* Alerting: Protect sensitive fields of contact points from
unauthorized modification
- Introduce a new permission alert.notifications.receivers.protected:write. The permission is granted to contact point administrators.
- Introduce field Protected to NotifierOption
- Introduce DiffReport for models.Integrations with focus on Settings. The diff report is extended with methods that return all keys that are different between two settings.
- Add new annotation 'grafana.com/access/CanModifyProtected' to Receiver model
- Update receiver service to enforce the permission and return status 403 if unauthorized user modifies protected field
- Update receiver testing API to enforce permission and return status 403 if unauthorized user modifies protected field.
- Update UI to disable protected fields if user cannot modify them
**What is this feature?**
Add `rule_matcher` filter to the Prometheus-compatible list rules API: `/api/prometheus/grafana/api/v1/rules`. It allows to filter rules by static labels (not by alert instance labels).
**Special notes:**
- Equality (`=`) and inequality (`!=`) matchers are pushed down to the database. Regex matchers (`=~`, `!~`) are applied in-memory at the API layer.
- SQLite: Uses GLOB pattern matching
- MySQL / PostgreSQL: Use JSON functions to compare label values
---------
Co-authored-by: Konrad Lalik <konradlalik@gmail.com>
Part 2 of adding version messages to the `alert_rule_version` able. This allows
setting the message via a header when using the Prometheus conversion API,
which can be useful for e.g. linking changes back to source control.
To better observe and identify performance bottlenecks in the prometheus rules API.
The following spans were added:
- `api.prometheus.RouteGetRuleStatuses`
- `api.prometheus.PrepareRuleGroupStatusesV2`
The `api.prometheus.PrepareRuleGroupStatusesV2` includes attributes to capture the parameters used in the request to help with debugging and performance analysis.
* Deprecating features.IsEnabled
* add one more nolint
* add one more nolint
* Give better hints to devs in the deprecation message of IsEnabledGlobally
* adding more doc strings
* fix linter after rebase
* Extend deprecation message
This adds a `message` column to the `alert_rule_version` table. This follows the
pattern established for dashboards as closely as possible. A new type is
introduced internally for passing the new `message` field around in a type-safe
manner, but doing the same for the API types becomes very messy. In that case, a
new field is added with omitempty.
Note this PR is only:
- The column addition
- The "read" path; API for listing versions
Subsequent PRs will add code to actually set the message when updating rules.
* add support for converting Mimir integrations to Integration
* implement imported config revision
* update service to load staged receivers if configured
* make sure non-Grafana origin cannot be mutated
* set access control metadata for imported origin
* set includeImported from feature flag. Disabled for service used by provisioning
* add tests for new functionality
* add snapshot-based integration test
* remove unused compat functions
* update to alerting module from pr
* replace IntegrationConfig with IntegrationSchemaVersion
* safely resolve a string into integration type
* change usages of integration config
* update alerting module
* replace compat with ones from alerting
* update type references Receiver and Integration to *Status
* update route in provisioning test that is invalid after recent change
* use right type for LINE ingtegration
* Revert "Alerting: Generate simplified routing routes with old fingerprint function (#111893)"
This reverts commit 0da9d49896.
* Add alertingUseNewSimplifiedRoutingHashAlgorithm flag
* Alerting: Add feature toggle to use the old simplified routing hash generation
* update tests to assert against snapshot
* remove channel_config package replaced by schemas from alerting module
* update references to use new schema
This lets the prometheus api respect NoGroup query logic and treat non-grouped rules consistently.
Co-authored-by: William Wernert <william.wernert@grafana.com>
Rules created in the new api makes the rule have no group in the database, but the rule is returned in the old group api with a sentinel group name formatted with the rule uid for compatiblity with the old api.
This makes the UI continue to work with the rules without a group, and the ruler will continue to work with the rules without a group.
Rules are not allowed to be created in the provisioning api with a NoGroup sentinel mask, but NoGroup rules can be manipulated through both the new and old apis.
Co-authored-by: William Wernert <william.wernert@grafana.com>
tlsConfig -> tls_config
hmacConfig -> hmac_config
tls_config export still does not match TF provider, as the provider currently
treats tls_config as a schemaless map. Once this is improved, they will now
match.
* docs(openapi): Cleanup tag usage and minor fixes
* Add missing change
* More fixes
* make swagger-gen
* Remove unused documentation
* Update pkg/services/publicdashboards/api/query.go
Co-authored-by: Artur Wierzbicki <artur@arturwierzbicki.com>
* Run make swagger-gen
* Run make openapi3-gen
---------
Co-authored-by: Artur Wierzbicki <artur@arturwierzbicki.com>
This reintroduces database pagination for the Prometheus API for rules.
Follow up for #109558 to use the new pagination format.
Note: This changes the sort-order to use `NamespaceUID` instead of the fully qualified Folder path. This also changes the cursor format to use the `NamespaceUID` instead of the Folder path and to be in a reverisble format.
This reintroduces store level pagination, without using it in the prometheus API yet.
Related to #108633
Co-authored-by: William Wernert <william.wernert@grafana.com>
Yuri Tseretyan
Alexander Akhmetov
Santiago
William Wernert
Steve Simpson
Alexander Soelberg Heidarsson
Moustafa Baiou
Denis Vodopianov
alerting-team[bot]
Dave Henderson
Tito Lins
Ryan McKinley
Peter Štibraný
Matthew Jacobson
Thomas Casteleyn