remove passwordlessMagicLinkAuthentication feature flag

2026-01-08 10:39:41 -06:00
190 changed files with 1341 additions and 4343 deletions
@@ -129,7 +129,7 @@ DashboardLink: {
 	placement?: DashboardLinkPlacement
 }

-// Dashboard Link placement. Defines where the link should be displayed.
+// Dashboard Link placement. Defines where the link should be displayed. 
 // - "inControlsMenu" renders the link in bottom part of the dashboard controls dropdown menu
 DashboardLinkPlacement: "inControlsMenu"

@@ -932,7 +932,6 @@ CustomVariableSpec: {
 	skipUrlSync:  bool | *false
 	description?: string
 	allowCustomValue: bool | *true
-	valuesFormat?: "csv" | "json"
 }

 // Custom variable kind
@@ -935,7 +935,6 @@ CustomVariableSpec: {
 	skipUrlSync:  bool | *false
 	description?: string
 	allowCustomValue: bool | *true
-	valuesFormat?: "csv" | "json"
 }

 // Custom variable kind
@@ -222,10 +222,8 @@ lineage: schemas: [{
 			// Optional field, if you want to extract part of a series name or metric node segment.
 			// Named capture groups can be used to separate the display text and value.
 			regex?: string
-			// Optional, indicates whether a custom type variable uses CSV or JSON to define its values
-			valuesFormat?: "csv" | "json" | *"csv"
-			// Determine whether regex applies to variable value or display text
-			regexApplyTo?: #VariableRegexApplyTo
+      // Determine whether regex applies to variable value or display text
+      regexApplyTo?: #VariableRegexApplyTo
 			// Additional static options for query variable
 			staticOptions?: [...#VariableOption]
 			// Ordering of static options in relation to options returned from data source for query variable
@@ -222,10 +222,8 @@ lineage: schemas: [{
 			// Optional field, if you want to extract part of a series name or metric node segment.
 			// Named capture groups can be used to separate the display text and value.
 			regex?: string
-			// Optional, indicates whether a custom type variable uses CSV or JSON to define its values
-			valuesFormat?: "csv" | "json" | *"csv"
-			// Determine whether regex applies to variable value or display text
-			regexApplyTo?: #VariableRegexApplyTo
+      // Determine whether regex applies to variable value or display text
+      regexApplyTo?: #VariableRegexApplyTo
 			// Additional static options for query variable
 			staticOptions?: [...#VariableOption]
 			// Ordering of static options in relation to options returned from data source for query variable
@@ -133,7 +133,7 @@ DashboardLink: {
 	placement?: DashboardLinkPlacement
 }

-// Dashboard Link placement. Defines where the link should be displayed.
+// Dashboard Link placement. Defines where the link should be displayed. 
 // - "inControlsMenu" renders the link in bottom part of the dashboard controls dropdown menu
 DashboardLinkPlacement: "inControlsMenu"

@@ -936,7 +936,6 @@ CustomVariableSpec: {
 	skipUrlSync:  bool | *false
 	description?: string
 	allowCustomValue: bool | *true
-	valuesFormat?: "csv" | "json"
 }

 // Custom variable kind
@@ -1703,19 +1703,18 @@ func NewDashboardCustomVariableKind() *DashboardCustomVariableKind {
 // Custom variable specification
 // +k8s:openapi-gen=true
 type DashboardCustomVariableSpec struct {
-	Name             string                                   `json:"name"`
-	Query            string                                   `json:"query"`
-	Current          DashboardVariableOption                  `json:"current"`
-	Options          []DashboardVariableOption                `json:"options"`
-	Multi            bool                                     `json:"multi"`
-	IncludeAll       bool                                     `json:"includeAll"`
-	AllValue         *string                                  `json:"allValue,omitempty"`
-	Label            *string                                  `json:"label,omitempty"`
-	Hide             DashboardVariableHide                    `json:"hide"`
-	SkipUrlSync      bool                                     `json:"skipUrlSync"`
-	Description      *string                                  `json:"description,omitempty"`
-	AllowCustomValue bool                                     `json:"allowCustomValue"`
-	ValuesFormat     *DashboardCustomVariableSpecValuesFormat `json:"valuesFormat,omitempty"`
+	Name             string                    `json:"name"`
+	Query            string                    `json:"query"`
+	Current          DashboardVariableOption   `json:"current"`
+	Options          []DashboardVariableOption `json:"options"`
+	Multi            bool                      `json:"multi"`
+	IncludeAll       bool                      `json:"includeAll"`
+	AllValue         *string                   `json:"allValue,omitempty"`
+	Label            *string                   `json:"label,omitempty"`
+	Hide             DashboardVariableHide     `json:"hide"`
+	SkipUrlSync      bool                      `json:"skipUrlSync"`
+	Description      *string                   `json:"description,omitempty"`
+	AllowCustomValue bool                      `json:"allowCustomValue"`
 }

 // NewDashboardCustomVariableSpec creates a new DashboardCustomVariableSpec object.
@@ -2099,14 +2098,6 @@ const (
 	DashboardQueryVariableSpecStaticOptionsOrderSorted DashboardQueryVariableSpecStaticOptionsOrder = "sorted"
 )

-// +k8s:openapi-gen=true
-type DashboardCustomVariableSpecValuesFormat string
-
-const (
-	DashboardCustomVariableSpecValuesFormatCsv  DashboardCustomVariableSpecValuesFormat = "csv"
-	DashboardCustomVariableSpecValuesFormatJson DashboardCustomVariableSpecValuesFormat = "json"
-)
-
 // +k8s:openapi-gen=true
 type DashboardPanelKindOrLibraryPanelKind struct {
 	PanelKind        *DashboardPanelKind        `json:"PanelKind,omitempty"`
@@ -1548,12 +1548,6 @@ func schema_pkg_apis_dashboard_v2alpha1_DashboardCustomVariableSpec(ref common.R
 							Format:  "",
 						},
 					},
-					"valuesFormat": {
-						SchemaProps: spec.SchemaProps{
-							Type:   []string{"string"},
-							Format: "",
-						},
-					},
 				},
 				Required: []string{"name", "query", "current", "options", "multi", "includeAll", "hide", "skipUrlSync", "allowCustomValue"},
 			},
@@ -939,7 +939,6 @@ CustomVariableSpec: {
 	skipUrlSync:  bool | *false
 	description?: string
 	allowCustomValue: bool | *true
-	valuesFormat?: "csv" | "json"
 }

 // Custom variable kind
@@ -1707,19 +1707,18 @@ func NewDashboardCustomVariableKind() *DashboardCustomVariableKind {
 // Custom variable specification
 // +k8s:openapi-gen=true
 type DashboardCustomVariableSpec struct {
-	Name             string                                   `json:"name"`
-	Query            string                                   `json:"query"`
-	Current          DashboardVariableOption                  `json:"current"`
-	Options          []DashboardVariableOption                `json:"options"`
-	Multi            bool                                     `json:"multi"`
-	IncludeAll       bool                                     `json:"includeAll"`
-	AllValue         *string                                  `json:"allValue,omitempty"`
-	Label            *string                                  `json:"label,omitempty"`
-	Hide             DashboardVariableHide                    `json:"hide"`
-	SkipUrlSync      bool                                     `json:"skipUrlSync"`
-	Description      *string                                  `json:"description,omitempty"`
-	AllowCustomValue bool                                     `json:"allowCustomValue"`
-	ValuesFormat     *DashboardCustomVariableSpecValuesFormat `json:"valuesFormat,omitempty"`
+	Name             string                    `json:"name"`
+	Query            string                    `json:"query"`
+	Current          DashboardVariableOption   `json:"current"`
+	Options          []DashboardVariableOption `json:"options"`
+	Multi            bool                      `json:"multi"`
+	IncludeAll       bool                      `json:"includeAll"`
+	AllValue         *string                   `json:"allValue,omitempty"`
+	Label            *string                   `json:"label,omitempty"`
+	Hide             DashboardVariableHide     `json:"hide"`
+	SkipUrlSync      bool                      `json:"skipUrlSync"`
+	Description      *string                   `json:"description,omitempty"`
+	AllowCustomValue bool                      `json:"allowCustomValue"`
 }

 // NewDashboardCustomVariableSpec creates a new DashboardCustomVariableSpec object.
@@ -2134,14 +2133,6 @@ const (
 	DashboardQueryVariableSpecStaticOptionsOrderSorted DashboardQueryVariableSpecStaticOptionsOrder = "sorted"
 )

-// +k8s:openapi-gen=true
-type DashboardCustomVariableSpecValuesFormat string
-
-const (
-	DashboardCustomVariableSpecValuesFormatCsv  DashboardCustomVariableSpecValuesFormat = "csv"
-	DashboardCustomVariableSpecValuesFormatJson DashboardCustomVariableSpecValuesFormat = "json"
-)
-
 // +k8s:openapi-gen=true
 type DashboardPanelKindOrLibraryPanelKind struct {
 	PanelKind        *DashboardPanelKind        `json:"PanelKind,omitempty"`
@@ -1560,12 +1560,6 @@ func schema_pkg_apis_dashboard_v2beta1_DashboardCustomVariableSpec(ref common.Re
 							Format:  "",
 						},
 					},
-					"valuesFormat": {
-						SchemaProps: spec.SchemaProps{
-							Type:   []string{"string"},
-							Format: "",
-						},
-					},
 				},
 				Required: []string{"name", "query", "current", "options", "multi", "includeAll", "hide", "skipUrlSync", "allowCustomValue"},
 			},
@@ -1336,17 +1336,6 @@ func buildCustomVariable(varMap map[string]interface{}, commonProps CommonVariab
 		customVar.Spec.AllValue = &allValue
 	}

-	if valuesFormat := schemaversion.GetStringValue(varMap, "valuesFormat"); valuesFormat != "" {
-		switch valuesFormat {
-		case string(dashv2alpha1.DashboardCustomVariableSpecValuesFormatJson):
-			format := dashv2alpha1.DashboardCustomVariableSpecValuesFormatJson
-			customVar.Spec.ValuesFormat = &format
-		case string(dashv2alpha1.DashboardCustomVariableSpecValuesFormatCsv):
-			format := dashv2alpha1.DashboardCustomVariableSpecValuesFormatCsv
-			customVar.Spec.ValuesFormat = &format
-		}
-	}
-
 	return dashv2alpha1.DashboardVariableKind{
 		CustomVariableKind: customVar,
 	}, nil
@@ -685,7 +685,6 @@ func convertVariable_V2alpha1_to_V2beta1(in *dashv2alpha1.DashboardVariableKind,
 				SkipUrlSync:      in.CustomVariableKind.Spec.SkipUrlSync,
 				Description:      in.CustomVariableKind.Spec.Description,
 				AllowCustomValue: in.CustomVariableKind.Spec.AllowCustomValue,
-				ValuesFormat:     convertCustomValuesFormat_V2alpha1_to_V2beta1(in.CustomVariableKind.Spec.ValuesFormat),
 			},
 		}
 	}
@@ -759,23 +758,6 @@ func convertVariable_V2alpha1_to_V2beta1(in *dashv2alpha1.DashboardVariableKind,
 	return nil
 }

