* refactor template service to contstruct notification template in one place, get provenance before creating and calculate resource version after.
* refactor get by UID and name
* introduce template kind in NotificationTemplate
* introduce includeImported flag and use in the k8s api
* support imported templates
* add kind to template uid
* tests for imported templates
* update API model
* set kind to default templates
* Added method for adding migrations for convering unique to primary key.
Based on existing migration for `file` table (in `db_file_storage.go`) migrations.
* Added better default migration names. Added ability to override migration name.
* Use ConvertUniqueKeyToPrimaryKey for cloud_migration_snapshot_partition table.
* Convert resource_version UQE to PK.
* Convert secret_encrypted_value UQE to PK.
* Removed extra test.
* Removed testdata.
* Remove support for renaming migrations for now. We can bring it in later, when we want to convert existing migrations for file, file_meta and setting tables.
* Revert removal of ColumnName to ease backporting, since this field is referenced from enterprise code.
* Use quoted identifiers in Postgres statement.
* Alerting: Protect sensitive fields of contact points from
unauthorized modification
- Introduce a new permission alert.notifications.receivers.protected:write. The permission is granted to contact point administrators.
- Introduce field Protected to NotifierOption
- Introduce DiffReport for models.Integrations with focus on Settings. The diff report is extended with methods that return all keys that are different between two settings.
- Add new annotation 'grafana.com/access/CanModifyProtected' to Receiver model
- Update receiver service to enforce the permission and return status 403 if unauthorized user modifies protected field
- Update receiver testing API to enforce permission and return status 403 if unauthorized user modifies protected field.
- Update UI to disable protected fields if user cannot modify them
* Alerting: Improve ASH Loki query efficiency by including folderUID
Previously, the folderUID label was only included when ruleUID was not specified
and the user did not have full alert rule read permissions.
To improve ASH Loki query efficiency, this PR includes the folderUID in the ASH
Loki query when ruleUID is specified, even if the user has full alert rule read
permissions.
Some non-obvious considerations:
- The naive implementation of just including the current folder UID would have
the unintended side-effect of no longer returning history after a rule is moved
between folders.
- The previous implementation made the trade-off of only checking RBAC on the
current folder, including any history from old folders that may exist.
To solve both of the above, we make an extra query to the database to check the
alert rule's previous versions so we can include any old folderUIDs, checking
RBAC at the same time.
The querying and inclusion of history from old folders is done best-effort, any
issues that might arise are logged and ignored so as not to prevent the current
folder history.
* Fix merge conflicts
* Reduce scanning on GetAlertRuleVersionFolders by grouping in query
**What is this feature?**
Add `rule_matcher` filter to the Prometheus-compatible list rules API: `/api/prometheus/grafana/api/v1/rules`. It allows to filter rules by static labels (not by alert instance labels).
**Special notes:**
- Equality (`=`) and inequality (`!=`) matchers are pushed down to the database. Regex matchers (`=~`, `!~`) are applied in-memory at the API layer.
- SQLite: Uses GLOB pattern matching
- MySQL / PostgreSQL: Use JSON functions to compare label values
---------
Co-authored-by: Konrad Lalik <konradlalik@gmail.com>
Enhancement: Introduce optimized folder permission relations and new permission definitions
- Added `can_get_permissions` and `can_set_permissions` relations to enhance permission management.
- Implemented `FolderPermissionRelation` function to optimize permission checks for folder resources.
- Updated `checkTyped` and `listTyped` methods to utilize optimized relations for permission management.
- Introduced a new benchmark test file for performance evaluation of permission checks and listings.
* init
* it works! but what a mess
* nil ptr bug
* split up client.go
* split up search_request.go
* split up data_query.go
* split up response_parser
* fix merge
* update handling request
* raw dsl agg parser
* change rawQuery to rawDSLQuery
* agg parser works but needs work
* clean up agg parser
* fix bugs with raw dsl parsers
* feature toggle
* fix tests
* editor type selector
* editor type added
* add fix builder vs code by not using same query field
* clean up
* fix lint
* pretty
* editor type selection should be behind ft
* adam's feedback
* prettier
Ryan McKinley
Yuri Tseretyan
Will Assis
Will Browne
Peter Štibraný
Victor Marin
Matthew Jacobson
Alexander Akhmetov
mohammad-hamid
Sarah Zinger
Andres Martinez Gotor
Yulia Shanyrova
Daniele Stefano Ferru
Levente Balogh
Matheus Macabu
Georges Chaudy
Misi
Santiago
Andrew Hackmann
alerting-team[bot]
Jean-Philippe Quéméner
colin-stuart
Renato Costa
Alexander Zobnin
William Wernert
Serge Zaitsev
Charandas
Andres Torres
Ashley Harrison
Stephanie Hingtgen
Tania
Yunwen Zheng
Todd Treece