* Fix: Deduplicate OrgID in SA logins (#94378)
* Fix: Deduplicate OrgID in SA logins
(cherry picked from commit b90e09e966)
* Fix: Actually call the DedupOrgInLogin migration (#94520)
* Fix: Account for conflicting logins in dedupOrgInlogin migration (#94669)
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Migration: Remove table aliasing in delete statement to make it work for mariadb (#95226)
Migration: remove table aliasing in delete statement to make it work in mariadb
(cherry picked from commit 6f7528f896)
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
OrgSync: Do not set default Organization for a user to a non-existent Organization (#94537)
Do not set default org for a user to a missing org
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
(cherry picked from commit c872cad879)
Fix: Ensure SA migrations doesn't hit migrated SAs if rerun (#94347)
* ensure mig doesn't hit migrated SAs if rerun
* Fix small issue with the test
---------
Co-authored-by: gamab <gabriel.mabille@grafana.com>
(cherry picked from commit 945dd052b1)
Co-authored-by: Jo <joao.guerreiro@grafana.com>
ServiceAccounts: Run migration in batches (#94429)
* ServiceAccounts: Run migration in batches
(cherry picked from commit 2d0ea60017)
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
ServiceAccounts: Remove permissions to service account when it is deleted (#93877)
* Service account: clean up permissions related to service accounts when deleted
* Add migration for deleting orphaned service account permissions
Alerting: Fix incorrect permission on POST external rule groups endpoint [CVE-2024-8118] (#93940)
Fix endpoint permission on rule write endpoint
(cherry picked from commit c2799b4901)
Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com>
Correlations: Limit access to correlations page to users who can access Explore (#93519)
Correlations: Limit access to correlations page to users who can access Explore
(cherry picked from commit 813e1c1364)
Co-authored-by: Piotr Jamróz <pm.jamroz@gmail.com>
Annotations: Optimize search by tags (#93547)
* Annotations: Optimize search on large number of dashboards
* refactor
* fix batch size
* Return early if no annotations found
* revert go.mod
* return nil in case of error
* Move default limit to the API package
* fix empty access control filter
* Set default limit to 100
* optimize query when number of annotations is less than limit
* Update pkg/services/annotations/annotationsimpl/annotations.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* remove limit from store since it's set in API
* set default limit in Find method (do not break tests)
* Only add limit to the query if it's set
* use limit trick for all searches without dashboard filter
* set default page if not provided
---------
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
(cherry picked from commit 5e713673e1)
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
Alerting: Fix persisting result fingerprint that is used by recovery threshold (#91224)
(cherry picked from commit 537f1fb857)
# Conflicts:
# pkg/services/ngalert/state/persister_sync.go
Snapshots: Fix panic when snapshot_remove_expired is true (#91232)
(cherry picked from commit bb5d2c83ef)
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
Notifications: Do not log email address in error message (#89314)
Do not log email address in error message
(cherry picked from commit c2c30c25ed)
Co-authored-by: William Wernert <william.wernert@grafana.com>
Alerting: Fix rule storage to filter by group names using case-sensitive comparison (#88992)
* add test for the bug
* remove unused struct
* update db store to post process filters by group using go-lang's case-sensitive string comparison
--------
Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com>
# Conflicts:
# pkg/services/ngalert/store/alert_rule.go
# pkg/services/ngalert/store/alert_rule_test.go
RBAC: List only the folders that the user has access to (#88599)
only check folder permissions when listing folders
(cherry picked from commit 095ca66d9f)
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
User: add second migration for lowercasing login/email of users (#88915)
(cherry picked from commit 39bd13f877)
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
LibraryPanels/RBAC: Ignore old folder permission check when deleting/patching lib panel (#88422)
* LibraryPanels/RBAC: Ignore old folder permission check when deleting lib panel
* Same for patching
(cherry picked from commit 8f45003192)
Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com>
Dashboards: Correctly display Admin access to dashboards in the UI (#88439)
* include folder wildcard scope in dash permission inheritance
* Update pkg/services/accesscontrol/ossaccesscontrol/permissions_services.go
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
(cherry picked from commit 1c2ae2c72d)
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
Alerting/Annotations: Return nothing from historian store if filtering by tags and matchAny is false (#85488)
* Return nothing from historian store if filtering by tag
(cherry picked from commit cad8190a91)
Co-authored-by: William Wernert <william.wernert@grafana.com>
* Alerting: Fix scheduler to sort rules before evaluation (#88006)
sort rules scheduled for evaluation to make sure that the order is stable between evaluations.
