"Release: Updated versions in package to 9.1.4" (#498)

* Chore: Update slate and related packages

(cherry picked from commit a70aba1384)

.betterer.ts

@@ -1,28 +1,18 @@
 import { regexp } from '@betterer/regexp';
-import { eslint } from '@betterer/eslint';
 import { BettererFileTest } from '@betterer/betterer';
+import { ESLint, Linter } from 'eslint';
+import { existsSync } from 'fs';
 
 export default {
   'no enzyme tests': () => regexp(/from 'enzyme'/g).include('**/*.test.*'),
-  'better eslint': () =>
-    eslint({
-      '@typescript-eslint/no-explicit-any': 'error',
-      '@typescript-eslint/consistent-type-assertions': [
-        'error',
-        {
-          assertionStyle: 'never',
-        },
-      ],
-    }).include('**/*.{ts,tsx}'),
-  'no undocumented stories': () => countUndocumentedStories().include('**/*.{story.tsx,mdx}'),
+  'better eslint': () => countEslintErrors().include('**/*.{ts,tsx}'),
+  'no undocumented stories': () => countUndocumentedStories().include('**/*.story.tsx'),
 };
 
 function countUndocumentedStories() {
   return new BettererFileTest(async (filePaths, fileTestResult) => {
-    const storyFilePaths = filePaths.filter((filePath) => filePath.endsWith('story.tsx'));
-    const mdxFilePaths = filePaths.filter((filePath) => filePath.endsWith('mdx'));
-    storyFilePaths.forEach((filePath) => {
-      if (!mdxFilePaths.includes(filePath.replace(/\.story.tsx$/, '.mdx'))) {
+    filePaths.forEach((filePath) => {
+      if (!existsSync(filePath.replace(/\.story.tsx$/, '.mdx'))) {
         // In this case the file contents don't matter:
         const file = fileTestResult.addFile(filePath, '');
         // Add the issue to the first character of the file:
@@ -31,3 +21,52 @@ function countUndocumentedStories() {
     });
   });
 }
+
+function countEslintErrors() {
+  return new BettererFileTest(async (filePaths, fileTestResult, resolver) => {
+    const { baseDirectory } = resolver;
+    const cli = new ESLint({ cwd: baseDirectory });
+
+    await Promise.all(
+      filePaths.map(async (filePath) => {
+        const linterOptions = (await cli.calculateConfigForFile(filePath)) as Linter.Config;
+
+        const rules: Partial<Linter.RulesRecord> = {
+          '@typescript-eslint/no-explicit-any': 'error',
+        };
+
+        const isTestFile =
+          filePath.endsWith('.test.tsx') || filePath.endsWith('.test.ts') || filePath.includes('__mocks__');
+
+        if (!isTestFile) {
+          rules['@typescript-eslint/consistent-type-assertions'] = [
+            'error',
+            {
+              assertionStyle: 'never',
+            },
+          ];
+        }
+
+        const runner = new ESLint({
+          baseConfig: {
+            ...linterOptions,
+            rules,
+          },
+          useEslintrc: false,
+          cwd: baseDirectory,
+        });
+
+        const lintResults = await runner.lintFiles([filePath]);
+        lintResults
+          .filter((lintResult) => lintResult.source)
+          .forEach((lintResult) => {
+            const { messages } = lintResult;
+            const file = fileTestResult.addFile(filePath, '');
+            messages.forEach((message, index) => {
+              file.addIssue(0, 0, message.message, `${index}`);
+            });
+          });
+      })
+    );
+  });
+}

.drone.star

@@ -4,12 +4,12 @@
 # 3. Run `make drone`
 # More information about this process here: https://github.com/grafana/deployment_tools/blob/master/docs/infrastructure/drone/signing.md
 
-load('scripts/drone/pipelines/pr.star', 'pr_pipelines')
-load('scripts/drone/pipelines/main.star', 'main_pipelines')
+load('scripts/drone/events/pr.star', 'pr_pipelines')
+load('scripts/drone/events/main.star', 'main_pipelines')
 load('scripts/drone/pipelines/docs.star', 'docs_pipelines')
-load('scripts/drone/pipelines/release.star', 'release_pipelines', 'publish_image_pipelines', 'publish_artifacts_pipelines', 'publish_npm_pipelines', 'publish_packages_pipeline')
+load('scripts/drone/events/release.star', 'release_pipelines', 'publish_image_pipelines', 'publish_artifacts_pipelines', 'publish_npm_pipelines', 'publish_packages_pipeline', 'artifacts_page_pipeline')
 load('scripts/drone/version.star', 'version_branch_pipelines')
-load('scripts/drone/pipelines/cron.star', 'cronjobs')
+load('scripts/drone/events/cron.star', 'cronjobs')
 load('scripts/drone/vault.star', 'secrets')
 
 def main(ctx):
@@ -17,5 +17,5 @@ def main(ctx):
     return pr_pipelines(edition=edition) + main_pipelines(edition=edition) + release_pipelines() + \
         publish_image_pipelines('public') + publish_image_pipelines('security') + \
         publish_artifacts_pipelines('security') + publish_artifacts_pipelines('public') + \
-        publish_npm_pipelines('public') + publish_packages_pipeline() + \
+        publish_npm_pipelines('public') + publish_packages_pipeline() + artifacts_page_pipeline() + \
         version_branch_pipelines() + cronjobs(edition=edition) + secrets()

.eslintignore

@@ -17,7 +17,7 @@ vendor
 # TS generate from cue by cuetsy
 **/*.gen.ts
 
-# Auto-generated localisation files
+# Auto-generated internationalization files
 public/locales/_build/
 public/locales/**/*.js
 

.github/CODEOWNERS

@@ -38,10 +38,10 @@ go.sum @grafana/backend-platform
 # Observability backend code
 /pkg/tsdb/prometheus @grafana/observability-metrics
 /pkg/tsdb/influxdb @grafana/observability-metrics
-/pkg/tsdb/elasticsearch @grafana/observability-logs-and-traces
+/pkg/tsdb/elasticsearch @grafana/observability-logs
 /pkg/tsdb/graphite @grafana/observability-metrics
 /pkg/tsdb/jaeger @grafana/observability-logs-and-traces
-/pkg/tsdb/loki @grafana/observability-logs-and-traces
+/pkg/tsdb/loki @grafana/observability-logs
 /pkg/tsdb/zipkin @grafana/observability-logs-and-traces
 /pkg/tsdb/tempo @grafana/observability-logs-and-traces
 
@@ -108,6 +108,7 @@ pkg/tsdb/testdatasource/sims/ @grafana/grafana-edge-squad
 /public/app/features/comments/ @grafana/grafana-edge-squad
 /public/app/features/dimensions/ @grafana/grafana-edge-squad
 /public/app/features/geo/ @grafana/grafana-edge-squad
+/public/app/features/storage/ @grafana/grafana-edge-squad
 /public/app/features/live/ @grafana/grafana-edge-squad
 /public/app/features/explore/ @grafana/observability-experience-squad
 /public/app/features/plugins @grafana/plugins-platform-frontend
@@ -116,7 +117,7 @@ pkg/tsdb/testdatasource/sims/ @grafana/grafana-edge-squad
 /public/app/plugins/panel/barchart @grafana/grafana-bi-squad
 /public/app/plugins/panel/heatmap @grafana/grafana-bi-squad
 /public/app/plugins/panel/histogram @grafana/grafana-bi-squad
-/public/app/plugins/panel/logs @grafana/observability-logs-and-traces
+/public/app/plugins/panel/logs @grafana/observability-logs
 /public/app/plugins/panel/nodeGraph @grafana/observability-logs-and-traces
 /public/app/plugins/panel/piechart @grafana/grafana-bi-squad
 /public/app/plugins/panel/state-timeline @grafana/grafana-bi-squad
@@ -143,18 +144,19 @@ lerna.json @grafana/frontend-ops
 .eslintrc @grafana/frontend-ops
 .pa11yci.conf.js @grafana/user-essentials
 .pa11yci-pr.conf.js @grafana/user-essentials
+.betterer.results @joshhunt
 
 # @grafana/ui component documentation
 *.mdx @marcusolsson @jessover9000 @grafana/plugins-platform-frontend
 
 # Core datasources
 /public/app/plugins/datasource/cloudwatch @grafana/aws-plugins
-/public/app/plugins/datasource/elasticsearch @grafana/observability-logs-and-traces
+/public/app/plugins/datasource/elasticsearch @grafana/observability-logs
 /public/app/plugins/datasource/grafana-azure-monitor-datasource @grafana/cloud-provider-plugins
 /public/app/plugins/datasource/graphite @grafana/observability-metrics
 /public/app/plugins/datasource/influxdb @grafana/observability-metrics
 /public/app/plugins/datasource/jaeger @grafana/observability-logs-and-traces
-/public/app/plugins/datasource/loki @grafana/observability-logs-and-traces
+/public/app/plugins/datasource/loki @grafana/observability-logs
 /public/app/plugins/datasource/mssql @grafana/grafana-bi-squad
 /public/app/plugins/datasource/mysql @grafana/grafana-bi-squad
 /public/app/plugins/datasource/opentsdb @grafana/backend-platform

.github/commands.json

@@ -79,7 +79,7 @@
     "name":"datasource/Azure",
     "action":"addToProject",
     "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/97"
+      "url":"https://github.com/orgs/grafana/projects/190"
     }
   },
   {
@@ -103,7 +103,7 @@
     "name":"datasource/GoogleCloudMonitoring",
     "action":"addToProject",
     "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/97"
+      "url":"https://github.com/orgs/grafana/projects/190"
     }
   },
   {
@@ -138,20 +138,12 @@
       "url":"https://github.com/orgs/grafana/projects/112"
     }
   },
-  {
-    "type":"label",
-    "name":"datasource/OpenSearch",
-    "action":"addToProject",
-    "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/110"
-    }
-  },
   {
     "type":"label",
     "name":"datasource/Loki",
     "action":"addToProject",
     "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/110"
+      "url":"https://github.com/orgs/grafana/projects/203"
     }
   },
   {
@@ -167,7 +159,7 @@
     "name":"datasource/Elasticsearch",
     "action":"addToProject",
     "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/110"
+      "url":"https://github.com/orgs/grafana/projects/203"
     }
   },
   {

.github/renovate.json5

@@ -4,12 +4,10 @@
   ],
   "enabledManagers": ["npm"],
   "ignoreDeps": [
-    "@grafana/slate-react", // should be updated when the `slate` package is updated
     "@types/systemjs",
     "@types/d3-force", // we should bump this once we move to esm modules
     "@types/d3-interpolate", // we should bump this once we move to esm modules
     "@types/d3-scale-chromatic", // we should bump this once we move to esm modules
-    "@types/grafana__slate-react", // should be updated when the `slate` package is updated
     "@types/react-icons", // jaeger-ui-components is being refactored to use @grafana/ui icons instead
     "commander", // we are planning to remove this, so no need to update it
     "d3",
@@ -25,8 +23,6 @@
     "react-icons", // jaeger-ui-components is being refactored to use @grafana/ui icons instead
     "react-redux", // react-beautiful-dnd depends on react-redux 7.x, we need to update that one first
     "react-router-dom", // we should bump this together with history
-    "slate",
-    "slate-plain-serializer",
     "systemjs",
     "copy-webpack-plugin", // try to upgrade with newer yarn release. Not working with 3.1.1
     "ts-loader", // we should remove ts-loader and use babel-loader instead

.github/workflows/bump-version.yml

@@ -74,7 +74,7 @@ jobs:
           repository: "grafana/grafana-github-actions"
           path: ./actions
           ref: main
-      - uses: actions/setup-node@v3.3.0
+      - uses: actions/setup-node@v3.4.0
         with:
           node-version: '16'
       - name: Install Actions

.github/workflows/cloud-data-sources-code-coverage.yml

@@ -14,4 +14,7 @@ on:
 
 jobs:
   workflow-call:
-    uses: grafana/code-coverage/.github/workflows/code-coverage.yml@v0.1.2
+    uses: grafana/code-coverage/.github/workflows/code-coverage.yml@v0.1.6
+    with:
+      frontend-path-regexp: public\/app\/plugins\/datasource\/(grafana-azure-monitor-datasource|cloud-monitoring|cloudwatch)
+      backend-path-regexp: pkg\/tsdb\/(azuremonitor|cloudmonitoring|cloudwatch)

.github/workflows/detect-breaking-changes-build.yml

@@ -15,6 +15,10 @@ jobs:
       with: 
         path: './pr'
 
+    - uses: actions/setup-node@v3
+      with:
+        node-version: 16.16.0
+
     - name: Get yarn cache directory path
       id: yarn-cache-dir-path
       run: echo "::set-output name=dir::$(yarn config get cacheFolder)"
@@ -56,6 +60,10 @@ jobs:
         path: './base'
         ref: ${{ github.event.pull_request.base.ref }}
 
+    - uses: actions/setup-node@v3
+      with:
+        node-version: 16.16.0
+
     - name: Get yarn cache directory path
       id: yarn-cache-dir-path
       run: echo "::set-output name=dir::$(yarn config get cacheFolder)"

.github/workflows/doc-validator.yml

@@ -0,0 +1,16 @@
+name: "doc-validator"
+on:
+  pull_request:
+    paths: ["docs/sources/**"]
+  workflow_dispatch:
+jobs:
+  doc-validator:
+    runs-on: "ubuntu-latest"
+    container:
+      image: "grafana/doc-validator:latest"
+    steps:
+      - name: "Checkout code"
+        uses: "actions/checkout@v3"
+      - name: "Run doc-validator tool"
+        # Ensure that the CI always passes until all errors are resolved.
+        run: "doc-validator ./docs/sources || true"

.github/workflows/publish.yml

@@ -3,7 +3,7 @@ name: publish_docs
 on:
   push:
     branches:
-    - main
+    - v9.1.x
     paths:
     - 'docs/sources/**'
     - 'packages/grafana-*/**'
@@ -17,7 +17,7 @@ jobs:
     - uses: actions/checkout@v3
     - run: git clone --single-branch --no-tags --depth 1 -b master https://grafanabot:${{ secrets.GH_BOT_ACCESS_TOKEN }}@github.com/grafana/website-sync ./.github/actions/website-sync
     - name: generate-packages-docs
-      uses: actions/setup-node@v3.3.0
+      uses: actions/setup-node@v3.4.0
       id: generate-docs
       with:
         node-version: '16'
@@ -41,7 +41,7 @@ jobs:
         host: github.com
         github_pat: '${{ secrets.GH_BOT_ACCESS_TOKEN }}'
         source_folder: docs/sources
-        target_folder: content/docs/grafana/next
+        target_folder: content/docs/grafana/latest
         allow_no_changes: 'true'
     - shell: bash
       run: |

.gitignore

@@ -118,6 +118,7 @@ pkg/cmd/grafana-server/__debug_bin
 
 /scripts/build/release_publisher/release_publisher
 *.patch
+!.yarn/patches/*.patch
 
 # Ignoring frontend packages specifics
 /packages/**/dist
@@ -162,7 +163,7 @@ compilation-stats.json
 !pkg/coremodel/**/*_gen.go
 !pkg/framework/**/*_gen.go
 
-# Auto-generated localisation files
+# Auto-generated internationalization files
 public/locales/_build/
 public/locales/**/*.js
 

.linguirc

@@ -1,8 +1,8 @@
 {
   "locales": [
-    "en",
-    "fr",
-    "es",
+    "en-US",
+    "fr-FR",
+    "es-ES",
     "pseudo-LOCALE"
   ],
   "catalogs": [
@@ -20,11 +20,11 @@
     }
   ],
   "fallbackLocales": {
-    "pseudo-LOCALE": "en",
-    "default": "en"
+    "pseudo-LOCALE": "en-US",
+    "default": "en-US"
   },
   "pseudoLocale": "pseudo-LOCALE",
-  "sourceLocale": "en",
+  "sourceLocale": "en-US",
   "format": "po",
   "formatOptions": {
     "lineNumbers": false

.pa11yci-pr.conf.js

@@ -3,6 +3,7 @@ var config = {
     concurrency: 1,
     runners: ['axe'],
     useIncognitoBrowserContext: false,
+    standard: 'WCAG2AA',
     chromeLaunchConfig: {
       args: ['--no-sandbox'],
     },
@@ -60,7 +61,7 @@ var config = {
       rootElement: '.main-view',
       // the unified alerting promotion alert's content contrast is too low
       // see https://github.com/grafana/grafana/pull/41829
-      threshold: 5,
+      threshold: 4,
     },
     {
       url: '${HOST}/datasources',
@@ -96,7 +97,7 @@ var config = {
       url: '${HOST}/org/apikeys',
       wait: 500,
       rootElement: '.main-view',
-      threshold: 0,
+      threshold: 3,
     },
     {
       url: '${HOST}/dashboards',

.pa11yci.conf.js

@@ -3,6 +3,7 @@ var config = {
     concurrency: 1,
     runners: ['axe'],
     useIncognitoBrowserContext: false,
+    standard: 'WCAG2AA',
     chromeLaunchConfig: {
       args: ['--no-sandbox'],
     },

.prettierignore

@@ -18,7 +18,7 @@ vendor
 # TS generate from cue by cuetsy
 **/*.gen.ts
 
-# Auto-generated localisation files
+# Auto-generated internationalization files
 public/locales/_build/
 public/locales/**/*.js
 

.yarn/sdks/eslint/package.json

@@ -1,6 +1,6 @@
 {
   "name": "eslint",
-  "version": "8.17.0-sdk",
+  "version": "8.20.0-sdk",
   "main": "./lib/api.js",
   "type": "commonjs"
 }

.yarn/sdks/integrations.yml

@@ -2,5 +2,5 @@
 # Manual changes might be lost!
 
 integrations:
-  - vscode
   - vim
+  - vscode

.yarn/sdks/prettier/package.json

@@ -1,6 +1,6 @@
 {
   "name": "prettier",
-  "version": "2.6.2-sdk",
+  "version": "2.7.1-sdk",
   "main": "./index.js",
   "type": "commonjs"
 }

.yarn/sdks/typescript/package.json

@@ -1,6 +1,6 @@
 {
   "name": "typescript",
-  "version": "4.6.4-sdk",
+  "version": "4.7.4-sdk",
   "main": "./lib/typescript.js",
   "type": "commonjs"
 }

.yarnrc.yml

@@ -3,40 +3,37 @@ enableTelemetry: false
 nodeLinker: pnp
 
 packageExtensions:
-  "@grafana/slate-react@0.22.10-grafana":
-    peerDependencies:
-      slate-react: ">=0.22.0"
-  "@mdx-js/loader@1.6.22":
+  '@mdx-js/loader@1.6.22':
     peerDependencies:
       react: 17.0.1
-  "@storybook/addon-docs@6.4.21":
+  '@storybook/addon-docs@6.4.21':
     peerDependencies:
-      "@storybook/manager-webpack5": 6.4.21
-  "@storybook/addon-essentials@6.4.21":
+      '@storybook/manager-webpack5': 6.4.21
+  '@storybook/addon-essentials@6.4.21':
     peerDependencies:
-      "@storybook/components": 6.4.21
-      "@storybook/core-events": 6.4.21
-      "@storybook/manager-webpack5": 6.4.21
-      "@storybook/theming": 6.4.21
-  "@storybook/core-server@6.4.21":
+      '@storybook/components': 6.4.21
+      '@storybook/core-events': 6.4.21
+      '@storybook/manager-webpack5': 6.4.21
+      '@storybook/theming': 6.4.21
+  '@storybook/core-server@6.4.21':
     peerDependencies:
-      "@babel/core": ^7.0.0
-  "@storybook/core@6.4.21":
+      '@babel/core': ^7.0.0
+  '@storybook/core@6.4.21':
     peerDependencies:
-      "@babel/core": ^7.0.0
-      "@storybook/manager-webpack5": 6.4.21
-  "@storybook/csf-tools@6.4.21":
+      '@babel/core': ^7.0.0
+      '@storybook/manager-webpack5': 6.4.21
+  '@storybook/csf-tools@6.4.21':
     peerDependencies:
-      "@babel/core": ^7.0.0
-  "@storybook/react@6.4.21":
+      '@babel/core': ^7.0.0
+  '@storybook/react@6.4.21':
     peerDependencies:
-      "@storybook/manager-webpack5": 6.4.21
+      '@storybook/manager-webpack5': 6.4.21
   doctrine@3.0.0:
     dependencies:
       assert: 2.0.0
   moveable@0.30.0:
     dependencies:
-      "@daybrush/utils": 1.7.0
+      '@daybrush/utils': 1.7.0
       framework-utils: ^1.1.0
   rc-time-picker@3.7.3:
     peerDependencies:
@@ -51,9 +48,9 @@ packageExtensions:
       react-simple-compat: 1.2.2
   react-compat-moveable@0.18.0:
     dependencies:
-      "@egjs/agent": ^2.2.1
-      "@egjs/children-differ": ^1.0.1
-      "@scena/matrix": 1.1.1
+      '@egjs/agent': ^2.2.1
+      '@egjs/children-differ': ^1.0.1
+      '@scena/matrix': 1.1.1
       css-to-mat: ^1.0.3
       gesto: ^1.9.0
       overlap-area: ^1.0.0
@@ -65,20 +62,20 @@ packageExtensions:
       webpack: 4.41.5
   react-icons@2.2.7:
     peerDependencies:
-      prop-types: "*"
+      prop-types: '*'
   react-resizable@3.0.4:
     peerDependencies:
       react-dom: 17.0.1
-  "@npmcli/run-script@4.1.3":
+  '@npmcli/run-script@4.1.3':
     dependencies:
       which: ^2.0.2
 
 plugins:
   - path: .yarn/plugins/@yarnpkg/plugin-typescript.cjs
-    spec: "@yarnpkg/plugin-typescript"
+    spec: '@yarnpkg/plugin-typescript'
   - path: .yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
-    spec: "@yarnpkg/plugin-interactive-tools"
+    spec: '@yarnpkg/plugin-interactive-tools'
   - path: .yarn/plugins/@yarnpkg/plugin-outdated.cjs
-    spec: "https://mskelton.dev/yarn-outdated/v2"
+    spec: 'https://mskelton.dev/yarn-outdated/v2'
 
-yarnPath: .yarn/releases/yarn-3.2.1.cjs
+yarnPath: .yarn/releases/yarn-3.2.2.cjs

