"Release: Updated versions in package to 9.1.0" (#460)

Co-authored-by: Erik Sundell <erik.sundell87@gmail.com>
(cherry picked from commit c8fc840865)

Co-authored-by: Torkel Ödegaard <torkel@grafana.com>

.betterer.ts

@@ -1,28 +1,18 @@
 import { regexp } from '@betterer/regexp';
-import { eslint } from '@betterer/eslint';
 import { BettererFileTest } from '@betterer/betterer';
+import { ESLint, Linter } from 'eslint';
+import { existsSync } from 'fs';
 
 export default {
   'no enzyme tests': () => regexp(/from 'enzyme'/g).include('**/*.test.*'),
-  'better eslint': () =>
-    eslint({
-      '@typescript-eslint/no-explicit-any': 'error',
-      '@typescript-eslint/consistent-type-assertions': [
-        'error',
-        {
-          assertionStyle: 'never',
-        },
-      ],
-    }).include('**/*.{ts,tsx}'),
-  'no undocumented stories': () => countUndocumentedStories().include('**/*.{story.tsx,mdx}'),
+  'better eslint': () => countEslintErrors().include('**/*.{ts,tsx}'),
+  'no undocumented stories': () => countUndocumentedStories().include('**/*.story.tsx'),
 };
 
 function countUndocumentedStories() {
   return new BettererFileTest(async (filePaths, fileTestResult) => {
-    const storyFilePaths = filePaths.filter((filePath) => filePath.endsWith('story.tsx'));
-    const mdxFilePaths = filePaths.filter((filePath) => filePath.endsWith('mdx'));
-    storyFilePaths.forEach((filePath) => {
-      if (!mdxFilePaths.includes(filePath.replace(/\.story.tsx$/, '.mdx'))) {
+    filePaths.forEach((filePath) => {
+      if (!existsSync(filePath.replace(/\.story.tsx$/, '.mdx'))) {
         // In this case the file contents don't matter:
         const file = fileTestResult.addFile(filePath, '');
         // Add the issue to the first character of the file:
@@ -31,3 +21,49 @@ function countUndocumentedStories() {
     });
   });
 }
+
+function countEslintErrors() {
+  return new BettererFileTest(async (filePaths, fileTestResult, resolver) => {
+    const { baseDirectory } = resolver;
+    const cli = new ESLint({ cwd: baseDirectory });
+
+    await Promise.all(
+      filePaths.map(async (filePath) => {
+        const linterOptions = (await cli.calculateConfigForFile(filePath)) as Linter.Config;
+
+        const rules: Partial<Linter.RulesRecord> = {
+          '@typescript-eslint/no-explicit-any': 'error',
+        };
+
+        if (!filePath.endsWith('.test.tsx') && !filePath.endsWith('.test.ts')) {
+          rules['@typescript-eslint/consistent-type-assertions'] = [
+            'error',
+            {
+              assertionStyle: 'never',
+            },
+          ];
+        }
+
+        const runner = new ESLint({
+          baseConfig: {
+            ...linterOptions,
+            rules,
+          },
+          useEslintrc: false,
+          cwd: baseDirectory,
+        });
+
+        const lintResults = await runner.lintFiles([filePath]);
+        lintResults
+          .filter((lintResult) => lintResult.source)
+          .forEach((lintResult) => {
+            const { messages } = lintResult;
+            const file = fileTestResult.addFile(filePath, '');
+            messages.forEach((message, index) => {
+              file.addIssue(0, 0, message.message, `${index}`);
+            });
+          });
+      })
+    );
+  });
+}

.drone.star

@@ -4,12 +4,12 @@
 # 3. Run `make drone`
 # More information about this process here: https://github.com/grafana/deployment_tools/blob/master/docs/infrastructure/drone/signing.md
 
-load('scripts/drone/pipelines/pr.star', 'pr_pipelines')
-load('scripts/drone/pipelines/main.star', 'main_pipelines')
+load('scripts/drone/events/pr.star', 'pr_pipelines')
+load('scripts/drone/events/main.star', 'main_pipelines')
 load('scripts/drone/pipelines/docs.star', 'docs_pipelines')
-load('scripts/drone/pipelines/release.star', 'release_pipelines', 'publish_image_pipelines', 'publish_artifacts_pipelines', 'publish_npm_pipelines', 'publish_packages_pipeline')
+load('scripts/drone/events/release.star', 'release_pipelines', 'publish_image_pipelines', 'publish_artifacts_pipelines', 'publish_npm_pipelines', 'publish_packages_pipeline', 'artifacts_page_pipeline')
 load('scripts/drone/version.star', 'version_branch_pipelines')
-load('scripts/drone/pipelines/cron.star', 'cronjobs')
+load('scripts/drone/events/cron.star', 'cronjobs')
 load('scripts/drone/vault.star', 'secrets')
 
 def main(ctx):
@@ -17,5 +17,5 @@ def main(ctx):
     return pr_pipelines(edition=edition) + main_pipelines(edition=edition) + release_pipelines() + \
         publish_image_pipelines('public') + publish_image_pipelines('security') + \
         publish_artifacts_pipelines('security') + publish_artifacts_pipelines('public') + \
-        publish_npm_pipelines('public') + publish_packages_pipeline() + \
+        publish_npm_pipelines('public') + publish_packages_pipeline() + artifacts_page_pipeline() + \
         version_branch_pipelines() + cronjobs(edition=edition) + secrets()

.eslintignore

@@ -17,7 +17,7 @@ vendor
 # TS generate from cue by cuetsy
 **/*.gen.ts
 
-# Auto-generated localisation files
+# Auto-generated internationalization files
 public/locales/_build/
 public/locales/**/*.js
 

.github/CODEOWNERS

@@ -38,10 +38,10 @@ go.sum @grafana/backend-platform
 # Observability backend code
 /pkg/tsdb/prometheus @grafana/observability-metrics
 /pkg/tsdb/influxdb @grafana/observability-metrics
-/pkg/tsdb/elasticsearch @grafana/observability-logs-and-traces
+/pkg/tsdb/elasticsearch @grafana/observability-logs
 /pkg/tsdb/graphite @grafana/observability-metrics
 /pkg/tsdb/jaeger @grafana/observability-logs-and-traces
-/pkg/tsdb/loki @grafana/observability-logs-and-traces
+/pkg/tsdb/loki @grafana/observability-logs
 /pkg/tsdb/zipkin @grafana/observability-logs-and-traces
 /pkg/tsdb/tempo @grafana/observability-logs-and-traces
 
@@ -108,6 +108,7 @@ pkg/tsdb/testdatasource/sims/ @grafana/grafana-edge-squad
 /public/app/features/comments/ @grafana/grafana-edge-squad
 /public/app/features/dimensions/ @grafana/grafana-edge-squad
 /public/app/features/geo/ @grafana/grafana-edge-squad
+/public/app/features/storage/ @grafana/grafana-edge-squad
 /public/app/features/live/ @grafana/grafana-edge-squad
 /public/app/features/explore/ @grafana/observability-experience-squad
 /public/app/features/plugins @grafana/plugins-platform-frontend
@@ -116,7 +117,7 @@ pkg/tsdb/testdatasource/sims/ @grafana/grafana-edge-squad
 /public/app/plugins/panel/barchart @grafana/grafana-bi-squad
 /public/app/plugins/panel/heatmap @grafana/grafana-bi-squad
 /public/app/plugins/panel/histogram @grafana/grafana-bi-squad
-/public/app/plugins/panel/logs @grafana/observability-logs-and-traces
+/public/app/plugins/panel/logs @grafana/observability-logs
 /public/app/plugins/panel/nodeGraph @grafana/observability-logs-and-traces
 /public/app/plugins/panel/piechart @grafana/grafana-bi-squad
 /public/app/plugins/panel/state-timeline @grafana/grafana-bi-squad
@@ -143,18 +144,19 @@ lerna.json @grafana/frontend-ops
 .eslintrc @grafana/frontend-ops
 .pa11yci.conf.js @grafana/user-essentials
 .pa11yci-pr.conf.js @grafana/user-essentials
+.betterer.results @joshhunt
 
 # @grafana/ui component documentation
 *.mdx @marcusolsson @jessover9000 @grafana/plugins-platform-frontend
 
 # Core datasources
 /public/app/plugins/datasource/cloudwatch @grafana/aws-plugins
-/public/app/plugins/datasource/elasticsearch @grafana/observability-logs-and-traces
+/public/app/plugins/datasource/elasticsearch @grafana/observability-logs
 /public/app/plugins/datasource/grafana-azure-monitor-datasource @grafana/cloud-provider-plugins
 /public/app/plugins/datasource/graphite @grafana/observability-metrics
 /public/app/plugins/datasource/influxdb @grafana/observability-metrics
 /public/app/plugins/datasource/jaeger @grafana/observability-logs-and-traces
-/public/app/plugins/datasource/loki @grafana/observability-logs-and-traces
+/public/app/plugins/datasource/loki @grafana/observability-logs
 /public/app/plugins/datasource/mssql @grafana/grafana-bi-squad
 /public/app/plugins/datasource/mysql @grafana/grafana-bi-squad
 /public/app/plugins/datasource/opentsdb @grafana/backend-platform

.github/commands.json

@@ -79,7 +79,7 @@
     "name":"datasource/Azure",
     "action":"addToProject",
     "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/97"
+      "url":"https://github.com/orgs/grafana/projects/190"
     }
   },
   {
@@ -103,7 +103,7 @@
     "name":"datasource/GoogleCloudMonitoring",
     "action":"addToProject",
     "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/97"
+      "url":"https://github.com/orgs/grafana/projects/190"
     }
   },
   {
@@ -138,20 +138,12 @@
       "url":"https://github.com/orgs/grafana/projects/112"
     }
   },
-  {
-    "type":"label",
-    "name":"datasource/OpenSearch",
-    "action":"addToProject",
-    "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/110"
-    }
-  },
   {
     "type":"label",
     "name":"datasource/Loki",
     "action":"addToProject",
     "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/110"
+      "url":"https://github.com/orgs/grafana/projects/203"
     }
   },
   {
@@ -167,7 +159,7 @@
     "name":"datasource/Elasticsearch",
     "action":"addToProject",
     "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/110"
+      "url":"https://github.com/orgs/grafana/projects/203"
     }
   },
   {

.github/workflows/bump-version.yml

@@ -74,7 +74,7 @@ jobs:
           repository: "grafana/grafana-github-actions"
           path: ./actions
           ref: main
-      - uses: actions/setup-node@v3.3.0
+      - uses: actions/setup-node@v3.4.0
         with:
           node-version: '16'
       - name: Install Actions

.github/workflows/cloud-data-sources-code-coverage.yml

@@ -14,4 +14,7 @@ on:
 
 jobs:
   workflow-call:
-    uses: grafana/code-coverage/.github/workflows/code-coverage.yml@v0.1.2
+    uses: grafana/code-coverage/.github/workflows/code-coverage.yml@v0.1.6
+    with:
+      frontend-path-regexp: public\/app\/plugins\/datasource\/(grafana-azure-monitor-datasource|cloud-monitoring|cloudwatch)
+      backend-path-regexp: pkg\/tsdb\/(azuremonitor|cloudmonitoring|cloudwatch)

.github/workflows/doc-validator.yml

@@ -0,0 +1,16 @@
+name: "doc-validator"
+on:
+  pull_request:
+    paths: ["docs/sources/**"]
+  workflow_dispatch:
+jobs:
+  doc-validator:
+    runs-on: "ubuntu-latest"
+    container:
+      image: "grafana/doc-validator:latest"
+    steps:
+      - name: "Checkout code"
+        uses: "actions/checkout@v3"
+      - name: "Run doc-validator tool"
+        # Ensure that the CI always passes until all errors are resolved.
+        run: "doc-validator ./docs/sources || true"

.github/workflows/publish.yml

@@ -17,7 +17,7 @@ jobs:
     - uses: actions/checkout@v3
     - run: git clone --single-branch --no-tags --depth 1 -b master https://grafanabot:${{ secrets.GH_BOT_ACCESS_TOKEN }}@github.com/grafana/website-sync ./.github/actions/website-sync
     - name: generate-packages-docs
-      uses: actions/setup-node@v3.3.0
+      uses: actions/setup-node@v3.4.0
       id: generate-docs
       with:
         node-version: '16'

.gitignore

@@ -162,7 +162,7 @@ compilation-stats.json
 !pkg/coremodel/**/*_gen.go
 !pkg/framework/**/*_gen.go
 
-# Auto-generated localisation files
+# Auto-generated internationalization files
 public/locales/_build/
 public/locales/**/*.js
 

.linguirc

@@ -1,8 +1,8 @@
 {
   "locales": [
-    "en",
-    "fr",
-    "es",
+    "en-US",
+    "fr-FR",
+    "es-ES",
     "pseudo-LOCALE"
   ],
   "catalogs": [
@@ -20,11 +20,11 @@
     }
   ],
   "fallbackLocales": {
-    "pseudo-LOCALE": "en",
-    "default": "en"
+    "pseudo-LOCALE": "en-US",
+    "default": "en-US"
   },
   "pseudoLocale": "pseudo-LOCALE",
-  "sourceLocale": "en",
+  "sourceLocale": "en-US",
   "format": "po",
   "formatOptions": {
     "lineNumbers": false

.pa11yci-pr.conf.js

@@ -3,6 +3,7 @@ var config = {
     concurrency: 1,
     runners: ['axe'],
     useIncognitoBrowserContext: false,
+    standard: 'WCAG2AA',
     chromeLaunchConfig: {
       args: ['--no-sandbox'],
     },
@@ -60,7 +61,7 @@ var config = {
       rootElement: '.main-view',
       // the unified alerting promotion alert's content contrast is too low
       // see https://github.com/grafana/grafana/pull/41829
-      threshold: 5,
+      threshold: 4,
     },
     {
       url: '${HOST}/datasources',
@@ -96,7 +97,7 @@ var config = {
       url: '${HOST}/org/apikeys',
       wait: 500,
       rootElement: '.main-view',
-      threshold: 0,
+      threshold: 3,
     },
     {
       url: '${HOST}/dashboards',

.pa11yci.conf.js

@@ -3,6 +3,7 @@ var config = {
     concurrency: 1,
     runners: ['axe'],
     useIncognitoBrowserContext: false,
+    standard: 'WCAG2AA',
     chromeLaunchConfig: {
       args: ['--no-sandbox'],
     },

.prettierignore

@@ -18,7 +18,7 @@ vendor
 # TS generate from cue by cuetsy
 **/*.gen.ts
 
-# Auto-generated localisation files
+# Auto-generated internationalization files
 public/locales/_build/
 public/locales/**/*.js
 

.yarn/sdks/eslint/package.json

@@ -1,6 +1,6 @@
 {
   "name": "eslint",
-  "version": "8.17.0-sdk",
+  "version": "8.20.0-sdk",
   "main": "./lib/api.js",
   "type": "commonjs"
 }

.yarn/sdks/integrations.yml

@@ -2,5 +2,5 @@
 # Manual changes might be lost!
 
 integrations:
-  - vscode
   - vim
+  - vscode

.yarn/sdks/prettier/package.json

@@ -1,6 +1,6 @@
 {
   "name": "prettier",
-  "version": "2.6.2-sdk",
+  "version": "2.7.1-sdk",
   "main": "./index.js",
   "type": "commonjs"
 }

.yarn/sdks/typescript/package.json

@@ -1,6 +1,6 @@
 {
   "name": "typescript",
-  "version": "4.6.4-sdk",
+  "version": "4.7.4-sdk",
   "main": "./lib/typescript.js",
   "type": "commonjs"
 }

.yarnrc.yml

@@ -81,4 +81,4 @@ plugins:
   - path: .yarn/plugins/@yarnpkg/plugin-outdated.cjs
     spec: "https://mskelton.dev/yarn-outdated/v2"
 
-yarnPath: .yarn/releases/yarn-3.2.1.cjs
+yarnPath: .yarn/releases/yarn-3.2.2.cjs