This is especially important in HA mode.
(cherry picked from commit 05d6813a09)
* use old generators
---------
Co-authored-by: Yuri Tseretyan <yuriy.tseretyan@grafana.com>
Alerting: use logger with same context within rule scheduling loop (#87934)
(cherry picked from commit f410c7fca1)
Co-authored-by: Yuri Tseretyan <yuriy.tseretyan@grafana.com>
Alerting: Do not store series values from past evaluations in state manager for no reason (#87525)
Do not store previous execution results on states
(cherry picked from commit a6a9ab4008)
Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com>
* AuthN: Fix signout redirect url (#87631)
* Add missing return
* Use sign out redirect url from auth config if configured
* remove option from auth.jwt that is not used
(cherry picked from commit 0f3080ecb8)
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Chore: Add login protection when user is trying different uppercase letters (#87588)
* add login protection when the user is trying different uppercase letters
(cherry picked from commit cd98aaf89b)
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
Alerting: Add two sets of provisioning actions for rules and notifications (#87149)
(cherry picked from commit 356a29592b)
Co-authored-by: Yuri Tseretyan <yuriy.tseretyan@grafana.com>
Provisioning: Look up provisioned folders by UID when possible (#87465)
look up provisioned folders by uid when possible
(cherry picked from commit 1884b03511)
Co-authored-by: Dan Cech <dcech@grafana.com>
Alerting: Also fix HCL field name for MuteTimeIntervals (#87079)
* Correct HCL field name for MuteTimeIntervals
* Update test
(cherry picked from commit 93519f70ca)
Co-authored-by: William Wernert <william.wernert@grafana.com>
Auth: Force lowercase login/email for users (#86359)
* [WIP]: Force lowercase login/email for user CRUD
* warn and remove use of userCaseInsensitiveLogin check
* remove log warning
* reimplementation of the caseinsensitive
* need to decide if we want the conflict check or not
* remvoved the tests for conflict user by getEmail, getLogin
* added tests for user lowercase migration
* wip: emails next
* tests for email lowercasing
* review comments
* optimized login and email lookup before migrating
(cherry picked from commit e394e16073)
RBAC: Do not set permissions on data sources with wildcard UID in OSS (#87220)
do not set permissions on DS with wildcard UID
(cherry picked from commit 28dd1ddd8e)
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Data source: Maintain the default data source permissions when switching from unlicensed to licensed Grafana (#87119)
set managed data source permissions upon resource creation for unlicensed Grafana, remove them on deletion
(cherry picked from commit 5e060d2d99)
* remove code for older version
---------
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
Alerting: Use expected field name for receiver in HCL export (#87065)
* Use expected field name for receiver in hcl
Terraform provider expects `contact_point` instead of `receiver` in
notification settings on a rule.
(cherry picked from commit 70ff229bed)
Co-authored-by: William Wernert <william.wernert@grafana.com>
Alerting: Improve error when receiver or time interval used by rule is deleted (#86865)
* Alerting: Improve error when receiver used by rule is deleted
* Remove RuleUID from public error and data
* Improve fallback error in am config post
* Refactor to expand to time intervals
* Fix message on unchecked errors to be same as before
(cherry picked from commit 3397e8bf09)
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
SQLStore: Disable redundant create and drop unique index migrations on dashboard table (#86857)
SQLStore: Disable create and drop unique index migrations
(cherry picked from commit a5a3ee9fa3)
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
grafana-delivery-bot[bot]
Fayzal Ghantiwala
lean.dev
Diego Augusto Molina
Misi
Karl Persson
Alexander Zobnin
Stephanie Hingtgen
Yuri Tseretyan
Andreas Christou
Eric Leijonmarck
Ieva
Scott Lepper
Mihai Doarna
Laura Fernández