* ManagedServiceAccounts: Add a config option to disabled by default
* Update log in pkg/services/extsvcauth/registry/service.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Cloud migrations: store resource name in the cloud_migration_resource table
* remove unused function: convertMigrateDataResponseToDTO
* make swagger-clean && make openapi3-gen
* use DB_Text for cloud_migration_resource.name instead of DB_Varchar
* Add mode switch in Query section
* Implement simple query mode : WIP
* fix logic switching mode
* move guard and get methodd to another folder
* Add more requiremts for being transformable from advanced to not advanced mode
* fix usig mode when it's not a grafana managed alert
* Show warning when switching to not advanced and its not possible to convert
* Add feature toggle alertingQueryAndExpressionsStepMode
* fix test
* add translations
* address PR feedback
* Use form context for sharing simplfied mode used, save in local storage and use the new fields in the api
* add check to valid reducer and threshold when switching to simplified mode
* Use only one expression list
* fix test
* move existing rule check outside storeInLocalStorageValues
* add id in InlineSwitch to handle onClick on label
* fix
* Fix default values when editing existing rule
* Update dto fields for the api request
* fix snapshot
* Fix recording rules to not show switch mode
* remove unnecessary Boolean conversion
* fix areQueriesTransformableToSimpleCondition
* update text
* pr review nit
* pr review part2
* Revert "chore: add replDB to team service (#91799)"
This reverts commit c6ae2d7999.
* Revert "experiment: use read replica for Get and Find Dashboards (#91706)"
This reverts commit 54177ca619.
* Revert "QuotaService: refactor to use ReplDB for Get queries (#91333)"
This reverts commit 299c142f6a.
* Revert "refactor replCfg to look more like plugins/plugin config (#91142)"
This reverts commit ac0b4bb34d.
* Revert "chore (replstore): fix registration with multiple sql drivers, again (#90990)"
This reverts commit daedb358dd.
* Revert "Chore (sqlstore): add validation and testing for repl config (#90683)"
This reverts commit af19f039b6.
* Revert "ReplStore: Add support for round robin load balancing between multiple read replicas (#90530)"
This reverts commit 27b52b1507.
* Revert "DashboardStore: Use ReplDB and get dashboard quotas from the ReadReplica (#90235)"
This reverts commit 8a6107cd35.
* Revert "accesscontrol service read replica (#89963)"
This reverts commit 77a4869fca.
* Revert "Fix: add mapping for the new mysqlRepl driver (#89551)"
This reverts commit ab5a079bcc.
* Revert "fix: sql instrumentation dual registration error (#89508)"
This reverts commit d988f5c3b0.
* Revert "Experimental Feature Toggle: databaseReadReplica (#89232)"
This reverts commit 50244ed4a1.
* feat: add setup guide in home tab
* chore: add feature toggle for setup guide
* chore: add feature toggle for sub menu
* chore: run pretier
* chore: run i18n
* chore: run generated files again
* chore: update description
* chore: update comment to trigger test flow
* chore: trigger test
* chore: fix styling
* Add separate folder registration function
* Convert to k8s resource directly after legacy create
* Use create command when creating folders
* Set additional fields when converting to k8s resource
* Add created/updated timestamps during conversion
* Refactor UnstructuredToLegacyFolderDTO
* Return errors when doing k8s conversions
* WIP: working as expected, has to be tested
* Rename query param, small changes
* Remove unused code
* Address feedback
* Cleanup
* Use the feature toggle to control the behaviour
* Use the toggle on the FE too
* Prevent the extra redirect/reload
Co-authored-by: Josh Hunt <joshhunt@users.noreply.github.com>
* Return to login if user is not authenticated
* Add tracking issue
* Align BE redirect constructor to locationSvc
* Pass one
* Fix linter and add new betterer problem (sorry)
* fix swagger
* Add type to tests and update single correlations sql
* Fix provisioning test and other function that needs a type
* Add errors around query/external typing and add tests
* increment number of correlations tested as we added one for testing v1 type placement
* try merging back the swagger that is in main
* try again?