CHANGELOG.md

@@ -1,3 +1,488 @@
+<!-- 9.1.2 START -->
+
+# 9.1.2 (2022-08-30)
+
+### Features and enhancements
+
+- **AdHoc variable:** Correctly preselect datasource when provisioning. [#54088](https://github.com/grafana/grafana/pull/54088), [@dprokop](https://github.com/dprokop)
+- **AzureMonitor:** Added ARG query function for template variables. [#53059](https://github.com/grafana/grafana/pull/53059), [@yaelleC](https://github.com/yaelleC)
+- **Dashboard save:** Persist details message when navigating through dashboard save drawer's tabs. [#54084](https://github.com/grafana/grafana/pull/54084), [@vbeskrovnov](https://github.com/vbeskrovnov)
+- **Dashboards:** Correctly migrate mixed data source targets. [#54152](https://github.com/grafana/grafana/pull/54152), [@dprokop](https://github.com/dprokop)
+- **Elasticsearch:** Use millisecond intervals for alerting. [#54157](https://github.com/grafana/grafana/pull/54157), [@gabor](https://github.com/gabor)
+- **Elasticsearch:** Use millisecond intervals in frontend. [#54202](https://github.com/grafana/grafana/pull/54202), [@gabor](https://github.com/gabor)
+- **Geomap:** Local color range. [#54348](https://github.com/grafana/grafana/pull/54348), [@adela-almasan](https://github.com/adela-almasan)
+- **Plugins Catalog:** Use appSubUrl to generate plugins catalog urls. [#54426](https://github.com/grafana/grafana/pull/54426), [@academo](https://github.com/academo)
+- **Rendering:** Add support for renderer token. [#54425](https://github.com/grafana/grafana/pull/54425), [@joanlopez](https://github.com/joanlopez)
+
+### Bug fixes
+
+- **Alerting:** Fix saving of screenshots uploaded with a signed url. [#53933](https://github.com/grafana/grafana/pull/53933), [@VDVsx](https://github.com/VDVsx)
+- **AngularPanels:** Fixing changing angular panel options not taking having affect when coming back from panel edit. [#54087](https://github.com/grafana/grafana/pull/54087), [@torkelo](https://github.com/torkelo)
+- **Explore:** Improve a11y of query row collapse button. [#53827](https://github.com/grafana/grafana/pull/53827), [@L-M-K-B](https://github.com/L-M-K-B)
+- **Geomap:** Fix tooltip display. [#54245](https://github.com/grafana/grafana/pull/54245), [@adela-almasan](https://github.com/adela-almasan)
+- **QueryEditorRow:** Filter data on mount. [#54260](https://github.com/grafana/grafana/pull/54260), [@asimpson](https://github.com/asimpson)
+- **Search:** Show all dashboards in the folder view. [#54163](https://github.com/grafana/grafana/pull/54163), [@ryantxu](https://github.com/ryantxu)
+- **Tracing:** Fix the event attributes in opentelemetry tracing. [#54117](https://github.com/grafana/grafana/pull/54117), [@ying-jeanne](https://github.com/ying-jeanne)
+
+### Plugin development fixes & changes
+
+- **GrafanaUI:** Fix styles for invalid selects & DataSourcePicker. [#53476](https://github.com/grafana/grafana/pull/53476), [@Elfo404](https://github.com/Elfo404)
+
+<!-- 9.1.2 END -->
+<!-- 9.1.1 START -->
+
+# 9.1.1 (2022-08-23)
+
+### Features and enhancements
+
+- **Cloud Monitoring:** Support SLO burn rate. [#53710](https://github.com/grafana/grafana/pull/53710), [@itkq](https://github.com/itkq)
+- **Schema:** Restore "hidden" in LegendDisplayMode. [#53925](https://github.com/grafana/grafana/pull/53925), [@academo](https://github.com/academo)
+- **Timeseries:** Revert the timezone(s) property name change back to singular. [#53926](https://github.com/grafana/grafana/pull/53926), [@academo](https://github.com/academo)
+
+### Bug fixes
+
+- **Alerting:** Fix links in Microsoft Teams notifications. [#54003](https://github.com/grafana/grafana/pull/54003), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Alerting:** Fix notifications for Microsoft Teams. [#53810](https://github.com/grafana/grafana/pull/53810), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Alerting:** Fix width of Adaptive Cards in Teams notifications. [#53996](https://github.com/grafana/grafana/pull/53996), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **ColorPickerInput:** Fix popover in disabled state. [#54000](https://github.com/grafana/grafana/pull/54000), [@Clarity-89](https://github.com/Clarity-89)
+- **Decimals:** Fixes auto decimals to behave the same for positive and negative values. [#53960](https://github.com/grafana/grafana/pull/53960), [@JoaoSilvaGrafana](https://github.com/JoaoSilvaGrafana)
+- **Loki:** Fix unique log row id generation. [#53932](https://github.com/grafana/grafana/pull/53932), [@gabor](https://github.com/gabor)
+- **Plugins:** Fix file extension in development authentication guide. [#53838](https://github.com/grafana/grafana/pull/53838), [@pbzona](https://github.com/pbzona)
+- **TimeSeries:** Fix jumping legend issue. [#53671](https://github.com/grafana/grafana/pull/53671), [@zoltanbedi](https://github.com/zoltanbedi)
+- **TimeSeries:** Fix memory leak on viz re-init caused by KeyboardPlugin. [#53872](https://github.com/grafana/grafana/pull/53872), [@leeoniya](https://github.com/leeoniya)
+
+### Plugin development fixes & changes
+
+- **TimePicker:** Fixes relative timerange of less than a day not displaying. [#53975](https://github.com/grafana/grafana/pull/53975), [@JoaoSilvaGrafana](https://github.com/JoaoSilvaGrafana)
+- **GrafanaUI:** Fixes ClipboardButton to always keep multi line content. [#53903](https://github.com/grafana/grafana/pull/53903), [@JoaoSilvaGrafana](https://github.com/JoaoSilvaGrafana)
+
+<!-- 9.1.1 END -->
+<!-- 9.1.0 START -->
+
+# 9.1.0 (2022-08-16)
+
+### Features and enhancements
+
+- **API:** Allow creating teams with a user defined identifier. [#48710](https://github.com/grafana/grafana/pull/48710), [@papagian](https://github.com/papagian)
+- **Alerting:** Adds interval and For to alert rule details. [#53211](https://github.com/grafana/grafana/pull/53211), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Extend PUT rule-group route to write the entire rule group rather than top-level fields only. [#53078](https://github.com/grafana/grafana/pull/53078), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Use Adaptive Cards in Teams notifications. [#53532](https://github.com/grafana/grafana/pull/53532), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Azure Monitor:** Add Network Insights Dashboard. [#50362](https://github.com/grafana/grafana/pull/50362), [@Teddy-Lin](https://github.com/Teddy-Lin)
+- **Chore:** Improve logging of unrecoverable errors. [#53664](https://github.com/grafana/grafana/pull/53664), [@sakjur](https://github.com/sakjur)
+- **Correlations:** Add UpdateCorrelation HTTP API. [#52444](https://github.com/grafana/grafana/pull/52444), [@Elfo404](https://github.com/Elfo404)
+- **Dashboard:** Reverted the changes of hiding multi-select and all variable in the datasource picker. [#53521](https://github.com/grafana/grafana/pull/53521), [@lpskdl](https://github.com/lpskdl)
+- **Geomap:** Add alpha day/night layer. [#50201](https://github.com/grafana/grafana/pull/50201), [@ryantxu](https://github.com/ryantxu)
+- **Geomap:** Add measuring tools. [#51608](https://github.com/grafana/grafana/pull/51608), [@drew08t](https://github.com/drew08t)
+- **GrafanaUI:** Add success state to ClipboardButton. [#52069](https://github.com/grafana/grafana/pull/52069), [@evictorero](https://github.com/evictorero)
+- **Heatmap:** Replace the heatmap panel with new implementation. [#50229](https://github.com/grafana/grafana/pull/50229), [@ryantxu](https://github.com/ryantxu)
+- **KVStore:** Allow empty value in kv_store. [#53416](https://github.com/grafana/grafana/pull/53416), [@spinillos](https://github.com/spinillos)
+- **Prometheus:** Promote Azure auth flag to configuration. [#53447](https://github.com/grafana/grafana/pull/53447), [@andresmgot](https://github.com/andresmgot)
+- **Reports:** Save and update in reports should be transactional. (Enterprise)
+- **Reports:** Set uid when we don't receive it in the query. (Enterprise)
+- **Search:** Display only dashboards in General folder of Search Folder View. [#53607](https://github.com/grafana/grafana/pull/53607), [@lpskdl](https://github.com/lpskdl)
+- **Status history/State timeline:** Support datalinks. [#50226](https://github.com/grafana/grafana/pull/50226), [@jloupdef](https://github.com/jloupdef)
+- **Transform:** Add a limit transform. [#49291](https://github.com/grafana/grafana/pull/49291), [@josiahg](https://github.com/josiahg)
+- **Transformations:** Add standard deviation and variance reducers. [#49753](https://github.com/grafana/grafana/pull/49753), [@selvavm](https://github.com/selvavm)
+
+### Bug fixes
+
+- **API:** Fix snapshot responses. [#52998](https://github.com/grafana/grafana/pull/52998), [@papagian](https://github.com/papagian)
+- **Access Control:** Fix permission error during dashboard creation flow. [#53214](https://github.com/grafana/grafana/pull/53214), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **Access Control:** Set permissions for Grafana's test data source. [#53247](https://github.com/grafana/grafana/pull/53247), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **Alerting:** Fix migration failure. [#53253](https://github.com/grafana/grafana/pull/53253), [@papagian](https://github.com/papagian)
+- **BarGauge:** Show empty bar when value, minValue and maxValue are all equal. [#53314](https://github.com/grafana/grafana/pull/53314), [@ashharrison90](https://github.com/ashharrison90)
+- **Dashboard:** Fix color of bold and italics text in panel description tooltip. [#53380](https://github.com/grafana/grafana/pull/53380), [@joshhunt](https://github.com/joshhunt)
+- **Loki:** Fix passing of query with defaults to code mode. [#53646](https://github.com/grafana/grafana/pull/53646), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Fix producing correct log volume query for query with comments. [#53254](https://github.com/grafana/grafana/pull/53254), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Fix showing of unusable labels field in detected fields. [#53319](https://github.com/grafana/grafana/pull/53319), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Reports:** Fix inconsistency reports. (Enterprise)
+- **Tracing:** Fix OpenTelemetry Jaeger context propagation. [#53269](https://github.com/grafana/grafana/pull/53269), [@zhichli](https://github.com/zhichli)
+- **Tracing:** Fix OpenTelemetry Jaeger context propagation (#53269). [#53724](https://github.com/grafana/grafana/pull/53724), [@idafurjes](https://github.com/idafurjes)
+- **[9.1.x] Alerting:** AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled. [#53679](https://github.com/grafana/grafana/pull/53679), [@yuri-tceretian](https://github.com/yuri-tceretian)
+
+### Breaking changes
+
+Alert notifications to Microsoft Teams now use Adaptive Cards instead of Office 365 Connector Cards. Issue [#53532](https://github.com/grafana/grafana/issues/53532)
+
+Starting at 9.1.0, existing heatmap panels will start using a new implementation. This can be disabled by setting the `useLegacyHeatmapPanel` feature flag to true. It can be tested on a single dashbobard by adding `?__feature.useLegacyHeatmapPanel=true` to any dashboard URL. Please report any [heatmap migration issues.](https://github.com/grafana/grafana/issues/new/choose). The most notable changes are:
+
+- Significantly improved rendering performance
+- When calculating heatmaps, the buckets are now placed on reasonable borders (1m, 5m, 30s etc)
+- Round cells are no longer supported
+  Issue [#50229](https://github.com/grafana/grafana/issues/50229)
+
+### Plugin development fixes & changes
+
+- **Plugins:** Only pass `rootUrls` field in request when not empty. [#53135](https://github.com/grafana/grafana/pull/53135), [@wbrowne](https://github.com/wbrowne)
+
+<!-- 9.1.0 END -->
+<!-- 9.1.0-beta1 START -->
+
+# 9.1.0-beta1 (unreleased)
+
+### Features and enhancements
+
+- **API:** Migrate CSRF to service and support additional options. [#48120](https://github.com/grafana/grafana/pull/48120), [@sakjur](https://github.com/sakjur)
+- **API:** Move swagger definitions to the handlers and rename operations after them. [#52643](https://github.com/grafana/grafana/pull/52643), [@papagian](https://github.com/papagian)
+- **Access Control:** Allow org admins to invite new users. [#52894](https://github.com/grafana/grafana/pull/52894), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **AccessControl:** Check dashboards permission for reports. (Enterprise)
+- **Alerting:** Add config disabled_labels to disable reserved labels. [#51832](https://github.com/grafana/grafana/pull/51832), [@JacobsonMT](https://github.com/JacobsonMT)
+- **Alerting:** Add custom templated title to Wecom notifier. [#51529](https://github.com/grafana/grafana/pull/51529), [@dingweiqings](https://github.com/dingweiqings)
+- **Alerting:** Add file provisioning for alert rules. [#51635](https://github.com/grafana/grafana/pull/51635), [@JohnnyQQQQ](https://github.com/JohnnyQQQQ)
+- **Alerting:** Add file provisioning for contact points. [#51924](https://github.com/grafana/grafana/pull/51924), [@JohnnyQQQQ](https://github.com/JohnnyQQQQ)
+- **Alerting:** Add file provisioning for mute timings. [#52936](https://github.com/grafana/grafana/pull/52936), [@JohnnyQQQQ](https://github.com/JohnnyQQQQ)
+- **Alerting:** Add file provisioning for notification policies. [#52877](https://github.com/grafana/grafana/pull/52877), [@JohnnyQQQQ](https://github.com/JohnnyQQQQ)
+- **Alerting:** Add file provisioning for text templates. [#52952](https://github.com/grafana/grafana/pull/52952), [@JohnnyQQQQ](https://github.com/JohnnyQQQQ)
+- **Alerting:** Add first Grafana reserved label grafana_folder. [#50262](https://github.com/grafana/grafana/pull/50262), [@JacobsonMT](https://github.com/JacobsonMT)
+- **Alerting:** Add support for images in Kafka alerts. [#50758](https://github.com/grafana/grafana/pull/50758), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Alerting:** Add support for images in VictorOps alerts. [#50759](https://github.com/grafana/grafana/pull/50759), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Alerting:** Adds contact point template syntax highlighting. [#51559](https://github.com/grafana/grafana/pull/51559), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Adds visual tokens for templates. [#51376](https://github.com/grafana/grafana/pull/51376), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Alert rules pagination. [#50612](https://github.com/grafana/grafana/pull/50612), [@konrad147](https://github.com/konrad147)
+- **Alerting:** Change **alertScreenshotToken** to **alertImageToken**. [#50771](https://github.com/grafana/grafana/pull/50771), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Alerting:** Configure alert manager data source as an external AM. [#52081](https://github.com/grafana/grafana/pull/52081), [@konrad147](https://github.com/konrad147)
+- **Alerting:** Do not include button in googlechat notification if URL invalid. [#47317](https://github.com/grafana/grafana/pull/47317), [@j6s](https://github.com/j6s)
+- **Alerting:** Group alert state history by labels and allow filtering. [#52784](https://github.com/grafana/grafana/pull/52784), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Make ticker to tick at predictable time. [#50197](https://github.com/grafana/grafana/pull/50197), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Persist rule position in the group. [#50051](https://github.com/grafana/grafana/pull/50051), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Prevent evaluation if "for" shorter than "evaluate". [#51797](https://github.com/grafana/grafana/pull/51797), [@peterholmberg](https://github.com/peterholmberg)
+- **Alerting:** Provisioning UI. [#50776](https://github.com/grafana/grafana/pull/50776), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Rule api to fail update if provisioned rules are affected. [#50835](https://github.com/grafana/grafana/pull/50835), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Scheduler to drop ticks if a rule's evaluation is too slow. [#48885](https://github.com/grafana/grafana/pull/48885), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Show evaluation interval global limit warning. [#52942](https://github.com/grafana/grafana/pull/52942), [@konrad147](https://github.com/konrad147)
+- **Alerting:** State manager to use tick time to determine stale states. [#50991](https://github.com/grafana/grafana/pull/50991), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Support for optimistic locking for alert rules. [#50274](https://github.com/grafana/grafana/pull/50274), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Update RBAC for alert rules to consider access to rule as access to group it belongs. [#49033](https://github.com/grafana/grafana/pull/49033), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Update default route groupBy to [grafana_folder, alertname]. [#50052](https://github.com/grafana/grafana/pull/50052), [@JacobsonMT](https://github.com/JacobsonMT)
+- **Alertmanager:** Adding SigV4 Authentication to Alertmanager Datasource. [#49718](https://github.com/grafana/grafana/pull/49718), [@lewinkedrs](https://github.com/lewinkedrs)
+- **Analytics:** Save all view time dates as UTC. (Enterprise)
+- **Annotations:** Migrate dashboardId to dashboardUID. [#52588](https://github.com/grafana/grafana/pull/52588), [@lpskdl](https://github.com/lpskdl)
+- **Auditing:** Allow users to have more verbose logs. (Enterprise)
+- **Auth:** Add lookup params for saml and LDAP sync. (Enterprise)
+- **Auth:** Add option for case insensitive login. [#49262](https://github.com/grafana/grafana/pull/49262), [@Jguer](https://github.com/Jguer)
+- **Auth:** Case insensitive ids duplicate usagestats. [#50724](https://github.com/grafana/grafana/pull/50724), [@eleijonmarck](https://github.com/eleijonmarck)
+- **Auth:** Implement Token URL Auth. [#52578](https://github.com/grafana/grafana/pull/52578), [@Jguer](https://github.com/Jguer)
+- **Auth:** Implement Token URL JWT Auth. [#52662](https://github.com/grafana/grafana/pull/52662), [@Jguer](https://github.com/Jguer)
+- **Auth:** Lockdown non-editables in frontend when external auth is configured. [#52160](https://github.com/grafana/grafana/pull/52160), [@Jguer](https://github.com/Jguer)
+- **Azure Monitor:** Add new dashboard with geo map for app insights test availability. [#52494](https://github.com/grafana/grafana/pull/52494), [@jcolladokuri](https://github.com/jcolladokuri)
+- **Azure Monitor:** New template variable editor. [#52594](https://github.com/grafana/grafana/pull/52594), [@andresmgot](https://github.com/andresmgot)
+- **Azure Monitor:** Restore Metrics query parameters: subscription, resourceGroup, metricNamespace and resourceName. [#52897](https://github.com/grafana/grafana/pull/52897), [@andresmgot](https://github.com/andresmgot)
+- **Chore:** Add dashboard UID as query parameter of Get annotation endpoint. [#52764](https://github.com/grafana/grafana/pull/52764), [@ying-jeanne](https://github.com/ying-jeanne)
+- **Chore:** Remove jest-coverage-badges dep from toolkit. [#49883](https://github.com/grafana/grafana/pull/49883), [@zoltanbedi](https://github.com/zoltanbedi)
+- **Chore:** Rename dashboardUID to dashboardUIDs in search endpoint and up…. [#52766](https://github.com/grafana/grafana/pull/52766), [@ying-jeanne](https://github.com/ying-jeanne)
+- **CloudWatch:** Add default log groups to config page. [#49286](https://github.com/grafana/grafana/pull/49286), [@iwysiu](https://github.com/iwysiu)
+- **CommandPalette:** Populate dashboard search when the palette is opened. [#51293](https://github.com/grafana/grafana/pull/51293), [@ryantxu](https://github.com/ryantxu)
+- **Core Plugins:** Add support for HTTP logger. [#46578](https://github.com/grafana/grafana/pull/46578), [@toddtreece](https://github.com/toddtreece)
+- **Correlations:** Add CreateCorrelation HTTP API. [#51630](https://github.com/grafana/grafana/pull/51630), [@Elfo404](https://github.com/Elfo404)
+- **Correlations:** Add DeleteCorrelation HTTP API. [#51801](https://github.com/grafana/grafana/pull/51801), [@Elfo404](https://github.com/Elfo404)
+- **Custom branding:** Add UI for setting configuration. (Enterprise)
+- **Custom branding:** Add custom branding service (early access). (Enterprise)
+- **Data Connections:** Create a new top-level page. [#50018](https://github.com/grafana/grafana/pull/50018), [@leventebalogh](https://github.com/leventebalogh)
+- **DataSource:** Allow data source plugins to set query default values. [#49581](https://github.com/grafana/grafana/pull/49581), [@sunker](https://github.com/sunker)
+- **Docs:** CSRF add configuration options and documentation for additional headers and origins. [#50473](https://github.com/grafana/grafana/pull/50473), [@eleijonmarck](https://github.com/eleijonmarck)
+- **Elasticsearch:** Added `modifyQuery` method to add filters in Explore. [#52313](https://github.com/grafana/grafana/pull/52313), [@svennergr](https://github.com/svennergr)
+- **Explore:** Add ability to include tags in trace to metrics queries. [#49433](https://github.com/grafana/grafana/pull/49433), [@connorlindsey](https://github.com/connorlindsey)
+- **Explore:** Download and upload service graphs for Tempo. [#50260](https://github.com/grafana/grafana/pull/50260), [@connorlindsey](https://github.com/connorlindsey)
+- **Explore:** Make service graph visualization use available vertical space. [#50518](https://github.com/grafana/grafana/pull/50518), [@connorlindsey](https://github.com/connorlindsey)
+- **Explore:** Reset Graph overrides if underlying series changes. [#49680](https://github.com/grafana/grafana/pull/49680), [@Elfo404](https://github.com/Elfo404)
+- **Explore:** Sort trace process attributes alphabetically. [#51261](https://github.com/grafana/grafana/pull/51261), [@connorlindsey](https://github.com/connorlindsey)
+- **Frontend Logging:** Integrate grafana javascript agent. [#50801](https://github.com/grafana/grafana/pull/50801), [@tolzhabayev](https://github.com/tolzhabayev)
+- **Geomap:** Add ability to select a data query filter for each layer. [#49966](https://github.com/grafana/grafana/pull/49966), [@mmandrus](https://github.com/mmandrus)
+- **Geomap:** Route/path visualization. [#43554](https://github.com/grafana/grafana/pull/43554), [@alexanderzobnin](https://github.com/alexanderzobnin)
+- **GeomapPanel:** Add base types to data layer options. [#50053](https://github.com/grafana/grafana/pull/50053), [@drew08t](https://github.com/drew08t)
+- **Graph Panel:** Add feature toggle that will allow automatic migration to timeseries panel. [#50631](https://github.com/grafana/grafana/pull/50631), [@ryantxu](https://github.com/ryantxu)
+- **Graphite:** Introduce new query types in annotation editor. [#52341](https://github.com/grafana/grafana/pull/52341), [@itsmylife](https://github.com/itsmylife)
+- **Infra:** Pass custom headers in resource request. [#51291](https://github.com/grafana/grafana/pull/51291), [@aocenas](https://github.com/aocenas)
+- **Insights:** Add RBAC for insights features. (Enterprise)
+- **Instrumentation:** Add more buckets to the HTTP request histogram. [#51492](https://github.com/grafana/grafana/pull/51492), [@bergquist](https://github.com/bergquist)
+- **Instrumentation:** Collect database connection stats. [#52797](https://github.com/grafana/grafana/pull/52797), [@bergquist](https://github.com/bergquist)
+- **Instrumentation:** Convert some metrics to histograms. [#50420](https://github.com/grafana/grafana/pull/50420), [@SuperQ](https://github.com/SuperQ)
+- **Jaeger:** Add support for variables. [#50500](https://github.com/grafana/grafana/pull/50500), [@joey-grafana](https://github.com/joey-grafana)
+- **LDAP:** Allow specifying LDAP timeout. [#48870](https://github.com/grafana/grafana/pull/48870), [@hannes-256](https://github.com/hannes-256)
+- **LibraryPanels:** Require only viewer permissions to use a Library Panel. [#50241](https://github.com/grafana/grafana/pull/50241), [@joshhunt](https://github.com/joshhunt)
+- **Licensing:** Usage-based billing reporting enhancements. (Enterprise)
+- **Logs:** Handle clicks on legend labels in histogram. [#49931](https://github.com/grafana/grafana/pull/49931), [@gabor](https://github.com/gabor)
+- **Logs:** Improve the color for unknown log level. [#52711](https://github.com/grafana/grafana/pull/52711), [@gabor](https://github.com/gabor)
+- **Loki/Logs:** Make it possible to copy log values to clipboard. [#50914](https://github.com/grafana/grafana/pull/50914), [@Seyaji](https://github.com/Seyaji)
+- **Loki:** Add hint for pipeline error to query builder. [#52134](https://github.com/grafana/grafana/pull/52134), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Add hints for level-like labels. [#52414](https://github.com/grafana/grafana/pull/52414), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Add support for IP label and line filter in query builder. [#52658](https://github.com/grafana/grafana/pull/52658), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Add unwrap with conversion function to builder. [#52639](https://github.com/grafana/grafana/pull/52639), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Implement hints for query builder. [#51795](https://github.com/grafana/grafana/pull/51795), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Move explain section to builder mode. [#52879](https://github.com/grafana/grafana/pull/52879), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Show label options for unwrap operation. [#52810](https://github.com/grafana/grafana/pull/52810), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Support json parser with expressions in query builder. [#51965](https://github.com/grafana/grafana/pull/51965), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Navigation:** Display `Starred` dashboards in the `Navbar`. [#51038](https://github.com/grafana/grafana/pull/51038), [@ashharrison90](https://github.com/ashharrison90)
+- **Node Graph Panel:** Add options to configure units and arc colors. [#51057](https://github.com/grafana/grafana/pull/51057), [@connorlindsey](https://github.com/connorlindsey)
+- **OAuth:** Allow role mapping from GitHub and GitLab groups. [#52407](https://github.com/grafana/grafana/pull/52407), [@Jguer](https://github.com/Jguer)
+- **Opentsdb:** Add tag values into the opentsdb response. [#48672](https://github.com/grafana/grafana/pull/48672), [@xy-man](https://github.com/xy-man)
+- **OptionsUI:** UnitPicker now supports isClearable setting. [#51064](https://github.com/grafana/grafana/pull/51064), [@ryantxu](https://github.com/ryantxu)
+- **PanelEdit:** Hide multi-/all-select datasource variables in datasource picker. [#52142](https://github.com/grafana/grafana/pull/52142), [@eledobleefe](https://github.com/eledobleefe)
+- **Piechart:** Implements series override -> hide in area for the legend or tooltip. [#51297](https://github.com/grafana/grafana/pull/51297), [@daniellee](https://github.com/daniellee)
+- **Plugin admin:** Add a page to show where panel plugins are used in dashboards. [#50909](https://github.com/grafana/grafana/pull/50909), [@ryantxu](https://github.com/ryantxu)
+- **Plugins:** Add validation for plugin manifest. [#52787](https://github.com/grafana/grafana/pull/52787), [@wbrowne](https://github.com/wbrowne)
+- **Prometheus:** Move explain section to builder mode. [#52935](https://github.com/grafana/grafana/pull/52935), [@itsmylife](https://github.com/itsmylife)
+- **Prometheus:** Support 1ms resolution intervals. [#44707](https://github.com/grafana/grafana/pull/44707), [@dankeder](https://github.com/dankeder)
+- **Prometheus:** Throw error on direct access. [#50162](https://github.com/grafana/grafana/pull/50162), [@aocenas](https://github.com/aocenas)
+- **RBAC:** Add RBAC for query caching. (Enterprise)
+- **RBAC:** Add access control metadata to folder dtos. [#51158](https://github.com/grafana/grafana/pull/51158), [@kalleep](https://github.com/kalleep)
+- **RBAC:** Allow app plugins access restriction. [#51524](https://github.com/grafana/grafana/pull/51524), [@gamab](https://github.com/gamab)
+- **RBAC:** Rename alerting roles to match naming convention. [#50504](https://github.com/grafana/grafana/pull/50504), [@gamab](https://github.com/gamab)
+- **Report:** Calculate grid height unit dynamically instead use hardcode values. (Enterprise)
+- **Reports:** Add created column in report_dashboards. (Enterprise)
+- **Reports:** Add dashboard title in all pdf pages. (Enterprise)
+- **Reports:** Allow saving draft reports. (Enterprise)
+- **Reports:** Multiple dashboards improvements. (Enterprise)
+- **SAML :** Support Azure Single Sign Out. (Enterprise)
+- **SAML:** Add NameIDFormat in SP metadata. (Enterprise)
+- **SAML:** Improve debug logs for saml logout. (Enterprise)
+- **SSE:** Add noData type. [#51973](https://github.com/grafana/grafana/pull/51973), [@kylebrandt](https://github.com/kylebrandt)
+- **Search:** Filter punctuation and tokenize camel case. [#51165](https://github.com/grafana/grafana/pull/51165), [@FZambia](https://github.com/FZambia)
+- **Search:** Sync state on read for HA consistency. [#50152](https://github.com/grafana/grafana/pull/50152), [@FZambia](https://github.com/FZambia)
+- **Security:** Choose Lookup params per auth module (CVE-2022-31107). [#52312](https://github.com/grafana/grafana/pull/52312), [@Jguer](https://github.com/Jguer)
+- **Service Accounts:** Managed permissions for service accounts. [#51818](https://github.com/grafana/grafana/pull/51818), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **Service accounts:** Grafana service accounts are enabled by default. [#51402](https://github.com/grafana/grafana/pull/51402), [@vtorosyan](https://github.com/vtorosyan)
+- **ServiceAccounts:** Add Prometheus metrics service. [#51831](https://github.com/grafana/grafana/pull/51831), [@Jguer](https://github.com/Jguer)
+- **ServiceAccounts:** Add Service Account Token last used at date. [#51446](https://github.com/grafana/grafana/pull/51446), [@Jguer](https://github.com/Jguer)
+- **SharePDF:** Use currently selected variables and time range when generating PDF. (Enterprise)
+- **Slider:** Enforce numeric constraints and styling within the text input. [#50905](https://github.com/grafana/grafana/pull/50905), [@drew08t](https://github.com/drew08t)
+- **State Timeline:** Enable support for annotations. [#47887](https://github.com/grafana/grafana/pull/47887), [@dprokop](https://github.com/dprokop)
+- **Table panel:** Add multiple data links support to Default, Image and JSONView cells. [#51162](https://github.com/grafana/grafana/pull/51162), [@dprokop](https://github.com/dprokop)
+- **TeamSync:** Remove LDAP specific example from team sync. [#51368](https://github.com/grafana/grafana/pull/51368), [@Jguer](https://github.com/Jguer)
+- **TeamSync:** Support case insensitive matches and wildcard groups. (Enterprise)
+- **Tempo:** Add context menu to edges. [#52396](https://github.com/grafana/grafana/pull/52396), [@joey-grafana](https://github.com/joey-grafana)
+- **Tempo:** Consider tempo search out of beta and remove beta badge and feature flags. [#50030](https://github.com/grafana/grafana/pull/50030), [@connorlindsey](https://github.com/connorlindsey)
+- **Tempo:** Tempo/Prometheus links select ds in new tab (cmd + click). [#52319](https://github.com/grafana/grafana/pull/52319), [@joey-grafana](https://github.com/joey-grafana)
+- **Time series panel:** Hide axis when series is hidden from the visualization. [#51432](https://github.com/grafana/grafana/pull/51432), [@dprokop](https://github.com/dprokop)
+- **TimeSeries:** Add option for symmetrical y axes (align 0). [#52555](https://github.com/grafana/grafana/pull/52555), [@leeoniya](https://github.com/leeoniya)
+- **TimeSeries:** Add option to match axis color to series color. [#51437](https://github.com/grafana/grafana/pull/51437), [@leeoniya](https://github.com/leeoniya)
+- **TimeSeries:** Improved constantY rendering parity with Graph (old). [#51401](https://github.com/grafana/grafana/pull/51401), [@leeoniya](https://github.com/leeoniya)
+- **Timeseries:** Support multiple timezones in x axis. [#52424](https://github.com/grafana/grafana/pull/52424), [@ryantxu](https://github.com/ryantxu)
+- **TopNav:** Adds new feature toggle for upcoming nav. [#51115](https://github.com/grafana/grafana/pull/51115), [@torkelo](https://github.com/torkelo)
+- **Traces:** APM table. [#48654](https://github.com/grafana/grafana/pull/48654), [@joey-grafana](https://github.com/joey-grafana)
+- **Traces:** Add absolute time to span details. [#50685](https://github.com/grafana/grafana/pull/50685), [@joey-grafana](https://github.com/joey-grafana)
+- **Traces:** Add horizontal scroll. [#50278](https://github.com/grafana/grafana/pull/50278), [@joey-grafana](https://github.com/joey-grafana)
+- **Traces:** Consistent span colors for service names. [#50782](https://github.com/grafana/grafana/pull/50782), [@joey-grafana](https://github.com/joey-grafana)
+- **Traces:** Move towards using OTEL naming conventions. [#51379](https://github.com/grafana/grafana/pull/51379), [@joey-grafana](https://github.com/joey-grafana)
+- **Traces:** Span bar label. [#50931](https://github.com/grafana/grafana/pull/50931), [@joey-grafana](https://github.com/joey-grafana)
+- **Transformations:** Add standard deviation and variance reducers. [#52769](https://github.com/grafana/grafana/pull/52769), [@ryantxu](https://github.com/ryantxu)
+- **Transforms:** Add Join by label transformation. [#52670](https://github.com/grafana/grafana/pull/52670), [@ryantxu](https://github.com/ryantxu)
+- **URL:** Encode certain special characters. [#51806](https://github.com/grafana/grafana/pull/51806), [@L-M-K-B](https://github.com/L-M-K-B)
+- **ValueMappings:** Make value mapping row focusable. [#52337](https://github.com/grafana/grafana/pull/52337), [@lpskdl](https://github.com/lpskdl)
+- **Variables:** Add 'jsonwithoutquote' formatting options for variables, and format of variable supports pipeline. [#51859](https://github.com/grafana/grafana/pull/51859), [@MicroOps-cn](https://github.com/MicroOps-cn)
+- **Variables:** Selectively reload panels on URL update. [#51003](https://github.com/grafana/grafana/pull/51003), [@toddtreece](https://github.com/toddtreece)
+- **Various Panels:** Add ability to toggle legend with keyboard shortcut. [#52241](https://github.com/grafana/grafana/pull/52241), [@alyssabull](https://github.com/alyssabull)
+
+### Bug fixes
+
+- **API:** Fix failing test by initialising legacy guardian when creating folder scenario. [#50800](https://github.com/grafana/grafana/pull/50800), [@vicmarbev](https://github.com/vicmarbev)
+- **Access control:** Show dashboard settings to users who can edit dashboard. [#52532](https://github.com/grafana/grafana/pull/52532), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **Alerting:** Fix RegExp matchers in frontend for Silences and other previews. [#51726](https://github.com/grafana/grafana/pull/51726), [@joeblubaugh](https://github.com/joeblubaugh)
+- **Alerting:** Fix rule API to accept 0 duration of field `For`. [#50992](https://github.com/grafana/grafana/pull/50992), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Increase alert rule operation perf by replacing subquery with threshold calculation. [#53069](https://github.com/grafana/grafana/pull/53069), [@alexweav](https://github.com/alexweav)
+- **Barchart Panel:** Fix threshold colors changing when data is refreshed. [#52038](https://github.com/grafana/grafana/pull/52038), [@mingozh](https://github.com/mingozh)
+- **Dashboard:** Fix iteration property change triggering unsaved changes warning. [#51272](https://github.com/grafana/grafana/pull/51272), [@torkelo](https://github.com/torkelo)
+- **Dashboards:** Disable variable pickers for snapshots. [#52827](https://github.com/grafana/grafana/pull/52827), [@joshhunt](https://github.com/joshhunt)
+- **Elasticsearch:** Always use fixed_interval. [#50297](https://github.com/grafana/grafana/pull/50297), [@gabor](https://github.com/gabor)
+- **Geomap:** Fix tooltip offset bug. [#52627](https://github.com/grafana/grafana/pull/52627), [@drew08t](https://github.com/drew08t)
+- **Geomap:** Update with template variable change. [#52007](https://github.com/grafana/grafana/pull/52007), [@drew08t](https://github.com/drew08t)
+- **Loki:** Fix adding of multiple label filters when parser. [#52335](https://github.com/grafana/grafana/pull/52335), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Fix support of ad-hoc filters for specific queries. [#51232](https://github.com/grafana/grafana/pull/51232), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Navigation:** Hide `Dashboards`/`Starred items` from navbar when unauthenticated. [#53051](https://github.com/grafana/grafana/pull/53051), [@ashharrison90](https://github.com/ashharrison90)
+- **PasswordReset:** Enforce password length check on password reset request. [#51005](https://github.com/grafana/grafana/pull/51005), [@asymness](https://github.com/asymness)
+- **Prometheus:** Fix integer overflow in rate interval calculation on 32-bit architectures. [#51508](https://github.com/grafana/grafana/pull/51508), [@andreasgerstmayr](https://github.com/andreasgerstmayr)
+- **Search:** Fix indexing - re-index after initial provisioning. [#50959](https://github.com/grafana/grafana/pull/50959), [@FZambia](https://github.com/FZambia)
+- **Slider:** Fixes styling of marker dots. [#52678](https://github.com/grafana/grafana/pull/52678), [@torkelo](https://github.com/torkelo)
+- **Tracing:** Fix links to traces in Explore. [#50113](https://github.com/grafana/grafana/pull/50113), [@connorlindsey](https://github.com/connorlindsey)
+
+### Breaking changes
+
+Some swagger operations and responses have been renamed to match the respective handler names in order to better highlight their relation.
+If you use the Swagger specification for generating code, you have to re-generate it and make the necessary adjustments. Issue [#52643](https://github.com/grafana/grafana/issues/52643)
+
+The following metrics have been converted to histograms:
+
+- grafana_datasource_request_total
+- grafana_datasource_request_duration_seconds
+- grafana_datasource_response_size_bytes
+- grafana_datasource_request_in_flight
+- grafana_plugin_request_duration_milliseconds
+- grafana_alerting_rule_evaluation_duration_seconds Issue [#50420](https://github.com/grafana/grafana/issues/50420)
+
+In Elasticsearch versions 7.x, to specify the interval-value we used the `interval` property. In Grafana 9.1.0 we switched to use the `fixed_interval` property. This makes it to be the same as in Elasticsearch versions 8.x, also this provides a more consistent experience, `fixed_interval` is a better match to Grafana's time invervals. For most situations this will not cause any visible change to query results. Issue [#50297](https://github.com/grafana/grafana/issues/50297)
+
+### Grafana now reserves alert labels prefixed with `grafana_`
+
+Labels prefixed with `grafana_` are reserved by Grafana for special use. If a manually configured label is added beginning with `grafana_` it may be overwritten in case of collision.
+
+The current list of labels created by Grafana and available for use anywhere manually configured labels are:
+
+| Label          | Description                               |
+| -------------- | ----------------------------------------- | --------------------------------------------------------------- |
+| grafana_folder | Title of the folder containing the alert. | Issue [#50262](https://github.com/grafana/grafana/issues/50262) |
+
+In Prometheus, browser access mode was deprecated in Grafana 7.4.0 and removed in 9.0.0. If you used this mode, please switch to server access mode on the datasource configuration page. Issue [#50162](https://github.com/grafana/grafana/issues/50162)
+
+### Plugin development fixes & changes
+
+- **Dropdown:** New dropdown component. [#52684](https://github.com/grafana/grafana/pull/52684), [@torkelo](https://github.com/torkelo)
+- **Grafana/UI:** Add ColorPickerInput component. [#52222](https://github.com/grafana/grafana/pull/52222), [@Clarity-89](https://github.com/Clarity-89)
+- **Plugins:** Validate root URLs when signing private plugins via grafana-toolkit. [#51968](https://github.com/grafana/grafana/pull/51968), [@wbrowne](https://github.com/wbrowne)
+
+<!-- 9.0.8 START -->
+
+# 9.0.8 (2022-08-30)
+
+### Features and enhancements
+
+- **Alerting:** Hide "no rules" message when we are fetching from data sources. [#53778](https://github.com/grafana/grafana/pull/53778), [@gillesdemey](https://github.com/gillesdemey)
+- **Rendering:** Add support for renderer token (#54425). [#54439](https://github.com/grafana/grafana/pull/54439), [@joanlopez](https://github.com/joanlopez)
+- **Reports:** Title is showing under panels. (Enterprise)
+- **Alerting:** AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled. [#53680](https://github.com/grafana/grafana/pull/53680), [@yuri-tceretian](https://github.com/yuri-tceretian)
+
+<!-- 9.0.8 END -->
+
+<!-- 9.0.7 START -->
+
+# 9.0.7 (2022-08-10)
+
+### Features and enhancements
+
+- **CloudMonitoring:** Remove link setting for SLO queries. [#53031](https://github.com/grafana/grafana/pull/53031), [@andresmgot](https://github.com/andresmgot)
+
+### Bug fixes
+
+- **GrafanaUI:** Render PageToolbar's leftItems regardless of title's presence. [#53285](https://github.com/grafana/grafana/pull/53285), [@Elfo404](https://github.com/Elfo404)
+
+<!-- 9.0.7 END -->
+<!-- 9.1.0-beta1 END -->
+<!-- 9.0.6 START -->
+
+# 9.0.6 (2022-08-01)
+
+### Features and enhancements
+
+- **Access Control:** Allow org admins to invite new users to their organization. [#52904](https://github.com/grafana/grafana/pull/52904), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+
+### Bug fixes
+
+- **Grafana/toolkit:** Fix incorrect image and font generation for plugin builds. [#52927](https://github.com/grafana/grafana/pull/52927), [@academo](https://github.com/academo)
+- **Prometheus:** Fix adding of multiple values for regex operator. [#52978](https://github.com/grafana/grafana/pull/52978), [@ivanahuckova](https://github.com/ivanahuckova)
+- **UI/Card:** Fix card items always having pointer cursor. [#52809](https://github.com/grafana/grafana/pull/52809), [@gillesdemey](https://github.com/gillesdemey)
+
+<!-- 9.0.6 END -->
+<!-- 9.0.5 START -->
+
+# 9.0.5 (2022-07-26)
+
+### Features and enhancements
+
+- **Access control:** Show dashboard settings to users who can edit dashboard. [#52535](https://github.com/grafana/grafana/pull/52535), [@grafanabot](https://github.com/grafanabot)
+- **Alerting:** Allow the webhook notifier to support a custom Authorization header. [#52515](https://github.com/grafana/grafana/pull/52515), [@gotjosh](https://github.com/gotjosh)
+- **Chore:** Upgrade to Go version 1.17.12. [#52523](https://github.com/grafana/grafana/pull/52523), [@sakjur](https://github.com/sakjur)
+- **Plugins:** Add signature wildcard globbing for dedicated private plugin type. [#52163](https://github.com/grafana/grafana/pull/52163), [@wbrowne](https://github.com/wbrowne)
+- **Prometheus:** Don't show errors from unsuccessful API checks like rules or exemplar checks. [#52193](https://github.com/grafana/grafana/pull/52193), [@darrenjaneczek](https://github.com/darrenjaneczek)
+
+### Bug fixes
+
+- **Access control:** Allow organisation admins to add existing users to org (#51668). [#52553](https://github.com/grafana/grafana/pull/52553), [@vtorosyan](https://github.com/vtorosyan)
+- **Alerting:** Fix alert panel instance-based rules filtering. [#52583](https://github.com/grafana/grafana/pull/52583), [@konrad147](https://github.com/konrad147)
+- **Apps:** Fixes navigation between different app plugin pages. [#52571](https://github.com/grafana/grafana/pull/52571), [@torkelo](https://github.com/torkelo)
+- **Cloudwatch:** Upgrade grafana-aws-sdk to fix auth issue with secret keys. [#52420](https://github.com/grafana/grafana/pull/52420), [@sarahzinger](https://github.com/sarahzinger)
+- **Grafana/toolkit:** Fix incorrect image and font generation for plugin builds. [#52661](https://github.com/grafana/grafana/pull/52661), [@academo](https://github.com/academo)
+- **Loki:** Fix `show context` not working in some occasions. [#52458](https://github.com/grafana/grafana/pull/52458), [@svennergr](https://github.com/svennergr)
+- **RBAC:** Fix permissions on dashboards and folders created by anonymous users. [#52615](https://github.com/grafana/grafana/pull/52615), [@gamab](https://github.com/gamab)
+
+<!-- 9.0.5 END -->
+<!-- 9.0.4 START -->
+
+# 9.0.4 (2022-07-20)
+
+### Features and enhancements
+
+- **Browse/Search:** Make browser back work properly when visiting Browse or search. [#52271](https://github.com/grafana/grafana/pull/52271), [@torkelo](https://github.com/torkelo)
+- **Logs:** Improve getLogRowContext API. [#52130](https://github.com/grafana/grafana/pull/52130), [@gabor](https://github.com/gabor)
+- **Loki:** Improve handling of empty responses. [#52397](https://github.com/grafana/grafana/pull/52397), [@gabor](https://github.com/gabor)
+- **Plugins:** Always validate root URL if specified in signature manfiest. [#52332](https://github.com/grafana/grafana/pull/52332), [@wbrowne](https://github.com/wbrowne)
+- **Preferences:** Get home dashboard from teams. [#52225](https://github.com/grafana/grafana/pull/52225), [@sakjur](https://github.com/sakjur)
+- **SQLStore:** Support Upserting multiple rows. [#52228](https://github.com/grafana/grafana/pull/52228), [@joeblubaugh](https://github.com/joeblubaugh)
+- **Traces:** Add more template variables in Tempo & Zipkin. [#52306](https://github.com/grafana/grafana/pull/52306), [@joey-grafana](https://github.com/joey-grafana)
+- **Traces:** Remove serviceMap feature flag. [#52375](https://github.com/grafana/grafana/pull/52375), [@joey-grafana](https://github.com/joey-grafana)
+
+### Bug fixes
+
+- **Access Control:** Fix missing folder permissions. [#52410](https://github.com/grafana/grafana/pull/52410), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **Access control:** Fix org user removal for OSS users. [#52473](https://github.com/grafana/grafana/pull/52473), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **Alerting:** Fix Slack notification preview. [#50230](https://github.com/grafana/grafana/pull/50230), [@ekrucio](https://github.com/ekrucio)
+- **Alerting:** Fix Slack push notifications. [#52391](https://github.com/grafana/grafana/pull/52391), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Alerting:** Fixes slack push notifications. [#50267](https://github.com/grafana/grafana/pull/50267), [@jgillick](https://github.com/jgillick)
+- **Alerting:** Preserve new-lines from custom email templates in rendered email. [#52253](https://github.com/grafana/grafana/pull/52253), [@alexweav](https://github.com/alexweav)
+- **Insights:** Fix dashboard and data source insights pages. (Enterprise)
+- **Log:** Fix text logging for unsupported types. [#51306](https://github.com/grafana/grafana/pull/51306), [@papagian](https://github.com/papagian)
+- **Loki:** Fix incorrect TopK value type in query builder. [#52226](https://github.com/grafana/grafana/pull/52226), [@ivanahuckova](https://github.com/ivanahuckova)
+
+<!-- 9.0.4 END -->
+<!-- 9.0.3 START -->
+
+# 9.0.3 (2022-07-14)
+
+### Features and enhancements
+
+- **Access Control:** Allow dashboard admins to query org users. [#51652](https://github.com/grafana/grafana/pull/51652), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **Access control:** Allow organisation admins to add existing users to org. [#51668](https://github.com/grafana/grafana/pull/51668), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **Alerting:** Add method to provisioning API for obtaining a group and its rules. [#51761](https://github.com/grafana/grafana/pull/51761), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Add method to provisioning API for obtaining a group and its rules. [#51398](https://github.com/grafana/grafana/pull/51398), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Allow filtering of contact points by name. [#51933](https://github.com/grafana/grafana/pull/51933), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Disable /api/admin/pause-all-alerts with Unified Alerting. [#51895](https://github.com/grafana/grafana/pull/51895), [@joeblubaugh](https://github.com/joeblubaugh)
+- **Analytics:** Add total queries and cached queries in usage insights logs. (Enterprise)
+- **Annotations:** Use point marker for short time range annotations. [#51520](https://github.com/grafana/grafana/pull/51520), [@codeincarnate](https://github.com/codeincarnate)
+- **AzureMonitor:** Update UI to experimental package. [#52123](https://github.com/grafana/grafana/pull/52123), [@asimpson](https://github.com/asimpson)
+- **AzureMonitor:** Update resource and namespace metadata. [#52030](https://github.com/grafana/grafana/pull/52030), [@despian](https://github.com/despian)
+- **CloudWatch:** Remove simplejson in favor of 'encoding/json'. [#51062](https://github.com/grafana/grafana/pull/51062), [@asimpson](https://github.com/asimpson)
+- **DashboardRow:** Collapse shortcut prevent to move the collapsed rows. [#51589](https://github.com/grafana/grafana/pull/51589), [@ivanortegaalba](https://github.com/ivanortegaalba)
+- **Insights:** Add dashboard UID to exported logs. (Enterprise)
+- **Navigation:** Highlight active nav item when Grafana is served from subpath. [#51767](https://github.com/grafana/grafana/pull/51767), [@kianelbo](https://github.com/kianelbo)
+- **Plugins:** InfluxDB datasource - set epoch query param value as "ms". [#51651](https://github.com/grafana/grafana/pull/51651), [@itsmylife](https://github.com/itsmylife)
+- **Plugins:** InfluxDB update time range query. [#51833](https://github.com/grafana/grafana/pull/51833), [@itsmylife](https://github.com/itsmylife)
+- **StateTimeline:** Try to sort time field. [#51569](https://github.com/grafana/grafana/pull/51569), [@zoltanbedi](https://github.com/zoltanbedi)
+
+### Bug fixes
+
+- **API:** Do not validate/save legacy alerts when saving a dashboard if legacy alerting is disabled. [#51883](https://github.com/grafana/grafana/pull/51883), [@papagian](https://github.com/papagian)
+- **Access Control:** Fix missing folder permissions. [#52153](https://github.com/grafana/grafana/pull/52153), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **Alerting:** Add method to reset notification policy tree back to the default. [#51934](https://github.com/grafana/grafana/pull/51934), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Fix Teams notifier not failing on 200 response with error. [#52254](https://github.com/grafana/grafana/pull/52254), [@JacobsonMT](https://github.com/JacobsonMT)
+- **Alerting:** Fix bug where state did not change between Alerting and Error. [#52204](https://github.com/grafana/grafana/pull/52204), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Alerting:** Fix consistency errors in OpenAPI documentation. [#51935](https://github.com/grafana/grafana/pull/51935), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Fix normalization of alert states for panel annotations. [#51637](https://github.com/grafana/grafana/pull/51637), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Provisioning API respects global rule quota. [#52180](https://github.com/grafana/grafana/pull/52180), [@alexweav](https://github.com/alexweav)
+- **CSRF:** Fix additional headers option. [#50629](https://github.com/grafana/grafana/pull/50629), [@sakjur](https://github.com/sakjur)
+- **Chore:** Bump parse-url to 6.0.2 to fix security vulnerabilities. [#51796](https://github.com/grafana/grafana/pull/51796), [@jackw](https://github.com/jackw)
+- **Chore:** Fix CVE-2020-7753. [#51752](https://github.com/grafana/grafana/pull/51752), [@jackw](https://github.com/jackw)
+- **Chore:** Fix CVE-2021-3807. [#51753](https://github.com/grafana/grafana/pull/51753), [@jackw](https://github.com/jackw)
+- **Chore:** Fix CVE-2021-3918. [#51745](https://github.com/grafana/grafana/pull/51745), [@jackw](https://github.com/jackw)
+- **Chore:** Fix CVE-2021-43138. [#51751](https://github.com/grafana/grafana/pull/51751), [@jackw](https://github.com/jackw)
+- **Chore:** Fix CVE-2022-0155. [#51755](https://github.com/grafana/grafana/pull/51755), [@jackw](https://github.com/jackw)
+- **Custom Branding:** Fix login logo size. (Enterprise)
+- **Dashboard:** Fixes tooltip issue with TimePicker and Setting buttons. [#51836](https://github.com/grafana/grafana/pull/51836), [@torkelo](https://github.com/torkelo)
+- **Dashboard:** Prevent unnecessary scrollbar when viewing single panel. [#52122](https://github.com/grafana/grafana/pull/52122), [@lpskdl](https://github.com/lpskdl)
+- **Logs:** Fixed wrapping log lines from detected fields. [#52108](https://github.com/grafana/grafana/pull/52108), [@svennergr](https://github.com/svennergr)
+- **Loki:** Add missing operators in label filter expression. [#51880](https://github.com/grafana/grafana/pull/51880), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Fix error when changing operations with different parameters. [#51779](https://github.com/grafana/grafana/pull/51779), [@svennergr](https://github.com/svennergr)
+- **Loki:** Fix suggesting of correct operations in query builder. [#52034](https://github.com/grafana/grafana/pull/52034), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Plugins:** InfluxDB variable interpolation fix. [#51917](https://github.com/grafana/grafana/pull/51917), [@itsmylife](https://github.com/itsmylife)
+- **Plugins:** InfluxDB variable interpolation fix for influxdbBackendMigration feature flag. [#51624](https://github.com/grafana/grafana/pull/51624), [@itsmylife](https://github.com/itsmylife)
+- **Reports:** Fix line breaks in message. (Enterprise)
+- **Reports:** Fix saving report formats. (Enterprise)
+- **SQLstore:** Fix fetching an inexistent playlist. [#51962](https://github.com/grafana/grafana/pull/51962), [@papagian](https://github.com/papagian)
+- **Security:** Fixes for CVE-2022-31107 and CVE-2022-31097. [#52279](https://github.com/grafana/grafana/pull/52279), [@kminehart](https://github.com/kminehart)
+- **Snapshots:** Fix deleting external snapshots when using RBAC. [#51897](https://github.com/grafana/grafana/pull/51897), [@idafurjes](https://github.com/idafurjes)
+- **Table:** Fix scrollbar being hidden by pagination. [#51501](https://github.com/grafana/grafana/pull/51501), [@zoltanbedi](https://github.com/zoltanbedi)
+- **Templating:** Changing between variables with the same name now correctly triggers a dashboard refresh. [#51490](https://github.com/grafana/grafana/pull/51490), [@ashharrison90](https://github.com/ashharrison90)
+- **Time series panel:** Fix an issue with stacks being not complete due to the incorrect data frame length. [#51910](https://github.com/grafana/grafana/pull/51910), [@dprokop](https://github.com/dprokop)
+- **[v9.0.x] Snapshots:** Fix deleting external snapshots when using RBAC (#51897). [#51904](https://github.com/grafana/grafana/pull/51904), [@idafurjes](https://github.com/idafurjes)
+
+<!-- 9.0.3 END -->
 <!-- 9.0.2 START -->
 