-func convertCustomValuesFormat_V2alpha1_to_V2beta1(in *dashv2alpha1.DashboardCustomVariableSpecValuesFormat) *dashv2beta1.DashboardCustomVariableSpecValuesFormat {
-	if in == nil {
-		return nil
-	}
-
-	switch *in {
-	case dashv2alpha1.DashboardCustomVariableSpecValuesFormatJson:
-		v := dashv2beta1.DashboardCustomVariableSpecValuesFormatJson
-		return &v
-	case dashv2alpha1.DashboardCustomVariableSpecValuesFormatCsv:
-		v := dashv2beta1.DashboardCustomVariableSpecValuesFormatCsv
-		return &v
-	default:
-		return nil
-	}
-}
-
 func convertQueryVariableSpec_V2alpha1_to_V2beta1(in *dashv2alpha1.DashboardQueryVariableSpec, out *dashv2beta1.DashboardQueryVariableSpec, scope conversion.Scope) error {
 	out.Name = in.Name
 	out.Current = convertVariableOption_V2alpha1_to_V2beta1(in.Current)
@@ -82,8 +82,8 @@ cloud.google.com/go/storage v1.55.0 h1:NESjdAToN9u1tmhVqhXCaCwYBuvEhZLLv0gBr+2zn
 cloud.google.com/go/storage v1.55.0/go.mod h1:ztSmTTwzsdXe5syLVS0YsbFxXuvEmEyZj7v7zChEmuY=
 cloud.google.com/go/trace v1.11.6 h1:2O2zjPzqPYAHrn3OKl029qlqG6W8ZdYaOWRyr8NgMT4=
 cloud.google.com/go/trace v1.11.6/go.mod h1:GA855OeDEBiBMzcckLPE2kDunIpC72N+Pq8WFieFjnI=
-connectrpc.com/connect v1.19.1 h1:R5M57z05+90EfEvCY1b7hBxDVOUl45PrtXtAV2fOC14=
-connectrpc.com/connect v1.19.1/go.mod h1:tN20fjdGlewnSFeZxLKb0xwIZ6ozc3OQs2hTXy4du9w=
+connectrpc.com/connect v1.18.1 h1:PAg7CjSAGvscaf6YZKUefjoih5Z/qYkyaTrBW8xvYPw=
+connectrpc.com/connect v1.18.1/go.mod h1:0292hj1rnx8oFrStN7cB4jjVBeqs+Yx5yDIC2prWDO8=
 cuelabs.dev/go/oci/ociregistry v0.0.0-20251212221603-3adeb8663819 h1:Zh+Ur3OsoWpvALHPLT45nOekHkgOt+IOfutBbPqM17I=
 cuelabs.dev/go/oci/ociregistry v0.0.0-20251212221603-3adeb8663819/go.mod h1:WjmQxb+W6nVNCgj8nXrF24lIz95AHwnSl36tpjDZSU8=
 cuelang.org/go v0.11.1 h1:pV+49MX1mmvDm8Qh3Za3M786cty8VKPWzQ1Ho4gZRP0=
@@ -749,8 +749,6 @@ github.com/google/cel-go v0.26.1 h1:iPbVVEdkhTX++hpe3lzSk7D3G3QSYqLGoHOcEio+UXQ=
 github.com/google/cel-go v0.26.1/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PUIaryMM=
 github.com/google/flatbuffers v25.2.10+incompatible h1:F3vclr7C3HpB1k9mxCGRMXq6FdUalZ6H/pNX4FP1v0Q=
 github.com/google/flatbuffers v25.2.10+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8=
-github.com/google/gnostic v0.7.1 h1:t5Kc7j/8kYr8t2u11rykRrPPovlEMG4+xdc/SpekATs=
-github.com/google/gnostic v0.7.1/go.mod h1:KSw6sxnxEBFM8jLPfJd46xZP+yQcfE8XkiqfZx5zR28=
 github.com/google/gnostic-models v0.7.1 h1:SisTfuFKJSKM5CPZkffwi6coztzzeYUhc3v4yxLWH8c=
 github.com/google/gnostic-models v0.7.1/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@@ -889,8 +887,8 @@ github.com/grafana/prometheus-alertmanager v0.25.1-0.20250911094103-5456b6e45604
 github.com/grafana/prometheus-alertmanager v0.25.1-0.20250911094103-5456b6e45604/go.mod h1:O/QP1BCm0HHIzbKvgMzqb5sSyH88rzkFk84F4TfJjBU=
 github.com/grafana/pyroscope-go/godeltaprof v0.1.9 h1:c1Us8i6eSmkW+Ez05d3co8kasnuOY813tbMN8i/a3Og=
 github.com/grafana/pyroscope-go/godeltaprof v0.1.9/go.mod h1:2+l7K7twW49Ct4wFluZD3tZ6e0SjanjcUUBPVD/UuGU=
-github.com/grafana/pyroscope/api v1.2.1-0.20251118081820-ace37f973a0f h1:fTlIj5n4x5dU63XHItug7GLjtnaeJdPqBlqg4zlABq0=
-github.com/grafana/pyroscope/api v1.2.1-0.20251118081820-ace37f973a0f/go.mod h1:VBNcIhunCZsJ3/mcYx+j7uFf0P/108eiWa+8+Z9ll3o=
+github.com/grafana/pyroscope/api v1.2.1-0.20250415190842-3ff7247547ae h1:35W3Wjp9KWnSoV/DuymmyIj5aHE0CYlDQ5m2KeXUPAc=
+github.com/grafana/pyroscope/api v1.2.1-0.20250415190842-3ff7247547ae/go.mod h1:6CJ1uXmLZ13ufpO9xE4pST+DyaBt0uszzrV0YnoaVLQ=
 github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc h1:GN2Lv3MGO7AS6PrRoT6yV5+wkrOpcszoIsO4+4ds248=
 github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc/go.mod h1:+JKpmjMGhpgPL+rXZ5nsZieVzvarn86asRlBg4uNGnk=
 github.com/grafana/sqlds/v5 v5.0.3 h1:+yUMUxfa0WANQsmS9xtTFSRX1Q55Iv1B9EjlrW4VlBU=
@@ -217,13 +217,6 @@ metaV0Alpha1: {
 		title:        string
 		description?: string
 	}]
-	// +listType=atomic
-	addedFunctions?: [...{
-		// +listType=set
-		targets: [...string]
-		title:        string
-		description?: string
-	}]
 	// +listType=set
 	// +listMapKey=id
 	exposedComponents?: [...{
@@ -193,8 +193,6 @@ type MetaExtensions struct {
 	AddedComponents []MetaV0alpha1ExtensionsAddedComponents `json:"addedComponents,omitempty"`
 	// +listType=atomic
 	AddedLinks []MetaV0alpha1ExtensionsAddedLinks `json:"addedLinks,omitempty"`
-	// +listType=atomic
-	AddedFunctions []MetaV0alpha1ExtensionsAddedFunctions `json:"addedFunctions,omitempty"`
 	// +listType=set
 	// +listMapKey=id
 	ExposedComponents []MetaV0alpha1ExtensionsExposedComponents `json:"exposedComponents,omitempty"`
@@ -398,21 +396,6 @@ func NewMetaV0alpha1ExtensionsAddedLinks() *MetaV0alpha1ExtensionsAddedLinks {
 	}
 }

-// +k8s:openapi-gen=true
-type MetaV0alpha1ExtensionsAddedFunctions struct {
-	// +listType=set
-	Targets     []string `json:"targets"`
-	Title       string   `json:"title"`
-	Description *string  `json:"description,omitempty"`
-}
-
-// NewMetaV0alpha1ExtensionsAddedFunctions creates a new MetaV0alpha1ExtensionsAddedFunctions object.
-func NewMetaV0alpha1ExtensionsAddedFunctions() *MetaV0alpha1ExtensionsAddedFunctions {
-	return &MetaV0alpha1ExtensionsAddedFunctions{
-		Targets: []string{},
-	}
-}
-
 // +k8s:openapi-gen=true
 type MetaV0alpha1ExtensionsExposedComponents struct {
 	Id          string  `json:"id"`
@@ -367,8 +367,7 @@ func jsonDataToMetaJSONData(jsonData plugins.JSONData) pluginsv0alpha1.MetaJSOND

 	// Map Extensions
 	if len(jsonData.Extensions.AddedLinks) > 0 || len(jsonData.Extensions.AddedComponents) > 0 ||
-		len(jsonData.Extensions.ExposedComponents) > 0 || len(jsonData.Extensions.ExtensionPoints) > 0 ||
-		len(jsonData.Extensions.AddedFunctions) > 0 {
+		len(jsonData.Extensions.ExposedComponents) > 0 || len(jsonData.Extensions.ExtensionPoints) > 0 {
 		extensions := &pluginsv0alpha1.MetaExtensions{}

 		if len(jsonData.Extensions.AddedLinks) > 0 {
@@ -399,20 +398,6 @@ func jsonDataToMetaJSONData(jsonData plugins.JSONData) pluginsv0alpha1.MetaJSOND
 			}
 		}

-		if len(jsonData.Extensions.AddedFunctions) > 0 {
-			extensions.AddedFunctions = make([]pluginsv0alpha1.MetaV0alpha1ExtensionsAddedFunctions, 0, len(jsonData.Extensions.AddedFunctions))
-			for _, comp := range jsonData.Extensions.AddedFunctions {
-				v0Comp := pluginsv0alpha1.MetaV0alpha1ExtensionsAddedFunctions{
-					Targets: comp.Targets,
-					Title:   comp.Title,
-				}
-				if comp.Description != "" {
-					v0Comp.Description = &comp.Description
-				}
-				extensions.AddedFunctions = append(extensions.AddedFunctions, v0Comp)
-			}
-		}
-
 		if len(jsonData.Extensions.ExposedComponents) > 0 {
 			extensions.ExposedComponents = make([]pluginsv0alpha1.MetaV0alpha1ExtensionsExposedComponents, 0, len(jsonData.Extensions.ExposedComponents))
 			for _, comp := range jsonData.Extensions.ExposedComponents {
@@ -48,14 +48,6 @@ Recording rules can be helpful in various scenarios, such as:

 The evaluation group of the recording rule determines how often the metric is pre-computed.

-## Recommendations
-
- **Use frequent evaluation intervals**. Set frequent evaluation intervals for recording rules. Long intervals, such as an hour, can cause the recorded metric to be stale and lead to misaligned alert rule evaluations, especially when combined with a long pending period.
- **Align alert evaluation with recording frequency**. The evaluation interval of an alert rule that depends on a recorded metric should be aligned with the recording rule's interval. If a recording rule runs every 3 minutes, the alert rule should also be evaluated at a similar frequency to ensure it acts on fresh data.
- **Use `_over_time` functions for instant queries**. Since all alert rules are ultimately executed as an instant query, you can use functions like `max_over_time(my_metric[5m])` as an instant query. This allows you to get an aggregated value over a period without using a range query and a reduce expression.
-
-## Types of recording rules
-
 Similar to alert rules, Grafana supports two types of recording rules:

