* Add health fields to rules and an aggregator method to the scheduler
* Move health, last error, and last eval time in together to minimize state processing
* Wire up a readonly scheduler to prom api
* Extract to exported function
* Use health in api_prometheus and fix up tests
* Rename health struct to status
* Fix tests one more time
* Several new tests
* Handle inactive rules
* Push state mapping into state manager
* rename to StatusReader
* Rectify cyclo complexity rebase
* Convert existing package local status implementation to models one
* fix tests
* undo RuleDefs rename
* adds Filter gRPC and make protobuf
* adds route for querying the filter gRPC
* wires up Filter gRPC call
* [WIP] index from start
* renames gRPC endpoint to "Search"
* adds /apis/search route into k8s routes. Hacky for now.
* updates readme - wrong casing
* adds feature toggle for unified storage search
* hides US search behind feature flag. Clean up print statements.
* removes indexer - will be added in another PR
* Search: Add API Builder
* adds required method
* implementing UpdateAPIGroupInfo (WIP)
* adds groupversion
* commenting out for now
* remove unneeded code from experimenting and update register.go to match interface required
* namespaces search route
---------
Co-authored-by: leonorfmartins <leonorfmartins@gmail.com>
Co-authored-by: Todd Treece <todd.treece@grafana.com>
* Alerting: Decrypt secure settings when testing receivers in the remote Alertmanager
* go work sync
* make update-workspace
* point to latest main in grafana/alerting
* unit test
* import definitions only once
* Replace Watch with WatchNext
* remove watchset
* fix previous page and closing the channel
* Remove the broadcaster cache to prevent dupplicated events
* add watch bookmark
* add watch bookmark
* cleanup comments
* disable the tests for bookmarks for now
* Ensure we send previosu events
* lint
* re-introduce the cache
* load from cache
* disabling legacy test
* disabling legacy test
* Update pkg/storage/unified/resource/server.go
Co-authored-by: Diego Augusto Molina <diegoaugustomolina@gmail.com>
* Could not read previous events
* add proper migration
* Add previous_resource_version to both history and resource
* First event should have an RV of 2 and not 1
* Test both storage backends
* fix the inital RV for the sql backend
* ensure graceful stop of the stream decoder
* gocyclo
---------
Co-authored-by: Diego Augusto Molina <diegoaugustomolina@gmail.com>
* Mark Scenes feature toggles as GA
* Move old arch e2e to a new folder
* Run E2E on scenes by default
* Upgrade e2e-selectors to ensure the tests in Playwright works
* Export folder store implementation
* Rename folder store
* Add folder store as a parameter to folder service
* Add folder store to dash service implementation
* Fix folder store comments
* Add showPolicies prop
* Add manage permissions component for easier reuse within alerting
* Add method for checking whether to show access control within alerting
* Remove accidental console.log from main
* Tweak styling for contact point width and add manage permissions drawer
* Improve typing for access control type response
* Add basic test for manage permissions on contact points list
* Only show manage permissions if grafana AM and alertingApiServer is enabled
* Update i18n
* Add test utils for turning features on and back off
* Add access control handlers
* Update tests with new util
* Pass AM in and add tests
* Receiver OSS resource permissions
There is a complication that is not fully addressed: Viewer defaults to read:*
and Editor defaults to read+write+delete:*
This is different to other resource permissions where non-admin are not granted
any global permissions and instead access is handled solely by resource-specific
permissions that are populated on create and removed on delete.
This allows them to easily remove permission to view or edit a single resource
from basic roles.
The reason this is tricky here is that we have multiple APIs that can
create/delete receivers: config api, provisioning api, and k8s receivers api.
Config api in particular is not well-equipped to determine when creates/deletes
are happening and thus ensuring that the proper resource-specific permissions
are created/deleted is finicky.
We would also have to create a migration to populate resource-specific
permissions for all current receivers. This migration would need to be reset so
it can run again if the flag is disabled.