 # 9.0.2 (2022-06-28)
@@ -230,7 +715,7 @@ The `get_alert_rules_duration_seconds` metric has been renamed to `schedule_quer
 - Alternatively or complementarily to all the points above, backing up the Grafana database before updating could be a good idea to prevent disasters (although the risk of getting some secrets corrupted only applies to those updates/created with after updating to Grafana v9.0). Issue [#49301](https://github.com/grafana/grafana/issues/49301)
 
 - According to the dynamic labels documentation, you can use up to five dynamic values per label. There’s currently no such restriction in the alias pattern system, so if more than 5 patterns are being used the GetMetricData API will return an error.
-- Dynamic labels only allow ${LABEL} to be used once per query. There’s no such restriction in the alias pattern system, so in case more than 1 is being used the GetMetricData API will return an error.
+- Dynamic labels only allow \${LABEL} to be used once per query. There’s no such restriction in the alias pattern system, so in case more than 1 is being used the GetMetricData API will return an error.
 - When no alias is provided by the user, Grafana will no longer fallback with custom rules for naming the legend.
 - In case a search expression is being used and no data is returned, Grafana will no longer expand dimension values, for instance when using a multi-valued template variable or star wildcard `*` in the dimension value field. Ref https://github.com/grafana/grafana/issues/20729
 - Time series might be displayed in a different order. Using for example the dynamic label `${PROP('MetricName')}`, might have the consequence that the time series are returned in a different order compared to when the alias pattern `{{metric}}` is used
@@ -576,6 +1061,37 @@ In the Loki data source, for consistency and performance reasons, we changed how
 
 The dependency to [grafana/aws-sdk](https://github.com/grafana/grafana-aws-sdk-react) is moved from [grafana/ui](https://github.com/grafana/grafana/blob/main/packages/grafana-ui/package.json) to the plugin. This means that any plugin that use SIGV4 auth need to pass a SIGV4 editor component as a prop to the `DataSourceHttpSettings` component. Issue [#43559](https://github.com/grafana/grafana/issues/43559)
 
+<!-- 8.5.11 START -->
+
+# 8.5.11 (2022-08-30)
+
+### Features and enhancements
+
+- **Rendering:** Add support for renderer token (#54425). [#54438](https://github.com/grafana/grafana/pull/54438), [@joanlopez](https://github.com/joanlopez)
+- **Alerting:** AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled. [#53681](https://github.com/grafana/grafana/pull/53681), [@yuri-tceretian](https://github.com/yuri-tceretian)
+
+<!-- 8.5.11 END -->
+
+<!-- 8.5.10 START -->
+
+# 8.5.10 (2022-08-08)
+
+### Bug fixes
+
+- **RBAC:** Fix Anonymous Editors missing dashboard controls. [#52649](https://github.com/grafana/grafana/pull/52649), [@gamab](https://github.com/gamab)
+
+<!-- 8.5.10 END -->
+
+<!-- 8.5.9 START -->
+
+# 8.5.9 (2022-07-14)
+
+### Bug fixes
+
+- **Security:** Fixes for CVE-2022-31107 and CVE-2022-31097. [#52238](https://github.com/grafana/grafana/pull/52238), [@xlson](https://github.com/xlson)
+
+<!-- 8.5.9 END -->
+
 <!-- 8.5.6 START -->
 
 # 8.5.6 (2022-06-14)
@@ -816,6 +1332,26 @@ When user is using Github OAuth, GitHub login is showed as both Grafana login an
 
 The meaning of the default data source has now changed from being a persisted property in a panel. Before when you selected the default data source for a panel and later changed the default data source to another data source it would change all panels who were configured to use the default data source. From now on the default data source is just the default for new panels and changing the default will not impact any currently saved dashboards. Issue [#45132](https://github.com/grafana/grafana/issues/45132)
 
+<!-- 8.4.11 START -->
+
+# 8.4.11 (2022-08-30)
+
+### Features and enhancements
+
+- **Rendering:** Add support for renderer token (#54425). [#54437](https://github.com/grafana/grafana/pull/54437), [@joanlopez](https://github.com/joanlopez)
+
+<!-- 8.4.11 END -->
+
+<!-- 8.4.10 START -->
+
+# 8.4.10 (2022-07-14)
+
+### Bug fixes
+
+- **Security:** Fixes for CVE-2022-31107 and CVE-2022-31097. [#52218](https://github.com/grafana/grafana/pull/52218), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+
+<!-- 8.4.10 END -->
+
 <!-- 8.4.7 START -->
 
 # 8.4.7 (2022-04-19)
@@ -1003,6 +1539,16 @@ AngularJS plugin support is now in a deprecated state, meaning it will be remove
 - **News:** Reload feed when changing the time range or refreshing. [#42217](https://github.com/grafana/grafana/pull/42217), [@ashharrison90](https://github.com/ashharrison90)
 - **UI/Plot:** Implement keyboard controls for plot cursor. [#42244](https://github.com/grafana/grafana/pull/42244), [@kaydelaney](https://github.com/kaydelaney)
 
+<!-- 8.3.11 START -->
+
+# 8.3.11 (2022-08-30)
+
+### Features and enhancements
+
+- **Rendering:** Add support for renderer token (#54425). [#54436](https://github.com/grafana/grafana/pull/54436), [@joanlopez](https://github.com/joanlopez)
+
+<!-- 8.3.11 END -->
+
 <!-- 8.3.7 START -->
 
 # 8.3.7 (2022-03-01)
@@ -1076,7 +1622,7 @@ AngularJS plugin support is now in a deprecated state, meaning it will be remove
 - **Login:** Page no longer overflows on mobile. [#43739](https://github.com/grafana/grafana/pull/43739), [@ashharrison90](https://github.com/ashharrison90)
 - **Plugins:** Set backend metadata property for core plugins. [#43349](https://github.com/grafana/grafana/pull/43349), [@marefr](https://github.com/marefr)
 - **Prometheus:** Fill missing steps with null values. [#43622](https://github.com/grafana/grafana/pull/43622), [@ivanahuckova](https://github.com/ivanahuckova)
-- **Prometheus:** Fix interpolation of $\_\_rate_interval variable. [#44035](https://github.com/grafana/grafana/pull/44035), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Prometheus:** Fix interpolation of \$\_\_rate_interval variable. [#44035](https://github.com/grafana/grafana/pull/44035), [@ivanahuckova](https://github.com/ivanahuckova)
 - **Prometheus:** Interpolate variables with curly brackets syntax. [#42927](https://github.com/grafana/grafana/pull/42927), [@ivanahuckova](https://github.com/ivanahuckova)
 - **Prometheus:** Respect the http-method data source setting. [#42753](https://github.com/grafana/grafana/pull/42753), [@gabor](https://github.com/gabor)
 - **Table:** Fixes issue with field config applied to wrong fields when hiding columns. [#43376](https://github.com/grafana/grafana/pull/43376), [@torkelo](https://github.com/torkelo)
@@ -1393,7 +1939,7 @@ If an alert should evaluate to `OK` when one or all conditions return `No Data`
 - **Graph:** You can now see annotation descriptions on hover. [#40581](https://github.com/grafana/grafana/pull/40581), [@axelavargas](https://github.com/axelavargas)
 - **Logs:** The system now uses the JSON parser only if the line is parsed to an object. [#40507](https://github.com/grafana/grafana/pull/40507), [@ivanahuckova](https://github.com/ivanahuckova)
 - **Prometheus:** We fixed the issue where the system did not reuse TCP connections when querying from Grafana Alerting. [#40349](https://github.com/grafana/grafana/pull/40349), [@kminehart](https://github.com/kminehart)
-- **Prometheus:** We fixed the problem that resulted in an error when a user created a query with a $\_\_interval min step. [#40525](https://github.com/grafana/grafana/pull/40525), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Prometheus:** We fixed the problem that resulted in an error when a user created a query with a \$\_\_interval min step. [#40525](https://github.com/grafana/grafana/pull/40525), [@ivanahuckova](https://github.com/ivanahuckova)
 - **RowsToFields:** We fixed the issue where the system was not properly interpreting number values. [#40580](https://github.com/grafana/grafana/pull/40580), [@torkelo](https://github.com/torkelo)
 - **Scale:** We fixed how the system handles NaN percent when data min = data max. [#40622](https://github.com/grafana/grafana/pull/40622), [@torkelo](https://github.com/torkelo)
 - **Table panel:** You can now create a filter that includes special characters. [#40458](https://github.com/grafana/grafana/pull/40458), [@dprokop](https://github.com/dprokop)
@@ -1816,7 +2362,7 @@ Panel queries and/or annotation queries that used more than one statistic will b
 - **Legacy Alerting:** Replace simplejson with a struct in webhook notification channel. [#34952](https://github.com/grafana/grafana/pull/34952), [@KEVISONG](https://github.com/KEVISONG)
 - **Legend:** Updates display name for Last (not null) to just Last\*. [#35633](https://github.com/grafana/grafana/pull/35633), [@torkelo](https://github.com/torkelo)
 - **Logs panel:** Add option to show common labels. [#36166](https://github.com/grafana/grafana/pull/36166), [@ivanahuckova](https://github.com/ivanahuckova)
-- **Loki:** Add $\_\_range variable. [#36175](https://github.com/grafana/grafana/pull/36175), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Add \$\_\_range variable. [#36175](https://github.com/grafana/grafana/pull/36175), [@ivanahuckova](https://github.com/ivanahuckova)
 - **Loki:** Add support for "label_values(log stream selector, label)" in templating. [#35488](https://github.com/grafana/grafana/pull/35488), [@ivanahuckova](https://github.com/ivanahuckova)
 - **Loki:** Add support for ad-hoc filtering in dashboard. [#36393](https://github.com/grafana/grafana/pull/36393), [@ivanahuckova](https://github.com/ivanahuckova)
 - **MySQL Datasource:** Add timezone parameter. [#27535](https://github.com/grafana/grafana/pull/27535), [@andipabst](https://github.com/andipabst)

Dockerfile

@@ -20,14 +20,13 @@ COPY emails emails
 ENV NODE_ENV production
 RUN yarn build
 
-FROM golang:1.17.11-alpine3.15 as go-builder
+FROM golang:1.17.12-alpine3.15 as go-builder
 
 RUN apk add --no-cache gcc g++ make
 
 WORKDIR /grafana
 
 COPY go.mod go.sum embed.go Makefile build.go package.json ./
-COPY cue cue
 COPY packages/grafana-schema packages/grafana-schema
 COPY public/app/plugins public/app/plugins
 COPY public/api-spec.json public/api-spec.json
@@ -40,7 +39,7 @@ RUN go mod verify
 RUN make build-go
 
 # Final stage
-FROM alpine:3.15
+FROM alpine:3.15.6
 
 LABEL maintainer="Grafana team <hello@grafana.com>"
 
@@ -76,6 +75,7 @@ RUN export GF_GID_NAME=$(getent group $GF_GID | cut -d':' -f1) && \
   "$GF_PATHS_PROVISIONING/notifiers" \
   "$GF_PATHS_PROVISIONING/plugins" \
   "$GF_PATHS_PROVISIONING/access-control" \
+  "$GF_PATHS_PROVISIONING/alerting" \
   "$GF_PATHS_LOGS" \
   "$GF_PATHS_PLUGINS" \
   "$GF_PATHS_DATA" && \

Dockerfile.ubuntu

@@ -21,7 +21,7 @@ COPY emails emails
 ENV NODE_ENV production
 RUN yarn build
 
-FROM golang:1.17.11 AS go-builder
+FROM golang:1.17.12 AS go-builder
 
 WORKDIR /src/grafana
 
@@ -29,7 +29,6 @@ COPY go.mod go.sum embed.go ./
 COPY Makefile build.go package.json ./
 COPY .bingo .bingo
 COPY pkg pkg/
-COPY cue cue/
 COPY cue.mod cue.mod/
 COPY packages/grafana-schema packages/grafana-schema/
 COPY public/app/plugins public/app/plugins/
@@ -69,6 +68,7 @@ RUN mkdir -p "$GF_PATHS_HOME/.aws" && \
              "$GF_PATHS_PROVISIONING/notifiers" \
              "$GF_PATHS_PROVISIONING/plugins" \
              "$GF_PATHS_PROVISIONING/access-control" \
+             "$GF_PATHS_PROVISIONING/alerting" \
              "$GF_PATHS_LOGS" \
              "$GF_PATHS_PLUGINS" \
              "$GF_PATHS_DATA" && \

Makefile

@@ -12,7 +12,6 @@ include .bingo/Variables.mk
 GO = go
 GO_FILES ?= ./pkg/...
 SH_FILES ?= $(shell find ./scripts -name *.sh)
-API_DEFINITION_FILES = $(shell find ./pkg/api/docs/definitions -name '*.go' -print)
 GO_BUILD_FLAGS += $(if $(GO_BUILD_DEV),-dev)
 GO_BUILD_FLAGS += $(if $(GO_BUILD_TAGS),-build-tags=$(GO_BUILD_TAGS))
 
@@ -39,14 +38,15 @@ NGALERT_SPEC_TARGET = pkg/services/ngalert/api/tooling/api.json
 $(NGALERT_SPEC_TARGET):
 	+$(MAKE) -C pkg/services/ngalert/api/tooling api.json
 
-$(MERGED_SPEC_TARGET): $(SPEC_TARGET) $(NGALERT_SPEC_TARGET) ## Merge generated and ngalert API specs
-	go run pkg/api/docs/merge/merge_specs.go -o=$(MERGED_SPEC_TARGET) $(<) $(NGALERT_SPEC_TARGET)
+$(MERGED_SPEC_TARGET): $(SPEC_TARGET) $(NGALERT_SPEC_TARGET) $(SWAGGER) ## Merge generated and ngalert API specs
+	# known conflicts DsPermissionType, AddApiKeyCommand, Json, Duration (identical models referenced by both specs)
+	$(SWAGGER) mixin $(SPEC_TARGET) $(NGALERT_SPEC_TARGET) --ignore-conflicts -o $(MERGED_SPEC_TARGET)
 
---swagger-api-spec: $(API_DEFINITION_FILES) $(SWAGGER) ## Generate API Swagger specification
+--swagger-api-spec: $(SWAGGER) ## Generate API Swagger specification
 	SWAGGER_GENERATE_EXTENSION=false $(SWAGGER) generate spec -m -w pkg/server -o public/api-spec.json \
 	-x "github.com/grafana/grafana/pkg/services/ngalert/api/tooling/definitions" \
 	-x "github.com/prometheus/alertmanager" \
-	-i pkg/api/docs/tags.json
+	-i pkg/api/swagger_tags.json
 
 swagger-api-spec: gen-go --swagger-api-spec $(MERGED_SPEC_TARGET) validate-api-spec
 
@@ -94,9 +94,30 @@ run-frontend: deps-js ## Fetch js dependencies and watch frontend for rebuild
 
 ##@ Testing
 
-test-go: ## Run tests for backend.
-	@echo "test backend"
-	$(GO) test -v ./pkg/...
+.PHONY: test-go
+test-go: test-go-unit test-go-integration
+
+.PHONY: test-go-unit
+test-go-unit: ## Run unit tests for backend with flags.
+	@echo "test backend unit tests"
+	$(GO) test -short -covermode=atomic -timeout=30m ./pkg/...
+
+.PHONY: test-go-integration
+test-go-integration: ## Run integration tests for backend with flags.
+	@echo "test backend integration tests"
+	$(GO) test -run Integration -covermode=atomic -timeout=30m ./pkg/...
+
+.PHONY: test-go-integration-postgres
+test-go-integration-postgres: devenv-postgres ## Run integration tests for postgres backend with flags.
+	@echo "test backend integration postgres tests"
+	$(GO) clean -testcache
+	$(GO) list './pkg/...' | xargs -I {} sh -c 'GRAFANA_TEST_DB=postgres go test -run Integration -covermode=atomic -timeout=30m {}'
+
+.PHONY: test-go-integration-mysql
+test-go-integration-mysql: devenv-mysql ## Run integration tests for mysql backend with flags.
+	@echo "test backend integration mysql tests"
+	$(GO) clean -testcache
+	$(GO) list './pkg/...' | xargs -I {} sh -c 'GRAFANA_TEST_DB=mysql go test -run Integration -covermode=atomic -timeout=30m {}'
 
 test-js: ## Run tests for frontend.
 	@echo "test frontend"
@@ -153,6 +174,14 @@ devenv-down: ## Stop optional services.
 	test -f docker-compose.yaml && \
 	docker-compose down || exit 0;
 
+devenv-postgres:
+	@cd devenv; \
+	sources=postgres_tests
+
+devenv-mysql:
+	@cd devenv; \
+	sources=mysql_tests
+
 ##@ Helpers
 
 # We separate the protobuf generation because most development tasks on

conf/defaults.ini

@@ -125,7 +125,7 @@ path = grafana.db
 # For "sqlite3" only. cache mode setting used for connecting to the database
 cache_mode = private
 
-# For "mysql" only if lockingMigration feature toggle is set. How many seconds to wait before failing to lock the database for the migrations, default is 0.
+# For "mysql" only if migrationLocking feature toggle is set. How many seconds to wait before failing to lock the database for the migrations, default is 0.
 locking_attempt_timeout_sec = 0
 
 #################################### Cache server #############################
@@ -440,6 +440,9 @@ sigv4_auth_enabled = false
 # Set to true to enable verbose logging of SigV4 request signing
 sigv4_verbose_logging = false
 
+# Set to true to enable Azure authentication option for HTTP-based datasources
+azure_auth_enabled = false
+
 #################################### Anonymous Auth ######################
 [auth.anonymous]
 # enable anonymous access
@@ -467,6 +470,8 @@ api_url = https://api.github.com/user
 allowed_domains =
 team_ids =
 allowed_organizations =
+role_attribute_path =
+role_attribute_strict = false
 
 #################################### GitLab Auth #########################
 [auth.gitlab]
@@ -576,7 +581,7 @@ tls_client_cert =
 tls_client_key =
 tls_client_ca =
 use_pkce = false
-auth_style = 
+auth_style =
 
 #################################### Basic Auth ##########################
 [auth.basic]
@@ -597,6 +602,7 @@ enable_login_token = false
 #################################### Auth JWT ##########################
 [auth.jwt]
 enabled = false
+enable_login_token = false
 header_name =
 email_claim =
 username_claim =
@@ -649,7 +655,6 @@ managed_identity_client_id =
 
 #################################### Role-based Access Control ###########
 [rbac]
-enabled = true
 # If enabled, cache permissions in a in memory cache (Enterprise only)
 permission_cache = true
 
@@ -762,7 +767,7 @@ instrumentations_console_enabled = false
 instrumentations_webvitals_enabled = false
 
 # Api Key, only applies to Grafana Javascript Agent provider
-api_key = 
+api_key =
 
 #################################### Usage Quotas ########################
 [quota]
@@ -805,6 +810,9 @@ global_session = -1
 # global limit of alerts
 global_alert_rule = -1
 
+# global limit of files uploaded to the SQL DB
+global_file = 1000
+
 #################################### Unified Alerting ####################
 [unified_alerting]
 # Enable the Unified Alerting sub-system and interface. When enabled we'll migrate all of your alert rules and notification channels to the new system. New alert rules will be created and your notification channels will be converted into an Alertmanager configuration. Previous data is preserved to enable backwards compatibility but new data is removed when switching. When this configuration section and flag are not defined, the state is defined at runtime. See the documentation for more details.
@@ -861,8 +869,8 @@ max_attempts = 3
 min_interval = 10s
 
 [unified_alerting.screenshots]
-# Enable screenshots in notifications. This option requires a remote HTTP image rendering service. Please
-# see [rendering] for further configuration options.
+# Enable screenshots in notifications. This option requires the Grafana Image Renderer plugin.
+# For more information on configuration options, refer to [rendering].
 capture = false
 
