* Alerting: Persist notification log and silences to the database
This removes the dependency of having persistent disk to run grafana alerting. Instead of regularly flushing the notification log and silences to disk we now flush the binary content of those files to the database encoded as a base64 string.
* Revert "Prometheus: add functionality to specify desired step interval in dashboards panels (#36422)"
This reverts commit ddf5b65c51.
Co-authored-by: Ivana Huckova <ivana.huckova@gmail.com>
* Revert "Explore: add functionality for supporting different step modes in prometheus (#37829)"
This reverts commit f433cfd8d9.
Co-authored-by: Ivana Huckova <ivana.huckova@gmail.com>
* Revert stepMode BE implementation from #36796
Co-authored-by: "Ivana Huckova" <ivana.huckova@gmail.com>
* Change templateCaptureValue to support using template functions
This commit changes templateCaptureValue to use float64 for the value
instead of *float64. This change means that annotations and labels can
use the float64 value with functions such as printf and avoid having to
check for nil. It also means that absent values are now printed as 0.
* Use math.NaN() instead of 0 for absent value
* Alerting: Fix alert flapping in the alertmanager
fixes a bug that caused Alerts that are evaluated at low intervals (sub 1 minute), to flap in the Alertmanager.
Mostly due to a combination of `EndsAt` and resend delay.
The Alertmanager uses `EndsAt` as a heuristic to know whenever it should resolve a firing alert, in the case that it hasn't heard
back from the alert generation system.
Because grafana sent the alert with an `EndsAt` which is equal to the `For` of the alert itself,
and we had a hard-coded 1 minute re-send delay (only applicable to firing alerts) this meant that a firing alert would resolve in the Alertmanager before we re-notify that it still firing.
This commit, increases the `EndsAt` by 3x the the resend delay or alert interval (depending on which one is higher). The resendDelay has been decreased to 30 seconds.
* LibraryPanels: Separates name from panel title
* WIP
* Chore: fixes update for duplicate lib panels
* Chore: reverts implementation
* Chore: show library options only for library panels
* Chore: ui fixes after PR comments
* Chore: fixes issue when creating library panels
* Add encryption service
* Add tests for encryption service
* Inject encryption service into http server
* Replace encryption global function usage in login tests
* Migrate to Wire
* Move Encryption bindings to OSS Wire set
* Chore: Refactor securedata to remove global encryption calls from dashboard snapshots
* Fix dashboard snapshot tests
* Remove no longer user test
* Add dashboard snapshots service tests
* Refactor service initialization
* Set up dashboard snapshots service as a background service
Co-authored-by: Tania B <yalyna.ts@gmail.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* add key/value store service
* don't export kvStoreSQL, consumers should interact with KVStore & NamespacedKVStore
* add del method, avoid ErrNotFound (#38627)
* switch value column to medium text
Co-authored-by: Alexander Emelin <frvzmb@gmail.com>
* Add encryption service
* Add tests for encryption service
* Inject encryption service into http server
* Replace encryption global function usage in login tests
* Refactor UpdatePluginSetting
* Refactor EncryptSecureSettings
* Fix wire.go
* Refactor service initialization
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
Co-authored-by: Joan López de la Franca Beltran <5459617+joanlopez@users.noreply.github.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Add encryption service
* Add tests for encryption service
* Inject encryption service into http server
* Replace encryption global function usage in login tests
* Migrate to Wire
* Refactor authinfoservice to use encryption service
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
Co-authored-by: Joan López de la Franca Beltran <5459617+joanlopez@users.noreply.github.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Add encryption service
* Add tests for encryption service
* Inject encryption service into http server
* Replace encryption global function usage in login tests
* Apply suggestions from code review
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Migrate to Wire
* Undo non-desired changes
* Move Encryption bindings to OSS Wire set
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
Co-authored-by: Joan López de la Franca Beltran <5459617+joanlopez@users.noreply.github.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Fixes#30144
Co-authored-by: dsotirakis <sotirakis.dim@gmail.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com>
Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
Co-authored-by: Leon Sorokin <leeoniya@gmail.com>
Co-authored-by: Andrej Ocenas <mr.ocenas@gmail.com>
Co-authored-by: spinillos <selenepinillos@gmail.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: Leonard Gram <leo@xlson.com>
* Provide correct link for AGPL license
* Change LicenseURL to point go Grafana OSS page
* Keep utm_source query parameter
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Introduces org-level isolation for the Alertmanager and its components.
Silences, Alerts and Contact points are not separated by org and are not shared between them.
Co-authored with @davidmparrott and @papagian
* add a more flexible way to create permissions
* update interface for accesscontrol to use new eval interface
* use new eval interface
* update middleware to use new eval interface
* remove evaluator function and move metrics to service
* add tests for accesscontrol middleware
* Remove failed function from interface and update inejct to create a new
evaluator
* Change name
* Support Several sopes for a permission
* use evaluator and update fakeAccessControl
* Implement String that will return string representation of permissions
for an evaluator
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Make the evaluator prefix match only
* Handle empty scopes
* Bump version of settings read role
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Even without the ability to control the sort order or to filter, this notably improves usability for long lists of notification channels.