CHANGELOG.md

@@ -1,3 +1,344 @@
+<!-- 9.1.0-beta1 START -->
+
+# 9.1.0-beta1 (unreleased)
+
+### Features and enhancements
+
+- **API:** Migrate CSRF to service and support additional options. [#48120](https://github.com/grafana/grafana/pull/48120), [@sakjur](https://github.com/sakjur)
+- **API:** Move swagger definitions to the handlers and rename operations after them. [#52643](https://github.com/grafana/grafana/pull/52643), [@papagian](https://github.com/papagian)
+- **Access Control:** Allow org admins to invite new users. [#52894](https://github.com/grafana/grafana/pull/52894), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **AccessControl:** Check dashboards permission for reports. (Enterprise)
+- **Alerting:** Add config disabled_labels to disable reserved labels. [#51832](https://github.com/grafana/grafana/pull/51832), [@JacobsonMT](https://github.com/JacobsonMT)
+- **Alerting:** Add custom templated title to Wecom notifier. [#51529](https://github.com/grafana/grafana/pull/51529), [@dingweiqings](https://github.com/dingweiqings)
+- **Alerting:** Add file provisioning for alert rules. [#51635](https://github.com/grafana/grafana/pull/51635), [@JohnnyQQQQ](https://github.com/JohnnyQQQQ)
+- **Alerting:** Add file provisioning for contact points. [#51924](https://github.com/grafana/grafana/pull/51924), [@JohnnyQQQQ](https://github.com/JohnnyQQQQ)
+- **Alerting:** Add file provisioning for mute timings. [#52936](https://github.com/grafana/grafana/pull/52936), [@JohnnyQQQQ](https://github.com/JohnnyQQQQ)
+- **Alerting:** Add file provisioning for notification policies. [#52877](https://github.com/grafana/grafana/pull/52877), [@JohnnyQQQQ](https://github.com/JohnnyQQQQ)
+- **Alerting:** Add file provisioning for text templates. [#52952](https://github.com/grafana/grafana/pull/52952), [@JohnnyQQQQ](https://github.com/JohnnyQQQQ)
+- **Alerting:** Add first Grafana reserved label grafana_folder. [#50262](https://github.com/grafana/grafana/pull/50262), [@JacobsonMT](https://github.com/JacobsonMT)
+- **Alerting:** Add support for images in Kafka alerts. [#50758](https://github.com/grafana/grafana/pull/50758), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Alerting:** Add support for images in VictorOps alerts. [#50759](https://github.com/grafana/grafana/pull/50759), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Alerting:** Adds contact point template syntax highlighting. [#51559](https://github.com/grafana/grafana/pull/51559), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Adds visual tokens for templates. [#51376](https://github.com/grafana/grafana/pull/51376), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Alert rules pagination. [#50612](https://github.com/grafana/grafana/pull/50612), [@konrad147](https://github.com/konrad147)
+- **Alerting:** Change **alertScreenshotToken** to **alertImageToken**. [#50771](https://github.com/grafana/grafana/pull/50771), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Alerting:** Configure alert manager data source as an external AM. [#52081](https://github.com/grafana/grafana/pull/52081), [@konrad147](https://github.com/konrad147)
+- **Alerting:** Do not include button in googlechat notification if URL invalid. [#47317](https://github.com/grafana/grafana/pull/47317), [@j6s](https://github.com/j6s)
+- **Alerting:** Group alert state history by labels and allow filtering. [#52784](https://github.com/grafana/grafana/pull/52784), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Make ticker to tick at predictable time. [#50197](https://github.com/grafana/grafana/pull/50197), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Persist rule position in the group. [#50051](https://github.com/grafana/grafana/pull/50051), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Prevent evaluation if "for" shorter than "evaluate". [#51797](https://github.com/grafana/grafana/pull/51797), [@peterholmberg](https://github.com/peterholmberg)
+- **Alerting:** Provisioning UI. [#50776](https://github.com/grafana/grafana/pull/50776), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Rule api to fail update if provisioned rules are affected. [#50835](https://github.com/grafana/grafana/pull/50835), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Scheduler to drop ticks if a rule's evaluation is too slow. [#48885](https://github.com/grafana/grafana/pull/48885), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Show evaluation interval global limit warning. [#52942](https://github.com/grafana/grafana/pull/52942), [@konrad147](https://github.com/konrad147)
+- **Alerting:** State manager to use tick time to determine stale states. [#50991](https://github.com/grafana/grafana/pull/50991), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Support for optimistic locking for alert rules. [#50274](https://github.com/grafana/grafana/pull/50274), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Update RBAC for alert rules to consider access to rule as access to group it belongs. [#49033](https://github.com/grafana/grafana/pull/49033), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Update default route groupBy to [grafana_folder, alertname]. [#50052](https://github.com/grafana/grafana/pull/50052), [@JacobsonMT](https://github.com/JacobsonMT)
+- **Alertmanager:** Adding SigV4 Authentication to Alertmanager Datasource. [#49718](https://github.com/grafana/grafana/pull/49718), [@lewinkedrs](https://github.com/lewinkedrs)
+- **Analytics:** Save all view time dates as UTC. (Enterprise)
+- **Annotations:** Migrate dashboardId to dashboardUID. [#52588](https://github.com/grafana/grafana/pull/52588), [@lpskdl](https://github.com/lpskdl)
+- **Auditing:** Allow users to have more verbose logs. (Enterprise)
+- **Auth:** Add lookup params for saml and LDAP sync. (Enterprise)
+- **Auth:** Add option for case insensitive login. [#49262](https://github.com/grafana/grafana/pull/49262), [@Jguer](https://github.com/Jguer)
+- **Auth:** Case insensitive ids duplicate usagestats. [#50724](https://github.com/grafana/grafana/pull/50724), [@eleijonmarck](https://github.com/eleijonmarck)
+- **Auth:** Implement Token URL Auth. [#52578](https://github.com/grafana/grafana/pull/52578), [@Jguer](https://github.com/Jguer)
+- **Auth:** Implement Token URL JWT Auth. [#52662](https://github.com/grafana/grafana/pull/52662), [@Jguer](https://github.com/Jguer)
+- **Auth:** Lockdown non-editables in frontend when external auth is configured. [#52160](https://github.com/grafana/grafana/pull/52160), [@Jguer](https://github.com/Jguer)
+- **Azure Monitor:** Add new dashboard with geo map for app insights test availability. [#52494](https://github.com/grafana/grafana/pull/52494), [@jcolladokuri](https://github.com/jcolladokuri)
+- **Azure Monitor:** New template variable editor. [#52594](https://github.com/grafana/grafana/pull/52594), [@andresmgot](https://github.com/andresmgot)
+- **Azure Monitor:** Restore Metrics query parameters: subscription, resourceGroup, metricNamespace and resourceName. [#52897](https://github.com/grafana/grafana/pull/52897), [@andresmgot](https://github.com/andresmgot)
+- **Chore:** Add dashboard UID as query parameter of Get annotation endpoint. [#52764](https://github.com/grafana/grafana/pull/52764), [@ying-jeanne](https://github.com/ying-jeanne)
+- **Chore:** Remove jest-coverage-badges dep from toolkit. [#49883](https://github.com/grafana/grafana/pull/49883), [@zoltanbedi](https://github.com/zoltanbedi)
+- **Chore:** Rename dashboardUID to dashboardUIDs in search endpoint and up…. [#52766](https://github.com/grafana/grafana/pull/52766), [@ying-jeanne](https://github.com/ying-jeanne)
+- **CloudWatch:** Add default log groups to config page. [#49286](https://github.com/grafana/grafana/pull/49286), [@iwysiu](https://github.com/iwysiu)
+- **CommandPalette:** Populate dashboard search when the palette is opened. [#51293](https://github.com/grafana/grafana/pull/51293), [@ryantxu](https://github.com/ryantxu)
+- **Core Plugins:** Add support for HTTP logger. [#46578](https://github.com/grafana/grafana/pull/46578), [@toddtreece](https://github.com/toddtreece)
+- **Correlations:** Add CreateCorrelation HTTP API. [#51630](https://github.com/grafana/grafana/pull/51630), [@Elfo404](https://github.com/Elfo404)
+- **Correlations:** Add DeleteCorrelation HTTP API. [#51801](https://github.com/grafana/grafana/pull/51801), [@Elfo404](https://github.com/Elfo404)
+- **Custom branding:** Add UI for setting configuration. (Enterprise)
+- **Custom branding:** Add custom branding service (early access). (Enterprise)
+- **Data Connections:** Create a new top-level page. [#50018](https://github.com/grafana/grafana/pull/50018), [@leventebalogh](https://github.com/leventebalogh)
+- **DataSource:** Allow data source plugins to set query default values. [#49581](https://github.com/grafana/grafana/pull/49581), [@sunker](https://github.com/sunker)
+- **Docs:** CSRF add configuration options and documentation for additional headers and origins. [#50473](https://github.com/grafana/grafana/pull/50473), [@eleijonmarck](https://github.com/eleijonmarck)
+- **Elasticsearch:** Added `modifyQuery` method to add filters in Explore. [#52313](https://github.com/grafana/grafana/pull/52313), [@svennergr](https://github.com/svennergr)
+- **Explore:** Add ability to include tags in trace to metrics queries. [#49433](https://github.com/grafana/grafana/pull/49433), [@connorlindsey](https://github.com/connorlindsey)
+- **Explore:** Download and upload service graphs for Tempo. [#50260](https://github.com/grafana/grafana/pull/50260), [@connorlindsey](https://github.com/connorlindsey)
+- **Explore:** Make service graph visualization use available vertical space. [#50518](https://github.com/grafana/grafana/pull/50518), [@connorlindsey](https://github.com/connorlindsey)
+- **Explore:** Reset Graph overrides if underlying series changes. [#49680](https://github.com/grafana/grafana/pull/49680), [@Elfo404](https://github.com/Elfo404)
+- **Explore:** Sort trace process attributes alphabetically. [#51261](https://github.com/grafana/grafana/pull/51261), [@connorlindsey](https://github.com/connorlindsey)
+- **Frontend Logging:** Integrate grafana javascript agent. [#50801](https://github.com/grafana/grafana/pull/50801), [@tolzhabayev](https://github.com/tolzhabayev)
+- **Geomap:** Add ability to select a data query filter for each layer. [#49966](https://github.com/grafana/grafana/pull/49966), [@mmandrus](https://github.com/mmandrus)
+- **Geomap:** Route/path visualization. [#43554](https://github.com/grafana/grafana/pull/43554), [@alexanderzobnin](https://github.com/alexanderzobnin)
+- **GeomapPanel:** Add base types to data layer options. [#50053](https://github.com/grafana/grafana/pull/50053), [@drew08t](https://github.com/drew08t)
+- **Graph Panel:** Add feature toggle that will allow automatic migration to timeseries panel. [#50631](https://github.com/grafana/grafana/pull/50631), [@ryantxu](https://github.com/ryantxu)
+- **Graphite:** Introduce new query types in annotation editor. [#52341](https://github.com/grafana/grafana/pull/52341), [@itsmylife](https://github.com/itsmylife)
+- **Infra:** Pass custom headers in resource request. [#51291](https://github.com/grafana/grafana/pull/51291), [@aocenas](https://github.com/aocenas)
+- **Insights:** Add RBAC for insights features. (Enterprise)
+- **Instrumentation:** Add more buckets to the HTTP request histogram. [#51492](https://github.com/grafana/grafana/pull/51492), [@bergquist](https://github.com/bergquist)
+- **Instrumentation:** Collect database connection stats. [#52797](https://github.com/grafana/grafana/pull/52797), [@bergquist](https://github.com/bergquist)
+- **Instrumentation:** Convert some metrics to histograms. [#50420](https://github.com/grafana/grafana/pull/50420), [@SuperQ](https://github.com/SuperQ)
+- **Jaeger:** Add support for variables. [#50500](https://github.com/grafana/grafana/pull/50500), [@joey-grafana](https://github.com/joey-grafana)
+- **LDAP:** Allow specifying LDAP timeout. [#48870](https://github.com/grafana/grafana/pull/48870), [@hannes-256](https://github.com/hannes-256)
+- **LibraryPanels:** Require only viewer permissions to use a Library Panel. [#50241](https://github.com/grafana/grafana/pull/50241), [@joshhunt](https://github.com/joshhunt)
+- **Licensing:** Usage-based billing reporting enhancements. (Enterprise)
+- **Logs:** Handle clicks on legend labels in histogram. [#49931](https://github.com/grafana/grafana/pull/49931), [@gabor](https://github.com/gabor)
+- **Logs:** Improve the color for unknown log level. [#52711](https://github.com/grafana/grafana/pull/52711), [@gabor](https://github.com/gabor)
+- **Loki/Logs:** Make it possible to copy log values to clipboard. [#50914](https://github.com/grafana/grafana/pull/50914), [@Seyaji](https://github.com/Seyaji)
+- **Loki:** Add hint for pipeline error to query builder. [#52134](https://github.com/grafana/grafana/pull/52134), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Add hints for level-like labels. [#52414](https://github.com/grafana/grafana/pull/52414), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Add support for IP label and line filter in query builder. [#52658](https://github.com/grafana/grafana/pull/52658), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Add unwrap with conversion function to builder. [#52639](https://github.com/grafana/grafana/pull/52639), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Implement hints for query builder. [#51795](https://github.com/grafana/grafana/pull/51795), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Move explain section to builder mode. [#52879](https://github.com/grafana/grafana/pull/52879), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Show label options for unwrap operation. [#52810](https://github.com/grafana/grafana/pull/52810), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Support json parser with expressions in query builder. [#51965](https://github.com/grafana/grafana/pull/51965), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Navigation:** Display `Starred` dashboards in the `Navbar`. [#51038](https://github.com/grafana/grafana/pull/51038), [@ashharrison90](https://github.com/ashharrison90)
+- **Node Graph Panel:** Add options to configure units and arc colors. [#51057](https://github.com/grafana/grafana/pull/51057), [@connorlindsey](https://github.com/connorlindsey)
+- **OAuth:** Allow role mapping from GitHub and GitLab groups. [#52407](https://github.com/grafana/grafana/pull/52407), [@Jguer](https://github.com/Jguer)
+- **Opentsdb:** Add tag values into the opentsdb response. [#48672](https://github.com/grafana/grafana/pull/48672), [@xy-man](https://github.com/xy-man)
+- **OptionsUI:** UnitPicker now supports isClearable setting. [#51064](https://github.com/grafana/grafana/pull/51064), [@ryantxu](https://github.com/ryantxu)
+- **PanelEdit:** Hide multi-/all-select datasource variables in datasource picker. [#52142](https://github.com/grafana/grafana/pull/52142), [@eledobleefe](https://github.com/eledobleefe)
+- **Piechart:** Implements series override -> hide in area for the legend or tooltip. [#51297](https://github.com/grafana/grafana/pull/51297), [@daniellee](https://github.com/daniellee)
+- **Plugin admin:** Add a page to show where panel plugins are used in dashboards. [#50909](https://github.com/grafana/grafana/pull/50909), [@ryantxu](https://github.com/ryantxu)
+- **Plugins:** Add validation for plugin manifest. [#52787](https://github.com/grafana/grafana/pull/52787), [@wbrowne](https://github.com/wbrowne)
+- **Prometheus:** Move explain section to builder mode. [#52935](https://github.com/grafana/grafana/pull/52935), [@itsmylife](https://github.com/itsmylife)
+- **Prometheus:** Support 1ms resolution intervals. [#44707](https://github.com/grafana/grafana/pull/44707), [@dankeder](https://github.com/dankeder)
+- **Prometheus:** Throw error on direct access. [#50162](https://github.com/grafana/grafana/pull/50162), [@aocenas](https://github.com/aocenas)
+- **RBAC:** Add RBAC for query caching. (Enterprise)
+- **RBAC:** Add access control metadata to folder dtos. [#51158](https://github.com/grafana/grafana/pull/51158), [@kalleep](https://github.com/kalleep)
+- **RBAC:** Allow app plugins access restriction. [#51524](https://github.com/grafana/grafana/pull/51524), [@gamab](https://github.com/gamab)
+- **RBAC:** Rename alerting roles to match naming convention. [#50504](https://github.com/grafana/grafana/pull/50504), [@gamab](https://github.com/gamab)
+- **Report:** Calculate grid height unit dynamically instead use hardcode values. (Enterprise)
+- **Reports:** Add created column in report_dashboards. (Enterprise)
+- **Reports:** Add dashboard title in all pdf pages. (Enterprise)
+- **Reports:** Allow saving draft reports. (Enterprise)
+- **Reports:** Multiple dashboards improvements. (Enterprise)
+- **SAML :** Support Azure Single Sign Out. (Enterprise)
+- **SAML:** Add NameIDFormat in SP metadata. (Enterprise)
+- **SAML:** Improve debug logs for saml logout. (Enterprise)
+- **SSE:** Add noData type. [#51973](https://github.com/grafana/grafana/pull/51973), [@kylebrandt](https://github.com/kylebrandt)
+- **Search:** Filter punctuation and tokenize camel case. [#51165](https://github.com/grafana/grafana/pull/51165), [@FZambia](https://github.com/FZambia)
+- **Search:** Sync state on read for HA consistency. [#50152](https://github.com/grafana/grafana/pull/50152), [@FZambia](https://github.com/FZambia)
+- **Security:** Choose Lookup params per auth module (CVE-2022-31107). [#52312](https://github.com/grafana/grafana/pull/52312), [@Jguer](https://github.com/Jguer)
+- **Service Accounts:** Managed permissions for service accounts. [#51818](https://github.com/grafana/grafana/pull/51818), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **Service accounts:** Grafana service accounts are enabled by default. [#51402](https://github.com/grafana/grafana/pull/51402), [@vtorosyan](https://github.com/vtorosyan)
+- **ServiceAccounts:** Add Prometheus metrics service. [#51831](https://github.com/grafana/grafana/pull/51831), [@Jguer](https://github.com/Jguer)
+- **ServiceAccounts:** Add Service Account Token last used at date. [#51446](https://github.com/grafana/grafana/pull/51446), [@Jguer](https://github.com/Jguer)
+- **SharePDF:** Use currently selected variables and time range when generating PDF. (Enterprise)
+- **Slider:** Enforce numeric constraints and styling within the text input. [#50905](https://github.com/grafana/grafana/pull/50905), [@drew08t](https://github.com/drew08t)
+- **State Timeline:** Enable support for annotations. [#47887](https://github.com/grafana/grafana/pull/47887), [@dprokop](https://github.com/dprokop)
+- **Table panel:** Add multiple data links support to Default, Image and JSONView cells. [#51162](https://github.com/grafana/grafana/pull/51162), [@dprokop](https://github.com/dprokop)
+- **TeamSync:** Remove LDAP specific example from team sync. [#51368](https://github.com/grafana/grafana/pull/51368), [@Jguer](https://github.com/Jguer)
+- **TeamSync:** Support case insensitive matches and wildcard groups. (Enterprise)
+- **Tempo:** Add context menu to edges. [#52396](https://github.com/grafana/grafana/pull/52396), [@joey-grafana](https://github.com/joey-grafana)
+- **Tempo:** Consider tempo search out of beta and remove beta badge and feature flags. [#50030](https://github.com/grafana/grafana/pull/50030), [@connorlindsey](https://github.com/connorlindsey)
+- **Tempo:** Tempo/Prometheus links select ds in new tab (cmd + click). [#52319](https://github.com/grafana/grafana/pull/52319), [@joey-grafana](https://github.com/joey-grafana)
+- **Time series panel:** Hide axis when series is hidden from the visualization. [#51432](https://github.com/grafana/grafana/pull/51432), [@dprokop](https://github.com/dprokop)
+- **TimeSeries:** Add option for symmetrical y axes (align 0). [#52555](https://github.com/grafana/grafana/pull/52555), [@leeoniya](https://github.com/leeoniya)
+- **TimeSeries:** Add option to match axis color to series color. [#51437](https://github.com/grafana/grafana/pull/51437), [@leeoniya](https://github.com/leeoniya)
+- **TimeSeries:** Improved constantY rendering parity with Graph (old). [#51401](https://github.com/grafana/grafana/pull/51401), [@leeoniya](https://github.com/leeoniya)
+- **Timeseries:** Support multiple timezones in x axis. [#52424](https://github.com/grafana/grafana/pull/52424), [@ryantxu](https://github.com/ryantxu)
+- **TopNav:** Adds new feature toggle for upcoming nav. [#51115](https://github.com/grafana/grafana/pull/51115), [@torkelo](https://github.com/torkelo)
+- **Traces:** APM table. [#48654](https://github.com/grafana/grafana/pull/48654), [@joey-grafana](https://github.com/joey-grafana)
+- **Traces:** Add absolute time to span details. [#50685](https://github.com/grafana/grafana/pull/50685), [@joey-grafana](https://github.com/joey-grafana)
+- **Traces:** Add horizontal scroll. [#50278](https://github.com/grafana/grafana/pull/50278), [@joey-grafana](https://github.com/joey-grafana)
+- **Traces:** Consistent span colors for service names. [#50782](https://github.com/grafana/grafana/pull/50782), [@joey-grafana](https://github.com/joey-grafana)
+- **Traces:** Move towards using OTEL naming conventions. [#51379](https://github.com/grafana/grafana/pull/51379), [@joey-grafana](https://github.com/joey-grafana)
+- **Traces:** Span bar label. [#50931](https://github.com/grafana/grafana/pull/50931), [@joey-grafana](https://github.com/joey-grafana)
+- **Transformations:** Add standard deviation and variance reducers. [#52769](https://github.com/grafana/grafana/pull/52769), [@ryantxu](https://github.com/ryantxu)
+- **Transforms:** Add Join by label transformation. [#52670](https://github.com/grafana/grafana/pull/52670), [@ryantxu](https://github.com/ryantxu)
+- **URL:** Encode certain special characters. [#51806](https://github.com/grafana/grafana/pull/51806), [@L-M-K-B](https://github.com/L-M-K-B)
+- **ValueMappings:** Make value mapping row focusable. [#52337](https://github.com/grafana/grafana/pull/52337), [@lpskdl](https://github.com/lpskdl)
+- **Variables:** Add 'jsonwithoutquote' formatting options for variables, and format of variable supports pipeline. [#51859](https://github.com/grafana/grafana/pull/51859), [@MicroOps-cn](https://github.com/MicroOps-cn)
+- **Variables:** Selectively reload panels on URL update. [#51003](https://github.com/grafana/grafana/pull/51003), [@toddtreece](https://github.com/toddtreece)
+- **Various Panels:** Add ability to toggle legend with keyboard shortcut. [#52241](https://github.com/grafana/grafana/pull/52241), [@alyssabull](https://github.com/alyssabull)
+
+### Bug fixes
+
+- **API:** Fix failing test by initialising legacy guardian when creating folder scenario. [#50800](https://github.com/grafana/grafana/pull/50800), [@vicmarbev](https://github.com/vicmarbev)
+- **Access control:** Show dashboard settings to users who can edit dashboard. [#52532](https://github.com/grafana/grafana/pull/52532), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **Alerting:** Fix RegExp matchers in frontend for Silences and other previews. [#51726](https://github.com/grafana/grafana/pull/51726), [@joeblubaugh](https://github.com/joeblubaugh)
+- **Alerting:** Fix rule API to accept 0 duration of field `For`. [#50992](https://github.com/grafana/grafana/pull/50992), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Increase alert rule operation perf by replacing subquery with threshold calculation. [#53069](https://github.com/grafana/grafana/pull/53069), [@alexweav](https://github.com/alexweav)
+- **Barchart Panel:** Fix threshold colors changing when data is refreshed. [#52038](https://github.com/grafana/grafana/pull/52038), [@mingozh](https://github.com/mingozh)
+- **Dashboard:** Fix iteration property change triggering unsaved changes warning. [#51272](https://github.com/grafana/grafana/pull/51272), [@torkelo](https://github.com/torkelo)
+- **Dashboards:** Disable variable pickers for snapshots. [#52827](https://github.com/grafana/grafana/pull/52827), [@joshhunt](https://github.com/joshhunt)
+- **Elasticsearch:** Always use fixed_interval. [#50297](https://github.com/grafana/grafana/pull/50297), [@gabor](https://github.com/gabor)
+- **Geomap:** Fix tooltip offset bug. [#52627](https://github.com/grafana/grafana/pull/52627), [@drew08t](https://github.com/drew08t)
+- **Geomap:** Update with template variable change. [#52007](https://github.com/grafana/grafana/pull/52007), [@drew08t](https://github.com/drew08t)
+- **Loki:** Fix adding of multiple label filters when parser. [#52335](https://github.com/grafana/grafana/pull/52335), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Fix support of ad-hoc filters for specific queries. [#51232](https://github.com/grafana/grafana/pull/51232), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Navigation:** Hide `Dashboards`/`Starred items` from navbar when unauthenticated. [#53051](https://github.com/grafana/grafana/pull/53051), [@ashharrison90](https://github.com/ashharrison90)
+- **PasswordReset:** Enforce password length check on password reset request. [#51005](https://github.com/grafana/grafana/pull/51005), [@asymness](https://github.com/asymness)
+- **Prometheus:** Fix integer overflow in rate interval calculation on 32-bit architectures. [#51508](https://github.com/grafana/grafana/pull/51508), [@andreasgerstmayr](https://github.com/andreasgerstmayr)
+- **Search:** Fix indexing - re-index after initial provisioning. [#50959](https://github.com/grafana/grafana/pull/50959), [@FZambia](https://github.com/FZambia)
+- **Slider:** Fixes styling of marker dots. [#52678](https://github.com/grafana/grafana/pull/52678), [@torkelo](https://github.com/torkelo)
+- **Tracing:** Fix links to traces in Explore. [#50113](https://github.com/grafana/grafana/pull/50113), [@connorlindsey](https://github.com/connorlindsey)
+
+### Breaking changes
+
+Some swagger operations and responses have been renamed to match the respective handler names in order to better highlight their relation.
+If you use the Swagger specification for generating code, you have to re-generate it and make the necessary adjustments. Issue [#52643](https://github.com/grafana/grafana/issues/52643)
+
+The following metrics have been converted to histograms:
+
+- grafana_datasource_request_total
+- grafana_datasource_request_duration_seconds
+- grafana_datasource_response_size_bytes
+- grafana_datasource_request_in_flight
+- grafana_plugin_request_duration_milliseconds
+- grafana_alerting_rule_evaluation_duration_seconds Issue [#50420](https://github.com/grafana/grafana/issues/50420)
+
+In Elasticsearch versions 7.x, to specify the interval-value we used the `interval` property. In Grafana 9.1.0 we switched to use the `fixed_interval` property. This makes it to be the same as in Elasticsearch versions 8.x, also this provides a more consistent experience, `fixed_interval` is a better match to Grafana's time invervals. For most situations this will not cause any visible change to query results. Issue [#50297](https://github.com/grafana/grafana/issues/50297)
+
+### Grafana now reserves alert labels prefixed with `grafana_`
+
+Labels prefixed with `grafana_` are reserved by Grafana for special use. If a manually configured label is added beginning with `grafana_` it may be overwritten in case of collision.
+
+The current list of labels created by Grafana and available for use anywhere manually configured labels are:
+
+| Label          | Description                               |
+| -------------- | ----------------------------------------- | --------------------------------------------------------------- |
+| grafana_folder | Title of the folder containing the alert. | Issue [#50262](https://github.com/grafana/grafana/issues/50262) |
+
+In Prometheus, browser access mode was deprecated in Grafana 7.4.0 and removed in 9.0.0. If you used this mode, please switch to server access mode on the datasource configuration page. Issue [#50162](https://github.com/grafana/grafana/issues/50162)
+
+### Plugin development fixes & changes
+
+- **Dropdown:** New dropdown component. [#52684](https://github.com/grafana/grafana/pull/52684), [@torkelo](https://github.com/torkelo)
+- **Grafana/UI:** Add ColorPickerInput component. [#52222](https://github.com/grafana/grafana/pull/52222), [@Clarity-89](https://github.com/Clarity-89)
+- **Plugins:** Validate root URLs when signing private plugins via grafana-toolkit. [#51968](https://github.com/grafana/grafana/pull/51968), [@wbrowne](https://github.com/wbrowne)
+
+<!-- 9.1.0-beta1 END -->
+<!-- 9.0.6 START -->
+
+# 9.0.6 (2022-08-01)
+
+### Features and enhancements
+
+- **Access Control:** Allow org admins to invite new users to their organization. [#52904](https://github.com/grafana/grafana/pull/52904), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+
+### Bug fixes
+
+- **Grafana/toolkit:** Fix incorrect image and font generation for plugin builds. [#52927](https://github.com/grafana/grafana/pull/52927), [@academo](https://github.com/academo)
+- **Prometheus:** Fix adding of multiple values for regex operator. [#52978](https://github.com/grafana/grafana/pull/52978), [@ivanahuckova](https://github.com/ivanahuckova)
+- **UI/Card:** Fix card items always having pointer cursor. [#52809](https://github.com/grafana/grafana/pull/52809), [@gillesdemey](https://github.com/gillesdemey)
+
+<!-- 9.0.6 END -->
+<!-- 9.0.5 START -->
+
+# 9.0.5 (2022-07-26)
+
+### Features and enhancements
+
+- **Access control:** Show dashboard settings to users who can edit dashboard. [#52535](https://github.com/grafana/grafana/pull/52535), [@grafanabot](https://github.com/grafanabot)
+- **Alerting:** Allow the webhook notifier to support a custom Authorization header. [#52515](https://github.com/grafana/grafana/pull/52515), [@gotjosh](https://github.com/gotjosh)
+- **Chore:** Upgrade to Go version 1.17.12. [#52523](https://github.com/grafana/grafana/pull/52523), [@sakjur](https://github.com/sakjur)
+- **Plugins:** Add signature wildcard globbing for dedicated private plugin type. [#52163](https://github.com/grafana/grafana/pull/52163), [@wbrowne](https://github.com/wbrowne)
+- **Prometheus:** Don't show errors from unsuccessful API checks like rules or exemplar checks. [#52193](https://github.com/grafana/grafana/pull/52193), [@darrenjaneczek](https://github.com/darrenjaneczek)
+
+### Bug fixes
+
+- **Access control:** Allow organisation admins to add existing users to org (#51668). [#52553](https://github.com/grafana/grafana/pull/52553), [@vtorosyan](https://github.com/vtorosyan)
+- **Alerting:** Fix alert panel instance-based rules filtering. [#52583](https://github.com/grafana/grafana/pull/52583), [@konrad147](https://github.com/konrad147)
+- **Apps:** Fixes navigation between different app plugin pages. [#52571](https://github.com/grafana/grafana/pull/52571), [@torkelo](https://github.com/torkelo)
+- **Cloudwatch:** Upgrade grafana-aws-sdk to fix auth issue with secret keys. [#52420](https://github.com/grafana/grafana/pull/52420), [@sarahzinger](https://github.com/sarahzinger)
+- **Grafana/toolkit:** Fix incorrect image and font generation for plugin builds. [#52661](https://github.com/grafana/grafana/pull/52661), [@academo](https://github.com/academo)
+- **Loki:** Fix `show context` not working in some occasions. [#52458](https://github.com/grafana/grafana/pull/52458), [@svennergr](https://github.com/svennergr)
+- **RBAC:** Fix permissions on dashboards and folders created by anonymous users. [#52615](https://github.com/grafana/grafana/pull/52615), [@gamab](https://github.com/gamab)
+
+<!-- 9.0.5 END -->
+<!-- 9.0.4 START -->
+
+# 9.0.4 (2022-07-20)
+
+### Features and enhancements
+
+- **Browse/Search:** Make browser back work properly when visiting Browse or search. [#52271](https://github.com/grafana/grafana/pull/52271), [@torkelo](https://github.com/torkelo)
+- **Logs:** Improve getLogRowContext API. [#52130](https://github.com/grafana/grafana/pull/52130), [@gabor](https://github.com/gabor)
+- **Loki:** Improve handling of empty responses. [#52397](https://github.com/grafana/grafana/pull/52397), [@gabor](https://github.com/gabor)
+- **Plugins:** Always validate root URL if specified in signature manfiest. [#52332](https://github.com/grafana/grafana/pull/52332), [@wbrowne](https://github.com/wbrowne)
+- **Preferences:** Get home dashboard from teams. [#52225](https://github.com/grafana/grafana/pull/52225), [@sakjur](https://github.com/sakjur)
+- **SQLStore:** Support Upserting multiple rows. [#52228](https://github.com/grafana/grafana/pull/52228), [@joeblubaugh](https://github.com/joeblubaugh)
+- **Traces:** Add more template variables in Tempo & Zipkin. [#52306](https://github.com/grafana/grafana/pull/52306), [@joey-grafana](https://github.com/joey-grafana)
+- **Traces:** Remove serviceMap feature flag. [#52375](https://github.com/grafana/grafana/pull/52375), [@joey-grafana](https://github.com/joey-grafana)
+
+### Bug fixes
+
+- **Access Control:** Fix missing folder permissions. [#52410](https://github.com/grafana/grafana/pull/52410), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **Access control:** Fix org user removal for OSS users. [#52473](https://github.com/grafana/grafana/pull/52473), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **Alerting:** Fix Slack notification preview. [#50230](https://github.com/grafana/grafana/pull/50230), [@ekrucio](https://github.com/ekrucio)
+- **Alerting:** Fix Slack push notifications. [#52391](https://github.com/grafana/grafana/pull/52391), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Alerting:** Fixes slack push notifications. [#50267](https://github.com/grafana/grafana/pull/50267), [@jgillick](https://github.com/jgillick)
+- **Alerting:** Preserve new-lines from custom email templates in rendered email. [#52253](https://github.com/grafana/grafana/pull/52253), [@alexweav](https://github.com/alexweav)
+- **Insights:** Fix dashboard and data source insights pages. (Enterprise)
+- **Log:** Fix text logging for unsupported types. [#51306](https://github.com/grafana/grafana/pull/51306), [@papagian](https://github.com/papagian)
+- **Loki:** Fix incorrect TopK value type in query builder. [#52226](https://github.com/grafana/grafana/pull/52226), [@ivanahuckova](https://github.com/ivanahuckova)
+
+<!-- 9.0.4 END -->
+<!-- 9.0.3 START -->
+
+# 9.0.3 (2022-07-14)
+
+### Features and enhancements
+
+- **Access Control:** Allow dashboard admins to query org users. [#51652](https://github.com/grafana/grafana/pull/51652), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **Access control:** Allow organisation admins to add existing users to org. [#51668](https://github.com/grafana/grafana/pull/51668), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **Alerting:** Add method to provisioning API for obtaining a group and its rules. [#51761](https://github.com/grafana/grafana/pull/51761), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Add method to provisioning API for obtaining a group and its rules. [#51398](https://github.com/grafana/grafana/pull/51398), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Allow filtering of contact points by name. [#51933](https://github.com/grafana/grafana/pull/51933), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Disable /api/admin/pause-all-alerts with Unified Alerting. [#51895](https://github.com/grafana/grafana/pull/51895), [@joeblubaugh](https://github.com/joeblubaugh)
+- **Analytics:** Add total queries and cached queries in usage insights logs. (Enterprise)
+- **Annotations:** Use point marker for short time range annotations. [#51520](https://github.com/grafana/grafana/pull/51520), [@codeincarnate](https://github.com/codeincarnate)
+- **AzureMonitor:** Update UI to experimental package. [#52123](https://github.com/grafana/grafana/pull/52123), [@asimpson](https://github.com/asimpson)
+- **AzureMonitor:** Update resource and namespace metadata. [#52030](https://github.com/grafana/grafana/pull/52030), [@despian](https://github.com/despian)
+- **CloudWatch:** Remove simplejson in favor of 'encoding/json'. [#51062](https://github.com/grafana/grafana/pull/51062), [@asimpson](https://github.com/asimpson)
+- **DashboardRow:** Collapse shortcut prevent to move the collapsed rows. [#51589](https://github.com/grafana/grafana/pull/51589), [@ivanortegaalba](https://github.com/ivanortegaalba)
+- **Insights:** Add dashboard UID to exported logs. (Enterprise)
+- **Navigation:** Highlight active nav item when Grafana is served from subpath. [#51767](https://github.com/grafana/grafana/pull/51767), [@kianelbo](https://github.com/kianelbo)
+- **Plugins:** InfluxDB datasource - set epoch query param value as "ms". [#51651](https://github.com/grafana/grafana/pull/51651), [@itsmylife](https://github.com/itsmylife)
+- **Plugins:** InfluxDB update time range query. [#51833](https://github.com/grafana/grafana/pull/51833), [@itsmylife](https://github.com/itsmylife)
+- **StateTimeline:** Try to sort time field. [#51569](https://github.com/grafana/grafana/pull/51569), [@zoltanbedi](https://github.com/zoltanbedi)
+
+### Bug fixes
+
+- **API:** Do not validate/save legacy alerts when saving a dashboard if legacy alerting is disabled. [#51883](https://github.com/grafana/grafana/pull/51883), [@papagian](https://github.com/papagian)
+- **Access Control:** Fix missing folder permissions. [#52153](https://github.com/grafana/grafana/pull/52153), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **Alerting:** Add method to reset notification policy tree back to the default. [#51934](https://github.com/grafana/grafana/pull/51934), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Fix Teams notifier not failing on 200 response with error. [#52254](https://github.com/grafana/grafana/pull/52254), [@JacobsonMT](https://github.com/JacobsonMT)
+- **Alerting:** Fix bug where state did not change between Alerting and Error. [#52204](https://github.com/grafana/grafana/pull/52204), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Alerting:** Fix consistency errors in OpenAPI documentation. [#51935](https://github.com/grafana/grafana/pull/51935), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Fix normalization of alert states for panel annotations. [#51637](https://github.com/grafana/grafana/pull/51637), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Provisioning API respects global rule quota. [#52180](https://github.com/grafana/grafana/pull/52180), [@alexweav](https://github.com/alexweav)
+- **CSRF:** Fix additional headers option. [#50629](https://github.com/grafana/grafana/pull/50629), [@sakjur](https://github.com/sakjur)
+- **Chore:** Bump parse-url to 6.0.2 to fix security vulnerabilities. [#51796](https://github.com/grafana/grafana/pull/51796), [@jackw](https://github.com/jackw)
+- **Chore:** Fix CVE-2020-7753. [#51752](https://github.com/grafana/grafana/pull/51752), [@jackw](https://github.com/jackw)
+- **Chore:** Fix CVE-2021-3807. [#51753](https://github.com/grafana/grafana/pull/51753), [@jackw](https://github.com/jackw)
+- **Chore:** Fix CVE-2021-3918. [#51745](https://github.com/grafana/grafana/pull/51745), [@jackw](https://github.com/jackw)
+- **Chore:** Fix CVE-2021-43138. [#51751](https://github.com/grafana/grafana/pull/51751), [@jackw](https://github.com/jackw)
+- **Chore:** Fix CVE-2022-0155. [#51755](https://github.com/grafana/grafana/pull/51755), [@jackw](https://github.com/jackw)
+- **Custom Branding:** Fix login logo size. (Enterprise)
+- **Dashboard:** Fixes tooltip issue with TimePicker and Setting buttons. [#51836](https://github.com/grafana/grafana/pull/51836), [@torkelo](https://github.com/torkelo)
+- **Dashboard:** Prevent unnecessary scrollbar when viewing single panel. [#52122](https://github.com/grafana/grafana/pull/52122), [@lpskdl](https://github.com/lpskdl)
+- **Logs:** Fixed wrapping log lines from detected fields. [#52108](https://github.com/grafana/grafana/pull/52108), [@svennergr](https://github.com/svennergr)
+- **Loki:** Add missing operators in label filter expression. [#51880](https://github.com/grafana/grafana/pull/51880), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Fix error when changing operations with different parameters. [#51779](https://github.com/grafana/grafana/pull/51779), [@svennergr](https://github.com/svennergr)
+- **Loki:** Fix suggesting of correct operations in query builder. [#52034](https://github.com/grafana/grafana/pull/52034), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Plugins:** InfluxDB variable interpolation fix. [#51917](https://github.com/grafana/grafana/pull/51917), [@itsmylife](https://github.com/itsmylife)
+- **Plugins:** InfluxDB variable interpolation fix for influxdbBackendMigration feature flag. [#51624](https://github.com/grafana/grafana/pull/51624), [@itsmylife](https://github.com/itsmylife)
+- **Reports:** Fix line breaks in message. (Enterprise)
+- **Reports:** Fix saving report formats. (Enterprise)
+- **SQLstore:** Fix fetching an inexistent playlist. [#51962](https://github.com/grafana/grafana/pull/51962), [@papagian](https://github.com/papagian)
+- **Security:** Fixes for CVE-2022-31107 and CVE-2022-31097. [#52279](https://github.com/grafana/grafana/pull/52279), [@kminehart](https://github.com/kminehart)
+- **Snapshots:** Fix deleting external snapshots when using RBAC. [#51897](https://github.com/grafana/grafana/pull/51897), [@idafurjes](https://github.com/idafurjes)
+- **Table:** Fix scrollbar being hidden by pagination. [#51501](https://github.com/grafana/grafana/pull/51501), [@zoltanbedi](https://github.com/zoltanbedi)
+- **Templating:** Changing between variables with the same name now correctly triggers a dashboard refresh. [#51490](https://github.com/grafana/grafana/pull/51490), [@ashharrison90](https://github.com/ashharrison90)
+- **Time series panel:** Fix an issue with stacks being not complete due to the incorrect data frame length. [#51910](https://github.com/grafana/grafana/pull/51910), [@dprokop](https://github.com/dprokop)
+- **[v9.0.x] Snapshots:** Fix deleting external snapshots when using RBAC (#51897). [#51904](https://github.com/grafana/grafana/pull/51904), [@idafurjes](https://github.com/idafurjes)
+
+<!-- 9.0.3 END -->
 <!-- 9.0.2 START -->
 
 # 9.0.2 (2022-06-28)
@@ -576,6 +917,16 @@ In the Loki data source, for consistency and performance reasons, we changed how
 
 The dependency to [grafana/aws-sdk](https://github.com/grafana/grafana-aws-sdk-react) is moved from [grafana/ui](https://github.com/grafana/grafana/blob/main/packages/grafana-ui/package.json) to the plugin. This means that any plugin that use SIGV4 auth need to pass a SIGV4 editor component as a prop to the `DataSourceHttpSettings` component. Issue [#43559](https://github.com/grafana/grafana/issues/43559)
 
+<!-- 8.5.9 START -->
+
+# 8.5.9 (2022-07-14)
+
+### Bug fixes
+
+- **Security:** Fixes for CVE-2022-31107 and CVE-2022-31097. [#52238](https://github.com/grafana/grafana/pull/52238), [@xlson](https://github.com/xlson)
+
+<!-- 8.5.9 END -->
+
 <!-- 8.5.6 START -->
 
