* apply security fix for admin only folder migration (#482)
* Data source: prevent from using auth proxy header as custom data source header (#474)
* applying changes from 446/fix-user-escalation-through-auth-proxy
* linting
* only validate custom headers if auth proxy is enabled
* import ordering
* add links to CVE
* clean up
* remove typo
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
(cherry picked from commit 0100a6aa9645313b25a79a17d947cbf936cc4e76)
This commit fixes a bug where we did not send resolved alerts to Alertmanager for resolved alert instances. This meant that resolved notifications did not have the annotations from the resolved state, and a result did not also have the resolved screenshot.
(cherry picked from commit 5561f935e6)
Co-authored-by: George Robinson <george.robinson@grafana.com>
* Extract standardized UID field length to constant
* Extract default length to constant
* Truncate rule names that are too long
* Add tests for name normalization
* Fix whitespace lint error
* Another linter fix
* Empty commit to kick build
(cherry picked from commit 9f45e2e706)
Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com>
* Alerting: Sanitize invalid label/annotation names for external alertmanagers
Grafana's built-in Alertmanager supports both Unicode label keys and values; however, if using an external
Prometheus Alertmanager label keys must be compatible with their data model.
This means label keys must only contain ASCII letters, numbers, as well as underscores and match the regex
`[a-zA-Z_][a-zA-Z0-9_]*`.
Any invalid characters will now be removed or replaced by the Grafana alerting engine before being sent to
the external Alertmanager according to the following rules:
- `Whitespace` will be removed.
- `ASCII characters` will be replaced with `_`.
- `All other characters` will be replaced with their lower-case hex representation.
* Prefix hex replacements with `0x`
* Refactor for clarity
* Apply suggestions from code review
Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com>
Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com>
(cherry picked from commit 940d18ad57)
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
* Add test that resetting the route restores the default receiver
* Return error instead of panic
* Adjust error string to match styleguide
(cherry picked from commit b193eaed6e)
Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com>
* Fix incorrect propagation of org ID in rule endpionts (#54603)
(cherry picked from commit b8d1474609)
* Work around OrgId -> OrgID rename in backport
Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com>
* RBAC: Fix resolver issue on wildcard resulting in wrong status code for endpoints (#54208)
* RBAC: Test evaluation before attaching mutator
* RBAC: Return error if no resolver is found for scope
* RBAC: Sync changes to evaluation in mock
* RBAC: Check for resolver not found error and just fail the evaluation in that case
(cherry picked from commit 552d3fec8d)
Removes various custom headers logic sprinkled around in the backend.
It should automatically be applied to outgoing HTTP requests via the
CustomHeadersMiddleware.
This also removes decryption of SecureJSONData to populate custom
headers in ngalert which seemed to have caused a ton of CPU usage.
(cherry picked from commit 87afd9cadc)
* Search: use SQL search as a fallback when bluge indexing is ongoing
* Search: lint
* Search: feedback fixes - return an empty frame with a special name
* Search: revert readiness check query type
* Search: remove println
* remove sleep, get coffee
(cherry picked from commit 74158ed66b)
The URL of screenshots uploaded to external image storages can be optionally signed, resulting in a long string (800+ chars).
Co-authored-by: Valério Valério <vdv100@gmail.com>
* update RouteDeleteAlertRules rules to update as a group
* remove expecter from scheduler mock to support variadic function
* create function to check for provisioning status + tests
This commit fixes notifications for Microsoft Teams where notifications
would just contain "Card" rather than the title.
(cherry picked from commit 6d69d7acb8)
Co-authored-by: George Robinson <george.robinson@grafana.com>
* Alerting: Fix incorrect embedded DTO being returned when handling rule groups (#53701)
* Fix DTO embedding when getting/putting alert rule groups
* Drop usage of word 'Domain'
* Rename var as well
(cherry picked from commit f093c249ac)
* Actually fix two casing problems
This commit changes the cards in Teams notifications from Office 365
Connector cards to Adaptive Cards to fix an issue where images were not
shown in Teams for desktop and web. Since Office 365 Connector cards
are deprecated, it made sense to move to Adapative Cards and fix this
bug at the same time.
The Adaptive Card messages maintain the design of the Office 365
Connector Card with a number of minor differences:
- In Adaptive Card messages the color of the title is red or green
depending on the status of the alerts, where as with Office 365
connector cards there was a colored border at the top of the title
- In Adaptive Card messages the title is bold to make it easier to read
when the color is red or green
- In Adaptive Card messages the thumbnails for images are medium size
if there are more than two images, otherwise large size
(cherry picked from commit 5e1d628f21)
Co-authored-by: George Robinson <george.robinson@grafana.com>
* Wire up to full alert rule struct
* Extract group change detection logic to dedicated file
* GroupDiff -> GroupDelta for consistency
* Calculate deltas and handle backwards compatible requests
* Separate changes and insert/update/delete as needed
* Regenerate files
* Don't touch the DB if there are no changes
* Quota checking, delete unused file
* Mark modified records as provisioned
* Validation + a couple API layer tests
* Address linter errors
* Fix issue with UID assignment and rule creation
* Propagate top level group fields to all rules
* Tests for repeated updates and versioning
* Tests for quota and provenance checks
* Fix linter errors
* Regenerate
* Factor out some shared logic
* Drop unnecessary multiple nilchecks
* Use alternative strategy for rolling UIDs on inserted rules
* Fix tests, add back nilcheck, refresh UIDs during test
* Address feedback
* Add missing nil-check
(cherry picked from commit b198559225)
Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com>
* RBAC: remove sort and unique values for fetching permissions
(cherry picked from commit e4c45c4f98)
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* API: Fix response status when snapshots are not found
* API: Fix response status when snapshot key is empty
* Apply suggestions from code review
(cherry picked from commit 5fec6cc4f5)
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
Ieva
Grot (@grafanabot)
Eric Leijonmarck
Artur Wierzbicki
Jean-Philippe Quéméner
Karl Persson
Carl Bergquist
Dave Henderson
Marcus Efraimsson
George Robinson
Yuriy Tseretyan
Alexander Weaver