 # The maximum number of screenshots that can be taken at the same time. This option is different from
@@ -876,6 +884,11 @@ max_concurrent_screenshots = 5
 # screenshots will be persisted to disk for up to temp_data_lifetime.
 upload_external_image_storage = false
 
+[unified_alerting.reserved_labels]
+# Comma-separated list of reserved labels added by the Grafana Alerting engine that should be disabled.
+# For example: `disabled_labels=grafana_folder`
+disabled_labels =
+
 #################################### Alerting ############################
 [alerting]
 # Enable the legacy alerting sub-system and interface. If Unified Alerting is already enabled and you try to go back to legacy alerting, all data that is part of Unified Alerting will be deleted. When this configuration section and flag are not defined, the state is defined at runtime. See the documentation for more details.
@@ -1071,6 +1084,8 @@ container_name =
 server_url =
 # If the remote HTTP image renderer service runs on a different server than the Grafana server you may have to configure this to a URL where Grafana is reachable, e.g. http://grafana.domain/.
 callback_url =
+# An auth token that will be sent to and verified by the renderer. The renderer will deny any request without an auth token matching the one configured on the renderer side.
+renderer_token = -
 # Concurrent render request limit affects when the /render HTTP endpoint is used. Rendering many images at the same time can overload the server,
 # which this setting can help protect against by only allowing a certain amount of concurrent requests.
 concurrent_render_request_limit = 30
@@ -1255,3 +1270,10 @@ max_crawl_duration =
 # Minimum interval between two subsequent scheduler runs. Default is 12h.
 # This setting should be expressed as a duration. Examples: 10s (seconds), 1m (minutes).
 scheduler_interval =
+
+
+#################################### Storage ################################################
+
+[storage]
+# Allow uploading SVG files without sanitization.
+allow_unsanitized_svg_upload = false

conf/ldap.toml

@@ -25,6 +25,9 @@ bind_dn = "cn=admin,dc=grafana,dc=org"
 # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
 bind_password = 'grafana'
 
+# Timeout in seconds (applies to each host specified in the 'host' entry (space separated))
+timeout = 10
+
 # User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
 search_filter = "(cn=%s)"
 

conf/provisioning/alerting/sample.yaml

@@ -0,0 +1,186 @@
+# # config file version
+apiVersion: 1
+
+# # List of rule groups to import or update
+# groups:
+#     # <int> organization ID, default = 1
+#   - orgId: 1
+#     # <string, required> name of the rule group
+#     name: my_rule_group
+#     # <string, required> name of the folder the rule group will be stored in
+#     folder: my_first_folder
+#     # <duration, required> interval of the rule group evaluation
+#     interval: 60s
+#     # <list, required> list of rules that are part of the rule group  
+#     rules:
+#       # <string, required> unique identifier for the rule
+#     - uid: my_id_1
+#       # <string, required> title of the rule, will be displayed in the UI
+#       title: my_first_rule
+#       # <string, required> query used for the condition
+#       condition: A
+#       # <list, required> list of query objects that should be executed on each
+#       #                  evaluation - should be obtained via the API
+#       data:
+#       - refId: A
+#         datasourceUid: "-100"
+#         model:
+#           conditions:
+#           - evaluator:
+#               params:
+#               - 3
+#               type: gt
+#             operator:
+#               type: and
+#             query:
+#               params:
+#               - A
+#             reducer:
+#               type: last
+#             type: query
+#           datasource:
+#             type: __expr__
+#             uid: "-100"
+#           expression: 1==0
+#           intervalMs: 1000
+#           maxDataPoints: 43200
+#           refId: A
+#           type: math
+#       # <string> UID of a dashboard that the alert rule should be linked to
+#       dashboardUid: my_dashboard
+#       # <int> ID of the panel that the alert rule should be linked to
+#       panelId: 123
+#       # <string> state of the alert rule when no data is returned
+#       #          possible values: "NoData", "Alerting", "OK", default = NoData
+#       noDataState: Alerting
+#       # <string> state of the alert rule when the query execution 
+#       #          fails - possible values: "Error", "Alerting", "OK"
+#       #          default = Alerting
+#       # <duration, required> how long the alert condition should be breached before Firing. Before this time has elapsed, the alert is considered to be Pending
+#       for: 60s
+#       # <map<string, string>> map of strings to attach arbitrary custom data
+#       annotations:
+#         some_key: some_value
+#       # <map<string, string> map of strings to filter and 
+#       #                      route alerts
+#       labels:
+#         team: sre_team_1
+
+# # List of alert rule UIDs that should be deleted
+# deleteRules:
+#    # <int> organization ID, default = 1
+#  - orgId: 1
+#    # <string, required> unique identifier for the rule
+#    uid: my_id_1
+
+# # List of contact points to import or update
+# contactPoints:
+#     # <int> organization ID, default = 1
+#   - orgId: 1
+#     # <string, required> name of the contact point
+#     name: cp_1
+#     receivers:
+#       # <string, required> unique identifier for the receiver
+#     - uid: first_uid
+#       # <string, required> type of the receiver
+#       type: prometheus-alertmanager
+#       # <object, required> settings for the specific receiver type
+#       settings:
+#         url: http://test:9000
+
+# # List of receivers that should be deleted
+# deleteContactPoints:
+# - orgId: 1
+#   uid: first_uid
+
+# # List of notification policies to import or update
+# policies:
+#     # <int> organization ID, default = 1
+#   - orgId: 1
+#     # <string> name of the receiver that should be used for this route
+#     receiver: grafana-default-email
+#     # <list<string>> The labels by which incoming alerts are grouped together. For example,
+#     #        multiple alerts coming in for cluster=A and alertname=LatencyHigh would
+#     #        be batched into a single group.
+#     # 
+#     #        To aggregate by all possible labels, use the special value '...' as
+#     #        the sole label name, for example:
+#     #        group_by: ['...']
+#     #        This effectively disables aggregation entirely, passing through all
+#     #        alerts as-is. This is unlikely to be what you want, unless you have
+#     #        a very low alert volume or your upstream notification system performs
+#     #        its own grouping.
+#     group_by:
+#     - grafana_folder
+#     - alertname
+#     # <list> a list of matchers that an alert has to fulfill to match the node
+#     matchers:
+#     - alertname = Watchdog
+#     - severity =~ "warning|critical"
+#     # <list> Times when the route should be muted. These must match the name of a
+#     #        mute time interval.
+#     #        Additionally, the root node cannot have any mute times.
+#     #        When a route is muted it will not send any notifications, but
+#     #        otherwise acts normally (including ending the route-matching process
+#     #        if the `continue` option is not set)
+#     mute_time_intervals:
+#     - abc
+#     # <duration> How long to initially wait to send a notification for a group
+#     #            of alerts. Allows to collect more initial alerts for the same group. 
+#     #            (Usually ~0s to few minutes), default = 30s
+#     group_wait: 30s
+#     # <duration> How long to wait before sending a notification about new alerts that
+#     #            are added to a group of alerts for which an initial notification has
+#     #            already been sent. (Usually ~5m or more), default = 5m
+#     group_internval: 5m
+#     # <duration>  How long to wait before sending a notification again if it has already
+#     #             been sent successfully for an alert. (Usually ~3h or more), default = 4h
+#     repeat_interval: 4h
+#     # <list> Zero or more child routes
+#     routes: 
+#     ...
+
+# # List of orgIds that should be reset to the default policy
+# resetPolicies:
+# - 1
+
+# # List of templates to import or update
+# templates:
+#     # <int> organization ID, default = 1
+#   - orgID: 1
+#     # <string, required> name of the template, must be unique
+#     name: my_first_template
+#     # <string, required> content of the the template
+#     template: Alerting with a custome text template
+
+# # List of templates that should be deleted
+# deleteTemplates:
+#    # <int> organization ID, default = 1
+#  - orgId: 1
+#    # <string, required> name of the template, must be unique
+#    name: my_first_template
+
+
+# # List of mute time intervals to import or update
+# muteTimes:
+#   # <int> organization ID, default = 1
+# - orgId: 1
+#   # <string, required> name of the mute time interval, must be unique
+#   name: mti_1
+#   # <list> time intervals that should trigger the muting
+#            refer to https://prometheus.io/docs/alerting/latest/configuration/#time_interval-0
+#   time_intervals:
+#    - times:
+#      - start_time: '06:00'
+#        end_time: '23:59'
+#      weekdays: ['monday:wednesday','saturday', 'sunday']
+#      months: ['1:3', 'may:august', 'december']
+#      years: ['2020:2022', '2030']
+#      days_of_month: ['1:5', '-3:-1']
+
+# # List of mute time intervals that should be deleted
+# deleteMuteTimes:
+#   # <int> organization ID, default = 1
+# - orgId: 1
+#   # <string, required> name of the mute time interval, must be unique
+#   name: mti_1

conf/sample.ini

@@ -126,7 +126,7 @@
 # For "sqlite3" only. cache mode setting used for connecting to the database. (private, shared)
 ;cache_mode = private
 
-# For "mysql" only if lockingMigration feature toggle is set. How many seconds to wait before failing to lock the database for the migrations, default is 0.
+# For "mysql" only if migrationLocking feature toggle is set. How many seconds to wait before failing to lock the database for the migrations, default is 0.
 ;locking_attempt_timeout_sec = 0
 
 ################################### Data sources #########################
@@ -440,6 +440,9 @@
 # Set to true to enable verbose logging of SigV4 request signing
 ;sigv4_verbose_logging = false
 
+# Set to true to enable Azure authentication option for HTTP-based datasources.
+;azure_auth_enabled = false
+
 #################################### Anonymous Auth ######################
 [auth.anonymous]
 # enable anonymous access
@@ -595,6 +598,7 @@
 ;expected_claims = {"aud": ["foo", "bar"]}
 ;key_file = /path/to/key/file
 ;auto_sign_up = false
+;url_login = false
 
 #################################### Auth LDAP ##########################
 [auth.ldap]
@@ -635,8 +639,6 @@
 
 #################################### Role-based Access Control ###########
 [rbac]
-;enabled = true
-# If enabled, cache permissions in a in memory cache (Enterprise only)
 ;permission_cache = true
 #################################### SMTP / Emailing ##########################
 [smtp]
@@ -847,6 +849,11 @@
 # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
 ;min_interval = 10s
 
+[unified_alerting.reserved_labels]
+# Comma-separated list of reserved labels added by the Grafana Alerting engine that should be disabled.
+# For example: `disabled_labels=grafana_folder`
+;disabled_labels =
+
 #################################### Alerting ############################
 [alerting]
 # Disable legacy alerting engine & UI features
@@ -1039,6 +1046,8 @@
 ;server_url =
 # If the remote HTTP image renderer service runs on a different server than the Grafana server you may have to configure this to a URL where Grafana is reachable, e.g. http://grafana.domain/.
 ;callback_url =
+# An auth token that will be sent to and verified by the renderer. The renderer will deny any request without an auth token matching the one configured on the renderer side.
+;renderer_token = -
 # Concurrent render request limit affects when the /render HTTP endpoint is used. Rendering many images at the same time can overload the server,
 # which this setting can help protect against by only allowing a certain amount of concurrent requests.
 ;concurrent_render_request_limit = 30

contribute/internationalization.md

@@ -1,4 +1,4 @@
-# Localisation
+# Internationalization
 
 Grafana uses the [LinguiJS](https://github.com/lingui/js-lingui) framework for managing translating phrases in the Grafana frontend.
 
@@ -59,7 +59,7 @@ For components used all over the site, use just two segments:
 
 ### Top-level provider
 
-In [AppWrapper.tsx](/public/app/AppWrapper.tsx) the app is wrapped with `I18nProvider` from `public/app/core/localisation.tsx` where the Lingui instance is created with the user's preferred locale. This sets the appropriate context and allows any component from `@lingui/macro` to use the translations for the user's preferred locale.
+In [AppWrapper.tsx](/public/app/AppWrapper.tsx) the app is wrapped with `I18nProvider` from `public/app/core/internationalization/index.tsx` where the Lingui instance is created with the user's preferred locale. This sets the appropriate context and allows any component from `@lingui/macro` to use the translations for the user's preferred locale.
 
 ### Message format
 
@@ -191,4 +191,4 @@ import { Plural } from "@lingui/macro"
 
 ## Documentation
 
-[Grafana's documentation](https://grafana.com/docs/grafana/latest/) is not yet open for translation and should be authored in English only.
+[Grafana's documentation](https://grafana.com/docs/grafana/latest/) is not yet open for translation and should be authored in American English only.

contribute/style-guides/e2e.md

@@ -26,10 +26,10 @@ Let's start with a simple [JSX](https://reactjs.org/docs/introducing-jsx.html) e
 <input className="gf-form-input login-form-input" type="text" />
 ```
 
-We _could_ target the field with a CSS selector like `.gf-form-input.login-form-input` but that would be brittle as style changes occur frequently. Furthermore there is nothing that signals to future developers that this input is part of an E2E test. At Grafana, we use `aria-label` attributes as our preferred way of defining selectors instead of [`data-*`](https://mdn.io/docs/Web/HTML/Global_attributes/data-*) as they also aid in [accessibility](https://mdn.io/docs/Learn/Accessibility/What_is_accessibility):
+We _could_ target the field with a CSS selector like `.gf-form-input.login-form-input` but that would be brittle as style changes occur frequently. Furthermore there is nothing that signals to future developers that this input is part of an E2E test. At Grafana, we use `data-testid` attributes as our preferred way of defining selectors. See [Aria-Labels vs data-testid](#aria-labels-vs-data-testid) for more details.
 
 ```jsx
-<input aria-label="Username input field" className="gf-form-input login-form-input" type="text" />
+<input data-testid="Username input field" className="gf-form-input login-form-input" type="text" />
 ```
 
 The next step is to create a `Page` representation in our E2E framework to glue the test with the real implementation using the `pageFactory` function. For that function we can supply a `url` and `selectors` like in the example below:
@@ -39,10 +39,12 @@ export const Login = {
   // Called via `Login.visit()`
   url: '/login',
   // Called via `Login.username()`
-  username: 'Username input field',
+  username: 'data-testid Username input field',
 };
 ```
 
+Note that the selector is prefixed with `data-testid` - this is a signal to the framework to look for the selector in the `data-testid` attribute.
+
 The next step is to add the `Login` page to the `Pages` export within [_\<repo-root>/packages/grafana-e2e-selectors/src/selectors/pages.ts_](../../packages/grafana-e2e-selectors/src/selectors/pages.ts) so that it appears when we type `e2e.pages` in our IDE.
 
 ```typescript
@@ -59,7 +61,7 @@ Now that we have a `Page` called `Login` in our `Pages` const we can use that to
 ```jsx
 import { selectors } from '@grafana/e2e-selectors';
 
-<input aria-label={selectors.pages.Login.username} className="gf-form-input login-form-input" type="text" />;
+<input data-testid={selectors.pages.Login.username} className="gf-form-input login-form-input" type="text" />;
 ```
 
 The last step in our example is to use our `Login` page as part of a test.
@@ -100,7 +102,7 @@ Just as before in the basic example we'll start by creating a page abstraction u
 ```typescript
 export const DataSources = {
   url: '/datasources',
-  dataSources: (dataSourceName: string) => `Data source list item ${dataSourceName}`,
+  dataSources: (dataSourceName: string) => `data-testid Data source list item ${dataSourceName}`,
 };
 ```
 
@@ -115,7 +117,7 @@ The next step is to use the `dataSources` selector function as in our example be
   {dataSources.map(({ id, name }) => (
     <li className="card-item-wrapper" key={id}>
       <a className="card-item" href={`datasources/edit/${id}`}>
-        <div className="card-item-name" aria-label={selectors.pages.DataSources.dataSources(name)}>
+        <div className="card-item-name" data-testid={selectors.pages.DataSources.dataSources(name)}>
           {name}
         </div>
       </a>
@@ -127,9 +129,9 @@ The next step is to use the `dataSources` selector function as in our example be
 When this list is rendered with the data sources with names `A`, `B` and `C` ,the resulting HTML would look like:
 
 ```html
-<div class="card-item-name" aria-label="Data source list item A">A</div>
-<div class="card-item-name" aria-label="Data source list item B">B</div>
-<div class="card-item-name" aria-label="Data source list item C">C</div>
+<div class="card-item-name" data-testid="data-testid Data source list item A">A</div>
+<div class="card-item-name" data-testid="data-testid Data source list item B">B</div>
+<div class="card-item-name" data-testid="data-testid Data source list item C">C</div>
 ```
 
 Now we can write our test. The one thing that differs from the [basic example](#basic-example) above is that we pass in which data source we want to click on as an argument to the selector function:

contribute/style-guides/frontend.md

@@ -351,7 +351,7 @@ static defaultProps: Partial<Props> = { ... }
 We recommend using named regular functions when creating a new react functional component.
 