Partially fixes#20067.
This commit adds contact point testing to ngalerts via a new API
endpoint. This endpoint accepts JSON containing a list of
receiver configurations which are validated and then tested
with a notification for a test alert. The endpoint returns JSON
for each receiver with a status and error message. It accepts
a configurable timeout via the Request-Timeout header (in seconds)
up to a maximum of 30 seconds.
* Alerting: Expose discovered and dropped Alertmanagers
Exposes the API for discovered and dropped Alertmanagers.
* make admin config poll interval configurable
* update after rebase
* wordsmith
* More wordsmithing
* change name of the config
* settings package too
* Alerting: modify table and accessors to limit org access appropriately
* Update migration to create multiple Alertmanager configs
* Apply suggestions from code review
Co-authored-by: gotjosh <josue@grafana.com>
* replace mg.ClearMigrationEntry()
mg.ClearMigrationEntry() would create a new session.
This commit introduces a new migration for clearing an entry from migration log for replacing mg.ClearMigrationEntry() so that all dashboard alert migration operations will run inside the same transaction.
It adds also `SkipMigrationLog()` in Migrator interface for skipping adding an entry in the migration_log.
Co-authored-by: gotjosh <josue@grafana.com>
* Alerting: Send alerts to external Alertmanager(s)
Within this PR we're adding support for registering or unregistering
sending to a set of external alertmanagers. A few of the things that are
going are:
- Introduce a new table to hold "admin" (either org or global)
configuration we can change at runtime.
- A new periodic check that polls for this configuration and adjusts the
"senders" accordingly.
- Introduces a new concept of "senders" that are responsible for
shipping the alerts to the external Alertmanager(s). In a nutshell,
this is the Prometheus notifier (the one in charge of sending the alert)
mapped to a multi-tenant map.
There are a few code movements here and there but those are minor, I
tried to keep things intact as much as possible so that we could have an
easier diff.
* simplify toggle + add link to server admin
* feat(catalog): org admins can configure plugin apps, cannot install/uninstall plugins
* fix(catalog): dont show buttons if user doesn't have install permissions
* feat(catalog): cater for accessing catalog via /plugins and /admin/plugins
* feat(catalog): use location for list links and match.url to define breadcrumb links
* test(catalog): mock isGrafanaAdmin for PluginDetails tests
* test(catalog): preserve default bootdata in PluginDetails mock
* refactor(catalog): move orgAdmin check out of state and make easier to reason with
Co-authored-by: Will Browne <will.browne@grafana.com>
* AccessControl: Implement a way to register fixed roles
* Add context to register func
* Use FixedRoleGrantsMap instead of FixedRoleGrants
* Removed FixedRoles map to sync.map
* Wrote test for accesscontrol and provisioning
* Use mutexes+map instead of sync maps
* Create a sync map struct out of a Map and a Mutex
* Create a sync map struct for grants as well
* Validate builtin roles
* Make validation public to access control
* Handle errors consistently with what seeder does
* Keep errors consistant amongst accesscontrol impl
* Handle registration error
* Reverse the registration direction thanks to a RoleRegistrant interface
* Removed sync map in favor for simple maps since registration now happens during init
* Work on the Registrant interface
* Remove the Register Role from the interface to have services returning their registrations instead
* Adding context to RegisterRegistrantsRoles and update descriptions
* little bit of cosmetics
* Making sure provisioning is ran after role registration
* test for role registration
* Change the accesscontrol interface to use a variadic
* check if accesscontrol is enabled
* Add a new test for RegisterFixedRoles and fix assign which was buggy
* Moved RegistrationList def to roles.go
* Change provisioning role's description
* Better comment on RegisterFixedRoles
* Correct comment on ValidateFixedRole
* Simplify helper func to removeRoleHelper
* Add log to saveFixedRole and assignFixedRole
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
Co-authored-by: Jeremy Price <Jeremy.price@grafana.com>
* wip
* Auth Info: refactored out into it's own service
* Auth: adds extension point where users are being mapped
* Update pkg/services/login/authinfoservice/service.go
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
* Update pkg/services/login/authinfoservice/service.go
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
* Auth: simplified code
* moved most authinfo stuff to its own package
* added back code
* linter
* simplified
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
* Alerting: Refactor `Run` of the scheduler
A bit of a refactor to make the diff easier to read for supporting
external Alertmanagers.
We'll introduce another routine that checks the database for
configuration and spawns other routines accordingly.
* Block the wait.
* Fix test
* initial attempt at automatic removal of stale states
* test case, need espected states
* finish unit test
* PR feedback
* still multiply by time.second
* pr feedback
* Pass role to Grafana using auth proxy
By default, the role will be applied to the default org of the user.
If the request uses the standard header "X-Grafana-Org-Id", the role will be applied to the specified org
Tested in both unit test and manually E2E
* Address comment: only allow the user role to be applied to the default org
Co-authored-by: Leonard Gram <leo@xlson.com>
* Alerting: deactivate an Alertmanager configuration
Implement DELETE /api/alertmanager/grafana/config/api/v1/alerts
by storing the default configuration which stops existing cnfiguration
from being in use.
