Alerting: Re-encrypt existing contact points before get and patch in legacy config API (#101263)
* Test covering Get+Save interaction for newly secret fields
* Alerting: Re-encrypt existing contact points before get and patch
(cherry picked from commit b73c59547c)
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
* Chore: Bump github.com/go-jose/go-jose/v3 to v3.0.4
* Chore: Bump github.com/ua-parser/uap-go to v0.0.0-20250213224047-9c035f085b90
* Chore: Bump golang.org/x/net to v0.36.0
* Chore: Use github.com/moby/moby version 27.4.1 instead of 26.0.0
* Chore: Bump github.com/openfga/openfga to v1.8.5
* CI: Remove unused release_publisher scripts (#101019)
* Remove the unused `release_publisher` script.
* Remove the "whats new check" in Drone.
* Automatically set the What's New URL in releases based on the tagged version.
(cherry picked from commit 49e5f77dd1)
* rerun?
Chore: Bump glog in pkg/codegen to v1.2.4 to fix vulnerability (#101126)
Chore: Bump glog pkg/codegen to v1.2.4 to fix vulnerability
(cherry picked from commit 35b218fe10)
Plugin Metrics: Eliminate data race in plugin metrics middleware (#99396)
fix: eliminate data race in plugin metrics middleware
A data race was detected when multiple goroutines accessed the `MetricsMiddleware`
simultaneously. The race occurred because a single `MetricsMiddleware` instance
was being shared across goroutines while its `BaseHandler` field was being
modified during middleware chain setup.
Fix by creating a new `MetricsMiddleware` instance for each middleware chain,
while safely sharing the thread-safe Prometheus metrics and plugin registry.
This maintains proper metrics collection while eliminating the mutable shared
state that caused the race condition.
Original error was detected here:
```
WARNING: DATA RACE
Read at 0x00c0039c0790 by goroutine 4486:
github.com/grafana/grafana-plugin-sdk-go/backend.(*ErrorSourceMiddleware).CallResource()
/Users/clord/src/grafana/irm-devstack/.devenv/state/go/pkg/mod/github.com/grafana/grafana-plugin-sdk-go@v0.261.0/backend/error_source_middleware.go:93 +0x40
github.com/grafana/grafana-plugin-sdk-go/backend.BaseHandler.CallResource()
...
```
(cherry picked from commit e74cf72d99)
Co-authored-by: Christopher Lord <christopher.lord@grafana.com>
Alerting: Call RLock() before reading sendAlertsTo map (#99812)
* Alerting: Call RLock() before reading sendAlertsTo map
* defer unlocking
* drive-tru fix for another lock
* less time holding the lock in SyncAndApplyConfigFromDatabase
(cherry picked from commit 39f212a965)
Co-authored-by: Santiago <santiagohernandez.1997@gmail.com>
Azure: Improve resource request error handling (#99017)
* Improve resource request error handling
- Correctly parse JSON responses
- Log erroneous failures in JSON marshalling/unmarshalling
- Correctly set response status code
- Do not attempt to use the response writer as it will be nil
* Minor change
* Improve type assertion handling
(cherry picked from commit f6194931f5)
Co-authored-by: Andreas Christou <andreas.christou@grafana.com>
* feat: update to Go 1.23.5
* chore: make drone
* chore: make update-workspace
* fix: 1.23.5, not 1.23.4
* fix: update in Makefile
* CI: Force re-build
* Zanzana: Remove usage from legacy access control
* remove unused
* remove zanzana client from services where it's not used
* remove unused metrics
* fix linter
* Plugins: Disable SRI checks for filesystem plugins
* Plugins: Disable SRI checks for filesystem plugins
* Update tests
* Lint
* Check for cdn enabled rather than just plugin class
* ops
* Update tests
* lint
* Chore: Bump Go to 1.23.4
This is done in preparation of updating the App SDK library we import, as it has bumped its Go version to 1.23.4 as well.
* Chore: make update-workspace
* add two dummy feature toggles to use for testing potential AB testing setup
* update betterer
* update auto generated files
* fix camelcase test case
* update github.com/prometheus/prometheus to v0.301.0
* have an adapter for infra logger
* go mod tidy and go work sync
* remvoe the cuelang.org/go replace
* remove slog_adapter
* Zanzana: Setup GRPC authentication in client/server mode
* don't use grpcutils
* refactor
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Add a namespace stub for in-proc mode
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Read parameters from config
* authorize server requests
* add namespace to the tests context
* use stack id from config
* simplify authorize func
* properly format namespace
* return Unauthenticated if namespace is empty
* use insecure cred only in dev env
* check request namespace
* Use CallCredentials API for client auth
* provide config
* fail if stack id is missing
* improve error message
* use insecure connection by default
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Alerting: PoC - default template in k8s templategroup API
* Move code to grafana/alerting
* Move validation to admission validation abstraction
* Testing
* Linting
* Workspace update
* Update grafana/alerting hash to the merged commit
* More user-friendly name and remove need for CREATE/UPDATE validation
Use __default__ for k8s object name and UID so that we don't need to restrict
CREATE/UPDATE for similarly named user-owned templates.
* wip
* make tests pass
* get all tests passing
* fixes
* some small cleanup
* fix test
* convert delimiter keys to struct keys
* dont execute empty sql statement
* remove printlns
* fix unit test
* a bit more cleanup
* whoops
Ashley Harrison
grafana-delivery-bot[bot]
Robby Milo
Matheus Macabu
Jack Baldry
Kevin Minehart
Matthew Jacobson
github-actions[bot]
Moustafa Baiou
Yuri Tseretyan
Mariell Hoversholm
Alexander Zobnin
Giuseppe Guerra
Gabriel MABILLE
Ieva
maicon
Nathan Marrs
dependabot[bot]
Sarah Zinger
ismail simsek
Ryan McKinley
Stephanie Hingtgen
Karl Persson
Eric Leijonmarck
Daniel-Davies
Scott Lepper
Ida Štambuk
Selene
Michael Mandrus
Alexander Akhmetov