* Auth: Google OAuth consent prompt takes precedence when use_refresh_token is true
* Auth: Disable login prompt option for Google OAuth when use_refresh_token is true
* yarn run prettier:check --write
* feedback: validate login prompt when use_refresh_token is true
* Explore: Add custom text highlighting to logs panel
Add ability to select text in log lines and highlight all occurrences
with persistent colors. Highlights are stored in URL state and cycle
through the theme's visualization palette.
- Add CustomHighlight type to ExploreLogsPanelState
- Implement LogListHighlightContext for state management
- Generate custom highlight grammar using Prism.js tokens
- Add "Highlight occurrences" option to popover menu
- Add "Reset highlights" control when highlights exist
- Fix pruneObject to preserve colorIndex: 0 in URL state
* Fix CI failures: formatting and i18n extraction
- Run prettier on LogLine.tsx
- Run i18n-extract to update translation strings
* Fix lint errors
- Use theme.shape.radius.default instead of literal '2px' in LogLine.tsx
- Remove unnecessary type assertion in grammar.ts
* Fix TypeScript error in grammar.ts
Use Record<string, GrammarValue> type for dynamic grammar object to allow string indexing without type assertions.
* Replace hardcoded HIGHLIGHT_COLOR_COUNT with actual theme palette length
Use useTheme2() hook to dynamically get the palette length instead of
hardcoding it to 50. This ensures the color cycling works correctly
regardless of the actual theme palette size.
* Backtrack to a stable point and revert changes
* Implement using search
* New translations
* LogListSearch: refactor search state
* PopoverMenu: add divider
* LogLine: remove padding and update border radius
* LogListSearch: add missing tooltips
* Refactor keybindings
* More cleanup
* LogListSearch: don't autoscroll with filterLogs
---------
Co-authored-by: Matias Chomicki <matyax@gmail.com>
* deps(go): bump the k8s-io group across 2 directories with 2 updates
Bumps the k8s-io group with 1 update in the / directory: [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator).
Bumps the k8s-io group with 1 update in the /hack directory: [k8s.io/code-generator](https://github.com/kubernetes/code-generator).
Updates `k8s.io/kube-aggregator` from 0.34.2 to 0.34.3
- [Commits](https://github.com/kubernetes/kube-aggregator/compare/v0.34.2...v0.34.3)
Updates `k8s.io/code-generator` from 0.34.2 to 0.34.3
- [Commits](https://github.com/kubernetes/code-generator/compare/v0.34.2...v0.34.3)
---
updated-dependencies:
- dependency-name: k8s.io/kube-aggregator
dependency-version: 0.34.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: k8s-io
- dependency-name: k8s.io/code-generator
dependency-version: 0.34.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: k8s-io
...
Signed-off-by: dependabot[bot] <support@github.com>
* update all
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* Alerting: Protect sensitive fields of contact points from
unauthorized modification
- Introduce a new permission alert.notifications.receivers.protected:write. The permission is granted to contact point administrators.
- Introduce field Protected to NotifierOption
- Introduce DiffReport for models.Integrations with focus on Settings. The diff report is extended with methods that return all keys that are different between two settings.
- Add new annotation 'grafana.com/access/CanModifyProtected' to Receiver model
- Update receiver service to enforce the permission and return status 403 if unauthorized user modifies protected field
- Update receiver testing API to enforce permission and return status 403 if unauthorized user modifies protected field.
- Update UI to disable protected fields if user cannot modify them
update rudderstack init logic
to rely on existence of old or new sdk config option being set and only defer to feature toggle if both or neither is set
* Alerting: Improve ASH Loki query efficiency by including folderUID
Previously, the folderUID label was only included when ruleUID was not specified
and the user did not have full alert rule read permissions.
To improve ASH Loki query efficiency, this PR includes the folderUID in the ASH
Loki query when ruleUID is specified, even if the user has full alert rule read
permissions.
Some non-obvious considerations:
- The naive implementation of just including the current folder UID would have
the unintended side-effect of no longer returning history after a rule is moved
between folders.
- The previous implementation made the trade-off of only checking RBAC on the
current folder, including any history from old folders that may exist.
To solve both of the above, we make an extra query to the database to check the
alert rule's previous versions so we can include any old folderUIDs, checking
RBAC at the same time.
The querying and inclusion of history from old folders is done best-effort, any
issues that might arise are logged and ignored so as not to prevent the current
folder history.
* Fix merge conflicts
* Reduce scanning on GetAlertRuleVersionFolders by grouping in query
* refactor: delegate authorization to access checker in dualwriter
- Remove role-based authorization checks (editor/admin role checks)
- Delegate all authorization to access checker which checks resource-level permissions
- Update authorizeCreateFolder to use access checker instead of role-based checks
- Add comprehensive authorization tests for viewer, editor, and admin roles
- Tests cover GET, POST, PUT, DELETE operations and folder creation
This change ensures that authorization is consistently handled through
the access checker, which checks resource-level permissions rather than
just organization roles.
* fix: format files_test.go
* fix: check error return value of resp.Body.Close()
* fix: grant permissions to all dashboards for editor role in authorization test
Use SetPermissions with wildcard to grant permissions to Editor user
for all dashboards, not just the initial one. This ensures that dashboards
created during tests (like in DELETE operations) have the necessary
permissions for the editor role.
* maybe better way to attach meta?
* chore(plugin-extensions): remove todo comment
---------
Co-authored-by: Ashley Harrison <ashley.harrison@grafana.com>
**What is this feature?**
Add `rule_matcher` filter to the Prometheus-compatible list rules API: `/api/prometheus/grafana/api/v1/rules`. It allows to filter rules by static labels (not by alert instance labels).
**Special notes:**
- Equality (`=`) and inequality (`!=`) matchers are pushed down to the database. Regex matchers (`=~`, `!~`) are applied in-memory at the API layer.
- SQLite: Uses GLOB pattern matching
- MySQL / PostgreSQL: Use JSON functions to compare label values
---------
Co-authored-by: Konrad Lalik <konradlalik@gmail.com>
Mustafa Sencer Özcan
Victor Cinaglia
Ryan McKinley
Kevin Minehart
Oleg Zaytsev
Matias Chomicki
Ashley Harrison
Rafael Bortolon Paulovic
Torkel Ödegaard
Erik Sundell
dependabot[bot]
Hugo Häggmark
grafana-pr-automation[bot]
Jacob Valdez
github-actions[bot]
Ivan Ortega Alba
Renato Costa
Yuri Tseretyan
Luminessa Starlight
Matthew Jacobson
Daniele Stefano Ferru
Roberto Jiménez Sánchez
Alexander Akhmetov
Tobias Skarhed
mohammad-hamid
Sarah Zinger
Jack Westbrook
Misi
Dominik Prokop
Kristina Demeshchik
Marc M.
Oscar Kilhed
Andres Martinez Gotor
Yulia Shanyrova
Levente Balogh