 # 8.5.6 (2022-06-14)
@@ -816,6 +1167,16 @@ When user is using Github OAuth, GitHub login is showed as both Grafana login an
 
 The meaning of the default data source has now changed from being a persisted property in a panel. Before when you selected the default data source for a panel and later changed the default data source to another data source it would change all panels who were configured to use the default data source. From now on the default data source is just the default for new panels and changing the default will not impact any currently saved dashboards. Issue [#45132](https://github.com/grafana/grafana/issues/45132)
 
+<!-- 8.4.10 START -->
+
+# 8.4.10 (2022-07-14)
+
+### Bug fixes
+
+- **Security:** Fixes for CVE-2022-31107 and CVE-2022-31097. [#52218](https://github.com/grafana/grafana/pull/52218), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+
+<!-- 8.4.10 END -->
+
 <!-- 8.4.7 START -->
 
 # 8.4.7 (2022-04-19)

Dockerfile

@@ -20,14 +20,13 @@ COPY emails emails
 ENV NODE_ENV production
 RUN yarn build
 
-FROM golang:1.17.11-alpine3.15 as go-builder
+FROM golang:1.17.12-alpine3.15 as go-builder
 
 RUN apk add --no-cache gcc g++ make
 
 WORKDIR /grafana
 
 COPY go.mod go.sum embed.go Makefile build.go package.json ./
-COPY cue cue
 COPY packages/grafana-schema packages/grafana-schema
 COPY public/app/plugins public/app/plugins
 COPY public/api-spec.json public/api-spec.json
@@ -40,7 +39,7 @@ RUN go mod verify
 RUN make build-go
 
 # Final stage
-FROM alpine:3.15
+FROM alpine:3.15.6
 
 LABEL maintainer="Grafana team <hello@grafana.com>"
 
@@ -76,6 +75,7 @@ RUN export GF_GID_NAME=$(getent group $GF_GID | cut -d':' -f1) && \
   "$GF_PATHS_PROVISIONING/notifiers" \
   "$GF_PATHS_PROVISIONING/plugins" \
   "$GF_PATHS_PROVISIONING/access-control" \
+  "$GF_PATHS_PROVISIONING/alerting" \
   "$GF_PATHS_LOGS" \
   "$GF_PATHS_PLUGINS" \
   "$GF_PATHS_DATA" && \

Dockerfile.ubuntu

@@ -21,7 +21,7 @@ COPY emails emails
 ENV NODE_ENV production
 RUN yarn build
 
-FROM golang:1.17.11 AS go-builder
+FROM golang:1.17.12 AS go-builder
 
 WORKDIR /src/grafana
 
@@ -29,7 +29,6 @@ COPY go.mod go.sum embed.go ./
 COPY Makefile build.go package.json ./
 COPY .bingo .bingo
 COPY pkg pkg/
-COPY cue cue/
 COPY cue.mod cue.mod/
 COPY packages/grafana-schema packages/grafana-schema/
 COPY public/app/plugins public/app/plugins/
@@ -69,6 +68,7 @@ RUN mkdir -p "$GF_PATHS_HOME/.aws" && \
              "$GF_PATHS_PROVISIONING/notifiers" \
              "$GF_PATHS_PROVISIONING/plugins" \
              "$GF_PATHS_PROVISIONING/access-control" \
+             "$GF_PATHS_PROVISIONING/alerting" \
              "$GF_PATHS_LOGS" \
              "$GF_PATHS_PLUGINS" \
              "$GF_PATHS_DATA" && \

Makefile

@@ -12,7 +12,6 @@ include .bingo/Variables.mk
 GO = go
 GO_FILES ?= ./pkg/...
 SH_FILES ?= $(shell find ./scripts -name *.sh)
-API_DEFINITION_FILES = $(shell find ./pkg/api/docs/definitions -name '*.go' -print)
 GO_BUILD_FLAGS += $(if $(GO_BUILD_DEV),-dev)
 GO_BUILD_FLAGS += $(if $(GO_BUILD_TAGS),-build-tags=$(GO_BUILD_TAGS))
 
@@ -39,14 +38,15 @@ NGALERT_SPEC_TARGET = pkg/services/ngalert/api/tooling/api.json
 $(NGALERT_SPEC_TARGET):
 	+$(MAKE) -C pkg/services/ngalert/api/tooling api.json
 
-$(MERGED_SPEC_TARGET): $(SPEC_TARGET) $(NGALERT_SPEC_TARGET) ## Merge generated and ngalert API specs
-	go run pkg/api/docs/merge/merge_specs.go -o=$(MERGED_SPEC_TARGET) $(<) $(NGALERT_SPEC_TARGET)
+$(MERGED_SPEC_TARGET): $(SPEC_TARGET) $(NGALERT_SPEC_TARGET) $(SWAGGER) ## Merge generated and ngalert API specs
+	# known conflicts DsPermissionType, AddApiKeyCommand, Json, Duration (identical models referenced by both specs)
+	$(SWAGGER) mixin $(SPEC_TARGET) $(NGALERT_SPEC_TARGET) --ignore-conflicts -o $(MERGED_SPEC_TARGET)
 
---swagger-api-spec: $(API_DEFINITION_FILES) $(SWAGGER) ## Generate API Swagger specification
+--swagger-api-spec: $(SWAGGER) ## Generate API Swagger specification
 	SWAGGER_GENERATE_EXTENSION=false $(SWAGGER) generate spec -m -w pkg/server -o public/api-spec.json \
 	-x "github.com/grafana/grafana/pkg/services/ngalert/api/tooling/definitions" \
 	-x "github.com/prometheus/alertmanager" \
-	-i pkg/api/docs/tags.json
+	-i pkg/api/swagger_tags.json
 
 swagger-api-spec: gen-go --swagger-api-spec $(MERGED_SPEC_TARGET) validate-api-spec
 
@@ -94,9 +94,30 @@ run-frontend: deps-js ## Fetch js dependencies and watch frontend for rebuild
 
 ##@ Testing
 
-test-go: ## Run tests for backend.
-	@echo "test backend"
-	$(GO) test -v ./pkg/...
+.PHONY: test-go
+test-go: test-go-unit test-go-integration
+
+.PHONY: test-go-unit
+test-go-unit: ## Run unit tests for backend with flags.
+	@echo "test backend unit tests"
+	$(GO) test -short -covermode=atomic -timeout=30m ./pkg/...
+
+.PHONY: test-go-integration
+test-go-integration: ## Run integration tests for backend with flags.
+	@echo "test backend integration tests"
+	$(GO) test -run Integration -covermode=atomic -timeout=30m ./pkg/...
+
+.PHONY: test-go-integration-postgres
+test-go-integration-postgres: devenv-postgres ## Run integration tests for postgres backend with flags.
+	@echo "test backend integration postgres tests"
+	$(GO) clean -testcache
+	$(GO) list './pkg/...' | xargs -I {} sh -c 'GRAFANA_TEST_DB=postgres go test -run Integration -covermode=atomic -timeout=30m {}'
+
+.PHONY: test-go-integration-mysql
+test-go-integration-mysql: devenv-mysql ## Run integration tests for mysql backend with flags.
+	@echo "test backend integration mysql tests"
+	$(GO) clean -testcache
+	$(GO) list './pkg/...' | xargs -I {} sh -c 'GRAFANA_TEST_DB=mysql go test -run Integration -covermode=atomic -timeout=30m {}'
 
 test-js: ## Run tests for frontend.
 	@echo "test frontend"
@@ -153,6 +174,14 @@ devenv-down: ## Stop optional services.
 	test -f docker-compose.yaml && \
 	docker-compose down || exit 0;
 
+devenv-postgres:
+	@cd devenv; \
+	sources=postgres_tests
+
+devenv-mysql:
+	@cd devenv; \
+	sources=mysql_tests
+
 ##@ Helpers
 
 # We separate the protobuf generation because most development tasks on

conf/defaults.ini

@@ -125,7 +125,7 @@ path = grafana.db
 # For "sqlite3" only. cache mode setting used for connecting to the database
 cache_mode = private
 
-# For "mysql" only if lockingMigration feature toggle is set. How many seconds to wait before failing to lock the database for the migrations, default is 0.
+# For "mysql" only if migrationLocking feature toggle is set. How many seconds to wait before failing to lock the database for the migrations, default is 0.
 locking_attempt_timeout_sec = 0
 
 #################################### Cache server #############################
@@ -440,6 +440,9 @@ sigv4_auth_enabled = false
 # Set to true to enable verbose logging of SigV4 request signing
 sigv4_verbose_logging = false
 
+# Set to true to enable Azure authentication option for HTTP-based datasources
+azure_auth_enabled = false
+
 #################################### Anonymous Auth ######################
 [auth.anonymous]
 # enable anonymous access
@@ -467,6 +470,8 @@ api_url = https://api.github.com/user
 allowed_domains =
 team_ids =
 allowed_organizations =
+role_attribute_path =
+role_attribute_strict = false
 
 #################################### GitLab Auth #########################
 [auth.gitlab]
@@ -576,7 +581,7 @@ tls_client_cert =
 tls_client_key =
 tls_client_ca =
 use_pkce = false
-auth_style = 
+auth_style =
 
 #################################### Basic Auth ##########################
 [auth.basic]
@@ -597,6 +602,7 @@ enable_login_token = false
 #################################### Auth JWT ##########################
 [auth.jwt]
 enabled = false
+enable_login_token = false
 header_name =
 email_claim =
 username_claim =
@@ -649,7 +655,6 @@ managed_identity_client_id =
 
 #################################### Role-based Access Control ###########
 [rbac]
-enabled = true
 # If enabled, cache permissions in a in memory cache (Enterprise only)
 permission_cache = true
 
@@ -762,7 +767,7 @@ instrumentations_console_enabled = false
 instrumentations_webvitals_enabled = false
 
 # Api Key, only applies to Grafana Javascript Agent provider
-api_key = 
+api_key =
 
 #################################### Usage Quotas ########################
 [quota]
@@ -805,6 +810,9 @@ global_session = -1
 # global limit of alerts
 global_alert_rule = -1
 
+# global limit of files uploaded to the SQL DB
+global_file = 1000
+
 #################################### Unified Alerting ####################
 [unified_alerting]
 # Enable the Unified Alerting sub-system and interface. When enabled we'll migrate all of your alert rules and notification channels to the new system. New alert rules will be created and your notification channels will be converted into an Alertmanager configuration. Previous data is preserved to enable backwards compatibility but new data is removed when switching. When this configuration section and flag are not defined, the state is defined at runtime. See the documentation for more details.
@@ -861,8 +869,8 @@ max_attempts = 3
 min_interval = 10s
 
 [unified_alerting.screenshots]
-# Enable screenshots in notifications. This option requires a remote HTTP image rendering service. Please
-# see [rendering] for further configuration options.
+# Enable screenshots in notifications. This option requires the Grafana Image Renderer plugin.
+# For more information on configuration options, refer to [rendering].
 capture = false
 
 # The maximum number of screenshots that can be taken at the same time. This option is different from
@@ -876,6 +884,11 @@ max_concurrent_screenshots = 5
 # screenshots will be persisted to disk for up to temp_data_lifetime.
 upload_external_image_storage = false
 
+[unified_alerting.reserved_labels]
+# Comma-separated list of reserved labels added by the Grafana Alerting engine that should be disabled.
+# For example: `disabled_labels=grafana_folder`
+disabled_labels =
+
 #################################### Alerting ############################
 [alerting]
 # Enable the legacy alerting sub-system and interface. If Unified Alerting is already enabled and you try to go back to legacy alerting, all data that is part of Unified Alerting will be deleted. When this configuration section and flag are not defined, the state is defined at runtime. See the documentation for more details.
@@ -1255,3 +1268,10 @@ max_crawl_duration =
 # Minimum interval between two subsequent scheduler runs. Default is 12h.
 # This setting should be expressed as a duration. Examples: 10s (seconds), 1m (minutes).
 scheduler_interval =
+
+
+#################################### Storage ################################################
+
+[storage]
+# Allow uploading SVG files without sanitization.
+allow_unsanitized_svg_upload = false

conf/ldap.toml

@@ -25,6 +25,9 @@ bind_dn = "cn=admin,dc=grafana,dc=org"
 # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
 bind_password = 'grafana'
 
+# Timeout in seconds (applies to each host specified in the 'host' entry (space separated))
+timeout = 10
+
 # User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
 search_filter = "(cn=%s)"
 

conf/sample.ini

@@ -126,7 +126,7 @@
 # For "sqlite3" only. cache mode setting used for connecting to the database. (private, shared)
 ;cache_mode = private
 
-# For "mysql" only if lockingMigration feature toggle is set. How many seconds to wait before failing to lock the database for the migrations, default is 0.
+# For "mysql" only if migrationLocking feature toggle is set. How many seconds to wait before failing to lock the database for the migrations, default is 0.
 ;locking_attempt_timeout_sec = 0
 
 ################################### Data sources #########################
@@ -440,6 +440,9 @@
 # Set to true to enable verbose logging of SigV4 request signing
 ;sigv4_verbose_logging = false
 
+# Set to true to enable Azure authentication option for HTTP-based datasources.
+;azure_auth_enabled = false
+
 #################################### Anonymous Auth ######################
 [auth.anonymous]
 # enable anonymous access
@@ -635,8 +638,6 @@
 
 #################################### Role-based Access Control ###########
 [rbac]
-;enabled = true
-# If enabled, cache permissions in a in memory cache (Enterprise only)
 ;permission_cache = true
 #################################### SMTP / Emailing ##########################
 [smtp]
@@ -847,6 +848,11 @@
 # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
 ;min_interval = 10s
 
+[unified_alerting.reserved_labels]
+# Comma-separated list of reserved labels added by the Grafana Alerting engine that should be disabled.
+# For example: `disabled_labels=grafana_folder`
+;disabled_labels =
+
 #################################### Alerting ############################
 [alerting]
 # Disable legacy alerting engine & UI features

contribute/internationalization.md

@@ -1,4 +1,4 @@
-# Localisation
+# Internationalization
 
 Grafana uses the [LinguiJS](https://github.com/lingui/js-lingui) framework for managing translating phrases in the Grafana frontend.
 
@@ -59,7 +59,7 @@ For components used all over the site, use just two segments:
 
 ### Top-level provider
 
-In [AppWrapper.tsx](/public/app/AppWrapper.tsx) the app is wrapped with `I18nProvider` from `public/app/core/localisation.tsx` where the Lingui instance is created with the user's preferred locale. This sets the appropriate context and allows any component from `@lingui/macro` to use the translations for the user's preferred locale.
+In [AppWrapper.tsx](/public/app/AppWrapper.tsx) the app is wrapped with `I18nProvider` from `public/app/core/internationalization/index.tsx` where the Lingui instance is created with the user's preferred locale. This sets the appropriate context and allows any component from `@lingui/macro` to use the translations for the user's preferred locale.
 
 ### Message format
 
@@ -191,4 +191,4 @@ import { Plural } from "@lingui/macro"
 
 ## Documentation
 
-[Grafana's documentation](https://grafana.com/docs/grafana/latest/) is not yet open for translation and should be authored in English only.
+[Grafana's documentation](https://grafana.com/docs/grafana/latest/) is not yet open for translation and should be authored in American English only.

contribute/style-guides/e2e.md

@@ -26,10 +26,10 @@ Let's start with a simple [JSX](https://reactjs.org/docs/introducing-jsx.html) e
 <input className="gf-form-input login-form-input" type="text" />
 ```
 
-We _could_ target the field with a CSS selector like `.gf-form-input.login-form-input` but that would be brittle as style changes occur frequently. Furthermore there is nothing that signals to future developers that this input is part of an E2E test. At Grafana, we use `aria-label` attributes as our preferred way of defining selectors instead of [`data-*`](https://mdn.io/docs/Web/HTML/Global_attributes/data-*) as they also aid in [accessibility](https://mdn.io/docs/Learn/Accessibility/What_is_accessibility):
+We _could_ target the field with a CSS selector like `.gf-form-input.login-form-input` but that would be brittle as style changes occur frequently. Furthermore there is nothing that signals to future developers that this input is part of an E2E test. At Grafana, we use `data-testid` attributes as our preferred way of defining selectors. See [Aria-Labels vs data-testid](#aria-labels-vs-data-testid) for more details.
 
 ```jsx
-<input aria-label="Username input field" className="gf-form-input login-form-input" type="text" />
+<input data-testid="Username input field" className="gf-form-input login-form-input" type="text" />
 ```
 
 The next step is to create a `Page` representation in our E2E framework to glue the test with the real implementation using the `pageFactory` function. For that function we can supply a `url` and `selectors` like in the example below:
@@ -39,10 +39,12 @@ export const Login = {
   // Called via `Login.visit()`
   url: '/login',
   // Called via `Login.username()`
-  username: 'Username input field',
+  username: 'data-testid Username input field',
 };
 ```
 
+Note that the selector is prefixed with `data-testid` - this is a signal to the framework to look for the selector in the `data-testid` attribute.
+
 The next step is to add the `Login` page to the `Pages` export within [_\<repo-root>/packages/grafana-e2e-selectors/src/selectors/pages.ts_](../../packages/grafana-e2e-selectors/src/selectors/pages.ts) so that it appears when we type `e2e.pages` in our IDE.
 
 ```typescript
@@ -59,7 +61,7 @@ Now that we have a `Page` called `Login` in our `Pages` const we can use that to
 ```jsx
 import { selectors } from '@grafana/e2e-selectors';
 
-<input aria-label={selectors.pages.Login.username} className="gf-form-input login-form-input" type="text" />;
+<input data-testid={selectors.pages.Login.username} className="gf-form-input login-form-input" type="text" />;
 ```
 
 The last step in our example is to use our `Login` page as part of a test.
@@ -100,7 +102,7 @@ Just as before in the basic example we'll start by creating a page abstraction u
 ```typescript
 export const DataSources = {
   url: '/datasources',
-  dataSources: (dataSourceName: string) => `Data source list item ${dataSourceName}`,
+  dataSources: (dataSourceName: string) => `data-testid Data source list item ${dataSourceName}`,
 };
 ```
 
@@ -115,7 +117,7 @@ The next step is to use the `dataSources` selector function as in our example be
   {dataSources.map(({ id, name }) => (
     <li className="card-item-wrapper" key={id}>
       <a className="card-item" href={`datasources/edit/${id}`}>
-        <div className="card-item-name" aria-label={selectors.pages.DataSources.dataSources(name)}>
+        <div className="card-item-name" data-testid={selectors.pages.DataSources.dataSources(name)}>
           {name}
         </div>
       </a>
@@ -127,9 +129,9 @@ The next step is to use the `dataSources` selector function as in our example be
 When this list is rendered with the data sources with names `A`, `B` and `C` ,the resulting HTML would look like:
 
 ```html
-<div class="card-item-name" aria-label="Data source list item A">A</div>
-<div class="card-item-name" aria-label="Data source list item B">B</div>
-<div class="card-item-name" aria-label="Data source list item C">C</div>
+<div class="card-item-name" data-testid="data-testid Data source list item A">A</div>
+<div class="card-item-name" data-testid="data-testid Data source list item B">B</div>
+<div class="card-item-name" data-testid="data-testid Data source list item C">C</div>
 ```
 
 Now we can write our test. The one thing that differs from the [basic example](#basic-example) above is that we pass in which data source we want to click on as an argument to the selector function:

contribute/style-guides/frontend.md

@@ -351,7 +351,7 @@ static defaultProps: Partial<Props> = { ... }
 We recommend using named regular functions when creating a new react functional component.
 
