* feat(auth): add ExtraAudience option to RoundTripper
Add ExtraAudience option to RoundTripper to allow operators to include
additional audiences (e.g., provisioning group) when connecting to the
multitenant aggregator. This ensures tokens include both the target API
server's audience and the provisioning group audience, which is required
to pass the enforceManagerProperties check.
- Add ExtraAudience RoundTripperOption
- Improve documentation and comments
- Add comprehensive test coverage
* fix(operators): add ExtraAudience for dashboards/folders API servers
Operators connecting to dashboards and folders API servers need to include
the provisioning group audience in addition to the target API server's
audience to pass the enforceManagerProperties check.
* provisioning: fix settings/stats authorization for AccessPolicy identities
The settings and stats endpoints were returning 403 for users accessing via
ST->MT because the AccessPolicy identity was routed to the access checker,
which doesn't know about these resources.
This fix handles 'settings' and 'stats' resources before the access checker
path, routing them to the role-based authorization that allows:
- settings: Viewer role (read-only, needed by frontend)
- stats: Admin role (can leak information)
* fix: update BootstrapStep component to remove legacy storage handling and adjust resource counting logic
- Removed legacy storage flag from useResourceStats hook in BootstrapStep.
- Updated BootstrapStepResourceCounting to simplify rendering logic and removed target prop.
- Adjusted tests to reflect changes in resource counting and rendering behavior.
* Revert "fix: update BootstrapStep component to remove legacy storage handling and adjust resource counting logic"
This reverts commit 148802cbb5.
* provisioning: allow any authenticated user for settings/stats endpoints
These are read-only endpoints needed by the frontend:
- settings: returns available repository types and configuration for the wizard
- stats: returns resource counts
Authentication is verified before reaching authorization, so any user who
reaches these endpoints is already authenticated. Requiring specific org
roles failed for AccessPolicy tokens which don't carry traditional roles.
* provisioning: remove redundant admin role check from listFolderFiles
The admin role check in listFolderFiles was redundant (route-level auth already
handles access) and broken for AccessPolicy identities which don't have org roles.
File access is controlled by the AccessClient as documented in the route-level
authorization comment.
* provisioning: add isAdminOrAccessPolicy helper for auth checks
Consolidates authorization logic for provisioning endpoints:
- Adds isAdminOrAccessPolicy() helper that allows admin users OR AccessPolicy identities
- AccessPolicy identities (ST->MT flow) are trusted internal callers without org roles
- Regular users must have admin role (matching frontend navtree restriction)
Used in: authorizeSettings, authorizeStats, authorizeJobs, listFolderFiles
* provisioning: consolidate auth helpers into allowForAdminsOrAccessPolicy
Simplifies authorization by:
- Adding isAccessPolicy() helper for AccessPolicy identity check
- Adding allowForAdminsOrAccessPolicy() that returns Decision directly
- Consolidating stats/settings/jobs into single switch case
- Using consistent pattern in files.go
* provisioning: require admin for files subresource at route level
Aligns route-level authorization with handler-level check in listFolderFiles.
Both now require admin role OR AccessPolicy identity for consistency.
* provisioning: restructure authorization with role-based helpers
Reorganizes authorization code for clarity:
Role-based helpers (all support AccessPolicy for ST->MT flow):
- allowForAdminsOrAccessPolicy: admin role required
- allowForEditorsOrAccessPolicy: editor role required
- allowForViewersOrAccessPolicy: viewer role required
Repository subresources by role:
- Admin: repository CRUD, test, files
- Editor: jobs, resources, sync, history
- Viewer: refs, status (GET only)
Connection subresources by role:
- Admin: connection CRUD
- Viewer: status (GET only)
* provisioning: move refs to admin-only
refs subresource now requires admin role (or AccessPolicy).
Updated documentation comments to reflect current permissions.
* provisioning: add fine-grained permissions for connections
Adds connection permissions following the same pattern as repositories:
- provisioning.connections:create
- provisioning.connections:read
- provisioning.connections:write
- provisioning.connections:delete
Roles:
- fixed:provisioning.connections:reader (granted to Admin)
- fixed:provisioning.connections:writer (granted to Admin)
* provisioning: remove non-existent sync subresource from auth
The sync subresource doesn't exist - syncing is done via the jobs endpoint.
Removed dead code from authorization switch case.
