* AuthN: Fix signout redirect url (#87631)
* Add missing return
* Use sign out redirect url from auth config if configured
* remove option from auth.jwt that is not used
(cherry picked from commit 0f3080ecb8)
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Chore: Add login protection when user is trying different uppercase letters (#87588)
* add login protection when the user is trying different uppercase letters
(cherry picked from commit cd98aaf89b)
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
Alerting: Add two sets of provisioning actions for rules and notifications (#87149)
(cherry picked from commit 356a29592b)
Co-authored-by: Yuri Tseretyan <yuriy.tseretyan@grafana.com>
Provisioning: Look up provisioned folders by UID when possible (#87465)
look up provisioned folders by uid when possible
(cherry picked from commit 1884b03511)
Co-authored-by: Dan Cech <dcech@grafana.com>
Alerting: Also fix HCL field name for MuteTimeIntervals (#87079)
* Correct HCL field name for MuteTimeIntervals
* Update test
(cherry picked from commit 93519f70ca)
Co-authored-by: William Wernert <william.wernert@grafana.com>
Auth: Force lowercase login/email for users (#86359)
* [WIP]: Force lowercase login/email for user CRUD
* warn and remove use of userCaseInsensitiveLogin check
* remove log warning
* reimplementation of the caseinsensitive
* need to decide if we want the conflict check or not
* remvoved the tests for conflict user by getEmail, getLogin
* added tests for user lowercase migration
* wip: emails next
* tests for email lowercasing
* review comments
* optimized login and email lookup before migrating
(cherry picked from commit e394e16073)
RBAC: Do not set permissions on data sources with wildcard UID in OSS (#87220)
do not set permissions on DS with wildcard UID
(cherry picked from commit 28dd1ddd8e)
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Data source: Maintain the default data source permissions when switching from unlicensed to licensed Grafana (#87119)
set managed data source permissions upon resource creation for unlicensed Grafana, remove them on deletion
(cherry picked from commit 5e060d2d99)
* remove code for older version
---------
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
Alerting: Use expected field name for receiver in HCL export (#87065)
* Use expected field name for receiver in hcl
Terraform provider expects `contact_point` instead of `receiver` in
notification settings on a rule.
(cherry picked from commit 70ff229bed)
Co-authored-by: William Wernert <william.wernert@grafana.com>
Alerting: Improve error when receiver or time interval used by rule is deleted (#86865)
* Alerting: Improve error when receiver used by rule is deleted
* Remove RuleUID from public error and data
* Improve fallback error in am config post
* Refactor to expand to time intervals
* Fix message on unchecked errors to be same as before
(cherry picked from commit 3397e8bf09)
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
SQLStore: Disable redundant create and drop unique index migrations on dashboard table (#86857)
SQLStore: Disable create and drop unique index migrations
(cherry picked from commit a5a3ee9fa3)
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
Alerting: Fix simplified routing group by override (#86552)
* Alerting: Fix simplified routing custom group by override
Custom group by overrides for simplified routing were missing required fields
GroupBy and GroupByAll normally set during upstream Route validation.
This fix ensures those missing fields are applied to the generated routes.
* Inline GroupBy and GroupByAll initialization instead of normalize after
(cherry picked from commit 71445002b7)
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
Alerting: Fix simplified routes '...' groupBy creating invalid routes (#86006)
* Alerting: Fix simplified routes '...' groupBy creating invalid routes
There were a few ways to go about this fix:
1. Modifying our copy of upstream validation to allow this
2. Modify our notification settings validation to prevent this
3. Normalize group by on save
4. Normalized group by on generate
Option 4. was chosen as the others have a mix of the following cons:
- Generated routes risk being incompatible with upstream/remote AM
- Awkward FE UX when using '...'
- Rule definition changing after save and potential pitfalls with TF
With option 4. generated routes stay compatible with external/remote AMs, FE
doesn't need to change as we allow mixed '...' and custom label groupBys, and
settings we save to db are the same ones requested.
In addition, it has the slight benefit of allowing us to hide the internal
implementation details of `alertname, grafana_folder` from the user in the
future, since we don't need to send them with every FE or TF request.