 ```typescript
-export function Component(props: Props): ReactElement { ... }
+export function Component(props: Props) { ... }
 ```
 
 ## State management

devenv/benchmarks/ab/ab_test.sh

@@ -1,4 +0,0 @@
-#!/bin/bash
-
-ab -n 20000 -c 100 -H "Authorization: Bearer vEustw23NSOZ27y3zlj28ZL3B7BpBk5kqR85DOfT5AwiS3nCi33dnsk6nhvXhZdn" \
-  http://localhost:3000/api/dashboards/db/dash1

devenv/datasources.yaml

@@ -247,7 +247,15 @@ datasources:
     access: proxy
     url: http://localhost:3100
     editable: false
+    correlations:
+      - targetUID: gdev-jaeger
+        label: "Jaeger traces"
+        description: "Related traces stored in Jaeger"
+      - targetUID: gdev-zipkin
+        label: "Zipkin traces"
+        description: "Related traces stored in Zipkin"
     jsonData:
+      something: here
       manageAlerts: false
       derivedFields:
         - name: "traceID"

devenv/docker/blocks/influxdb/config.yaml

@@ -1 +0,0 @@
-http-bind-address: :8086

devenv/docker/blocks/influxdb/docker-compose.yaml

@@ -5,6 +5,7 @@
       - '8086:8086'
     environment:
       INFLUXD_REPORTING_DISABLED: 'true'
+      INFLUXD_HTTP_BIND_ADDRESS: ':8086'
       DOCKER_INFLUXDB_INIT_MODE: 'setup'
       DOCKER_INFLUXDB_INIT_USERNAME: 'grafana'
       DOCKER_INFLUXDB_INIT_PASSWORD: 'grafana12345'
@@ -12,7 +13,6 @@
       DOCKER_INFLUXDB_INIT_BUCKET: 'mybucket'
       DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: 'mytoken'
     volumes:
-      - ./docker/blocks/influxdb/config.yaml:/etc/influxdb2/config.yaml
       - ./docker/blocks/influxdb/setup_influxql.sh:/docker-entrypoint-initdb.d/setup_influxql.sh
 
   telegraf:

devenv/docker/blocks/jwt_proxy/docker-build-keycloak-m1-image.sh

@@ -0,0 +1,9 @@
+#/bin/sh
+
+VERSION=12.0.1 # set version here
+
+cd /tmp
+git clone git@github.com:keycloak/keycloak-containers.git
+cd keycloak-containers/server
+git checkout $VERSION
+docker build -t "quay.io/keycloak/keycloak:${VERSION}" .

devenv/docker/blocks/jwt_proxy/docker-compose.yaml

@@ -0,0 +1,54 @@
+  oauthkeycloakdb:
+    image: postgres:12.2
+    container_name: oauthkeycloakdb
+    environment:
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: password
+    volumes:
+      - ./docker/blocks/jwt_proxy/cloak.sql:/docker-entrypoint-initdb.d/cloak.sql
+    restart: unless-stopped
+
+  oauthkeycloak:
+    image: quay.io/keycloak/keycloak:12.0.1
+    container_name: oauthkeycloak
+    environment:
+      DB_VENDOR: POSTGRES
+      DB_ADDR: oauthkeycloakdb
+      DB_DATABASE: keycloak
+      DB_USER: keycloak
+      DB_PASSWORD: password
+      KEYCLOAK_USER: admin
+      KEYCLOAK_PASSWORD: admin
+      PROXY_ADDRESS_FORWARDING: "true"
+    ports:
+      - 8087:8080
+    depends_on:
+      - oauthkeycloakdb
+    links:
+      - "oauthkeycloakdb:oauthkeycloakdb"
+    restart: unless-stopped
+
+  oauthproxy:
+    image: docker.io/bitnami/oauth2-proxy:7.3.0
+    container_name: oauthproxy
+    command: [
+    "--cookie-secret=yI-CWT5s4sBR2Zd0DDJJlTYc0aQ3jwGH15jYA18ZAQA=",
+    "--upstream=http://localhost:3000",
+    "--provider=keycloak",
+    "--client-id=grafana-oauth",
+    "--client-secret=d17b9ea9-bcb1-43d2-b132-d339e55872a8",
+    "--login-url=http://127.0.0.1:8087/auth/realms/grafana/protocol/openid-connect/auth",
+    "--redeem-url=http://127.0.0.1:8087/auth/realms/grafana/protocol/openid-connect/token",
+    "--profile-url=http://127.0.0.1:8087/auth/realms/grafana/protocol/openid-connect/userinfo",
+    "--validate-url=http://127.0.0.1:8087/auth/realms/grafana/protocol/openid-connect/userinfo",
+    "--cookie-secure=false",
+    "--http-address=0.0.0.0:8088",
+    "--redirect-url=http://127.0.0.1:8088/oauth2/callback",
+    "--pass-access-token=true",
+    "--email-domain=*",
+    ]
+    network_mode: "host"
+    depends_on:
+      - oauthkeycloak
+    restart: unless-stopped

devenv/docker/blocks/jwt_proxy/jwks.json

@@ -0,0 +1 @@
+{"keys":[{"kid":"On2FQuJ8Y-909uJGWQEDkbzG-GRNmMc43HslEgVv_VQ","kty":"RSA","alg":"RS256","use":"sig","n":"qDmQHfTcOQOzmNJbVvtvuS8p_EgmiscP7vA_PZNyKx9O7utyGuoAmJH8e2w8gLIDDWHl5_x8aAIl_-TTPTSiyX8I68ryIdR28ZSe5u4pRdpXCVvJpOefKNIxQCTH7rs4KuRj0HZ2u1mu1Vz5_CeCCoKwKSmheD3u1xTJ8-VxQmdqfGxhuKtnkof7977HWOWy4GLDFqxyYHgihP_MmSeTmXUhVeZI6IOCqHMpF8eFWVGKM6V8rIKf8QO2K_vDJBM_3C933vMY8mqSQXbI3G54x-0myAaQXr4JkxjvUGKg5YC3ZXw7AjfZv_W_fQOG0GYp2hQ0akR4KNKT3XPNmpMVlQ","e":"AQAB","x5c":["MIICnTCCAYUCBgF+u1ir8jANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdncmFmYW5hMB4XDTIyMDIwMjE2NDkxN1oXDTMyMDIwMjE2NTA1N1owEjEQMA4GA1UEAwwHZ3JhZmFuYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKg5kB303DkDs5jSW1b7b7kvKfxIJorHD+7wPz2TcisfTu7rchrqAJiR/HtsPICyAw1h5ef8fGgCJf/k0z00osl/COvK8iHUdvGUnubuKUXaVwlbyaTnnyjSMUAkx+67OCrkY9B2drtZrtVc+fwnggqCsCkpoXg97tcUyfPlcUJnanxsYbirZ5KH+/e+x1jlsuBiwxascmB4IoT/zJknk5l1IVXmSOiDgqhzKRfHhVlRijOlfKyCn/EDtiv7wyQTP9wvd97zGPJqkkF2yNxueMftJsgGkF6+CZMY71BioOWAt2V8OwI32b/1v30DhtBmKdoUNGpEeCjSk91zzZqTFZUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEABlW64QxuREB81VMGsyhj4Q5RykFaVuD5O8YlwUpmVfAVLzb0Drf54Kn4bnpnckKyYV+T+HsN4QXt81UE41xH0Aai2H3vrGH+PJf6aLPCDE+jpMqtN3n6IgImJXJPL8upMfhhWDv4nkM4uynEwWupzmrKi4oJuTETSMktJby4o6//XWnCzCVMoAGFJU4gtjBUzOMLW26zD+yc+BuUtfR3HzItVHSZKQSNSFO0kVS68RgrER8qJw07z3BOJ2bPpPM0PYyEngGMaowz/T6lI32ymGMWYMAnslthS1KAW9xcTBwnrW1nMhe5a0LPxIktys/wJtxIHZLc5sOddGT4xYklLg=="],"x5t":"prs-h1NBqOSJMH-tQWLTqguWets","x5t#S256":"YjK3HobZW8xbNL1IPDgFhCM41UC5c0hG2cxaF6v961Q"}]}

devenv/docker/blocks/jwt_proxy/readme.md

@@ -0,0 +1,87 @@
+# OAUTH BLOCK
+## Devenv setup jwt auth
+
+To launch the block, use the oauth source. Ex:
+
+```bash
+make devenv sources="jwt_proxy"
+```
+
+Here is the conf you need to add to your configuration file (conf/custom.ini):
+
+```ini
+[auth]
+signout_redirect_url = http://127.0.0.1:8088/oauth2/sign_out
+
+[auth.jwt]
+enabled = true
+enable_login_token = true
+header_name = X-Forwarded-Access-Token
+username_claim = login
+email_claim = email
+jwk_set_file = devenv/docker/blocks/oauth/jwks.json
+cache_ttl = 60m
+expected_claims = {"iss": "http://localhost:8087/auth/realms/grafana", "azp": "grafana-oauth"}
+auto_sign_up = true
+```
+
+Access Grafana through: 
+
+```sh
+http://127.0.0.1:8088
+```
+
+## Devenv setup jwt auth iframe embedding
+
+- Add previous configuration and next snippet to grafana.ini
+
+```ini
+[security]
+allow_embedding = true
+```
+
+- Create dashboard and copy UID
+
+- Clone [https://github.com/grafana/grafana-iframe-oauth-sample](https://github.com/grafana/grafana-iframe-oauth-sample)
+
+- Change the dashboard URL in `grafana-iframe-oauth-sample/src/pages/restricted.tsx` to use the dashboard you created (keep URL query values)
+
+- Start sample app from the `grafana-iframe-oauth-sample` folder with: `yarn start`
+
+- Navigate to [http://localhost:4200](http://localhost:4200) and press restricted area
+
+Note: You may need to grant the JWT user in grafana access to the datasources and the dashboard
+
+## Backing up keycloak DB
+
+In case you want to make changes to the devenv setup, you can dump keycloack's DB:
+
+```bash
+cd devenv;
+docker-compose exec -T oauthkeycloakdb bash -c "pg_dump -U keycloak keycloak" > docker/blocks/jwt_proxy/cloak.sql
+```
+
+## Connecting to keycloack:
+
+- keycloak admin:                     http://localhost:8087
+- keycloak admin login:               admin:admin
+- grafana jwt viewer login:          jwt-viewer:grafana
+- grafana jwt editor login:          jwt-editor:grafana
+- grafana jwt admin login:           jwt-admin:grafana
+
+# Troubleshooting
+
+## Mac M1 Users
+
+The new arm64 architecture does not build for the latest docker image of keycloack. Refer to https://github.com/docker/for-mac/issues/5310 for the issue to see if it resolved.
+Until then you need to build the docker image locally and then run `devenv`.
+
+1. Remove any lingering keycloack image
+```sh
+$ docker rmi $(docker images | grep 'keycloack')
+```
+1. Build keycloack image locally
+```sh
+$ ./docker-build-keycloack-m1-image.sh
+```
+1. Start from beginning of this readme

devenv/docker/blocks/oauth/docker-build-keycloak-m1-image.sh

@@ -0,0 +1,9 @@
+#/bin/sh
+
+VERSION=12.0.1 # set version here
+
+cd /tmp
+git clone git@github.com:keycloak/keycloak-containers.git
+cd keycloak-containers/server
+git checkout $VERSION
+docker build -t "quay.io/keycloak/keycloak:${VERSION}" .

devenv/docker/blocks/oauth/docker-compose.yaml

@@ -0,0 +1,30 @@
+  oauthkeycloakdb:
+    image: postgres:12.2
+    container_name: oauthkeycloakdb
+    environment:
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: password
+    volumes:
+      - ./docker/blocks/oauth/cloak.sql:/docker-entrypoint-initdb.d/cloak.sql
+    restart: unless-stopped
+  
+  oauthkeycloak:
+    image: quay.io/keycloak/keycloak:12.0.1
+    container_name: oauthkeycloak
+    environment:
+      DB_VENDOR: POSTGRES
+      DB_ADDR: oauthkeycloakdb
+      DB_DATABASE: keycloak
+      DB_USER: keycloak
+      DB_PASSWORD: password
+      KEYCLOAK_USER: admin
+      KEYCLOAK_PASSWORD: admin
+      PROXY_ADDRESS_FORWARDING: "true"
+    ports:
+      - 8087:8080
+    depends_on:
+      - oauthkeycloakdb
+    links:
+      - "oauthkeycloakdb:oauthkeycloakdb"
+    restart: unless-stopped

devenv/docker/blocks/oauth/jwks.json

@@ -0,0 +1 @@
+{"keys":[{"kid":"On2FQuJ8Y-909uJGWQEDkbzG-GRNmMc43HslEgVv_VQ","kty":"RSA","alg":"RS256","use":"sig","n":"qDmQHfTcOQOzmNJbVvtvuS8p_EgmiscP7vA_PZNyKx9O7utyGuoAmJH8e2w8gLIDDWHl5_x8aAIl_-TTPTSiyX8I68ryIdR28ZSe5u4pRdpXCVvJpOefKNIxQCTH7rs4KuRj0HZ2u1mu1Vz5_CeCCoKwKSmheD3u1xTJ8-VxQmdqfGxhuKtnkof7977HWOWy4GLDFqxyYHgihP_MmSeTmXUhVeZI6IOCqHMpF8eFWVGKM6V8rIKf8QO2K_vDJBM_3C933vMY8mqSQXbI3G54x-0myAaQXr4JkxjvUGKg5YC3ZXw7AjfZv_W_fQOG0GYp2hQ0akR4KNKT3XPNmpMVlQ","e":"AQAB","x5c":["MIICnTCCAYUCBgF+u1ir8jANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdncmFmYW5hMB4XDTIyMDIwMjE2NDkxN1oXDTMyMDIwMjE2NTA1N1owEjEQMA4GA1UEAwwHZ3JhZmFuYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKg5kB303DkDs5jSW1b7b7kvKfxIJorHD+7wPz2TcisfTu7rchrqAJiR/HtsPICyAw1h5ef8fGgCJf/k0z00osl/COvK8iHUdvGUnubuKUXaVwlbyaTnnyjSMUAkx+67OCrkY9B2drtZrtVc+fwnggqCsCkpoXg97tcUyfPlcUJnanxsYbirZ5KH+/e+x1jlsuBiwxascmB4IoT/zJknk5l1IVXmSOiDgqhzKRfHhVlRijOlfKyCn/EDtiv7wyQTP9wvd97zGPJqkkF2yNxueMftJsgGkF6+CZMY71BioOWAt2V8OwI32b/1v30DhtBmKdoUNGpEeCjSk91zzZqTFZUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEABlW64QxuREB81VMGsyhj4Q5RykFaVuD5O8YlwUpmVfAVLzb0Drf54Kn4bnpnckKyYV+T+HsN4QXt81UE41xH0Aai2H3vrGH+PJf6aLPCDE+jpMqtN3n6IgImJXJPL8upMfhhWDv4nkM4uynEwWupzmrKi4oJuTETSMktJby4o6//XWnCzCVMoAGFJU4gtjBUzOMLW26zD+yc+BuUtfR3HzItVHSZKQSNSFO0kVS68RgrER8qJw07z3BOJ2bPpPM0PYyEngGMaowz/T6lI32ymGMWYMAnslthS1KAW9xcTBwnrW1nMhe5a0LPxIktys/wJtxIHZLc5sOddGT4xYklLg=="],"x5t":"prs-h1NBqOSJMH-tQWLTqguWets","x5t#S256":"YjK3HobZW8xbNL1IPDgFhCM41UC5c0hG2cxaF6v961Q"}]}

devenv/docker/blocks/oauth/readme.md

@@ -0,0 +1,134 @@
+# OAUTH BLOCK
+
+## Devenv setup oauth
+
+To launch the block, use the oauth source. Ex:
+```bash
+make devenv sources="oauth"
+```
+
+Here is the conf you need to add to your configuration file (conf/custom.ini):
+
+```ini
+[auth]
+signout_redirect_url = http://localhost:8087/auth/realms/grafana/protocol/openid-connect/logout?redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Flogin
+
+[auth.generic_oauth]
+enabled = true
+name = Keycloak-OAuth
+allow_sign_up = true
+client_id = grafana-oauth
+client_secret = d17b9ea9-bcb1-43d2-b132-d339e55872a8
+empty_scopes = true
+email_attribute_path = email
+login_attribute_path = login
+name_attribute_path = name
+auth_url = http://localhost:8087/auth/realms/grafana/protocol/openid-connect/auth
+token_url = http://localhost:8087/auth/realms/grafana/protocol/openid-connect/token
+api_url = http://localhost:8087/auth/realms/grafana/protocol/openid-connect/userinfo
+role_attribute_path = contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'
+```
+
+## Devenv setup jwt auth
+
+To launch the block, use the oauth source. Ex:
+
+```bash
+make devenv sources="oauth"
+```
+
+Here is the conf you need to add to your configuration file (conf/custom.ini):
+
+```ini
+[auth.jwt]
+enabled = true
+header_name = X-JWT-Assertion
+username_claim = login
+email_claim = email
+jwk_set_file = devenv/docker/blocks/oauth/jwks.json
+cache_ttl = 60m
+expected_claims = {"iss": "http://localhost:8087/auth/realms/grafana", "azp": "grafana-oauth"}
+auto_sign_up = true
+```
+
+You can obtain a jwt token by using the following command for oauth-admin:
+
+```sh
+curl --request POST \
+  --url http://localhost:8087/auth/realms/grafana/protocol/openid-connect/token \
+  --header 'Content-Type: application/x-www-form-urlencoded' \
+  --data client_id=grafana-oauth \
+  --data grant_type=password \
+  --data client_secret=d17b9ea9-bcb1-43d2-b132-d339e55872a8 \
+  --data scope=openid \
+  --data username=oauth-admin \
+  --data password=grafana
+```
+
+
+Grafana call example:
+
+```sh
+curl --request GET \
+  --url http://127.0.0.1:3000/api/folders \
+  --header 'Accept: application/json' \
+  --header 'X-JWT-Assertion: eyJ......'
+```
+
+### Alternative devenv setup jwk_set_url
+
+Run a reverse proxy pointing to the jwk_set_url (only an https-uri can be used as jwk_set_url).
+
+Ex (using localtunnel):
+
+```sh
+npx localtunnel --port 8087
+```
+
+And using the following conf:
+
+```ini
+[auth.jwt]
+enabled = true
+header_name = X-JWT-Assertion
+username_claim = login
+email_claim = email
+jwk_set_url = <YOUR REVERSE PROXY URL>/auth/realms/grafana/protocol/openid-connect/certs
+cache_ttl = 60m
+expected_claims = {"iss": "http://localhost:8087/auth/realms/grafana", "azp": "grafana-oauth"}
+auto_sign_up = true
+```
+
+## Backing up keycloak DB
+
+In case you want to make changes to the devenv setup, you can dump keycloack's DB:
+
+```bash
+cd devenv;
+docker-compose exec -T oauthkeycloakdb bash -c "pg_dump -U keycloak keycloak" > docker/blocks/oauth/cloak.sql
+```
+
+## Connecting to keycloack:
+
+- keycloak admin:                     http://localhost:8087
+- keycloak admin login:               admin:admin
+- grafana oauth viewer login:          oauth-viewer:grafana
+- grafana oauth editor login:          oauth-editor:grafana
+- grafana oauth admin login:           oauth-admin:grafana
+
+# Troubleshooting
+
+## Mac M1 Users
+
+The new arm64 architecture does not build for the latest docker image of keycloack. Refer to https://github.com/docker/for-mac/issues/5310 for the issue to see if it resolved.
+Until then you need to build the docker image locally and then run `devenv`.
+
+1. Remove any lingering keycloack image
+```sh
+$ docker rmi $(docker images | grep 'keycloack')
+```
+1. Build keycloack image locally
+```sh
+$ ./docker-build-keycloack-m1-image.sh
+```
+1. Start from beginning of this readme

devenv/docker/blocks/tempo/README.md

@@ -1,4 +1,4 @@
 Right now Tempo is before stable release so this uses :latest tag which means there can be changes depending on when
 you pull the image.
 
-For adding some traces easily you can run Loki block and enable tracing (see ../loki/README.md)
+For adding some traces easily you can run Loki block and enable tracing (see ../loki-promtail/README.md)

docs/sources/administration/api-keys/_index.md

@@ -14,29 +14,23 @@ weight: 700
 
 # API keys
 
-API keys can be used to interact with Grafana HTTP APIs.
-
-We recommend using service accounts instead of API keys if you are on Grafana 8.5+, for more information refer to [About service accounts]({{< relref "../service-accounts/about-service-accounts/#" >}}).
-
-{{< section >}}
-
-## About API keys
-
 An API key is a randomly generated string that external systems use to interact with Grafana HTTP APIs.
 
-When you create an API key, you specify a **Role** that determines the permissions associated with the API key. Role permissions control that actions the API key can perform on Grafana resources. For more information about creating API keys, refer to [Create an API key]({{< relref "create-api-key/#" >}}).
+When you create an API key, you specify a **Role** that determines the permissions associated with the API key. Role permissions control that actions the API key can perform on Grafana resources.
+
+> **Note:** If you use Grafana v8.5 or newer, use service accounts instead of API keys. For more information, refer to [Grafana service accounts]({{< relref "../service-accounts/" >}}).
+
+{{< section >}}
 
 ## Create an API key
 
 Create an API key when you want to manage your computed workload with a user.
 
-For more information about API keys, refer to [About API keys in Grafana]({{< relref "about-api-keys/" >}}).
-
 This topic shows you how to create an API key using the Grafana UI. You can also create an API key using the Grafana HTTP API. For more information about creating API keys via the API, refer to [Create API key via API]({{< relref "../../developers/http_api/create-api-tokens-for-org/#how-to-create-a-new-organization-and-an-api-token" >}}).
 
 ### Before you begin:
 
-- Ensure you have permission to create and edit API keys. For more information about permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/#" >}}).
+- Ensure you have permission to create and edit API keys. For more information about permissions, refer to [Roles and permissions]({{< relref "../roles-and-permissions/#" >}}).
 
 **To create an API key:**
 
@@ -50,3 +44,40 @@ This topic shows you how to create an API key using the Grafana UI. You can also
    - The maximum length of time is 30 days (one month). You enter a number and a letter. Valid letters include `s` for seconds,`m` for minutes, `h` for hours, `d `for days, `w` for weeks, and `M `for month. For example, `12h` is 12 hours and `1M` is 1 month (30 days).
    - If you are unsure about how long an API key should be valid, we recommend that you choose a short duration, such as a few hours. This approach limits the risk of having API keys that are valid for a long time.
 1. Click **Add**.
+
+## Migrate API Keys to Grafana service accounts
+
+You can migrate one or all API keys to [Grafana service accounts]({{< relref "../service-accounts/" >}}). When you migrate an API key to a service account, a service account will be created with a service account token.
+The API key will continue to work, and you can find it in the [Grafana service account tokens]({{< relref "../service-accounts/#service-account-benefits/#service-account-tokens" >}}) details.
+For more information about benefits of service accounts, refer to [Grafana service account benefits]({{< relref "../service-accounts/#service-account-benefits" >}}).
+
+You can choose to migrate a single API key or all API keys. Note that when you migrate all API keys, you can't create new API keys anymore and will have to use service accounts instead.
+
+### Before you begin
+
+- Ensure you have permission to create Grafana service accounts. For more information about permissions, refer to [Roles and permissions]({{< relref "../roles-and-permissions/#" >}}).
+
+**To migrate all API keys to service accounts:**
+
+1. Sign in to Grafana, hover your cursor over **Configuration** (the gear icon), and click **API Keys**.
+2. In the top of the page, find the section which says **Switch from API keys to service accounts**
+3. Click **Migrate to service accounts now**.
+4. A confirmation window will appear, asking to confirm the migration. Click **Yes, migrate now** if you are willing to continue.
+5. Once migration is successful, you can choose to forever hide the API keys page. Click **Hide API keys page forever** if you want to do that.
+
+**To migrate single API key to a service account:**
+
+1. Sign in to Grafana, hover your cursor over **Configuration** (the gear icon), and click **API Keys**.
+1. Find the API Key you want to migrate.
+1. Click **Migrate to service account**.
+
+### Revert service account token to API key
+
+**Note:** This is undesired operation and should be used only in emergency situations.
+
+It is possible to convert back service account token to API key. You can use the [Revert service account token to API key HTTP API]({{< relref "../../developers/http_api/create-api-tokens-for-org/#how-to-create-a-new-organization-and-an-api-token" >}}) for that.
+
+**The revert will perform the following actions:**
+
+1. Convert the given service account token back to API key
+1. Delete the service account associated with the given key. **Make sure there are no other tokens associated with the service account, otherwise they all will be deleted.**

docs/sources/administration/organization-preferences/_index.md

@@ -29,7 +29,7 @@ If the user is aware of the change and intended it, then that's great! But if th
 
 In Grafana, you can change your names and emails associated with groups or accounts in the Settings or Preferences. This topic provides instructions for each task.
 
-{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
+Some tasks require certain permissions. For more information about roles, refer to [Roles and permissions]({{< relref "../roles-and-permissions/" >}}).
 
 ### Change organization name
 
@@ -39,24 +39,20 @@ Grafana server administrators and organization administrators can change organiz
 
 Follow these instructions if you are a Grafana Server Admin.
 
-{{< docs/list >}}
-{{< docs/shared "manage-users/view-server-org-list.md" >}}
-
+1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears.
+1. Click **Orgs**.
 1. In the organization list, click the name of the organization that you want to change.
 1. In **Name**, enter the new organization name.
 1. Click **Update**.
-   {{< /docs/list >}}
 
 #### Organization Admin change organization name
 
 If you are an Organization Admin, follow these steps:
 
-{{< docs/list >}}
-{{< docs/shared "preferences/org-preferences-list.md" >}}
-
+1. Hover your cursor over the **Configuration** (gear) icon.
+1. Click **Preferences**.
 1. In **Organization name**, enter the new name.
 1. Click **Update organization name**.
-   {{< /docs/list >}}
 
 ### Change team name or email
 
@@ -80,7 +76,7 @@ To learn how to edit your user information, refer to [Edit your profile]({{< rel
 
 In Grafana, you can modify the UI theme configured in the Settings or Preferences. Set the UI theme for the server, an organization, a team, or your personal user account using the instructions in this topic.
 
-{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
+Some tasks require certain permissions. For more information about roles, refer to [Roles and permissions]({{< relref "../roles-and-permissions/" >}}).
 
 ### Theme options
 
@@ -112,36 +108,34 @@ To see what the current settings are, refer to [View server settings]({{< relref
 
 Organization administrators can change the UI theme for all users in an organization.
 
-{{< docs/list >}}
-{{< docs/shared "preferences/org-preferences-list.md" >}}
-{{< docs/shared "preferences/select-ui-theme-list.md" >}}
-{{< /docs/list >}}
+1. Hover your cursor over the **Configuration** (gear) icon.
+1. Click **Preferences**.
+1. In the Preferences section, select the **UI theme**.
+1. Click **Save**.
 
 ### Change team UI theme
 
 Organization and team administrators can change the UI theme for all users in a team.
 
-{{< docs/list >}}
-{{< docs/shared "manage-users/view-team-list.md" >}}
-
+1. Hover your cursor over the **Configuration** (gear) icon in the side menu.
+1. Click **Teams**. Grafana displays the team list.
 1. Click on the team that you want to change the UI theme for and then navigate to the **Settings** tab.
-   {{< docs/shared "preferences/select-ui-theme-list.md" >}}
-   {{< /docs/list >}}
+1. In the Preferences section, select the **UI theme**.
+1. Click **Save**.
 
 ### Change your personal UI theme
 
 You can change the UI theme for your user account. This setting overrides UI theme settings at higher levels.
 
-{{< docs/list >}}
-{{< docs/shared "preferences/navigate-user-preferences-list.md" >}}
-{{< docs/shared "preferences/select-ui-theme-list.md" >}}
-{{< /docs/list >}}
+1. On the left menu, hover your cursor over your avatar and then click **Preferences**.
+1. In the Preferences section, select the **UI theme**.
+1. Click **Save**.
 
 ## Change the Grafana default timezone
 
 By default, Grafana uses the timezone in your web browser. However, you can override this setting at the server, organization, team, or individual user level. This topic provides instructions for each task.
 
-{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
+Some tasks require certain permissions. For more information about roles, refer to [Roles and permissions]({{< relref "../roles-and-permissions/" >}}).
 
 ### Set server timezone
 
@@ -151,36 +145,34 @@ Grafana server administrators can choose a default timezone for all users on the
 
 Organization administrators can choose a default timezone for their organization.
 
-{{< docs/list >}}
-{{< docs/shared "preferences/org-preferences-list.md" >}}
-{{< docs/shared "preferences/select-timezone-list.md" >}}
-{{< /docs/list >}}
+1. Hover your cursor over the **Configuration** (gear) icon.
+1. Click **Preferences**.
+1. Click to select an option in the **Timezone** list. **Default** is either the browser local timezone or the timezone selected at a higher level. Refer to [Time range controls]({{< relref "../../dashboards/time-range-controls/" >}}) for more information about Grafana time settings.
+1. Click **Save**.
 
 ### Set team timezone
 
 Organization administrators and team administrators can choose a default timezone for all users in a team.
 
-{{< docs/list >}}
-{{< docs/shared "manage-users/view-team-list.md" >}}
-
+1. Hover your cursor over the **Configuration** (gear) icon in the side menu.
+1. Click **Teams**. Grafana displays the team list.
 1. Click on the team you that you want to change the timezone for and then navigate to the **Settings** tab.
-   {{< docs/shared "preferences/select-timezone-list.md" >}}
-   {{< /docs/list >}}
+1. Click to select an option in the **Timezone** list. **Default** is either the browser local timezone or the timezone selected at a higher level. Refer to [Time range controls]({{< relref "../../dashboards/time-range-controls/" >}}) for more information about Grafana time settings.
+1. Click **Save**.
 
 ### Set your personal timezone
 
 You can change the timezone for your user account. This setting overrides timezone settings at higher levels.
 
-{{< docs/list >}}
-{{< docs/shared "preferences/navigate-user-preferences-list.md" >}}
-{{< docs/shared "preferences/select-timezone-list.md" >}}
-{{< /docs/list >}}
+1. On the left menu, hover your cursor over your avatar and then click **Preferences**.
+1. Click to select an option in the **Timezone** list. **Default** is either the browser local timezone or the timezone selected at a higher level. Refer to [Time range controls]({{< relref "../../dashboards/time-range-controls/" >}}) for more information about Grafana time settings.
+1. Click **Save**.
 
 ## Change the default home dashboard
 
 The home dashboard you set is the one all users will see by default when they log in. You can set the home dashboard for the server, an organization, a team, or your personal user account. This topic provides instructions for each task.
 
-{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
+Some tasks require certain permissions. For more information about roles, refer to [Roles and permissions]({{< relref "../roles-and-permissions/" >}}).
 
 ### Navigate to the home dashboard
 
@@ -216,30 +208,31 @@ default_home_dashboard_path = data/main-dashboard.json
 
 Organization administrators can choose a home dashboard for their organization.
 
-{{< docs/list >}}
-{{< docs/shared "preferences/navigate-to-the-dashboard-list.md" >}}
-{{< docs/shared "preferences/org-preferences-list.md" >}}
-{{< docs/shared "preferences/select-home-dashboard-list.md" >}}
-{{< /docs/list >}}
+1. Navigate to the dashboard you want to set as the home dashboard.
+1. Click the star next to the dashboard title to mark the dashboard as a favorite if it is not already.
+1. Hover your cursor over the **Configuration** (gear) icon.
+1. Click **Preferences**.
+1. In the **Home Dashboard** field, select the dashboard that you want to use for your home dashboard. Options include all starred dashboards.
+1. Click **Save**.
 
 ### Set home dashboard for your team
 
 Organization administrators and Team Admins can choose a home dashboard for a team.
 
-{{< docs/list >}}
-{{< docs/shared "preferences/navigate-to-the-dashboard-list.md" >}}
-{{< docs/shared "manage-users/view-team-list.md" >}}
-
+1. Navigate to the dashboard you want to set as the home dashboard.
+1. Click the star next to the dashboard title to mark the dashboard as a favorite if it is not already.
+1. Hover your cursor over the **Configuration** (gear) icon in the side menu.
+1. Click **Teams**. Grafana displays the team list.
 1. Click on the team that you want to change the home dashboard for and then navigate to the **Settings** tab.
-   {{< docs/shared "preferences/select-home-dashboard-list.md" >}}
-   {{< /docs/list >}}
+1. In the **Home Dashboard** field, select the dashboard that you want to use for your home dashboard. Options include all starred dashboards.
+1. Click **Save**.
 
 ### Set your personal home dashboard
 
 You can choose your own personal home dashboard. This setting overrides all home dashboards set at higher levels.
 
-{{< docs/list >}}
-{{< docs/shared "preferences/navigate-to-the-dashboard-list.md" >}}
-{{< docs/shared "preferences/navigate-user-preferences-list.md" >}}
-{{< docs/shared "preferences/select-home-dashboard-list.md" >}}
-{{< /docs/list >}}
+1. Navigate to the dashboard you want to set as the home dashboard.
+1. Click the star next to the dashboard title to mark the dashboard as a favorite if it is not already.
+1. On the left menu, hover your cursor over your avatar and then click **Preferences**.
+1. In the **Home Dashboard** field, select the dashboard that you want to use for your home dashboard. Options include all starred dashboards.
+1. Click **Save**.

docs/sources/administration/plugin-management/_index.md

@@ -43,6 +43,16 @@ Apps can also add custom pages for things like control panels.
 
 Use app plugins when you want to create an custom out-of-the-box monitoring experience.
 
+### Managing app plugins access
+
+With [RBAC]({{< relref "../roles-and-permissions/access-control/#about-rbac" >}}), it is now possible to customize access to app plugins.
+
+By default, Viewers, Editors and Admins have access to all App Plugins that their organization role allows them to access, thanks to the `fixed:plugins.app:reader` role.
+
+> **Note:** Revoking this RBAC role from some users, will prevent them from accessing app plugins. But granting this RBAC role to users will only allow them to see app plugins their organization role allows them to see.
+
+To prevent users from seeing an app plugin, refer to [this permissions scenarios]({{< relref "../roles-and-permissions/access-control/plan-rbac-rollout-strategy#prevent-viewers-from-accessing-an-app-plugin" >}}).
+
 ## Plugin catalog
 
 The Plugin catalog allows you to browse and manage plugins from within Grafana. Only Grafana server administrators and organization administrators can access and use the plugin catalog. The following access rules apply depending on the user role:

docs/sources/administration/provisioning/_index.md

@@ -233,7 +233,10 @@ datasources:
 
 > This feature is available from v7.1
 
-You can manage plugins in Grafana by adding one or more YAML config files in the [`provisioning/plugins`]({{< relref "../../setup-grafana/configure-grafana/#provisioning" >}}) directory. Each config file can contain a list of `apps` that will be updated during start up. Grafana updates each app to match the configuration file.
+You can manage plugin applications in Grafana by adding one or more YAML config files in the [`provisioning/plugins`]({{< relref "../../setup-grafana/configure-grafana/#provisioning" >}}) directory. Each config file can contain a list of `apps` that will be updated during start up. Grafana updates each app to match the configuration file.
+
+> **Note:** This feature enables you to provision plugin configurations, not the plugins themselves.
+> The plugins must already be installed on the grafana instance
 
 ### Example plugin configuration file
 

docs/sources/administration/roles-and-permissions/_index.md

@@ -12,7 +12,7 @@ weight: 300
 
 # Roles and permissions
 
-A _user_ is defined as any individual who can log in to Grafana. Each user is associated with a _role_ that includes _permissions_. Permissions determine the tasks a user can perform in the system. For example, the **Admin** role includes permissions for an administrator to create and delete users.
+A _user_ is any individual who can log in to Grafana. Each user is associated with a _role_ that includes _permissions_. Permissions determine the tasks a user can perform in the system. For example, the **Admin** role includes permissions for an administrator to create and delete users.
 
 You can assign a user one of three types of permissions:
 
@@ -92,16 +92,18 @@ The following table lists permissions for each role.
 
 ## Dashboard permissions
 
-When you want to extend a viewer's ability to edit and save dashboard changes or limit an editor's permission to modify a dashboard, you can assign permissions to dashboards and dashboard folders. For example, you might want a certain viewer to be able to to edit a dashboard. While that user can _see_ all dashboards, you can grant them access to _update_ only one of them.
+When you want to extend a viewer's ability to edit and save dashboard changes or limit an editor's permission to modify a dashboard, you can assign permissions to dashboards and dashboard folders. For example, you might want a certain viewer to be able to edit a dashboard. While that user can _see_ all dashboards, you can grant them access to _update_ only one of them.
 
 > Important: The dashboard permissions you specify override the organization permissions you assign to the user for the selected entity.
 
 You can specify the following permissions to dashboards and folders.
 
-- **Admin**: Can create, edit, or delete a dashboard or folder. Administrators can also change dashboard and folder permissions.
-- **Edit**: Can create and edit dashboards. Editors _cannot_ change folder or dashboard permissions, or add, edit, or delete folders.
+- **Admin**: Can create, edit, or delete a dashboard. Can edit or delete a folder. Administrators can also change dashboard and folder permissions.
+- **Edit**: Can create, edit, or delete a dashboard. Can edit or delete a folder. Editors _cannot_ change folder or dashboard permissions.
 - **View**: Can only view dashboards and folders.
 
+> Important: When a user creates a dashboard or a folder, he is set as **Admin** of it.
+
 For more information about assigning dashboard folder permissions, refer to [Grant dashboard folder permissions]({{< relref "../user-management/manage-dashboard-permissions/#grant-dashboard-folder-permissions" >}}).
 
 For more information about assigning dashboard permissions, refer to [Grant dashboard permissions]({{< relref "../user-management/manage-dashboard-permissions/#grant-dashboard-permissions" >}}).

docs/sources/administration/roles-and-permissions/access-control/_index.md

@@ -14,6 +14,8 @@ weight: 120
 
 # Role-based access control (RBAC)
 
+> **Note:** Available in [Grafana Enterprise]({{< relref "../../enterprise/" >}}) and [Grafana Cloud Advanced]({{< ref "/docs/grafana-cloud" >}}).
+
 RBAC provides a standardized way of granting, changing, and revoking access when it comes to viewing and modifying Grafana resources, such as dashboards, reports, and administrative settings.
 
 {{< section >}}

docs/sources/administration/roles-and-permissions/access-control/assign-rbac-roles.md

@@ -11,45 +11,45 @@ weight: 40
 
 # Assign RBAC roles
 
+> **Note:** Available in [Grafana Enterprise]({{< relref "../../enterprise/" >}}) and [Grafana Cloud Advanced]({{< ref "/docs/grafana-cloud" >}}).
+
 In this topic you'll learn how to use the role picker, provisioning, and the HTTP API to assign fixed and custom roles to users and teams.
 
 ## Assign fixed roles in the UI using the role picker
 
 This section describes how to:
 
-- Assign a fixed role to a user or team as an organization administrator.
+- Assign a fixed role to a user, team or service account as an organization administrator.
 - Assign a fixed role to a user as a server administrator. This approach enables you to assign a fixed role to a user in multiple organizations, without needing to switch organizations.
 
-In both cases, the assignment applies only to the user or team within the affected organization, and no other organizations. For example, if you grant the user the **Data source editor** role in the **Main** organization, then the user can edit data sources in the **Main** organization, but not in other organizations.
-
-> **Note:** After you apply your changes, user and team permissions update immediately, and the UI reflects the new permissions the next time they reload their browser or visit another page.
+In both cases, the assignment applies only to the user, team or service account within the affected organization, and no other organizations. For example, if you grant the user the **Data source editor** role in the **Main** organization, then the user can edit data sources in the **Main** organization, but not in other organizations.
 
 <br/>
 
 **Before you begin:**
 
 - [Plan your RBAC rollout strategy]({{< relref "./plan-rbac-rollout-strategy/" >}}).
-- Identify the fixed roles that you want to assign to the user or team.
+- Identify the fixed roles that you want to assign to the user, team or service account.
 
   For more information about available fixed roles, refer to [RBAC role definitions]({{< relref "./rbac-fixed-basic-role-definitions/" >}}).
 
 - Ensure that your own user account has the correct permissions:
-  - If you are assigning permissions to a user or team within an organization, you must have organization administrator or server administrator permissions.
+  - If you are assigning permissions to a user, team or service account within an organization, you must have organization administrator or server administrator permissions.
   - If you are assigning permissions to a user who belongs to multiple organizations, you must have server administrator permissions.
   - Your Grafana user can also assign fixed role if it has either the `fixed:roles:writer` fixed role assigned to the same organization to which you are assigning RBAC to a user, or a custom role with `users.roles:add` and `users.roles:remove` permissions.
   - Your own user account must have the roles you are granting. For example, if you would like to grant the `fixed:users:writer` role to a team, you must have that role yourself.
 
 <br/>
 
-**To assign a fixed role to a user or team:**
+**To assign a fixed role to a user, team or service account:**
 
 1. Sign in to Grafana.
-2. Switch to the organization that contains the user or team.
+2. Switch to the organization that contains the user, team or service account.
 
    For more information about switching organizations, refer to [Switch organizations]({{< relref "../../user-management/user-preferences/_index.md#switch-organizations" >}}).
 
-3. Hover your cursor over **Configuration** (the gear icon) in the left navigation menu, and click **Users** or **Teams**.
-4. In the **Role** column, select the fixed role that you want to assign to the user or team.
+3. Hover your cursor over **Configuration** (the gear icon) in the left navigation menu, and click **Users** or **Teams** or **Service Accounts**.
+4. In the **Role** column, select the fixed role that you want to assign to the user, team or service account.
 5. Click **Update**.
 
 ![User role picker in an organization](/static/img/docs/enterprise/user_role_picker_in_org.png)

docs/sources/administration/roles-and-permissions/access-control/configure-rbac.md

@@ -9,6 +9,8 @@ weight: 30
 
 # Configure RBAC in Grafana
 
+> **Note:** Available in [Grafana Enterprise]({{< relref "../../enterprise/" >}}) and [Grafana Cloud Advanced]({{< ref "/docs/grafana-cloud" >}}).
+
 The table below describes all RBAC configuration options. Like any other Grafana configuration, you can apply these options as [environment variables]({{< relref "../../../setup-grafana/configure-grafana/#configure-with-environment-variables" >}}).
 
 | Setting            | Required | Description                                                                  | Default |

docs/sources/administration/roles-and-permissions/access-control/custom-role-actions-scopes.md

@@ -10,6 +10,8 @@ weight: 80
 
 # RBAC permissions, actions, and scopes
 
+> **Note:** Available in [Grafana Enterprise]({{< relref "../../enterprise/" >}}) and [Grafana Cloud Advanced]({{< ref "/docs/grafana-cloud" >}}).
+
 A permission is comprised of an action and a scope. When creating a custom role, consider the actions the user can perform and the resource(s) on which they can perform those actions.
 
 To learn more about the Grafana resources to which you can apply RBAC, refer to [Resources with RBAC permissions]({{< relref "../#fixed-roles" >}}).
@@ -77,7 +79,7 @@ The following list contains role-based access control actions.
 | `licensing:read`                     | n/a                                                                                     | Read licensing information.                                                                                                                                                                      |
 | `licensing:write`                    | n/a                                                                                     | Update the license token.                                                                                                                                                                        |
 | `org.users:write`                    | `users:*` <br> `users:id:*`                                                             | Update the organization role (`Viewer`, `Editor`, or `Admin`) of a user.                                                                                                                         |
-| `org.users:add`                      | `users:*`                                                                               | Add a user to an organization.                                                                                                                                                                   |
+| `org.users:add`                      | `users:*`                                                                               | Add a user to an organization or invite a new user to an organization.                                                                                                                           |
 | `org.users:read`                     | `users:*` <br> `users:id:*`                                                             | Get user profiles within an organization.                                                                                                                                                        |
 | `org.users:remove`                   | `users:*` <br> `users:id:*`                                                             | Remove a user from an organization.                                                                                                                                                              |
 | `org:create`                         | n/a                                                                                     | Create an organization.                                                                                                                                                                          |
@@ -88,6 +90,7 @@ The following list contains role-based access control actions.
 | `orgs:delete`                        | `orgs:*` <br> `orgs:id:*`                                                               | Delete one or more organizations.                                                                                                                                                                |
 | `orgs:read`                          | `orgs:*` <br> `orgs:id:*`                                                               | Read one or more organizations.                                                                                                                                                                  |
 | `orgs:write`                         | `orgs:*` <br> `orgs:id:*`                                                               | Update one or more organizations.                                                                                                                                                                |
+| `plugins.app:access`                 | `plugins:*` <br> `plugins:id:*`                                                         | Access one or more application plugins (still enforcing the organization role)                                                                                                                   |
 | `provisioning:reload`                | `provisioners:*`                                                                        | Reload provisioning files. To find the exact scope for specific provisioner, see [Scope definitions]({{< relref "#scope-definitions" >}}).                                                       |
 | `reports:create`                     | n/a                                                                                     | Create reports.                                                                                                                                                                                  |
 | `reports:write`                      | `reports:*` <br> `reports:id:*`                                                         | Update reports.                                                                                                                                                                                  |
@@ -101,6 +104,12 @@ The following list contains role-based access control actions.
 | `roles:write`                        | `permissions:type:delegate`                                                             | Create or update a custom role.                                                                                                                                                                  |
 | `roles:write`                        | `permissions:type:escalate`                                                             | Reset basic roles to their default permissions.                                                                                                                                                  |
 | `server.stats:read`                  | n/a                                                                                     | Read Grafana instance statistics.                                                                                                                                                                |
+| `serviceaccounts:write`              | `serviceaccounts:*`                                                                     | Create Grafana service accounts.                                                                                                                                                                 |
+| `serviceaccounts:create`             | n/a                                                                                     | Update Grafana service accounts.                                                                                                                                                                 |
+| `serviceaccounts:delete`             | `serviceaccounts:*`                                                                     | Delete Grafana service accounts.                                                                                                                                                                 |
+| `serviceaccounts:read`               | `serviceaccounts:*`                                                                     | Read Grafana service accounts.                                                                                                                                                                   |
+| `serviceaccounts.permissions:write`  | `serviceaccounts:*`                                                                     | Update Grafana service account permissions to control who can do what with the service account.                                                                                                  |
+| `serviceaccounts.permissions:read`   | `serviceaccounts:*`                                                                     | Read Grafana service account permissions to see who can do what with the service account.                                                                                                        |
 | `settings:read`                      | `settings:*`<br>`settings:auth.saml:*`<br>`settings:auth.saml:enabled` (property level) | Read the [Grafana configuration settings]({{< relref "../../../setup-grafana/configure-grafana/" >}})                                                                                            |
 | `settings:write`                     | `settings:*`<br>`settings:auth.saml:*`<br>`settings:auth.saml:enabled` (property level) | Update any Grafana configuration settings that can be [updated at runtime]({{< relref "../../../enterprise/settings-updates/" >}}).                                                              |
 | `status:accesscontrol`               | `services:accesscontrol`                                                                | Get access-control enabled status.                                                                                                                                                               |
@@ -120,9 +129,9 @@ The following list contains role-based access control actions.
 | `users.permissions:write`            | `global.users:*` <br> `global.users:id:*`                                               | Update a user’s organization-level permissions.                                                                                                                                                  |
 | `users.quotas:read`                  | `global.users:*` <br> `global.users:id:*`                                               | List a user’s quotas.                                                                                                                                                                            |
 | `users.quotas:write`                 | `global.users:*` <br> `global.users:id:*`                                               | Update a user’s quotas.                                                                                                                                                                          |
-| `users.roles:add`                    | `permissions:type:delegate`                                                             | Assign a role to a user.                                                                                                                                                                         |
-| `users.roles:read`                   | `users:*`                                                                               | List roles assigned directly to a user.                                                                                                                                                          |
-| `users.roles:remove`                 | `permissions:type:delegate`                                                             | Unassign a role from a user.                                                                                                                                                                     |
+| `users.roles:add`                    | `permissions:type:delegate`                                                             | Assign a role to a user or a service account.                                                                                                                                                    |
+| `users.roles:read`                   | `users:*`                                                                               | List roles assigned directly to a user or a service account.                                                                                                                                     |
+| `users.roles:remove`                 | `permissions:type:delegate`                                                             | Unassign a role from a user or a service account.                                                                                                                                                |
 | `users:create`                       | n/a                                                                                     | Create a user.                                                                                                                                                                                   |
 | `users:delete`                       | `global.users:*` <br> `global.users:id:*`                                               | Delete a user.                                                                                                                                                                                   |
 | `users:disable`                      | `global.users:*` <br> `global.users:id:*`                                               | Disable a user.                                                                                                                                                                                  |
@@ -135,21 +144,22 @@ The following list contains role-based access control actions.
 
 The following list contains role-based access control scopes.
 
-| Scopes                                    | Descriptions                                                                                                                                                                                                                                       |
-| ----------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `annotations:*`<br>`annotations:type:*`   | Restrict an action to a set of annotations. For example, `annotations:*` matches any annotation, `annotations:type:dashboard` matches annotations associated with dashboards and `annotations:type:organization` matches organization annotations. |
-| `apikeys:*`<br>`apikeys:id:*`             | Restrict an action to a set of API keys. For example, `apikeys:*` matches any API key, `apikey:id:1` matches the API key whose id is `1`.                                                                                                          |
-| `dashboards:*`<br>`dashboards:uid:*`      | Restrict an action to a set of dashboards. For example, `dashboards:*` matches any dashboard, and `dashboards:uid:1` matches the dashboard whose UID is `1`.                                                                                       |
-| `datasources:*`<br>`datasources:uid:*`    | Restrict an action to a set of data sources. For example, `datasources:*` matches any data source, and `datasources:uid:1` matches the data source whose UID is `1`.                                                                               |
-| `folders:*`<br>`folders:uid:*`            | Restrict an action to a set of folders. For example, `folders:*` matches any folder, and `folders:uid:1` matches the folder whose UID is `1`.                                                                                                      |
-| `global.users:*` <br> `global.users:id:*` | Restrict an action to a set of global users. For example, `global.users:*` matches any user and `global.users:id:1` matches the user whose ID is `1`.                                                                                              |
-| `orgs:*` <br> `orgs:id:*`                 | Restrict an action to a set of organizations. For example, `orgs:*` matches any organization and `orgs:id:1` matches the organization whose ID is `1`.                                                                                             |
-| `permissions:type:delegate`               | The scope is only applicable for roles associated with the Access Control itself and indicates that you can delegate your permissions only, or a subset of it, by creating a new role or making an assignment.                                     |
-| `permissions:type:escalate`               | The scope is required to trigger the reset of basic roles permissions. It indicates that users might acquire additional permissions they did not previously have.                                                                                  |
-| `provisioners:*`                          | Restrict an action to a set of provisioners. For example, `provisioners:*` matches any provisioner, and `provisioners:accesscontrol` matches the role-based access control [provisioner]({{< relref "./rbac-provisioning/" >}}).                   |
-| `reports:*` <br> `reports:id:*`           | Restrict an action to a set of reports. For example, `reports:*` matches any report and `reports:id:1` matches the report whose ID is `1`.                                                                                                         |
-| `roles:*` <br> `roles:uid:*`              | Restrict an action to a set of roles. For example, `roles:*` matches any role and `roles:uid:randomuid` matches only the role whose UID is `randomuid`.                                                                                            |
-| `services:accesscontrol`                  | Restrict an action to target only the role-based access control service. You can use this in conjunction with the `status:accesscontrol` actions.                                                                                                  |
-| `settings:*`                              | Restrict an action to a subset of settings. For example, `settings:*` matches all settings, `settings:auth.saml:*` matches all SAML settings, and `settings:auth.saml:enabled` matches the enable property on the SAML settings.                   |
-| `teams:*` <br> `teams:id:*`               | Restrict an action to a set of teams from an organization. For example, `teams:*` matches any team and `teams:id:1` matches the team whose ID is `1`.                                                                                              |
-| `users:*` <br> `users:id:*`               | Restrict an action to a set of users from an organization. For example, `users:*` matches any user and `users:id:1` matches the user whose ID is `1`.                                                                                              |
+| Scopes                                          | Descriptions                                                                                                                                                                                                                                       |
+| ----------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `annotations:*`<br>`annotations:type:*`         | Restrict an action to a set of annotations. For example, `annotations:*` matches any annotation, `annotations:type:dashboard` matches annotations associated with dashboards and `annotations:type:organization` matches organization annotations. |
+| `apikeys:*`<br>`apikeys:id:*`                   | Restrict an action to a set of API keys. For example, `apikeys:*` matches any API key, `apikey:id:1` matches the API key whose id is `1`.                                                                                                          |
+| `dashboards:*`<br>`dashboards:uid:*`            | Restrict an action to a set of dashboards. For example, `dashboards:*` matches any dashboard, and `dashboards:uid:1` matches the dashboard whose UID is `1`.                                                                                       |
+| `datasources:*`<br>`datasources:uid:*`          | Restrict an action to a set of data sources. For example, `datasources:*` matches any data source, and `datasources:uid:1` matches the data source whose UID is `1`.                                                                               |
+| `folders:*`<br>`folders:uid:*`                  | Restrict an action to a set of folders. For example, `folders:*` matches any folder, and `folders:uid:1` matches the folder whose UID is `1`.                                                                                                      |
+| `global.users:*` <br> `global.users:id:*`       | Restrict an action to a set of global users. For example, `global.users:*` matches any user and `global.users:id:1` matches the user whose ID is `1`.                                                                                              |
+| `orgs:*` <br> `orgs:id:*`                       | Restrict an action to a set of organizations. For example, `orgs:*` matches any organization and `orgs:id:1` matches the organization whose ID is `1`.                                                                                             |
+| `permissions:type:delegate`                     | The scope is only applicable for roles associated with the Access Control itself and indicates that you can delegate your permissions only, or a subset of it, by creating a new role or making an assignment.                                     |
+| `permissions:type:escalate`                     | The scope is required to trigger the reset of basic roles permissions. It indicates that users might acquire additional permissions they did not previously have.                                                                                  |
+| `provisioners:*`                                | Restrict an action to a set of provisioners. For example, `provisioners:*` matches any provisioner, and `provisioners:accesscontrol` matches the role-based access control [provisioner]({{< relref "./rbac-provisioning/" >}}).                   |
+| `reports:*` <br> `reports:id:*`                 | Restrict an action to a set of reports. For example, `reports:*` matches any report and `reports:id:1` matches the report whose ID is `1`.                                                                                                         |
+| `roles:*` <br> `roles:uid:*`                    | Restrict an action to a set of roles. For example, `roles:*` matches any role and `roles:uid:randomuid` matches only the role whose UID is `randomuid`.                                                                                            |
+| `services:accesscontrol`                        | Restrict an action to target only the role-based access control service. You can use this in conjunction with the `status:accesscontrol` actions.                                                                                                  |
+| `serviceaccounts:*` <br> `serviceaccounts:id:*` | Restrict an action to a set of service account from an organization. For example, `serviceaccounts:*` matches any service account and `serviceaccount:id:1` matches the service account whose ID is `1`.                                           |
+| `settings:*`                                    | Restrict an action to a subset of settings. For example, `settings:*` matches all settings, `settings:auth.saml:*` matches all SAML settings, and `settings:auth.saml:enabled` matches the enable property on the SAML settings.                   |
+| `teams:*` <br> `teams:id:*`                     | Restrict an action to a set of teams from an organization. For example, `teams:*` matches any team and `teams:id:1` matches the team whose ID is `1`.                                                                                              |
+| `users:*` <br> `users:id:*`                     | Restrict an action to a set of users from an organization. For example, `users:*` matches any user and `users:id:1` matches the user whose ID is `1`.                                                                                              |

docs/sources/administration/roles-and-permissions/access-control/manage-rbac-roles.md

@@ -12,6 +12,8 @@ weight: 50
 
 # Manage RBAC roles
 
+> **Note:** Available in [Grafana Enterprise]({{< relref "../../enterprise/" >}}) and [Grafana Cloud Advanced]({{< ref "/docs/grafana-cloud" >}}).
+
 This section includes instructions for how to view permissions associated with roles, create custom roles, and update and delete roles.
 
 The following example includes the base64 username:password Basic Authorization. You cannot use authorization tokens in the request.

docs/sources/administration/roles-and-permissions/access-control/plan-rbac-rollout-strategy.md

@@ -11,6 +11,8 @@ weight: 20
 
 # Plan your RBAC rollout strategy
 
+> **Note:** Available in [Grafana Enterprise]({{< relref "../../enterprise/" >}}) and [Grafana Cloud Advanced]({{< ref "/docs/grafana-cloud" >}}).
+
 An RBAC rollout strategy helps you determine _how_ you want to implement RBAC prior to assigning RBAC roles to users and teams.
 
 Your rollout strategy should help you answer the following questions:
@@ -239,3 +241,53 @@ roles:
 ```
 