* provisioning: use access checker for fine-grained permissions
Refactors authorization to use b.access.Check() with verb-based checks:
Repository subresources:
- CRUD: uses actual verb (get/create/update/delete)
- test: uses 'update' (write permission)
- files/refs/resources/history/status: uses 'get' (read permission)
- jobs: uses actual verb for jobs resource
Connection subresources:
- CRUD: uses actual verb
- status: uses 'get' (read permission)
The access checker maps verbs to actions defined in accesscontrol.go.
Falls back to admin role for backwards compatibility.
Also removes redundant admin check from listFolderFiles since
authorization is now properly handled at route level.
* provisioning: use verb constants instead of string literals
Uses apiutils.VerbGet, apiutils.VerbUpdate instead of "get", "update".
* provisioning: use access checker for jobs and historicjobs resources
Jobs resource: uses actual verb (create/read/write/delete)
HistoricJobs resource: read-only (historicjobs:read)
* provisioning: allow viewers to access settings endpoint
Settings is read-only and needed by multiple UI pages (not just admin pages).
Stats remains admin-only.
* provisioning: consolidate role-based resource authorization
Extract isRoleBasedResource() and authorizeRoleBasedResource() helpers
to avoid duplicating settings/stats resource checks in multiple places.
* provisioning: use resource name constants instead of hardcoded strings
Replace 'repositories', 'connections', 'jobs', 'historicjobs' with
their corresponding ResourceInfo.GetName() constants.
* provisioning: delegate file authorization to connector
Route level: allow any authenticated user for files subresource
Connector: check repositories:read only for directory listing
Individual file CRUD: handled by DualReadWriter based on actual resource
* provisioning: enhance authorization for files and jobs resources
Updated file authorization to fall back to admin role for listing files. Introduced checkAccessForJobs function to manage job permissions, allowing editors to create and manage jobs while maintaining admin-only access for historic jobs. Improved error messaging for permission denials.
* provisioning: refactor authorization with fine-grained permissions
Authorization changes:
- Use access checker with role-based fallback for backwards compatibility
- Repositories/Connections: admin role fallback
- Jobs: editor role fallback (editors can manage jobs)
- HistoricJobs: admin role fallback (read-only)
- Settings: viewer role (needed by multiple UI pages)
- Stats: admin role
Files subresource:
- Route level allows any authenticated user
- Directory listing checks repositories:read in connector
- Individual file CRUD delegated to DualReadWriter
Refactored checkAccessWithFallback to accept fallback role parameter.
* provisioning: refactor access checker integration for improved authorization
Updated the authorization logic to utilize the new access checker across various resources, including files and jobs. This change simplifies the permission checks by removing redundant identity retrieval and enhances error handling. The access checker now supports role-based fallbacks for admin and editor roles, ensuring backward compatibility while streamlining the authorization process for repository and connection subresources.
* provisioning: remove legacy access checker tests and refactor access checker implementation
Deleted the access_checker_test.go file to streamline the codebase and focus on the updated access checker implementation. Refactored the access checker to enhance clarity and maintainability, ensuring it supports role-based fallback behavior. Updated the access checker integration in the API builder to utilize the new fallback role configuration, improving authorization logic across resources.
* refactor: split AccessChecker into TokenAccessChecker and SessionAccessChecker
- Renamed NewMultiTenantAccessChecker -> NewTokenAccessChecker (uses AuthInfoFrom)
- Renamed NewSingleTenantAccessChecker -> NewSessionAccessChecker (uses GetRequester)
- Split into separate files with their own tests
- Added mockery-generated mock for AccessChecker interface
- Names now reflect identity source rather than deployment mode
* fix: correct error message case and use accessWithAdmin for filesConnector
- Fixed error message to use lowercase 'admin role is required'
- Fixed filesConnector to use accessWithAdmin for proper role fallback
- Formatted code
* refactor: reduce cyclomatic complexity in filesConnector.Connect
Split the Connect handler into smaller focused functions:
- handleRequest: main request processing
- createDualReadWriter: setup dependencies
- parseRequestOptions: extract request options
- handleDirectoryListing: GET directory requests
- handleMethodRequest: route to method handlers
- handleGet/handlePost/handlePut/handleDelete: method-specific logic
- handleMove: move operation logic
* security: remove blind TypeAccessPolicy bypass from access checkers
Removed the code that bypassed authorization for TypeAccessPolicy identities.
