* Get ResourceStats before indexing
* Replaced localcache.CacheService to handle expiration faster (localcache.CacheService / gocache.Cache only expires values at specific interval, but we need to close index faster)
* singleflight getOrBuildIndex for the same key
* expire only in-memory indexes
* file-based indexes have new name on each rebuild
* Sanitize file path segments, verify that generated path is within the root dir.
* Add comment and test for cleanOldIndexes.
* Auth: Add functional option for static requester methods
Initially supporting WithServiceIdentityName to set a ServiceIdentity
inside the Claims.Rest object, so that Secrets Manager can parse
the service requesting secret decryption.
On Secret creation, the service will have to pass its identity
(which is a freeform string) to the SecureValues' Decrypters object.
This field gates which services are allowed to decrypt the SecureValue.
And upon decryption, the service should build a static identity with
that same service identity name when calling the decrypt service.
* StaticRequester: Put secret decrypt permission in access token claims
* StaticRequester: Inline getTokenPermissions function
* replace PostableUserConfig with GrafanaAlertmanagerConfig to decouple from internal Grafana models
* update alertmanager + tests
* calculate hash of the GrafanaAlertmanagerConfig
* Folders: disable TestIntegrationFoldersGetAPIEndpointK8S
it's breaking the enteprise CI pipeline
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
* Run only against sqlite
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
* noop: force backend change
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
---------
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
* PoC: check if testing.Short is called from integration tests only.
* Rename helper function.
* Fix logic.
* Remove skipping of integration tests from non-integration tests.
* Remove skipping of integration tests from non-integration tests.
* Fix import.
* Secrets: make operations sync
* k8s gen / update query to list secure values to include the version
* always store new version of a secret
* make update-workspace
* go mod tidy
* update queries
* update queries
* improve and use testutils in decrypt_store_test
* fix broken test
* make update-workspace
* ./hack/update-codegen.sh secret
* update Test_SecureValueMetadataStorage_CreateAndRead
* undo dependency changes
* linter: fix remaining errors
---------
Co-authored-by: Matheus Macabu <macabu.matheus@gmail.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
* Bump nanogit 2025-07-09
This version contains significant performance improvements in memory and
CPU thanks to optimizing buffers, using a faster zlib library and using
streaming instead of loading everything in memory.
* Folders: reenable unit test TestFoldersCreateAPIEndpointK8S
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
* reenable unit test TestFoldersGetAPIEndpointK8S
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
---------
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
* Add access token as third source for user info extraction
- Add extractFromAccessToken method to extract user info from JWT access tokens
- Mutualize code by creating parseUserInfoFromJSON helper method
- Rename methods for clarity: extractFromToken -> extractFromIDToken, retrieveRawIDToken -> retrieveRawJWTPayload
- Update test suite to include comprehensive access token retrieval scenarios
- Support three sources in priority order: ID token, API response, access token
- Maintain backward compatibility while adding new functionality
* Update Generic OAuth documentation to reflect access token support
- Add access token as a third source for user information extraction
- Update configuration sections to mention access tokens alongside ID tokens and UserInfo endpoint
- Document the priority order: ID token → UserInfo endpoint → access token
- Update configuration option descriptions to reflect new functionality
- Maintain consistency with implementation changes
* Refactor access token test cases to use parameter instead of hardcoded logic
- Add AccessToken field to test case struct for explicit access token specification
- Remove hardcoded string matching logic that determined access token based on test name
- Update all access token test cases to include the AccessToken field with appropriate JWT values
- Improve test maintainability and clarity by making access tokens explicit parameters
- Remove unused strings import that was only needed for the hardcoded logic
* fix doc lint
* reduce cyclomatic complexity
* Dashboard: Add ability to search by folder name in library panels
* restore to main to fix linting issues
* restore from main to avoid go linting issues
* add logic to the writers.go that search by folder title if folder is not passed
* add missing left joing from the folder table
* Add extra logic to prevent folder searches without permission
* fix go linting issue about memory
* Add test when searching by folder name
* Refactor tests to include a bit more validation
* apply feedback and use SearchFolder from search folder service
* clean up comments
* Update pkg/services/libraryelements/database.go
Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
* Fix logic of early return
* Extract into a function and remove the left join
* Apply feedback to be aligned with idiomatic go
* Apply suggestion from @evictorero
Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
* fix liting
---------
Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