 - Or use [RBAC HTTP API]({{< relref "../../../developers/http_api/access_control/#update-a-role" >}}).
+
+### Prevent Viewers from accessing an App Plugin
+
+By default, Viewers, Editors and Admins have access to all App Plugins that their organization role allows them to access.
+To change this default behavior and prevent Viewers from accessing an App plugin, you must [update a basic role's permissions]({{< relref "./manage-rbac-roles/#update-basic-role-permissions" >}}).
+
+In this example, three App plugins have been installed and enabled:
+| Name | ID | Required Org role |
+|--------------------|-----------------------------|-------------------|
+| On Call | grafana-oncall-app | Viewer |
+| Kentik Connect Pro | kentik-connect-app | Viewer |
+| Enterprise logs | grafana-enterprise-logs-app | Admin |
+
+By default, Viewers will hence be able to see both, On Call and Kentik Connect Pro App plugins.
+If you want to revoke their access to the On Call App plugin, you need to:
+
+1. Remove the permission to access all application plugins:
+   | Action | Scope |
+   |----------------------|-------------|
+   | `plugins.app:access` | `plugins:*` |
+1. Grant the permission to access the Kentik Connect Pro App plugin only:
+   | Action | Scope |
+   |----------------------|---------------------------------|
+   | `plugins.app:access` | `plugins:id:kentik-connect-app` |
+
+Here are two ways to achieve this:
+
+- Use the `role > from` list and `permission > state` option of your provisioning file:
+
+```yaml
+---
+apiVersion: 2
+
+roles:
+  - name: 'basic:viewer'
+    version: 8
+    global: true
+    from:
+      - name: 'basic:viewer'
+        global: true
+    permissions:
+      - action: 'plugins.app:access'
+        scope: 'plugins:*'
+        state: 'absent'
+      - action: 'plugins.app:access'
+        scope: 'plugins:id:kentik-connect-app'
+        state: 'present'
+```
+
+- Or use [RBAC HTTP API]({{< relref "../../../developers/http_api/access_control/#update-a-role" >}}).

docs/sources/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions.md

@@ -11,6 +11,8 @@ weight: 70
 
 # RBAC role definitions
 
+> **Note:** Available in [Grafana Enterprise]({{< relref "../../enterprise/" >}}) and [Grafana Cloud Advanced]({{< ref "/docs/grafana-cloud" >}}).
+
 The following tables list permissions associated with basic and fixed roles.
 
 ## Basic role assignments
@@ -20,7 +22,7 @@ The following tables list permissions associated with basic and fixed roles.
 | Grafana Admin | `fixed:roles:reader`<br>`fixed:roles:writer`<br>`fixed:users:reader`<br>`fixed:users:writer`<br>`fixed:org.users:reader`<br>`fixed:org.users:writer`<br>`fixed:ldap:reader`<br>`fixed:ldap:writer`<br>`fixed:stats:reader`<br>`fixed:settings:reader`<br>`fixed:settings:writer`<br>`fixed:provisioning:writer`<br>`fixed:organization:reader`<br>`fixed:organization:maintainer`<br>`fixed:licensing:reader`<br>`fixed:licensing:writer`                                                                                                                                                                                                                  | Default [Grafana server administrator]({{< relref "../#grafana-server-administrators" >}}) assignments.            |
 | Admin         | `fixed:reports:reader`<br>`fixed:reports:writer`<br>`fixed:datasources:reader`<br>`fixed:datasources:writer`<br>`fixed:organization:writer`<br>`fixed:datasources.permissions:reader`<br>`fixed:datasources.permissions:writer`<br>`fixed:teams:writer`<br>`fixed:dashboards:reader`<br>`fixed:dashboards:writer`<br>`fixed:dashboards.permissions:reader`<br>`fixed:dashboards.permissions:writer`<br>`fixed:folders:reader`<br>`fixes:folders:writer`<br>`fixed:folders.permissions:reader`<br>`fixed:folders.permissions:writer`<br>`fixed:alerting:writer`<br>`fixed:apikeys:reader`<br>`fixed:apikeys:writer`<br>`fixed:alerting.provisioning:writer` | Default [Grafana organization administrator]({{< relref "../#organization-users-and-permissions" >}}) assignments. |
 | Editor        | `fixed:datasources:explorer`<br>`fixed:dashboards:creator`<br>`fixed:folders:creator`<br>`fixed:annotations:writer`<br>`fixed:teams:creator` if the `editors_can_admin` configuration flag is enabled<br>`fixed:alerting:writer`                                                                                                                                                                                                                                                                                                                                                                                                                           | Default [Editor]({{< relref "../#organization-users-and-permissions" >}}) assignments.                             |
-| Viewer        | `fixed:datasources:id:reader`<br>`fixed:organization:reader`<br>`fixed:annotations:reader`<br>`fixed:annotations.dashboard:writer`<br>`fixed:alerting:reader`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | Default [Viewer]({{< relref "../#organization-users-and-permissions" >}}) assignments.                             |
+| Viewer        | `fixed:datasources:id:reader`<br>`fixed:organization:reader`<br>`fixed:annotations:reader`<br>`fixed:annotations.dashboard:writer`<br>`fixed:alerting:reader`<br>`fixed:plugins.app:reader`                                                                                                                                                                                                                                                                                                                                                                                                                                                                | Default [Viewer]({{< relref "../#organization-users-and-permissions" >}}) assignments.                             |
 
 ## Fixed role definitions
 
@@ -61,16 +63,20 @@ The following tables list permissions associated with basic and fixed roles.
 | `fixed:licensing:reader`               | `licensing:read`<br>`licensing.reports:read`                                                                                                                                                                                                                         | Read licensing information and licensing reports.                                                                                                                                                                                                                                     |
 | `fixed:licensing:writer`               | All permissions from `fixed:licensing:viewer` and <br>`licensing:write`<br>`licensing:delete`                                                                                                                                                                        | Read licensing information and licensing reports, update and delete the license token.                                                                                                                                                                                                |
 | `fixed:org.users:reader`               | `org.users:read`                                                                                                                                                                                                                                                     | Read users within a single organization.                                                                                                                                                                                                                                              |
-| `fixed:org.users:writer`               | All permissions from `fixed:org.users:reader` and <br>`org.users:add`<br>`org.users:remove`<br>`org.users:write`                                                                                                                                                     | Within a single organization, add a user, invite a user, read information about a user and their role, remove a user from that organization, or change the role of a user.                                                                                                            |
+| `fixed:org.users:writer`               | All permissions from `fixed:org.users:reader` and <br>`org.users:add`<br>`org.users:remove`<br>`org.users:write`                                                                                                                                                     | Within a single organization, add a user, invite a new user, read information about a user and their role, remove a user from that organization, or change the role of a user.                                                                                                        |
 | `fixed:organization:maintainer`        | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs:create`<br>`orgs:delete`<br>`orgs.quotas:write`                                                                                                                                      | Create, read, write, or delete an organization. Read or write its quotas. This role needs to be assigned globally.                                                                                                                                                                    |
 | `fixed:organization:reader`            | `orgs:read`<br>`orgs.quotas:read`                                                                                                                                                                                                                                    | Read an organization and its quotas.                                                                                                                                                                                                                                                  |
 | `fixed:organization:writer`            | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs.preferences:read`<br>`orgs.preferences:write`                                                                                                                                        | Read an organization, its quotas, or its preferences. Update organization properties, or its preferences.                                                                                                                                                                             |
+| `fixed:plugins.app:reader`             | `plugins.app:access`                                                                                                                                                                                                                                                 | Access application plugins (still enforcing the organization role).                                                                                                                                                                                                                   |
 | `fixed:provisioning:writer`            | `provisioning:reload`                                                                                                                                                                                                                                                | Reload provisioning.                                                                                                                                                                                                                                                                  |
 | `fixed:reports:reader`                 | `reports:read`<br>`reports:send`<br>`reports.settings:read`                                                                                                                                                                                                          | Read all reports and shared report settings.                                                                                                                                                                                                                                          |
 | `fixed:reports:writer`                 | All permissions from `fixed:reports:reader` and <br>`reports:create`<br>`reports:write`<br>`reports:delete`<br>`reports.settings:write`                                                                                                                              | Create, read, update, or delete all reports and shared report settings.                                                                                                                                                                                                               |
 | `fixed:roles:reader`                   | `roles:read`<br>`teams.roles:read`<br>`users.roles:read`<br>`users.permissions:read`                                                                                                                                                                                 | Read all access control roles, roles and permissions assigned to users, teams.                                                                                                                                                                                                        |
 | `fixed:roles:writer`                   | All permissions from `fixed:roles:reader` and <br>`roles:write`<br>`roles:delete`<br>`teams.roles:add`<br>`teams.roles:remove`<br>`users.roles:add`<br>`users.roles:remove`                                                                                          | Create, read, update, or delete all roles, assign or unassign roles to users, teams.                                                                                                                                                                                                  |
 | `fixed:roles:resetter`                 | `roles:write` with scope `permissions:type:escalate`                                                                                                                                                                                                                 | Reset basic roles to their default.                                                                                                                                                                                                                                                   |
+| `fixed:serviceaccounts:reader`         | `serviceaccounts:read`                                                                                                                                                                                                                                               | Read Grafana service accounts.                                                                                                                                                                                                                                                        |
+| `fixed:serviceaccounts:creator`        | `serviceaccounts:create`                                                                                                                                                                                                                                             | Create Grafana service accounts.                                                                                                                                                                                                                                                      |
+| `fixed:serviceaccounts:writer`         | `serviceaccounts:read`<br>`serviceaccounts:create`<br>`serviceaccounts:write`<br>`serviceaccounts:delete`<br>`serviceaccounts.permissions:read`<br>`serviceaccounts.permissions:write`                                                                               | Create, update, read and delete all Grafana service accounts and manage service account permissions.                                                                                                                                                                                  |
 | `fixed:settings:reader`                | `settings:read`                                                                                                                                                                                                                                                      | Read Grafana instance settings.                                                                                                                                                                                                                                                       |
 | `fixed:settings:writer`                | All permissions from `fixed:settings:reader` and<br>`settings:write`                                                                                                                                                                                                 | Read and update Grafana instance settings.                                                                                                                                                                                                                                            |
 | `fixed:stats:reader`                   | `server.stats:read`                                                                                                                                                                                                                                                  | Read Grafana instance statistics.                                                                                                                                                                                                                                                     |

docs/sources/administration/roles-and-permissions/access-control/rbac-provisioning.md

@@ -10,9 +10,9 @@ weight: 60
 
 # Grafana RBAC provisioning
 
-You can create, change or remove [Custom roles]({{< relref "./manage-rbac-roles/#create-custom-roles-using-provisioning" >}}) and create or remove [basic role assignments]({{< relref "./assign-rbac-roles/#assign-a-fixed-role-to-a-basic-role-using-provisioning" >}}), by adding one or more YAML configuration files in the `provisioning/access-control/` directory.
+> **Note:** Available in [Grafana Enterprise]({{< relref "../../enterprise/" >}}) and [Grafana Cloud Advanced]({{< ref "/docs/grafana-cloud" >}}).
 
-If you choose to use provisioning to assign and manage role, you must first enable it.
+You can create, change or remove [Custom roles]({{< relref "./manage-rbac-roles/#create-custom-roles-using-provisioning" >}}) and create or remove [basic role assignments]({{< relref "./assign-rbac-roles/#assign-a-fixed-role-to-a-basic-role-using-provisioning" >}}), by adding one or more YAML configuration files in the `provisioning/access-control/` directory.
 
