line
* test
* No need to asser on RV in mode3
* Remove RV check due to race condition
* Update dualwriter.go
Co-authored-by: Georges Chaudy <chaudyg@gmail.com>
* Update pkg/storage/unified/client.go
* remove unused parameter
* log an error for object is missing UID instead of returning an error
* remove obj.SetResourceVersion("")
* log an error for object is missing UID instead of returning an error
* FInalise merge
* Move RV check to where it was
* Remove name check
* Remove server check for backwards compatibility
* Remove unused fn
* Move test checks for another PR
* Dont commit go work sum changes
* Only log error if RV is present for now.
---------
Co-authored-by: Todd Treece <todd.treece@grafana.com>
Co-authored-by: Bruno Abrantes <bruno.abrantes@grafana.com>
Co-authored-by: Todd Treece <360020+toddtreece@users.noreply.github.com>
Co-authored-by: Georges Chaudy <chaudyg@gmail.com>
Previously all receiver modifications were denied with alertingApiServer
enabled. This allows pure creates and deletes through as these specific
cases can be handled simply and without risk of rbac shenanigans.
* Fix: Fix panic when json data are nil
* Use Interface()
* Feedback
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
* Need to check inside the if statement
---------
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
* Implement uidToResourceID
* add middleware
* Move uidToResourceID to alerting package
* Only hash uid if it's too long
* Use hashed uid in access control
* Move ReceiverUidToResourceId to ScopeProvider
* resolve uid in middleware only if param exists
* Tests
* Linting
---------
Co-authored-by: Yuri Tseretyan <yuriy.tseretyan@grafana.com>
* adds metric for watch latency
* registers storage metrics when creating a new ResourceServer
* defines the latency (in milliseconds) as the diff between now and the RV. Still need to wait until PR for switching RV to millisecond timestamp is rolled out.
* should be micro seconds not milli
* for watch latency, use diff between now and resource version and convert to seconds
* fix typo
* Transforms raw US resource into an intermediate IndexableResource and indexes that. Pulls index mapping code out into different file. For now, we will hardcode which spec fields are indexed, per resource.
* Fixes a few bugs with field casing and timestamps not being formatted right (or not existing).
* adds readme section for using search with US
* extracts to function to transform from search hit to IndexedResource
* get folders when building index
* Remove SettingProvider settings from SSO interactions
* Mock Settings Provider for SSO Settings test
* Ignore error from SettingsProvider
* Add test for backend
* start on tokens
* more error messages
* more handling
* rephrased with suggestions from Daniel
* separate gms parse method
* use translation
* refactor initial idea to use error obj
* use error dto result
* handle gms client
* clean logs and comments
* fix tests
* tests for gms
* test and lint
* lint
* one more handling from gms
* typing in fe
* use error interface
* use validation error
* remove unused gms error
* use errorlib and helper function in fe
* regen api
* use same error util
* one more error to handle
* Also validate folder on provisioning update
* Move folder check before auth check
When checking for the existence of a folder we go through the folder
service which requires auth. Doing so prevents an unprivileged user from
accessing information about whether a particular folder exists or not.