* Safer use of DefaultNotificationSettingsGroupBy
* Fix missed API tests
(cherry picked from commit 533bed6d94)
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
CloudMigrations: Add instance metadata to auth token (#85381)
* update how tokens are passed around
* rename structs
(cherry picked from commit 5a5f76ae0a)
Co-authored-by: Michael Mandrus <41969079+mmandrus@users.noreply.github.com>
JWT: Find login and email claims with JMESPATH (#85305)
* add function to static function to static service
* find email and login claims with jmespath
* rename configuration files
* Replace JWTClaims struct for map
* check for subclaims error
(cherry picked from commit e4250a72db)
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
User: email verification completion (#85259)
* TempUser: Include InvitedById in TempUserDTO
* Extract email verfication completion flow to service
(cherry picked from commit 73e426b081)
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Storage: GuaranteedUpdate fix & other improvements (#85206)
make GuaranteedUpdate work when ignoring not found errors, increase poll frequency, fix Delete
(cherry picked from commit ef26fe95dc)
Co-authored-by: Dan Cech <dcech@grafana.com>
AuthN: Add IsAuthenticatedBy to identity interface and replace checks (#85262)
Add IsAuthenticatedBy to identity interface and replace checks
(cherry picked from commit 152cb47692)
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Alerting: Reduce set of fields that could trigger alert state change (#83496)
We want to avoid too much change of alert state based on change on
alert's fields. For that we ignore some fields from the diff.
(cherry picked from commit 6f38ac6615)
Co-authored-by: Benoit Tigeot <benoittgt@users.noreply.github.com>
Auth: Improve org role sync debugging (#85146)
add login to the context of the logger
(cherry picked from commit da40158fed)
Co-authored-by: Jo <joao.guerreiro@grafana.com>
Provisioning: Fix regression when dashboardProvisioner is accessed before being initialised (#85011)
* Provisioning: Fix regression when dashboardProvisioner is accessed before being initialized
* Set dashboard provisioner in the provider
(cherry picked from commit 5ebf2d08f6)
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
Alerting: Return a 400 and errutil error when trying to delete a contact point that is referenced by a policy (#85481)
Return a 400 and errutil error when trying to delete a contact point that is referenced by a policy
(cherry picked from commit 5b1498f98f)
Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com>
SSO: fix reloading settings when a provider contains empty settings (#85102)
* fix reloading settings when a provider contains empty settings
* do not increment reloadFailures if settings are empty
(cherry picked from commit fad6dc4db1)
Co-authored-by: Mihai Doarna <mihai.doarna@grafana.com>
OAuth: Make sub claim required for generic oauth behind feature toggle (#85065)
* Add feature toggle for sub claims requirement
* OAuth: require valid auth id
* Fix feature toggle description
(cherry picked from commit 2f3a01f79f)
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Chore: Vendor wire into pkg/build (#84637)
* vendor latest wire into pkg/build
* use vendored wire in builds
* fix wire import path
* remove wire from bingo
* also support google/wire import
* make prettier happy
* change package in tess
* add debug walk for drone
* add wire_gen in tests
* remove debug walk
* restore imports
(cherry picked from commit 4d4c06b480)
Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
samlsettings: api integration (#84300)
* add strategy and tests
* use settings provider service and remove multiple providers strategy
* Move SAML strategy to ssosettings service
* Update codeowners file
* reload from settings provider
* add saml as configurable provider
* Add new SAML strategy
* rename old saml settings interface
* update saml string references
* use OSS license
* validate saml provider depends on license for List
* add tests for list rendering including saml
* change the licensing validation to service init
* replace service struct for provider
(cherry picked from commit fc205db466)
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
Alerting: Fix evaluation metrics to not count retries (#85873)
* Change evaluation metrics to only count once per eval, and add new metrics.
* Cosmetic: Move eval total Inc() to orginal place.
(cherry picked from commit ad7f804255)
Co-authored-by: Steve Simpson <steve.simpson@grafana.com>
RBAC: Fix slow user permission search query on MySQL (#85058)
* Bench testing search user perm
* Add BenchmarkSearchUsersPermissions_1K_1K
* Clarify benchmark searches by action prefix
* Make MySQL more efficient
* Move all filter options
* Expand after assignments union
* update comments
(cherry picked from commit 5e48804364)
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Plugins: Send PDC file paths and contents for backwards compatibility (#85287)
* send paths and contents
* go work sync
(cherry picked from commit 1a0ac381eb)
grafana-delivery-bot[bot]
Eric Leijonmarck
Misi
Scott Lepper
Mihai Doarna
Laura Fernández
Ashley Harrison
Darren Janeczek
Will Browne