 Grafana performs provisioning during startup. After you make a change to the configuration file, you can reload it during runtime. You do not need to restart the Grafana server for your changes to take effect.
 

docs/sources/administration/service-accounts/_index.md

@@ -16,15 +16,9 @@ weight: 800
 
 # Service accounts
 
-You can use service accounts to run automated or compute workloads.
+You can use a service account to run automated workloads in Grafana, such as dashboard provisioning, configuration, or report generation. Create service accounts and tokens to authenticate applications, such as Terraform, with the Grafana API.
 
-{{< section >}}
-
-## About service accounts
-
-A service account can be used to run automated workloads in Grafana, like dashboard provisioning, configuration, or report generation. Create service accounts and tokens to authenticate applications like Terraform with the Grafana API.
-
-> **Note:** Service accounts are available in Grafana 8.5+ as a beta feature. To enable service accounts, refer to the [Enable service accounts]({{< ref "#enable-service-accounts" >}}) section. Service accounts will eventually replace [API keys]({{< relref "../api-keys/" >}}) as the primary way to authenticate applications that interact with Grafana.
+> **Note:** Service accounts will eventually replace [API keys]({{< relref "../api-keys/" >}}) as the primary way to authenticate applications that interact with Grafana.
 
 A common use case for creating a service account is to perform operations on automated or triggered tasks. You can use service accounts to:
 
@@ -59,47 +53,16 @@ The added benefits of service accounts to API keys include:
 - Unlike API keys, service account tokens are not associated with a specific user, which means that applications can be authenticated even if a Grafana user is deleted.
 - You can grant granular permissions to service accounts by leveraging [role-based access control]({{< relref "../roles-and-permissions/access-control/" >}}). For more information about permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/" >}}).
 
-## Enable service accounts in Grafana
-
-Service accounts are available behind the `serviceAccounts` feature toggle, available in Grafana 8.5+.
-
-You can enable service accounts by:
-
-- modifying the Grafana configuration file, or
-- configuring an environment variable
-
-### Enable service accounts in the Grafana configuration file
-
-This topic shows you how to enable service accounts by modifying the Grafana configuration file.
-
-1. Sign in to the Grafana server and locate the configuration file. For more information about finding the configuration file, refer to LINK.
-2. Open the configuration file and locate the [feature toggles section]({{< relref "../../setup-grafana/configure-grafana/#feature_toggles" >}}). Add `serviceAccounts` as a [feature_toggle]({{< relref "../../setup-grafana/configure-grafana/#feature_toggle" >}}).
-
-```
-[feature_toggles]
-# enable features, separated by spaces
-enable = serviceAccounts
-```
-
-1. Save your changes, Grafana should recognize your changes; in case of any issues we recommend restarting the Grafana server.
-
-### Enable service accounts with an environment variable
-
-This topic shows you how to enable service accounts by setting environment variables before starting Grafana.
-
-Follow the instructions to [override configuration with environment variables]({{< relref "../../setup-grafana/configure-grafana/#override-configuration-with-environment-variables" >}}). Set the following environment variable: `GF_FEATURE_TOGGLES_ENABLE = serviceAccounts`.
-
-> **Note:** Environment variables override configuration file settings.
-
 ## Create a service account in Grafana
 
 A service account can be used to run automated workloads in Grafana, like dashboard provisioning, configuration, or report generation. For more information about how you can use service accounts, refer to [About service accounts]({{< ref "#about-service-accounts" >}}).
 
 For more information about creating service accounts via the API, refer to [Create a service account in the HTTP API]({{< relref "../../developers/http_api/serviceaccount/#create-service-account" >}}).
 
+Note that the user who created a service account will also be able to read, update and delete the service account that they created, as well as permissions associated with that service account.
+
 ### Before you begin
 
-- Ensure you have added the feature toggle for service accounts `serviceAccounts`. For more information about adding the feature toggle, refer to [Enable service accounts]({{< ref "#enable-service-accounts" >}}).
 - Ensure you have permission to create and edit service accounts. By default, the organization administrator role is required to create and edit service accounts. For more information about user permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/#" >}}).
 
 ### To create a service account
@@ -121,7 +84,6 @@ You can create a service account token using the Grafana UI or via the API. For
 
 ### Before you begin
 
-- Ensure you have added the `serviceAccounts` feature toggle to Grafana. For more information about adding the feature toggle, refer to [Enable service accounts]({{< ref "#enable-service-accounts" >}}).
 - Ensure you have permission to create and edit service accounts. By default, the organization administrator role is required to create and edit service accounts. For more information about user permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/#" >}}).
 
 ### To add a token to a service account
@@ -135,3 +97,56 @@ You can create a service account token using the Grafana UI or via the API. For
    - The expiry date specifies how long you want the key to be valid.
    - If you are unsure of an expiration date, we recommend that you set the token to expire after a short time, such as a few hours or less. This limits the risk associated with a token that is valid for a long time.
 1. Click **Generate service account token**.
+
+## Assign roles to a service account in Grafana
+
+You can assign roles to a Grafana service account to control access for the associated service account tokens.
+You can assign roles to a service account using the Grafana UI or via the API. For more information about assigning a role to a service account via the API, refer to [Update service account using the HTTP API]({{< relref "../../developers/http_api/serviceaccount/#update-service-account" >}}).
+
+In [Grafana Enterprise]({{< relref "../../enterprise/" >}}), you can also [assign RBAC roles]({{< relref "../roles-and-permissions/access-control/assign-rbac-roles" >}}) to grant very specific permissions to applications that interact with Grafana.
+
+### Before you begin
+
+- Ensure you have permission to update service accounts roles. By default, the organization administrator role is required to update service accounts permissions. For more information about user permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/#" >}}).
+
+### To assign a role to a service account
+
+1. Sign in to Grafana, then hover your cursor over **Configuration** (the gear icon) in the sidebar.
+1. Click **Service accounts**.
+1. Click the service account to which you want to assign a role. As an alternative, find the service account in the list view.
+1. Assign a role using the role picker.
+1. Click **Update**.
+
+## Manage users and teams permissions for a service account in Grafana
+
+To control what and who can do with the service account you can assign permissions directly to users and teams. You can assign permissions using the Grafana UI.
+
+### Before you begin
+
+- Ensure you have permission to update user and team permissions of a service accounts. By default, the organization administrator role is required to update user and teams permissions for a service account. For more information about user permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/#" >}}).
+- Ensure you have permission to read teams.
+
+### User and team permissions for a service account
+
+You can assign on of the following permissions to a specific user or a team:
+
+1. **Edit**: A user or a team with this permission can view, edit, enable and disable a service account, and add or delete service account tokens.
+1. **Admin**: User or a team with this permission will be able to everything from **Edit** permission, as well as manage user and team permissions for a service account.
+
+### To update team permissions for a service account
+
+1. Sign in to Grafana, then hover your cursor over **Configuration** (the gear icon) in the sidebar.
+1. Click **Service accounts**.
+1. Click the service account for which you want to update team permissions a role.
+1. In the **Permissions** section at the bottom, click **Add permission**.
+1. Choose **Team** in the dropdown and select your desired team.
+1. Choose **View**, **Edit** or **Admin** role in the dropdown and click **Save**.
+
+### To update user permissions for a service account
+
+1. Sign in to Grafana, then hover your cursor over **Configuration** (the gear icon) in the sidebar.
+1. Click **Service accounts**.
+1. Click the service account for which you want to update team permissions a role.
+1. In the **Permissions** section at the bottom, click **Add permission**.
+1. Choose **User** in the dropdown and select your desired user.
+1. Choose **View**, **Edit** or **Admin** role in the dropdown and click **Save**.

docs/sources/administration/team-management/_index.md

@@ -51,7 +51,8 @@ Add a team member to an existing team whenever you want to provide access to tea
 1. Sign in to Grafana as an organization administrator.
 1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Teams**.
 1. Click the name of the team to which you want to add members, and click **Add member**.
-1. In the **Add team member** field, locate and select a user.
+1. Locate and select a user.
+1. Choose if you want to add the user as a team Member or an Admin.
 1. Click **Add to team**.
 
 ![Add team member](/static/img/docs/manage-users/add-team-member-7-3.png)
@@ -69,14 +70,14 @@ Complete this task when you want to add or modify team member permissions.
 1. Sign in to Grafana as an organization administrator or a team administrator.
 1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Teams**.
 1. Click the name of the team for which you want to add or modify team member permissions.
-1. In the team member list, find and click the user account that you want to change. You can use the search field to filter the list if necessary.
+1. In the team member list, find and click the user that you want to change. You can use the search field to filter the list if necessary.
 1. Click the **Permission** list, and then click the new user permission level.
 
 ![Change team member permissions](/static/img/docs/manage-users/change-team-permissions-7-3.png)
 
 ## Remove a team member
 
-You can remove a team member when you no longer want to apply team permissions to the user.
+You can remove a team member when you no longer want to apply team permissions to the user
 
 ### Before you begin
 

docs/sources/alerting/_index.md

@@ -11,7 +11,7 @@ weight: 114
 
 Grafana Alerting allows you to learn about problems in your systems moments after they occur. Create, manage, and take action on your alerts in a single, consolidated view, and improve your team’s ability to identify and resolve issues quickly.
 
-Grafana Alerting is available for for Grafana OSS, Grafana Enterprise, or Grafana Cloud. With Mimir and Loki alert rules you can run alert expressions closer to your data and at massive scale, all managed by the Grafana UI you are already familiar with.
+Grafana Alerting is available for Grafana OSS, Grafana Enterprise, or Grafana Cloud. With Mimir and Loki alert rules you can run alert expressions closer to your data and at massive scale, all managed by the Grafana UI you are already familiar with.
 
 Watch this video to learn more about Grafana Alerting: {{< vimeo 720001629 >}}
 
@@ -69,4 +69,4 @@ With mute timings, you can specify a time interval when you don’t want new not
 
 - [Role-based access control]({{< relref "../administration/roles-and-permissions/access-control/" >}}) in Grafana Enterprise.
 
-- [Alertmanager]({{< relref "fundamentals/alertmanager/" >}}) and [High availability]({{< relref "high-availability/_index/" >}})
+- [Alertmanager]({{< relref "fundamentals/alertmanager/" >}}) and [High availability]({{< relref "./high-availability/" >}})

docs/sources/alerting/alerting-limitations.md

@@ -21,7 +21,7 @@ As an example, if the current Prometheus version is `2.31.1`, we support >= `2.2
 
 ## Grafana is not an alert receiver
 
-Grafana is not an alert receiver; is it an alert generator. This means that Grafana cannot receive alerts from anything other than its internal alert generator.
+Grafana is not an alert receiver; it is an alert generator. This means that Grafana cannot receive alerts from anything other than its internal alert generator.
 
 Receiving alerts from Prometheus (or anything else) is not supported at the time.
 

docs/sources/alerting/alerting-rules/create-grafana-managed-rule.md

@@ -15,7 +15,7 @@ weight: 400
 
 # Create a Grafana managed alerting rule
 
-Grafana allows you to create alerting rules that query one or more data sources, reduce or transform the results and compare them to each other or to fix thresholds. When these are executed, Grafana sends notifications to the contact point. For information on Grafana Alerting, see [About Grafana Alerting]({{< relref "../about-alerting/" >}}) which explains the various components of Grafana Alerting. We also recommend that you familiarize yourself with some of the [fundamental concepts]({{< relref "../fundamentals/" >}}) of Grafana Alerting.
+Grafana allows you to create alerting rules that query one or more data sources, reduce or transform the results and compare them to each other or to fix thresholds. When these are executed, Grafana sends notifications to the contact point. For information on Grafana Alerting, see [About Grafana Alerting]({{< relref "../" >}}) which explains the various components of Grafana Alerting. We also recommend that you familiarize yourself with some of the [fundamental concepts]({{< relref "../fundamentals/" >}}) of Grafana Alerting.
 
 Watch this video to learn more about creating alerts: {{< vimeo 720001934 >}}
 

docs/sources/alerting/alerting-rules/create-mimir-loki-managed-recording-rule.md

@@ -27,7 +27,7 @@ You can create and manage recording rules for an external Grafana Mimir or Loki
 
   - **Loki** - The `local` rule storage type, default for the Loki data source, supports only viewing of rules. To edit rules, configure one of the other rule storage types.
 
-  - **Grafana Mimir** - use the [legacy `/api/prom` prefix](https://grafana.com/docs/mimir/latest/operators-guide/reference-http-api/#path-prefixes), not `/prometheus`. The Prometheus data source supports both Grafana Mimir and Prometheus, and Grafana expects that both the [Query API](https://grafana.com/docs/mimir/latest/operators-guide/reference-http-api/#querier--query-frontend) and [Ruler API](https://grafana.com/docs/mimir/latest/operators-guide/reference-http-api/#ruler) are under the same URL. You cannot provide a separate URL for the Ruler API.
+  - **Grafana Mimir** - use the `/prometheus` prefix. The Prometheus data source supports both Grafana Mimir and Prometheus, and Grafana expects that both the [Query API](https://grafana.com/docs/mimir/latest/operators-guide/reference-http-api/#querier--query-frontend) and [Ruler API](https://grafana.com/docs/mimir/latest/operators-guide/reference-http-api/#ruler) are under the same URL. You cannot provide a separate URL for the Ruler API.
 
 > **Note:** If you do not want to manage alerting rules for a particular Loki or Prometheus data source, go to its settings and clear the **Manage alerts via Alerting UI** checkbox.
 

docs/sources/alerting/alerting-rules/create-mimir-loki-managed-rule.md

@@ -17,7 +17,7 @@ weight: 400
 
 # Create a Grafana Mimir or Loki managed alerting rule
 
-Grafana allows you to create alerting rules for an external Grafana Mimir or Loki instance that has ruler API enabled. For information on Grafana Alerting, see [About Grafana Alerting]({{< relref "../about-alerting/" >}}) which explains the various components of Grafana Alerting. We also recommend that you familiarize yourself with some of the [fundamental concepts]({{< relref "../fundamentals/" >}}) of Grafana Alerting.
+Grafana allows you to create alerting rules for an external Grafana Mimir or Loki instance that has ruler API enabled. For information on Grafana Alerting, see [About Grafana Alerting]({{< relref "../" >}}) which explains the various components of Grafana Alerting. We also recommend that you familiarize yourself with some of the [fundamental concepts]({{< relref "../fundamentals/" >}}) of Grafana Alerting.
 
 ## Before you begin
 

docs/sources/alerting/contact-points/_index.md

@@ -20,7 +20,7 @@ Use contact points to define how your contacts are notified when an alert fires.
 
 You can configure Grafana managed contact points as well as contact points for an [external Alertmanager data source]({{< relref "../../datasources/alertmanager/" >}}). For more information, see [Alertmanager]({{< relref "../fundamentals/alertmanager/" >}}).
 
-Before you begin, see [About Grafana Alerting]({{< relref "../about-alerting/" >}}) which explains the various components of Grafana Alerting. We also recommend that you familiarize yourself with some of the [fundamental concepts]({{< relref "../fundamentals/" >}}) of Grafana Alerting.
+Before you begin, see [Grafana Alerting]({{< relref "../../alerting/" >}}) which explains the various components of Grafana Alerting. We also recommend that you familiarize yourself with some of the [fundamental concepts]({{< relref "../fundamentals/" >}}) of Grafana Alerting.
 
 - [Create contact point]({{< relref "create-contact-point/" >}})
 - [Edit contact point]({{< relref "edit-contact-point/" >}})

docs/sources/alerting/contact-points/notifiers/_index.md

@@ -10,33 +10,33 @@ keywords:
   - guide
   - contact point
   - templating
-title: List of notifiers
+title: List of contact point types
 weight: 130
 ---
 
-# List of supported notifiers
+# List of supported contact point types
 
-The following table lists the notifiers (contact point types) supported by Grafana.
+The following table lists the contact point types supported by Grafana.
 
-| Name                                          | Type                      | Grafana Alertmanager | Other Alertmanagers                                                                                      |
-| --------------------------------------------- | ------------------------- | -------------------- | -------------------------------------------------------------------------------------------------------- |
-| [DingDing](#dingdingdingtalk)                 | `dingding`                | Supported            | N/A                                                                                                      |
-| [Discord](#discord)                           | `discord`                 | Supported            | N/A                                                                                                      |
-| [Email](#email)                               | `email`                   | Supported            | Supported                                                                                                |
-| [Google Hangouts Chat](#google-hangouts-chat) | `googlechat`              | Supported            | N/A                                                                                                      |
-| [Kafka](#kafka)                               | `kafka`                   | Supported            | N/A                                                                                                      |
-| Line                                          | `line`                    | Supported            | N/A                                                                                                      |
-| Microsoft Teams                               | `teams`                   | Supported            | N/A                                                                                                      |
-| [Opsgenie](#opsgenie)                         | `opsgenie`                | Supported            | Supported                                                                                                |
-| [Pagerduty](#pagerduty)                       | `pagerduty`               | Supported            | Supported                                                                                                |
-| Prometheus Alertmanager                       | `prometheus-alertmanager` | Supported            | N/A                                                                                                      |
-| [Pushover](#pushover)                         | `pushover`                | Supported            | Supported                                                                                                |
-| Sensu                                         | `sensu`                   | Supported            | N/A                                                                                                      |
-| [Sensu Go](#sensu-go)                         | `sensugo`                 | Supported            | N/A                                                                                                      |
-| [Slack](#slack)                               | `slack`                   | Supported            | Supported                                                                                                |
-| Telegram                                      | `telegram`                | Supported            | N/A                                                                                                      |
-| Threema                                       | `threema`                 | Supported            | N/A                                                                                                      |
-| VictorOps                                     | `victorops`               | Supported            | Supported                                                                                                |
-| [Webhook](#webhook)                           | `webhook`                 | Supported            | Supported ([different format](https://prometheus.io/docs/alerting/latest/configuration/#webhook_config)) |
-| [WeCom](#wecom)                               | `wecom`                   | Supported            | N/A                                                                                                      |
-| [Zenduty](#zenduty)                           | `webhook`                 | Supported            | N/A                                                                                                      |
+| Name                                             | Type                      | Grafana Alertmanager | Other Alertmanagers                                                                                      |
+| ------------------------------------------------ | ------------------------- | -------------------- | -------------------------------------------------------------------------------------------------------- |
+| [DingDing](https://www.dingtalk.com/en)          | `dingding`                | Supported            | N/A                                                                                                      |
+| [Discord](https://discord.com/)                  | `discord`                 | Supported            | N/A                                                                                                      |
+| [Email](#email)                                  | `email`                   | Supported            | Supported                                                                                                |
+| [Google Hangouts](https://hangouts.google.com/)  | `googlechat`              | Supported            | N/A                                                                                                      |
+| [Kafka](https://kafka.apache.org/)               | `kafka`                   | Supported            | N/A                                                                                                      |
+| [Line](https://line.me/en/)                      | `line`                    | Supported            | N/A                                                                                                      |
+| [Microsoft Teams](https://teams.microsoft.com/)  | `teams`                   | Supported            | N/A                                                                                                      |
+| [Opsgenie](https://atlassian.com/opsgenie/)      | `opsgenie`                | Supported            | Supported                                                                                                |
+| [Pagerduty](https://www.pagerduty.com/)          | `pagerduty`               | Supported            | Supported                                                                                                |
+| [Prometheus Alertmanager](https://prometheus.io) | `prometheus-alertmanager` | Supported            | N/A                                                                                                      |
+| [Pushover](https://pushover.net/)                | `pushover`                | Supported            | Supported                                                                                                |
+| [Sensu](https://sensu.io/)                       | `sensu`                   | Supported            | N/A                                                                                                      |
+| [Sensu Go](https://docs.sensu.io/sensu-go/)      | `sensugo`                 | Supported            | N/A                                                                                                      |
+| [Slack](https://slack.com/)                      | `slack`                   | Supported            | Supported                                                                                                |
+| [Telegram](https://telegram.org/)                | `telegram`                | Supported            | N/A                                                                                                      |
+| [Threema](https://threema.ch/)                   | `threema`                 | Supported            | N/A                                                                                                      |
+| [VictorOps](https://help.victorops.com/)         | `victorops`               | Supported            | Supported                                                                                                |
+| [Webhook](#webhook)                              | `webhook`                 | Supported            | Supported ([different format](https://prometheus.io/docs/alerting/latest/configuration/#webhook_config)) |
+| [WeCom](#wecom)                                  | `wecom`                   | Supported            | N/A                                                                                                      |
+| [Zenduty](https://www.zenduty.com/)              | `webhook`                 | Supported            | N/A                                                                                                      |

docs/sources/alerting/fundamentals/annotation-label/_index.md

@@ -16,7 +16,7 @@ weight: 401
 
 # Annotations and labels for alerting rules
 
-Annotations and labels are key value pairs associated with alerts originating from the alerting rule, datasource response, and as a result of alerting rule evaluation. They can be used in alert notifications directly or in [templates]({{< relref "../../contact-points/message-templating/" >}}) and [template functions]({{< relref "../../contact-points/message-templating/template-functions/" >}}) to create notification contact dynamically.
+Annotations and labels are key value pairs associated with alerts originating from the alerting rule, datasource response, and as a result of alerting rule evaluation. They can be used in alert notifications directly or in [templates]({{< relref "../../contact-points/message-templating/" >}}) and [template functions]({{< relref "../../contact-points/fundamentals/annotation-label/template-functions/" >}}) to create notification contact dynamically.
 
 ## Annotations
 

docs/sources/alerting/fundamentals/annotation-label/example-template-functions.md

@@ -1,9 +1,7 @@
 ---
 aliases:
   - /docs/grafana/latest/alerting/contact-points/message-templating/example-template-functions/
-  - /docs/grafana/latest/alerting/contact-points/message-templating/template-functions/
-  - /docs/grafana/latest/alerting/message-templating/template-functions/
-  - /docs/grafana/latest/alerting/unified-alerting/message-templating/template-functions/
+  - /docs/grafana/latest/alerting/fundamentals/annotation-label/example-template-functions/
 keywords:
   - grafana
   - alerting

docs/sources/alerting/fundamentals/annotation-label/how-to-use-labels.md

@@ -26,6 +26,7 @@ This topic explains why labels are a fundamental component of alerting.
 # Grafana reserved labels
 
 > **Note:** Labels prefixed with `grafana_` are reserved by Grafana for special use. If a manually configured label is added beginning with `grafana_` it may be overwritten in case of collision.
+> To stop the Grafana Alerting engine from adding a reserved label, you can disable it via the `disabled_labels` option in [unified_alerting.reserved_labels]({{< relref "../../../setup-grafana/configure-grafana/#unified_alertingreserved_labels" >}}) configuration.
 
 Grafana reserved labels can be used in the same way as manually configured labels. The current list of available reserved labels are:
 

docs/sources/alerting/fundamentals/annotation-label/template-functions.md

@@ -3,6 +3,8 @@ aliases:
   - /docs/grafana/latest/alerting/contact-points/message-templating/template-functions/
   - /docs/grafana/latest/alerting/message-templating/template-functions/
   - /docs/grafana/latest/alerting/unified-alerting/message-templating/template-functions/
+  - /docs/grafana/latest/alerting/fundamentals/annotation-label/template-functions/
+  - /docs/grafana/latest/alerting/unified-alerting/fundamentals/annotation-label/template-functions/
 keywords:
   - grafana
   - alerting
@@ -15,7 +17,7 @@ weight: 125
 
 # Template Functions
 
-Template functions allow you to process labels and annotations to generate dynamic notifications.
+Template functions allow you to process alert evaluation results to generate dynamic notifications.
 
 | Name                                      | Argument type                                                | Return type            | Description                                                                                                                                 |
 | ----------------------------------------- | ------------------------------------------------------------ | ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- |

docs/sources/alerting/fundamentals/data-source-alerting.md

@@ -0,0 +1,39 @@
+---
+aliases:
+  - /docs/grafana/latest/alerting/fundamentals/data-source-alerting/
+description: Data sources in Grafana Alerting
+title: Data sources
+weight: 100
+---
+
+# Data sources
+
+There are a number of data sources that are compatible with Grafana Alerting. Each data source is supported by a plugin. You can use one of the built-in data sources listed below, use [external data source plugins](https://grafana.com/grafana/plugins/?type=datasource), or create your own data source plugin.
+
+If you are creating your own data source plugin, make sure it is a backend plugin as Grafana Alerting requires this in order to be able to evaluate rules using the data source. Frontend data sources are not supported, because the evaluation engine runs on the backend.
+
+Specifying { "alerting": true, “backend”: true } in the plugin.json file indicates that the data source plugin is compatible with Grafana Alerting and includes the backend data-fetching code. For more information, refer to [Build a data source backend plugin](https://grafana.com/tutorials/build-a-data-source-backend-plugin/).
+
+These are the data sources that are compatible with and supported by Grafana Alerting.
+
+- [AWS CloudWatch]({{< relref "../../datasources/aws-cloudwatch/" >}})
+- [Azure Monitor]({{< relref "../../datasources/azuremonitor/" >}})
+- [Elasticsearch]({{< relref "../../datasources/elasticsearch/" >}})
+- [Google Cloud Monitoring]({{< relref "../../datasources/google-cloud-monitoring/" >}})
+- [Graphite]({{< relref "../../datasources/graphite/" >}})
+- [InfluxDB]({{< relref "../../datasources/influxdb/" >}})
+- [Loki]({{< relref "../../datasources/loki/" >}})
+- [Microsoft SQL Server MSSQL]({{< relref "../../datasources/mssql/" >}})
+- [MySQL]({{< relref "../../datasources/mysql/" >}})
+- [Open TSDB]({{< relref "../../datasources/opentsdb/" >}})
+- [PostgreSQL]({{< relref "../../datasources/postgres/" >}})
+- [Prometheus]({{< relref "../../datasources/prometheus/" >}})
+- [Jaeger]({{< relref "../../datasources/jaeger/" >}})
+- [Zipkin]({{< relref "../../datasources/zipkin/" >}})
+- [Tempo]({{< relref "../../datasources/tempo/" >}})
+- [Testdata]({{< relref "../../datasources/testdata/" >}})
+
+## Useful links
+
+- [Grafana data sources]({{< relref "../../datasources/" >}})
+- [Add a data source]({{< relref "../../datasources/add-a-data-source/" >}})

docs/sources/alerting/images-in-notifications.md

@@ -11,7 +11,7 @@ title: Images in notifications
 
 # Images in notifications
 
-Images in notifications helps recipients of alert notifications better understand why an alert has fired or resolved by including an image of the panel for the Grafana managed alert rule.
+Images in notifications helps recipients of alert notifications better understand why an alert has fired or resolved by including an image of the panel associated with the Grafana managed alert rule.
 
 > **Note**: Images in notifications are not available for Grafana Mimir and Loki managed alert rules, or when Grafana is set up to send alert notifications to an external Alertmanager.
 
@@ -20,6 +20,8 @@ If Grafana is set up to send images in notifications, it takes a screenshot of t
 1. The alert rule transitions from pending to firing
 2. The alert rule transitions from firing to OK
 
+Grafana does not support images for alert rules that are not associated with a panel. An alert rule is associated with a panel when it has both Dashboard UID and Panel ID annotations.
+
 Images are stored in the [data]({{< relref "../setup-grafana/configure-grafana/#paths" >}}) path and so Grafana must have write-access to this path. If Grafana cannot write to this path then screenshots cannot be saved to disk and an error will be logged for each failed screenshot attempt. In addition to storing images on disk, Grafana can also store the image in an external image store such as Amazon S3, Azure Blob Storage, Google Cloud Storage and even Grafana where screenshots are stored in `public/img/attachments`. Screenshots older than `temp_data_lifetime` are deleted from disk but not the external image store. If Grafana is the external image store then screenshots are deleted from `data` but not from `public/img/attachments`.
 
 > **Note**: It is recommended that you use an external image store, as not all contact points support uploading images from disk. It is also possible that the image on disk is deleted before an alert notification is sent if `temp_data_lifetime` is less than the `group_wait` and `group_interval` options used in Alertmanager.
@@ -32,8 +34,8 @@ To use images in notifications, Grafana must be set up to use [image rendering](
 
 If Grafana has been set up to use [image rendering]({{< relref "../setup-grafana/image-rendering/" >}}) images in notifications can be turned on via the `capture` option in `[unified_alerting.screenshots]`:
 
-    # Enable screenshots in notifications. This option requires a remote HTTP image rendering service. Please
-    # see [rendering] for further configuration options.
+    # Enable screenshots in notifications. This option requires the Grafana Image Renderer plugin.
+    # For more information on configuration options, refer to [rendering].
     capture = true
 
 It is recommended that `max_concurrent_screenshots` is set to a value that is less than or equal to `concurrent_render_request_limit`. The default value for both `max_concurrent_screenshots` and `concurrent_render_request_limit` is `5`:
@@ -69,7 +71,7 @@ Images in notifications are supported in the following notifiers and additional
 | Opsgenie                | No                      | Yes                     |
 | Pagerduty               | No                      | Yes                     |
 | Prometheus Alertmanager | No                      | No                      |
-| Pushover                | No                      | No                      |
+| Pushover                | Yes                     | No                      |
 | Sensu Go                | No                      | No                      |
 | Slack                   | No                      | Yes                     |
 | Telegram                | No                      | No                      |

docs/sources/alerting/migrating-alerts/_index.md

@@ -3,6 +3,7 @@ aliases:
   - /docs/grafana/latest/alerting/migrating-alerts/
   - /docs/grafana/latest/alerting/unified-alerting/
   - /docs/grafana/latest/alerting/unified-alerting/difference-old-new/
+  - /docs/grafana/latest/alerting/difference-old-new/
 description: Upgrade Grafana alerts
 title: Upgrade to Grafana Alerting
 weight: 101
@@ -12,7 +13,7 @@ weight: 101
 
 Grafana Alerting is enabled by default for new installations or existing installations whether or not legacy alerting is configured.
 
