Alerting: Protect sensitive fields of contact points from unauthorized modification
- Introduce a new permission alert.notifications.receivers.protected:write. The permission is granted to contact point administrators.
- Introduce field Protected to NotifierOption
- Introduce DiffReport for models.Integrations with focus on Settings. The diff report is extended with methods that return all keys that are different between two settings.
- Add new annotation 'grafana.com/access/CanModifyProtected' to Receiver model
- Update receiver service to enforce the permission and return status 403 if unauthorized user modifies protected field
- Update receiver testing API to enforce permission and return status 403 if unauthorized user modifies protected field.
- Update UI to disable protected fields if user cannot modify them
Co-authored-by: Sonia Aguilar <soniaaguilarpeiron@gmail.com>
* Secrets: Refactor data_key_id out of the encoded secure value payload (#111852)
* everything compiles
* tests pass
* remove file included by accident
* add entry to gitignore
* some scaffolding for the migration executor
* remove file
* implement and test the migration
* use xkube.Namespace in our interfaces
* add todo
* update wire deps
* add some logs
* fix wire dependency ordering
* create tests to validate error conditions during migrations
* only run the migration as an MT api server
* formatting issues
* change detection of secrets running as MT server
* add todo
* use more specific initializer flags
* make secrets playwright tests work
* set new properties to true by default
* remove developer mode flag
* fix unit tests
* wip
* wip
* wip
(cherry picked from commit 8cedf25892)
* Search seems to be working, the validation is still wip
* Use keyword.Name analyzer for Filterable fields
* Only string fields should be indexed with keyword analyzer
* Change search query for email and login fields to use term query
* Remove unnecessary Exact from the resource protobuf definitions
Co-Authored-By: Ryan McKinley <ryantxu@gmail.com>
* Add legacy search support to the API
* Tests for legacy search, validate and integration tests for user
* Lint
* Add snapshot tests to userDocumentBuilder
* Address CodeQL issues
* Improvements, handle Mode2, tests should pass
* Change default limit from 0 to 1 for requests
* Cleanup
* Add fixme
* Update pkg/registry/apis/iam/register.go
Co-authored-by: Stephanie Hingtgen <stephanie.hingtgen@grafana.com>
* Update pkg/registry/apis/iam/user/legacy_search.go
Co-authored-by: Stephanie Hingtgen <stephanie.hingtgen@grafana.com>
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
Co-authored-by: Stephanie Hingtgen <stephanie.hingtgen@grafana.com>
* implement the update method for team bindings
* fix lint error
* add integration tests
* add integration test for non existing team binding
* try to fix lint error
* fix: SQLite truncate with retry/backoff on busy/locked errors
* fix: use retryer package for retrying SQLite TruncateDBTables
* fix: use dskit/backoff package to return last error
* fix: do not log number of attempts
* implement create method for team bindings
* generate openapi specs
* enable dual writer for team bindings
* add validation rules
* generate openapi
* add integration tests and fix remaining issues
* fix validation test
* use UIDs instead of IDs to build team binding name
* use IDs when generating the TeamBinding name
* fix build error
* remove time truncate
* remove unused compat functions
* update to alerting module from pr
* replace IntegrationConfig with IntegrationSchemaVersion
* safely resolve a string into integration type
* change usages of integration config
* update alerting module
* replace compat with ones from alerting
* update type references Receiver and Integration to *Status
* update route in provisioning test that is invalid after recent change
* use right type for LINE ingtegration
* implement team update in legacy store
* add unit tests
* add integration test
* set permissions for user in integration tests
* add more integration tests for update
* update validations
* add unit tests for ValidateOnUpdate() func
* fix integration test
Yuri Tseretyan
Ryan McKinley
Stephanie Hingtgen
Misi
Michael Mandrus
Todd Treece
Mihai Doarna
Rafael Bortolon Paulovic
Rafael Bortolon Paulovic
Peter Štibraný
Bruno Abrantes
Georges Chaudy
Ieva
beejeebus
Austin Pond
Zoltán Bedi
Will Assis
Andreas Christou
Jean-Philippe Quéméner