* update generated iam client
* update API
* with meta api
* regenerate client
* with identify ref
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* create new generated iam api client and use in query library
* update betterer
* use new createBaseQuery method
* update CODEOWNERS
* fix unit tests
* use shared type
* update comment
* fix test
* Extract "PermissionStore" from general store interface
* Add static and union permission stores
* Add GetStaticRoles
* Use accesscontrol.Service for inproc to provide static permissions
* Unistore: Ensure deprecated Folder ID gets stored on all modes
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
---------
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
* Remove "wrapper" interface and only check feature toggle for grpc and cloud mode
* Only set name for update checks
* Set dashboard permissions for admin user
* Zanzana: Remove usage from legacy access control
* remove unused
* remove zanzana client from services where it's not used
* remove unused metrics
* fix linter
* Alerting: PoC - default template in k8s templategroup API
* Move code to grafana/alerting
* Move validation to admission validation abstraction
* Testing
* Linting
* Workspace update
* Update grafana/alerting hash to the merged commit
* More user-friendly name and remove need for CREATE/UPDATE validation
Use __default__ for k8s object name and UID so that we don't need to restrict
CREATE/UPDATE for similarly named user-owned templates.
* Implement k8s count handler
* Fix endpoint
* Fix type converstions
* Add tests for foldercounts
* Add more tests
* Only use sql-fallback if no values in unistore
* Update gomod
* Fix test
* Update pkg/api/folder_test.go
Co-authored-by: Bruno Abrantes <bruno.abrantes@grafana.com>
* Go.mod
---------
Co-authored-by: Bruno Abrantes <bruno.abrantes@grafana.com>
* create notifications module and generate models
* switch template group to app models
* switch time intervals to use app models
* switch receiver to use app models
* switch routing tree to use app models
* move schema registration to resource packages
* fix package names to match app
* fix codeowners
* fix UI to use metadata.name instead of uid
* update dockerfile
* move generated models to pkg
* remove provenance from field selector
* move client factories to test files
* rename GenericClient to TypedClient
* Support importing local cue modules when generating TS types with cog
* Generate enums as unions of values instead of an actual `enum` statement
* Update transformers to use the new TS enums
* Update go workspaces
---------
Co-authored-by: Ivan Ortega <ivanortegaalba@gmail.com>
* Enable getting folders with kubernetes client
* Add TestIntegrationFolderGetPermissions
* Set full path as part of legacy get
* Replace implementation for setting fullpath
* Add folder get test
* Escape forward slash in parent titles
* Replace test for access control metadata
* Add test case to TestIntegrationFolderGetPermissions
* Improve fetching of access control
* Support delete endpoint for folders
* Include authorizer
* Add test for delete verb
* Add delete command to delete options
* Pass query string to context to admission
* Dont support nested folder deletion for now
* Skip test if feature flag is present
* Add test case
* Remove comment
* Only rely on the storage type config to run alerting tests
* Dont change legacy subpath
* Remove unised function
* Add test case when an editor can delete alert rules
* Lint
* Fix folder status error message
* Add test for folder creation response message
* Add TestFoldersCreateAPIEndpointK8S fixes
* Fix message returned when user has no permissions
* Introduce new models RoutingTree, RouteDefaults and Route and api-server to serve them that is backed by provisioning notification policy service.
* update method UpdatePolicyTree of notification policy service to return route and new version
* declare new actions alert.notifications.routes:read and alert.notifications.routes:write and two corresponding fixed roles.
---------
Co-authored-by: Tom Ratcliffe <tom.ratcliffe@grafana.com>
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
* extracted in-proc mode to #93124
* allow insecure conns in dev mode + refactoring
* removed ModeCloud, relying on ModeGrpc and stackID instead to discover if we're running in Cloud
* remove the NamespaceAuthorizer would fail in legacy mode. It will be added back in the future.
* use FlagAppPlatformGrpcClientAuth to enable new behavior, instead of legacy
* extracted authz package changes in #95120
* extracted server side changes in #95086
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: gamab <gabriel.mabille@grafana.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
* ds-querier: return QDR instead of k8s error
After parseQuery we know the request is a valid k8s request but we don't
know if the query is valid, therefore this change returns a QDR that
other systems, e.g. alerting ruler, can de-serialize properly.