 1. [Grafana-managed recording rules](ref:grafana-managed-recording-rules), which can query any Grafana data source supported by alerting. It's the recommended option.
@@ -0,0 +1,57 @@
+---
+canonical: https://grafana.com/docs/grafana/latest/alerting/best-practices/
+description: This section provides a set of guides for useful alerting practices and recommendations
+keywords:
+  - grafana
+labels:
+  products:
+    - cloud
+    - enterprise
+    - oss
+menuTitle: Best practices
+title: Grafana Alerting best practices
+weight: 170
+---
+
+# Grafana Alerting best practices
+
+This section provides a set of guides and examples of best practices for Grafana Alerting. Here you can learn more about how to handle common alert management problems and you can see examples of more advanced usage of Grafana Alerting.
+
+{{< section >}}
+
+Designing and configuring an alert management set up that works takes time. Here are some additional tips on how to create an effective alert management set up:
+
+{{< shared id="alert-planning-fundamentals" >}}
+
+**Which are the key metrics for your business that you want to monitor and alert on?**
+
+- Find events that are important to know about and not so trivial or frequent that recipients ignore them.
+- Alerts should only be created for big events that require immediate attention or intervention.
+- Consider quality over quantity.
+
+**How do you want to organize your alerts and notifications?**
+
+- Be selective about who you set to receive alerts. Consider sending them to the right teams, whoever is on call, and the specific channels.
+- Think carefully about priority and severity levels.
+- Automate as far as possible provisioning Alerting resources with the API or Terraform.
+
+**Which information should you include in notifications?**
+
+- Consider who the alert receivers and responders are.
+- Share information that helps responders identify and address potential issues.
+- Link alerts to dashboards to guide responders on which data to investigate.
+
+**How can you reduce alert fatigue?**
+
+- Avoid noisy, unnecessary alerts by using silences, mute timings, or pausing alert rule evaluation.
+- Continually tune your alert rules to review effectiveness. Remove alert rules to avoid duplication or ineffective alerts.
+- Continually review your thresholds and evaluation rules.
+
+**How should you configure recording rules?**
+
+- Use frequent evaluation intervals. It is recommended to set a frequent evaluation interval for recording rules. Long intervals, such as an hour, can cause the recorded metric to be stale and lead to misaligned alert rule evaluations, especially when combined with a long pending period.
+- Understand query types. Grafana Alerting uses both **Instant** and **Range** queries. Instant queries fetch a single data point, while Range queries fetch a series of data points over time. When using a Range query in an alert condition, you must use a Reduce expression to aggregate the series into a single value.
+- Align alert evaluation with recording frequency. The evaluation interval of an alert rule that depends on a recorded metric should be aligned with the recording rule's interval. If a recording rule runs every 3 minutes, the alert rule should also be evaluated at a similar frequency to ensure it acts on fresh data.
+- Use `_over_time` functions for instant queries. Since all alert rules are ultimately executed as an instant query, you can use functions like `max_over_time(my_metric[1h])` as an instant query. This allows you to get an aggregated value over a period without using a range query and a reduce expression.
+
+{{< /shared >}}
@@ -1,7 +1,5 @@
 ---
-aliases:
-  - ../best-practices/connectivity-errors/ # /docs/grafana/<GRAFANA_VERSION>/alerting/best-practices/connectivity-errors/
-canonical: https://grafana.com/docs/grafana/latest/alerting/guides/connectivity-errors/
+canonical: https://grafana.com/docs/grafana/latest/alerting/best-practices/connectivity-errors/
 description: Learn how to detect and handle connectivity issues in alerts using Prometheus, Grafana Alerting, or both.
 keywords:
  - grafana
@@ -16,7 +14,7 @@ labels:
    - oss
 menuTitle: Handle connectivity errors
 title: Handle connectivity errors in alerts
-weight: 1020
+weight: 1010
 refs:
  pending-period:
    - pattern: /docs/grafana/
@@ -1,7 +1,5 @@
 ---
-aliases:
-  - ../best-practices/dynamic-labels/ # /docs/grafana/<GRAFANA_VERSION>/alerting/best-practices/dynamic-labels/
-canonical: https://grafana.com/docs/grafana/latest/alerting/examples/dynamic-labels
+canonical: https://grafana.com/docs/grafana/latest/alerting/best-practices/dynamic-labels
 description: This example shows how to define dynamic labels based on query values, along with important behavior to keep in mind when using them.
 keywords:
  - grafana
@@ -12,7 +10,7 @@ labels:
    - cloud
    - enterprise
    - oss
-menuTitle: Dynamic labels
+menuTitle: Examples of dynamic labels
 title: Example of dynamic labels in alert instances
 weight: 1104
 refs:
@@ -1,7 +1,5 @@
 ---
-aliases:
-  - ../best-practices/dynamic-thresholds/ # /docs/grafana/<GRAFANA_VERSION>/alerting/best-practices/dynamic-thresholds/
-canonical: https://grafana.com/docs/grafana/latest/alerting/examples/dynamic-thresholds
+canonical: https://grafana.com/docs/grafana/latest/alerting/best-practices/dynamic-thresholds
 description: This example shows how to use a distinct threshold value per dimension using multi-dimensional alerts and a Math expression.
 keywords:
  - grafana
@@ -12,7 +10,7 @@ labels:
    - cloud
    - enterprise
    - oss
-menuTitle: Dynamic thresholds
+menuTitle: Examples of dynamic thresholds
 title: Example of dynamic thresholds per dimension
 weight: 1105
 refs:
@@ -1,7 +1,5 @@
 ---
-aliases:
-  - ../best-practices/high-cardinality-alerts/ # /docs/grafana/<GRAFANA_VERSION>/alerting/best-practices/high-cardinality-alerts/
-canonical: https://grafana.com/docs/grafana/latest/alerting/examples/high-cardinality-alerts/
+canonical: https://grafana.com/docs/grafana/latest/alerting/best-practices/high-cardinality-alerts/
 description: Learn how to detect and alert on high-cardinality metrics that can overload your metrics backend and increase observability costs.
 keywords:
  - grafana
@@ -10,7 +8,7 @@ labels:
    - cloud
    - enterprise
    - oss
-menuTitle: High-cardinality alerts
+menuTitle: Examples of high-cardinality alerts
 title: Examples of high-cardinality alerts
 weight: 1105
 refs:
@@ -1,7 +1,5 @@
 ---
-aliases:
-  - ../best-practices/missing-data/ # /docs/grafana/<GRAFANA_VERSION>/alerting/best-practices/missing-data/
-canonical: https://grafana.com/docs/grafana/latest/alerting/guides/missing-data/
+canonical: https://grafana.com/docs/grafana/latest/alerting/best-practices/missing-data/
 description: Learn how to detect missing metrics and design alerts that handle gaps in data in Prometheus and Grafana Alerting.
 keywords:
  - grafana
@@ -16,7 +14,7 @@ labels:
    - oss
 menuTitle: Handle missing data
 title: Handle missing data in Grafana Alerting
-weight: 1030
+weight: 1020
 refs:
  connectivity-errors-guide:
    - pattern: /docs/grafana/
@@ -1,7 +1,5 @@
 ---
-aliases:
-  - ../best-practices/multi-dimensional-alerts/ # /docs/grafana/<GRAFANA_VERSION>/alerting/best-practices/multi-dimensional-alerts/
-canonical: https://grafana.com/docs/grafana/latest/alerting/examples/multi-dimensional-alerts/
+canonical: https://grafana.com/docs/grafana/latest/alerting/best-practices/multi-dimensional-alerts/
 description: This example shows how a single alert rule can generate multiple alert instances using time series data.
 keywords:
  - grafana
@@ -10,7 +8,7 @@ labels:
    - cloud
    - enterprise
    - oss
-menuTitle: Multi-dimensional alerts
+menuTitle: Examples of multi-dimensional alerts
 title: Example of multi-dimensional alerts on time series data
 weight: 1101
 refs:
@@ -1,7 +1,5 @@
 ---
-aliases:
-  - ../best-practices/table-data/ # /docs/grafana/<GRAFANA_VERSION>/alerting/best-practices/table-data/
-canonical: https://grafana.com/docs/grafana/latest/alerting/examples/table-data
+canonical: https://grafana.com/docs/grafana/latest/alerting/best-practices/table-data
 description: This example shows how to create an alert rule using table data.
 keywords:
  - grafana
@@ -10,7 +8,7 @@ labels:
    - cloud
    - enterprise
    - oss
-menuTitle: Table data
+menuTitle: Examples of table data
 title: Example of alerting on tabular data
 weight: 1102
 refs:
@@ -1,7 +1,5 @@
 ---
-aliases:
-  - ../best-practices/trace-based-alerts/ # /docs/grafana/<GRAFANA_VERSION>/alerting/best-practices/trace-based-alerts/
-canonical: https://grafana.com/docs/grafana/latest/alerting/examples/trace-based-alerts/
+canonical: https://grafana.com/docs/grafana/latest/alerting/best-practices/trace-based-alerts/
 description: This guide provides introductory examples and distinct approaches for setting up trace-based alerts in Grafana.
 keywords:
  - grafana
@@ -10,7 +8,7 @@ labels:
    - cloud
    - enterprise
    - oss
-title: Trace-based alerts
+title: Examples of trace-based alerts
 weight: 1103
 refs:
  testdata-data-source:
@@ -1,7 +1,5 @@
 ---
-aliases:
-  - ../best-practices/tutorials/ # /docs/grafana/<GRAFANA_VERSION>/alerting/best-practices/tutorials/
-canonical: https://grafana.com/docs/grafana/latest/alerting/examples/tutorials/
+canonical: https://grafana.com/docs/grafana/latest/alerting/best-practices/tutorials/
 description: This section provides a set of step-by-step tutorials guides to get started with Grafana Aletings.
 keywords:
  - grafana
@@ -1,22 +0,0 @@
---
-canonical: https://grafana.com/docs/grafana/latest/alerting/examples/
-description: This section provides a set of guides for useful alerting practices and recommendations
-keywords:
-  - grafana
-labels:
-  products:
-    - cloud
-    - enterprise
-    - oss
-menuTitle: Examples
-title: Examples
-weight: 180
---
-
-# Examples
-
-This section provides practical examples that show how to work with different types of alerting data, apply alert design patterns, reuse alert logic, and take advantage of specific Grafana Alerting features.
-
-This section includes:
-
-{{< section >}}
@@ -1,35 +0,0 @@
---
-canonical: https://grafana.com/docs/grafana/latest/alerting/guides/
-description: This section provides a set of guides for useful alerting practices and recommendations
-keywords:
-  - grafana
-labels:
-  products:
-    - cloud
-    - enterprise
-    - oss
-menuTitle: Guides
-title: Guides
-weight: 170
-refs:
-  examples:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/examples/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana-cloud/alerting-and-irm/alerting/examples/
-  tutorials:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/examples/tutorials/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana-cloud/alerting-and-irm/alerting/examples/tutorials/
---
-
-# Guides
-
-Guides in the Grafana Alerting documentation provide best practices and practical recommendations to help you move from a basic alerting setup to real-world use cases.
-
-These guides cover topics such as:
-
-{{< section >}}
-
-For more hands-on examples, refer to [Examples](ref:examples) and [Tutorials](ref:tutorials).
@@ -1,201 +0,0 @@
---
-aliases:
-  - ../best-practices/ # /docs/grafana/<GRAFANA_VERSION>/alerting/best-practices/
-canonical: https://grafana.com/docs/grafana/latest/alerting/guides/best-practices/
-description: Designing and configuring an effective alerting system takes time. This guide focuses on building alerting systems that scale with real-world operations.
-keywords:
-  - grafana
-  - alerting
-  - guide
-labels:
-  products:
-    - cloud
-    - enterprise
-    - oss
-menuTitle: Best practices
-title: Best practices
-weight: 1010
-refs:
-  recovery-threshold:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/fundamentals/alert-rules/queries-conditions/#recovery-threshold
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana-cloud/alerting-and-irm/fundamentals/alert-rules/queries-conditions/#recovery-threshold
-  keep-firing-for:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/fundamentals/alert-rule-evaluation/#keep-firing-for
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana-cloud/alerting-and-irm/fundamentals/alert-rule-evaluation/#keep-firing-for
-  pending-period:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/fundamentals/alert-rule-evaluation/#pending-period
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana-cloud/alerting-and-irm/fundamentals/alert-rule-evaluation/#pending-period
-  silences:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/configure-notifications/create-silence/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana-cloud/alerting-and-irm/alerting/configure-notifications/create-silence/
-  timing-options:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/fundamentals/notifications/group-alert-notifications/#timing-options
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana-cloud/alerting-and-irm/alerting/fundamentals/notifications/group-alert-notifications/#timing-options
-  group-alert-notifications:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/fundamentals/notifications/group-alert-notifications/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana-cloud/alerting-and-irm/alerting/fundamentals/notifications/group-alert-notifications/
-  notification-policies:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/fundamentals/notifications/notification-policies/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana-cloud/alerting-and-irm/alerting/fundamentals/notifications/notification-policies/
-  annotations:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/fundamentals/alert-rules/annotation-label/#annotations
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana-cloud/alerting-and-irm/alerting/fundamentals/alert-rules/annotation-label/#annotations
-  multi-dimensional-alerts:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/examples/multi-dimensional-alerts/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana-cloud/alerting-and-irm/alerting/examples/multi-dimensional-alerts/
---
-
-# Alerting best practices
-
-Designing and configuring an effective alerting system takes time. This guide focuses on building alerting systems that scale with real-world operations.
-
-The practices described here are intentionally high-level and apply regardless of tooling. Whether you use Prometheus, Grafana Alerting, or another stack, the same constraints apply: complex systems, imperfect signals, and humans on call.
-
-Alerting is never finished. It evolves with incidents, organizational changes, and the systems it’s meant to protect.
-
-{{< shared id="alert-planning-fundamentals" >}}
-
-## Prioritize symptoms, but don’t ignore infrastructure signals
-
-Alerts should primarily detect user-facing failures, not internal component behavior. Users don't care that a pod restarted; they care when the application is slow or failing. Symptom-based alerts tie directly to user impact.
-
-Reliability metrics that impact users—latency, errors, availability—are better paging signals than infrastructure events or internal errors.
-
-That said, infrastructure signals still matter. They can act as early warning indicators and are often useful when alerting maturity is low. A sustained spike in CPU or memory usage might not justify a page, but it can help explain or anticipate symptom-based failures.
-
-Infrastructure alerts tend to be noisy and are often ignored when treated like paging signals. They are usually better suited for lower-severity channels such as dashboards, alert lists, or non-paging destinations like a dedicated Slack channel, where they can be monitored without interrupting on-call.
-
-The key is balance as your alerting matures. Use infrastructure alerts to support diagnosis and prevention, not as a replacement for symptom-based alerts.
-
-## Escalate priority based on confidence
-
-Alert priority is often tied to user impact and the urgency to respond, but confidence should determine when escalation is necessary.
-
-In this context, escalation defines how responders are notified as confidence grows. This can include increasing alert priority, widening notification, paging additional responders, or opening an incident once intervention is clearly required.
-
-Early signals are often ambiguous, and confidence in a non-transient failure is usually low. Paging too early creates noise; paging too late means users are impacted for longer before anyone acts. A small or sudden increase in latency may not justify immediate action, but it can indicate a failure in progress.
-
-Confidence increases as signals become stronger or begin to correlate.
-
-Escalation is justified when issues are sustained or reinforced by multiple signals. For example, high latency combined with a rising error rate, or the same event firing over a sustained period. These patterns reduce the chance of transient noise and increase the likelihood of real impact.
-
-Use confidence in user impact to drive escalation and avoid unnecessary pages.
-
-## Scope alerts for scalability and actionability
-
-In distributed systems, avoid creating separate alert rules for every host, service, or endpoint. Instead, define alert rules that scale automatically using [multi-dimensional alert rules](ref:multi-dimensional-alerts). This reduces rule duplication and allows alerting to scale as the system grows.
-
-Start simple. Default to a single dimension such as `service` or `endpoint` to keep alerts manageable. Add dimensions only when they improve actionability. For example, when missing a dimension like `region` hides failures or doesn't provide enough information to act quickly.
-
-Additional dimensions like `region` or `instance` can help identify the root cause, but more isn't always better.
-
-## Design alerts for first responders and clear actions
-
-Alerts should be designed for the first responder, not the person who created the alert. Anyone on call should be able to understand what's wrong and what to do next without deep knowledge of the system or alert configuration.
-
-Avoid vague alerts that force responders to spend time figuring out context. Every alert should clearly explain why it exists, what triggered it, and how to investigate. Use [annotations](ref:annotations) to link to relevant dashboards and runbooks, which are essential for faster resolution.
-
-Alerts should indicate a real problem and be actionable, even if the impact is low. Informational alerts add noise without improving reliability.
-
-If no action is possible, it shouldn't be an alert—consider using a dashboard instead. Over time, alerts behave like technical debt: easy to create, costly to maintain, and hard to remove.
-
-Review alerts often and remove those that don’t lead to action.
-
-## Alerts should have an owner and system scope
-
-Alerts without ownership are often ignored. Every alert must have an owner: a team responsible for maintaining the alert and responding when it fires.
-
-Alerts must also define a system scope, such as a service or infrastructure component. Scope provides organizational context and connects alerts with ownership. Defining clear scopes is easier when services are treated as first-class entities, and organizations are built around service ownership.
-
-> [Service Center in Grafana Cloud](/docs/grafana-cloud/alerting-and-irm/service-center/) can help operate a service-oriented view of your system and align alert scope with ownership.
-
-After scope, ownership, and alert priority are defined, routing determines where alerts go and how they escalate. **Notification routing is as important as the alerts**.
-
-Alerts should be delivered to the right team and channel based on priority, ownership, and team workflows. Use [notification policies](ref:notification-policies) to define a routing tree that matches the context of your service or scope:
-
- Define a parent policy for default routing within the scope.
- Define nested policies for specific cases or higher-priority issues.
-
-## Prevent notification overload with alert grouping
-
-Without alert grouping, responders can receive many notifications for the same underlying problem.
-
-For example, a database failure can trigger several alerts at the same time like increased latency, higher error rates, and internal errors. Paging separately for each symptom quickly turns into notification spam, even though there is a single root cause.
-
-[Notification grouping](ref:group-alert-notifications) consolidates related alerts into a single notification. Instead of receiving multiple pages for the same issue, responders get one alert that represents the incident and includes all related firing alerts.
-
-Grouping should follow operational boundaries such as service or owner, as defined by notification policies. Downstream or cascading failures should be grouped together so they surface as one issue rather than many.
-
-## Mitigate flapping alerts
-
-Short-lived failure spikes often trigger alerts that auto-resolve quickly. Alerting on transient failures creates noise and leads responders to ignore them.
-
-Require issues to persist before alerting. Set a [pending period](ref:pending-period) to define how long a condition must remain true before firing. For example, instead of alerting immediately on high error rate, require it to stay above the threshold for some minutes.
-
-Also, stabilize alerts by tuning query ranges and aggregations. Using raw data makes alerts sensitive to noise. Instead, evaluate over a time window and aggregate the data to smooth short spikes.
-
-```promql
-# Reacts to transient spikes. Avoid this.
-cpu_usage > 90
-
-# Smooth fluctuations.
-avg_over_time(cpu_usage[5m]) > 90
-```
-
-For latency and error-based alerts, percentiles are often more useful than averages:
-
-```promql
-quantile_over_time(0.95, http_duration_seconds[5m]) > 3
-```
-
-Finally, avoid rapid resolve-and-fire notifications by using [`keep_firing_for`](ref:keep-firing-for) or [recovery thresholds](ref:recovery-threshold) to keep alerts active briefly during recovery. Both options reduce flapping and unnecessary notifications.
-
-## Graduate symptom-based alerts into SLOs
-
-When a symptom-based alert fires frequently, it usually indicates a reliability concern that should be measured and managed more deliberately. This is often a sign that the alert could evolve into an [SLO](/docs/grafana-cloud/alerting-and-irm/slo/).
-
-Traditional alerts create pressure to react immediately, while error budgets introduce a buffer of time to act, changing how urgency is handled. Alerts can then be defined in terms of error budget burn rate rather than reacting to every minor deviation.
-
-SLOs also align distinct teams around common reliability goals by providing a shared definition of what "good" looks like. They help consolidate multiple symptom alerts into a single user-facing objective.
-
-For example, instead of several teams alerting on high latency, a single SLO can be used across teams to capture overall API performance.
-
-## Integrate alerting into incident post-mortems
-
-Every incident is an opportunity to improve alerting. After each incident, evaluate whether alerts helped responders act quickly or added unnecessary noise.
-
-Assess which alerts fired, and how they influenced incident response. Review whether alerts triggered too late, too early, or without enough context, and adjust thresholds, priority, or escalation based on what actually happened.
-
-Use [silences](ref:silences) during active incidents to reduce repeated notifications, but scope them carefully to avoid silencing unrelated alerts.
-
-Post-mortems should evaluate alerts with root causes and lessons learned. If responders lacked key information during the incident, enrich alerts with additional context, dashboards, or better guidance.
-
-## Alerts should be continuously improved
-
-Alerting is an iterative process. Alerts that aren’t reviewed and refined lose effectiveness as systems and traffic patterns change.
-
-Schedule regular reviews of existing alerts. Remove alerts that don’t lead to action, and tune alerts or thresholds that fire too often without providing useful signal. Reduce false positives to combat alert fatigue.
-
-Prioritize clarity and simplicity in alert design. Simpler alerts are easier to understand, maintain, and trust under pressure. Favor fewer high-quality, actionable alerts over a large number of low-value ones.
-
-Use dashboards and observability tools for investigation, not alerts.
-
-{{< /shared >}}
@@ -41,13 +41,9 @@ Select a group to expand it and view the list of alert rules within that group.