All identities now go through proper permission verification via the inner
access checker, which will validate permissions from ServiceIdentityClaims.
This addresses the security concern where TypeAccessPolicy was being trusted
blindly without verifying whether the identity came from the wire or in-process.
* feat: allow editors to access repository refs subresource
Change refs authorization from admin to editor fallback so editors can
view repository branches when pushing changes to dashboards/folders.
- Split refs from other read-only subresources (resources, history, status)
- refs now uses accessWithEditor instead of accessWithAdmin
- Updated documentation comment to reflect authorization levels
- Added integration test TestIntegrationProvisioning_RefsPermissions
verifying editor access and viewer denial
* tests: add authorization tests for missing provisioning API endpoints
Add comprehensive authorization tests for:
- Repository subresources (test, resources, history, status)
- Connection status subresource
- HistoricJobs resource
- Settings and Stats resources
All authorization paths are now covered by integration tests.
* test: fix RefsPermissions test to use GitHub repository
Use github-readonly.json.tmpl template instead of local folder,
since refs endpoint requires a versioned repository that supports
git operations.
* chore: format test files
* fix: make settings/stats authorization work in MT mode
Update authorizeRoleBasedResource to check authlib.AuthInfoFrom(ctx)
for AccessPolicy identity type in addition to identity.GetRequester(ctx).
This ensures AccessPolicy identities are recognized in MT mode where
identity.GetRequester may not set the identity type correctly.
* fix: remove unused authorization helper functions
Remove allowForAdminsOrAccessPolicy and allowForViewersOrAccessPolicy
as they are no longer used after refactoring to use authorizeRoleBasedResource.
* Fix AccessPolicy identity detection in ST authorizer
- Add check for AccessPolicy identities via GetAuthID() in authorizeRoleBasedResource
- Extended JWT may set identity type to TypeUser but AuthID is 'access-policy:...'
- Forward user ID token in X-Grafana-Id header in RoundTripper for aggregator forwarding
* Revert "Fix AccessPolicy identity detection in ST authorizer"
This reverts commit 0f4885e503.
* Add fine-grained permissions for settings and stats endpoints
- Add provisioning.settings:read action (granted to Viewer role)
- Add provisioning.stats:read action (granted to Admin role)
- Add accessWithViewer to APIBuilder for Viewer role fallback
- Use access checker for settings/stats authorization
- Remove role-based authorization functions (isRoleBasedResource, authorizeRoleBasedResource)
This makes settings and stats consistent with other provisioning resources
and works properly in both ST and MT modes via the access checker.
* Remove AUTHORIZATION_COVERAGE.md
* Add provisioning resources to RBAC mapper
- Add connections, settings, stats to provisioning.grafana.app mappings
- Required for authz service to translate K8s verbs to legacy actions
- Fixes 403 errors for settings/stats in MT mode
* refactor: merge access checkers with original fallthrough behavior
Merge tokenAccessChecker and sessionAccessChecker into a unified
access checker that implements the original fallthrough behavior:
1. First try to get identity from access token (authlib.AuthInfoFrom)
2. If token exists AND (is TypeAccessPolicy OR useExclusivelyAccessCheckerForAuthz),
use the access checker with token identity
3. If no token or conditions not met, fall back to session identity
(identity.GetRequester) with optional role-based fallback
This fixes the issue where settings/stats/connections endpoints were
failing in MT mode because the tokenAccessChecker was returning an error
when there was no auth info in context, instead of falling through to
session-based authorization.
The unified checker now properly handles:
- MT mode: tries token first, falls back to session if no token
- ST mode: only uses token for AccessPolicy identities, otherwise session
- Role fallback: applies when configured and access checker denies
* Revert "refactor: merge access checkers with original fallthrough behavior"
This reverts commit 96451f948b.
* Grant settings view role to all
* fix: use actual request verb for settings/stats authorization
Use a.GetVerb() instead of hardcoded VerbGet for settings and stats
authorization. When listing resources (hitting collection endpoint),
the verb is 'list' not 'get', and this mismatch could cause issues
with the RBAC service.
* debug: add logging to access checkers for authorization debugging
Add klog debug logs (V4 level) to token and session access checkers
to help diagnose why settings/stats authorization is failing while
connections works.