Co-authored-by: Gábor Farkas <gabor.farkas@gmail.com>
* ds-querier: fix tests
Co-authored-by: Sarah Zinger <sarah.zinger@grafana.com>
* tweak status
* refactor refID to empty
---------
Co-authored-by: Gábor Farkas <gabor.farkas@gmail.com>
Co-authored-by: Sarah Zinger <sarah.zinger@grafana.com>
* All objects should have an UID
* Now with a different error message
* Simplify create on DW 2: use the same object to write to both storages
* Run only one test
* Add check for status code
* Add name if it's not present in mode2
* Populate UID in legacy
* Remove logs and commented code
* Change dualwriter1
* Remove commented code
* Fix list test
* remove get on update from dualwriter 2
* Get object before updating. Better var renaming
* Finish rebasing
* Comment test
* Uncomment tests
* Update legacy first. Add preconditions
* Remove preconditions
* Fix update test
* copy RV from unified to legacy objects
* revert changes to playlist xorm store
* Improve logging. Add go routines for mode3
* Add tests for async funcs in mode3
* Lint
* Lint
* Lint. Start to fix tests
* Fix watcher tests
* Fix store tests
* Fiinish fixing watcher tests
* Fix server tests
* add name check
* Update pkg/apiserver/rest/dualwriter_mode1.go
Co-authored-by: Bruno Abrantes <bruno.abrantes@grafana.com>
* All objects should have an UID
* Now with a different error message
* Simplify create on DW 2: use the same object to write to both storages
* Run only one test
* Add check for status code
* Add name if it's not present in mode2
* Populate UID in legacy
* Remove logs and commented code
* Change dualwriter1
* Remove commented code
* Fix list test
* remove get on update from dualwriter 2
* Get object before updating. Better var renaming
* Finish rebasing
* Comment test
* Uncomment tests
* Fix update test
* revert changes to playlist xorm store
* Improve logging. Add go routines for mode3
* Lint
* Fix watcher tests
* Fiinish fixing watcher tests
* Add mode 5 with etcd test case. Add early check to fail on populated RV in payload
* we can't set RV to the found object when updating
* Lint
* Don't fail on update playlists
* Name should not be different when updating and it should be not empty on creating
* Fix tests
* Update pkg/apiserver/rest/dualwriter_mode2.go
Co-authored-by: Todd Treece <360020+toddtreece@users.noreply.github.com>
* Lint
* Fix mode 5 tests
* Lint
* Add generateName condition on every mode. Fix tests
* Lint
* Add condition on where name or generate name have to be set
* Fix test
* Lint
* Fix folders test
* We dont need to send name for mode1
* Fail if UID is not present
* Remove change from not running test
* Remove unused line
* Lint
* Update pkg/storage/unified/apistore/store.go
Co-authored-by: Todd Treece <360020+toddtreece@users.noreply.github.com>
* Improve error message
* Fix broken watcher test
* Fail on name mismatch on update
* Remove log
* Make sure UIDs match on create in both stores
* Lint
* Write first to unified storage
* Remove uid setting
* Remove RV only in mode2
* Fix test. Remove log line
* test
* No need to asser on RV in mode3
* Remove RV check due to race condition
* Update dualwriter.go
Co-authored-by: Georges Chaudy <chaudyg@gmail.com>
* Update pkg/storage/unified/client.go
* remove unused parameter
* log an error for object is missing UID instead of returning an error
* remove obj.SetResourceVersion("")
* log an error for object is missing UID instead of returning an error
* FInalise merge
* Move RV check to where it was
* Remove name check
* Remove server check for backwards compatibility
* Remove unused fn
* Move test checks for another PR
* Dont commit go work sum changes
* Only log error if RV is present for now.
---------
Co-authored-by: Todd Treece <todd.treece@grafana.com>
Co-authored-by: Bruno Abrantes <bruno.abrantes@grafana.com>
Co-authored-by: Todd Treece <360020+toddtreece@users.noreply.github.com>
Co-authored-by: Georges Chaudy <chaudyg@gmail.com>
Previously all receiver modifications were denied with alertingApiServer
enabled. This allows pure creates and deletes through as these specific
cases can be handled simply and without risk of rbac shenanigans.
* Implement uidToResourceID
* add middleware
* Move uidToResourceID to alerting package
* Only hash uid if it's too long
* Use hashed uid in access control
* Move ReceiverUidToResourceId to ScopeProvider
* resolve uid in middleware only if param exists
* Tests
* Linting
---------
Co-authored-by: Yuri Tseretyan <yuriy.tseretyan@grafana.com>