-> **Note**: We recommend that Grafana Enterprise customers with more than a dozen Grafana dashboard alert rules do not upgrade and remain on legacy alerting for now by [opting out]({{< relref "opt-out/" >}}). If you do want to upgrade to Grafana Alerting, contact customer support.
+> **Note**: When upgrading, your dashboard alerts are migrated to a new format. This migration can be rolled back easily by [opting out]({{< relref "opt-out/" >}}). If you have any questions regarding this migration, please contact us.
 
 Existing installations that do not use legacy alerting will have Grafana Alerting enabled by default unless alerting is disabled in the configuration.
 

docs/sources/alerting/migrating-alerts/migrating-legacy-alerts.md

@@ -1,5 +1,6 @@
 ---
 aliases:
+  - /docs/grafana/latest/alerting/migrating-alerts/differences-and-limitations/
   - /docs/grafana/latest/alerting/migrating-alerts/migrating-legacy-alerts/
   - /docs/grafana/latest/alerting/migrating-legacy-alerts/
   - /docs/grafana/latest/alerting/unified-alerting/opt-in/
@@ -10,22 +11,27 @@ weight: 106
 
 # Differences and limitations
 
-When Grafana Alerting is enabled or upgraded to Grafana 9.0 or later, existing legacy dashboard alerts migrate in a format compatible with the Grafana Alerting. In the Alerting page of your Grafana instance, you can view the migrated alerts alongside any new alerts.
-This topic explains how legacy dashboard alerts are migrated and some limitations of the migration.
+There are some differences between Grafana Alerting and legacy dashboard alerts, and a number of features that are no
+longer supported. We refer to these as [Differences]({{< relref "#differences" >}}) and [Limitations]({{< relref "#limitations" >}}).
 
-> **Note:** This topic is only relevant for OSS and Enterprise customers. Contact customer support to enable or disable Grafana Alerting for your Cloud stack.
+## Differences
 
-Read and write access to legacy dashboard alerts and Grafana alerts are governed by the permissions of the folders storing them. During migration, legacy dashboard alert permissions are matched to the new rules permissions as follows:
+1. When Grafana Alerting is enabled or upgraded to Grafana 9.0 or later, existing legacy dashboard alerts migrate in a format compatible with the Grafana Alerting. In the Alerting page of your Grafana instance, you can view the migrated alerts alongside any new alerts.
+   This topic explains how legacy dashboard alerts are migrated and some limitations of the migration.
+
+2. Read and write access to legacy dashboard alerts and Grafana alerts are governed by the permissions of the folders storing them. During migration, legacy dashboard alert permissions are matched to the new rules permissions as follows:
 
 - If alert's dashboard has permissions, it will create a folder named like `Migrated {"dashboardUid": "UID", "panelId": 1, "alertId": 1}` to match permissions of the dashboard (including the inherited permissions from the folder).
 - If there are no dashboard permissions and the dashboard is under a folder, then the rule is linked to this folder and inherits its permissions.
 - If there are no dashboard permissions and the dashboard is under the General folder, then the rule is linked to the `General Alerting` folder, and the rule inherits the default permissions.
 
-> **Note:** Since there is no `Keep Last State` option for [`No Data`]({{< relref "../alerting-rules/create-grafana-managed-rule/#no-data--error-handling" >}}) in Grafana Alerting, this option becomes `NoData` during the legacy rules migration. Option "Keep Last State" for [`Error handling`]({{< relref "../alerting-rules/create-grafana-managed-rule/#no-data--error-handling" >}}) is migrated to a new option `Error`. To match the behavior of the `Keep Last State`, in both cases, during the migration Grafana automatically creates a [silence]({{< relref "../silences/" >}}) for each alert rule with a duration of 1 year.
+3. Since there is no `Keep Last State` option for [`No Data`]({{< relref "../alerting-rules/create-grafana-managed-rule/#no-data--error-handling" >}}) in Grafana Alerting, this option becomes `NoData` during the legacy rules migration. Option "Keep Last State" for [`Error handling`]({{< relref "../alerting-rules/create-grafana-managed-rule/#no-data--error-handling" >}}) is migrated to a new option `Error`. To match the behavior of the `Keep Last State`, in both cases, during the migration Grafana automatically creates a [silence]({{< relref "../silences/" >}}) for each alert rule with a duration of 1 year.
 
-Notification channels are migrated to an Alertmanager configuration with the appropriate routes and receivers. Default notification channels are added as contact points to the default route. Notification channels not associated with any Dashboard alert go to the `autogen-unlinked-channel-recv` route.
+4. Notification channels are migrated to an Alertmanager configuration with the appropriate routes and receivers. Default notification channels are added as contact points to the default route. Notification channels not associated with any Dashboard alert go to the `autogen-unlinked-channel-recv` route.
+
+5. Unlike legacy dashboard alerts where images in notifications are enabled per contact point, images in notifications for Grafana Alerting must be enabled in the Grafana configuration, either in the configuration file or environment variables, and are enabled for either all or no contact points. Please refer to the [documentation for images in notifications]({{< relref "../images-in-notifications" >}}).
 
 ## Limitations
 
-Since `Hipchat` and `Sensu` notification channels are no longer supported, legacy alerts associated with these channels are not automatically migrated to Grafana Alerting. Assign the legacy alerts to a supported notification channel so that you continue to receive notifications for those alerts.
-Silences (expiring after one year) are created for all paused dashboard alerts.
+1. Since `Hipchat` and `Sensu` notification channels are no longer supported, legacy alerts associated with these channels are not automatically migrated to Grafana Alerting. Assign the legacy alerts to a supported notification channel so that you continue to receive notifications for those alerts.
+   Silences (expiring after one year) are created for all paused dashboard alerts.

docs/sources/alerting/silences/linking-to-silence-form.md

@@ -14,8 +14,8 @@ weight: 451
 
 # Create a URL to link to a silence form
 
-When linking to a silence form, provide the default matching labels and comment via `matchers` and `comment` query parameters. The `matchers` parameter requires one more matching labels of the type `[label][operator][value]` joined by a comma while the `operator` parameter can be one of the following: `=` (equals, not regex), `!=` (not equals, not regex), `=~` (equals, regex), `!~` (not equals, regex).
-
-For example, to link to silence form with matching labels `severity=critical` & `cluster!~europe-.*` and comment `Silence critical EU alerts`, create a URL `https://mygrafana/alerting/silence/new?matchers=severity%3Dcritical%2Ccluster!~europe-*&comment=Silence%20critical%20EU%20alert`.
+When linking to a silence form, provide the default matching labels and comment via `matcher` and `comment` query parameters. The `matcher` parameter should be in the following format `[label][operator][value]` where the `operator` parameter can be one of the following: `=` (equals, not regex), `!=` (not equals, not regex), `=~` (equals, regex), `!~` (not equals, regex).
+The URL can contain many query parameters with the key `matcher`.
+For example, to link to silence form with matching labels `severity=critical` & `cluster!~europe-.*` and comment `Silence critical EU alerts`, create a URL `https://mygrafana/alerting/silence/new?matcher=severity%3Dcritical&matcher=cluster!~europe-*&comment=Silence%20critical%20EU%20alert`.
 
 To link to a new silence page for an [external Alertmanager]({{< relref "../../datasources/alertmanager/" >}}), add a `alertmanager` query parameter with the Alertmanager data source name.

docs/sources/best-practices/best-practices-for-creating-dashboards.md

@@ -51,6 +51,6 @@ Once you have a strategy or design guidelines, write them down to help maintain
 - Use the left and right Y-axes when displaying time series with different units or ranges.
 - Add documentation to dashboards and panels.
   - To add documentation to a dashboard, add a [Text panel visualization]({{< relref "../visualizations/text-panel/" >}}) to the dashboard. Record things like the purpose of the dashboard, useful resource links, and any instructions users might need to interact with the dashboard. Check out this [Wikimedia example](https://grafana.wikimedia.org/d/000000066/resourceloader?orgId=1).
-  - To add documentation to a panel, [edit the panel settings]({{< relref "../panels/working-with-panels/add-panel/" >}}) and add a description. Any text you add will appear if you hover your cursor over the small `i` in the top left corner of the panel.
+  - To add documentation to a panel, edit the panel settings and add a description. Any text you add will appear if you hover your cursor over the small `i` in the top left corner of the panel.
 - Reuse your dashboards and enforce consistency by using [templates and variables]({{< relref "../variables/" >}}).
 - Be careful with stacking graph data. The visualizations can be misleading, and hide important data. We recommend turning it off in most cases.

docs/sources/best-practices/best-practices-for-managing-dashboards.md

@@ -31,9 +31,9 @@ What is your dashboard maturity level? Analyze your current dashboard setup and
   - If you create a temporary dashboard, perhaps to test something, prefix the name with `TEST: `. Delete the dashboard when you are finished.
 - Copying dashboards with no significant changes is not a good idea.
   - You miss out on updates to the original dashboard, such as documentation changes, bug fixes, or additions to metrics.
-  - In many cases copies are being made to simply customize the view by setting template parameters. This should instead be done by maintaining a link to the master dashboard and customizing the view with [URL parameters]({{< relref "../linking/data-link-variables/" >}}).
+  - In many cases copies are being made to simply customize the view by setting template parameters. This should instead be done by maintaining a link to the master dashboard and customizing the view with [URL parameters]({{< relref "../panels/configure-data-links/#data-link-variables" >}}).
 - When you must copy a dashboard, clearly rename it and _do not_ copy the dashboard tags. Tags are important metadata for dashboards that are used during search. Copying tags can result in false matches.
 - Maintain a dashboard of dashboards or cross-reference dashboards. This can be done in several ways:
-  - Create dashboard links, panel, or data links. Links can go to other dashboards or to external systems. For more information, refer to [Linking]({{< relref "../linking/" >}}).
+  - Create dashboard links, panel, or data links. Links can go to other dashboards or to external systems. For more information, refer to [Manage dashboard links]({{< relref "../dashboards/manage-dashboard-links/" >}}).
   - Add a [Dashboard list panel]({{< relref "../visualizations/dashboard-list-panel/" >}}). You can then customize what you see by doing tag or folder searches.
   - Add a [Text panel]({{< relref "../visualizations/text-panel/" >}}) and use markdown to customize the display.

docs/sources/best-practices/dashboard-management-maturity-levels.md

@@ -53,7 +53,7 @@ How can you tell you are here?
 - Directed browsing cuts down on "guessing."
   - Template variables make it harder to “just browse” randomly or aimlessly.
   - Most dashboards should be linked to by alerts.
-  - Browsing is directed with links. For more information, refer to [Linking]({{< relref "../linking/" >}}).
+  - Browsing is directed with links. For more information, refer to [Manage dashboard links]({{< relref "../dashboards/manage-dashboard-links/" >}}).
 - Version-controlled dashboard JSON.
 
 ## High - optimized use

docs/sources/dashboards/_index.md

@@ -16,8 +16,9 @@ Before you begin, ensure that you have configured a data source. See also:
 
 - [Use dashboards]({{< relref "use-dashboards/" >}})
 - [Dashboard folders]({{< relref "dashboard-folders/" >}})
-- [Create dashboard]({{< relref "dashboard-create/" >}})
+- [Add and organize panels]({{< relref "add-organize-panels/" >}})
 - [Manage dashboards]({{< relref "dashboard-manage/" >}})
+- [Public dashboards]({{< relref "dashboard-public/" >}})
 - [Annotations]({{< relref "annotations/" >}})
 - [Playlist]({{< relref "playlist/" >}})
 - [Reporting]({{< relref "reporting/" >}})

docs/sources/dashboards/add-organize-panels.md

@@ -0,0 +1,104 @@
+---
+aliases:
+  - /docs/grafana/latest/panels/working-with-panels/navigate-panel-editor/
+  - /docs/grafana/latest/panels/working-with-panels/navigate-inspector-panel/
+  - /docs/grafana/latest/dashboards/dashboard-create/
+  - /docs/grafana/latest/features/dashboard/dashboards/
+  - /docs/grafana/latest/panels/working-with-panels/add-panel/
+  - /docs/grafana/latest/dashboards/add-organize-panels/
+title: Add and organize panels
+menuTitle: Add and organize panels
+weight: 2
+---
+
+# Add and organize panels
+
+This section describes the areas of the Grafana panel editor.
+
+1. Panel header: The header section lists the dashboard in which the panel appears and the following controls:
+
+   - **Dashboard settings (gear) icon -** Click to access the dashboard settings.
+   - **Discard -** Discards changes you have made to the panel since you last saved the dashboard.
+   - **Save -** Saves changes you made to the panel.
+   - **Apply -** Applies changes you made and closes the panel editor, returning you to the dashboard. You will have to save the dashboard to persist the applied changes.
+
+1. Visualization preview: The visualization preview section contains the following options:
+
+   - **Table view -** Convert any visualization to a table so that you can see the data. Table views are useful for troubleshooting.
+   - **Fill -** The visualization preview fills the available space. If you change the width of the side pane or height of the bottom pane the visualization changes to fill the available space.
+   - **Actual -** The visualization preview will have the exact size as the size on the dashboard. If not enough space is available, the visualization will scale down preserving the aspect ratio.
+   - **Time range controls -** For more information, refer to [Time range controls]({{< relref "time-range-controls/" >}}).
+
+1. Data section: The data section contains tabs where you enter queries, transform your data, and create alert rules (if applicable).
+
+   - **Query tab -** Select your data source and enter queries here. For more information, refer to [Add a query]({{< relref "../panels/query-a-data-source/add-a-query/" >}}).
+   - **Transform tab -** Apply data transformations. For more information, refer to [Transform data]({{< relref "../panels/transform-data/" >}}).
+   - **Alert tab -** Write alert rules. For more information, refer to [Overview of Grafana 8 alerting]({{< relref "../alerting/" >}}).
+
+1. Panel display options: The display options section contains tabs where you configure almost every aspect of your data visualization.
+
+> Not all options are available for each visualization.
+
+{{< figure src="/static/img/docs/panel-editor/panel-editor-8-0.png" class="docs-image--no-shadow" max-width="1500px" >}}
+
+## Open the panel inspect drawer
+
+The inspect drawer helps you understand and troubleshoot your panels. You can view the raw data for any panel, export that data to a comma-separated values (CSV) file, view query requests, and export panel and data JSON.
+
+> **Note:** Not all panel types include all tabs. For example, dashboard list panels do not have raw data to inspect, so they do not display the Stats, Data, or Query tabs.
+
+The panel inspector consists of the following options:
+
+1. The panel inspect drawer displays opens a drawer on the right side. Click the arrow in the upper right corner to expand or reduce the drawer pane.
+
+1. **Data tab -** Shows the raw data returned by the query with transformations applied. Field options such as overrides and value mappings are not applied by default.
+
+1. **Stats tab -** Shows how long your query takes and how much it returns.
+
+1. **JSON tab -** Allows you to view and copy the panel JSON, panel data JSON, and data frame structure JSON. This is useful if you are provisioning or administering Grafana.
+
+1. **Query tab -** Shows you the requests to the server sent when Grafana queries the data source.
+
+1. **Error tab -** Shows the error. Only visible when query returns error.
+
+## Create a dashboard and add a panel
+
+Dashboards and panels allow you to show your data in visual form. Each panel needs at least one query to display a visualization.
+
+**Before you begin:**
+
+- Ensure that you have the proper permissions. For more information about permissions, refer to [About users and permissions]({{< relref "../administration/roles-and-permissions/" >}}).
+- Identify the dashboard to which you want to add the panel.
+- Understand the query language of the target data source.
+- Ensure that data source for which you are writing a query has been added. For more information about adding a data source, refer to [Add a data source]({{< relref "../datasources/add-a-data-source/" >}}) if you need instructions.
+
+**To create a dashboard and add a panel**:
+
+1. Sign in to Grafana, hover your cursor over **Dashboard**, and click **+ New Dashboard**.
+1. Click **Add a new panel**.
+1. In the first line of the **Query** tab, click the drop-down list and select a data source.
+1. Write or construct a query in the query language of your data source.
+
+   For more information about data sources, refer to [Data sources]({{< relref "../datasources/" >}}) for specific guidelines.
+
+1. In the Visualization list, select a visualization type.
+
+   Grafana displays a preview of your query results with the visualization applied.
+
+   ![](/static/img/docs/panel-editor/select-visualization-8-0.png)
+
+   For more information about individual visualizations, refer to [Visualizations options]({{< relref "../visualizations/" >}}).
+
+1. Refer to the following documentation for ways you can adjust panel settings.
+
+   While not required, most visualizations need some adjustment before they properly display the information that you need.
+
+   - [Format data using value mapping]({{< relref "../panels/format-data/about-value-mapping/" >}})
+   - [Visualization-specific options]({{< relref "../visualizations/" >}})
+   - [Override field values]({{< relref "../panels/override-field-values/about-field-overrides/" >}})
+   - [Configure thresholds]({{< relref "../panels/configure-thresholds/" >}})
+   - [Configure standard options]({{< relref "../panels/configure-standard-options/" >}})
+
+1. Add a note to describe the visualization (or describe your changes) and then click **Save** in the upper-right corner of the page.
+
+   Notes can be helpful if you need to revert the dashboard to a previous version.

docs/sources/dashboards/dashboard-create.md

@@ -1,13 +0,0 @@
----
-aliases:
-  - /docs/grafana/latest/dashboards/dashboard-create/
-  - /docs/grafana/latest/features/dashboard/dashboards/
-title: Create dashboards
-weight: 7
----
-
-## Create dashboard
-
-To create a new dashboard:
-
-Click the new dashboard link on the right side of the time picker. A blank dashboard is created.

docs/sources/dashboards/dashboard-public.md

@@ -0,0 +1,55 @@
+---
+aliases:
+  - /docs/grafana/latest/dashboards/dashboard-manage/
+  - /docs/grafana/latest/features/dashboard/dashboards/
+title: Public dashboards
+weight: 8
+---
+
+## Public dashboards
+
+> **Note:** This is an opt-in alpha feature.
+
+> **Caution:** Making your dashboard public could result in a large number of queries to the datasources used by your dashboard.
+> This can be mitigated by utilizing the enterprise [caching](https://grafana.com/docs/grafana/latest/enterprise/query-caching/) and/or rate limiting features.
+
+Public dashboards allow you to share your Grafana dashboard with anyone. This is useful when you want to expose your
+dashboard to the world.
+
+#### Security implications of making your dashboard public
+
+- Anyone with the URL can access the dashboard.
+- Public dashboards are read-only.
+- Arbitrary queries **cannot** be run against your datasources through public dashboards. Public dashboards can only execute the
+  queries stored on the original dashboard.
+
+#### Enable the feature
+
+Add the `publicDashboards` feature toggle to your `custom.ini` file.
+
+> **Note:** For Grafana Cloud, you will need to contact support to have the feature enabled.
+
+#### Make a dashboard public
+
+- Click on the sharing icon to the right of the dashboard title.
+- Click on the Public Dashboard tab.
+- Acknowledge the implications of making the dashboard public by checking all the checkboxes.
+- Turn on the Enabled toggle.
+- Click `Save Sharing Configuration` to make the dashboard public and make your link live.
+- Copy the public dashboard link if you'd like to share it. You can always come back later for it.
+
+#### Revoke access
+
+- Click on the sharing icon to the right of the dashboard title.
+- Click on the Public Dashboard tab.
+- Turn off the Enabled toggle.
+- Click `Save Sharing Configuration` to save your changes.
+- Anyone with the link will not be able to access the dashboard publicly anymore.
+
+#### Limitations
+
+- Panels that use frontend datasources will fail to fetch data.
+- Template variables are currently not supported, but are planned to be in the future.
+- The time range is permanently set to the default time range on the dashboard. If you update the default time range for a dashboard, it will be reflected in the public dashboard.
+
+We are excited to share this enhancement with you and we’d love your feedback! Please check out the [Github](https://github.com/grafana/grafana/discussions/49253) discussion and join the conversation.

docs/sources/dashboards/manage-dashboard-links/index.md

@@ -1,20 +1,53 @@
 ---
 aliases:
+  - /docs/grafana/latest/linking/
+  - /docs/grafana/latest/features/navigation-links/
+  - /docs/grafana/latest/linking/linking-overview/
   - /docs/grafana/latest/linking/dashboard-links/
-description: ''
+  - /docs/grafana/latest/dashboards/manage-dashboard-links/
+  - /docs/grafana/latest/panels/working-with-panels/add-link-to-panel/
+description: How to link Grafana dashboards.
 keywords:
+  - link
+  - dashboard
   - grafana
   - linking
   - create links
   - link dashboards
   - navigate
-title: Dashboard links
-weight: 200
+title: Manage dashboard links
+menuTitle: Manage dashboard links
+weight: 400
 ---
 
-# Dashboard links
+# Manage dasboard links
 
-When you create a dashboard link, you can include the time range and current template variables to directly jump to the same context in another dashboard. This way, you don’t have to worry whether the person you send the link to is looking at the right data. For other types of links, refer to [Data link variables]({{< relref "data-link-variables/" >}}).
+You can use links to navigate between commonly-used dashboards or to connect others to your visualizations. Links let you create shortcuts to other dashboards, panels, and even external websites.
+
+Grafana supports dashboard links, panel links, and data links. Dashboard links are displayed at the top of the dashboard. Panel links are accessible by clicking an icon on the top left corner of the panel.
+
+## Which link should you use?
+
+Start by figuring out how you're currently navigating between dashboards. If you're often jumping between a set of dashboards and struggling to find the same context in each, links can help optimize your workflow.
+
+The next step is to figure out which link type is right for your workflow. Even though all the link types in Grafana are used to create shortcuts to other dashboards or external websites, they work in different contexts.
+
+- If the link relates to most if not all of the panels in the dashboard, use [dashboard links]({{< relref "#dashboard-links" >}}).
+- If you want to drill down into specific panels, use [panel links]({{< relref "#panel-links" >}}).
+- If you want to link to an external site, you can use either a dashboard link or a panel link.
+- If you want to drill down into a specific series, or even a single measurement, use [data links]({{< relref "../../panels/configure-data-links/#data-links" >}}).
+
+## Controlling time range using the URL
+
+You can control the time range of a panel or dashboard by providing following query parameters in dashboard URL:
+
+- `from` - defines lower limit of the time range, specified in ms epoch
+- `to` - defines upper limit of the time range, specified in ms epoch
+- `time` and `time.window` - defines a time range from `time-time.window/2` to `time+time.window/2`. Both params should be specified in ms. For example `?time=1500000000000&time.window=10000` will result in 10s time range from 1499999995000 to 1500000005000
+
+## Dashboard links
+
+When you create a dashboard link, you can include the time range and current template variables to directly jump to the same context in another dashboard. This way, you don’t have to worry whether the person you send the link to is looking at the right data. For other types of links, refer to [Data link variables]({{< relref "../../panels/configure-data-links/#data-link-variables/" >}}).
 
 Dashboard links can also be used as shortcuts to external systems, such as submitting [a GitHub issue with the current dashboard name](https://github.com/grafana/grafana/issues/new?title=Dashboard%3A%20HTTP%20Requests).
 
@@ -25,7 +58,7 @@ To see an example of dashboard links in action, check out:
 
 Once you've added a dashboard link, it appears in the upper right corner of your dashboard.
 
-## Add links to dashboards
+### Add links to dashboards
 
 Add links to other dashboards at the top of your current dashboard.
 
@@ -40,7 +73,7 @@ Add links to other dashboards at the top of your current dashboard.
    - **Open in new tab** – Select this option if you want the dashboard link to open in a new tab or window.
 1. Click **Add**.
 
-## Add a URL link to a dashboard
+### Add a URL link to a dashboard
 
 Add a link to a URL at the top of your current dashboard. You can link to any available URL, including dashboards, panels, or external sites. You can even control the time range to ensure the user is zoomed in on the right data in Grafana.
 
@@ -60,7 +93,7 @@ Add a link to a URL at the top of your current dashboard. You can link to any av
    - **Open in new tab** – Select this option if you want the dashboard link to open in a new tab or window.
 1. Click **Add**.
 
-## Update a dashboard link
+### Update a dashboard link
 
 To change or update an existing dashboard link, follow this procedure.
 
@@ -71,6 +104,43 @@ To change or update an existing dashboard link, follow this procedure.
 
 To duplicate an existing dashboard link, click the duplicate icon next to the existing link that you want to duplicate.
 
-## Delete a dashboard link
+### Delete a dashboard link
 
 To delete an existing dashboard link, click the trash icon next to the duplicate icon that you want to delete.
+
+## Panel links
+
+Each panel can have its own set of links that are shown in the upper left corner of the panel. You can link to any available URL, including dashboards, panels, or external sites. You can even control the time range to ensure the user is zoomed in on the right data in Grafana.
+
+Click the icon on the top left corner of a panel to see available panel links.
+
+{{< figure src="/static/img/docs/linking/panel-links.png" width="200px" >}}
+
+### Add a panel link
+
+1. Hover your cursor over the panel that you want to add a link to and then press `e`. Or click the dropdown arrow next to the panel title and then click **Edit**.
+1. On the Panel tab, scroll down to the Links section.
+1. Expand Links and then click **Add link**.
+1. Enter a **Title**. **Title** is a human-readable label for the link that will be displayed in the UI.
+1. Enter the **URL** you want to link to.
+   You can even add one of the template variables defined in the dashboard. Press Ctrl+Space or Cmd+Space and click in the **URL** field to see the available variables. By adding template variables to your panel link, the link sends the user to the right context, with the relevant variables already set. You can also use time variables:
+   - `from` - Defines the lower limit of the time range, specified in ms epoch.
+   - `to` - Defines the upper limit of the time range, specified in ms epoch.
+   - `time` and `time.window` - Define a time range from `time-time.window/2` to `time+time.window/2`. Both params should be specified in ms. For example `?time=1500000000000&time.window=10000` will result in 10s time range from 1499999995000 to 1500000005000.
+1. If you want the link to open in a new tab, then select **Open in a new tab**.
+1. Click **Save** to save changes and close the window.
+1. Click **Save** in the upper right to save your changes to the dashboard.
+
+### Update a panel link
+
+1. On the Panel tab, find the link that you want to make changes to.
+1. Click the Edit (pencil) icon to open the Edit link window.
+1. Make any necessary changes.
+1. Click **Save** to save changes and close the window.
+1. Click **Save** in the upper right to save your changes to the dashboard.
+
+### Delete a panel link
+
+1. On the Panel tab, find the link that you want to delete.
+1. Click the **X** icon next to the link you want to delete.
+1. Click **Save** in the upper right to save your changes to the dashboard.

docs/sources/dashboards/manage-library-panels.md

@@ -0,0 +1,87 @@
+---
+aliases:
+  - /docs/grafana/latest/panels/panel-library/
+  - /docs/grafana/latest/panels/library-panels/
+  - /docs/grafana/latest/panels/library-panels/create-library-panel/
+  - /docs/grafana/latest/panels/library-panels/add-library-panel/
+  - /docs/grafana/latest/panels/library-panels/unlink-library-panel/
+  - /docs/grafana/latest/panels/library-panels/manage-library-panel/
+  - /docs/grafana/latest/panels/library-panels/delete-library-panel/
+  - /docs/grafana/latest/dashboards/manage-library-panels/
+title: Manage Grafana library panels
+menuTitle: Manage library panels
+weight: 3
+---
+
+# Manage Grafana library panels
+
+A library panel is a reusable panel that you can use in any dashboard. When you make a change to a library panel, that change propagates to all instances of where the panel is used. Library panels streamline reuse of panels across multiple dashboards.
+
+You can save a library panel in a folder alongside saved dashboards.
+
+## Create a library panel
+
+When you create a library panel, the panel on the source dashboard is converted to a library panel as well. You need to save the original dashboard once a panel is converted.
+
+1. Open a panel in edit mode.
+1. In the panel display options, click the down arrow option to bring changes to the visualization.
+   {{< figure src="/static/img/docs/library-panels/create-lib-panel-from-edit-8-0.png" class="docs-image--no-shadow" max-width= "800px" caption="Screenshot of the edit panel" >}}
+1. Click the **Library panels** option, and then click **Create library panel** to open the create dialog.
+   {{< figure src="/static/img/docs/library-panels/create-lib-panel-8-0.png" class="docs-image--no-shadow" max-width= "500px" caption="Screenshot of the create library panel dialog" >}}
+1. In **Library panel name**, enter the name.
+1. In **Save in folder**, select the folder to save the library panel.
+1. Click **Create library panel** to save your changes.
+1. Save the dashboard.
+
+Once created, you can modify the library panel using any dashboard on which it appears. After you save the changes, all instances of the library panel reflect these modifications.
+
+{{< figure src="/static/img/docs/library-panels/create-from-more-8-0.png" class="docs-image--no-shadow" max-width= "900px" caption="Screenshot of the edit panel" >}}
+
+## Add a library panel to a dashboard
+
+Add a Grafana library panel to a dashboard when you want to provide visualizations to other dashboard users.
+
+1. Hover over the **Dashboards** option on the left menu, then select **New dashboard** from the drop-down options.
+
+   The **Add** panel dialog opens.
+   {{< figure src="/static/img/docs/library-panels/add-library-panel-8-0.png" class="docs-image--no-shadow" max-width= "900px" caption="Screenshot of the edit panel" >}}
+
+1. Click the **Add a panel from the panel library** option.
+
+   You will see a list of your library panels.
+
+1. Filter the list or search to find the panel you want to add.
+1. Click a panel to add it to the dashboard.
+
+## Unlink a library panel
+
+Unlink a library panel when you want to make a change to the panel and not affect other instances of the library panel.
+
+1. Hover over **Dashboard** on the left menu, and then click **Library panels**.
+1. Select a library panel that is being used in different dashboards.
+1. Select the panel you want to unlink.
+1. Click the title of the panel and then click **Edit**. The panel opens in edit mode.
+1. Click the **Unlink** option on the top right corner of the page.
+
+## View a list of library panels
+
+You can view a list of available library panels and search for a library panel.
+
+1. Hover over the **Dashboard** option on the left menu, then click **Library panels**.
+
+   You can see a list of previously defined library panels.
+   {{< figure src="/static/img/docs/library-panels/library-panel-list-8-0.png" class="docs-image--no-shadow" max-width= "900px" caption="Screenshot of the edit panel" >}}
+
+1. Search for a specific library panel if you know its name.
+
+   You can also filter the panels by folder or type.
+
+## Delete a library panel
+
+Delete a library panel when you no longer need it.
+
+1. Hover over **Dashboard** on the left menu, and select **Library panels**.
+
+1. Select the panel you want to delete.
+
+1. Click the delete icon next to the library panel name.

docs/sources/dashboards/use-dashboards.md

@@ -10,7 +10,7 @@ aliases:
   - /docs/grafana/latest/reference/search/
 title: 'Use dashboards'
 menuTitle: Use dashboards
-weight: 2
+weight: 1
 keywords:
   - dashboard
   - search
@@ -19,40 +19,36 @@ keywords:
 
 # Use dashboards
 
-The dashboard UI has the following sections to allow you to customize the presentation of data.
+This topic provides an overview of dashboard features and shortcuts, and describes how to use dashboard search.
 