* debug: improve access checker logging with grafana-app-sdk logger
- Use grafana-app-sdk logging.FromContext instead of klog
- Add error wrapping with resource.group format for better context
- Log more details including folder, group, and allowed status
- Log error.Error() for better error message visibility
* chore: use generic log messages in access checkers
* Revert "Grant settings view role to all"
This reverts commit 3f5758cf36.
* fix: use request verb for historicjobs authorization
The original role-based check allowed any verb for admins. To preserve
this behavior with the access checker, we should pass the actual verb
from the request instead of hardcoding VerbGet.
---------
Co-authored-by: Charandas Batra <charandas.batra@grafana.com>
* Default to folder sync only and block new instance sync repositories
- Change default allowed_targets to folder-only in backend configuration
- Modify validation to only enforce allowedTargets on CREATE operations
- Add deprecation warning for existing instance sync repositories
- Update frontend defaults and tests to reflect new behavior
Fixes#619
* Update warning message: change 'deprecated' to 'not fully supported'
* Fix health check: don't validate allowedTargets for existing repositories
Health checks for existing repositories should treat them as UPDATE operations,
not CREATE operations, so they don't fail validation for instance sync target.
* Fix tests and update i18n translations
- Update BootstrapStep tests to reflect folder-only default behavior
- Run i18n-extract to update translation file structure
* Fix integration tests
* Fix tests
* Fix provisioning test wizard
* Fix fronted test
* Deprecate Legacy Storage Migration in Backend
* Change the messaging around legacy storage
* Disable cards to connect
* Commit import changes
* Block repository creation if resources are in legacy storage
* Update error message
* Prettify
* chore: uncomment unified migration
* chore: adapt and fix tests
* Remove legacy storage migration from frontend
* Refactor provisioning job options by removing legacy storage and history fields
- Removed the `History` field from `MigrateJobOptions` and related references in the codebase.
- Eliminated the `LegacyStorage` field from `RepositoryViewList` and its associated comments.
- Updated tests and generated OpenAPI schema to reflect these changes.
- Simplified the `MigrationWorker` by removing dependencies on legacy storage checks.
* Refactor OpenAPI schema and tests to remove deprecated fields
- Removed the `history` field from `MigrateJobOptions` and updated the OpenAPI schema accordingly.
- Eliminated the `legacyStorage` field from `RepositoryViewList` and its associated comments in the schema.
- Updated integration tests to reflect the removal of these fields.
* Fix typescript errors
* Refactor provisioning code to remove legacy storage dependencies
- Eliminated references to `dualwrite.Service` and related legacy storage checks across multiple files.
- Updated `APIBuilder`, `RepositoryController`, and `SyncWorker` to streamline resource handling without legacy storage considerations.
- Adjusted tests to reflect the removal of legacy storage mocks and dependencies, ensuring cleaner and more maintainable code.
* Fix unit tests
* Remove more references to legacy
* Enhance provisioning wizard with migration options
- Added a checkbox for migrating existing resources in the BootstrapStep component.
- Updated the form context to track the new migration option.
- Adjusted the SynchronizeStep and useCreateSyncJob hook to incorporate the migration logic.
- Enhanced localization with new descriptions and labels for migration features.
* Remove unused variable and dualwrite reference in provisioning code
- Eliminated an unused variable declaration in `provisioning_manifest.go`.
- Removed the `nil` reference for dualwrite in `repo_operator.go`, aligning with the standalone operator's assumption of unified storage.
* Update go.mod and go.sum to include new dependencies
- Added `github.com/grafana/grafana-app-sdk` version `0.48.5` and several indirect dependencies including `github.com/getkin/kin-openapi`, `github.com/hashicorp/errwrap`, and others.
- Updated `go.sum` to reflect the new dependencies and their respective versions.
* Refactor provisioning components for improved readability
- Simplified the import statement in HomePage.tsx by removing unnecessary line breaks.
- Consolidated props in the SynchronizeStep component for cleaner code.
- Enhanced the layout of the ProvisioningWizard component by streamlining the rendering of the SynchronizeStep.
* Deprecate MigrationWorker and clean up related comments
- Removed the deprecated MigrationWorker implementation and its associated comments from the provisioning code.
- This change reflects the ongoing effort to eliminate legacy components and improve code maintainability.
* Fix linting issues
* Add explicit comment
* Update useResourceStats hook in BootstrapStep component to accept selected target
- Modified the BootstrapStep component to pass the selected target to the useResourceStats hook.
