Upgrades the version of Go used to build Grafana v9.1.x to 1.19.1.
Backport of Chore: Upgrade Go to 1.19.1 #54902
Backport of Chore: Update swagger to v0.30.2 #55159
The length of the identifier from the underlying library is 9 or more characters depending on the rate at which the identifiers are generated. See https://pkg.go.dev/github.com/teris-io/shortid
The test previously made the assumption that the length will always be 10, which would intermittently fail.
(cherry picked from commit 647997cc4c)
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
This restores the FromAlert header to prometheus for Grafana managed alert Queries.
It does this by reverting "Prometheus: Remove middleware for custom headers (#51518)" , but also changing it so it is only the FromAlert header.
This reverts commit 2372501368.
(cherry picked from commit 27288276a2)
Co-authored-by: Kyle Brandt <kyle@grafana.com>
This commit fixes a bug where queries from datasources such as InfluxDB that returned no data would not create a DatasourceNoData alert, but instead an error "can only reduce type series, got type noData".
(cherry picked from commit 7d20766ae9)
Co-authored-by: George Robinson <george.robinson@grafana.com>
* apply security fix for admin only folder migration (#482)
* Data source: prevent from using auth proxy header as custom data source header (#474)
* applying changes from 446/fix-user-escalation-through-auth-proxy
* linting
* only validate custom headers if auth proxy is enabled
* import ordering
* add links to CVE
* clean up
* remove typo
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
(cherry picked from commit 0100a6aa9645313b25a79a17d947cbf936cc4e76)
(cherry picked from commit c048378ad5)
* OAuth: Allow assigning Server Admin (#54780)
* extract errors to errors file
* implement oauth server admin assignment
* add server admin tests
* deduplicate autoAssignOrgRole
* deduplicate strict setting
* deduplicate strict setting
* add support for generic oauth
* add role attribute strict support for generic oauth
* add support for github/gitlab
* assignGrafanaAdmin option is here to stay
* unify similar errors
* add config option
* add okta server admin mapping
* remove never used Company attribute
* unify generic oauth role extract with other methods
* case insensitive role match as in azure
* add ini settings
* add server admin to devenv
* remove duplicate fields
* add documentation to oauth
* fix titlecase test
* implement doc feedback
(cherry picked from commit ef245874da)
* Auth: Restore legacy behavior and add deprecation notice for empty org role in oauth (#55118)
* Auth: Add deprecation notice for empty org role
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* fix recasts
* fix azure tests missing logger
* Adding test to gitlab oauth
* Covering more cases
* Cover more options
* Add role attributestrict check fail
* Adding one more edge case test
* Using legacy for gitlab
* Yet another edge case YAEC
* Reverting github oauth to legacy
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Not using token
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Nit.
* Adding warning in docs
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* add warning to generic oauth
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Be more precise
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Adding warning to github oauth
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Adding warning to gitlab oauth
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Adding warning to okta oauth
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Add docs about mapping to AzureAD
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Clarify oauth_skip_org_role_update_sync
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Nit.
* Nit on Azure AD
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Reorder docs index
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Fix typo
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: gamab <gabi.mabs@gmail.com>
(cherry picked from commit 00e7324bf6)
* Auth: Allow admins to manually change oauth user role if `oauth_skip_org_role_update_sync` is enabled (#55182)
* Auth: Allow admins to change oauth user info it it's not synced.
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Update public/app/features/admin/UserAdminPage.tsx
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Add missing import
* Simplify init
Co-authored-by: Josh Hunt <joshhunt@users.noreply.github.com>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* SAML: Add option to skip org role sync (#55230)
* SAML: Add option to skip org role sync
* Modify frontend accordingly
* Remove update from config option name
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Remove update from config option name
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Fix typo
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: gamab <gabi.mabs@gmail.com>
Co-authored-by: Josh Hunt <joshhunt@users.noreply.github.com>
(cherry picked from commit 3e2e9f93b9)
* Update gitlab_oauth_test.go
* Update gitlab_oauth_test.go
This commit fixes a bug where we did not send resolved alerts to Alertmanager for resolved alert instances. This meant that resolved notifications did not have the annotations from the resolved state, and a result did not also have the resolved screenshot.
(cherry picked from commit 5561f935e6)
Co-authored-by: George Robinson <george.robinson@grafana.com>
* Extract standardized UID field length to constant
* Extract default length to constant
* Truncate rule names that are too long
* Add tests for name normalization
* Fix whitespace lint error
* Another linter fix
* Empty commit to kick build
(cherry picked from commit 9f45e2e706)
Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com>
* Alerting: Sanitize invalid label/annotation names for external alertmanagers
Grafana's built-in Alertmanager supports both Unicode label keys and values; however, if using an external
Prometheus Alertmanager label keys must be compatible with their data model.
This means label keys must only contain ASCII letters, numbers, as well as underscores and match the regex
`[a-zA-Z_][a-zA-Z0-9_]*`.
Any invalid characters will now be removed or replaced by the Grafana alerting engine before being sent to
the external Alertmanager according to the following rules:
- `Whitespace` will be removed.
- `ASCII characters` will be replaced with `_`.
- `All other characters` will be replaced with their lower-case hex representation.
* Prefix hex replacements with `0x`
* Refactor for clarity
* Apply suggestions from code review
Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com>
Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com>
(cherry picked from commit 940d18ad57)
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
* Add test that resetting the route restores the default receiver
* Return error instead of panic
* Adjust error string to match styleguide
(cherry picked from commit b193eaed6e)
Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com>
* Fix incorrect propagation of org ID in rule endpionts (#54603)
(cherry picked from commit b8d1474609)
* Work around OrgId -> OrgID rename in backport
Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com>
* RBAC: Fix resolver issue on wildcard resulting in wrong status code for endpoints (#54208)
* RBAC: Test evaluation before attaching mutator
* RBAC: Return error if no resolver is found for scope
* RBAC: Sync changes to evaluation in mock
* RBAC: Check for resolver not found error and just fail the evaluation in that case
(cherry picked from commit 552d3fec8d)
Removes various custom headers logic sprinkled around in the backend.
It should automatically be applied to outgoing HTTP requests via the
CustomHeadersMiddleware.
This also removes decryption of SecureJSONData to populate custom
headers in ngalert which seemed to have caused a ton of CPU usage.
(cherry picked from commit 87afd9cadc)
* Search: use SQL search as a fallback when bluge indexing is ongoing
* Search: lint
* Search: feedback fixes - return an empty frame with a special name
* Search: revert readiness check query type
* Search: remove println
* remove sleep, get coffee
(cherry picked from commit 74158ed66b)
The URL of screenshots uploaded to external image storages can be optionally signed, resulting in a long string (800+ chars).
Co-authored-by: Valério Valério <vdv100@gmail.com>
* update RouteDeleteAlertRules rules to update as a group
* remove expecter from scheduler mock to support variadic function
* create function to check for provisioning status + tests
