* Add teamHeaders for datasource proxy requests
* adds validation for the teamHeaders
* added tests for applying teamHeaders
* remove previous implementation
* validation for header values being set to authproxy
* removed unnecessary checks
* newline
* Add middleware for injecting headers on the data source backend
* renamed feature toggle
* Get user teams from context
* Fix feature toggle name
* added test for validation of the auth headers and fixed evaluation to cover headers
* renaming of teamHeaders to teamHTTPHeaders
* use of header set for non-existing header and add for existing headers
* moves types into datasources
* fixed unchecked errors
* Refactor
* Add tests for data model
* Update pkg/api/datasources.go
Co-authored-by: Victor Cinaglia <victor@grafana.com>
* Update pkg/api/datasources.go
Co-authored-by: Victor Cinaglia <victor@grafana.com>
---------
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
Co-authored-by: Victor Cinaglia <victor@grafana.com>
* Alerting: Use Mimir image to run integration tests for the remote Alertmanager
* skip integration test when running all tests
* skipping integration test when no Alertmanager URL is provided
* fix bad host for mimir_backend
* remove basic auth testing until we have an nginx image in our CI
* update with sdk
* do sql
* fix core plugins
* fix proxy settings
* bump SDK version
* tidy
* enable pdc for test
* add codeowners
* bump dep
* go mod tidy
* bump SDK
* Replace FixedRoleUID function with a common function to generate these prefixes
* Use common function to generate prefixed uid for external service accounts
Co-authored-by: Gabriel MABILLE <gabriel.mabille@grafana.com>
---------
Co-authored-by: Gabriel MABILLE <gabriel.mabille@grafana.com>
fetch fresh permissions for global in AuthorizeInOrgMiddleware
Update pkg/services/accesscontrol/authorize_in_org_test.go
do not load viewer permissions in global ID
* update data migration to update rows that have changes
* fix migration for sqlite
* remove id; fix postgres
* Fix for MySQL
* delete old items from folder table
* change integer to boolean
---------
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Add images
* Basic button functionality; TODO placeholders for dispatching contentOutlineToggle and rendering content outline component
* Basic content outline container
* Content outline toggles
* Remove icon files from explore
* Scroll into view v1
* outline that reflect's explore's order of vizs
* Update icon name
* Add scrollId to PanelChrome; scrolling enabled for Table
* Add queries icon
* Improve scroll behavior in split view
* Add wrapper so the sticky navigation doesn't scroll when on the bottom of the window
* Fix the issue with logs gap; center icons
* Memoize register and unregister functions; adjust content height
* Make displayOrderId optional
* Use Node API for finding position of panels in content outline; add tooltip
* Dock content outline in expanded mode; at tooltip to toggle button
* Handle content outline visibility from Explore and not redux; pass outlineItems as a prop
* Fix ContentOutline test
* Add interaction tracking
* Add padding to fix test
* Replace string literals with objects for styles
* Update event reporting payloads
* Custom content outline button; content outline container improvements
* Add aria-expanded to content outline button in ExploreToolbar
* Fix vertical and horizontal scrolling
* Add aria-controls
* Remove unneccessary css since ExploreToolbar is sticky
* Update feature toggles; Fix typos
* Make content outline button more prominent in split mode; add padding to content outline items;
* Diego's UX updates
* WIP: some scroll fixes
* Fix test and type error
* Add id to ContentOutline to differentiate in split mode
* No default exports
---------
Co-authored-by: Giordano Ricci <me@giordanoricci.com>
* Use apache/arrow v13
* remove apache/thrift
* go mod tidy with go1.21.1
* add metrics team as owner
---------
Co-authored-by: Kyle Brandt <kyle@grafana.com>
* Added spans to trace.go
* Added spans to search_stream.go
* Added spans to parca datasource
* Added spans for pyroscope
* Fix tests
* Fix another test
* Lint
* Revert "Fix another test"
This reverts commit a1639049e3.
* Use grafana-sdk-go tracing
* Fix migration of custom dashboard permissions
Dashboard alert permissions were determined by both its dashboard and
folder scoped permissions, while UA alert rules only have folder
scoped permissions.
This means, when migrating an alert, we'll need to decide if the parent folder
is a correct location for the newly created alert rule so that users, teams,
and org roles have the same access to it as they did in legacy.
To do this, we translate both the folder and dashboard resource
permissions to two sets of SetResourcePermissionCommands. Each of these
encapsulates a mapping of all:
OrgRoles -> Viewer/Editor/Admin
Teams -> Viewer/Editor/Admin
Users -> Viewer/Editor/Admin
When the dashboard permissions (including those inherited from the parent
folder) differ from the parent folder permissions alone, we need to create a
new folder to represent the access-level of the legacy dashboard.
Compromises:
When determining the SetResourcePermissionCommands we only take into account
managed and basic roles. Fixed and custom roles introduce significant complexity
and synchronicity hurdles. Instead, we log a warning they had the potential to
override the newly created folder permissions.
Also, we don't attempt to reconcile datasource permissions that were
not necessary in legacy alerting. Users without access to the necessary
datasources to edit an alert rule will need to obtain said access separate from
the migration.
* Manage service account secrets
* Wip
* WIP
* WIP
* Revert to keep a light interface
* Implement SaveExternalService
* Remove unecessary functions from the interface
* Remove unused field
* Better log
* Leave ext svc credentials out of the extsvcauth package for now
* Remove todo
* Add tests to SaveExternalService
* Test that secret has been removed from store
* Lint
* Nit.
* Rename commands and structs
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
* Account for PR feedback
Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
* Linting
* Add nosec comment G101 - this is not a hardcoded secret
* Lowercase kvStoreType
---------
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
* Update origin annotation names
k8s does not support annotation names with multiple slashes in them, so this PR updates the origin annotations to match the format for updated and created annotations.
* fix tests
This PR replaces the vendored models in the migration with their equivalent ngalert models. It also replaces the raw SQL selects and inserts with service calls.
It also fills in some gaps in the testing suite around:
- Migration of alert rules: verifying that the actual data model (queries, conditions) are correct 9a7cfa9
- Secure settings migration: verifying that secure fields remain encrypted for all available notifiers and certain fields migrate from plain text to encrypted secure settings correctly e7d3993
Replacing the checks for custom dashboard ACLs will be replaced in a separate targeted PR as it will be complex enough alone.
