Alerting: Re-encrypt existing contact points before get and patch in legacy config API (#101263)
* Test covering Get+Save interaction for newly secret fields
* Alerting: Re-encrypt existing contact points before get and patch
(cherry picked from commit b73c59547c)
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
* Zanzana: Remove usage from legacy access control
* remove unused
* remove zanzana client from services where it's not used
* remove unused metrics
* fix linter
* Alerting: PoC - default template in k8s templategroup API
* Move code to grafana/alerting
* Move validation to admission validation abstraction
* Testing
* Linting
* Workspace update
* Update grafana/alerting hash to the merged commit
* More user-friendly name and remove need for CREATE/UPDATE validation
Use __default__ for k8s object name and UID so that we don't need to restrict
CREATE/UPDATE for similarly named user-owned templates.
* Wire up sprinkles to oss and enterprise. Fetching sprinkles not implemented yet.
* Adds wireset for initializing document builders. Had to init it when creating the service to avoid cyclical imports.
* updates to int64 for stats
* adds config for sprinklesApiServer and gets sprinkles from there when its present
* add comment for later
* adds feature toggle for sprinkles. returns empty results when flag not enabled.
* adds unified storage config setting for sprinkles apiserver page limit
* fixes bug where dashboard uid was not getting set
* when creating dashboard summary, use metadata.name as the dashboard uid
* cleans up wire. use existing oss and enterprise sets to generate doc builders
* remove old wireset
* fix linter - adds missing arg for doc builders
* update dashboard stats in tests
* updates test-data dashboards
* log a warning instead of returning an error if we can't get sprinkles for a namespace
* dont read uid from dashboard json
* Implement k8s count handler
* Fix endpoint
* Fix type converstions
* Add tests for foldercounts
* Add more tests
* Only use sql-fallback if no values in unistore
* Update gomod
* Fix test
* Update pkg/api/folder_test.go
Co-authored-by: Bruno Abrantes <bruno.abrantes@grafana.com>
* Go.mod
---------
Co-authored-by: Bruno Abrantes <bruno.abrantes@grafana.com>
I don't see a reason to accept a variable amount here, as we never use it. The only use I can see is optionally
including the opts, which isn't necessary and only complicates matters when an empty struct would do just as well: the
options are all created to be assumed zero-values already, in case a test doesn't need that option set.
* create notifications module and generate models
* switch template group to app models
* switch time intervals to use app models
* switch receiver to use app models
* switch routing tree to use app models
* move schema registration to resource packages
* fix package names to match app
* fix codeowners
* fix UI to use metadata.name instead of uid
* update dockerfile
* move generated models to pkg
* remove provenance from field selector
* move client factories to test files
* rename GenericClient to TypedClient
* Support importing local cue modules when generating TS types with cog
* Generate enums as unions of values instead of an actual `enum` statement
* Update transformers to use the new TS enums
* Update go workspaces
---------
Co-authored-by: Ivan Ortega <ivanortegaalba@gmail.com>
* Enable getting folders with kubernetes client
* Add TestIntegrationFolderGetPermissions
* Set full path as part of legacy get
* Replace implementation for setting fullpath
* Add folder get test
* Escape forward slash in parent titles
* Replace test for access control metadata
* Add test case to TestIntegrationFolderGetPermissions
* Improve fetching of access control
* Support delete endpoint for folders
* Include authorizer
* Add test for delete verb
* Add delete command to delete options
* Pass query string to context to admission
* Dont support nested folder deletion for now
* Skip test if feature flag is present
* Add test case
* Remove comment
* Only rely on the storage type config to run alerting tests
* Dont change legacy subpath
* Remove unised function
* Add test case when an editor can delete alert rules
* Lint
* Fix folder status error message
* Add test for folder creation response message
* Add TestFoldersCreateAPIEndpointK8S fixes
* Fix message returned when user has no permissions
* Introduce new models RoutingTree, RouteDefaults and Route and api-server to serve them that is backed by provisioning notification policy service.
* update method UpdatePolicyTree of notification policy service to return route and new version
* declare new actions alert.notifications.routes:read and alert.notifications.routes:write and two corresponding fixed roles.
---------
Co-authored-by: Tom Ratcliffe <tom.ratcliffe@grafana.com>
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
* extracted in-proc mode to #93124
* allow insecure conns in dev mode + refactoring
* removed ModeCloud, relying on ModeGrpc and stackID instead to discover if we're running in Cloud
* remove the NamespaceAuthorizer would fail in legacy mode. It will be added back in the future.