* Style form a little
* Update public/app/features/logs/components/logParser.ts
Co-authored-by: Matias Chomicki <matyax@gmail.com>
* fix bad commit, simplify logic
* Demonstrating type difficulties
* Fix distributed union changes
* Additional type changes
* Update types in form
* Fix swagger
* Add comment around the assertion and explicit typing
---------
Co-authored-by: Matias Chomicki <matyax@gmail.com>
Co-authored-by: Andrej Ocenas <mr.ocenas@gmail.com>
* Add authlib gRPC authenticators for in-proc mode
* implement `StaticRequester` signing in the unified resource client
- [x] when the `claims.AuthInfo` value type is `identity.StaticRequester`, and there's no ID token set, create an internal token and sign it with symmetrical key. This is a workaround for `go-jose` not offering the possibility to create an unsigned token.
- [x] update `IDClaimsWrapper` to support the scenario above
- [x] Switch to using `claims.From()` in `dashboardSqlAccess.SaveDashboard()`
---------
Co-authored-by: gamab <gabriel.mabille@grafana.com>
* Annotations: Optimize search on large number of dashboards
* refactor
* fix batch size
* Return early if no annotations found
* revert go.mod
* return nil in case of error
* Move default limit to the API package
* fix empty access control filter
* Set default limit to 100
* optimize query when number of annotations is less than limit
* Update pkg/services/annotations/annotationsimpl/annotations.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* remove limit from store since it's set in API
* set default limit in Find method (do not break tests)
* Only add limit to the query if it's set
* use limit trick for all searches without dashboard filter
* set default page if not provided
---------
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Unexport store and create new constructor function
* Add ResourceAuthorizer and LegacyAccessClient
* Configure checks for user store
* List with checks if AccessClient is configured
* Allow system user service account to read all users
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Managed Service Accounts: Use AutoAssignOrgID
* Fix the IsExternalServiceAccount function
* Reassign service account role
* Account for AutoAssignOrg
* Update pkg/services/serviceaccounts/models.go
* Simplify IsExternalServiceAccount function
* Add tests
* Easier to understand test
* Revert small change
* if result format is null from previous query, it will be null and not correct to a different format
* update to not have empty value in result format field
* fix tests
* add check to see if options are in list
* reformat stuff so logic lives on the right layer
* linterrrrrrrrrrrrrrrrrrRR
* Apply suggestions from code review
* if result format is null from previous query, it will be null and not correct to a different format
* update to not have empty value in result format field
* fix tests
* add check to see if options are in list
* reformat stuff so logic lives on the right layer
* linterrrrrrrrrrrrrrrrrrRR
* frontend linter
* linter
* feedback :)
* feat: supporting code for groupsync extension UI
* Add result of running i18n extraction
* Place the UI behind a feature toggle as well as the license feature
* Also add access checks to route loading of groupsync route with feature toggle
* Add access check on permissions to show External group sync in nav
* fix: New version of multiOrgRoleOptions hook
* Remove OSS route definition
* Apply feedback on nav title
* update RenameReceiverInNotificationSettings in DbStore to check for provisioning
* implement renaming in receiver service and provisioning
* do not patch route when stitching
* fix bug in stitching because it returned new name but the old one was expected
* update receiver service to always return result converted from storage model this makes sure that UID and version are consistent with GET\LIST operations
* use provided metadata.name for UID of domain model because rename changes UID and request fails
* remove rename guard
* update UI to not disable receiver name when k8s api enabled
* create should calculate uid from name because new receiver does not have UID yet.
* Include access control metadata in k8s receiver List & Get
* Add tests for receiver access
* Simplify receiver access provisioning extension
- prevents edge case infinite recursion
- removes read requirement from create
* Alerting: Fix dasboardUid typo in json provisioning api
The json tag for DashboardUID was incorrectly set to dasboardUid in the provisioning api. This change fixes the typo while keeping backwards compatibility for the typo.