 The list view includes a number of filters to simplify managing large volumes of alerts.

-## Filter and save searches
-
 Click the **Filter** button to open the filter popup. You can filter by name, label, folder/namespace, evaluation group, data source, contact point, rule source, rule state, rule type, and the health of the alert rule from the popup menu. Click **Apply** at the bottom of the filter popup to enact the filters as you search.

-Click the **Saved searches** button to open the list of previously saved searches, or click **+ Save current search** to add your current search to the saved searches list. You can also rename a saved search or set it as a default search. When you set a saved search as the default search, the Alert rules page opens with the search applied.
-
-{{< figure src="/media/docs/alerting/alerting-saved-searches.png" max-width="750px" alt="Alert rule filter options" >}}
+{{< figure src="/media/docs/alerting/alerting-list-view-filter.png" max-width="750px" alt="Alert rule filter options" >}}

 ## Change alert rules list view

@@ -135,12 +135,9 @@ You can use the **Span Limit** field in **Options** section of the TraceQL query
 This field sets the maximum number of spans to return for each span set.
 By default, the maximum value that you can set for the **Span Limit** value (or the spss query) is 100.
 In Tempo configuration, this value is controlled by the `max_spans_per_span_set` parameter and can be modified by your Tempo administrator.
+Grafana Cloud users can contact Grafana Support to request a change.
 Entering a value higher than the default results in an error.

-{{< admonition type="note" >}}
-Changing the value of `max_spans_per_span_set` isn't supported in Grafana Cloud.
-{{< /admonition >}}
-
 ### Focus on traces or spans

 Under **Options**, you can choose to display the table as **Traces** or **Spans** focused.
@@ -23,8 +23,6 @@ killercoda:

 This tutorial is a continuation of the [Get started with Grafana Alerting - Route alerts using dynamic labels](http://www.grafana.com/tutorials/alerting-get-started-pt5/) tutorial.

-{{< youtube id="mqj_hN24zLU" >}}
-
 <!-- USE CASE -->

 In this tutorial you will learn how to:
@@ -1,6 +1,6 @@
 import { test, expect } from '@grafana/plugin-e2e';

-import { flows, saveDashboard, type Variable } from './utils';
+import { flows, type Variable } from './utils';

 test.use({
  featureToggles: {
@@ -64,7 +64,20 @@ test.describe(
        label: 'VariableUnderTest',
      };

-      await flows.addNewTextBoxVariable(dashboardPage, variable);
+      // common steps to add a new variable
+      await flows.newEditPaneVariableClick(dashboardPage, selectors);
+      await flows.newEditPanelCommonVariableInputs(dashboardPage, selectors, variable);
+
+      // set the textbox variable value
+      const type = 'variable-type Value';
+      const fieldLabel = dashboardPage.getByGrafanaSelector(
+        selectors.components.PanelEditor.OptionsPane.fieldLabel(type)
+      );
+      await expect(fieldLabel).toBeVisible();
+      const inputField = fieldLabel.locator('input');
+      await expect(inputField).toBeVisible();
+      await inputField.fill(variable.value);
+      await inputField.blur();

      // select the variable in the dashboard and confirm the variable value is set
      await dashboardPage.getByGrafanaSelector(selectors.pages.Dashboard.SubMenu.submenuItem).click();
@@ -127,94 +140,5 @@ test.describe(
      await expect(panelContent).toBeVisible();
      await expect(markdownContent).toContainText('VariableUnderTest: 10m');
    });
-    test('can hide a variable', async ({ dashboardPage, selectors, page }) => {
-      const variable: Variable = {
-        type: 'textbox',
-        name: 'VariableUnderTest',
-        value: 'foo',
-        label: 'VariableUnderTest',
-      };
-
-      await saveDashboard(dashboardPage, page, selectors, 'can hide a variable');
-      await flows.addNewTextBoxVariable(dashboardPage, variable);
-
-      // check the variable is visible in the dashboard
-      const variableLabel = dashboardPage.getByGrafanaSelector(
-        selectors.pages.Dashboard.SubMenu.submenuItemLabels(variable.label)
-      );
-      await expect(variableLabel).toBeVisible();
-      // hide the variable
-      await dashboardPage
-        .getByGrafanaSelector(selectors.pages.Dashboard.Settings.Variables.Edit.General.generalDisplaySelect)
-        .click();
-      await page.getByText('Hidden', { exact: true }).click();
-
-      // check that the variable is still visible
-      await expect(
-        dashboardPage.getByGrafanaSelector(selectors.pages.Dashboard.SubMenu.submenuItemLabels(variable.label!))
-      ).toBeVisible();
-
-      // save dashboard and exit edit mode and check variable is not visible
-      await saveDashboard(dashboardPage, page, selectors);
-      await dashboardPage.getByGrafanaSelector(selectors.components.NavToolbar.editDashboard.editButton).click();
-      await expect(
-        dashboardPage.getByGrafanaSelector(selectors.pages.Dashboard.SubMenu.submenuItemLabels(variable.label!))
-      ).toBeHidden();
-      // refresh and check that variable isn't visible
-      await page.reload();
-      await expect(
-        dashboardPage.getByGrafanaSelector(selectors.pages.Dashboard.SubMenu.submenuItemLabels(variable.label!))
-      ).toBeHidden();
-      // check that the variable is visible in edit mode
-      await dashboardPage.getByGrafanaSelector(selectors.components.NavToolbar.editDashboard.editButton).click();
-      await expect(
-        dashboardPage.getByGrafanaSelector(selectors.pages.Dashboard.SubMenu.submenuItemLabels(variable.label!))
-      ).toBeVisible();
-    });
-
-    test('can hide variable under the controls menu', async ({ dashboardPage, selectors, page }) => {
-      const variable: Variable = {
-        type: 'textbox',
-        name: 'VariableUnderTest',
-        value: 'foo',
-        label: 'VariableUnderTest',
-      };
-      await saveDashboard(dashboardPage, page, selectors, 'can hide a variable in controls menu');
-
-      await flows.addNewTextBoxVariable(dashboardPage, variable);
-
-      // check the variable is visible in the dashboard
-      const variableLabel = dashboardPage.getByGrafanaSelector(
-        selectors.pages.Dashboard.SubMenu.submenuItemLabels(variable.label)
-      );
-      await expect(variableLabel).toBeVisible();
-      // hide the variable
-      await dashboardPage
-        .getByGrafanaSelector(selectors.pages.Dashboard.Settings.Variables.Edit.General.generalDisplaySelect)
-        .click();
-      await page.getByText('Controls menu', { exact: true }).click();
-
-      // check that the variable is hidden under the controls menu
-      await expect(
-        dashboardPage.getByGrafanaSelector(selectors.pages.Dashboard.SubMenu.submenuItemLabels(variable.label!))
-      ).toBeHidden();
-      await dashboardPage.getByGrafanaSelector(selectors.pages.Dashboard.ControlsButton).click();
-      await expect(
-        dashboardPage.getByGrafanaSelector(selectors.pages.Dashboard.SubMenu.submenuItemLabels(variable.label!))
-      ).toBeVisible();
-
-      // save dashboard and refresh
-      await saveDashboard(dashboardPage, page, selectors);
-      await page.reload();
-
-      //check that the variable is hidden under the controls menu
-      await expect(
-        dashboardPage.getByGrafanaSelector(selectors.pages.Dashboard.SubMenu.submenuItemLabels(variable.label!))
-      ).toBeHidden();
-      await dashboardPage.getByGrafanaSelector(selectors.pages.Dashboard.ControlsButton).click();
-      await expect(
-        dashboardPage.getByGrafanaSelector(selectors.pages.Dashboard.SubMenu.submenuItemLabels(variable.label!))
-      ).toBeVisible();
-    });
  }
 );
@@ -79,20 +79,6 @@ export const flows = {
      await variableLabelInput.blur();
    }
  },
-  async addNewTextBoxVariable(dashboardPage: DashboardPage, variable: Variable) {
-    await flows.newEditPaneVariableClick(dashboardPage, selectors);
-    await flows.newEditPanelCommonVariableInputs(dashboardPage, selectors, variable);
-    // set the textbox variable value
-    const type = 'variable-type Value';
-    const fieldLabel = dashboardPage.getByGrafanaSelector(
-      selectors.components.PanelEditor.OptionsPane.fieldLabel(type)
-    );
-    await expect(fieldLabel).toBeVisible();
-    const inputField = fieldLabel.locator('input');
-    await expect(inputField).toBeVisible();
-    await inputField.fill(variable.value);
-    await inputField.blur();
-  },
 };

 export type Variable = {
@@ -103,16 +89,8 @@ export type Variable = {
  value: string;
 };