 ```typescript
-export function Component(props: Props): ReactElement { ... }
+export function Component(props: Props) { ... }
 ```
 
 ## State management

devenv/benchmarks/ab/ab_test.sh

@@ -1,4 +0,0 @@
-#!/bin/bash
-
-ab -n 20000 -c 100 -H "Authorization: Bearer vEustw23NSOZ27y3zlj28ZL3B7BpBk5kqR85DOfT5AwiS3nCi33dnsk6nhvXhZdn" \
-  http://localhost:3000/api/dashboards/db/dash1

devenv/datasources.yaml

@@ -247,7 +247,15 @@ datasources:
     access: proxy
     url: http://localhost:3100
     editable: false
+    correlations:
+      - targetUID: gdev-jaeger
+        label: "Jaeger traces"
+        description: "Related traces stored in Jaeger"
+      - targetUID: gdev-zipkin
+        label: "Zipkin traces"
+        description: "Related traces stored in Zipkin"
     jsonData:
+      something: here
       manageAlerts: false
       derivedFields:
         - name: "traceID"

devenv/docker/blocks/influxdb/config.yaml

@@ -1 +0,0 @@
-http-bind-address: :8086

devenv/docker/blocks/influxdb/docker-compose.yaml

@@ -5,6 +5,7 @@
       - '8086:8086'
     environment:
       INFLUXD_REPORTING_DISABLED: 'true'
+      INFLUXD_HTTP_BIND_ADDRESS: ':8086'
       DOCKER_INFLUXDB_INIT_MODE: 'setup'
       DOCKER_INFLUXDB_INIT_USERNAME: 'grafana'
       DOCKER_INFLUXDB_INIT_PASSWORD: 'grafana12345'
@@ -12,7 +13,6 @@
       DOCKER_INFLUXDB_INIT_BUCKET: 'mybucket'
       DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: 'mytoken'
     volumes:
-      - ./docker/blocks/influxdb/config.yaml:/etc/influxdb2/config.yaml
       - ./docker/blocks/influxdb/setup_influxql.sh:/docker-entrypoint-initdb.d/setup_influxql.sh
 
   telegraf:

devenv/docker/blocks/jwt_proxy/docker-build-keycloak-m1-image.sh

@@ -0,0 +1,9 @@
+#/bin/sh
+
+VERSION=12.0.1 # set version here
+
+cd /tmp
+git clone git@github.com:keycloak/keycloak-containers.git
+cd keycloak-containers/server
+git checkout $VERSION
+docker build -t "quay.io/keycloak/keycloak:${VERSION}" .

devenv/docker/blocks/jwt_proxy/docker-compose.yaml

@@ -0,0 +1,54 @@
+  oauthkeycloakdb:
+    image: postgres:12.2
+    container_name: oauthkeycloakdb
+    environment:
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: password
+    volumes:
+      - ./docker/blocks/jwt_proxy/cloak.sql:/docker-entrypoint-initdb.d/cloak.sql
+    restart: unless-stopped
+
+  oauthkeycloak:
+    image: quay.io/keycloak/keycloak:12.0.1
+    container_name: oauthkeycloak
+    environment:
+      DB_VENDOR: POSTGRES
+      DB_ADDR: oauthkeycloakdb
+      DB_DATABASE: keycloak
+      DB_USER: keycloak
+      DB_PASSWORD: password
+      KEYCLOAK_USER: admin
+      KEYCLOAK_PASSWORD: admin
+      PROXY_ADDRESS_FORWARDING: "true"
+    ports:
+      - 8087:8080
+    depends_on:
+      - oauthkeycloakdb
+    links:
+      - "oauthkeycloakdb:oauthkeycloakdb"
+    restart: unless-stopped
+
+  oauthproxy:
+    image: docker.io/bitnami/oauth2-proxy:7.3.0
+    container_name: oauthproxy
+    command: [
+    "--cookie-secret=yI-CWT5s4sBR2Zd0DDJJlTYc0aQ3jwGH15jYA18ZAQA=",
+    "--upstream=http://localhost:3000",
+    "--provider=keycloak",
+    "--client-id=grafana-oauth",
+    "--client-secret=d17b9ea9-bcb1-43d2-b132-d339e55872a8",
+    "--login-url=http://127.0.0.1:8087/auth/realms/grafana/protocol/openid-connect/auth",
+    "--redeem-url=http://127.0.0.1:8087/auth/realms/grafana/protocol/openid-connect/token",
+    "--profile-url=http://127.0.0.1:8087/auth/realms/grafana/protocol/openid-connect/userinfo",
+    "--validate-url=http://127.0.0.1:8087/auth/realms/grafana/protocol/openid-connect/userinfo",
+    "--cookie-secure=false",
+    "--http-address=0.0.0.0:8088",
+    "--redirect-url=http://127.0.0.1:8088/oauth2/callback",
+    "--pass-access-token=true",
+    "--email-domain=*",
+    ]
+    network_mode: "host"
+    depends_on:
+      - oauthkeycloak
+    restart: unless-stopped

devenv/docker/blocks/jwt_proxy/jwks.json

@@ -0,0 +1 @@
+{"keys":[{"kid":"On2FQuJ8Y-909uJGWQEDkbzG-GRNmMc43HslEgVv_VQ","kty":"RSA","alg":"RS256","use":"sig","n":"qDmQHfTcOQOzmNJbVvtvuS8p_EgmiscP7vA_PZNyKx9O7utyGuoAmJH8e2w8gLIDDWHl5_x8aAIl_-TTPTSiyX8I68ryIdR28ZSe5u4pRdpXCVvJpOefKNIxQCTH7rs4KuRj0HZ2u1mu1Vz5_CeCCoKwKSmheD3u1xTJ8-VxQmdqfGxhuKtnkof7977HWOWy4GLDFqxyYHgihP_MmSeTmXUhVeZI6IOCqHMpF8eFWVGKM6V8rIKf8QO2K_vDJBM_3C933vMY8mqSQXbI3G54x-0myAaQXr4JkxjvUGKg5YC3ZXw7AjfZv_W_fQOG0GYp2hQ0akR4KNKT3XPNmpMVlQ","e":"AQAB","x5c":["MIICnTCCAYUCBgF+u1ir8jANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdncmFmYW5hMB4XDTIyMDIwMjE2NDkxN1oXDTMyMDIwMjE2NTA1N1owEjEQMA4GA1UEAwwHZ3JhZmFuYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKg5kB303DkDs5jSW1b7b7kvKfxIJorHD+7wPz2TcisfTu7rchrqAJiR/HtsPICyAw1h5ef8fGgCJf/k0z00osl/COvK8iHUdvGUnubuKUXaVwlbyaTnnyjSMUAkx+67OCrkY9B2drtZrtVc+fwnggqCsCkpoXg97tcUyfPlcUJnanxsYbirZ5KH+/e+x1jlsuBiwxascmB4IoT/zJknk5l1IVXmSOiDgqhzKRfHhVlRijOlfKyCn/EDtiv7wyQTP9wvd97zGPJqkkF2yNxueMftJsgGkF6+CZMY71BioOWAt2V8OwI32b/1v30DhtBmKdoUNGpEeCjSk91zzZqTFZUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEABlW64QxuREB81VMGsyhj4Q5RykFaVuD5O8YlwUpmVfAVLzb0Drf54Kn4bnpnckKyYV+T+HsN4QXt81UE41xH0Aai2H3vrGH+PJf6aLPCDE+jpMqtN3n6IgImJXJPL8upMfhhWDv4nkM4uynEwWupzmrKi4oJuTETSMktJby4o6//XWnCzCVMoAGFJU4gtjBUzOMLW26zD+yc+BuUtfR3HzItVHSZKQSNSFO0kVS68RgrER8qJw07z3BOJ2bPpPM0PYyEngGMaowz/T6lI32ymGMWYMAnslthS1KAW9xcTBwnrW1nMhe5a0LPxIktys/wJtxIHZLc5sOddGT4xYklLg=="],"x5t":"prs-h1NBqOSJMH-tQWLTqguWets","x5t#S256":"YjK3HobZW8xbNL1IPDgFhCM41UC5c0hG2cxaF6v961Q"}]}

devenv/docker/blocks/jwt_proxy/readme.md

@@ -0,0 +1,86 @@
+# OAUTH BLOCK
+## Devenv setup jwt auth
+
+To launch the block, use the oauth source. Ex:
+
+```bash
+make devenv sources="jwt_proxy"
+```
+
+Here is the conf you need to add to your configuration file (conf/custom.ini):
+
+```ini
+[auth]
+signout_redirect_url = http://127.0.0.1:8088/oauth2/sign_out
+
+[auth.jwt]
+enabled = true
+header_name = X-Forwarded-Access-Token
+username_claim = login
+email_claim = email
+jwk_set_file = devenv/docker/blocks/oauth/jwks.json
+cache_ttl = 60m
+expected_claims = {"iss": "http://localhost:8087/auth/realms/grafana", "azp": "grafana-oauth"}
+auto_sign_up = true
+```
+
+Access Grafana through: 
+
+```sh
+http://127.0.0.1:8088
+```
+
+## Devenv setup jwt auth iframe embedding
+
+- Add previous configuration and next snippet to grafana.ini
+
+```ini
+[security]
+allow_embedding = true
+```
+
+- Create dashboard and copy UID
+
+- Clone [https://github.com/grafana/grafana-iframe-oauth-sample](https://github.com/grafana/grafana-iframe-oauth-sample)
+
+- Change the dashboard URL in `grafana-iframe-oauth-sample/src/pages/restricted.tsx` to use the dashboard you created (keep URL query values)
+
+- Start sample app from the `grafana-iframe-oauth-sample` folder with: `yarn start`
+
+- Navigate to [http://localhost:4200](http://localhost:4200) and press restricted area
+
+Note: You may need to grant the JWT user in grafana access to the datasources and the dashboard
+
+## Backing up keycloak DB
+
+In case you want to make changes to the devenv setup, you can dump keycloack's DB:
+
+```bash
+cd devenv;
+docker-compose exec -T oauthkeycloakdb bash -c "pg_dump -U keycloak keycloak" > docker/blocks/jwt_proxy/cloak.sql
+```
+
+## Connecting to keycloack:
+
+- keycloak admin:                     http://localhost:8087
+- keycloak admin login:               admin:admin
+- grafana jwt viewer login:          jwt-viewer:grafana
+- grafana jwt editor login:          jwt-editor:grafana
+- grafana jwt admin login:           jwt-admin:grafana
+
+# Troubleshooting
+
+## Mac M1 Users
+
+The new arm64 architecture does not build for the latest docker image of keycloack. Refer to https://github.com/docker/for-mac/issues/5310 for the issue to see if it resolved.
+Until then you need to build the docker image locally and then run `devenv`.
+
+1. Remove any lingering keycloack image
+```sh
+$ docker rmi $(docker images | grep 'keycloack')
+```
+1. Build keycloack image locally
+```sh
+$ ./docker-build-keycloack-m1-image.sh
+```
+1. Start from beginning of this readme

devenv/docker/blocks/mysql/.env

@@ -1 +1 @@
-mysql_version=5.6
+mysql_version=5.7

devenv/docker/blocks/mysql_tests/.env

@@ -1 +1 @@
-mysql_version=5.6
+mysql_version=5.7

devenv/docker/blocks/mysql_tests/Dockerfile

@@ -1,4 +1,4 @@
-ARG mysql_version=5.6
+ARG mysql_version=5.7
 FROM mysql:${mysql_version}
 ADD setup.sql /docker-entrypoint-initdb.d
 RUN chown -R mysql:mysql /docker-entrypoint-initdb.d/

devenv/docker/blocks/mysql_tests/docker-compose.yaml

@@ -3,6 +3,7 @@
       context: docker/blocks/mysql_tests
       args:
         - mysql_version=${mysql_version}
+    platform: linux/amd64
     environment:
       MYSQL_ROOT_PASSWORD: rootpass
       MYSQL_DATABASE: grafana_tests

devenv/docker/blocks/oauth/docker-build-keycloak-m1-image.sh

@@ -0,0 +1,9 @@
+#/bin/sh
+
+VERSION=12.0.1 # set version here
+
+cd /tmp
+git clone git@github.com:keycloak/keycloak-containers.git
+cd keycloak-containers/server
+git checkout $VERSION
+docker build -t "quay.io/keycloak/keycloak:${VERSION}" .

devenv/docker/blocks/oauth/docker-compose.yaml

@@ -0,0 +1,30 @@
+  oauthkeycloakdb:
+    image: postgres:12.2
+    container_name: oauthkeycloakdb
+    environment:
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: password
+    volumes:
+      - ./docker/blocks/oauth/cloak.sql:/docker-entrypoint-initdb.d/cloak.sql
+    restart: unless-stopped
+  
+  oauthkeycloak:
+    image: quay.io/keycloak/keycloak:12.0.1
+    container_name: oauthkeycloak
+    environment:
+      DB_VENDOR: POSTGRES
+      DB_ADDR: oauthkeycloakdb
+      DB_DATABASE: keycloak
+      DB_USER: keycloak
+      DB_PASSWORD: password
+      KEYCLOAK_USER: admin
+      KEYCLOAK_PASSWORD: admin
+      PROXY_ADDRESS_FORWARDING: "true"
+    ports:
+      - 8087:8080
+    depends_on:
+      - oauthkeycloakdb
+    links:
+      - "oauthkeycloakdb:oauthkeycloakdb"
+    restart: unless-stopped

devenv/docker/blocks/oauth/jwks.json

@@ -0,0 +1 @@
+{"keys":[{"kid":"On2FQuJ8Y-909uJGWQEDkbzG-GRNmMc43HslEgVv_VQ","kty":"RSA","alg":"RS256","use":"sig","n":"qDmQHfTcOQOzmNJbVvtvuS8p_EgmiscP7vA_PZNyKx9O7utyGuoAmJH8e2w8gLIDDWHl5_x8aAIl_-TTPTSiyX8I68ryIdR28ZSe5u4pRdpXCVvJpOefKNIxQCTH7rs4KuRj0HZ2u1mu1Vz5_CeCCoKwKSmheD3u1xTJ8-VxQmdqfGxhuKtnkof7977HWOWy4GLDFqxyYHgihP_MmSeTmXUhVeZI6IOCqHMpF8eFWVGKM6V8rIKf8QO2K_vDJBM_3C933vMY8mqSQXbI3G54x-0myAaQXr4JkxjvUGKg5YC3ZXw7AjfZv_W_fQOG0GYp2hQ0akR4KNKT3XPNmpMVlQ","e":"AQAB","x5c":["MIICnTCCAYUCBgF+u1ir8jANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdncmFmYW5hMB4XDTIyMDIwMjE2NDkxN1oXDTMyMDIwMjE2NTA1N1owEjEQMA4GA1UEAwwHZ3JhZmFuYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKg5kB303DkDs5jSW1b7b7kvKfxIJorHD+7wPz2TcisfTu7rchrqAJiR/HtsPICyAw1h5ef8fGgCJf/k0z00osl/COvK8iHUdvGUnubuKUXaVwlbyaTnnyjSMUAkx+67OCrkY9B2drtZrtVc+fwnggqCsCkpoXg97tcUyfPlcUJnanxsYbirZ5KH+/e+x1jlsuBiwxascmB4IoT/zJknk5l1IVXmSOiDgqhzKRfHhVlRijOlfKyCn/EDtiv7wyQTP9wvd97zGPJqkkF2yNxueMftJsgGkF6+CZMY71BioOWAt2V8OwI32b/1v30DhtBmKdoUNGpEeCjSk91zzZqTFZUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEABlW64QxuREB81VMGsyhj4Q5RykFaVuD5O8YlwUpmVfAVLzb0Drf54Kn4bnpnckKyYV+T+HsN4QXt81UE41xH0Aai2H3vrGH+PJf6aLPCDE+jpMqtN3n6IgImJXJPL8upMfhhWDv4nkM4uynEwWupzmrKi4oJuTETSMktJby4o6//XWnCzCVMoAGFJU4gtjBUzOMLW26zD+yc+BuUtfR3HzItVHSZKQSNSFO0kVS68RgrER8qJw07z3BOJ2bPpPM0PYyEngGMaowz/T6lI32ymGMWYMAnslthS1KAW9xcTBwnrW1nMhe5a0LPxIktys/wJtxIHZLc5sOddGT4xYklLg=="],"x5t":"prs-h1NBqOSJMH-tQWLTqguWets","x5t#S256":"YjK3HobZW8xbNL1IPDgFhCM41UC5c0hG2cxaF6v961Q"}]}

devenv/docker/blocks/oauth/readme.md

@@ -0,0 +1,134 @@
+# OAUTH BLOCK
+
+## Devenv setup oauth
+
+To launch the block, use the oauth source. Ex:
+```bash
+make devenv sources="oauth"
+```
+
+Here is the conf you need to add to your configuration file (conf/custom.ini):
+
+```ini
+[auth]
+signout_redirect_url = http://localhost:8087/auth/realms/grafana/protocol/openid-connect/logout?redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Flogin
+
+[auth.generic_oauth]
+enabled = true
+name = Keycloak-OAuth
+allow_sign_up = true
+client_id = grafana-oauth
+client_secret = d17b9ea9-bcb1-43d2-b132-d339e55872a8
+empty_scopes = true
+email_attribute_path = email
+login_attribute_path = login
+name_attribute_path = name
+auth_url = http://localhost:8087/auth/realms/grafana/protocol/openid-connect/auth
+token_url = http://localhost:8087/auth/realms/grafana/protocol/openid-connect/token
+api_url = http://localhost:8087/auth/realms/grafana/protocol/openid-connect/userinfo
+role_attribute_path = contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'
+```
+
+## Devenv setup jwt auth
+
+To launch the block, use the oauth source. Ex:
+
+```bash
+make devenv sources="oauth"
+```
+
+Here is the conf you need to add to your configuration file (conf/custom.ini):
+
+```ini
+[auth.jwt]
+enabled = true
+header_name = X-JWT-Assertion
+username_claim = login
+email_claim = email
+jwk_set_file = devenv/docker/blocks/oauth/jwks.json
+cache_ttl = 60m
+expected_claims = {"iss": "http://localhost:8087/auth/realms/grafana", "azp": "grafana-oauth"}
+auto_sign_up = true
+```
+
+You can obtain a jwt token by using the following command for oauth-admin:
+
+```sh
+curl --request POST \
+  --url http://localhost:8087/auth/realms/grafana/protocol/openid-connect/token \
+  --header 'Content-Type: application/x-www-form-urlencoded' \
+  --data client_id=grafana-oauth \
+  --data grant_type=password \
+  --data client_secret=d17b9ea9-bcb1-43d2-b132-d339e55872a8 \
+  --data scope=openid \
+  --data username=oauth-admin \
+  --data password=grafana
+```
+
+
+Grafana call example:
+
+```sh
+curl --request GET \
+  --url http://127.0.0.1:3000/api/folders \
+  --header 'Accept: application/json' \
+  --header 'X-JWT-Assertion: eyJ......'
+```
+
+### Alternative devenv setup jwk_set_url
+
+Run a reverse proxy pointing to the jwk_set_url (only an https-uri can be used as jwk_set_url).
+
+Ex (using localtunnel):
+
+```sh
+npx localtunnel --port 8087
+```
+
+And using the following conf:
+
+```ini
+[auth.jwt]
+enabled = true
+header_name = X-JWT-Assertion
+username_claim = login
+email_claim = email
+jwk_set_url = <YOUR REVERSE PROXY URL>/auth/realms/grafana/protocol/openid-connect/certs
+cache_ttl = 60m
+expected_claims = {"iss": "http://localhost:8087/auth/realms/grafana", "azp": "grafana-oauth"}
+auto_sign_up = true
+```
+
+## Backing up keycloak DB
+
+In case you want to make changes to the devenv setup, you can dump keycloack's DB:
+
+```bash
+cd devenv;
+docker-compose exec -T oauthkeycloakdb bash -c "pg_dump -U keycloak keycloak" > docker/blocks/oauth/cloak.sql
+```
+
+## Connecting to keycloack:
+
+- keycloak admin:                     http://localhost:8087
+- keycloak admin login:               admin:admin
+- grafana oauth viewer login:          oauth-viewer:grafana
+- grafana oauth editor login:          oauth-editor:grafana
+- grafana oauth admin login:           oauth-admin:grafana
+
+# Troubleshooting
+
+## Mac M1 Users
+
+The new arm64 architecture does not build for the latest docker image of keycloack. Refer to https://github.com/docker/for-mac/issues/5310 for the issue to see if it resolved.
+Until then you need to build the docker image locally and then run `devenv`.
+
+1. Remove any lingering keycloack image
+```sh
+$ docker rmi $(docker images | grep 'keycloack')
+```
+1. Build keycloack image locally
+```sh
+$ ./docker-build-keycloack-m1-image.sh
+```
+1. Start from beginning of this readme

devenv/docker/blocks/postgres/.env

@@ -1 +1 @@
-postgres_version=9.3
+postgres_version=10.15

devenv/docker/blocks/postgres_tests/.env

@@ -1 +1 @@
-postgres_version=9.3
+postgres_version=10.15

devenv/docker/blocks/postgres_tests/Dockerfile

@@ -1,4 +1,4 @@
-ARG postgres_version=9.3
+ARG postgres_version=10.15
 FROM postgres:${postgres_version}
 ADD setup.sql /docker-entrypoint-initdb.d
 RUN chown -R postgres:postgres /docker-entrypoint-initdb.d/

devenv/docker/blocks/tempo/README.md

@@ -1,4 +1,4 @@
 Right now Tempo is before stable release so this uses :latest tag which means there can be changes depending on when
 you pull the image.
 
-For adding some traces easily you can run Loki block and enable tracing (see ../loki/README.md)
+For adding some traces easily you can run Loki block and enable tracing (see ../loki-promtail/README.md)

devenv/docker/ha_test/docker-compose.yaml

@@ -16,7 +16,7 @@ services:
         tag: nginx
 
   db:
-    image: mysql:5.6
+    image: mysql:5.7
     environment:
       MYSQL_ROOT_PASSWORD: rootpass
       MYSQL_DATABASE: grafana
@@ -41,7 +41,7 @@ services:
         condition: service_healthy
 
   # db:
-  #   image: postgres:9.3
+  #   image: postgres:10.15
   #   environment:
   #     POSTGRES_DATABASE: grafana
   #     POSTGRES_USER: grafana

docs/sources/_index.md

@@ -71,8 +71,8 @@ title: Grafana documentation
         <h4>Provisioning</h4>
         <p>Learn how to automate your Grafana configuration.</p>
     </a>
-    <a href="{{< relref "whatsnew/whats-new-in-v8-0/" >}}" class="nav-cards__item nav-cards__item--guide">
-        <h4>What's new in v8.0</h4>
+    <a href="{{< relref "whatsnew/whats-new-in-v9-1/" >}}" class="nav-cards__item nav-cards__item--guide">
+        <h4>What's new in v9.1</h4>
         <p>Explore the features and enhancements in the latest release.</p>
     </a>
 

docs/sources/administration/api-keys/_index.md

@@ -14,29 +14,23 @@ weight: 700
 
 # API keys
 
-API keys can be used to interact with Grafana HTTP APIs.
-
-We recommend using service accounts instead of API keys if you are on Grafana 8.5+, for more information refer to [About service accounts]({{< relref "../service-accounts/about-service-accounts/#" >}}).
-
-{{< section >}}
-
-## About API keys
-
 An API key is a randomly generated string that external systems use to interact with Grafana HTTP APIs.
 
-When you create an API key, you specify a **Role** that determines the permissions associated with the API key. Role permissions control that actions the API key can perform on Grafana resources. For more information about creating API keys, refer to [Create an API key]({{< relref "create-api-key/#" >}}).
+When you create an API key, you specify a **Role** that determines the permissions associated with the API key. Role permissions control that actions the API key can perform on Grafana resources.
+
+> **Note:** If you use Grafana v8.5 or newer, use service accounts instead of API keys. For more information, refer to [Grafana service accounts]({{< relref "../service-accounts/" >}}).
+
+{{< section >}}
 
 ## Create an API key
 
 Create an API key when you want to manage your computed workload with a user.
 
-For more information about API keys, refer to [About API keys in Grafana]({{< relref "about-api-keys/" >}}).
-
 This topic shows you how to create an API key using the Grafana UI. You can also create an API key using the Grafana HTTP API. For more information about creating API keys via the API, refer to [Create API key via API]({{< relref "../../developers/http_api/create-api-tokens-for-org/#how-to-create-a-new-organization-and-an-api-token" >}}).
 
 ### Before you begin:
 
-- Ensure you have permission to create and edit API keys. For more information about permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/#" >}}).
+- Ensure you have permission to create and edit API keys. For more information about permissions, refer to [Roles and permissions]({{< relref "../roles-and-permissions/#" >}}).
 
 **To create an API key:**
 
@@ -50,3 +44,40 @@ This topic shows you how to create an API key using the Grafana UI. You can also
    - The maximum length of time is 30 days (one month). You enter a number and a letter. Valid letters include `s` for seconds,`m` for minutes, `h` for hours, `d `for days, `w` for weeks, and `M `for month. For example, `12h` is 12 hours and `1M` is 1 month (30 days).
    - If you are unsure about how long an API key should be valid, we recommend that you choose a short duration, such as a few hours. This approach limits the risk of having API keys that are valid for a long time.
 1. Click **Add**.
+
+## Migrate API Keys to Grafana service accounts
+
+You can migrate one or all API keys to [Grafana service accounts]({{< relref "../service-accounts/" >}}). When you migrate an API key to a service account, a service account will be created with a service account token.
+The API key will continue to work, and you can find it in the [Grafana service account tokens]({{< relref "../service-accounts/#service-account-benefits/#service-account-tokens" >}}) details.
+For more information about benefits of service accounts, refer to [Grafana service account benefits]({{< relref "../service-accounts/#service-account-benefits" >}}).
+
+You can choose to migrate a single API key or all API keys. Note that when you migrate all API keys, you can't create new API keys anymore and will have to use service accounts instead.
+
+### Before you begin
+
+- Ensure you have permission to create Grafana service accounts. For more information about permissions, refer to [Roles and permissions]({{< relref "../roles-and-permissions/#" >}}).
+
+**To migrate all API keys to service accounts:**
+
+1. Sign in to Grafana, hover your cursor over **Configuration** (the gear icon), and click **API Keys**.
+2. In the top of the page, find the section which says **Switch from API keys to service accounts**
+3. Click **Migrate to service accounts now**.
+4. A confirmation window will appear, asking to confirm the migration. Click **Yes, migrate now** if you are willing to continue.
+5. Once migration is successful, you can choose to forever hide the API keys page. Click **Hide API keys page forever** if you want to do that.
+
+**To migrate single API key to a service account:**
+
+1. Sign in to Grafana, hover your cursor over **Configuration** (the gear icon), and click **API Keys**.
+1. Find the API Key you want to migrate.
+1. Click **Migrate to service account**.
+
+### Revert service account token to API key
+
+**Note:** This is undesired operation and should be used only in emergency situations.
+
+It is possible to convert back service account token to API key. You can use the [Revert service account token to API key HTTP API]({{< relref "../../developers/http_api/create-api-tokens-for-org/#how-to-create-a-new-organization-and-an-api-token" >}}) for that.
+
+**The revert will perform the following actions:**
+
+1. Convert the given service account token back to API key
+1. Delete the service account associated with the given key. **Make sure there are no other tokens associated with the service account, otherwise they all will be deleted.**

docs/sources/administration/organization-preferences/_index.md

@@ -29,7 +29,7 @@ If the user is aware of the change and intended it, then that's great! But if th
 
 In Grafana, you can change your names and emails associated with groups or accounts in the Settings or Preferences. This topic provides instructions for each task.
 
-{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
+Some tasks require certain permissions. For more information about roles, refer to [Roles and permissions]({{< relref "../roles-and-permissions/" >}}).
 
 ### Change organization name
 
@@ -39,24 +39,20 @@ Grafana server administrators and organization administrators can change organiz
 
 Follow these instructions if you are a Grafana Server Admin.
 
-{{< docs/list >}}
-{{< docs/shared "manage-users/view-server-org-list.md" >}}
-
+1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears.
+1. Click **Orgs**.
 1. In the organization list, click the name of the organization that you want to change.
 1. In **Name**, enter the new organization name.
 1. Click **Update**.
-   {{< /docs/list >}}
 
 #### Organization Admin change organization name
 
 If you are an Organization Admin, follow these steps:
 
-{{< docs/list >}}
-{{< docs/shared "preferences/org-preferences-list.md" >}}
-
+1. Hover your cursor over the **Configuration** (gear) icon.
+1. Click **Preferences**.
 1. In **Organization name**, enter the new name.
 1. Click **Update organization name**.
-   {{< /docs/list >}}
 
 ### Change team name or email
 
@@ -80,7 +76,7 @@ To learn how to edit your user information, refer to [Edit your profile]({{< rel
 
 In Grafana, you can modify the UI theme configured in the Settings or Preferences. Set the UI theme for the server, an organization, a team, or your personal user account using the instructions in this topic.
 
-{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
+Some tasks require certain permissions. For more information about roles, refer to [Roles and permissions]({{< relref "../roles-and-permissions/" >}}).
 
 ### Theme options
 
@@ -112,36 +108,34 @@ To see what the current settings are, refer to [View server settings]({{< relref
 
 Organization administrators can change the UI theme for all users in an organization.
 
-{{< docs/list >}}
-{{< docs/shared "preferences/org-preferences-list.md" >}}
-{{< docs/shared "preferences/select-ui-theme-list.md" >}}
-{{< /docs/list >}}
+1. Hover your cursor over the **Configuration** (gear) icon.
+1. Click **Preferences**.
+1. In the Preferences section, select the **UI theme**.
+1. Click **Save**.
 
 ### Change team UI theme
 
 Organization and team administrators can change the UI theme for all users in a team.
 
-{{< docs/list >}}
-{{< docs/shared "manage-users/view-team-list.md" >}}
-
+1. Hover your cursor over the **Configuration** (gear) icon in the side menu.
+1. Click **Teams**. Grafana displays the team list.
 1. Click on the team that you want to change the UI theme for and then navigate to the **Settings** tab.
-   {{< docs/shared "preferences/select-ui-theme-list.md" >}}
-   {{< /docs/list >}}
+1. In the Preferences section, select the **UI theme**.
+1. Click **Save**.
 
 ### Change your personal UI theme
 
 You can change the UI theme for your user account. This setting overrides UI theme settings at higher levels.
 
-{{< docs/list >}}
-{{< docs/shared "preferences/navigate-user-preferences-list.md" >}}
-{{< docs/shared "preferences/select-ui-theme-list.md" >}}
-{{< /docs/list >}}
+1. On the left menu, hover your cursor over your avatar and then click **Preferences**.
+1. In the Preferences section, select the **UI theme**.
+1. Click **Save**.
 
 ## Change the Grafana default timezone
 
 By default, Grafana uses the timezone in your web browser. However, you can override this setting at the server, organization, team, or individual user level. This topic provides instructions for each task.
 
-{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
+Some tasks require certain permissions. For more information about roles, refer to [Roles and permissions]({{< relref "../roles-and-permissions/" >}}).
 
 ### Set server timezone
 
@@ -151,36 +145,34 @@ Grafana server administrators can choose a default timezone for all users on the
 
 Organization administrators can choose a default timezone for their organization.
 
-{{< docs/list >}}
-{{< docs/shared "preferences/org-preferences-list.md" >}}
-{{< docs/shared "preferences/select-timezone-list.md" >}}
-{{< /docs/list >}}
+1. Hover your cursor over the **Configuration** (gear) icon.
+1. Click **Preferences**.
+1. Click to select an option in the **Timezone** list. **Default** is either the browser local timezone or the timezone selected at a higher level. Refer to [Time range controls]({{< relref "../../dashboards/manage-dashboards/#configure-dashboard-time-range-controls" >}}) for more information about Grafana time settings.
+1. Click **Save**.
 
 ### Set team timezone
 
 Organization administrators and team administrators can choose a default timezone for all users in a team.
 
-{{< docs/list >}}
-{{< docs/shared "manage-users/view-team-list.md" >}}
-
+1. Hover your cursor over the **Configuration** (gear) icon in the side menu.
+1. Click **Teams**. Grafana displays the team list.
 1. Click on the team you that you want to change the timezone for and then navigate to the **Settings** tab.
-   {{< docs/shared "preferences/select-timezone-list.md" >}}
-   {{< /docs/list >}}
+1. Click to select an option in the **Timezone** list. **Default** is either the browser local timezone or the timezone selected at a higher level. Refer to [[Time range controls]({{< relref "../../dashboards/manage-dashboards/#configure-dashboard-time-range-controls" >}}) for more information about Grafana time settings.
+1. Click **Save**.
 
 ### Set your personal timezone
 
 You can change the timezone for your user account. This setting overrides timezone settings at higher levels.
 
-{{< docs/list >}}
-{{< docs/shared "preferences/navigate-user-preferences-list.md" >}}
-{{< docs/shared "preferences/select-timezone-list.md" >}}
-{{< /docs/list >}}
+1. On the left menu, hover your cursor over your avatar and then click **Preferences**.
+1. Click to select an option in the **Timezone** list. **Default** is either the browser local timezone or the timezone selected at a higher level. Refer to [Time range controls]({{< relref "../../dashboards/manage-dashboards/#configure-dashboard-time-range-controls" >}}) for more information about Grafana time settings.
+1. Click **Save**.
 
 ## Change the default home dashboard
 
 The home dashboard you set is the one all users will see by default when they log in. You can set the home dashboard for the server, an organization, a team, or your personal user account. This topic provides instructions for each task.
 
-{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
+Some tasks require certain permissions. For more information about roles, refer to [Roles and permissions]({{< relref "../roles-and-permissions/" >}}).
 
 ### Navigate to the home dashboard
 
@@ -216,30 +208,31 @@ default_home_dashboard_path = data/main-dashboard.json
 
 Organization administrators can choose a home dashboard for their organization.
 
-{{< docs/list >}}
-{{< docs/shared "preferences/navigate-to-the-dashboard-list.md" >}}
-{{< docs/shared "preferences/org-preferences-list.md" >}}
-{{< docs/shared "preferences/select-home-dashboard-list.md" >}}
-{{< /docs/list >}}
+1. Navigate to the dashboard you want to set as the home dashboard.
+1. Click the star next to the dashboard title to mark the dashboard as a favorite if it is not already.
+1. Hover your cursor over the **Configuration** (gear) icon.
+1. Click **Preferences**.
+1. In the **Home Dashboard** field, select the dashboard that you want to use for your home dashboard. Options include all starred dashboards.
+1. Click **Save**.
 
 ### Set home dashboard for your team
 
 Organization administrators and Team Admins can choose a home dashboard for a team.
 
-{{< docs/list >}}
-{{< docs/shared "preferences/navigate-to-the-dashboard-list.md" >}}
-{{< docs/shared "manage-users/view-team-list.md" >}}
-
+1. Navigate to the dashboard you want to set as the home dashboard.
+1. Click the star next to the dashboard title to mark the dashboard as a favorite if it is not already.
+1. Hover your cursor over the **Configuration** (gear) icon in the side menu.
+1. Click **Teams**. Grafana displays the team list.
 1. Click on the team that you want to change the home dashboard for and then navigate to the **Settings** tab.
-   {{< docs/shared "preferences/select-home-dashboard-list.md" >}}
-   {{< /docs/list >}}
+1. In the **Home Dashboard** field, select the dashboard that you want to use for your home dashboard. Options include all starred dashboards.
+1. Click **Save**.
 
 ### Set your personal home dashboard
 
 You can choose your own personal home dashboard. This setting overrides all home dashboards set at higher levels.
 
-{{< docs/list >}}
-{{< docs/shared "preferences/navigate-to-the-dashboard-list.md" >}}
-{{< docs/shared "preferences/navigate-user-preferences-list.md" >}}
-{{< docs/shared "preferences/select-home-dashboard-list.md" >}}
-{{< /docs/list >}}
+1. Navigate to the dashboard you want to set as the home dashboard.
+1. Click the star next to the dashboard title to mark the dashboard as a favorite if it is not already.
+1. On the left menu, hover your cursor over your avatar and then click **Preferences**.
+1. In the **Home Dashboard** field, select the dashboard that you want to use for your home dashboard. Options include all starred dashboards.
+1. Click **Save**.

docs/sources/administration/plugin-management/_index.md

@@ -43,6 +43,16 @@ Apps can also add custom pages for things like control panels.
 
 Use app plugins when you want to create an custom out-of-the-box monitoring experience.
 
+### Managing app plugins access
+
+With [RBAC]({{< relref "../roles-and-permissions/access-control/#about-rbac" >}}), it is now possible to customize access to app plugins.
+
+By default, Viewers, Editors and Admins have access to all App Plugins that their organization role allows them to access, thanks to the `fixed:plugins.app:reader` role.
+
+> **Note:** Revoking this RBAC role from some users, will prevent them from accessing app plugins. But granting this RBAC role to users will only allow them to see app plugins their organization role allows them to see.
+
+To prevent users from seeing an app plugin, refer to [this permissions scenarios]({{< relref "../roles-and-permissions/access-control/plan-rbac-rollout-strategy#prevent-viewers-from-accessing-an-app-plugin" >}}).
+
 ## Plugin catalog
 
 The Plugin catalog allows you to browse and manage plugins from within Grafana. Only Grafana server administrators and organization administrators can access and use the plugin catalog. The following access rules apply depending on the user role:

docs/sources/administration/provisioning/_index.md

@@ -233,7 +233,10 @@ datasources:
 
 > This feature is available from v7.1
 
-You can manage plugins in Grafana by adding one or more YAML config files in the [`provisioning/plugins`]({{< relref "../../setup-grafana/configure-grafana/#provisioning" >}}) directory. Each config file can contain a list of `apps` that will be updated during start up. Grafana updates each app to match the configuration file.
+You can manage plugin applications in Grafana by adding one or more YAML config files in the [`provisioning/plugins`]({{< relref "../../setup-grafana/configure-grafana/#provisioning" >}}) directory. Each config file can contain a list of `apps` that will be updated during start up. Grafana updates each app to match the configuration file.
+
+> **Note:** This feature enables you to provision plugin configurations, not the plugins themselves.
+> The plugins must already be installed on the grafana instance
 
 ### Example plugin configuration file
 
@@ -361,8 +364,590 @@ providers:
 
 > **Note:** To provision dashboards to the General folder, store them in the root of your `path`.
 
+## Alerting
+
+You can manage alert objects in Grafana by adding one or more YAML or JSON
+configuration files in the [`provisioning/alerting`]({{< relref "../../setup-grafana/configure-grafana/" >}})
+directory. Those files will be applied when starting Grafana. When Grafana
+is running, it's possible to do a hot reload using the
+[Admin API]({{< relref "../../developers/http_api/admin/#reload-provisioning-configurations" >}}).
+
+### Rules
+
+Creation
+
+```yaml
+# config file version
+apiVersion: 1
+
+# List of rule groups to import or update
+groups:
+  # <int> organization ID, default = 1
+  - orgId: 1
+    # <string, required> name of the rule group
+    name: my_rule_group
+    # <string, required> name of the folder the rule group will be stored in
+    folder: my_first_folder
+    # <duration, required> interval that the rule group should evaluated at
+    interval: 60s
+    # <list, required> list of rules that are part of the rule group
+    rules:
+      # <string, required> unique identifier for the rule
+      - uid: my_id_1
+        # <string, required> title of the rule that will be displayed in the UI
+        title: my_first_rule
+        # <string, required> which query should be used for the condition
+        condition: A
+        # <list, required> list of query objects that should be executed on each
+        #                  evaluation - should be obtained trough the API
+        data:
+          - refId: A
+            datasourceUid: '-100'
+            model:
+              conditions:
+                - evaluator:
+                    params:
+                      - 3
+                    type: gt
+                  operator:
+                    type: and
+                  query:
+                    params:
+                      - A
+                  reducer:
+                    type: last
+                  type: query
+              datasource:
+                type: __expr__
+                uid: '-100'
+              expression: 1==0
+              intervalMs: 1000
+              maxDataPoints: 43200
+              refId: A
+              type: math
+        # <string> UID of a dashboard that the alert rule should be linked to
+        dashboardUid: my_dashboard
+        # <int> ID of the panel that the alert rule should be linked to
+        panelId: 123
+        # <string> the state the alert rule will have when no data is returned
+        #          possible values: "NoData", "Alerting", "OK", default = NoData
+        noDataState: Alerting
+        # <string> the state the alert rule will have when the query execution
+        #          failed - possible values: "Error", "Alerting", "OK"
+        #          default = Alerting
+        # <duration, required> for how long should the alert fire before alerting
+        for: 60s
+        # <map<string, string>> a map of strings to pass around any data
+        annotations:
+          some_key: some_value
+        # <map<string, string> a map of strings that can be used to filter and
+        #                      route alerts
+        labels:
+          team: sre_team_1
+```
+
+Deletion
+
+```yaml
+# config file version
+apiVersion: 1
+
+# List of alert rule UIDs that should be deleted
+deleteRules:
+  # <int> organization ID, default = 1
+  - orgId: 1
+    # <string, required> unique identifier for the rule
+    uid: my_id_1
+```
+
+### Contact points
+
+Creation
+
+```yaml
+# config file version
+apiVersion: 1
+
+# List of contact points to import or update
+contactPoints:
+  # <int> organization ID, default = 1
+  - orgId: 1
+    # <string, required> name of the contact point
+    name: cp_1
+    receivers:
+      # <string, required> unique identifier for the receiver
+      - uid: first_uid
+        # <string, required> type of the receiver
+        type: prometheus-alertmanager
+        # <object, required> settings for the specific receiver type
+        settings:
+          url: http://test:9000
+```
+
+Deletion
+
+```yaml
+# config file version
+apiVersion: 1
+
+# List of receivers that should be deleted
+deleteContactPoints:
+  # <int> organization ID, default = 1
+  - orgId: 1
+    # <string, required> unique identifier for the receiver
+    uid: first_uid
+```
+
+#### Settings
+
+Here we showcase what kind of settings you can have for the different
+contact point types.
+
+##### Alertmanager
+
+```yaml
+type: prometheus-alertmanager
+settings:
+  # <string, required>
+  url: http://localhost:9093
+  # <string>
+  basicAuthUser: abc
+  # <string>
+  basicAuthPassword: abc123
+```
+
+##### DingDing
+
+```yaml
+type: dingding
+settings:
+  # <string, required>
+  url: https://oapi.dingtalk.com/robot/send?access_token=xxxxxxxxx
+  # <string> options: link, actionCard
+  msgType: link
+  # <string>
+  message: |
+    {{ template "default.message" . }}
+```
+
+##### Discord
+
+```yaml
+type: discord
+settings:
+  # <string, required>
+  url: https://discord/webhook
+  # <string>
+  avatar_url: https://my_avatar
+  # <string>
+  use_discord_username: Grafana
+  # <string>
+  message: |
+    {{ template "default.message" . }}
+```
+
+##### E-Mail
+
+```yaml
+type: email
+settings:
+  # <string, required>
+  addresses: me@example.com;you@example.com
+  # <bool>
+  singleEmail: false
+  # <string>
+  message: my optional message to include
+  # <string>
+  subject: |
+    {{ template "default.title" . }}
+```
+
+##### Google Hangouts Chat
+
+```yaml
+type: googlechat
+settings:
+  # <string, required>
+  url: https://google/webhook
+  # <string>
+  message: |
+    {{ template "default.message" . }}
+```
+
+##### Kafka
+
+```yaml
+type: kafka
+settings:
+  # <string, required>
+  kafkaRestProxy: http://localhost:8082
+  # <string, required>
+  kafkaTopic: topic1
+```
+
+##### LINE
+
+```yaml
+type: line
+settings:
+  # <string, required>
+  token: xxx
+```
+
+##### Microsoft Teams
+
+```yaml
+type: teams
+settings:
+  # <string, required>
+  url: https://ms_teams_url
+  # <string>
+  title: |
+    {{ template "default.title" . }}
+  # <string>
+  sectiontitle: ''
+  # <string>
+  message: |
+    {{ template "default.message" . }}
+```
+
+##### OpsGenie
+
+```yaml
+type: opsgenie
+settings:
+  # <string, required>
+  apiKey: xxx
+  # <string, required>
+  apiUrl: https://api.opsgenie.com/v2/alerts
+  # <string>
+  message: |
+    {{ template "default.title" . }}
+  # <string>
+  description: some descriptive description
+  # <bool>
+  autoClose: false
+  # <bool>
+  overridePriority: false
+  # <string> options: tags, details, both
+  sendTagsAs: both
+```
+
+##### PagerDuty
+
+```yaml
+type: pagerduty
+settings:
+  # <string, required>
+  integrationKey: XXX
+  # <string> options: critical, error, warning, info
+  severity: critical
+  # <string>
+  class: ping failure
+  # <string>
+  component: Grafana
+  # <string>
+  group: app-stack
+  # <string>
+  summary: |
+    {{ template "default.message" . }}
+```
+
+##### Pushover
+
+```yaml
+type: pushover
+settings:
+  # <string, required>
+  apiToken: XXX
+  # <string, required>
+  userKey: user1,user2
+  # <string>
+  device: device1,device2
+  # <string> options (high to low): 2,1,0,-1,-2
+  priority: '2'
+  # <string>
+  retry: '30'
+  # <string>
+  expire: '120'
+  # <string>
+  sound: siren
+  # <string>
+  okSound: magic
+  # <string>
+  message: |
+    {{ template "default.message" . }}
+```
+
+##### Slack
+
+```yaml
+type: slack
+settings:
+  # <string, required>
+  recipient: alerting-dev
+  # <string, required>
+  token: xxx
+  # <string>
+  username: grafana_bot
+  # <string>
+  icon_emoji: heart
+  # <string>
+  icon_url: https://icon_url
+  # <string>
+  mentionUsers: user_1,user_2
+  # <string>
+  mentionGroups: group_1,group_2
+  # <string> options: here, channel
+  mentionChannel: here
+  # <string> Optionally provide a Slack incoming webhook URL for sending messages, in this case the token isn't necessary
+  url: https://some_webhook_url
+  # <string>
+  endpointUrl: https://custom_url/api/chat.postMessage
+  # <string>
+  title: |
+    {{ template "slack.default.title" . }}
+  text: |
+    {{ template "slack.default.text" . }}
+```
+
+##### Sensu Go
+
+```yaml
+type: sensugo
+settings:
+  # <string, required>
+  url: http://sensu-api.local:8080
+  # <string, required>
+  apikey: xxx
+  # <string>
+  entity: default
+  # <string>
+  check: default
+  # <string>
+  handler: some_handler
+  # <string>
+  namespace: default
+  # <string>
+  message: |
+    {{ template "default.message" . }}
+```
+
+##### Telegram
+
+```yaml
+type: telegram
+settings:
+  # <string, required>
+  bottoken: xxx
+  # <string, required>
+  chatid: some_chat_id
+  # <string>
+  message: |
+    {{ template "default.message" . }}
+```
+
+##### Threema Gateway
+
+```yaml
+type: threema
+settings:
+  # <string, required>
+  api_secret: xxx
+  # <string, required>
+  gateway_id: A5K94S9
+  # <string, required>
+  recipient_id: A9R4KL4S
+```
+
+##### VictorOps
+
+```yaml
+type: victorops
+settings:
+  # <string, required>
+  url: XXX
+  # <string> options: CRITICAL, WARNING
+  messageType: CRITICAL
+```
+
+##### Webhook
+
+```yaml
+type: webhook
+settings:
+  # <string, required>
+  url: https://endpoint_url
+  # <string> options: POST, PUT
+  httpMethod: POST
+  # <string>
+  username: abc
+  # <string>
+  password: abc123
+  # <string>
+  authorization_scheme: Bearer
+  # <string>
+  authorization_credentials: abc123
+  # <string>
+  maxAlerts: '10'
+```
+
+##### WeCom
+
+```yaml
+type: wecom
+settings:
+  # <string, required>
+  url: https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxxxxxxx
+  # <string>
+  message: |
+    {{ template "default.message" . }}
+  # <string>
+  title: |
+    {{ template "default.title" . }}
+```
+
+### Notification policies
+
+Create
+
+```yaml
+# config file version
+apiVersion: 1
+
+# List of notification policies
+policies:
+  # <int> organization ID, default = 1
+  - orgId: 1
+    # <string> name of the contact point that should be used for this route
+    receiver: grafana-default-email
+    # <list> The labels by which incoming alerts are grouped together. For example,
+    #        multiple alerts coming in for cluster=A and alertname=LatencyHigh would
+    #        be batched into a single group.
+    #
+    #        To aggregate by all possible labels use the special value '...' as
+    #        the sole label name, for example:
+    #        group_by: ['...']
+    #        This effectively disables aggregation entirely, passing through all
+    #        alerts as-is. This is unlikely to be what you want, unless you have
+    #        a very low alert volume or your upstream notification system performs
+    #        its own grouping.
+    group_by: ['...']
+    # <list> a list of matchers that an alert has to fulfill to match the node
+    matchers:
+      - alertname = Watchdog
+      - severity =~ "warning|critical"
+    # <list> Times when the route should be muted. These must match the name of a
+    #        mute time interval.
+    #        Additionally, the root node cannot have any mute times.
+    #        When a route is muted it will not send any notifications, but
+    #        otherwise acts normally (including ending the route-matching process
+    #        if the `continue` option is not set)
+    mute_time_intervals:
+      - abc
+    # <duration> How long to initially wait to send a notification for a group
+    #            of alerts. Allows to collect more initial alerts for the same group.
+    #            (Usually ~0s to few minutes), default = 30s
+    group_wait: 30s
+    # <duration> How long to wait before sending a notification about new alerts that
+    #            are added to a group of alerts for which an initial notification has
+    #            already been sent. (Usually ~5m or more), default = 5m
+    group_internval: 5m
+    # <duration>  How long to wait before sending a notification again if it has already
+    #             been sent successfully for an alert. (Usually ~3h or more), default = 4h
+    repeat_interval: 4h
+    # <list> Zero or more child routes
+    # routes:
+    # ...
+```
+
+Reset
+
+```yaml
+# config file version
+apiVersion: 1
+
+# List of orgIds that should be reset to the default policy
+resetPolicies:
+  - 1
+```
+
+### Templates
+
+Creation
+
+```yaml
+# config file version
+apiVersion: 1
+
+# List of templates to import or update
+templates:
+  # <int> organization ID, default = 1
+  - orgID: 1
+    # <string, required> name of the template, must be unique
+    name: my_first_template
+    # <string, required> content of the the template
+    template: Alerting with a custom text template
+```
+
+Deletion
+
+```yaml
+# config file version
+apiVersion: 1
+
+# List of alert rule UIDs that should be deleted
+deleteTemplates:
+  # <int> organization ID, default = 1
+  - orgId: 1
+    # <string, required> name of the template, must be unique
+    name: my_first_template
+```
+
+### Mute timings
+
+Creation
+
+```yaml
+# config file version
+apiVersion: 1
+
+# List of mute time intervals to import or update
+muteTimes:
+  # <int> organization ID, default = 1
+  - orgId: 1
+    # <string, required> name of the mute time interval, must be unique
+    name: mti_1
+    # <list> time intervals that should trigger the muting
+    #        refer to https://prometheus.io/docs/alerting/latest/configuration/#time_interval-0
+    time_intervals:
+      - times:
+          - start_time: '06:00'
+            end_time: '23:59'
+        weekdays: ['monday:wednesday', 'saturday', 'sunday']
+        months: ['1:3', 'may:august', 'december']
+        years: ['2020:2022', '2030']
+        days_of_month: ['1:5', '-3:-1']
+```
+
+Deletion
+
+```yaml
+# config file version
+apiVersion: 1
+
+# List of mute time intervals that should be deleted
+deleteMuteTimes:
+  # <int> organization ID, default = 1
+  - orgId: 1
+    # <string, required> name of the mute time interval, must be unique
+    name: mti_1
+```
+
 ## Alert Notification Channels
 
+> **Note:** Alert Notification Channels are part of legacy alerting, which is deprecated and will be removed in Grafana 10. Use Contact Points in the alerting section above.
+
 Alert Notification Channels can be provisioned by adding one or more YAML config files in the [`provisioning/notifiers`](/administration/configuration/#provisioning) directory.
 
 Each config file can contain the following top-level fields:

docs/sources/administration/roles-and-permissions/_index.md

@@ -12,7 +12,7 @@ weight: 300
 
 # Roles and permissions
 
-A _user_ is defined as any individual who can log in to Grafana. Each user is associated with a _role_ that includes _permissions_. Permissions determine the tasks a user can perform in the system. For example, the **Admin** role includes permissions for an administrator to create and delete users.
+A _user_ is any individual who can log in to Grafana. Each user is associated with a _role_ that includes _permissions_. Permissions determine the tasks a user can perform in the system. For example, the **Admin** role includes permissions for an administrator to create and delete users.
 
 You can assign a user one of three types of permissions:
 
@@ -92,16 +92,18 @@ The following table lists permissions for each role.
 
 ## Dashboard permissions
 
-When you want to extend a viewer's ability to edit and save dashboard changes or limit an editor's permission to modify a dashboard, you can assign permissions to dashboards and dashboard folders. For example, you might want a certain viewer to be able to to edit a dashboard. While that user can _see_ all dashboards, you can grant them access to _update_ only one of them.
+When you want to extend a viewer's ability to edit and save dashboard changes or limit an editor's permission to modify a dashboard, you can assign permissions to dashboards and dashboard folders. For example, you might want a certain viewer to be able to edit a dashboard. While that user can _see_ all dashboards, you can grant them access to _update_ only one of them.
 
 > Important: The dashboard permissions you specify override the organization permissions you assign to the user for the selected entity.
 
 You can specify the following permissions to dashboards and folders.
 
-- **Admin**: Can create, edit, or delete a dashboard or folder. Administrators can also change dashboard and folder permissions.
-- **Edit**: Can create and edit dashboards. Editors _cannot_ change folder or dashboard permissions, or add, edit, or delete folders.
+- **Admin**: Can create, edit, or delete a dashboard. Can edit or delete a folder. Administrators can also change dashboard and folder permissions.
+- **Edit**: Can create, edit, or delete a dashboard. Can edit or delete a folder. Editors _cannot_ change folder or dashboard permissions.
 - **View**: Can only view dashboards and folders.
 
+> Important: When a user creates a dashboard or a folder, he is set as **Admin** of it.
+
 For more information about assigning dashboard folder permissions, refer to [Grant dashboard folder permissions]({{< relref "../user-management/manage-dashboard-permissions/#grant-dashboard-folder-permissions" >}}).
 
 For more information about assigning dashboard permissions, refer to [Grant dashboard permissions]({{< relref "../user-management/manage-dashboard-permissions/#grant-dashboard-permissions" >}}).

docs/sources/administration/roles-and-permissions/access-control/_index.md

@@ -14,6 +14,8 @@ weight: 120
 
 # Role-based access control (RBAC)
 
+> **Note:** Available in [Grafana Enterprise]({{< relref "../../../introduction/grafana-enterprise/" >}}) and [Grafana Cloud Advanced]({{< ref "/docs/grafana-cloud" >}}).
+
 RBAC provides a standardized way of granting, changing, and revoking access when it comes to viewing and modifying Grafana resources, such as dashboards, reports, and administrative settings.
 
 {{< section >}}
@@ -80,12 +82,12 @@ Assign fixed roles when the basic roles do not meet your permission requirements
 - [Dashboards and folders]({{< relref "../../../dashboards/" >}})
 - [Data sources]({{< relref "../../../datasources/" >}})
 - [Explore]({{< relref "../../../explore/" >}})
-- [Folders]({{< relref "../../../dashboards/dashboard-folders/" >}})
+- [Folders]({{< relref "../../../dashboards/manage-dashboards/#create-a-dashboard-folder" >}})
 - [LDAP]({{< relref "../../../setup-grafana/configure-security/configure-authentication/ldap/" >}})
 - [Licenses]({{< relref "../../stats-and-license/" >}})
 - [Organizations]({{< relref "../../organization-management/" >}})
 - [Provisioning]({{< relref "../../provisioning/" >}})
-- [Reports]({{< relref "../../../enterprise/reporting/" >}})
+- [Reports]({{< relref "../../../panels/create-reports/" >}})
 - [Roles]({{< relref "../../" >}})
 - [Settings]({{< relref "../../../enterprise/settings-updates/" >}})
 - [Service accounts]({{< relref "../../service-accounts/" >}})

docs/sources/administration/roles-and-permissions/access-control/assign-rbac-roles.md

@@ -11,45 +11,45 @@ weight: 40
 
 # Assign RBAC roles
 
+> **Note:** Available in [Grafana Enterprise]({{< relref "../../../introduction/grafana-enterprise/" >}}) and [Grafana Cloud Advanced]({{< ref "/docs/grafana-cloud" >}}).
+
 In this topic you'll learn how to use the role picker, provisioning, and the HTTP API to assign fixed and custom roles to users and teams.
 
 ## Assign fixed roles in the UI using the role picker
 
 This section describes how to:
 
-- Assign a fixed role to a user or team as an organization administrator.
+- Assign a fixed role to a user, team or service account as an organization administrator.
 - Assign a fixed role to a user as a server administrator. This approach enables you to assign a fixed role to a user in multiple organizations, without needing to switch organizations.
 
-In both cases, the assignment applies only to the user or team within the affected organization, and no other organizations. For example, if you grant the user the **Data source editor** role in the **Main** organization, then the user can edit data sources in the **Main** organization, but not in other organizations.
-
-> **Note:** After you apply your changes, user and team permissions update immediately, and the UI reflects the new permissions the next time they reload their browser or visit another page.
+In both cases, the assignment applies only to the user, team or service account within the affected organization, and no other organizations. For example, if you grant the user the **Data source editor** role in the **Main** organization, then the user can edit data sources in the **Main** organization, but not in other organizations.
 
 <br/>
 
 **Before you begin:**
 
 - [Plan your RBAC rollout strategy]({{< relref "./plan-rbac-rollout-strategy/" >}}).
-- Identify the fixed roles that you want to assign to the user or team.
+- Identify the fixed roles that you want to assign to the user, team or service account.
 
   For more information about available fixed roles, refer to [RBAC role definitions]({{< relref "./rbac-fixed-basic-role-definitions/" >}}).
 
 - Ensure that your own user account has the correct permissions:
-  - If you are assigning permissions to a user or team within an organization, you must have organization administrator or server administrator permissions.
+  - If you are assigning permissions to a user, team or service account within an organization, you must have organization administrator or server administrator permissions.
   - If you are assigning permissions to a user who belongs to multiple organizations, you must have server administrator permissions.
   - Your Grafana user can also assign fixed role if it has either the `fixed:roles:writer` fixed role assigned to the same organization to which you are assigning RBAC to a user, or a custom role with `users.roles:add` and `users.roles:remove` permissions.
   - Your own user account must have the roles you are granting. For example, if you would like to grant the `fixed:users:writer` role to a team, you must have that role yourself.
 
 <br/>
 
-**To assign a fixed role to a user or team:**
+**To assign a fixed role to a user, team or service account:**
 
 1. Sign in to Grafana.
-2. Switch to the organization that contains the user or team.
+2. Switch to the organization that contains the user, team or service account.
 
    For more information about switching organizations, refer to [Switch organizations]({{< relref "../../user-management/user-preferences/_index.md#switch-organizations" >}}).
 
-3. Hover your cursor over **Configuration** (the gear icon) in the left navigation menu, and click **Users** or **Teams**.
-4. In the **Role** column, select the fixed role that you want to assign to the user or team.
+3. Hover your cursor over **Configuration** (the gear icon) in the left navigation menu, and click **Users** or **Teams** or **Service Accounts**.
+4. In the **Role** column, select the fixed role that you want to assign to the user, team or service account.
 5. Click **Update**.
 
 ![User role picker in an organization](/static/img/docs/enterprise/user_role_picker_in_org.png)

docs/sources/administration/roles-and-permissions/access-control/configure-rbac.md

@@ -9,6 +9,8 @@ weight: 30
 
 # Configure RBAC in Grafana
 
+> **Note:** Available in [Grafana Enterprise]({{< relref "../../../introduction/grafana-enterprise/" >}}) and [Grafana Cloud Advanced]({{< ref "/docs/grafana-cloud" >}}).
+
 The table below describes all RBAC configuration options. Like any other Grafana configuration, you can apply these options as [environment variables]({{< relref "../../../setup-grafana/configure-grafana/#configure-with-environment-variables" >}}).
 
 | Setting            | Required | Description                                                                  | Default |

docs/sources/administration/roles-and-permissions/access-control/custom-role-actions-scopes.md

@@ -10,6 +10,8 @@ weight: 80
 
 # RBAC permissions, actions, and scopes
 
+> **Note:** Available in [Grafana Enterprise]({{< relref "../../../introduction/grafana-enterprise/" >}}) and [Grafana Cloud Advanced]({{< ref "/docs/grafana-cloud" >}}).
+
 A permission is comprised of an action and a scope. When creating a custom role, consider the actions the user can perform and the resource(s) on which they can perform those actions.
 
 To learn more about the Grafana resources to which you can apply RBAC, refer to [Resources with RBAC permissions]({{< relref "../#fixed-roles" >}}).
@@ -77,7 +79,7 @@ The following list contains role-based access control actions.
 | `licensing:read`                     | n/a                                                                                     | Read licensing information.                                                                                                                                                                      |
 | `licensing:write`                    | n/a                                                                                     | Update the license token.                                                                                                                                                                        |
 | `org.users:write`                    | `users:*` <br> `users:id:*`                                                             | Update the organization role (`Viewer`, `Editor`, or `Admin`) of a user.                                                                                                                         |
-| `org.users:add`                      | `users:*`                                                                               | Add a user to an organization.                                                                                                                                                                   |
+| `org.users:add`                      | `users:*`                                                                               | Add a user to an organization or invite a new user to an organization.                                                                                                                           |
 | `org.users:read`                     | `users:*` <br> `users:id:*`                                                             | Get user profiles within an organization.                                                                                                                                                        |
 | `org.users:remove`                   | `users:*` <br> `users:id:*`                                                             | Remove a user from an organization.                                                                                                                                                              |
 | `org:create`                         | n/a                                                                                     | Create an organization.                                                                                                                                                                          |
@@ -88,6 +90,7 @@ The following list contains role-based access control actions.
 | `orgs:delete`                        | `orgs:*` <br> `orgs:id:*`                                                               | Delete one or more organizations.                                                                                                                                                                |
 | `orgs:read`                          | `orgs:*` <br> `orgs:id:*`                                                               | Read one or more organizations.                                                                                                                                                                  |
 | `orgs:write`                         | `orgs:*` <br> `orgs:id:*`                                                               | Update one or more organizations.                                                                                                                                                                |
+| `plugins.app:access`                 | `plugins:*` <br> `plugins:id:*`                                                         | Access one or more application plugins (still enforcing the organization role)                                                                                                                   |
 | `provisioning:reload`                | `provisioners:*`                                                                        | Reload provisioning files. To find the exact scope for specific provisioner, see [Scope definitions]({{< relref "#scope-definitions" >}}).                                                       |
 | `reports:create`                     | n/a                                                                                     | Create reports.                                                                                                                                                                                  |
 | `reports:write`                      | `reports:*` <br> `reports:id:*`                                                         | Update reports.                                                                                                                                                                                  |
@@ -101,6 +104,12 @@ The following list contains role-based access control actions.
 | `roles:write`                        | `permissions:type:delegate`                                                             | Create or update a custom role.                                                                                                                                                                  |
 | `roles:write`                        | `permissions:type:escalate`                                                             | Reset basic roles to their default permissions.                                                                                                                                                  |
 | `server.stats:read`                  | n/a                                                                                     | Read Grafana instance statistics.                                                                                                                                                                |
+| `serviceaccounts:write`              | `serviceaccounts:*`                                                                     | Create Grafana service accounts.                                                                                                                                                                 |
+| `serviceaccounts:create`             | n/a                                                                                     | Update Grafana service accounts.                                                                                                                                                                 |
+| `serviceaccounts:delete`             | `serviceaccounts:*`                                                                     | Delete Grafana service accounts.                                                                                                                                                                 |
+| `serviceaccounts:read`               | `serviceaccounts:*`                                                                     | Read Grafana service accounts.                                                                                                                                                                   |
+| `serviceaccounts.permissions:write`  | `serviceaccounts:*`                                                                     | Update Grafana service account permissions to control who can do what with the service account.                                                                                                  |
+| `serviceaccounts.permissions:read`   | `serviceaccounts:*`                                                                     | Read Grafana service account permissions to see who can do what with the service account.                                                                                                        |
 | `settings:read`                      | `settings:*`<br>`settings:auth.saml:*`<br>`settings:auth.saml:enabled` (property level) | Read the [Grafana configuration settings]({{< relref "../../../setup-grafana/configure-grafana/" >}})                                                                                            |
 | `settings:write`                     | `settings:*`<br>`settings:auth.saml:*`<br>`settings:auth.saml:enabled` (property level) | Update any Grafana configuration settings that can be [updated at runtime]({{< relref "../../../enterprise/settings-updates/" >}}).                                                              |
 | `status:accesscontrol`               | `services:accesscontrol`                                                                | Get access-control enabled status.                                                                                                                                                               |
@@ -120,9 +129,9 @@ The following list contains role-based access control actions.
 | `users.permissions:write`            | `global.users:*` <br> `global.users:id:*`                                               | Update a user’s organization-level permissions.                                                                                                                                                  |
 | `users.quotas:read`                  | `global.users:*` <br> `global.users:id:*`                                               | List a user’s quotas.                                                                                                                                                                            |
 | `users.quotas:write`                 | `global.users:*` <br> `global.users:id:*`                                               | Update a user’s quotas.                                                                                                                                                                          |
-| `users.roles:add`                    | `permissions:type:delegate`                                                             | Assign a role to a user.                                                                                                                                                                         |
-| `users.roles:read`                   | `users:*`                                                                               | List roles assigned directly to a user.                                                                                                                                                          |
-| `users.roles:remove`                 | `permissions:type:delegate`                                                             | Unassign a role from a user.                                                                                                                                                                     |
+| `users.roles:add`                    | `permissions:type:delegate`                                                             | Assign a role to a user or a service account.                                                                                                                                                    |
+| `users.roles:read`                   | `users:*`                                                                               | List roles assigned directly to a user or a service account.                                                                                                                                     |
+| `users.roles:remove`                 | `permissions:type:delegate`                                                             | Unassign a role from a user or a service account.                                                                                                                                                |
 | `users:create`                       | n/a                                                                                     | Create a user.                                                                                                                                                                                   |
 | `users:delete`                       | `global.users:*` <br> `global.users:id:*`                                               | Delete a user.                                                                                                                                                                                   |
 | `users:disable`                      | `global.users:*` <br> `global.users:id:*`                                               | Disable a user.                                                                                                                                                                                  |
@@ -135,21 +144,22 @@ The following list contains role-based access control actions.
 
 The following list contains role-based access control scopes.
 
-| Scopes                                    | Descriptions                                                                                                                                                                                                                                       |
-| ----------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `annotations:*`<br>`annotations:type:*`   | Restrict an action to a set of annotations. For example, `annotations:*` matches any annotation, `annotations:type:dashboard` matches annotations associated with dashboards and `annotations:type:organization` matches organization annotations. |
-| `apikeys:*`<br>`apikeys:id:*`             | Restrict an action to a set of API keys. For example, `apikeys:*` matches any API key, `apikey:id:1` matches the API key whose id is `1`.                                                                                                          |
-| `dashboards:*`<br>`dashboards:uid:*`      | Restrict an action to a set of dashboards. For example, `dashboards:*` matches any dashboard, and `dashboards:uid:1` matches the dashboard whose UID is `1`.                                                                                       |
-| `datasources:*`<br>`datasources:uid:*`    | Restrict an action to a set of data sources. For example, `datasources:*` matches any data source, and `datasources:uid:1` matches the data source whose UID is `1`.                                                                               |
-| `folders:*`<br>`folders:uid:*`            | Restrict an action to a set of folders. For example, `folders:*` matches any folder, and `folders:uid:1` matches the folder whose UID is `1`.                                                                                                      |
-| `global.users:*` <br> `global.users:id:*` | Restrict an action to a set of global users. For example, `global.users:*` matches any user and `global.users:id:1` matches the user whose ID is `1`.                                                                                              |
-| `orgs:*` <br> `orgs:id:*`                 | Restrict an action to a set of organizations. For example, `orgs:*` matches any organization and `orgs:id:1` matches the organization whose ID is `1`.                                                                                             |
-| `permissions:type:delegate`               | The scope is only applicable for roles associated with the Access Control itself and indicates that you can delegate your permissions only, or a subset of it, by creating a new role or making an assignment.                                     |
-| `permissions:type:escalate`               | The scope is required to trigger the reset of basic roles permissions. It indicates that users might acquire additional permissions they did not previously have.                                                                                  |
-| `provisioners:*`                          | Restrict an action to a set of provisioners. For example, `provisioners:*` matches any provisioner, and `provisioners:accesscontrol` matches the role-based access control [provisioner]({{< relref "./rbac-provisioning/" >}}).                   |
-| `reports:*` <br> `reports:id:*`           | Restrict an action to a set of reports. For example, `reports:*` matches any report and `reports:id:1` matches the report whose ID is `1`.                                                                                                         |
-| `roles:*` <br> `roles:uid:*`              | Restrict an action to a set of roles. For example, `roles:*` matches any role and `roles:uid:randomuid` matches only the role whose UID is `randomuid`.                                                                                            |
-| `services:accesscontrol`                  | Restrict an action to target only the role-based access control service. You can use this in conjunction with the `status:accesscontrol` actions.                                                                                                  |
-| `settings:*`                              | Restrict an action to a subset of settings. For example, `settings:*` matches all settings, `settings:auth.saml:*` matches all SAML settings, and `settings:auth.saml:enabled` matches the enable property on the SAML settings.                   |
-| `teams:*` <br> `teams:id:*`               | Restrict an action to a set of teams from an organization. For example, `teams:*` matches any team and `teams:id:1` matches the team whose ID is `1`.                                                                                              |
-| `users:*` <br> `users:id:*`               | Restrict an action to a set of users from an organization. For example, `users:*` matches any user and `users:id:1` matches the user whose ID is `1`.                                                                                              |
+| Scopes                                          | Descriptions                                                                                                                                                                                                                                       |
+| ----------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `annotations:*`<br>`annotations:type:*`         | Restrict an action to a set of annotations. For example, `annotations:*` matches any annotation, `annotations:type:dashboard` matches annotations associated with dashboards and `annotations:type:organization` matches organization annotations. |
+| `apikeys:*`<br>`apikeys:id:*`                   | Restrict an action to a set of API keys. For example, `apikeys:*` matches any API key, `apikey:id:1` matches the API key whose id is `1`.                                                                                                          |
+| `dashboards:*`<br>`dashboards:uid:*`            | Restrict an action to a set of dashboards. For example, `dashboards:*` matches any dashboard, and `dashboards:uid:1` matches the dashboard whose UID is `1`.                                                                                       |
+| `datasources:*`<br>`datasources:uid:*`          | Restrict an action to a set of data sources. For example, `datasources:*` matches any data source, and `datasources:uid:1` matches the data source whose UID is `1`.                                                                               |
+| `folders:*`<br>`folders:uid:*`                  | Restrict an action to a set of folders. For example, `folders:*` matches any folder, and `folders:uid:1` matches the folder whose UID is `1`.                                                                                                      |
+| `global.users:*` <br> `global.users:id:*`       | Restrict an action to a set of global users. For example, `global.users:*` matches any user and `global.users:id:1` matches the user whose ID is `1`.                                                                                              |
+| `orgs:*` <br> `orgs:id:*`                       | Restrict an action to a set of organizations. For example, `orgs:*` matches any organization and `orgs:id:1` matches the organization whose ID is `1`.                                                                                             |
+| `permissions:type:delegate`                     | The scope is only applicable for roles associated with the Access Control itself and indicates that you can delegate your permissions only, or a subset of it, by creating a new role or making an assignment.                                     |
+| `permissions:type:escalate`                     | The scope is required to trigger the reset of basic roles permissions. It indicates that users might acquire additional permissions they did not previously have.                                                                                  |
+| `provisioners:*`                                | Restrict an action to a set of provisioners. For example, `provisioners:*` matches any provisioner, and `provisioners:accesscontrol` matches the role-based access control [provisioner]({{< relref "./rbac-provisioning/" >}}).                   |
+| `reports:*` <br> `reports:id:*`                 | Restrict an action to a set of reports. For example, `reports:*` matches any report and `reports:id:1` matches the report whose ID is `1`.                                                                                                         |
+| `roles:*` <br> `roles:uid:*`                    | Restrict an action to a set of roles. For example, `roles:*` matches any role and `roles:uid:randomuid` matches only the role whose UID is `randomuid`.                                                                                            |
+| `services:accesscontrol`                        | Restrict an action to target only the role-based access control service. You can use this in conjunction with the `status:accesscontrol` actions.                                                                                                  |
+| `serviceaccounts:*` <br> `serviceaccounts:id:*` | Restrict an action to a set of service account from an organization. For example, `serviceaccounts:*` matches any service account and `serviceaccount:id:1` matches the service account whose ID is `1`.                                           |
+| `settings:*`                                    | Restrict an action to a subset of settings. For example, `settings:*` matches all settings, `settings:auth.saml:*` matches all SAML settings, and `settings:auth.saml:enabled` matches the enable property on the SAML settings.                   |
+| `teams:*` <br> `teams:id:*`                     | Restrict an action to a set of teams from an organization. For example, `teams:*` matches any team and `teams:id:1` matches the team whose ID is `1`.                                                                                              |
+| `users:*` <br> `users:id:*`                     | Restrict an action to a set of users from an organization. For example, `users:*` matches any user and `users:id:1` matches the user whose ID is `1`.                                                                                              |

docs/sources/administration/roles-and-permissions/access-control/manage-rbac-roles.md

@@ -12,6 +12,8 @@ weight: 50
 
 # Manage RBAC roles
 
+> **Note:** Available in [Grafana Enterprise]({{< relref "../../../introduction/grafana-enterprise/" >}}) and [Grafana Cloud Advanced]({{< ref "/docs/grafana-cloud" >}}).
+
 This section includes instructions for how to view permissions associated with roles, create custom roles, and update and delete roles.
 
 The following example includes the base64 username:password Basic Authorization. You cannot use authorization tokens in the request.

docs/sources/administration/roles-and-permissions/access-control/plan-rbac-rollout-strategy.md

@@ -11,6 +11,8 @@ weight: 20
 
 # Plan your RBAC rollout strategy
 
+> **Note:** Available in [Grafana Enterprise]({{< relref "../../../introduction/grafana-enterprise/" >}}) and [Grafana Cloud Advanced]({{< ref "/docs/grafana-cloud" >}}).
+
 An RBAC rollout strategy helps you determine _how_ you want to implement RBAC prior to assigning RBAC roles to users and teams.
 
 Your rollout strategy should help you answer the following questions:
@@ -239,3 +241,53 @@ roles:
 ```
 