* Add access control permissions
* Pass in contact point ID to receivers form
* Temporarily remove access control check for contact points
* Include access control metadata in k8s receiver List & Get
GET: Always included.
LIST: Included by adding a label selector with value `grafana.com/accessControl`
* Include new permissions for contact points navbar
* Fix receiver creator fixed role to not give global read
* Include in-use metadata in k8s receiver List & Get
GET: Always included.
LIST: Included by adding a label selector with value `grafana.com/inUse`
* Add receiver creator permission to receiver writer
* Add receiver creator permission to navbar
* Always allow listing receivers, don't return 403
* Remove receiver read precondition from receiver create
Otherwise, Creator role will not be able to create their first receiver
* Update routes permissions
* Add further support for RBAC in contact points
* Update routes permissions
* Update contact points header logic
* Back out test feature toggle refactor
Not working atm, not sure why
* Tidy up imports
* Update mock permissions
* Revert more test changes
* Update i18n
* Sync inuse metadata pr
* Add back canAdmin permissions after main merge
* Split out check for policies navtree item
* Tidy up utils and imports and fix rules in use
* Fix contact point tests and act warnings
* Add missing ReceiverPermissionAdmin after merge conflict
* Move contact points permissions
* Only show contact points filter when permissions are correct
* Move to constants
* Fallback to empty array and remove labelSelectors (not needed)
* Allow `toAbility` to take multiple actions
* Show builtin alertmanager if contact points permission
* Add empty state and hide templates if missing permissions
* Translations
* Tidy up mock data
* Fix tests and templates permission
* Update message for unused contact points
* Don't return 403 when user lists receivers and has access to none
* Fix receiver create not adding empty uid permissions
* Move SetDefaultPermissions to ReceiverPermissionService
* Have SetDefaultPermissions use uid from string
Fixes circular dependency
* Add FakeReceiverPermissionsService and fix test wiring
* Implement resource permission handling in provisioning API and renames
Create: Sets to default permissions
Delete: Removes permissions
Update: If receiver name is modified and the new name doesn't exist, it copies
the permissions from the old receiver to the newly created one. If old receiver
is now empty, it removes the old permissions as well.
* Split contact point permissions checks for read/modify
* Generalise getting annotation values from k8s entities
* Proxy RouteDeleteAlertingConfig through MultiOrgAlertmanager
* Cleanup permissions on config api reset and restore
* Cleanup permissions on config api POST
note this is still not available with feature flag enabled
* Gate the permission manager behind FF until initial migration is added
* Sync changes from config api PR
* Switch to named export
* Revert unnecessary changes
* Revert Filter auth change and implement in k8s api only
* Don't allow new scoped permissions to give access without FF
Prevents complications around mixed support for the scoped permissions causing
oddities in the UI.
* Fix integration tests to account for list permission change
* Move to `permissions` file
* Add additional tests for contact points
* Fix redirect for viewer on edit page
* Combine alerting test utils and move to new file location
* Allow new permissions to access provisioning export paths with FF
* Always allow exporting if its grafana flavoured
* Fix logic for showing auto generated policies
* Fix delete logic for contact point only referenced by a rule
* Suppress warning message when renaming a contact point
* Clear team and role perm cache on receiver rename
Prevents temporarily broken UI permissions after rename when a user's source of
elevated permissions comes from a cached team or basic role permission.