* Add alerting-squad as CODEOWNER for services/provisioning/alerting
* introduce storage model for alert rule tables
* remove AlertRuleVersion from models because it's not used anywhere other than in storage
* update historian xorm store to use alerting store to fetch rules
* fix folder tests
---------
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
* Add group and type labels to rule_group_rules metric
* Don't include group to avoid high cardinality
* Add comments
* Reset rule_group_rules before recording new values
* Edit description for rule_group_rules
* Include ruleGroup combo key in labels
* Fix lint
* Add initial folder tests
* Add test for get/reading folders
* Compare legacy and k8s create and read
* Remove dependency on grafanaAPIServerWithExperimentalAPIs
Back-end:
* update alerting module
* update GetSecretKeysForContactPointType to extract secret fields from nested options
* Update RemoveSecretsForContactPoint to support complex settings
* update PostableGrafanaReceiverToEmbeddedContactPoint to support nested secrets
* update Integration to support nested settings in models.Integration
* make sigv4 fields optional
Front-end:
* add UI support for encrypted subform fields
* allow emptying nested secure fields
* Omit non touched secure fields in POST payload when saving a contact point
* Use SecretInput from grafana-ui instead of the new EncryptedInput
* use produce from immer
* rename mapClone
* rename sliceClone
* Don't use produce from immer as we need to delete the fileds afterwards
---------
Co-authored-by: Gilles De Mey <gilles.de.mey@gmail.com>
Co-authored-by: Sonia Aguilar <soniaaguilarpeiron@gmail.com>
Co-authored-by: Matt Jacobson <matthew.jacobson@grafana.com>
* allow post URL
* check for config
* allow relative paths
* add allowed internal pattern; add checks for method
* update defaults.ini
* add custom header
* update config comment
* use globbing, switch to older middleware - deprecated call
* add codeowner
* update to use current api, add test
* update fall through logic
* Update pkg/middleware/validate_action_url.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update pkg/middleware/validate_action_url.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* add more tests
* Update pkg/middleware/validate_action_url_test.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* fix request headers
* add additional tests for all verbs
* fix request headers++
* throw error when method is unknown
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
Co-authored-by: Brian Gann <bkgann@gmail.com>
Co-authored-by: Brian Gann <briangann@users.noreply.github.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
* send "one-of" and "not-one-of" directly to datasource (instead of changing them to regex)
* Added to Ad-hoc and and Scope Filters: The "values" prop ([]string) and the "one-of" and "not-one-"of" operators. "values" is used with one-of and not-one-of.
* adds prometheus support for the above
---------
Co-authored-by: Ashley Harrison <ashley.harrison@grafana.com>
Co-authored-by: Todd Treece <todd.treece@grafana.com>
* Add split view and basic APIs to extensions
* Add comments
* Update public/app/AppWrapper.tsx
Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
* Moved the .grafana-app element and deduplicate some code
* Remove the provider variants of usePluginLinks/Components
* Change buildPluginSectionNav
* Update comment
* Use eventBus
* Remove non existent exports
* refactor: use a sidecar service to encapsulate the state
* Don't wrap single app in split wrapper
* Use hook splitter
* Remove inline styles
* Type the style props from useSplitter
* Move the overflow style changes to appWrapper
* Deduplicate some common top level providers
* Move modals
* Move routes wrappers to it's own file
* Use better css and add comments
* Remove query rows app extension point
* Fix test
---------
Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
* do it all
* feat(plugins): move loadingStrategy to ds pluginMeta and add to plugin settings endpoint
* support child plugins and update tests
* use relative path for nested plugins
* feat(plugins): support nested plugins in the plugin loader cache by extracting pluginId from path
* feat(grafana-data): add plugin loading strategy to plugin meta and export
* feat(plugins): pass down loadingStrategy to fe plugin loader
* refactor(plugins): make PluginLoadingStrategy an enum