- Updated related tests to reflect the change in expected arguments for the useResourceStats hook.
* fix(provisioning): Update migrate tests to match export-then-sync behavior for all repository types
Updates test expectations for folder-type repositories to match the
implementation changes where both folder and instance repository types
now run export followed by sync. Only the namespace cleaner is skipped
for folder-type repositories.
Changes:
- Update "should run export and sync for folder-type repositories" test to include export mocks
- Update "should fail when sync job fails for folder-type repositories" test to include export mocks
- Rename test to clarify that both export and sync run for folder types
- Add proper mock expectations for SetMessage, StrictMaxErrors, Process, and ResetResults
All migrate package tests now pass.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* Update provisioning wizard text and improve resource counting display
- Enhanced descriptions for migrating existing resources to clarify that unmanaged resources will also be included.
- Refactored BootstrapStepResourceCounting component to simplify the rendering logic and ensure both external storage and unmanaged resources are displayed correctly.
- Updated alert messages in SynchronizeStep to reflect accurate information regarding resource management during migration.
- Adjusted localization strings for consistency with the new descriptions.
* Update provisioning wizard alert messages for clarity and accuracy
- Revised alert points to indicate that resources can still be modified during migration, with a note on potential export issues.
- Clarified that resources will be marked as managed post-provisioning and that dashboards remain accessible throughout the process.
* Fix issue with trigger wrong type of job
* Fix export failure when folder already exists in repository
When exporting resources to a repository, if a folder already exists,
the Read() method would fail with "path component is empty" error.
This occurred because:
1. Folders are identified by trailing slash (e.g., "Legacy Folder/")
2. The Read() method passes this path directly to GetTreeByPath()
3. GetTreeByPath() splits the path by "/" creating empty components
4. This causes the "path component is empty" error
The fix strips the trailing slash before calling GetTreeByPath() to
avoid empty path components, while still using the trailing slash
convention to identify directories.
The Create() method already handles this correctly by appending
".keep" to directory paths, which is why the first export succeeded
but subsequent exports failed.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* Fix folder tree not updated when folder already exists in repository
When exporting resources and a folder already exists in the repository,
the folder was not being added to the FolderManager's tree. This caused
subsequent dashboard exports to fail with "folder NOT found in tree".
The fix adds the folder to fm.tree even when it already exists in the
repository, ensuring all folders are available for resource lookups.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* Revert "Merge remote-tracking branch 'origin/uncomment-unified-migration-code' into cleanup/deprecate-legacy-storage-migration-in-provisioning"
This reverts commit 6440fae342, reversing
changes made to ec39fb04f2.
* fix: handle empty folder titles in path construction
- Skip folders with empty titles in dirPath to avoid empty path components
- Skip folders with empty paths before checking if they exist in repository
- Fix unit tests to properly check useResourceStats hook calls with type annotations
* Update workspace
* Fix BootstrapStep tests after reverting unified migration merge
Updated test expectations to match the current component behavior where
resource counts are displayed for both instance and folder sync options.
- Changed 'Empty' count expectation from 3 to 4 (2 cards × 2 counts each)
- Changed '7 resources' test to use findAllByText instead of findByText
since the count appears in multiple cards
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* Remove bubbletee deps
* Fix workspace
* provisioning: update error message to reference enableMigration config
Update the error message when provisioning cannot be used due to
incompatible data format to instruct users to enable data migration
for folders and dashboards using the enableMigration configuration
introduced in PR #114857.
Also update the test helper to include EnableMigration: true for both
dashboards and folders to match the new configuration pattern.
* provisioning: add comment explaining Mode5 and EnableMigration requirement
Add a comment in the integration test helper explaining that Provisioning
requires Mode5 (unified storage) and EnableMigration (data migration) as
it expects resources to be fully migrated to unified storage.