* Debug log failed cache clear on CopyPermissions
---------
Co-authored-by: Matt Jacobson <matthew.jacobson@grafana.com>
* Extract a helper funtion to perform list with authorization checks
* Add k8s verb to utils package
* Construct default mapping when no custom mapping is passed
* Configure authorization checks for service accounts
* Fix helper and add filtering to service accounts
* ManagedServiceAccounts: Add a config option to disabled by default
* Update log in pkg/services/extsvcauth/registry/service.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Cloud migrations: store resource name in the cloud_migration_resource table
* remove unused function: convertMigrateDataResponseToDTO
* make swagger-clean && make openapi3-gen
* use DB_Text for cloud_migration_resource.name instead of DB_Varchar
* Add mode switch in Query section
* Implement simple query mode : WIP
* fix logic switching mode
* move guard and get methodd to another folder
* Add more requiremts for being transformable from advanced to not advanced mode
* fix usig mode when it's not a grafana managed alert
* Show warning when switching to not advanced and its not possible to convert
* Add feature toggle alertingQueryAndExpressionsStepMode
* fix test
* add translations
* address PR feedback
* Use form context for sharing simplfied mode used, save in local storage and use the new fields in the api
* add check to valid reducer and threshold when switching to simplified mode
* Use only one expression list
* fix test
* move existing rule check outside storeInLocalStorageValues
* add id in InlineSwitch to handle onClick on label
* fix
* Fix default values when editing existing rule
* Update dto fields for the api request
* fix snapshot
* Fix recording rules to not show switch mode
* remove unnecessary Boolean conversion
* fix areQueriesTransformableToSimpleCondition
* update text
* pr review nit
* pr review part2
* Revert "chore: add replDB to team service (#91799)"
This reverts commit c6ae2d7999.
* Revert "experiment: use read replica for Get and Find Dashboards (#91706)"
This reverts commit 54177ca619.
* Revert "QuotaService: refactor to use ReplDB for Get queries (#91333)"
This reverts commit 299c142f6a.
* Revert "refactor replCfg to look more like plugins/plugin config (#91142)"
This reverts commit ac0b4bb34d.
* Revert "chore (replstore): fix registration with multiple sql drivers, again (#90990)"
This reverts commit daedb358dd.
* Revert "Chore (sqlstore): add validation and testing for repl config (#90683)"
This reverts commit af19f039b6.
* Revert "ReplStore: Add support for round robin load balancing between multiple read replicas (#90530)"
This reverts commit 27b52b1507.
* Revert "DashboardStore: Use ReplDB and get dashboard quotas from the ReadReplica (#90235)"
This reverts commit 8a6107cd35.
* Revert "accesscontrol service read replica (#89963)"
This reverts commit 77a4869fca.
* Revert "Fix: add mapping for the new mysqlRepl driver (#89551)"
This reverts commit ab5a079bcc.
* Revert "fix: sql instrumentation dual registration error (#89508)"
This reverts commit d988f5c3b0.
* Revert "Experimental Feature Toggle: databaseReadReplica (#89232)"
This reverts commit 50244ed4a1.
* feat: add setup guide in home tab
* chore: add feature toggle for setup guide
* chore: add feature toggle for sub menu
* chore: run pretier
* chore: run i18n
* chore: run generated files again
* chore: update description
* chore: update comment to trigger test flow
* chore: trigger test
* chore: fix styling
* Add separate folder registration function
* Convert to k8s resource directly after legacy create
* Use create command when creating folders
* Set additional fields when converting to k8s resource
* Add created/updated timestamps during conversion
* Refactor UnstructuredToLegacyFolderDTO
* Return errors when doing k8s conversions
Alexander Weaver
owensmallwood
Santiago
Matheus Macabu
Marcus Efraimsson
Bruno
Georges Chaudy
Ivan Ortega Alba
Arati R.
Adela Almasan
Yuri Tseretyan
Isabella Siu
Tom Ratcliffe
Karl Persson
Misi
Konrad Lalik
Artur Wierzbicki
Tobias Skarhed
Roberto Jiménez Sánchez
Gabriel MABILLE
Ryan McKinley
Michael Mandrus
Steve Simpson
linoman
Todd Treece
Sonia Aguilar
Jeff Levin
Alexander Akhmetov
Serena
Matthew Jacobson
Andres Martinez Gotor
maicon
Andreas Christou