-export async function saveDashboard(
-  dashboardPage: DashboardPage,
-  page: Page,
-  selectors: E2ESelectorGroups,
-  title?: string
-) {
+export async function saveDashboard(dashboardPage: DashboardPage, page: Page, selectors: E2ESelectorGroups) {
  await dashboardPage.getByGrafanaSelector(selectors.components.NavToolbar.editDashboard.saveButton).click();
-  if (title) {
-    await page.getByTestId(selectors.components.Drawer.DashboardSaveDrawer.saveAsTitleInput).fill(title);
-  }
  await dashboardPage.getByGrafanaSelector(selectors.components.Drawer.DashboardSaveDrawer.saveButton).click();
  await expect(page.getByText('Dashboard saved')).toBeVisible();
 }
@@ -7,7 +7,7 @@ require (
 	buf.build/gen/go/parca-dev/parca/protocolbuffers/go v1.36.2-20250703125925-3f0fcf4bff96.1 // @grafana/observability-traces-and-profiling
 	cloud.google.com/go/kms v1.22.0 // @grafana/grafana-backend-group
 	cloud.google.com/go/storage v1.55.0 // @grafana/grafana-backend-group
-	connectrpc.com/connect v1.19.1 // @grafana/observability-traces-and-profiling
+	connectrpc.com/connect v1.18.1 // @grafana/observability-traces-and-profiling
 	cuelang.org/go v0.11.1 // @grafana/grafana-as-code
 	dario.cat/mergo v1.0.2 // @grafana/grafana-app-platform-squad
 	filippo.io/age v1.2.1 // @grafana/identity-access-team
@@ -33,14 +33,12 @@ require (
 	github.com/armon/go-radix v1.0.0 // @grafana/grafana-app-platform-squad
 	github.com/aws/aws-sdk-go v1.55.7 // @grafana/aws-datasources
 	github.com/aws/aws-sdk-go-v2 v1.40.0 // @grafana/aws-datasources
-	github.com/aws/aws-sdk-go-v2/credentials v1.18.21 // @grafana/grafana-operator-experience-squad
 	github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.45.3 // @grafana/aws-datasources
 	github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.51.0 // @grafana/aws-datasources
 	github.com/aws/aws-sdk-go-v2/service/ec2 v1.225.2 // @grafana/aws-datasources
 	github.com/aws/aws-sdk-go-v2/service/oam v1.18.3 // @grafana/aws-datasources
 	github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.26.6 // @grafana/aws-datasources
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.40.1 // @grafana/grafana-operator-experience-squad
-	github.com/aws/aws-sdk-go-v2/service/sts v1.39.1 // @grafana/grafana-operator-experience-squad
 	github.com/aws/smithy-go v1.23.2 // @grafana/aws-datasources
 	github.com/beevik/etree v1.4.1 // @grafana/grafana-backend-group
 	github.com/benbjohnson/clock v1.3.5 // @grafana/alerting-backend
@@ -113,7 +111,7 @@ require (
 	github.com/grafana/nanogit v0.3.0 // indirect; @grafana/grafana-git-ui-sync-team
 	github.com/grafana/otel-profiling-go v0.5.1 // @grafana/grafana-backend-group
 	github.com/grafana/pyroscope-go/godeltaprof v0.1.9 // @grafana/observability-traces-and-profiling
-	github.com/grafana/pyroscope/api v1.2.1-0.20251118081820-ace37f973a0f // @grafana/observability-traces-and-profiling
+	github.com/grafana/pyroscope/api v1.2.1-0.20250415190842-3ff7247547ae // @grafana/observability-traces-and-profiling
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // @grafana/grafana-search-and-storage
 	github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.1.0 // @grafana/plugins-platform-backend
 	github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.3 // @grafana/grafana-backend-group
@@ -345,6 +343,7 @@ require (
 	github.com/at-wat/mqtt-go v0.19.6 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.11 // indirect
 	github.com/aws/aws-sdk-go-v2/config v1.31.17 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.18.21 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.13 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.84 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14 // indirect
@@ -359,6 +358,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.84.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.30.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.39.1 // indirect
 	github.com/axiomhq/hyperloglog v0.0.0-20240507144631-af9851f82b27 // indirect
 	github.com/bahlo/generic-list-go v0.2.0 // indirect
 	github.com/barkimedes/go-deepcopy v0.0.0-20220514131651-17c30cfc62df // indirect
@@ -681,7 +681,6 @@ require (
 	github.com/go-openapi/swag/stringutils v0.25.4 // indirect
 	github.com/go-openapi/swag/typeutils v0.25.4 // indirect
 	github.com/go-openapi/swag/yamlutils v0.25.4 // indirect
-	github.com/google/gnostic v0.7.1 // indirect
 	github.com/gophercloud/gophercloud/v2 v2.9.0 // indirect
 	github.com/grafana/sqlds/v5 v5.0.3 // indirect
 	github.com/lufia/plan9stats v0.0.0-20240909124753-873cd0166683 // indirect
@@ -627,8 +627,8 @@ cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoIS
 cloud.google.com/go/workflows v1.8.0/go.mod h1:ysGhmEajwZxGn1OhGOGKsTXc5PyxOc0vfKf5Af+to4M=
 cloud.google.com/go/workflows v1.9.0/go.mod h1:ZGkj1aFIOd9c8Gerkjjq7OW7I5+l6cSvT3ujaO/WwSA=
 cloud.google.com/go/workflows v1.10.0/go.mod h1:fZ8LmRmZQWacon9UCX1r/g/DfAXx5VcPALq2CxzdePw=
-connectrpc.com/connect v1.19.1 h1:R5M57z05+90EfEvCY1b7hBxDVOUl45PrtXtAV2fOC14=
-connectrpc.com/connect v1.19.1/go.mod h1:tN20fjdGlewnSFeZxLKb0xwIZ6ozc3OQs2hTXy4du9w=
+connectrpc.com/connect v1.18.1 h1:PAg7CjSAGvscaf6YZKUefjoih5Z/qYkyaTrBW8xvYPw=
+connectrpc.com/connect v1.18.1/go.mod h1:0292hj1rnx8oFrStN7cB4jjVBeqs+Yx5yDIC2prWDO8=
 contrib.go.opencensus.io/exporter/ocagent v0.6.0/go.mod h1:zmKjrJcdo0aYcVS7bmEeSEBLPA9YJp5bjrofdU3pIXs=
 cuelabs.dev/go/oci/ociregistry v0.0.0-20251212221603-3adeb8663819 h1:Zh+Ur3OsoWpvALHPLT45nOekHkgOt+IOfutBbPqM17I=
 cuelabs.dev/go/oci/ociregistry v0.0.0-20251212221603-3adeb8663819/go.mod h1:WjmQxb+W6nVNCgj8nXrF24lIz95AHwnSl36tpjDZSU8=
@@ -1503,8 +1503,6 @@ github.com/google/cel-go v0.26.1/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PU
 github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8=
 github.com/google/flatbuffers v25.2.10+incompatible h1:F3vclr7C3HpB1k9mxCGRMXq6FdUalZ6H/pNX4FP1v0Q=
 github.com/google/flatbuffers v25.2.10+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8=
-github.com/google/gnostic v0.7.1 h1:t5Kc7j/8kYr8t2u11rykRrPPovlEMG4+xdc/SpekATs=
-github.com/google/gnostic v0.7.1/go.mod h1:KSw6sxnxEBFM8jLPfJd46xZP+yQcfE8XkiqfZx5zR28=
 github.com/google/gnostic-models v0.7.1 h1:SisTfuFKJSKM5CPZkffwi6coztzzeYUhc3v4yxLWH8c=
 github.com/google/gnostic-models v0.7.1/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@@ -1687,8 +1685,8 @@ github.com/grafana/prometheus-alertmanager v0.25.1-0.20250911094103-5456b6e45604
 github.com/grafana/prometheus-alertmanager v0.25.1-0.20250911094103-5456b6e45604/go.mod h1:O/QP1BCm0HHIzbKvgMzqb5sSyH88rzkFk84F4TfJjBU=
 github.com/grafana/pyroscope-go/godeltaprof v0.1.9 h1:c1Us8i6eSmkW+Ez05d3co8kasnuOY813tbMN8i/a3Og=
 github.com/grafana/pyroscope-go/godeltaprof v0.1.9/go.mod h1:2+l7K7twW49Ct4wFluZD3tZ6e0SjanjcUUBPVD/UuGU=
-github.com/grafana/pyroscope/api v1.2.1-0.20251118081820-ace37f973a0f h1:fTlIj5n4x5dU63XHItug7GLjtnaeJdPqBlqg4zlABq0=
-github.com/grafana/pyroscope/api v1.2.1-0.20251118081820-ace37f973a0f/go.mod h1:VBNcIhunCZsJ3/mcYx+j7uFf0P/108eiWa+8+Z9ll3o=
+github.com/grafana/pyroscope/api v1.2.1-0.20250415190842-3ff7247547ae h1:35W3Wjp9KWnSoV/DuymmyIj5aHE0CYlDQ5m2KeXUPAc=
+github.com/grafana/pyroscope/api v1.2.1-0.20250415190842-3ff7247547ae/go.mod h1:6CJ1uXmLZ13ufpO9xE4pST+DyaBt0uszzrV0YnoaVLQ=
 github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc h1:GN2Lv3MGO7AS6PrRoT6yV5+wkrOpcszoIsO4+4ds248=
 github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc/go.mod h1:+JKpmjMGhpgPL+rXZ5nsZieVzvarn86asRlBg4uNGnk=
 github.com/grafana/saml v0.4.15-0.20240917091248-ae3bbdad8a56 h1:SDGrP81Vcd102L3UJEryRd1eestRw73wt+b8vnVEFe0=
@@ -755,8 +755,6 @@ github.com/felixge/fgprof v0.9.4/go.mod h1:yKl+ERSa++RYOs32d8K6WEXCB4uXdLls4ZaZP
 github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/flosch/pongo2/v4 v4.0.2 h1:gv+5Pe3vaSVmiJvh/BZa82b7/00YUGm0PIyVVLop0Hw=
 github.com/flosch/pongo2/v4 v4.0.2/go.mod h1:B5ObFANs/36VwxxlgKpdchIJHMvHB562PW+BWPhwZD8=
-github.com/flowstack/go-jsonschema v0.1.1 h1:dCrjGJRXIlbDsLAgTJZTjhwUJnnxVWl1OgNyYh5nyDc=
-github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
 github.com/fluent/fluent-bit-go v0.0.0-20230731091245-a7a013e2473c h1:yKN46XJHYC/gvgH2UsisJ31+n4K3S7QYZSfU2uAWjuI=
 github.com/fluent/fluent-bit-go v0.0.0-20230731091245-a7a013e2473c/go.mod h1:L92h+dgwElEyUuShEwjbiHjseW410WIcNz+Bjutc8YQ=
 github.com/fogleman/gg v1.3.0 h1:/7zJX8F6AaYQc57WQCyN9cAIz+4bCJGO9B+dyW29am8=
@@ -218,10 +218,8 @@ lineage: schemas: [{
 			// Optional field, if you want to extract part of a series name or metric node segment.
 			// Named capture groups can be used to separate the display text and value.
 			regex?: string
-			// Optional, indicates whether a custom type variable uses CSV or JSON to define its values
-			valuesFormat?: "csv" | "json" | *"csv"
-			// Determine whether regex applies to variable value or display text
-			regexApplyTo?: #VariableRegexApplyTo
+      // Determine whether regex applies to variable value or display text
+      regexApplyTo?: #VariableRegexApplyTo
 			// Additional static options for query variable
 			staticOptions?: [...#VariableOption]
 			// Ordering of static options in relation to options returned from data source for query variable
@@ -295,8 +295,8 @@
    "@grafana/plugin-ui": "^0.11.1",
    "@grafana/prometheus": "workspace:*",
    "@grafana/runtime": "workspace:*",
-    "@grafana/scenes": "v6.52.1",
-    "@grafana/scenes-react": "v6.52.1",
+    "@grafana/scenes": "6.52.0",
+    "@grafana/scenes-react": "6.52.0",
    "@grafana/schema": "workspace:*",
    "@grafana/sql": "workspace:*",
    "@grafana/ui": "workspace:*",
@@ -165,17 +165,9 @@ describe('DateMath', () => {
      expect(date!.valueOf()).toEqual(dateTime([2014, 1, 3]).valueOf());
    });