* Remove migrate resources checkbox from folder type provisioning wizard
- Remove checkbox UI for migrating existing resources in folder type
- Remove migrateExistingResources from migration logic
- Simplify migration to only use requiresMigration flag
- Remove unused translation keys
- Update i18n strings
* Fix linting
* Remove unnecessary React Fragment wrapper in BootstrapStep
* Address comments
---------
Co-authored-by: Rafael Paulovic <rafael.paulovic@grafana.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
* refactor: delegate authorization to access checker in dualwriter
- Remove role-based authorization checks (editor/admin role checks)
- Delegate all authorization to access checker which checks resource-level permissions
- Update authorizeCreateFolder to use access checker instead of role-based checks
- Add comprehensive authorization tests for viewer, editor, and admin roles
- Tests cover GET, POST, PUT, DELETE operations and folder creation
This change ensures that authorization is consistently handled through
the access checker, which checks resource-level permissions rather than
just organization roles.
* fix: format files_test.go
* fix: check error return value of resp.Body.Close()
* fix: grant permissions to all dashboards for editor role in authorization test
Use SetPermissions with wildcard to grant permissions to Editor user
for all dashboards, not just the initial one. This ensures that dashboards
created during tests (like in DELETE operations) have the necessary
permissions for the editor role.
fix: allow editors to POST jobs in provisioning API
Editors should be able to post jobs in the 'jobs' endpoint for syncing
repositories. This aligns with the requirement that syncing a repository
requires editor privileges.
- Separated 'jobs' subresource authorization from repository/test
- Allow both admins and editors to POST jobs
- Added integration tests to verify permissions
Fixes authorization bug where editors were incorrectly denied access.
* Provisioning: Deprecate single file/folder move and delete on configured branch
Reject individual file and folder move/delete operations on the configured
branch via the single files endpoints (HTTP 405 MethodNotAllowed). Users
must use the bulk operations API (jobs API) instead.
Motivation:
- Reconciliation for these operations is not reliable as it must be
recursive and cannot run synchronously since it could take a long time
- Simplifies authorization logic - fewer operations to secure and validate
- Reduces complexity and surface area for potential bugs
- Bulk operations via jobs API provide better control and observability
Operations on non-configured branches (e.g., creating PRs) continue to work
as before since they don't update the Grafana database.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: remove trailing whitespace in test file
* Fix behaviour to match current behavior
* Revert changes for individual files
---------
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
* feat(provisioning): add generic version handling for dashboard export
- Update export job to handle any dashboard version generically (v0, v1, v2, v3, etc.)
- Dynamically construct GroupVersionResource for any stored version
- Cache version-specific clients for efficiency
- Add comprehensive table-driven unit tests for multiple versions
- Add integration test to verify version handling end-to-end
- Remove unnecessary version shim from clean operation (deletion works by name)
* test: add unit test for v2 dashboard version (no suffix)
* Validate Job Specs
* Add comprehensive unit test coverage for job validator
- Added 8 new test cases to improve coverage from 88.9% to ~100%
- Tests for migrate action without options
- Tests for delete/move actions with resources (missing kind)
- Tests for move action with valid resources
- Tests for move/delete with both paths and resources
- Tests for move action with invalid source paths
- Tests for push action with valid paths
Now covers all validation paths including resource validation and
edge cases for all job action types.
* Add integration tests for job validation
Added comprehensive integration tests that verify the job validator properly
rejects invalid job specifications via the API:
- Test job without action (required field)
- Test job with invalid action
- Test pull job without pull options
- Test push job without push options
- Test push job with invalid branch name (consecutive dots)
- Test push job with path traversal attempt
- Test delete job without paths or resources
- Test delete job with invalid path (path traversal)
- Test move job without target path
- Test move job without paths or resources
- Test move job with invalid target path (path traversal)
- Test migrate job without migrate options
- Test valid pull job to ensure validation doesn't block legitimate requests
These tests verify that the admission controller properly validates job specs
before they are persisted, ensuring security (path traversal prevention) and
data integrity (required fields/options).
* Remove valid job test case from integration tests
Removed the positive test case as it's not necessary for validation testing.
The integration tests now focus solely on verifying that invalid job specs
are properly rejected by the admission controller.
* Fix movejob_test to expect validation error at creation time
Updated the 'move without target path' test to expect the job creation
to fail with a validation error, rather than expecting the job to be
created and then fail during execution.
This aligns with the new job validation logic which rejects invalid
job specs at the API admission control level (422 Unprocessable Entity)
before they can be persisted.
This is better behavior as it prevents invalid jobs from being created
in the first place, rather than allowing them to be created and then
failing during execution.
* Simplify action validation using slices.Contains
Replaced manual loop with slices.Contains for cleaner, more idiomatic Go code.