 - Or use [RBAC HTTP API]({{< relref "../../../developers/http_api/access_control/#update-a-role" >}}).
+
+### Prevent Viewers from accessing an App Plugin
+
+By default, Viewers, Editors and Admins have access to all App Plugins that their organization role allows them to access.
+To change this default behavior and prevent Viewers from accessing an App plugin, you must [update a basic role's permissions]({{< relref "./manage-rbac-roles/#update-basic-role-permissions" >}}).
+
+In this example, three App plugins have been installed and enabled:
+| Name | ID | Required Org role |
+|--------------------|-----------------------------|-------------------|
+| On Call | grafana-oncall-app | Viewer |
+| Kentik Connect Pro | kentik-connect-app | Viewer |
+| Enterprise logs | grafana-enterprise-logs-app | Admin |
+
+By default, Viewers will hence be able to see both, On Call and Kentik Connect Pro App plugins.
+If you want to revoke their access to the On Call App plugin, you need to:
+
+1. Remove the permission to access all application plugins:
+   | Action | Scope |
+   |----------------------|-------------|
+   | `plugins.app:access` | `plugins:*` |
+1. Grant the permission to access the Kentik Connect Pro App plugin only:
+   | Action | Scope |
+   |----------------------|---------------------------------|
+   | `plugins.app:access` | `plugins:id:kentik-connect-app` |
+
+Here are two ways to achieve this:
+
+- Use the `role > from` list and `permission > state` option of your provisioning file:
+
+```yaml
+---
+apiVersion: 2
+
+roles:
+  - name: 'basic:viewer'
+    version: 8
+    global: true
+    from:
+      - name: 'basic:viewer'
+        global: true
+    permissions:
+      - action: 'plugins.app:access'
+        scope: 'plugins:*'
+        state: 'absent'
+      - action: 'plugins.app:access'
+        scope: 'plugins:id:kentik-connect-app'
+        state: 'present'
+```
+
+- Or use [RBAC HTTP API]({{< relref "../../../developers/http_api/access_control/#update-a-role" >}}).

docs/sources/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions.md

@@ -11,6 +11,8 @@ weight: 70
 
 # RBAC role definitions
 
+> **Note:** Available in [Grafana Enterprise]({{< relref "../../../introduction/grafana-enterprise/" >}}) and [Grafana Cloud Advanced]({{< ref "/docs/grafana-cloud" >}}).
+
 The following tables list permissions associated with basic and fixed roles.
 