* use FlagAppPlatformGrpcClientAuth to enable new behavior, instead of legacy
* extracted authz package changes in #95120
* extracted server side changes in #95086
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: gamab <gabriel.mabille@grafana.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
* ds-querier: return QDR instead of k8s error
After parseQuery we know the request is a valid k8s request but we don't
know if the query is valid, therefore this change returns a QDR that
other systems, e.g. alerting ruler, can de-serialize properly.
Co-authored-by: Gábor Farkas <gabor.farkas@gmail.com>
* ds-querier: fix tests
Co-authored-by: Sarah Zinger <sarah.zinger@grafana.com>
* tweak status
* refactor refID to empty
---------
Co-authored-by: Gábor Farkas <gabor.farkas@gmail.com>
Co-authored-by: Sarah Zinger <sarah.zinger@grafana.com>
* All objects should have an UID
* Now with a different error message
* Simplify create on DW 2: use the same object to write to both storages
* Run only one test
* Add check for status code
* Add name if it's not present in mode2
* Populate UID in legacy
* Remove logs and commented code
* Change dualwriter1
* Remove commented code
* Fix list test
* remove get on update from dualwriter 2
* Get object before updating. Better var renaming
* Finish rebasing
* Comment test
* Uncomment tests
* Update legacy first. Add preconditions
* Remove preconditions
* Fix update test
* copy RV from unified to legacy objects
* revert changes to playlist xorm store
* Improve logging. Add go routines for mode3
* Add tests for async funcs in mode3
* Lint
* Lint
* Lint. Start to fix tests
* Fix watcher tests
* Fix store tests
* Fiinish fixing watcher tests
* Fix server tests
* add name check
* Update pkg/apiserver/rest/dualwriter_mode1.go
Co-authored-by: Bruno Abrantes <bruno.abrantes@grafana.com>
* All objects should have an UID
* Now with a different error message
* Simplify create on DW 2: use the same object to write to both storages
* Run only one test
* Add check for status code
* Add name if it's not present in mode2
* Populate UID in legacy
* Remove logs and commented code
* Change dualwriter1
* Remove commented code
* Fix list test
* remove get on update from dualwriter 2
* Get object before updating. Better var renaming
* Finish rebasing
* Comment test
* Uncomment tests
* Fix update test
* revert changes to playlist xorm store
* Improve logging. Add go routines for mode3
* Lint
* Fix watcher tests
* Fiinish fixing watcher tests
* Add mode 5 with etcd test case. Add early check to fail on populated RV in payload
* we can't set RV to the found object when updating
* Lint
* Don't fail on update playlists
* Name should not be different when updating and it should be not empty on creating
* Fix tests
* Update pkg/apiserver/rest/dualwriter_mode2.go
Co-authored-by: Todd Treece <360020+toddtreece@users.noreply.github.com>
* Lint
* Fix mode 5 tests
* Lint
* Add generateName condition on every mode. Fix tests
* Lint
* Add condition on where name or generate name have to be set
* Fix test
* Lint
* Fix folders test
* We dont need to send name for mode1
* Fail if UID is not present
* Remove change from not running test
* Remove unused line
* Lint
* Update pkg/storage/unified/apistore/store.go
Co-authored-by: Todd Treece <360020+toddtreece@users.noreply.github.com>
* Improve error message
* Fix broken watcher test
* Fail on name mismatch on update
* Remove log
* Make sure UIDs match on create in both stores
* Lint
* Write first to unified storage
* Remove uid setting
* Remove RV only in mode2
* Fix test. Remove log line
* test
* No need to asser on RV in mode3
* Remove RV check due to race condition
* Update dualwriter.go
Co-authored-by: Georges Chaudy <chaudyg@gmail.com>
* Update pkg/storage/unified/client.go
* remove unused parameter
* log an error for object is missing UID instead of returning an error
* remove obj.SetResourceVersion("")
* log an error for object is missing UID instead of returning an error
* FInalise merge
* Move RV check to where it was
* Remove name check
* Remove server check for backwards compatibility
* Remove unused fn
* Move test checks for another PR
* Dont commit go work sum changes
* Only log error if RV is present for now.
---------
Co-authored-by: Todd Treece <todd.treece@grafana.com>
Co-authored-by: Bruno Abrantes <bruno.abrantes@grafana.com>
Co-authored-by: Todd Treece <360020+toddtreece@users.noreply.github.com>
Co-authored-by: Georges Chaudy <chaudyg@gmail.com>
