* Change dash permission check for dashboards that are moved to a different folder
(cherry picked from commit 6923b4c6c6)
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Alerting: Provisioning message templates (#48665)
* Generate API for writing templates
* Persist templates app logic layer
* Validate templates
* Extract logic, make set and delete methods
* Drop post route for templates
* Fix response details, wire up remainder of API
* Authorize routes
* Mirror some existing tests on new APIs
* Generate mock for prov store
* Wire up prov store mock, add tests using it
* Cover cases for both storage paths
* Add happy path tests and fix bugs if file contains no template section
* Normalize template content with define statement
* Tests for deletion
* Fix linter error
* Move provenance field to DTO
* empty commit
* ID to name
* Fix in auth too
(cherry picked from commit 0f56462fbe)
* ErrorContains -> Error then Contains
Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com>
* Alerting: add safeguard for migrations that might cause dataloss
* add test for panic
* add documentation
(cherry picked from commit 0a87ef06af)
Co-authored-by: Jean-Philippe Quéméner <JohnnyQQQQ@users.noreply.github.com>
* Alerting: Add provisioning GET routes for message templates (#48367)
* Template service
* Add GET routes and implement them
* Generate mock for persist layer
* Unit tests for reading templates
* Set up composition root and get integration tests working
* Fix prealloc issue
* Extract setup boilerplate
* Update AuthorizationTest
* Rebase and resolve
* Fix linter error
(cherry picked from commit 735822e48a)
* Avoid latest require features
Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com>
Invalid PostableSilences could be passed to the Alerting API - if they
are passed all the way down into the alertmanager data layer, they can
cause a panic. This change adds validation to avoid a panic in the
alertmanager.
(cherry picked from commit 103087a1a5)
Co-authored-by: Joe Blubaugh <joe.blubaugh@grafana.com>
* Alerting: Create fewer contact points on migration
Previously a new contact point was created for every unique combination
of channels attached to any legacy alert. This was very hard to maintain,
requiring modifications in every generated contact point.
This change deduplicates the generated contact points to a more
reasonable state. There should now only be one contact point per legacy
channel, and we attached multiple contact points to a route by nesting
them. The sole exception to this is if there were multiple default
legacy channels, in which case we create a redundant contact point
containing all of them used only in the root policy. This allows for a
much simpler notification policy structure.
Co-authored-by: gotjosh <josue.abreu@gmail.com>
(cherry picked from commit 0301d956da)
* Test composition simplification from last PR
* Policies use proper API model everywhere
* Expose policy provenance in API, miss some dep injection
* Complete injection
* fix args
* Tests for provenance value
* Extract test helpers so tests are very readable
* Single source adapter struct that was copied in 3 places
* Drop redundant test
* Resolve merge conflicts on changelog
(cherry picked from commit 8310789ef1)
Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com>
* Alerting: Refactor GET/POST alerting config routes to be more extensible (#47229)
* Refactor GET am config to be extensible
* Extract post config route
* Fix tests
* Remove temporary duplication
* Fix broken test due to layer shift
* Fix duplicated error message
* Properly return 400 on config rejection
* Revert weird half method extraction
* Move things to notifier package and avoid redundant interface
* Simplify documentation
* Split encryption service and depend on minimal abstractions
* Properly initialize things all the way up to the composition root
* Encryption -> Crypto
* Address misc feedback
* Missing docstring
* Few more simple polish improvements
* Unify on MultiOrgAlertmanager. Discover bug in existing test
* Fix rebase conflicts
* Misc feedback, renames, docs
* Access crypto hanging off MultiOrgAlertmanager rather than having a separate API to initialize
(cherry picked from commit 758364e78b)
* Empty commit to kick PR build
Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com>
* refactor RBAC checks
* fix a test
* another test fix
* and another
(cherry picked from commit 68ca5b2e05)
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
This commit adds a new method GetRuleGroups to RuleStore which returns the set of rule groups across all organizations.
(cherry picked from commit d66fc6ed1a)
Co-authored-by: George Robinson <george.robinson@grafana.com>
* refactor: renaming service-accounts to serviceAccounts
* refactor: renaming service-accounts to serviceAccounts in docs
* tests
(cherry picked from commit 8677552dda)
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
Adds tests for:
what circumstances should trigger alert migration from legacy alerting to unified alerting.
the execution of the migration itself.
Co-authored-by: gotjosh <josue.abreu@gmail.com>
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
Before this change, notifications generated by the Grafana Alertmanager
pointed to '/alerting/:ruleID/edit'. This change instead points them to
the view path '/alerting/grafana/:ruleID/view'. The view page has a
better UX, including timeseries display. It's also where many alert
state improvements will land in the next few versions of Grafana.
Fixes#45301
Signed-off-by: Joe Blubaugh <joe.blubaugh@grafana.com>
(cherry picked from commit 3d91047e6e)
Co-authored-by: Joe Blubaugh <joe.blubaugh@grafana.com>
* Update API Keys UI to adjust based on users permissions
Since API Keys support now RBAC we need to ensure that UI
is adjusted based on the user permissions.
* Applying PR suggestions
(cherry picked from commit cbd2d09d70)
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
* Create fixed roles for reading API Keys and service accounts
* Handle PR comments and fix the listing of token
(cherry picked from commit 782ec05d8c)
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
* WIP
* fix: bug for saving name did not remove edit
* refactor: better error msg
* Display the column Roles even when user can't see the role picker
* Remove spaces when building the search query request
* Disable Edit button and fix token addition and deletion
* Fix the error message text
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
(cherry picked from commit b43e9b50b4)
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
* use common traceID context value for opentracing and opentelemetry
* support sampled trace IDs as well
* inject traceID into NormalResponse on errors
* Finally the test passed
* fix the test
* fix linter
* change the function parameter
Co-authored-by: Ying WANG <ying.wang@grafana.com>
(cherry picked from commit 41012af997)
Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
* Alerting: unwrap upsert into insert and update function
* add changelog entry
* remove changelog entry
* rename upsertrule to updaterule
* use directly alertrule model for inserts
* add test for updating a rule with a conflicting name
(cherry picked from commit 060ccacbf9)
Co-authored-by: Jean-Philippe Quéméner <JohnnyQQQQ@users.noreply.github.com>
* add check for access to rule's data source in GET APIs
* use more general method GetAlertRules instead of GetNamespaceAlertRules.
* remove unused GetNamespaceAlertRules.
Tests:
* create a method to generate permissions for rules
* extract method to create RuleSrv
* add tests for RouteGetNamespaceRulesConfig
(cherry picked from commit af9353caec)
Co-authored-by: Yuriy Tseretyan <yuriy.tseretyan@grafana.com>
* forbid setting role higher than user's role
* change response code
* can assign API key permissions to non-admin users
* add: assign viewer role directly upon creation
* refactor: add AddSATcommand infavor of AddAPIkey
* refactor: frontend fixes for ServiceAccountToken
Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
(cherry picked from commit a245531f0c)
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Chore: remove bus from contexthandler
* remove bus from orgredirect
(cherry picked from commit 2cf88cfec8)
Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
Joan López de la Franca Beltran
Grot (@grafanabot)
Ieva
Karl Persson
Will Browne
Jean-Philippe Quéméner
Matthew Jacobson
Yuriy Tseretyan
Serge Zaitsev