* Apply suggestions from code review
* Expand the value of math and reduce expressions in annotations and labels
This commit makes it possible to use the values of reduce and math
expressions in annotations and labels via their RefIDs. It uses the
Stringer interface to ensure that "{{ $values.A }}" still prints the
value in decimal format while also making the labels for each RefID
available with "{{ $values.A.Labels }}" and the float64 value with
"{{ $values.A.Value }}"
* add macaron code to the code base
* remove unused secure cookies support from macaron
* clean up modules
* remove com dependency
* fix silly typos
* little cleanup, remove recovery middleware
* remove logger middleware
* remove static handler and remove unused context methods
* bring inject into macaron codebase
* remove unused applicator
* add back macaron license
* more cleanups in macaron code
* remove unused injector Set method
* remove unused context methods: param to int conversion, body helper type, cookie helpers
* remove action from context
* remove complex environment handling, we only use Env variable
* restore ReplaceAllParams to fix the tests
* Alerting: Refactor state manager as a dependency
Within the scheduler, the state manager was being passed around a
certain number of functions. I've introduced it as a dependency to keep
the "service" interfaces as clean and homogeneous as possible.
This is relevant, because I'm going to introduce live reload of these
components as part of my next PR and it is better if dependencies are
self-contained.
* remove unused functions
* Fix a few more tests
* Make sure the `stateManager` is declared before the schedule
* add fixed role for datasource read operations
* Add action for datasource explore
* add authorize middleware to explore index route
* add fgac support for explore navlink
* update hasAccessToExplore to check if accesscontrol is enable and evalute action if it is
* add getExploreRoles to evalute roles based onaccesscontrol, viewersCanEdit and default
* create function to evaluate permissions or using fallback if accesscontrol is disabled
* change hasAccess to prop and derive the value in mapStateToProps
* add test case to ensure buttons is not rendered when user does not have access
* Only hide return with changes button
* remove internal links if user does not have access to explorer
Co-authored-by: Ivana Huckova <30407135+ivanahuckova@users.noreply.github.com>
* Add IsFolder field into models.GetDashboardQuery
* Reverted folderId - return dummy success when calling get folder with id 0
* Moved condition to upper level - add test
* Alerting: Allow __value__ label in notifications
was being removed by removePrivateItems
discoverd in #36020, but issue is not about that specifically
* __value__ label to __value_string__ annotation
and .ValueString extended property for notifications
* Fix deleting labels and annotations
* Add test
* Keep no data and error start if not provided
* Allow setting interval and for to zero during rule updates
* Alerting: Implement /status for the notification system
Implements the necessary plumbing to have a /status endpoint on the
notification system.
* Add API examples
* Update API specs
* Update prometheus/common dependency
Co-authored-by: Sofia Papagiannaki <sofia@grafana.com>
* add accesscontrol action for stats read
* use accesscontrol middleware for stats route
* add fixed role with permissions to read sever stats
* add accesscontrol action for settings read
* use accesscontrol middleware for settings route
* add fixed role with permissions to read settings
* add accesscontrol tests for AdminGetSettings and AdminGetStats
* add ability to scope settings
* add tests for AdminGetSettings
* Add new accesscontrol action for ldap config reload
* Update ldapAdminEditRole with new ldap config reload permission
* wrap /ldap/reload with accesscontrol authorize middleware
* document new action and update fixed:ldap:admin:edit with said action
* add fake accesscontrol implementation for tests
* Add accesscontrol tests for ldap handlers
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
* Fix dashboard alert and nootifier migration for MySQL
* Fix POSTing Alertmanager configuration if no current configuration exists
in case the default configuration has not be stored yet
or has failed to get stored
* Change CreatedAt field type
* Alerting: Expand `{{$labels.xyz}}` template in labels and annotations
Signed-off-by: Ganesh Vernekar <ganeshvern@gmail.com>
* Fix annotation not updating for same alert
Signed-off-by: Ganesh Vernekar <ganeshvern@gmail.com>
* Alerting: Do not hard fail on templating errors in channels
Signed-off-by: Ganesh Vernekar <ganeshvern@gmail.com>
* Fix review
Signed-off-by: Ganesh Vernekar <ganeshvern@gmail.com>
When using mulit-dimensional Grafana managed alerts (e.g. SSE math) extract refIds values and labels so they can be shown in the notification and dashboards.
Threema Gateway supports two types of IDs: Basic IDs (where the
encryption is managed by the API server) and End-to-End IDs (where the
keys are managed by the user).
This plugin currently does not support End-to-End IDs (since it's much
more complex to implement, because the encryption needs to happen
locally). Add a few clarifications to the UI.
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
this should help Live to be enabled by default but still
do not affect setups with lots of simultenious users. To
properly handle many WS connections Grafana administrators
should tune infrastructure a bit - for example increase a
number of open files for a process. Will be in more details
in documentation.