-    it.each([
-      ['-2d-6h', [2014, 1, 5], [2014, 1, 2, 18]],
-      ['-30m-2d', [2014, 1, 5], [2014, 1, 2, 23, 30]],
-      ['-2d-1d', [2014, 1, 5], [2014, 1, 2]],
-      ['-1h-30m', [2014, 1, 5, 12, 0], [2014, 1, 5, 10, 30]],
-      ['-1d-1h-30m', [2014, 1, 5, 12, 0], [2014, 1, 4, 10, 30]],
-      ['+1d-6h', [2014, 1, 5], [2014, 1, 5, 18]],
-      ['-1w-1d', [2014, 1, 14], [2014, 1, 6]],
-    ])('should handle multiple math expressions: %s', (expression, inputDate, expectedDate) => {
-      const date = dateMath.parseDateMath(expression, dateTime(inputDate));
-      expect(date!.valueOf()).toEqual(dateTime(expectedDate).valueOf());
+    it('should handle multiple math expressions', () => {
+      const date = dateMath.parseDateMath('-2d-6h', dateTime([2014, 1, 5]));
+      expect(date!.valueOf()).toEqual(dateTime([2014, 1, 2, 18]).valueOf());
    });

    it('should return false when invalid expression', () => {
@@ -400,6 +400,10 @@ export interface FeatureToggles {
  */
  tableSharedCrosshair?: boolean;
  /**
+  * Use the kubernetes API for feature toggle management in the frontend
+  */
+  kubernetesFeatureToggles?: boolean;
+  /**
  * Enabled grafana cloud specific RBAC roles
  */
  cloudRBACRoles?: boolean;
@@ -695,10 +699,6 @@ export interface FeatureToggles {
  */
  playlistsReconciler?: boolean;
  /**
-  * Enable passwordless login via magic link authentication
-  */
-  passwordlessMagicLinkAuthentication?: boolean;
-  /**
  * Display Related Logs in Grafana Metrics Drilldown
  */
  exploreMetricsRelatedLogs?: boolean;
@@ -1259,8 +1259,4 @@ export interface FeatureToggles {
  * Enables the creation of keepers that manage secrets stored on AWS secrets manager
  */
  secretsManagementAppPlatformAwsKeeper?: boolean;
-  /**
-  * Enables profiles exemplars support in profiles drilldown
-  */
-  profilesExemplars?: boolean;
 }
@@ -103,7 +103,6 @@ export interface IntervalVariableModel extends VariableWithOptions {

 export interface CustomVariableModel extends VariableWithMultiSupport {
  type: 'custom';
-  valuesFormat?: 'csv' | 'json';
 }

 export interface DataSourceVariableModel extends VariableWithMultiSupport {
@@ -266,9 +266,6 @@ export const versionedPages = {
    Controls: {
      '11.1.0': 'data-testid dashboard controls',
    },
-    ControlsButton: {
-      '12.3.0': 'data-testid dashboard controls button',
-    },
    SubMenu: {
      submenu: {
        [MIN_GRAFANA_VERSION]: 'Dashboard submenu',
@@ -25,10 +25,6 @@ export interface GrafanaPyroscopeDataQuery extends common.DataQuery {
   * Allows to group the results.
   */
  groupBy: Array<string>;
-  /**
-   * If set to true, exemplars will be requested
-   */
-  includeExemplars: boolean;
  /**
   * Specifies the query label selectors.
   */
@@ -53,7 +49,6 @@ export interface GrafanaPyroscopeDataQuery extends common.DataQuery {

 export const defaultGrafanaPyroscopeDataQuery: Partial<GrafanaPyroscopeDataQuery> = {
  groupBy: [],
-  includeExemplars: false,
  labelSelector: '{}',
  spanSelector: [],
 };
@@ -211,10 +211,6 @@ export interface VariableModel {
   * Type of variable
   */
  type: VariableType;
-  /**
-   * Optional, indicates whether a custom type variable uses CSV or JSON to define its values
-   */
-  valuesFormat?: ('csv' | 'json');
 }

 export const defaultVariableModel: Partial<VariableModel> = {
@@ -224,7 +220,6 @@ export const defaultVariableModel: Partial<VariableModel> = {
  options: [],
  skipUrlSync: false,
  staticOptions: [],
-  valuesFormat: 'csv',
 };

 /**
@@ -317,7 +317,6 @@ export const handyTestingSchema: Spec = {
        query: 'option1, option2',
        skipUrlSync: false,
        allowCustomValue: true,
-        valuesFormat: 'csv',
      },
    },
    {
@@ -300,7 +300,7 @@ export interface FieldConfig {
 	description?: string;
 	// An explicit path to the field in the datasource.  When the frame meta includes a path,
 	// This will default to `${frame.meta.path}/${field.name}
-	//
+	// 
 	// When defined, this value can be used as an identifier within the datasource scope, and
 	// may be used to update the results
 	path?: string;
@@ -1353,7 +1353,6 @@ export interface CustomVariableSpec {
 	skipUrlSync: boolean;
 	description?: string;
 	allowCustomValue: boolean;
-  valuesFormat?: "csv" | "json";
 }

 export const defaultCustomVariableSpec = (): CustomVariableSpec => ({
@@ -1366,7 +1365,6 @@ export const defaultCustomVariableSpec = (): CustomVariableSpec => ({
 	hide: "dontHide",
 	skipUrlSync: false,
 	allowCustomValue: true,
-  valuesFormat: undefined,
 });

 // Group variable kind
@@ -1551,3 +1549,4 @@ export const defaultSpec = (): Spec => ({
 	title: "",
 	variables: [],
 });
+
@@ -1359,7 +1359,6 @@ export interface CustomVariableSpec {
 	skipUrlSync: boolean;
 	description?: string;
 	allowCustomValue: boolean;
-	valuesFormat?: "csv" | "json";
 }

 export const defaultCustomVariableSpec = (): CustomVariableSpec => ({
@@ -1,9 +1,8 @@
-import { useId, memo, HTMLAttributes, SVGProps } from 'react';
+import { useId, memo, HTMLAttributes, ReactNode, SVGProps } from 'react';

 import { FieldDisplay } from '@grafana/data';

-import { RadialArcPathEndpointMarks } from './RadialArcPathEndpointMarks';
-import { getBarEndcapColors, getGradientCss } from './colors';
+import { getBarEndcapColors, getGradientCss, getEndpointMarkerColors } from './colors';
 import { RadialShape, RadialGaugeDimensions, GradientStop } from './types';
 import { drawRadialArcPath, toRad } from './utils';

@@ -30,6 +29,11 @@ interface RadialArcPathPropsWithGradient extends RadialArcPathPropsBase {

 type RadialArcPathProps = RadialArcPathPropsWithColor | RadialArcPathPropsWithGradient;

+const ENDPOINT_MARKER_MIN_ANGLE = 10;
+const DOT_OPACITY = 0.5;
+const DOT_RADIUS_FACTOR = 0.4;
+const MAX_DOT_RADIUS = 8;
+
 export const RadialArcPath = memo(
  ({
    arcLengthDeg,
@@ -64,25 +68,67 @@ export const RadialArcPath = memo(
    const xEnd = centerX + radius * Math.cos(endRadians);
    const yEnd = centerY + radius * Math.sin(endRadians);

+    const dotRadius =
+      endpointMarker === 'point' ? Math.min((barWidth / 2) * DOT_RADIUS_FACTOR, MAX_DOT_RADIUS) : barWidth / 2;
+
    const bgDivStyle: HTMLAttributes<HTMLDivElement>['style'] = { width: boxSize, height: vizHeight, marginLeft: boxX };
+
    const pathProps: SVGProps<SVGPathElement> = {};
+    let barEndcapColors: [string, string] | undefined;
+    let endpointMarks: ReactNode = null;
    if (isGradient) {
      bgDivStyle.backgroundImage = getGradientCss(rest.gradient, shape);
+
+      if (endpointMarker && (rest.gradient?.length ?? 0) > 0) {
+        switch (endpointMarker) {
+          case 'point':
+            const [pointColorStart, pointColorEnd] = getEndpointMarkerColors(
+              rest.gradient!,
+              fieldDisplay.display.percent
+            );
+            endpointMarks = (
+              <>
+                {arcLengthDeg > ENDPOINT_MARKER_MIN_ANGLE && (
+                  <circle cx={xStart} cy={yStart} r={dotRadius} fill={pointColorStart} opacity={DOT_OPACITY} />
+                )}
+                <circle cx={xEnd} cy={yEnd} r={dotRadius} fill={pointColorEnd} opacity={DOT_OPACITY} />
+              </>
+            );
+            break;
+          case 'glow':
+            const offsetAngle = toRad(ENDPOINT_MARKER_MIN_ANGLE);
+            const xStartMark = centerX + radius * Math.cos(endRadians + offsetAngle);
+            const yStartMark = centerY + radius * Math.sin(endRadians + offsetAngle);
+            endpointMarks =
+              arcLengthDeg > ENDPOINT_MARKER_MIN_ANGLE ? (
+                <path
+                  d={['M', xStartMark, yStartMark, 'A', radius, radius, 0, 0, 1, xEnd, yEnd].join(' ')}
+                  fill="none"
+                  strokeWidth={barWidth}
+                  stroke={endpointMarkerGlowFilter}
+                  strokeLinecap={roundedBars ? 'round' : 'butt'}
+                  filter={glowFilter}
+                />
+              ) : null;
+            break;
+          default:
+            break;
+        }
+      }
+
+      if (barEndcaps) {
+        barEndcapColors = getBarEndcapColors(rest.gradient, fieldDisplay.display.percent);
+      }
+
      pathProps.fill = 'none';
      pathProps.stroke = 'white';
    } else {
      bgDivStyle.backgroundColor = rest.color;
+
      pathProps.fill = 'none';
      pathProps.stroke = rest.color;
    }

-    let barEndcapColors: [string, string] | undefined;
-    if (barEndcaps) {
-      barEndcapColors = isGradient
-        ? getBarEndcapColors(rest.gradient, fieldDisplay.display.percent)
-        : [rest.color, rest.color];
-    }
-
    const pathEl = (
      <path d={path} strokeWidth={barWidth} strokeLinecap={roundedBars ? 'round' : 'butt'} {...pathProps} />
    );
@@ -112,23 +158,7 @@ export const RadialArcPath = memo(
          )}
        </g>