This reduces code complexity while maintaining the same validation logic.
- Added import for 'slices' package
- Replaced 8-line loop with 1-line slices.Contains call
- All unit tests pass
* Refactor job action validation in ValidateJob function
Removed the hardcoded valid actions array and simplified the validation logic. The function now directly appends an error for invalid actions, improving code clarity and maintainability. This change aligns with the recent updates to job validation, ensuring that invalid job specifications are properly handled.
* Secrets: Refactor data_key_id out of the encoded secure value payload (#111852)
* everything compiles
* tests pass
* remove file included by accident
* add entry to gitignore
* some scaffolding for the migration executor
* remove file
* implement and test the migration
* use xkube.Namespace in our interfaces
* add todo
* update wire deps
* add some logs
* fix wire dependency ordering
* create tests to validate error conditions during migrations
* only run the migration as an MT api server
* formatting issues
* change detection of secrets running as MT server
* add todo
* use more specific initializer flags
* make secrets playwright tests work
* set new properties to true by default
* remove developer mode flag
* fix unit tests
* Configurable repository types in monolith and operator
* Default to Github in operators
* Regenerate wire
* Fix and implement unit tests
* Same types for enterprise tests
* Remove unnecessary conversion
* Remove the issue with import cycles
* Replace remaining calls to testing.Short where possible.
* Update style guide.
* Revert change in TestAlertmanager_ExtraDedupStage, as it doesn't work.
* Make TestAlertRulePostExport into integration test.
* Provisioning: Use merge patch instead of json path to release orphan resources
* rolling back to json Patch
* adding TODO for testing
* adding integration test
* using struct
* addressing comments on tests
* Add log after jobs
* Use the same helper to create repository in export job
* Improve the logging
* Fix eventually conditions in helpers
* Fix export job tests
* Format code
* Fix linting
* Fix the format
* Fix linting issue
* Fix innefectual assignment
* Chore: Apply proper database settings to integration tests
* add logging
* join host and port in database config to override default ports
* apply test fixes from the original pr
* host might contain port already
* increase timeout
* increase timeout even more
* even larger timeouts
* Use eventually for stats
* Use eventually also for listing settings as index takes some time
---------
Co-authored-by: Roberto Jimenez Sanchez <roberto.jimenez@grafana.com>
* More clean up around waiting for jobs
* Add comment to trigger enterprise integration tests
* Trigger integration tests
* Collect error
* Move tests in wrong spot
* Clean up test
* Remove Eventually
* Remove duplicate not nil check
* Delete comment in infra tests
* Helper to create repository
* Use helper for move
* Skip export on already managed resources
* Add integration test
* Add integration test
* Handle nothing to commit error
* Fix leaky abstraction issue
* Handle the no commit error on commit and not on push
* Fix linting
* Some fixes for integration test
* Improve tree to work with a root
* Some fixes with hacks
* Add additional checks
* Fix comment
* Fix path problems in test
* Fix more stuff
* Revert to use empty tree
* Remove changes in tree
* Finally fix the tests work
* Remove stale comment
* Fix linting
* Revert changes in test
* Fix error message for folder not found in resource tree
Co-authored-by: roberto.jimenez <roberto.jimenez@grafana.com>
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* Revert "Revert: Future-proofing query and data source model in Dashboard Sche… (#107985)"
This reverts commit 13a89d4ae3.
* Revert "Revert "Schema V2: Simplify annotations v1<->v2 conversions" (#107984)"
This reverts commit 2b8c5bea1a.