 ## Basic role assignments
@@ -20,7 +22,7 @@ The following tables list permissions associated with basic and fixed roles.
 | Grafana Admin | `fixed:roles:reader`<br>`fixed:roles:writer`<br>`fixed:users:reader`<br>`fixed:users:writer`<br>`fixed:org.users:reader`<br>`fixed:org.users:writer`<br>`fixed:ldap:reader`<br>`fixed:ldap:writer`<br>`fixed:stats:reader`<br>`fixed:settings:reader`<br>`fixed:settings:writer`<br>`fixed:provisioning:writer`<br>`fixed:organization:reader`<br>`fixed:organization:maintainer`<br>`fixed:licensing:reader`<br>`fixed:licensing:writer`                                                                                                                                                                                                                  | Default [Grafana server administrator]({{< relref "../#grafana-server-administrators" >}}) assignments.            |
 | Admin         | `fixed:reports:reader`<br>`fixed:reports:writer`<br>`fixed:datasources:reader`<br>`fixed:datasources:writer`<br>`fixed:organization:writer`<br>`fixed:datasources.permissions:reader`<br>`fixed:datasources.permissions:writer`<br>`fixed:teams:writer`<br>`fixed:dashboards:reader`<br>`fixed:dashboards:writer`<br>`fixed:dashboards.permissions:reader`<br>`fixed:dashboards.permissions:writer`<br>`fixed:folders:reader`<br>`fixes:folders:writer`<br>`fixed:folders.permissions:reader`<br>`fixed:folders.permissions:writer`<br>`fixed:alerting:writer`<br>`fixed:apikeys:reader`<br>`fixed:apikeys:writer`<br>`fixed:alerting.provisioning:writer` | Default [Grafana organization administrator]({{< relref "../#organization-users-and-permissions" >}}) assignments. |
 | Editor        | `fixed:datasources:explorer`<br>`fixed:dashboards:creator`<br>`fixed:folders:creator`<br>`fixed:annotations:writer`<br>`fixed:teams:creator` if the `editors_can_admin` configuration flag is enabled<br>`fixed:alerting:writer`                                                                                                                                                                                                                                                                                                                                                                                                                           | Default [Editor]({{< relref "../#organization-users-and-permissions" >}}) assignments.                             |
-| Viewer        | `fixed:datasources:id:reader`<br>`fixed:organization:reader`<br>`fixed:annotations:reader`<br>`fixed:annotations.dashboard:writer`<br>`fixed:alerting:reader`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | Default [Viewer]({{< relref "../#organization-users-and-permissions" >}}) assignments.                             |
+| Viewer        | `fixed:datasources:id:reader`<br>`fixed:organization:reader`<br>`fixed:annotations:reader`<br>`fixed:annotations.dashboard:writer`<br>`fixed:alerting:reader`<br>`fixed:plugins.app:reader`                                                                                                                                                                                                                                                                                                                                                                                                                                                                | Default [Viewer]({{< relref "../#organization-users-and-permissions" >}}) assignments.                             |
 
 ## Fixed role definitions
 
@@ -61,16 +63,20 @@ The following tables list permissions associated with basic and fixed roles.
 | `fixed:licensing:reader`               | `licensing:read`<br>`licensing.reports:read`                                                                                                                                                                                                                         | Read licensing information and licensing reports.                                                                                                                                                                                                                                     |
 | `fixed:licensing:writer`               | All permissions from `fixed:licensing:viewer` and <br>`licensing:write`<br>`licensing:delete`                                                                                                                                                                        | Read licensing information and licensing reports, update and delete the license token.                                                                                                                                                                                                |
 | `fixed:org.users:reader`               | `org.users:read`                                                                                                                                                                                                                                                     | Read users within a single organization.                                                                                                                                                                                                                                              |
-| `fixed:org.users:writer`               | All permissions from `fixed:org.users:reader` and <br>`org.users:add`<br>`org.users:remove`<br>`org.users:write`                                                                                                                                                     | Within a single organization, add a user, invite a user, read information about a user and their role, remove a user from that organization, or change the role of a user.                                                                                                            |
+| `fixed:org.users:writer`               | All permissions from `fixed:org.users:reader` and <br>`org.users:add`<br>`org.users:remove`<br>`org.users:write`                                                                                                                                                     | Within a single organization, add a user, invite a new user, read information about a user and their role, remove a user from that organization, or change the role of a user.                                                                                                        |
 | `fixed:organization:maintainer`        | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs:create`<br>`orgs:delete`<br>`orgs.quotas:write`                                                                                                                                      | Create, read, write, or delete an organization. Read or write its quotas. This role needs to be assigned globally.                                                                                                                                                                    |
 | `fixed:organization:reader`            | `orgs:read`<br>`orgs.quotas:read`                                                                                                                                                                                                                                    | Read an organization and its quotas.                                                                                                                                                                                                                                                  |
 | `fixed:organization:writer`            | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs.preferences:read`<br>`orgs.preferences:write`                                                                                                                                        | Read an organization, its quotas, or its preferences. Update organization properties, or its preferences.                                                                                                                                                                             |
+| `fixed:plugins.app:reader`             | `plugins.app:access`                                                                                                                                                                                                                                                 | Access application plugins (still enforcing the organization role).                                                                                                                                                                                                                   |
 | `fixed:provisioning:writer`            | `provisioning:reload`                                                                                                                                                                                                                                                | Reload provisioning.                                                                                                                                                                                                                                                                  |
 | `fixed:reports:reader`                 | `reports:read`<br>`reports:send`<br>`reports.settings:read`                                                                                                                                                                                                          | Read all reports and shared report settings.                                                                                                                                                                                                                                          |
 | `fixed:reports:writer`                 | All permissions from `fixed:reports:reader` and <br>`reports:create`<br>`reports:write`<br>`reports:delete`<br>`reports.settings:write`                                                                                                                              | Create, read, update, or delete all reports and shared report settings.                                                                                                                                                                                                               |
 | `fixed:roles:reader`                   | `roles:read`<br>`teams.roles:read`<br>`users.roles:read`<br>`users.permissions:read`                                                                                                                                                                                 | Read all access control roles, roles and permissions assigned to users, teams.                                                                                                                                                                                                        |
 | `fixed:roles:writer`                   | All permissions from `fixed:roles:reader` and <br>`roles:write`<br>`roles:delete`<br>`teams.roles:add`<br>`teams.roles:remove`<br>`users.roles:add`<br>`users.roles:remove`                                                                                          | Create, read, update, or delete all roles, assign or unassign roles to users, teams.                                                                                                                                                                                                  |
 | `fixed:roles:resetter`                 | `roles:write` with scope `permissions:type:escalate`                                                                                                                                                                                                                 | Reset basic roles to their default.                                                                                                                                                                                                                                                   |
+| `fixed:serviceaccounts:reader`         | `serviceaccounts:read`                                                                                                                                                                                                                                               | Read Grafana service accounts.                                                                                                                                                                                                                                                        |
+| `fixed:serviceaccounts:creator`        | `serviceaccounts:create`                                                                                                                                                                                                                                             | Create Grafana service accounts.                                                                                                                                                                                                                                                      |
+| `fixed:serviceaccounts:writer`         | `serviceaccounts:read`<br>`serviceaccounts:create`<br>`serviceaccounts:write`<br>`serviceaccounts:delete`<br>`serviceaccounts.permissions:read`<br>`serviceaccounts.permissions:write`                                                                               | Create, update, read and delete all Grafana service accounts and manage service account permissions.                                                                                                                                                                                  |
 | `fixed:settings:reader`                | `settings:read`                                                                                                                                                                                                                                                      | Read Grafana instance settings.                                                                                                                                                                                                                                                       |
 | `fixed:settings:writer`                | All permissions from `fixed:settings:reader` and<br>`settings:write`                                                                                                                                                                                                 | Read and update Grafana instance settings.                                                                                                                                                                                                                                            |
 | `fixed:stats:reader`                   | `server.stats:read`                                                                                                                                                                                                                                                  | Read Grafana instance statistics.                                                                                                                                                                                                                                                     |

docs/sources/administration/roles-and-permissions/access-control/rbac-provisioning.md

@@ -10,9 +10,9 @@ weight: 60
 
 # Grafana RBAC provisioning
 
-You can create, change or remove [Custom roles]({{< relref "./manage-rbac-roles/#create-custom-roles-using-provisioning" >}}) and create or remove [basic role assignments]({{< relref "./assign-rbac-roles/#assign-a-fixed-role-to-a-basic-role-using-provisioning" >}}), by adding one or more YAML configuration files in the `provisioning/access-control/` directory.
+> **Note:** Available in [Grafana Enterprise]({{< relref "../../../introduction/grafana-enterprise/" >}}) and [Grafana Cloud Advanced]({{< ref "/docs/grafana-cloud" >}}).
 
-If you choose to use provisioning to assign and manage role, you must first enable it.
+You can create, change or remove [Custom roles]({{< relref "./manage-rbac-roles/#create-custom-roles-using-provisioning" >}}) and create or remove [basic role assignments]({{< relref "./assign-rbac-roles/#assign-a-fixed-role-to-a-basic-role-using-provisioning" >}}), by adding one or more YAML configuration files in the `provisioning/access-control/` directory.
 
 Grafana performs provisioning during startup. After you make a change to the configuration file, you can reload it during runtime. You do not need to restart the Grafana server for your changes to take effect.
 

docs/sources/administration/service-accounts/index.md

@@ -16,15 +16,9 @@ weight: 800
 
 # Service accounts
 
-You can use service accounts to run automated or compute workloads.
+You can use a service account to run automated workloads in Grafana, such as dashboard provisioning, configuration, or report generation. Create service accounts and tokens to authenticate applications, such as Terraform, with the Grafana API.
 
-{{< section >}}
-
-## About service accounts
-
-A service account can be used to run automated workloads in Grafana, like dashboard provisioning, configuration, or report generation. Create service accounts and tokens to authenticate applications like Terraform with the Grafana API.
-
-> **Note:** Service accounts are available in Grafana 8.5+ as a beta feature. To enable service accounts, refer to the [Enable service accounts]({{< ref "#enable-service-accounts" >}}) section. Service accounts will eventually replace [API keys]({{< relref "../api-keys/" >}}) as the primary way to authenticate applications that interact with Grafana.
+> **Note:** Service accounts will eventually replace [API keys]({{< relref "../api-keys/" >}}) as the primary way to authenticate applications that interact with Grafana.
 
 A common use case for creating a service account is to perform operations on automated or triggered tasks. You can use service accounts to:
 
@@ -37,6 +31,9 @@ In [Grafana Enterprise]({{< relref "../../enterprise/" >}}), you can also use se
 
 > **Note:** Service accounts can only act in the organization they are created for. If you have the same task that is needed for multiple organizations, we recommend creating service accounts in each organization.
 
+{{< vimeo 742056367 >}}
+<br>
+
 ## Service account tokens
 
 A service account token is a generated random string that acts as an alternative to a password when authenticating with Grafana's HTTP API.
@@ -59,47 +56,16 @@ The added benefits of service accounts to API keys include:
 - Unlike API keys, service account tokens are not associated with a specific user, which means that applications can be authenticated even if a Grafana user is deleted.
 - You can grant granular permissions to service accounts by leveraging [role-based access control]({{< relref "../roles-and-permissions/access-control/" >}}). For more information about permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/" >}}).
 
-## Enable service accounts in Grafana
-
-Service accounts are available behind the `serviceAccounts` feature toggle, available in Grafana 8.5+.
-
-You can enable service accounts by:
-
-- modifying the Grafana configuration file, or
-- configuring an environment variable
-
-### Enable service accounts in the Grafana configuration file
-
-This topic shows you how to enable service accounts by modifying the Grafana configuration file.
-
-1. Sign in to the Grafana server and locate the configuration file. For more information about finding the configuration file, refer to LINK.
-2. Open the configuration file and locate the [feature toggles section]({{< relref "../../setup-grafana/configure-grafana/#feature_toggles" >}}). Add `serviceAccounts` as a [feature_toggle]({{< relref "../../setup-grafana/configure-grafana/#feature_toggle" >}}).
-
-```
-[feature_toggles]
-# enable features, separated by spaces
-enable = serviceAccounts
-```
-
-1. Save your changes, Grafana should recognize your changes; in case of any issues we recommend restarting the Grafana server.
-
-### Enable service accounts with an environment variable
-
-This topic shows you how to enable service accounts by setting environment variables before starting Grafana.
-
-Follow the instructions to [override configuration with environment variables]({{< relref "../../setup-grafana/configure-grafana/#override-configuration-with-environment-variables" >}}). Set the following environment variable: `GF_FEATURE_TOGGLES_ENABLE = serviceAccounts`.
-
-> **Note:** Environment variables override configuration file settings.
-
 ## Create a service account in Grafana
 
 A service account can be used to run automated workloads in Grafana, like dashboard provisioning, configuration, or report generation. For more information about how you can use service accounts, refer to [About service accounts]({{< ref "#about-service-accounts" >}}).
 
 For more information about creating service accounts via the API, refer to [Create a service account in the HTTP API]({{< relref "../../developers/http_api/serviceaccount/#create-service-account" >}}).
 
+Note that the user who created a service account will also be able to read, update and delete the service account that they created, as well as permissions associated with that service account.
+
 ### Before you begin
 
-- Ensure you have added the feature toggle for service accounts `serviceAccounts`. For more information about adding the feature toggle, refer to [Enable service accounts]({{< ref "#enable-service-accounts" >}}).
 - Ensure you have permission to create and edit service accounts. By default, the organization administrator role is required to create and edit service accounts. For more information about user permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/#" >}}).
 
 ### To create a service account
@@ -121,7 +87,6 @@ You can create a service account token using the Grafana UI or via the API. For
 
 ### Before you begin
 
-- Ensure you have added the `serviceAccounts` feature toggle to Grafana. For more information about adding the feature toggle, refer to [Enable service accounts]({{< ref "#enable-service-accounts" >}}).
 - Ensure you have permission to create and edit service accounts. By default, the organization administrator role is required to create and edit service accounts. For more information about user permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/#" >}}).
 
 ### To add a token to a service account
@@ -135,3 +100,56 @@ You can create a service account token using the Grafana UI or via the API. For
    - The expiry date specifies how long you want the key to be valid.
    - If you are unsure of an expiration date, we recommend that you set the token to expire after a short time, such as a few hours or less. This limits the risk associated with a token that is valid for a long time.
 1. Click **Generate service account token**.
+
+## Assign roles to a service account in Grafana
+
+You can assign roles to a Grafana service account to control access for the associated service account tokens.
+You can assign roles to a service account using the Grafana UI or via the API. For more information about assigning a role to a service account via the API, refer to [Update service account using the HTTP API]({{< relref "../../developers/http_api/serviceaccount/#update-service-account" >}}).
+
+In [Grafana Enterprise]({{< relref "../../enterprise/" >}}), you can also [assign RBAC roles]({{< relref "../roles-and-permissions/access-control/assign-rbac-roles" >}}) to grant very specific permissions to applications that interact with Grafana.
+
+### Before you begin
+
+- Ensure you have permission to update service accounts roles. By default, the organization administrator role is required to update service accounts permissions. For more information about user permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/#" >}}).
+
+### To assign a role to a service account
+
+1. Sign in to Grafana, then hover your cursor over **Configuration** (the gear icon) in the sidebar.
+1. Click **Service accounts**.
+1. Click the service account to which you want to assign a role. As an alternative, find the service account in the list view.
+1. Assign a role using the role picker.
+1. Click **Update**.
+
+## Manage users and teams permissions for a service account in Grafana
+
+To control what and who can do with the service account you can assign permissions directly to users and teams. You can assign permissions using the Grafana UI.
+
+### Before you begin
+
+- Ensure you have permission to update user and team permissions of a service accounts. By default, the organization administrator role is required to update user and teams permissions for a service account. For more information about user permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/#" >}}).
+- Ensure you have permission to read teams.
+
+### User and team permissions for a service account
+
+You can assign on of the following permissions to a specific user or a team:
+
+1. **Edit**: A user or a team with this permission can view, edit, enable and disable a service account, and add or delete service account tokens.
+1. **Admin**: User or a team with this permission will be able to everything from **Edit** permission, as well as manage user and team permissions for a service account.
+
+### To update team permissions for a service account
+
+1. Sign in to Grafana, then hover your cursor over **Configuration** (the gear icon) in the sidebar.
+1. Click **Service accounts**.
+1. Click the service account for which you want to update team permissions a role.
+1. In the **Permissions** section at the bottom, click **Add permission**.
+1. Choose **Team** in the dropdown and select your desired team.
+1. Choose **View**, **Edit** or **Admin** role in the dropdown and click **Save**.
+
+### To update user permissions for a service account
+
+1. Sign in to Grafana, then hover your cursor over **Configuration** (the gear icon) in the sidebar.
+1. Click **Service accounts**.
+1. Click the service account for which you want to update team permissions a role.
+1. In the **Permissions** section at the bottom, click **Add permission**.
+1. Choose **User** in the dropdown and select your desired user.
+1. Choose **View**, **Edit** or **Admin** role in the dropdown and click **Save**.

docs/sources/administration/team-management/_index.md

@@ -51,7 +51,8 @@ Add a team member to an existing team whenever you want to provide access to tea
 1. Sign in to Grafana as an organization administrator.
 1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Teams**.
 1. Click the name of the team to which you want to add members, and click **Add member**.
-1. In the **Add team member** field, locate and select a user.
+1. Locate and select a user.
+1. Choose if you want to add the user as a team Member or an Admin.
 1. Click **Add to team**.
 
 ![Add team member](/static/img/docs/manage-users/add-team-member-7-3.png)
@@ -69,14 +70,14 @@ Complete this task when you want to add or modify team member permissions.
 1. Sign in to Grafana as an organization administrator or a team administrator.
 1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Teams**.
 1. Click the name of the team for which you want to add or modify team member permissions.
-1. In the team member list, find and click the user account that you want to change. You can use the search field to filter the list if necessary.
+1. In the team member list, find and click the user that you want to change. You can use the search field to filter the list if necessary.
 1. Click the **Permission** list, and then click the new user permission level.
 
 ![Change team member permissions](/static/img/docs/manage-users/change-team-permissions-7-3.png)
 
 ## Remove a team member
 
-You can remove a team member when you no longer want to apply team permissions to the user.
+You can remove a team member when you no longer want to apply team permissions to the user
 
 ### Before you begin
 

docs/sources/alerting/_index.md

@@ -11,7 +11,7 @@ weight: 114
 
 Grafana Alerting allows you to learn about problems in your systems moments after they occur. Create, manage, and take action on your alerts in a single, consolidated view, and improve your team’s ability to identify and resolve issues quickly.
 
-Grafana Alerting is available for for Grafana OSS, Grafana Enterprise, or Grafana Cloud. With Mimir and Loki alert rules you can run alert expressions closer to your data and at massive scale, all managed by the Grafana UI you are already familiar with.
+Grafana Alerting is available for Grafana OSS, Grafana Enterprise, or Grafana Cloud. With Mimir and Loki alert rules you can run alert expressions closer to your data and at massive scale, all managed by the Grafana UI you are already familiar with.
 
 Watch this video to learn more about Grafana Alerting: {{< vimeo 720001629 >}}
 
@@ -69,4 +69,4 @@ With mute timings, you can specify a time interval when you don’t want new not
 
 - [Role-based access control]({{< relref "../administration/roles-and-permissions/access-control/" >}}) in Grafana Enterprise.
 
-- [Alertmanager]({{< relref "fundamentals/alertmanager/" >}}) and [High availability]({{< relref "high-availability/_index/" >}})
+- [Alertmanager]({{< relref "fundamentals/alertmanager/" >}}) and [High availability]({{< relref "./high-availability/" >}})

docs/sources/alerting/alerting-limitations.md

@@ -21,7 +21,7 @@ As an example, if the current Prometheus version is `2.31.1`, we support >= `2.2
 
 ## Grafana is not an alert receiver
 
-Grafana is not an alert receiver; is it an alert generator. This means that Grafana cannot receive alerts from anything other than its internal alert generator.
+Grafana is not an alert receiver; it is an alert generator. This means that Grafana cannot receive alerts from anything other than its internal alert generator.
 
 Receiving alerts from Prometheus (or anything else) is not supported at the time.
 

docs/sources/alerting/alerting-rules/create-grafana-managed-rule.md

@@ -15,7 +15,7 @@ weight: 400
 
 # Create a Grafana managed alerting rule
 
-Grafana allows you to create alerting rules that query one or more data sources, reduce or transform the results and compare them to each other or to fix thresholds. When these are executed, Grafana sends notifications to the contact point. For information on Grafana Alerting, see [About Grafana Alerting]({{< relref "../about-alerting/" >}}) which explains the various components of Grafana Alerting. We also recommend that you familiarize yourself with some of the [fundamental concepts]({{< relref "../fundamentals/" >}}) of Grafana Alerting.
+Grafana allows you to create alerting rules that query one or more data sources, reduce or transform the results and compare them to each other or to fix thresholds. When these are executed, Grafana sends notifications to the contact point. For information on Grafana Alerting, see [About Grafana Alerting]({{< relref "../" >}}) which explains the various components of Grafana Alerting. We also recommend that you familiarize yourself with some of the [fundamental concepts]({{< relref "../fundamentals/" >}}) of Grafana Alerting.
 
 Watch this video to learn more about creating alerts: {{< vimeo 720001934 >}}
 

docs/sources/alerting/alerting-rules/create-mimir-loki-managed-recording-rule.md

@@ -27,7 +27,7 @@ You can create and manage recording rules for an external Grafana Mimir or Loki
 
   - **Loki** - The `local` rule storage type, default for the Loki data source, supports only viewing of rules. To edit rules, configure one of the other rule storage types.
 
-  - **Grafana Mimir** - use the [legacy `/api/prom` prefix](https://grafana.com/docs/mimir/latest/operators-guide/reference-http-api/#path-prefixes), not `/prometheus`. The Prometheus data source supports both Grafana Mimir and Prometheus, and Grafana expects that both the [Query API](https://grafana.com/docs/mimir/latest/operators-guide/reference-http-api/#querier--query-frontend) and [Ruler API](https://grafana.com/docs/mimir/latest/operators-guide/reference-http-api/#ruler) are under the same URL. You cannot provide a separate URL for the Ruler API.
+  - **Grafana Mimir** - use the `/prometheus` prefix. The Prometheus data source supports both Grafana Mimir and Prometheus, and Grafana expects that both the [Query API](https://grafana.com/docs/mimir/latest/operators-guide/reference-http-api/#querier--query-frontend) and [Ruler API](https://grafana.com/docs/mimir/latest/operators-guide/reference-http-api/#ruler) are under the same URL. You cannot provide a separate URL for the Ruler API.
 
 > **Note:** If you do not want to manage alerting rules for a particular Loki or Prometheus data source, go to its settings and clear the **Manage alerts via Alerting UI** checkbox.
 

docs/sources/alerting/alerting-rules/create-mimir-loki-managed-rule.md

@@ -17,7 +17,7 @@ weight: 400
 
 # Create a Grafana Mimir or Loki managed alerting rule
 
-Grafana allows you to create alerting rules for an external Grafana Mimir or Loki instance that has ruler API enabled. For information on Grafana Alerting, see [About Grafana Alerting]({{< relref "../about-alerting/" >}}) which explains the various components of Grafana Alerting. We also recommend that you familiarize yourself with some of the [fundamental concepts]({{< relref "../fundamentals/" >}}) of Grafana Alerting.
+Grafana allows you to create alerting rules for an external Grafana Mimir or Loki instance that has ruler API enabled. For information on Grafana Alerting, see [About Grafana Alerting]({{< relref "../" >}}) which explains the various components of Grafana Alerting. We also recommend that you familiarize yourself with some of the [fundamental concepts]({{< relref "../fundamentals/" >}}) of Grafana Alerting.
 
 ## Before you begin
 

docs/sources/alerting/contact-points/_index.md

@@ -20,7 +20,7 @@ Use contact points to define how your contacts are notified when an alert fires.
 
 You can configure Grafana managed contact points as well as contact points for an [external Alertmanager data source]({{< relref "../../datasources/alertmanager/" >}}). For more information, see [Alertmanager]({{< relref "../fundamentals/alertmanager/" >}}).
 
-Before you begin, see [About Grafana Alerting]({{< relref "../about-alerting/" >}}) which explains the various components of Grafana Alerting. We also recommend that you familiarize yourself with some of the [fundamental concepts]({{< relref "../fundamentals/" >}}) of Grafana Alerting.
+Before you begin, see [Grafana Alerting]({{< relref "../../alerting/" >}}) which explains the various components of Grafana Alerting. We also recommend that you familiarize yourself with some of the [fundamental concepts]({{< relref "../fundamentals/" >}}) of Grafana Alerting.
 
 - [Create contact point]({{< relref "create-contact-point/" >}})
 - [Edit contact point]({{< relref "edit-contact-point/" >}})

docs/sources/alerting/contact-points/notifiers/_index.md

@@ -10,33 +10,33 @@ keywords:
   - guide
   - contact point
   - templating
-title: List of notifiers
+title: List of contact point types
 weight: 130
 ---
 
-# List of supported notifiers
+# List of supported contact point types
 
-The following table lists the notifiers (contact point types) supported by Grafana.
+The following table lists the contact point types supported by Grafana.
 
-| Name                                          | Type                      | Grafana Alertmanager | Other Alertmanagers                                                                                      |
-| --------------------------------------------- | ------------------------- | -------------------- | -------------------------------------------------------------------------------------------------------- |
-| [DingDing](#dingdingdingtalk)                 | `dingding`                | Supported            | N/A                                                                                                      |
-| [Discord](#discord)                           | `discord`                 | Supported            | N/A                                                                                                      |
-| [Email](#email)                               | `email`                   | Supported            | Supported                                                                                                |
-| [Google Hangouts Chat](#google-hangouts-chat) | `googlechat`              | Supported            | N/A                                                                                                      |
-| [Kafka](#kafka)                               | `kafka`                   | Supported            | N/A                                                                                                      |
-| Line                                          | `line`                    | Supported            | N/A                                                                                                      |
-| Microsoft Teams                               | `teams`                   | Supported            | N/A                                                                                                      |
-| [Opsgenie](#opsgenie)                         | `opsgenie`                | Supported            | Supported                                                                                                |
-| [Pagerduty](#pagerduty)                       | `pagerduty`               | Supported            | Supported                                                                                                |
-| Prometheus Alertmanager                       | `prometheus-alertmanager` | Supported            | N/A                                                                                                      |
-| [Pushover](#pushover)                         | `pushover`                | Supported            | Supported                                                                                                |
-| Sensu                                         | `sensu`                   | Supported            | N/A                                                                                                      |
-| [Sensu Go](#sensu-go)                         | `sensugo`                 | Supported            | N/A                                                                                                      |
-| [Slack](#slack)                               | `slack`                   | Supported            | Supported                                                                                                |
-| Telegram                                      | `telegram`                | Supported            | N/A                                                                                                      |
-| Threema                                       | `threema`                 | Supported            | N/A                                                                                                      |
-| VictorOps                                     | `victorops`               | Supported            | Supported                                                                                                |
-| [Webhook](#webhook)                           | `webhook`                 | Supported            | Supported ([different format](https://prometheus.io/docs/alerting/latest/configuration/#webhook_config)) |
-| [WeCom](#wecom)                               | `wecom`                   | Supported            | N/A                                                                                                      |
-| [Zenduty](#zenduty)                           | `webhook`                 | Supported            | N/A                                                                                                      |
+| Name                                             | Type                      | Grafana Alertmanager | Other Alertmanagers                                                                                      |
+| ------------------------------------------------ | ------------------------- | -------------------- | -------------------------------------------------------------------------------------------------------- |
+| [DingDing](https://www.dingtalk.com/en)          | `dingding`                | Supported            | N/A                                                                                                      |
+| [Discord](https://discord.com/)                  | `discord`                 | Supported            | N/A                                                                                                      |
+| [Email](#email)                                  | `email`                   | Supported            | Supported                                                                                                |
+| [Google Hangouts](https://hangouts.google.com/)  | `googlechat`              | Supported            | N/A                                                                                                      |
+| [Kafka](https://kafka.apache.org/)               | `kafka`                   | Supported            | N/A                                                                                                      |
+| [Line](https://line.me/en/)                      | `line`                    | Supported            | N/A                                                                                                      |
+| [Microsoft Teams](https://teams.microsoft.com/)  | `teams`                   | Supported            | N/A                                                                                                      |
+| [Opsgenie](https://atlassian.com/opsgenie/)      | `opsgenie`                | Supported            | Supported                                                                                                |
+| [Pagerduty](https://www.pagerduty.com/)          | `pagerduty`               | Supported            | Supported                                                                                                |
+| [Prometheus Alertmanager](https://prometheus.io) | `prometheus-alertmanager` | Supported            | N/A                                                                                                      |
+| [Pushover](https://pushover.net/)                | `pushover`                | Supported            | Supported                                                                                                |
+| [Sensu](https://sensu.io/)                       | `sensu`                   | Supported            | N/A                                                                                                      |
+| [Sensu Go](https://docs.sensu.io/sensu-go/)      | `sensugo`                 | Supported            | N/A                                                                                                      |
+| [Slack](https://slack.com/)                      | `slack`                   | Supported            | Supported                                                                                                |
+| [Telegram](https://telegram.org/)                | `telegram`                | Supported            | N/A                                                                                                      |
+| [Threema](https://threema.ch/)                   | `threema`                 | Supported            | N/A                                                                                                      |
+| [VictorOps](https://help.victorops.com/)         | `victorops`               | Supported            | Supported                                                                                                |
+| [Webhook](#webhook)                              | `webhook`                 | Supported            | Supported ([different format](https://prometheus.io/docs/alerting/latest/configuration/#webhook_config)) |
+| [WeCom](#wecom)                                  | `wecom`                   | Supported            | N/A                                                                                                      |
+| [Zenduty](https://www.zenduty.com/)              | `webhook`                 | Supported            | N/A                                                                                                      |

docs/sources/alerting/fundamentals/annotation-label/_index.md

@@ -16,7 +16,7 @@ weight: 401
 
 # Annotations and labels for alerting rules
 
-Annotations and labels are key value pairs associated with alerts originating from the alerting rule, datasource response, and as a result of alerting rule evaluation. They can be used in alert notifications directly or in [templates]({{< relref "../../contact-points/message-templating/" >}}) and [template functions]({{< relref "../../contact-points/message-templating/template-functions/" >}}) to create notification contact dynamically.
+Annotations and labels are key value pairs associated with alerts originating from the alerting rule, datasource response, and as a result of alerting rule evaluation. They can be used in alert notifications directly or in [templates]({{< relref "../../contact-points/message-templating/" >}}) and [template functions]({{< relref "../../contact-points/fundamentals/annotation-label/template-functions/" >}}) to create notification contact dynamically.
 
 ## Annotations
 

docs/sources/alerting/fundamentals/annotation-label/example-template-functions.md

@@ -1,9 +1,7 @@
 ---
 aliases:
   - /docs/grafana/latest/alerting/contact-points/message-templating/example-template-functions/
-  - /docs/grafana/latest/alerting/contact-points/message-templating/template-functions/
-  - /docs/grafana/latest/alerting/message-templating/template-functions/
-  - /docs/grafana/latest/alerting/unified-alerting/message-templating/template-functions/
+  - /docs/grafana/latest/alerting/fundamentals/annotation-label/example-template-functions/
 keywords:
   - grafana
   - alerting

docs/sources/alerting/fundamentals/annotation-label/how-to-use-labels.md

@@ -26,6 +26,7 @@ This topic explains why labels are a fundamental component of alerting.
 # Grafana reserved labels
 
 > **Note:** Labels prefixed with `grafana_` are reserved by Grafana for special use. If a manually configured label is added beginning with `grafana_` it may be overwritten in case of collision.
+> To stop the Grafana Alerting engine from adding a reserved label, you can disable it via the `disabled_labels` option in [unified_alerting.reserved_labels]({{< relref "../../../setup-grafana/configure-grafana/#unified_alertingreserved_labels" >}}) configuration.
 
 Grafana reserved labels can be used in the same way as manually configured labels. The current list of available reserved labels are:
 

docs/sources/alerting/fundamentals/annotation-label/template-functions.md

@@ -3,6 +3,8 @@ aliases:
   - /docs/grafana/latest/alerting/contact-points/message-templating/template-functions/
   - /docs/grafana/latest/alerting/message-templating/template-functions/
   - /docs/grafana/latest/alerting/unified-alerting/message-templating/template-functions/
+  - /docs/grafana/latest/alerting/fundamentals/annotation-label/template-functions/
+  - /docs/grafana/latest/alerting/unified-alerting/fundamentals/annotation-label/template-functions/
 keywords:
   - grafana
   - alerting
@@ -15,7 +17,7 @@ weight: 125
 
 # Template Functions
 
-Template functions allow you to process labels and annotations to generate dynamic notifications.
+Template functions allow you to process alert evaluation results to generate dynamic notifications.
 
 | Name                                      | Argument type                                                | Return type            | Description                                                                                                                                 |
 | ----------------------------------------- | ------------------------------------------------------------ | ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- |

docs/sources/alerting/fundamentals/annotation-label/variables-label-annotation.md

@@ -87,7 +87,7 @@ no data, we can use an if statement to check for `$values.B`:
 
 ## Classic conditions
 
-If the rule uses a classic condition instead of a reduce and math expresison, then `$values` contains the combination
+If the rule uses a classic condition instead of a reduce and math expression, then `$values` contains the combination
 of the `refID` and position of the condition. For example, `{{ $values.A0 }}` and `{{ $values.A1 }}`.
 