-        {endpointMarker && (
-          <RadialArcPathEndpointMarks
-            startAngle={angle}
-            arcLengthDeg={arcLengthDeg}
-            dimensions={dimensions}
-            endpointMarker={endpointMarker}
-            fieldDisplay={fieldDisplay}
-            xStart={xStart}
-            xEnd={xEnd}
-            yStart={yStart}
-            yEnd={yEnd}
-            roundedBars={roundedBars}
-            endpointMarkerGlowFilter={endpointMarkerGlowFilter}
-            glowFilter={glowFilter}
-            {...rest}
-          />
-        )}
+        {endpointMarks}
      </>
    );
  }
@@ -1,143 +0,0 @@
-import { render, RenderResult } from '@testing-library/react';
-
-import { FieldDisplay } from '@grafana/data';
-
-import { RadialArcPathEndpointMarks, RadialArcPathEndpointMarksProps } from './RadialArcPathEndpointMarks';
-import { RadialGaugeDimensions } from './types';
-
-const ser = new XMLSerializer();
-
-const expectHTML = (result: RenderResult, expected: string) => {
-  let actual = ser.serializeToString(result.asFragment()).replace(/xmlns=".*?" /g, '');
-  expect(actual).toEqual(expected.replace(/^\s*|\n/gm, ''));
-};
-
-describe('RadialArcPathEndpointMarks', () => {
-  const defaultDimensions = Object.freeze({
-    centerX: 100,
-    centerY: 100,
-    radius: 80,
-    barWidth: 20,
-    vizWidth: 200,
-    vizHeight: 200,
-    margin: 10,
-    barIndex: 0,
-    thresholdsBarRadius: 0,
-    thresholdsBarWidth: 0,
-    thresholdsBarSpacing: 0,
-    scaleLabelsFontSize: 0,
-    scaleLabelsSpacing: 0,
-    scaleLabelsRadius: 0,
-    gaugeBottomY: 0,
-  }) satisfies RadialGaugeDimensions;
-
-  const defaultFieldDisplay = Object.freeze({
-    name: 'Test',
-    field: {},
-    display: { text: '50', numeric: 50, color: '#FF0000' },
-    hasLinks: false,
-  }) satisfies FieldDisplay;
-
-  const defaultProps = Object.freeze({
-    arcLengthDeg: 90,
-    dimensions: defaultDimensions,
-    fieldDisplay: defaultFieldDisplay,
-    startAngle: 0,
-    xStart: 100,
-    xEnd: 150,
-    yStart: 100,
-    yEnd: 50,
-  }) satisfies Omit<RadialArcPathEndpointMarksProps, 'color' | 'gradient' | 'endpointMarker'>;
-
-  it('renders the expected marks when endpointMarker is "point" w/ a static color', () => {
-    expectHTML(
-      render(
-        <svg role="img">
-          <RadialArcPathEndpointMarks {...defaultProps} endpointMarker="point" color="#FF0000" />
-        </svg>
-      ),
-      '<svg role=\"img\"><circle cx=\"100\" cy=\"100\" r=\"4\" fill=\"#111217\" opacity=\"0.5\"/><circle cx=\"150\" cy=\"50\" r=\"4\" fill=\"#111217\" opacity=\"0.5\"/></svg>'
-    );
-  });
-
-  it('renders the expected marks when endpointMarker is "point" w/ a gradient color', () => {
-    expectHTML(
-      render(
-        <svg role="img">
-          <RadialArcPathEndpointMarks
-            {...defaultProps}
-            endpointMarker="point"
-            gradient={[
-              { color: '#00FF00', percent: 0 },
-              { color: '#0000FF', percent: 1 },
-            ]}
-          />
-        </svg>
-      ),
-      '<svg role=\"img\"><circle cx=\"100\" cy=\"100\" r=\"4\" fill=\"#111217\" opacity=\"0.5\"/><circle cx=\"150\" cy=\"50\" r=\"4\" fill=\"#fbfbfb\" opacity=\"0.5\"/></svg>'
-    );
-  });
-
-  it('renders the expected marks when endpointMarker is "glow" w/ a static color', () => {
-    expectHTML(
-      render(
-        <svg role="img">
-          <RadialArcPathEndpointMarks {...defaultProps} endpointMarker="glow" color="#FF0000" />
-        </svg>
-      ),
-      '<svg role=\"img\"><path d=\"M 113.89185421335443 21.215379759023364 A 80 80 0 0 1 150 50\" fill=\"none\" stroke-width=\"20\" stroke-linecap=\"butt\"/></svg>'
-    );
-  });
-
-  it('renders the expected marks when endpointMarker is "glow" w/ a gradient color', () => {
-    expectHTML(
-      render(
-        <svg role="img">
-          <RadialArcPathEndpointMarks
-            {...defaultProps}
-            endpointMarker="glow"
-            gradient={[
-              { color: '#00FF00', percent: 0 },
-              { color: '#0000FF', percent: 1 },
-            ]}
-          />
-        </svg>
-      ),
-      '<svg role=\"img\"><path d=\"M 113.89185421335443 21.215379759023364 A 80 80 0 0 1 150 50\" fill=\"none\" stroke-width=\"20\" stroke-linecap=\"butt\"/></svg>'
-    );
-  });
-
-  it('does not render the start mark when arcLengthDeg is less than the minimum angle for "point" endpointMarker', () => {
-    expectHTML(
-      render(
-        <svg role="img">
-          <RadialArcPathEndpointMarks {...defaultProps} arcLengthDeg={5} endpointMarker="point" color="#FF0000" />
-        </svg>
-      ),
-      '<svg role=\"img\"><circle cx=\"150\" cy=\"50\" r=\"4\" fill=\"#111217\" opacity=\"0.5\"/></svg>'
-    );
-  });
-
-  it('does not render anything when arcLengthDeg is less than the minimum angle for "glow" endpointMarker', () => {
-    expectHTML(
-      render(
-        <svg role="img">
-          <RadialArcPathEndpointMarks {...defaultProps} arcLengthDeg={5} endpointMarker="glow" color="#FF0000" />
-        </svg>
-      ),
-      '<svg role=\"img\"/>'
-    );
-  });
-
-  it('does not render anything if endpointMarker is some other value', () => {
-    expectHTML(
-      render(
-        <svg role="img">
-          {/* @ts-ignore: confirming the component doesn't throw */}
-          <RadialArcPathEndpointMarks {...defaultProps} endpointMarker="foo" />
-        </svg>
-      ),
-      '<svg role=\"img\"/>'
-    );
-  });
-});
@@ -1,98 +0,0 @@
-import { FieldDisplay } from '@grafana/data';
-
-import { getEndpointMarkerColors, getGuideDotColor } from './colors';
-import { GradientStop, RadialGaugeDimensions } from './types';
-import { toRad } from './utils';
-
-interface RadialArcPathEndpointMarksPropsBase {
-  arcLengthDeg: number;
-  dimensions: RadialGaugeDimensions;
-  fieldDisplay: FieldDisplay;
-  endpointMarker: 'point' | 'glow';
-  roundedBars?: boolean;
-  startAngle: number;
-  glowFilter?: string;
-  endpointMarkerGlowFilter?: string;
-  xStart: number;
-  xEnd: number;
-  yStart: number;
-  yEnd: number;
-}
-
-interface RadialArcPathEndpointMarksPropsWithColor extends RadialArcPathEndpointMarksPropsBase {
-  color: string;
-}
-
-interface RadialArcPathEndpointMarksPropsWithGradient extends RadialArcPathEndpointMarksPropsBase {
-  gradient: GradientStop[];
-}
-
-export type RadialArcPathEndpointMarksProps =
-  | RadialArcPathEndpointMarksPropsWithColor
-  | RadialArcPathEndpointMarksPropsWithGradient;
-
-const ENDPOINT_MARKER_MIN_ANGLE = 10;
-const DOT_OPACITY = 0.5;
-const DOT_RADIUS_FACTOR = 0.4;
-const MAX_DOT_RADIUS = 8;
-
-export function RadialArcPathEndpointMarks({
-  startAngle: angle,
-  arcLengthDeg,
-  dimensions,
-  endpointMarker,
-  fieldDisplay,
-  xStart,
-  xEnd,
-  yStart,
-  yEnd,
-  roundedBars,
-  endpointMarkerGlowFilter,
-  glowFilter,
-  ...rest
-}: RadialArcPathEndpointMarksProps) {
-  const isGradient = 'gradient' in rest;
-  const { radius, centerX, centerY, barWidth } = dimensions;
-  const endRadians = toRad(angle + arcLengthDeg);
-
-  switch (endpointMarker) {
-    case 'point': {
-      const [pointColorStart, pointColorEnd] = isGradient
-        ? getEndpointMarkerColors(rest.gradient, fieldDisplay.display.percent)
-        : [getGuideDotColor(rest.color), getGuideDotColor(rest.color)];
-
-      const dotRadius =
-        endpointMarker === 'point' ? Math.min((barWidth / 2) * DOT_RADIUS_FACTOR, MAX_DOT_RADIUS) : barWidth / 2;
-
-      return (
-        <>
-          {arcLengthDeg > ENDPOINT_MARKER_MIN_ANGLE && (
-            <circle cx={xStart} cy={yStart} r={dotRadius} fill={pointColorStart} opacity={DOT_OPACITY} />
-          )}
-          <circle cx={xEnd} cy={yEnd} r={dotRadius} fill={pointColorEnd} opacity={DOT_OPACITY} />
-        </>
-      );
-    }
-    case 'glow':
-      const offsetAngle = toRad(ENDPOINT_MARKER_MIN_ANGLE);
-      const xStartMark = centerX + radius * Math.cos(endRadians + offsetAngle);
-      const yStartMark = centerY + radius * Math.sin(endRadians + offsetAngle);
-      if (arcLengthDeg <= ENDPOINT_MARKER_MIN_ANGLE) {
-        break;
-      }
-      return (
-        <path
-          d={['M', xStartMark, yStartMark, 'A', radius, radius, 0, 0, 1, xEnd, yEnd].join(' ')}
-          fill="none"
-          strokeWidth={barWidth}
-          stroke={endpointMarkerGlowFilter}
-          strokeLinecap={roundedBars ? 'round' : 'butt'}
-          filter={glowFilter}
-        />
-      );
-    default:
-      break;
-  }
-
-  return null;
-}
@@ -175,7 +175,7 @@ export function getGradientCss(gradientStops: GradientStop[], shape: RadialShape
 const GRAY_05 = '#111217';
 const GRAY_90 = '#fbfbfb';
 const CONTRAST_THRESHOLD_MAX = 4.5;
-export const getGuideDotColor = (color: string): string => {
+const getGuideDotColor = (color: string): string => {
  const darkColor = GRAY_05;
  const lightColor = GRAY_90;
  return colorManipulator.getContrastRatio(darkColor, color) >= CONTRAST_THRESHOLD_MAX ? darkColor : lightColor;
@@ -226,8 +226,7 @@ func (hs *HTTPServer) registerRoutes() {
 		r.Post("/api/user/email/start-verify", reqSignedInNoAnonymous, routing.Wrap(hs.StartEmailVerificaton))
 	}

-	//nolint:staticcheck // not yet migrated to OpenFeature
-	if hs.Cfg.PasswordlessMagicLinkAuth.Enabled && hs.Features.IsEnabledGlobally(featuremgmt.FlagPasswordlessMagicLinkAuthentication) {
+	if hs.Cfg.PasswordlessMagicLinkAuth.Enabled {
 		r.Post("/api/login/passwordless/start", requestmeta.SetOwner(requestmeta.TeamAuth), quota(string(auth.QuotaTargetSrv)), hs.StartPasswordless)
 		r.Post("/api/login/passwordless/authenticate", requestmeta.SetOwner(requestmeta.TeamAuth), quota(string(auth.QuotaTargetSrv)), routing.Wrap(hs.LoginPasswordless))
 	}
@@ -204,7 +204,7 @@ func (hs *HTTPServer) DeleteDataSourceById(c *contextmodel.ReqContext) response.
 func (hs *HTTPServer) GetDataSourceByUID(c *contextmodel.ReqContext) response.Response {
 	start := time.Now()
 	defer func() {
-		metricutil.ObserveWithExemplar(c.Req.Context(), hs.dsConfigHandlerRequestsDuration.WithLabelValues("GetDataSourceByUID"), time.Since(start).Seconds())
+		metricutil.ObserveWithExemplar(c.Req.Context(), hs.dsConfigHandlerRequestsDuration.WithLabelValues("legacy", "GetDataSourceByUID"), time.Since(start).Seconds())
 	}()

 	ds, err := hs.getRawDataSourceByUID(c.Req.Context(), web.Params(c.Req)[":uid"], c.GetOrgID())
@@ -240,7 +240,7 @@ func (hs *HTTPServer) GetDataSourceByUID(c *contextmodel.ReqContext) response.Re
 func (hs *HTTPServer) DeleteDataSourceByUID(c *contextmodel.ReqContext) response.Response {
 	start := time.Now()
 	defer func() {
-		metricutil.ObserveWithExemplar(c.Req.Context(), hs.dsConfigHandlerRequestsDuration.WithLabelValues("DeleteDataSourceByUID"), time.Since(start).Seconds())
+		metricutil.ObserveWithExemplar(c.Req.Context(), hs.dsConfigHandlerRequestsDuration.WithLabelValues("legacy", "DeleteDataSourceByUID"), time.Since(start).Seconds())
 	}()

 	uid := web.Params(c.Req)[":uid"]
@@ -375,7 +375,7 @@ func validateJSONData(jsonData *simplejson.Json, cfg *setting.Cfg) error {
 func (hs *HTTPServer) AddDataSource(c *contextmodel.ReqContext) response.Response {
 	start := time.Now()
 	defer func() {
-		metricutil.ObserveWithExemplar(c.Req.Context(), hs.dsConfigHandlerRequestsDuration.WithLabelValues("AddDataSource"), time.Since(start).Seconds())
+		metricutil.ObserveWithExemplar(c.Req.Context(), hs.dsConfigHandlerRequestsDuration.WithLabelValues("legacy", "AddDataSource"), time.Since(start).Seconds())
 	}()

 	cmd := datasources.AddDataSourceCommand{}
@@ -497,7 +497,7 @@ func (hs *HTTPServer) UpdateDataSourceByID(c *contextmodel.ReqContext) response.
 func (hs *HTTPServer) UpdateDataSourceByUID(c *contextmodel.ReqContext) response.Response {
 	start := time.Now()
 	defer func() {
-		metricutil.ObserveWithExemplar(c.Req.Context(), hs.dsConfigHandlerRequestsDuration.WithLabelValues("UpdateDataSourceByUID"), time.Since(start).Seconds())
+		metricutil.ObserveWithExemplar(c.Req.Context(), hs.dsConfigHandlerRequestsDuration.WithLabelValues("legacy", "UpdateDataSourceByUID"), time.Since(start).Seconds())
 	}()
 	cmd := datasources.UpdateDataSourceCommand{}
 	if err := web.Bind(c.Req, &cmd); err != nil {
@@ -91,7 +91,7 @@ func setupDsConfigHandlerMetrics() (prometheus.Registerer, *prometheus.Histogram
 		Namespace: "grafana",
 		Name:      "ds_config_handler_requests_duration_seconds",
 		Help:      "Duration of requests handled by datasource configuration handlers",
-	}, []string{"handler"})
+	}, []string{"code_path", "handler"})
 	promRegister.MustRegister(dsConfigHandlerRequestsDuration)
 	return promRegister, dsConfigHandlerRequestsDuration
 }
@@ -410,8 +410,7 @@ func (hs *HTTPServer) getFrontendSettings(c *contextmodel.ReqContext) (*dtos.Fro
 		DisableSignoutMenu:            hs.Cfg.DisableSignoutMenu,
 	}