* Request trace by id using v2, fallback for v1 when 404
* Show partial traces badge in Trace View
* update go work sum
* Fix tests
* some linting
* Fix tests and try to ignore linter
* Move no lint
* nolint:bodyclose
* merge main
* Fix null tags in array
* Fix test
* Update go.sum
* Update go.sum
* Build: Fix docker manifest create not using correct IMAGE_TAG
* Support publishing security versions of NPM packages
---------
Co-authored-by: Andreas Christou <andreas.christou@grafana.com>
Co-authored-by: Kevin Minehart <kmineh0151@gmail.com>
Co-authored-by: Diego Augusto Molina <diegoaugustomolina@gmail.com>
* Use a enable configuration to enable frontend sandbox
* Modify settings to load enableFrontendSandbox
* Check for signature type
* Update commment
* Fix e2e tests for the frontend sandbox
* Modify logic so a custom check function is used instead of a list of checks
* Fixes flaky test
* fix comment
* Update comment
* Empty commit
* Empty commit
* Rewrite zanzana collector to fetch all available pages
* Register access control as a background service
* If zanzana is enabled we run Syncs and start Reconciliation job
* Update pkg/services/authz/zanzana/client/client.go
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* Use server lock when doing performing reconciliation
* start on loading the error code
* error code to message mapping
* use resource code type
* use defined error code
* partial updates from comments
* i18nKey gen
* fixed t
* fixed translations
* typing
* CloudMigrations: create snapshot for Notification Policy
* CloudMigrations: add notification policy constants and components
* CloudMigrations: add uid to resources that have it
* run service account creation DB queries in transaction
* extract the signed in user from the context
* undo unneeded change
* don't error out if a user is not found
* Update pkg/services/serviceaccounts/manager/service.go
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Update pkg/services/serviceaccounts/manager/service.go
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* build(webpack): extract css imports into files including node_modules
* feat(webassets): add cssfiles to entrypoint assets for extracted css files
* feat(views): add entrypoint css link tags to html templates
* feat(webassets): set CDN prefix for CSS files
* test(webassets): trim down sample-assets-manifest, fix failing snapshot tests
* Update pkg/api/webassets/webassets_test.go
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* build(webpack): remove css module loader
---------
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* CloudMigrations: create snapshot for Contact Points
* CloudMigrations: add contact point copies and components in frontend
* CloudMigrations: temporarily use bell for all alerts resources
* introduce appPlatformGrpcClientAuth (renamed appPlatformAccessTokens which is not used)
* re-run toggles gen
---------
Co-authored-by: gamab <gabriel.mabille@grafana.com>
* Publish event when one or more rules are changed
* Publish affected rules
* Use a fake bus to test publish event without listening
* Wire alerting store into provisioning service
* Require create permissions when creating folder
* Test folder create permissions
* Add test for nested folder permissions on creation
* Replace hardcoded verbs
`GuranteedUpdate` method of `apistore.Storage` had a bug, where it would
errorneously conclude that the object is unchanged, in case a
`tryUpdate` function is passed that modifies the existing object itself
(as it is the case in many core types in K8s upstream).
The modified `existingObj` was compared with `updatedObj`, which would
essentially be same and this lead to the update being skipped.
This patch fixes this by always passing a copy of the `existingObj`.
Signed-off-by: Prem Kumar <prem.saraswat@grafana.com>
* Use epoch with microsecond resolution as RV
* fix backend tests
* Add solution for when the clock goes back
* Add solution for when the clock goes back
* generate mocks
* go lint
* remove comment
* Use Greatest instead of max in msyql and postgres
* update tests
* Update pkg/storage/unified/sql/sqltemplate/dialect_sqlite.go
Co-authored-by: Diego Augusto Molina <diegoaugustomolina@gmail.com>
* cast to bigint
* add additional round trip
* increment the RV using 2 sql round trips instead of 3
* cleanup comments
* cast unix timestamp to integer
* fix postgres query
* remove old increment test data
* remove greatest
* cast unix_timestamp to signed
* Use statement_timestamp instead of clock_timestamp
---------
Co-authored-by: Diego Augusto Molina <diegoaugustomolina@gmail.com>
* refactor: remove FE feat toggle from BE
* refactor: remove FE toggle and adjust roles
* refactor: replace feat toggle in tracking events
* refactor: remove FE feat toggle
* refactor: remove FE feat toggle
* fix: autogenerated file
* ref: pass tracer to plugin factory func
* fix: add tracer to coreplugin
* test: fix test, generate wire
* test: ignore trace field in loader_test
* ref: pass tracer as dependency, don't store in plugin
* ref: wrap tracer with tracer provider to satisfy WithTracerProvider
* ref: use otel trace.Tracer type for tracer
* Pass parent folder as a contextual tuple in Check request
* Search by listing folders and dashboards
* skip dashboards listing if limit reached
* remove unused
* add some comments
* only add ContextualTuples if parent provided
* Remove parent relation for dashboards from schema and perform separate checks
* resource-api: Loosen name validation to match K8s requirements
This patch modifies some of the requirements for name validation of
objects in Resource API to match Kubernetes.
The limit we have on characters in name is 64, but some resources allow
upto 253 characters. Similarly we also include `:` in the regex, as many
objects in default K8s setup use it in the name (the group
`system:masters` for example)
Signed-off-by: Prem Kumar <prem.saraswat@grafana.com>
* Update the name column length in migrator and update e2e test to verify
---------
Signed-off-by: Prem Kumar <prem.saraswat@grafana.com>
* Support getting full path of UIDs
* Use full path to set parents field
* Update get folder test
* Add folder store test for getting with full path UIDs
* Add test for parsing parent titles
* Test nested folder create payload
