Alerting: Update migration to put alerts to the default folder if dashboard folder is missing (#65577)
* extract function
* use context logger
* put alert to general folder if folder is missing
* move folderHelper init
* add test
* Update pkg/services/sqlstore/migrations/ualert/ualert.go
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
---------
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
(cherry picked from commit 7b2f44762e)
# Conflicts:
# pkg/services/sqlstore/migrations/ualert/migration_test.go
# pkg/services/sqlstore/migrations/ualert/ualert.go
We also need to upgrade the linter together with the Go version, all the changes should relate to either fixing linting problems or upgrading the Go version used to build Grafana.
* remove support for v1
(cherry picked from commit 8630a7a991af74edc4030f57d37a4bc263202fde)
* Security: Make proxy endpoints not leak sensitive HTTP headers
Fixes CVE-2022-31130
(cherry picked from commit 2974574a53ab6d26be7b706e76271173a91fea3a)
* Security: Fix do not forward login cookie in outgoing requests
(cherry picked from commit 54a32fc83b233f5910495b5fcca0b4f881221538)
* Add test for username/login field conflict
(cherry picked from commit 7aabcf2694)
* Swap order of login fields
(cherry picked from commit 5ec176cada)
* "Release: Updated versions in package to 8.5.14" (#547)
Co-authored-by: Will Browne <will.browne@grafana.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
Co-authored-by: Grot (@grafanabot) <43478413+grafanabot@users.noreply.github.com>
* Data source: prevent from using auth proxy header as custom data source header (#477)
* apply security changes for auth proxy permission escalation
* add links to CVE
* remove duplicate check
* apply security fix for admin only folder migration (#484)
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Alerting: Don't stop the migration when alert rule tags are invalid
As we migrate we expect the `alertRuleTags` on a dashboard alert to be a JSON object. However, it seems this is not really validated by Grafana and an user can change the format to something else that the JSON parser is not able to marshal into a `map[string]string`.
Let's do a bit better by "attempting" to parse the tags and if we can't we'll simple return an empty map. The data is still there so if the user wishes they can go back, fix the data and attemp the migration again.
(cherry picked from commit 90646e7f41)
* Generate additional actions when setting folder permissions in acl list
* Add migration for managed folder permissions to include alert rule
actions
(cherry picked from commit bdff63d4a8)
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* add migrator to drop folder create actions that was set fromt he folder (#49878)
(cherry picked from commit f4f25d911b)
* Add missing const
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: gamab <gabi.mabs@gmail.com>
After migrating to unified alerting, users must explicitly allow rolling
back to legacy alerting by setting force_migration = true in config.
This updates the panic message to clarify why that's required and what
the consequences of rolling back will be.
Fixes#50469
(cherry picked from commit 30f035ca34)
Co-authored-by: Joe Blubaugh <joe.blubaugh@grafana.com>
* Update migration to migrate only alerts that belong to existing org\dashboard
(cherry picked from commit d87fdc1037)
Co-authored-by: Yuriy Tseretyan <yuriy.tseretyan@grafana.com>
* Alerting: add safeguard for migrations that might cause dataloss
* add test for panic
* add documentation
(cherry picked from commit 0a87ef06af)
Co-authored-by: Jean-Philippe Quéméner <JohnnyQQQQ@users.noreply.github.com>
* Alerting: Create fewer contact points on migration
Previously a new contact point was created for every unique combination
of channels attached to any legacy alert. This was very hard to maintain,
requiring modifications in every generated contact point.
This change deduplicates the generated contact points to a more
reasonable state. There should now only be one contact point per legacy
channel, and we attached multiple contact points to a route by nesting
them. The sole exception to this is if there were multiple default
legacy channels, in which case we create a redundant contact point
containing all of them used only in the root policy. This allows for a
much simpler notification policy structure.
Co-authored-by: gotjosh <josue.abreu@gmail.com>
(cherry picked from commit 0301d956da)
Adds tests for:
what circumstances should trigger alert migration from legacy alerting to unified alerting.
the execution of the migration itself.
Co-authored-by: gotjosh <josue.abreu@gmail.com>
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
* use common traceID context value for opentracing and opentelemetry
* support sampled trace IDs as well
* inject traceID into NormalResponse on errors
* Finally the test passed
* fix the test
* fix linter
* change the function parameter
Co-authored-by: Ying WANG <ying.wang@grafana.com>
(cherry picked from commit 41012af997)
Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
* Chore: remove bus from contexthandler
* remove bus from orgredirect
(cherry picked from commit 2cf88cfec8)
Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
* Chore: Remove bus from contexthandler
* fix tests
* try different wire binding
* maybe remove a few more dispatches
* fix tests
(cherry picked from commit d153d896c5)
Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
* pass in user to attribute scope resolver
* add SQL filter to annotation listing
* check annotation FGAC permissions before exposing them for commenting
* remove the requirement to be able to list all annotations from annotation listing endpoint
* adding tests for annotation listing
* remove changes that got moved to a different PR
* unused var
* Update pkg/services/sqlstore/annotation.go
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* remove unneeded check
* remove unneeded check
* undo accidental change
* undo accidental change
* doc update
* move tests
* redo the approach for passing the user in for scope resolution
* accidental change
* cleanup
* error handling
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
(cherry picked from commit ef4c2672b3)
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Clean up orgId when user organization is removed
* Add a test for removing user org
* Fix linting errors
* Update comment
* Fix linting errors
* Make removing user org more explicit
* Use alert:create action for folder search with edit permissions. This matches the action that is used to query dashboards (the update will be addressed later)
* Update rule store to use FindDashboards instead of folder service to list folders the user has access to view alerts. Folder service does not support query type and additional filters.
* Do not check whether the user can save to folder if FGAC is enabled because it is checked on API level.
* use uid:s for folder and dashboard permissions
* evaluate folder and dashboard permissions based on uids
* add dashboard.uid to accept list
* Check for exact suffix
* Check parent folder on create
* update test
* drop dashboard:create actions with dashboard scope
* fix typo
* AccessControl: test id 0 scope conversion
* AccessControl: store only parent folder UID
* AccessControl: extract general as a constant
* FolderServices: Prevent creation of a folder uid'd general
* FolderServices: Test folder creation prevention
* Update pkg/services/guardian/accesscontrol_guardian.go
* FolderServices: fix mock call expect
* FolderServices: remove uneeded mocks
Co-authored-by: jguer <joao.guerreiro@grafana.com>
* Alerting: add collision safe update function for alertmanager configurations
* fix typo
* use bootstrap func for tests
* move hash calculation to store
* remove icons lol
* remove removed field
* Move DeleteDashboard funtion into dashboards store service, remove bus and update tests
* Remove bus from folder service and update more tests
* Fix mock