* feat(plugins): add the loading strategy to the fe plugin loader cache
* feat(plugins): load fe plugin js assets as script tags based on be loadingStrategy
* add more tests
* feat(plugins): add loading strategy to plugin preloader
* feat(plugins): make loadingStrategy a maybe and provide fetch fallback
* test(alerting): update config.apps mocks to include loadingStrategy
* fix format
---------
Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
* Remove usage of traceqlStreaming feature toggle and stop checking for Tempo version
* Increase Grafana Live's ClientQueueMaxSize to 4mb to support larger responses from Tempo
* Access control: Use composite cache key for team permissions
* use composite key for teams
* use cache for hotpath (getCachedUserPermissions)
* don't cache empty teams set
* don't pass permissions as argument
* early return if no teams found
* reload cache correctly
* optimize allocations
* Clear user's teams cache
* remove composite cache for teams
* fix linter
* don't clear teams permissions
* pre-allocate memory for basic roles permissions
* Display event name of a span
* Clean up
* Retrigger the build
* Show colon only when there are fields to display
* Rollback
* Use event name when exporting to OTLP
* Allow filtering spans by event name
* Show duration as a key/value pair
* Update betterer report (we do not translate panels that are planned to be externalized)
* Fix tests after changing how duration is rendered
* Handle long names
* Test handling long names
* Make parenthesis gray
* Fix a test
* Fix linting
* Fix tests
* Update label
* handle oneOf operator in prometheus
* use new supportsMultiValueOperators
* remap oneOf to regex in prometheus datasource
* Remap one of operators for scope filters
* use plugin.json property instead of feature toggle
* optional chaining
* fix unit tests
* use getInstanceSettings
* update to latest scenes
* fix unit tests
---------
Co-authored-by: Dominik Prokop <dominik.prokop@grafana.com>
* Remove kubernetesPlaylists feature_toggle
* Remove unified_storage_mode
* Remove double import
* Read from config instead from feature_toggle
* cover scenario for when unified storage is not defined
* Be temporarily retro compatible with previous feature toggle
* Properly read unified_storage section
* [WIP] Read new format of config
* Fix test
* Fix other tests
* Generate feature flags file
* Use <group>.<resource> schema
* Use <group>.resource format on the FE as well
* Hide UniStore config from Frontend
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
* unwanted changes
* Use feature toggles in the FE. Enforce FTs are present before enabling dual writing
Co-authored-by: Ryan McKinley <ryantxu@users.noreply.github.com>
* use kubernetes playlists feature toggle on the FE
* Remove unwanted code
* Remove configs from the FE
* Remove commented code
* Add more explicit example
---------
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
Co-authored-by: Maicon Costa <maiconscosta@gmail.com>
* IAM docs: Transform `API keys` to `Migrate API keys` docs
* Update links to `API keys` in other doc pages
* Grafana UI: update help button link
* Update OpenAPI/Swagger links
* Update docs/sources/administration/service-accounts/migrate-api-keys.md
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
* Update `relref` links to the new URL
* fix space before em dash
spaces before or after em dashes are not recommended (https://developers.google.com/style/dashes)
---------
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
Co-authored-by: Irene Rodriguez <irene.rodriguez@grafana.com>
* Stop redacting receivers by default in receiver_svc
[REDACTED] is only used in provisioning API since response doesn't include
SecureFields. This is not necessary in k8s or notifications api, instead we do
not include the encrypted settings in Settings at all, leaving it to
SecureFields to specify when a secure field exists.
* Capitalize logs messages
* Ensure that datasource apiservers receive and forwards headers for datasources:
- adds log line for prometheus to see when from alert header is received
- add logging to the datasource apiserver
- Updates the Connect func in sub query to forward expected headers to datasources and log unexpected ones.
* use count_bytes_reader from plugin-sdk-go
* run `make update-workspace`
* update postgres tests
* update mysql tests
* time back to utc
* make update-workspace done
---------
Co-authored-by: Kyle Brandt <kyle@grafana.com>