 ## Variables
@@ -97,5 +97,5 @@ The following template variables are available when expanding annotations and la
 | Name    | Description                                                                                                                                                                                                                                                                                                                                                                                                |
 | ------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | $labels | The labels from the query or condition. For example, `{{ $labels.instance }}` and `{{ $labels.job }}`. This is unavailable when the rule uses a [classic condition]({{< relref "../../alerting-rules/create-grafana-managed-rule/#single-and-multi-dimensional-rule" >}}).                                                                                                                                 |
-| $values | The values of all reduce and math expressions that were evaluated for this alert rule. For example, `{{ $values.A }}`, `{{ $values.A.Labels }}` and `{{ $values.A.Value }}` where `A` is the `refID` of the reduce or math expression. If the rule uses a classic condition instead of a reduce and math expresison, then `$values` contains the combination of the `refID` and position of the condition. |
+| $values | The values of all reduce and math expressions that were evaluated for this alert rule. For example, `{{ $values.A }}`, `{{ $values.A.Labels }}` and `{{ $values.A.Value }}` where `A` is the `refID` of the reduce or math expression. If the rule uses a classic condition instead of a reduce and math expression, then `$values` contains the combination of the `refID` and position of the condition. |
 | $value  | The value string of the alert instance. For example, `[ var='A' labels={instance=foo} value=10 ]`.                                                                                                                                                                                                                                                                                                         |

docs/sources/alerting/fundamentals/data-source-alerting.md

@@ -0,0 +1,39 @@
+---
+aliases:
+  - /docs/grafana/latest/alerting/fundamentals/data-source-alerting/
+description: Data sources in Grafana Alerting
+title: Data sources
+weight: 100
+---
+
+# Data sources
+
+There are a number of data sources that are compatible with Grafana Alerting. Each data source is supported by a plugin. You can use one of the built-in data sources listed below, use [external data source plugins](https://grafana.com/grafana/plugins/?type=datasource), or create your own data source plugin.
+
+If you are creating your own data source plugin, make sure it is a backend plugin as Grafana Alerting requires this in order to be able to evaluate rules using the data source. Frontend data sources are not supported, because the evaluation engine runs on the backend.
+
+Specifying { "alerting": true, “backend”: true } in the plugin.json file indicates that the data source plugin is compatible with Grafana Alerting and includes the backend data-fetching code. For more information, refer to [Build a data source backend plugin](https://grafana.com/tutorials/build-a-data-source-backend-plugin/).
+
+These are the data sources that are compatible with and supported by Grafana Alerting.
+
+- [AWS CloudWatch]({{< relref "../../datasources/aws-cloudwatch/" >}})
+- [Azure Monitor]({{< relref "../../datasources/azuremonitor/" >}})
+- [Elasticsearch]({{< relref "../../datasources/elasticsearch/" >}})
+- [Google Cloud Monitoring]({{< relref "../../datasources/google-cloud-monitoring/" >}})
+- [Graphite]({{< relref "../../datasources/graphite/" >}})
+- [InfluxDB]({{< relref "../../datasources/influxdb/" >}})
+- [Loki]({{< relref "../../datasources/loki/" >}})
+- [Microsoft SQL Server MSSQL]({{< relref "../../datasources/mssql/" >}})
+- [MySQL]({{< relref "../../datasources/mysql/" >}})
+- [Open TSDB]({{< relref "../../datasources/opentsdb/" >}})
+- [PostgreSQL]({{< relref "../../datasources/postgres/" >}})
+- [Prometheus]({{< relref "../../datasources/prometheus/" >}})
+- [Jaeger]({{< relref "../../datasources/jaeger/" >}})
+- [Zipkin]({{< relref "../../datasources/zipkin/" >}})
+- [Tempo]({{< relref "../../datasources/tempo/" >}})
+- [Testdata]({{< relref "../../datasources/testdata/" >}})
+
+## Useful links
+
+- [Grafana data sources]({{< relref "../../datasources/" >}})
+- [Add a data source]({{< relref "../../datasources/add-a-data-source/" >}})

docs/sources/alerting/images-in-notifications.md

@@ -11,7 +11,7 @@ title: Images in notifications
 
 # Images in notifications
 
-Images in notifications helps recipients of alert notifications better understand why an alert has fired or resolved by including an image of the panel for the Grafana managed alert rule.
+Images in notifications helps recipients of alert notifications better understand why an alert has fired or resolved by including an image of the panel associated with the Grafana managed alert rule.
 
 > **Note**: Images in notifications are not available for Grafana Mimir and Loki managed alert rules, or when Grafana is set up to send alert notifications to an external Alertmanager.
 
@@ -20,6 +20,8 @@ If Grafana is set up to send images in notifications, it takes a screenshot of t
 1. The alert rule transitions from pending to firing
 2. The alert rule transitions from firing to OK
 
+Grafana does not support images for alert rules that are not associated with a panel. An alert rule is associated with a panel when it has both Dashboard UID and Panel ID annotations.
+
 Images are stored in the [data]({{< relref "../setup-grafana/configure-grafana/#paths" >}}) path and so Grafana must have write-access to this path. If Grafana cannot write to this path then screenshots cannot be saved to disk and an error will be logged for each failed screenshot attempt. In addition to storing images on disk, Grafana can also store the image in an external image store such as Amazon S3, Azure Blob Storage, Google Cloud Storage and even Grafana where screenshots are stored in `public/img/attachments`. Screenshots older than `temp_data_lifetime` are deleted from disk but not the external image store. If Grafana is the external image store then screenshots are deleted from `data` but not from `public/img/attachments`.
 
 > **Note**: It is recommended that you use an external image store, as not all contact points support uploading images from disk. It is also possible that the image on disk is deleted before an alert notification is sent if `temp_data_lifetime` is less than the `group_wait` and `group_interval` options used in Alertmanager.
@@ -32,8 +34,8 @@ To use images in notifications, Grafana must be set up to use [image rendering](
 
 If Grafana has been set up to use [image rendering]({{< relref "../setup-grafana/image-rendering/" >}}) images in notifications can be turned on via the `capture` option in `[unified_alerting.screenshots]`:
 
-    # Enable screenshots in notifications. This option requires a remote HTTP image rendering service. Please
-    # see [rendering] for further configuration options.
+    # Enable screenshots in notifications. This option requires the Grafana Image Renderer plugin.
+    # For more information on configuration options, refer to [rendering].
     capture = true
 
 It is recommended that `max_concurrent_screenshots` is set to a value that is less than or equal to `concurrent_render_request_limit`. The default value for both `max_concurrent_screenshots` and `concurrent_render_request_limit` is `5`:
@@ -69,7 +71,7 @@ Images in notifications are supported in the following notifiers and additional
 | Opsgenie                | No                      | Yes                     |
 | Pagerduty               | No                      | Yes                     |
 | Prometheus Alertmanager | No                      | No                      |
-| Pushover                | No                      | No                      |
+| Pushover                | Yes                     | No                      |
 | Sensu Go                | No                      | No                      |
 | Slack                   | No                      | Yes                     |
 | Telegram                | No                      | No                      |

docs/sources/alerting/migrating-alerts/_index.md

@@ -3,6 +3,7 @@ aliases:
   - /docs/grafana/latest/alerting/migrating-alerts/
   - /docs/grafana/latest/alerting/unified-alerting/
   - /docs/grafana/latest/alerting/unified-alerting/difference-old-new/
+  - /docs/grafana/latest/alerting/difference-old-new/
 description: Upgrade Grafana alerts
 title: Upgrade to Grafana Alerting
 weight: 101
@@ -12,7 +13,7 @@ weight: 101
 
 Grafana Alerting is enabled by default for new installations or existing installations whether or not legacy alerting is configured.
 
-> **Note**: We recommend that Grafana Enterprise customers with more than a dozen Grafana dashboard alert rules do not upgrade and remain on legacy alerting for now by [opting out]({{< relref "opt-out/" >}}). If you do want to upgrade to Grafana Alerting, contact customer support.
+> **Note**: When upgrading, your dashboard alerts are migrated to a new format. This migration can be rolled back easily by [opting out]({{< relref "opt-out/" >}}). If you have any questions regarding this migration, please contact us.
 
 Existing installations that do not use legacy alerting will have Grafana Alerting enabled by default unless alerting is disabled in the configuration.
 

docs/sources/alerting/migrating-alerts/migrating-legacy-alerts.md

@@ -1,5 +1,6 @@
 ---
 aliases:
+  - /docs/grafana/latest/alerting/migrating-alerts/differences-and-limitations/
   - /docs/grafana/latest/alerting/migrating-alerts/migrating-legacy-alerts/
   - /docs/grafana/latest/alerting/migrating-legacy-alerts/
   - /docs/grafana/latest/alerting/unified-alerting/opt-in/
@@ -10,22 +11,27 @@ weight: 106
 
 # Differences and limitations
 
-When Grafana Alerting is enabled or upgraded to Grafana 9.0 or later, existing legacy dashboard alerts migrate in a format compatible with the Grafana Alerting. In the Alerting page of your Grafana instance, you can view the migrated alerts alongside any new alerts.
-This topic explains how legacy dashboard alerts are migrated and some limitations of the migration.
+There are some differences between Grafana Alerting and legacy dashboard alerts, and a number of features that are no
+longer supported. We refer to these as [Differences]({{< relref "#differences" >}}) and [Limitations]({{< relref "#limitations" >}}).
 
-> **Note:** This topic is only relevant for OSS and Enterprise customers. Contact customer support to enable or disable Grafana Alerting for your Cloud stack.
+## Differences
 
-Read and write access to legacy dashboard alerts and Grafana alerts are governed by the permissions of the folders storing them. During migration, legacy dashboard alert permissions are matched to the new rules permissions as follows:
+1. When Grafana Alerting is enabled or upgraded to Grafana 9.0 or later, existing legacy dashboard alerts migrate in a format compatible with the Grafana Alerting. In the Alerting page of your Grafana instance, you can view the migrated alerts alongside any new alerts.
+   This topic explains how legacy dashboard alerts are migrated and some limitations of the migration.
+
+2. Read and write access to legacy dashboard alerts and Grafana alerts are governed by the permissions of the folders storing them. During migration, legacy dashboard alert permissions are matched to the new rules permissions as follows:
 
 - If alert's dashboard has permissions, it will create a folder named like `Migrated {"dashboardUid": "UID", "panelId": 1, "alertId": 1}` to match permissions of the dashboard (including the inherited permissions from the folder).
 - If there are no dashboard permissions and the dashboard is under a folder, then the rule is linked to this folder and inherits its permissions.
 - If there are no dashboard permissions and the dashboard is under the General folder, then the rule is linked to the `General Alerting` folder, and the rule inherits the default permissions.
 
-> **Note:** Since there is no `Keep Last State` option for [`No Data`]({{< relref "../alerting-rules/create-grafana-managed-rule/#no-data--error-handling" >}}) in Grafana Alerting, this option becomes `NoData` during the legacy rules migration. Option "Keep Last State" for [`Error handling`]({{< relref "../alerting-rules/create-grafana-managed-rule/#no-data--error-handling" >}}) is migrated to a new option `Error`. To match the behavior of the `Keep Last State`, in both cases, during the migration Grafana automatically creates a [silence]({{< relref "../silences/" >}}) for each alert rule with a duration of 1 year.
+3. Since there is no `Keep Last State` option for [`No Data`]({{< relref "../alerting-rules/create-grafana-managed-rule/#no-data--error-handling" >}}) in Grafana Alerting, this option becomes `NoData` during the legacy rules migration. Option "Keep Last State" for [`Error handling`]({{< relref "../alerting-rules/create-grafana-managed-rule/#no-data--error-handling" >}}) is migrated to a new option `Error`. To match the behavior of the `Keep Last State`, in both cases, during the migration Grafana automatically creates a [silence]({{< relref "../silences/" >}}) for each alert rule with a duration of 1 year.
 
-Notification channels are migrated to an Alertmanager configuration with the appropriate routes and receivers. Default notification channels are added as contact points to the default route. Notification channels not associated with any Dashboard alert go to the `autogen-unlinked-channel-recv` route.
+4. Notification channels are migrated to an Alertmanager configuration with the appropriate routes and receivers. Default notification channels are added as contact points to the default route. Notification channels not associated with any Dashboard alert go to the `autogen-unlinked-channel-recv` route.
+
+5. Unlike legacy dashboard alerts where images in notifications are enabled per contact point, images in notifications for Grafana Alerting must be enabled in the Grafana configuration, either in the configuration file or environment variables, and are enabled for either all or no contact points. Please refer to the [documentation for images in notifications]({{< relref "../images-in-notifications" >}}).
 
 ## Limitations
 
-Since `Hipchat` and `Sensu` notification channels are no longer supported, legacy alerts associated with these channels are not automatically migrated to Grafana Alerting. Assign the legacy alerts to a supported notification channel so that you continue to receive notifications for those alerts.
-Silences (expiring after one year) are created for all paused dashboard alerts.
+1. Since `Hipchat` and `Sensu` notification channels are no longer supported, legacy alerts associated with these channels are not automatically migrated to Grafana Alerting. Assign the legacy alerts to a supported notification channel so that you continue to receive notifications for those alerts.
+   Silences (expiring after one year) are created for all paused dashboard alerts.

docs/sources/alerting/silences/linking-to-silence-form.md

@@ -14,8 +14,8 @@ weight: 451
 
 # Create a URL to link to a silence form
 
-When linking to a silence form, provide the default matching labels and comment via `matchers` and `comment` query parameters. The `matchers` parameter requires one more matching labels of the type `[label][operator][value]` joined by a comma while the `operator` parameter can be one of the following: `=` (equals, not regex), `!=` (not equals, not regex), `=~` (equals, regex), `!~` (not equals, regex).
-
-For example, to link to silence form with matching labels `severity=critical` & `cluster!~europe-.*` and comment `Silence critical EU alerts`, create a URL `https://mygrafana/alerting/silence/new?matchers=severity%3Dcritical%2Ccluster!~europe-*&comment=Silence%20critical%20EU%20alert`.
+When linking to a silence form, provide the default matching labels and comment via `matcher` and `comment` query parameters. The `matcher` parameter should be in the following format `[label][operator][value]` where the `operator` parameter can be one of the following: `=` (equals, not regex), `!=` (not equals, not regex), `=~` (equals, regex), `!~` (not equals, regex).
+The URL can contain many query parameters with the key `matcher`.
+For example, to link to silence form with matching labels `severity=critical` & `cluster!~europe-.*` and comment `Silence critical EU alerts`, create a URL `https://mygrafana/alerting/silence/new?matcher=severity%3Dcritical&matcher=cluster!~europe-*&comment=Silence%20critical%20EU%20alert`.
 
 To link to a new silence page for an [external Alertmanager]({{< relref "../../datasources/alertmanager/" >}}), add a `alertmanager` query parameter with the Alertmanager data source name.

docs/sources/best-practices/best-practices-for-creating-dashboards.md

@@ -51,6 +51,6 @@ Once you have a strategy or design guidelines, write them down to help maintain
 - Use the left and right Y-axes when displaying time series with different units or ranges.
 - Add documentation to dashboards and panels.
   - To add documentation to a dashboard, add a [Text panel visualization]({{< relref "../visualizations/text-panel/" >}}) to the dashboard. Record things like the purpose of the dashboard, useful resource links, and any instructions users might need to interact with the dashboard. Check out this [Wikimedia example](https://grafana.wikimedia.org/d/000000066/resourceloader?orgId=1).
-  - To add documentation to a panel, [edit the panel settings]({{< relref "../panels/working-with-panels/add-panel/" >}}) and add a description. Any text you add will appear if you hover your cursor over the small `i` in the top left corner of the panel.
+  - To add documentation to a panel, edit the panel settings and add a description. Any text you add will appear if you hover your cursor over the small `i` in the top left corner of the panel.
 - Reuse your dashboards and enforce consistency by using [templates and variables]({{< relref "../variables/" >}}).
 - Be careful with stacking graph data. The visualizations can be misleading, and hide important data. We recommend turning it off in most cases.

docs/sources/best-practices/best-practices-for-managing-dashboards.md

@@ -31,9 +31,9 @@ What is your dashboard maturity level? Analyze your current dashboard setup and
   - If you create a temporary dashboard, perhaps to test something, prefix the name with `TEST: `. Delete the dashboard when you are finished.
 - Copying dashboards with no significant changes is not a good idea.
   - You miss out on updates to the original dashboard, such as documentation changes, bug fixes, or additions to metrics.
-  - In many cases copies are being made to simply customize the view by setting template parameters. This should instead be done by maintaining a link to the master dashboard and customizing the view with [URL parameters]({{< relref "../linking/data-link-variables/" >}}).
+  - In many cases copies are being made to simply customize the view by setting template parameters. This should instead be done by maintaining a link to the master dashboard and customizing the view with [URL parameters]({{< relref "../panels/configure-data-links/#data-link-variables" >}}).
 - When you must copy a dashboard, clearly rename it and _do not_ copy the dashboard tags. Tags are important metadata for dashboards that are used during search. Copying tags can result in false matches.
 - Maintain a dashboard of dashboards or cross-reference dashboards. This can be done in several ways:
-  - Create dashboard links, panel, or data links. Links can go to other dashboards or to external systems. For more information, refer to [Linking]({{< relref "../linking/" >}}).
+  - Create dashboard links, panel, or data links. Links can go to other dashboards or to external systems. For more information, refer to [Manage dashboard links]({{< relref "../dashboards/manage-dashboard-links/" >}}).
   - Add a [Dashboard list panel]({{< relref "../visualizations/dashboard-list-panel/" >}}). You can then customize what you see by doing tag or folder searches.
   - Add a [Text panel]({{< relref "../visualizations/text-panel/" >}}) and use markdown to customize the display.

docs/sources/best-practices/dashboard-management-maturity-levels.md

@@ -53,7 +53,7 @@ How can you tell you are here?
 - Directed browsing cuts down on "guessing."
   - Template variables make it harder to “just browse” randomly or aimlessly.
   - Most dashboards should be linked to by alerts.
-  - Browsing is directed with links. For more information, refer to [Linking]({{< relref "../linking/" >}}).
+  - Browsing is directed with links. For more information, refer to [Manage dashboard links]({{< relref "../dashboards/manage-dashboard-links/" >}}).
 - Version-controlled dashboard JSON.
 
 ## High - optimized use
@@ -63,7 +63,7 @@ At this stage, you have optimized your dashboard management use with a consisten
 - Actively reducing sprawl.
   - Regularly review existing dashboards to make sure they are still relevant.
   - Only approved dashboards added to master dashboard list.
-  - Tracking dashboard use. If you're an Enterprise user, you can take advantage of [Usage insights]({{< relref "../enterprise/usage-insights/" >}}).
+  - Tracking dashboard use. If you're an Enterprise user, you can take advantage of [Usage insights]({{< relref "../dashboards/assess-dashboard-usage/" >}}).
 - Consistency by design.
 - Use scripting libraries to generate dashboards, ensure consistency in pattern and style.
   - grafonnet (Jsonnet)

docs/sources/dashboards/_index.md

@@ -10,19 +10,19 @@ weight: 80
 
 A dashboard is a set of one or more [panels]({{< relref "../panels/" >}}) organized and arranged into one or more rows. Grafana ships with a variety of panels making it easy to construct the right queries, and customize the visualization so that you can create the perfect dashboard for your need. Each panel can interact with data from any configured Grafana [data source]({{< relref "../administration/data-source-management/" >}}).
 
-Dashboard snapshots are static . Queries and expressions cannot be re-executed from snapshots. As a result, if you update any variables in your query or expression, it will not change your dashboard data.
+Dashboard snapshots are static. Queries and expressions cannot be re-executed from snapshots. As a result, if you update any variables in your query or expression, it will not change your dashboard data.
 
 Before you begin, ensure that you have configured a data source. See also:
 
 - [Use dashboards]({{< relref "use-dashboards/" >}})
-- [Dashboard folders]({{< relref "dashboard-folders/" >}})
-- [Create dashboard]({{< relref "dashboard-create/" >}})
-- [Manage dashboards]({{< relref "dashboard-manage/" >}})
+- [Create dashboard folders]({{< relref "./manage-dashboards/#create-a-dashboard-folder" >}})
+- [Add and organize panels]({{< relref "add-organize-panels/" >}})
+- [Manage dashboards]({{< relref "./manage-dashboards" >}})
+- [Public dashboards]({{< relref "dashboard-public/" >}})
 - [Annotations]({{< relref "annotations/" >}})
-- [Playlist]({{< relref "playlist/" >}})
-- [Reporting]({{< relref "reporting/" >}})
-- [Time range controls]({{< relref "time-range-controls/" >}})
+- [Playlist]({{< relref "./create-manage-playlists/" >}})
+- [Reporting]({{< relref "../share-dashboards-panels#reporting" >}})
+- [Time range controls]({{< relref "./manage-dashboards/#common-time-range-controls" >}})
 - [Dashboard version history]({{< relref "dashboard-history/" >}})
-- [Dashboard export and import]({{< relref "export-import/" >}})
+- [Dashboard export and import]({{< relref "./manage-dashboards/#export-and-import-dashboards" >}})
 - [Dashboard JSON model]({{< relref "json-model/" >}})
-- [Scripted dashboards]({{< relref "scripted-dashboards/" >}})

docs/sources/dashboards/add-organize-panels.md

@@ -0,0 +1,104 @@
+---
+aliases:
+  - /docs/grafana/latest/panels/working-with-panels/navigate-panel-editor/
+  - /docs/grafana/latest/panels/working-with-panels/navigate-inspector-panel/
+  - /docs/grafana/latest/dashboards/dashboard-create/
+  - /docs/grafana/latest/features/dashboard/dashboards/
+  - /docs/grafana/latest/panels/working-with-panels/add-panel/
+  - /docs/grafana/latest/dashboards/add-organize-panels/
+title: Add and organize panels
+menuTitle: Add and organize panels
+weight: 2
+---
+
+# Add and organize panels
+
+This section describes the areas of the Grafana panel editor.
+
+1. Panel header: The header section lists the dashboard in which the panel appears and the following controls:
+
+   - **Dashboard settings (gear) icon -** Click to access the dashboard settings.
+   - **Discard -** Discards changes you have made to the panel since you last saved the dashboard.
+   - **Save -** Saves changes you made to the panel.
+   - **Apply -** Applies changes you made and closes the panel editor, returning you to the dashboard. You will have to save the dashboard to persist the applied changes.
+
+1. Visualization preview: The visualization preview section contains the following options:
+
+   - **Table view:** Convert any visualization to a table so that you can see the data. Table views are useful for troubleshooting.
+   - **Fill:** The visualization preview fills the available space. If you change the width of the side pane or height of the bottom pane the visualization changes to fill the available space.
+   - **Actual:** The visualization preview will have the exact size as the size on the dashboard. If not enough space is available, the visualization will scale down preserving the aspect ratio.
+   - **Time range controls:** For more information, refer to [Time range controls]({{< relref "../manage-dashboards/#configure-dashboard-time-range-controls" >}}).
+
+1. Data section: The data section contains tabs where you enter queries, transform your data, and create alert rules (if applicable).
+
+   - **Query tab -** Select your data source and enter queries here. For more information, refer to [Add a query]({{< relref "../panels/query-a-data-source/add-a-query/" >}}).
+   - **Transform tab -** Apply data transformations. For more information, refer to [Transform data]({{< relref "../panels/transform-data/" >}}).
+   - **Alert tab -** Write alert rules. For more information, refer to [Overview of Grafana 8 alerting]({{< relref "../alerting/" >}}).
+
+1. Panel display options: The display options section contains tabs where you configure almost every aspect of your data visualization.
+
+> Not all options are available for each visualization.
+
+{{< figure src="/static/img/docs/panel-editor/panel-editor-8-0.png" class="docs-image--no-shadow" max-width="1500px" >}}
+
+## Open the panel inspect drawer
+
+The inspect drawer helps you understand and troubleshoot your panels. You can view the raw data for any panel, export that data to a comma-separated values (CSV) file, view query requests, and export panel and data JSON.
+
+> **Note:** Not all panel types include all tabs. For example, dashboard list panels do not have raw data to inspect, so they do not display the Stats, Data, or Query tabs.
+
+The panel inspector consists of the following options:
+
+1. The panel inspect drawer displays opens a drawer on the right side. Click the arrow in the upper right corner to expand or reduce the drawer pane.
+
+1. **Data tab -** Shows the raw data returned by the query with transformations applied. Field options such as overrides and value mappings are not applied by default.
+
+1. **Stats tab -** Shows how long your query takes and how much it returns.
+
+1. **JSON tab -** Allows you to view and copy the panel JSON, panel data JSON, and data frame structure JSON. This is useful if you are provisioning or administering Grafana.
+
+1. **Query tab -** Shows you the requests to the server sent when Grafana queries the data source.
+
+1. **Error tab -** Shows the error. Only visible when query returns error.
+
+## Create a dashboard and add a panel
+
+Dashboards and panels allow you to show your data in visual form. Each panel needs at least one query to display a visualization.
+
+**Before you begin:**
+
+- Ensure that you have the proper permissions. For more information about permissions, refer to [About users and permissions]({{< relref "../administration/roles-and-permissions/" >}}).
+- Identify the dashboard to which you want to add the panel.
+- Understand the query language of the target data source.
+- Ensure that data source for which you are writing a query has been added. For more information about adding a data source, refer to [Add a data source]({{< relref "../datasources/add-a-data-source/" >}}) if you need instructions.
+
+**To create a dashboard and add a panel**:
+
+1. Sign in to Grafana, hover your cursor over **Dashboard**, and click **+ New Dashboard**.
+1. Click **Add a new panel**.
+1. In the first line of the **Query** tab, click the drop-down list and select a data source.
+1. Write or construct a query in the query language of your data source.
+
+   For more information about data sources, refer to [Data sources]({{< relref "../datasources/" >}}) for specific guidelines.
+
+1. In the Visualization list, select a visualization type.
+
+   Grafana displays a preview of your query results with the visualization applied.
+
+   ![](/static/img/docs/panel-editor/select-visualization-8-0.png)
+
+   For more information about individual visualizations, refer to [Visualizations options]({{< relref "../visualizations/" >}}).
+
+1. Refer to the following documentation for ways you can adjust panel settings.
+
+   While not required, most visualizations need some adjustment before they properly display the information that you need.
+
+   - [Configure value mappings]({{< relref "../../panels/configure-value-mappings" >}})
+   - [Visualization-specific options]({{< relref "../../visualizations/" >}})
+   - [Override field values]({{< relref "../../panels/configure-overrides/" >}})
+   - [Configure thresholds]({{< relref "../../panels/configure-thresholds/" >}})
+   - [Configure standard options]({{< relref "../../panels/configure-standard-options/" >}})
+
+1. Add a note to describe the visualization (or describe your changes) and then click **Save** in the upper-right corner of the page.
+
+   Notes can be helpful if you need to revert the dashboard to a previous version.

docs/sources/dashboards/annotations.md

@@ -22,19 +22,37 @@ you can get event description and event tags. The text field can include links t
 
 Grafana comes with a native annotation store and the ability to add annotation events directly from the graph panel or via the [HTTP API]({{< relref "../developers/http_api/annotations/" >}}).
 
-## Adding annotations
+### Add annotation
 
-By holding down Ctrl/Cmd+Click. Adding tags to the annotation will make it searchable from other dashboards.
+1. In the dashboard click on the Time series panel. A context menu will appear.
+1. In the context menu click on **Add annotation**.
+   ![Add annotation context menu](/static/img/docs/time-series-panel/time-series-annotations-context-menu.png)
+1. Add an annotation description and tags(optional).
+   ![Add annotation popover](/static/img/docs/time-series-panel/time-series-annotations-add-annotation.png)
+1. Click save.
 
-{{< figure src="/static/img/docs/annotations/annotation-still.png"
-max-width="600px" animated-gif="/static/img/docs/annotations/annotation.gif" >}}
+Alternatively, to add an annotation, Ctrl/Cmd+Click on the Time series panel and the Add annotation popover will appear
 
-### Adding regions events
+### Add region annotation
 
-You can also hold down Ctrl/Cmd and select region to create a region annotation.
+1. In the dashboard Ctrl/Cmd+click and drag on the Time series panel.
+   ![Add annotation popover](/static/img/docs/time-series-panel/time-series-annotations-add-region-annotation.gif)
+1. Add an annotation description and tags(optional).
+1. Click save.
 
-{{< figure src="/static/img/docs/annotations/region-annotation-still.png"
-max-width="600px" animated-gif="/static/img/docs/annotations/region-annotation.gif" >}}
+### Edit annotation
+
+1. In the dashboard hover over an annotation indicator on the Time series panel.
+   ![Add annotation popover](/static/img/docs/time-series-panel/time-series-annotations-edit-annotation.gif)
+1. Click on the pencil icon in the annotation tooltip.
+1. Modify the description and/or tags.
+1. Click save.
+
+### Delete annotation
+
+1. In the dashboard hover over an annotation indicator on the Time series panel.
+   ![Add annotation popover](/static/img/docs/time-series-panel/time-series-annotations-edit-annotation.gif)
+1. Click on the trash icon in the annotation tooltip.
 
 ### Built-in query
 

docs/sources/dashboards/assess-dashboard-usage/index.md

@@ -0,0 +1,108 @@
+---
+aliases:
+  - /docs/grafana/latest/enterprise/usage-insights/
+  - /docs/grafana/latest/enterprise/usage-insights/dashboard-datasource-insights/
+  - /docs/grafana/latest/enterprise/usage-insights/presence-indicator/
+  - /docs/grafana/latest/enterprise/usage-insights/improved-search/
+  - /docs/grafana/latest/dashboards/assess-dashboard-usage/
+description: Understand how your Grafana instance is used
+keywords:
+  - grafana
+  - usage-insights
+  - enterprise
+  - presence-indicator
+  - search
+  - sort
+title: Assess dashboard usage
+weight: 200
+---
+
+# Assess dashboard usage
+
+Usage insights enables you to have a better understanding of how your Grafana instance is used.
+
+> **Note:** Available in [Grafana Enterprise]({{< relref "../" >}}) and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
+
+The usage insights feature collects a number of aggregated data and stores them in the database:
+
+- Dashboard views (aggregated and per user)
+- Data source errors
+- Data source queries
+
+The aggregated data provides you access to several features:
+
+- [Dashboard and data source insights]({{< relref "#dashboard-and-data-source-insights" >}})
+- [Presence indicator]({{< relref "#presence-indicator" >}})
+- [Sort dashboards by using insights data]({{< relref "#sort-dashboards-by-using-insights-data" >}})
+
+This feature also generates detailed logs that can be exported to Loki. Refer to [Export logs of usage insights]({{< relref "../../setup-grafana/configure-security/export-logs/" >}}).
+
+## Dashboard and data source insights
+
+For every dashboard and data source, you can access usage information.
+
+### Dashboard insights
+
+> **Note:** Available in [Grafana Enterprise]({{< relref "../" >}}) version 7.0 and later, and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
+
+To see dashboard usage information, click **Dashboard insights** in the top bar.
+
+{{< figure src="/static/img/docs/enterprise/dashboard_insights_button.png" max-width="400px" class="docs-image--no-shadow" >}}
+
+Dashboard insights show the following information:
+
+- **Stats:** The number of daily queries and errors for the past 30 days.
+- **Users & activity:** The daily view count for the last 30 days; last activities on the dashboard and recent users (with a limit of 20).
+
+{{< figure src="/static/img/docs/enterprise/dashboard_insights_stats.png" max-width="400px" class="docs-image--no-shadow" >}}{{< figure src="/static/img/docs/enterprise/dashboard_insights_users.png" max-width="400px" class="docs-image--no-shadow" >}}
+
+### Data source insights
+
+> **Note:** Available in [Grafana Enterprise]({{< relref "../" >}}) version 7.3 and later, and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
+
+Data source insights provides information about how a data source has been used in the past 30 days, such as:
+
+- Queries per day
+- Errors per day
+- Query load time per day (averaged in ms)
+
+To find data source insights:
+
+1. Go to the Data source list view.
+1. Click on a data source.
+1. Click the **Insights** tab.
+
+{{< figure src="/static/img/docs/enterprise/datasource_insights.png" max-width="650px" class="docs-image--no-shadow" >}}
+
+## Presence indicator
+
+> **Note:** Available in [Grafana Enterprise]({{< relref "../" >}}) version 7.0 and later, and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
+
+When you are signed in and looking at a dashboard, you can know who is looking at the same dashboard as you are via a presence indicator, which displays avatars of users who have recently interacted with the dashboard. The default timeframe is 10 minutes. To see the user's name, hover over the user's avatar. The avatars come from [Gravatar](https://gravatar.com) based on the user's email.
+
+When there are more active users on a dashboard than can fit within the presence indicator, click the **+X** icon. Doing so opens [dashboard insights]({{< relref "#dashboard-and-data-source-insights" >}}), which contains more details about recent user activity.
+
+{{< figure src="/static/img/docs/enterprise/presence_indicators.png" max-width="400px" class="docs-image--no-shadow" >}}
+
+To change _recent_ to something other than the past 10 minutes, edit the [configuration]({{< relref "../../setup-grafana/configure-grafana/" >}}) file:
+
+```ini
+[analytics.views]
+# Set age for recent active users
+recent_users_age = 10m
+```
+
+## Sort dashboards by using insights data
+
+> **Note:** Available in [Grafana Enterprise]({{< relref "../" >}}) version 7.0 and later, and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
+
+In the search view, you can use insights data to help you find most-used, broken, and unused dashbaords.
+
+You can sort the dashboards by:
+
+- Errors total
+- Errors 30 days
+- Views total
+- Views 30 days
+
+{{< figure src="/static/img/docs/enterprise/improved-search-7-5.png" max-width="650px" class="docs-image--no-shadow" >}}