* make gen apps
* e2e update
* Use v2alpha2 by default (#108177)
* Use v2alpha2 by default
* Apply only DS changes to alpha2
* Use v2alpha2 by default except to query
* Create a v2 index in @grafana/schema
* Update path and apply lint
* Update tests
* Update imports to v2 status
* Fix failing openapi test
* Schemav2 breaking changes: conversion implementation (#108224)
* provision v2alpha1 dashboard
* Run conversions for DS refactor
* Run snapshot testing on conversions
* Normalize output name
* Update snapshots to include all panel and variable cases
* fix lint
* fix lint
* fix test and go lint
* more go lint
---------
Co-authored-by: Ivan Ortega <ivanortegaalba@gmail.com>
Co-authored-by: Haris Rozajac <haris.rozajac12@gmail.com>
* Schema v2: Introduce group/datasource convention to GroupBy and AdHoc variable (#108237)
* Schema v2: Introduce group/datasource convention to GroupBy and AdHoc variables
* add conversion
* App Installer: Authorizer support (#108419)
* Chore: use `satisfies` and remove a load of `any`s (#108397)
use satisfies and remove a load of anys
* improve logging and fail unified-storage migration with more than 0 errors (#108471)
improve logging and fail unified-storage migration with more than 0 errors
* fix conversion test
* Secrets: Create more granular fixed roles for SecureValues (#108382)
* Provisioning: Fix bug in job progress recording (#108440)
Fix bug in job progress recording
* Provisioning: Fix ImportAllPanelsFromLocalRepository test (#108441)
* Provisioning: Skip flaky test
* Fix flaky provisioning test
* Fix lint
---------
Co-authored-by: Roberto Jimenez Sanchez <roberto.jimenez@grafana.com>
* BulkDeleteProvisionedResource: Move progress bar into a second step (#108417)
* Move progress bar into a second step
---------
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* [Dashboard Schema Codegen] Move dashboard CUE codegen block back up into kind body (#108476)
[Dashboard Schema Codegen] Move dashboard CUE codegen block back up into kind body to make sure new versions have the same settings.
---------
Co-authored-by: Haris Rozajac <haris.rozajac12@gmail.com>
Co-authored-by: Todd Treece <360020+toddtreece@users.noreply.github.com>
Co-authored-by: Ashley Harrison <ashley.harrison@grafana.com>
Co-authored-by: Will Assis <35489495+gassiss@users.noreply.github.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
Co-authored-by: Roberto Jiménez Sánchez <jszroberto@gmail.com>
Co-authored-by: Roberto Jimenez Sanchez <roberto.jimenez@grafana.com>
Co-authored-by: Yunwen Zheng <yunwen.zheng@grafana.com>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Austin Pond <IfSentient@users.noreply.github.com>
Co-authored-by: Ivan Ortega <ivanortegaalba@gmail.com>
* Dashboard Schema V2: Refactor VizConfigKind to follow DataQueryKind convention (#108148)
* Dashboards API: Register v2alpha2 API
* Prepare conversion functions
* Fix test
* Refactor VizConfigKind to follow DataQueryKind convention
* fix tests
* use new dataquerykind convention alpha 2
* add conversion
* fix tests
* fix tests
* fix another test
* Fix merge
---------
Co-authored-by: Dominik Prokop <dominik.prokop@grafana.com>
* fix k8s codegen
* Update e2e-playwright/dashboards/TestV2Dashboard.json
* Update e2e/dashboards/TestV2Dashboard.json
* revert app generation for non-related apps
* try again
* another try
* also revert folder and secret app generation
* v2alpha1 provisioned dashboard
* Fix kind
* Fix conversion snapshots
* Update API discovery registry
* Rename to v2beta1
* Rename migrations
* Update apps/dashboard/pkg/apis/dashboard/v2beta1/doc.go
Co-authored-by: Stephanie Hingtgen <stephanie.hingtgen@grafana.com>
* Ensure conditional rendering and other non changed properties
---------
Co-authored-by: Ivan Ortega <ivanortegaalba@gmail.com>
Co-authored-by: Haris Rozajac <haris.rozajac12@gmail.com>
Co-authored-by: Todd Treece <360020+toddtreece@users.noreply.github.com>
Co-authored-by: Ashley Harrison <ashley.harrison@grafana.com>
Co-authored-by: Will Assis <35489495+gassiss@users.noreply.github.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
Co-authored-by: Roberto Jiménez Sánchez <jszroberto@gmail.com>
Co-authored-by: Roberto Jimenez Sanchez <roberto.jimenez@grafana.com>
Co-authored-by: Yunwen Zheng <yunwen.zheng@grafana.com>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Austin Pond <IfSentient@users.noreply.github.com>
Co-authored-by: Haris Rozajac <58232930+harisrozajac@users.noreply.github.com>
Co-authored-by: Stephanie Hingtgen <stephanie.hingtgen@grafana.com>
Roberto Jiménez Sánchez
Daniele Stefano Ferru
Michael Mandrus
Stephanie Hingtgen
Costa Alexoglou
Todd Treece
Jean-Philippe Quéméner
Peter Štibraný
Ryan McKinley
Serge Zaitsev
Dominik Prokop