-{{< figure src="/static/img/docs/v50/dashboard_annotated.png" class="no-shadow" width="700px" >}}
+## Dashboard feature overview
 
-- **Zoom out time range** (1)
-- **Time picker dropdown** (2). Access relative time range options, auto refresh options and set custom absolute time ranges.
-- **Refresh option** (3) Click to trigger queries or set auto refresh.
-- **Dashboard panel** (4) Click the panel title to open panel menu.
-- **Graph legend** (5) Change series colors, y-axis and series visibility directly from the legend.
+The dashboard user interface provides a number of features that you can use to customize the presentation of your data.
 
-For more details, see [Dashboard header]({{< relref "#dashboard-header" >}}) and [Dashboard rows]({{< relref "#dashboard-rows" >}}).
+The following image and descriptions highlights all dashboards features.
 
-## Dashboard header
+{{< figure src="/static/img/docs/v91/dashboard-features/dashboard-features.png" width="700px" >}}
 
-The dashboard header has the following sections.
-
-{{< figure src="/static/img/docs/v50/top_nav_annotated.png" width="450px" >}}
-
-- **Dashboard title** (2): This also opens the dashboard search when clicked.
-- **Add panel** (3): Use this option to add a new panel or row to the current dashboard.
-- **Star dashboard** (4): Use this option to star (or unstar) the current dashboard. Starred dashboards show up on your own home dashboard by default. It is a convenient way to mark Dashboards that you're interested in.
-- **Share dashboard** (5): Use this option to share the current dashboard by link or snapshot. You can also export the dashboard definition from the share modal.
-- **Save dashboard** (6): Use this option to save the current dashboard using its current name.
-- **Settings** (7): Use this option to open dashboard settings. Here you change dashboard name, folder, tags as well as manage variables and annotation queries.
-
-## Dashboard panels
-
-The main building block of dashboard is the panel. You add new panels via the `Add panel` button at the top of the dashboard. This will add view at the top where you can choose if you want to add a new panel, row or library panel. Library panels are panels that can be shared (reused) in many dashboards. You can move panels around by just dragging the panel header. To resize panel use the lower right corner.
-
-## Dashboard rows
-
-A dashboard row is a logical divider within a dashboard. It is used to group panels together. Rows can be collapsed or expanded allowing you to hide parts of the dashboard. Panels inside a collapsed row will not issue any queries.
-
-Use the [repeating rows]({{< relref "../panels/add-panels-dynamically/configure-repeating-rows" >}}) to dynamically create rows based on a template variable.
+- **Grafana home** (1): Click the Grafana home icon to be redirected to the home page configured in the Grafana instance.
+- **Dashboard title** (2): When you click the dashboard title you can search for dashboard contained in the current folder.
+- **Share dashboard** (3): Use this option to share the current dashboard by link or snapshot. You can also export the dashboard definition from the share modal.
+- **Add panel** (4): Use this option to add a panel, dashboard row, or library panel to the current dashboard.
+- **Dashboard settings** (5): Use this option to change dashboard name, folder, and tags and manage variables and annotation queries.
+- **Time picker dropdown** (6): Click to select relative time range options and set custom absolute time ranges.
+- **Zoom out time range** (7): Click to zoom out the time range. For more information about how to use time range controls, refer to [Common time range controls](../time-range-controls/#common-time-range-controls).
+- **Refresh dashboard** (8): Click to immediately trigger queries and refresh dashboard data.
+- **Refresh dashboard time interval** (9): Click to select a dashboard auto refresh time interval.
+- **View mode** (10): Click to display the dashboard on a large screen such as a TV or a kiosk. View mode hides irrelevant information such as navigation menus. For more information about view mode, refer to [How to Create Kiosks to Display Dashboards on a TV](https://grafana.com/blog/2019/05/02/grafana-tutorial-how-to-create-kiosks-to-display-dashboards-on-a-tv/).
+- **Dashboard panel** (11): The primary building block of a dashboard is the panel. To add a new panel, dashboard row, or library panel, click **Add panel**.
+  - Library panels can be shared among many dashboards.
+  - To move a panel, drag the panel header to another location.
+  - To resize a panel, click and drag the lower right corner of the panel.
+- **Graph legend** (12): Change series colors, y-axis and series visibility directly from the legend.
+- **Search** (13): Click **Search** to search for dashboards by name or panel title.
+- **Dashboard row** (14): A dashboard row is a logical divider within a dashboard that groups panels together.
+  - Rows can be collapsed or expanded allowing you to hide parts of the dashboard.
+  - Panels inside a collapsed row do not issue queries.
+  - Use the [repeating rows]({{< relref "../panels/configure-panel-options/#configure-repeating-rows" >}}) to dynamically create rows based on a template variable.
 
 ## Keyboard shortcuts
 
@@ -66,7 +62,7 @@ Grafana has a number of keyboard shortcuts available. Press `?` or `h` on your k
 - `Ctrl+K`: Opens the command palette.
 - `Esc`: Exits panel when in fullscreen view or edit mode. Also returns you to the dashboard from dashboard settings.
 
-**Focused Panel**
+**Focused panel**
 
 By hovering over a panel with the mouse you can use some shortcuts that will target that panel.
 
@@ -77,24 +73,13 @@ By hovering over a panel with the mouse you can use some shortcuts that will tar
 - `pr`: Remove Panel
 - `pl`: Toggle panel legend
 
-## Dashboard Search
+## Dashboard search
 
-Dashboards can be searched by the dashboard name, filtered by one (or many) tags or filtered by starred status. The dashboard search is accessed through the dashboard picker, available in the dashboard top nav area. The dashboard search can also be opened by using the shortcut `F`.
+You can search for dashboards by dashboard name and by panel title. When you search for dashboards, the system returns all dashboards available within the Grafana instance, even if you do not have permission to view the contents of the dashboard.
 
-{{< figure src="/static/img/docs/v50/dashboard_search_annotated.png" width="700px" >}}
+### Search dashboards using dashboard name
 
-1. `Search Bar`: The search bar allows you to enter any string and search both database and file based dashboards in real-time.
-1. `Starred`: Here you find all your starred dashboards.
-1. `Recent`: Here you find the latest created dashboards.
-1. `Folders`: The tags filter allows you to filter the list by dashboard tags.
-1. `Root`: The root contains all dashboards that are not placed in a folder.
-1. `Tags`: The tags filter allows you to filter the list by dashboard tags.
-
-When using only a keyboard, you can use your keyboard arrow keys to navigate the results, hit enter to open the selected dashboard.
-
-### Find by dashboard name
-
-Begin typing any part of the desired dashboard names in the search bar. Search will return results for any partial string match in real-time, as you type.
+Begin typing any part of the dashboard name in the search bar. The search returns results for any partial string match in real-time, as you type.
 
 Dashboard search is:
 
@@ -102,14 +87,62 @@ Dashboard search is:
 - _Not_ case sensitive
 - Functional across stored _and_ file based dashboards.
 
-### Filter by Tag(s)
+> \*\*Note: You can use your keyboard arrow keys to navigate the results and press `Enter` to open the selected dashboard.
 
-Tags are a great way to organize your dashboards, especially as the number of dashboards grow. Tags can be added and managed in the dashboard `Settings`.
+The following image shows the search results when you search using dashboard name.
 
-To filter the dashboard list by tag, click on any tag appearing in the right column. The list may be further filtered by clicking on additional tags:
+{{< figure src="/static/img/docs/v91/dashboard-features/search-by-dashboard-name.png" width="700px" >}}
 
-Alternately, to see a list of all available tags, click the tags dropdown menu. All tags will be shown, and when a tag is selected, the dashboard search will be instantly filtered:
+### Search dashboards using panel title
 
-When using only a keyboard: `tab` to focus on the _tags_ link, `▼` down arrow key to find a tag and select with the `Enter` key.
+You can search for a dashboard by the title of a panel that appears in a dashboard.
+If a panel's title matches your search query, the dashboard appears in the search results.
 
-> **Note:** When multiple tags are selected, Grafana will show dashboards that include **all**.
+This feature is available by default in Grafana Cloud and in Grafana OSS v9.1 and higher, you access this feature by enabling the `panelTitleSearch` feature toggle.
+For more information about enabling panel title search, refer to [Enable the panelTitleSearch feature toggle.](#enable-panelTitleSearch-feature-toggle)
+
+The following image shows the search results when you search using panel title.
+
+{{< figure src="/static/img/docs/v91/dashboard-features/search-by-panel-title.png" width="700px" >}}
+
+#### Enable the panelTitleSearch feature toggle
+
+Complete the following steps to enable the `panelTitleSearch` feature toggle.
+
+**Before you begin:**
+
+- If you are running Grafana Enterprise with RBAC, enable [service accounts]({{< relref "../administration/service-accounts/" >}}).
+
+**To enable the panelTitleSearch feature toggle:**
+
+1. Open the Grafana [configuration file]({{< relref "../setup-grafana/configure-grafana/#configuration-file-location" >}}).
+
+1. Locate the [feature_toggles]({{< relref "../setup-grafana/configure-grafana/#feature_toggles" >}}) section.
+
+1. Add the following parameter to the `feature_toggles` section:
+
+   ```
+   [feature_toggles]
+   # enable features, separated by spaces
+   enable = dashboardPreviews
+   ```
+
+1. Save your changes and restart the Grafana server.
+
+### Filter dashboard search results by tag(s)
+
+Tags are a great way to organize your dashboards, especially as the number of dashboards grow. You can add and manage tags in dashboard `Settings`.
+
+When you select multiple tags, Grafana shows dashboards that include all selected tags.
+
+To filter dashboard search result by a tag, complete one of the following steps:
+
+- To filter dashboard search results by tag, click a tag that appears in the right column of the search results.
+
+  You can continue filtering by clicking additional tags.
+
+- To see a list of all available tags, click the **Filter by tags** dropdown menu and select a tag.
+
+  All tags will be shown, and when you select a tag, the dashboard search will be instantly filtered.
+
+> **Note:** When using only a keyboard, press the `tab` key and navigate to the **Filter by tag** drop-down menu, press the down arrow key `▼` to activate the menu and locate a tag, and press `Enter` to select the tag.

docs/sources/datasources/_index.md

@@ -8,7 +8,7 @@ weight: 60
 
 # Data sources
 
-Grafana supports many different storage backends for your time series data (data source). Refer to [Add a data source]({{< relref "../../administration/datasources/add-a-data-source/" >}}) for instructions on how to add a data source to Grafana. Only users with the organization admin role can add data sources.
+Grafana supports many different storage backends for your time series data (data source). Refer to [Add a data source]({{< relref "../administration/data-source-management/#add-a-data-source/" >}}) for instructions on how to add a data source to Grafana. Only users with the organization admin role can add data sources.
 
 ## Querying
 
@@ -18,23 +18,23 @@ Each data source has a specific Query Editor that is customized for the features
 
 The following data sources are officially supported:
 
-- [Alertmanager]({{< relref "../../datasources/alertmanager/" >}})
-- [AWS CloudWatch]({{< relref "aws-cloudwatch/" >}})
-- [Azure Monitor]({{< relref "azuremonitor/" >}})
-- [Elasticsearch]({{< relref "../../datasources/elasticsearch/" >}})
-- [Google Cloud Monitoring]({{< relref "google-cloud-monitoring/" >}})
-- [Graphite]({{< relref "../../datasources/graphite/" >}})
-- [InfluxDB]({{< relref "influxdb/" >}})
-- [Loki]({{< relref "../../datasources/loki/" >}})
-- [Microsoft SQL Server (MSSQL)]({{< relref "../../datasources/mssql/" >}})
-- [MySQL]({{< relref "../../datasources/mysql/" >}})
-- [OpenTSDB]({{< relref "../../datasources/opentsdb/" >}})
-- [PostgreSQL]({{< relref "../../datasources/postgres/" >}})
-- [Prometheus]({{< relref "../../datasources/prometheus/" >}})
-- [Jaeger]({{< relref "../../datasources/jaeger/" >}})
-- [Zipkin]({{< relref "../../datasources/zipkin/" >}})
-- [Tempo]({{< relref "../../datasources/tempo/" >}})
-- [Testdata]({{< relref "../../datasources/testdata/" >}})
+- [Alertmanager]({{< relref "./alertmanager/" >}})
+- [AWS CloudWatch]({{< relref "./aws-cloudwatch/" >}})
+- [Azure Monitor]({{< relref "./azuremonitor/" >}})
+- [Elasticsearch]({{< relref "./elasticsearch/" >}})
+- [Google Cloud Monitoring]({{< relref "./google-cloud-monitoring/" >}})
+- [Graphite]({{< relref "./graphite/" >}})
+- [InfluxDB]({{< relref "./influxdb/" >}})
+- [Loki]({{< relref "./loki/" >}})
+- [Microsoft SQL Server (MSSQL)]({{< relref "./mssql/" >}})
+- [MySQL]({{< relref "./mysql/" >}})
+- [OpenTSDB]({{< relref "./opentsdb/" >}})
+- [PostgreSQL]({{< relref "./postgres/" >}})
+- [Prometheus]({{< relref "./prometheus/" >}})
+- [Jaeger]({{< relref "./jaeger/" >}})
+- [Zipkin]({{< relref "./zipkin/" >}})
+- [Tempo]({{< relref "./tempo/" >}})
+- [Testdata]({{< relref "./testdata/" >}})
 
 In addition to the data sources that you have configured in your Grafana, there are three special data sources available:
 

docs/sources/datasources/azuremonitor/_index.md

@@ -103,7 +103,7 @@ Further documentation on multi-dimensional metrics is available [here](https://d
 
 #### Supported Azure Monitor metrics
 
-Not all metrics returned by the Azure Monitor Metrics API have values. To make it easier for you when building a query, the Grafana data source has a list of supported metrics and ignores metrics which will never have values. This list is updated regularly as new services and metrics are added to the Azure cloud. For more information about the list of metrics, refer to [current supported namespaces](https://github.com/grafana/grafana/blob/main/public/app/plugins/datasource/grafana-azure-monitor-datasource/azure_monitor/supported_namespaces.ts).
+Not all metrics returned by the Azure Monitor Metrics API have values. To make it easier for you when building a query, the Grafana data source has a list of supported metrics and ignores metrics which will never have values. This list is updated regularly as new services and metrics are added to the Azure cloud. For more information about the list of metrics, refer to [current supported namespaces](https://github.com/grafana/grafana/blob/main/public/app/plugins/datasource/grafana-azure-monitor-datasource/azureMetadata/metricNamespaces.ts).
 
 ### Querying Azure Monitor Logs
 

docs/sources/datasources/azuremonitor/deprecated-application-insights.md

@@ -18,7 +18,9 @@ weight: 999
 
 # Deprecated Application Insights and Insights Analytics
 
-Application Insights and Insights Analytics are two ways to query the same Azure Application Insights data, which can also be queried from Metrics and Logs. In Grafana 8.0, Application Insights and Insights Analytics are deprecated and made read-only in favor of querying this data through Metrics and Logs. Existing queries will continue to work, but you cannot edit them. New panels are not able to use Application Insights or Insights Analytics.
+Application Insights and Insights Analytics are two ways to query the same Azure Application Insights data, which can also be queried from Metrics and Logs. In Grafana 8.0, Application Insights and Insights Analytics were deprecated and made read-only in favor of querying this data through Metrics and Logs.
+
+These query methods were completely removed in Grafana 9.0.
 
 Azure Monitor Metrics and Azure Monitor Logs do not use Application Insights API keys, so make sure the data source is configured with an Azure AD app registration that has access to Application Insights.
 

docs/sources/datasources/azuremonitor/template-variables.md

@@ -25,23 +25,15 @@ types of template variables.
 
 The Azure Monitor data source provides the following queries you can specify in the Query field in the Variable edit view
 
-| Name                                                                               | Description                                                                                            |
-| ---------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------ |
-| `Subscriptions()`                                                                  | Returns subscriptions.                                                                                 |
-| `ResourceGroups()`                                                                 | Returns resource groups.                                                                               |
-| `ResourceGroups(subscriptionID)`                                                   | Returns resource groups for a specified subscription.                                                  |
-| `Namespaces(aResourceGroup)`                                                       | Returns namespaces for the default subscription and specified resource group.                          |
-| `Namespaces(subscriptionID, aResourceGroup)`                                       | Returns namespaces for the specified subscription and resource group.                                  |
-| `ResourceNames(aResourceGroup, aNamespace)`                                        | Returns a list of resource names.                                                                      |
-| `ResourceNames(subscriptionID, aResourceGroup, aNamespace)`                        | Returns a list of resource names for a specified subscription.                                         |
-| `MetricNamespace(aResourceGroup, aNamespace, aResourceName)`                       | Returns a list of metric namespaces.                                                                   |
-| `MetricNamespace(subscriptionID, aResourceGroup, aNamespace, aResourceName)`       | Returns a list of metric namespaces for a specified subscription.                                      |
-| `MetricNames(aResourceGroup, aMetricDefinition, aResourceName, aMetricNamespace)`  | Returns a list of metric names.                                                                        |
-| `MetricNames(aSubscriptionID, aMetricDefinition, aResourceName, aMetricNamespace)` | Returns a list of metric names for a specified subscription.                                           |
-| `workspaces()`                                                                     | Returns a list of workspaces for the default subscription.                                             |
-| `workspaces(subscriptionID)`                                                       | Returns a list of workspaces for the specified subscription (the parameter can be quoted or unquoted). |
-
-Where a subscription ID is not specified, a default subscription must be specified in the data source configuration, which will be used.
+| Name            | Description                                                                                  |
+| --------------- | -------------------------------------------------------------------------------------------- |
+| Subscriptions   | Returns subscriptions.                                                                       |
+| Resource Groups | Returns resource groups for a specified subscription.                                        |
+| Namespaces      | Returns metric namespaces for the specified subscription and resource group.                 |
+| Resource Names  | Returns a list of resource names for a specified subscription, resource group and namespace. |
+| Metric Names    | Returns a list of metric names for a resource.                                               |
+| Workspaces      | Returns a list of workspaces for the specified subscription.                                 |
+| Logs            | Use a KQL query to return values.                                                            |
 
 Any Log Analytics KQL query that returns a single list of values can also be used in the Query field. For example:
 

docs/sources/datasources/jaeger.md

@@ -66,6 +66,16 @@ This is a configuration for the beta Node Graph visualization. The Node Graph is
 
 -- **Enable Node Graph -** Enables the Node Graph visualization.
 
+### Span bar label
+
+You can configure the span bar label. The span bar label allows you add additional information to the span bar row.
+
+Select one of the following four options. The default selection is Duration.
+
+- **None -** Do not show any additional information on the span bar row.
+- **Duration -** Show the span duration on the span bar row.
+- **Tag -** Show the span tag on the span bar row. Note: You will also need to specify the tag key to use to get the tag value. For example, `span.kind`.
+
 ## Query traces
 
 You can query and display traces from Jaeger via [Explore]({{< relref "../explore/" >}}).

docs/sources/datasources/loki.md

@@ -61,9 +61,9 @@ The new field with the link shown in log details:
 
 ## Loki query editor
 
-Loki query editor is separated into 3 distinct modes that you can switch between. See docs for each section below.
+Loki query editor is separated into 2 distinct modes that you can switch between. See docs for each section below.
 
-At the top of the editor, select `Run queries` to run a query. Select `Explain | Builder | Code` tabs to switch between the editor modes. If the query editor is in Builder mode, there are additional elements explained in the Builder section.
+At the top of the editor, select `Run queries` to run a query. Select `Builder | Code` tabs to switch between the editor modes. If the query editor is in Builder mode, there are additional elements explained in the Builder section.
 
 > **Note:** In Explore, to run Loki queries, select `Run query`.
 
@@ -107,6 +107,7 @@ In addition to `Run query` button and mode switcher, in builder mode additional
 | Name           | Description                                                                                                                       |
 | -------------- | --------------------------------------------------------------------------------------------------------------------------------- |
 | Query patterns | A list of useful operation patterns that can be used to quickly add multiple operations to your query to achieve a specific goal. |
+| Explain        | Toggle to show a step by step explanation of all query parts and the operations.                                                  |
 | Raw query      | Toggle to show raw query generated by the builder that will be sent to Loki instance.                                             |
 
 #### Labels selector
@@ -123,14 +124,18 @@ Operation can have additional parameters under the operation header. See the ope
 
 Some operations make sense only in specific order, if adding an operation would result in nonsensical query, operation will be added to the correct place. To order operations manually drag operation box by the operation name and drop in appropriate place.
 
+##### Hints
+
+In same cases the query editor can detect which operations would be most appropriate for a selected log stream. In such cases it will show a hint next to the `+ Operations` button. Click on the hint to add the operations to your query.
+
+#### Explain mode
+
+Explain mode helps with understanding the query. It shows a step by step explanation of all query parts and the operations.
+
 #### Raw query
 
 This section is shown only if the `Raw query` switch from the query editor top toolbar is set to `on`. It shows the raw query that will be created and executed by the query editor.
 
-### Explain mode
-
-Explain mode helps with understanding the query. It shows a step by step explanation of all query parts and the operations.
-
 ## Querying with Loki
 
 There are two types of LogQL queries:

docs/sources/datasources/mssql.md

@@ -182,7 +182,7 @@ A time series query result is returned in a [wide data frame format]({{< relref
 
 > For backward compatibility, there's an exception to the above rule for queries that return three columns including a string column named metric. Instead of transforming the metric column into field labels, it becomes the field name, and then the series name is formatted as the value of the metric column. See the example with the metric column below.
 
-To optionally customize the default series name formatting, refer to [Standard field definitions]({{< relref "../panels/standard-field-definitions/#display-name" >}}).
+To optionally customize the default series name formatting, refer to [Standard options definitions]({{< relref "../panels/configure-standard-options/#display-name" >}}).
 
 **Example with `metric` column:**
 
@@ -226,7 +226,7 @@ GROUP BY
 ORDER BY 1
 ```
 
-Given the data frame result in the following example and using the graph panel, you will get two series named _value 10.0.1.1_ and _value 10.0.1.2_. To render the series with a name of _10.0.1.1_ and _10.0.1.2_ , use a [Standard field definition]({{< relref "../panels/standard-field-definitions/#display-name" >}}) display name value of `${__field.labels.hostname}`.
+Given the data frame result in the following example and using the graph panel, you will get two series named _value 10.0.1.1_ and _value 10.0.1.2_. To render the series with a name of _10.0.1.1_ and _10.0.1.2_ , use a [Standard options definitions]({{< relref "../panels/configure-standard-options/#display-name" >}}) display name value of `${__field.labels.hostname}`.
 
 Data frame result:
 

docs/sources/datasources/mysql.md

@@ -191,7 +191,7 @@ A time series query result is returned in a [wide data frame format]({{< relref
 
 > For backward compatibility, there's an exception to the above rule for queries that return three columns including a string column named metric. Instead of transforming the metric column into field labels, it becomes the field name, and then the series name is formatted as the value of the metric column. See the example with the metric column below.
 
-To optionally customize the default series name formatting, refer to [Standard field definitions]({{< relref "../panels/standard-field-definitions/#display-name" >}}).
+To optionally customize the default series name formatting, refer to [Standard options definitions]({{< relref "../panels/configure-standard-options/#display-name" >}}).
 
 **Example with `metric` column:**
 
@@ -233,7 +233,7 @@ GROUP BY time, hostname
 ORDER BY time
 ```
 
-Given the data frame result in the following example and using the graph panel, you will get two series named _value 10.0.1.1_ and _value 10.0.1.2_. To render the series with a name of _10.0.1.1_ and _10.0.1.2_ , use a [Standard field definition]({{< relref "../panels/standard-field-definitions/#display-name" >}}) display value of `${__field.labels.hostname}`.
+Given the data frame result in the following example and using the graph panel, you will get two series named _value 10.0.1.1_ and _value 10.0.1.2_. To render the series with a name of _10.0.1.1_ and _10.0.1.2_ , use a [[Standard options definitions]({{< relref "../panels/configure-standard-options/#display-name" >}}) display value of `${__field.labels.hostname}`.
 
 Data frame result:
 

docs/sources/datasources/postgres.md

@@ -196,7 +196,7 @@ A time series query result is returned in a [wide data frame format]({{< relref
 
 > For backward compatibility, there's an exception to the above rule for queries that return three columns including a string column named metric. Instead of transforming the metric column into field labels, it becomes the field name, and then the series name is formatted as the value of the metric column. See the example with the metric column below.
 
-To optionally customize the default series name formatting, refer to [Standard field definitions]({{< relref "../panels/standard-field-definitions/#display-name" >}}).
+To optionally customize the default series name formatting, refer to [Standard options definitions]({{< relref "../panels/configure-standard-options/#display-name" >}}).
 
 **Example with `metric` column:**
 
@@ -238,7 +238,7 @@ GROUP BY time, hostname
 ORDER BY time
 ```
 
-Given the data frame result in the following example and using the graph panel, you will get two series named _value 10.0.1.1_ and _value 10.0.1.2_. To render the series with a name of _10.0.1.1_ and _10.0.1.2_ , use a [Standard field definition]({{< relref "../panels/standard-field-definitions/#display-name" >}}) display value of `${__field.labels.hostname}`.
+Given the data frame result in the following example and using the graph panel, you will get two series named _value 10.0.1.1_ and _value 10.0.1.2_. To render the series with a name of _10.0.1.1_ and _10.0.1.2_ , use a [Standard options definitions]({{< relref "../panels/configure-standard-options/#display-name" >}}) display value of `${__field.labels.hostname}`.
 
 Data frame result:
 
@@ -462,7 +462,7 @@ datasources:
       timescaledb: false
 ```
 
-> **Note:** In the above code, the `postgresVersion` value of `10` refers to version PotgreSQL 10 and above.
+> **Note:** In the above code, the `postgresVersion` value of `10` refers to version PostgreSQL 10 and above.
 
 If you encounter metric request errors or other issues:
 

docs/sources/datasources/tempo.md

@@ -84,6 +84,16 @@ This is a configuration for the Loki search query type.
 
 -- **Data source -** The Loki instance in which you want to search traces. You must configure derived fields in the Loki instance.
 
+### Span bar label
+
+You can configure the span bar label. The span bar label allows you add additional information to the span bar row.
+
+Select one of the following four options. The default selection is Duration.
+
+- **None -** Do not show any additional information on the span bar row.
+- **Duration -** Show the span duration on the span bar row.
+- **Tag -** Show the span tag on the span bar row. Note: You will also need to specify the tag key to use to get the tag value. For example, `span.kind`.
+
 ## Query traces
 
 You can query and display traces from Tempo via [Explore]({{< relref "../explore/" >}}).

docs/sources/datasources/zipkin.md

@@ -65,6 +65,16 @@ This is a configuration for the beta Node Graph visualization. The Node Graph is
 
 -- **Enable Node Graph -** Enables the Node Graph visualization.
 
+### Span bar label
+
+You can configure the span bar label. The span bar label allows you add additional information to the span bar row.
+
+Select one of the following four options. The default selection is Duration.
+
+- **None -** Do not show any additional information on the span bar row.
+- **Duration -** Show the span duration on the span bar row.
+- **Tag -** Show the span tag on the span bar row. Note: You will also need to specify the tag key to use to get the tag value. For example, `span.kind`.
+
 ## Query traces
 
 Querying and displaying traces from Zipkin is available via [Explore]({{< relref "../explore/" >}}).