-	//nolint:staticcheck // not yet migrated to OpenFeature
-	if hs.Cfg.PasswordlessMagicLinkAuth.Enabled && hs.Features.IsEnabled(c.Req.Context(), featuremgmt.FlagPasswordlessMagicLinkAuthentication) {
+	if hs.Cfg.PasswordlessMagicLinkAuth.Enabled {
 		hasEnabledProviders := hs.samlEnabled() || hs.authnService.IsClientEnabled(authn.ClientLDAP)

 		if !hasEnabledProviders {
@@ -387,7 +387,7 @@ func ProvideHTTPServer(opts ServerOptions, cfg *setting.Cfg, routeRegister routi
 			Namespace: "grafana",
 			Name:      "ds_config_handler_requests_duration_seconds",
 			Help:      "Duration of requests handled by datasource configuration handlers",
-		}, []string{"handler"}),
+		}, []string{"code_path", "handler"}),
 	}

 	promRegister.MustRegister(hs.htmlHandlerRequestsDuration)
@@ -20,6 +20,7 @@ import (
 	"github.com/grafana/grafana/pkg/infra/log"
 	"github.com/grafana/grafana/pkg/infra/tracing"
 	"github.com/grafana/grafana/pkg/plugins"
+	"github.com/grafana/grafana/pkg/plugins/backendplugin/coreplugin"
 	"github.com/grafana/grafana/pkg/plugins/manager/pluginfakes"
 	"github.com/grafana/grafana/pkg/services/accesscontrol"
 	"github.com/grafana/grafana/pkg/services/caching"
@@ -27,7 +28,6 @@ import (
 	"github.com/grafana/grafana/pkg/services/featuremgmt"
 	"github.com/grafana/grafana/pkg/services/oauthtoken/oauthtokentest"
 	"github.com/grafana/grafana/pkg/services/pluginsintegration"
-	"github.com/grafana/grafana/pkg/services/pluginsintegration/coreplugin"
 	"github.com/grafana/grafana/pkg/services/pluginsintegration/pluginaccesscontrol"
 	"github.com/grafana/grafana/pkg/services/pluginsintegration/pluginconfig"
 	"github.com/grafana/grafana/pkg/services/pluginsintegration/plugincontext"
@@ -928,10 +928,9 @@ func getDatasourceProxiedRequest(t *testing.T, ctx *contextmodel.ReqContext, cfg
 	secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
 	features := featuremgmt.WithFeatures()
 	quotaService := quotatest.New(false, nil)
-	dsRetriever := datasourceservice.ProvideDataSourceRetriever(sqlStore, features)
 	dsService, err := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, features, acimpl.ProvideAccessControl(features),
 		&actest.FakePermissionsService{}, quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{},
-		plugincontext.ProvideBaseService(cfg, pluginconfig.NewFakePluginRequestConfigProvider()), dsRetriever)
+		plugincontext.ProvideBaseService(cfg, pluginconfig.NewFakePluginRequestConfigProvider()))
 	require.NoError(t, err)
 	proxy, err := NewDataSourceProxy(ds, routes, ctx, "", cfg, httpclient.NewProvider(), &oauthtoken.Service{}, dsService, tracer, features)
 	require.NoError(t, err)
@@ -1051,11 +1050,9 @@ func runDatasourceAuthTest(t *testing.T, secretsService secrets.Service, secrets
 	var routes []*plugins.Route
 	features := featuremgmt.WithFeatures()
 	quotaService := quotatest.New(false, nil)
-	var sqlStore db.DB = nil
-	dsRetriever := datasourceservice.ProvideDataSourceRetriever(sqlStore, features)
-	dsService, err := datasourceservice.ProvideService(sqlStore, secretsService, secretsStore, cfg, features, acimpl.ProvideAccessControl(features),
+	dsService, err := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, features, acimpl.ProvideAccessControl(features),
 		&actest.FakePermissionsService{}, quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{},
-		plugincontext.ProvideBaseService(cfg, pluginconfig.NewFakePluginRequestConfigProvider()), dsRetriever)
+		plugincontext.ProvideBaseService(cfg, pluginconfig.NewFakePluginRequestConfigProvider()))
 	require.NoError(t, err)
 	proxy, err := NewDataSourceProxy(test.datasource, routes, ctx, "", &setting.Cfg{}, httpclient.NewProvider(), &oauthtoken.Service{}, dsService, tracer, features)
 	require.NoError(t, err)
@@ -1109,11 +1106,9 @@ func setupDSProxyTest(t *testing.T, ctx *contextmodel.ReqContext, ds *datasource
 	secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 	secretsStore := secretskvs.NewSQLSecretsKVStore(dbtest.NewFakeDB(), secretsService, log.NewNopLogger())
 	features := featuremgmt.WithFeatures()
-	var sqlStore db.DB = nil
-	dsRetriever := datasourceservice.ProvideDataSourceRetriever(sqlStore, features)
-	dsService, err := datasourceservice.ProvideService(sqlStore, secretsService, secretsStore, cfg, features, acimpl.ProvideAccessControl(features),
+	dsService, err := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, features, acimpl.ProvideAccessControl(features),
 		&actest.FakePermissionsService{}, quotatest.New(false, nil), &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{},
-		plugincontext.ProvideBaseService(cfg, pluginconfig.NewFakePluginRequestConfigProvider()), dsRetriever)
+		plugincontext.ProvideBaseService(cfg, pluginconfig.NewFakePluginRequestConfigProvider()))
 	require.NoError(t, err)

 	tracer := tracing.InitializeTracerForTest()
@@ -11,9 +11,6 @@ import (
 	_ "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.1/keyvault"
 	_ "github.com/Azure/go-autorest/autorest"
 	_ "github.com/Azure/go-autorest/autorest/adal"
-	_ "github.com/aws/aws-sdk-go-v2/credentials"
-	_ "github.com/aws/aws-sdk-go-v2/service/secretsmanager"
-	_ "github.com/aws/aws-sdk-go-v2/service/sts"
 	_ "github.com/beevik/etree"
 	_ "github.com/blugelabs/bluge"
 	_ "github.com/blugelabs/bluge_segment_api"
@@ -49,6 +46,7 @@ import (
 	_ "sigs.k8s.io/randfill"
 	_ "xorm.io/builder"

+	_ "github.com/aws/aws-sdk-go-v2/service/secretsmanager"
 	_ "github.com/grafana/authlib/authn"
 	_ "github.com/grafana/authlib/authz"
 	_ "github.com/grafana/authlib/cache"
@@ -209,7 +209,7 @@ func (ots *TracingService) initSampler() (tracesdk.Sampler, error) {
 	case "rateLimiting":
 		return newRateLimiter(ots.cfg.SamplerParam), nil
 	case "remote":
-		return jaegerremote.New(ots.cfg.ServiceName,
+		return jaegerremote.New("grafana",
 			jaegerremote.WithSamplingServerURL(ots.cfg.SamplerRemoteURL),
 			jaegerremote.WithInitialSampler(tracesdk.TraceIDRatioBased(ots.cfg.SamplerParam)),
 		), nil
@@ -837,8 +837,6 @@ type VariableModel struct {
 	// Optional field, if you want to extract part of a series name or metric node segment.
 	// Named capture groups can be used to separate the display text and value.
 	Regex *string `json:"regex,omitempty"`
-	// Optional, indicates whether a custom type variable uses CSV or JSON to define its values
-	ValuesFormat *VariableModelValuesFormat `json:"valuesFormat,omitempty"`
 	// Determine whether regex applies to variable value or display text
 	RegexApplyTo *VariableRegexApplyTo `json:"regexApplyTo,omitempty"`
 	// Additional static options for query variable
@@ -854,7 +852,6 @@ func NewVariableModel() *VariableModel {
 		Multi:            (func(input bool) *bool { return &input })(false),
 		AllowCustomValue: (func(input bool) *bool { return &input })(true),
 		IncludeAll:       (func(input bool) *bool { return &input })(false),
-		ValuesFormat:     (func(input VariableModelValuesFormat) *VariableModelValuesFormat { return &input })(VariableModelValuesFormatCsv),
 	}
 }

@@ -1194,13 +1191,6 @@ const (
 	DataTransformerConfigTopicAlertStates DataTransformerConfigTopic = "alertStates"
 )

-type VariableModelValuesFormat string
-
-const (
-	VariableModelValuesFormatCsv  VariableModelValuesFormat = "csv"
-	VariableModelValuesFormatJson VariableModelValuesFormat = "json"
-)
-
 type VariableModelStaticOptionsOrder string

 const (
@@ -14,8 +14,6 @@ import (

 	"github.com/grafana/grafana/pkg/plugins"
 	"github.com/grafana/grafana/pkg/plugins/backendplugin"
-	"github.com/grafana/grafana/pkg/plugins/backendplugin/coreplugin"
-	"github.com/grafana/grafana/pkg/plugins/backendplugin/provider"
 	"github.com/grafana/grafana/pkg/plugins/log"
 	"github.com/grafana/grafana/pkg/tsdb/azuremonitor"
 	cloudmonitoring "github.com/grafana/grafana/pkg/tsdb/cloud-monitoring"
@@ -94,10 +92,6 @@ func NewRegistry(store map[string]backendplugin.PluginFactoryFunc) *Registry {
 	}
 }

-func ProvideCoreProvider(coreRegistry *Registry) plugins.BackendFactoryProvider {
-	return provider.New(coreRegistry.BackendFactoryProvider(), provider.DefaultProvider)
-}
-
 func ProvideCoreRegistry(tracer trace.Tracer, am *azuremonitor.Service, cw *cloudwatch.Service, cm *cloudmonitoring.Service,
 	es *elasticsearch.Service, grap *graphite.Service, idb *influxdb.Service, lk *loki.Service, otsdb *opentsdb.Service,
 	pr *prometheus.Service, t *tempo.Service, td *testdatasource.Service, pg *postgres.Service, my *mysql.Service,
@@ -162,7 +156,7 @@ func asBackendPlugin(svc any) backendplugin.PluginFactoryFunc {

 	if opts.QueryDataHandler != nil || opts.CallResourceHandler != nil ||
 		opts.CheckHealthHandler != nil || opts.StreamHandler != nil {
-		return coreplugin.New(opts)
+		return New(opts)
 	}

 	return nil
@@ -5,6 +5,7 @@ import (

 	"github.com/grafana/grafana/pkg/plugins"
 	"github.com/grafana/grafana/pkg/plugins/backendplugin"
+	"github.com/grafana/grafana/pkg/plugins/backendplugin/coreplugin"
 	"github.com/grafana/grafana/pkg/plugins/backendplugin/grpcplugin"
 	"github.com/grafana/grafana/pkg/plugins/backendplugin/pluginextensionv2"
 	"github.com/grafana/grafana/pkg/plugins/log"
@@ -26,6 +27,10 @@ func New(providers ...PluginBackendProvider) *Service {
 	}
 }

+func ProvideService(coreRegistry *coreplugin.Registry) *Service {
+	return New(coreRegistry.BackendFactoryProvider(), DefaultProvider)
+}
+
 func (s *Service) BackendFactory(ctx context.Context, p *plugins.Plugin) backendplugin.PluginFactoryFunc {
 	for _, provider := range s.providerChain {
 		if factory := provider(ctx, p); factory != nil {
@@ -8,6 +8,7 @@ import (
 	"net/http"
 	"net/url"
 	"slices"
+	"sort"
 	"strconv"
 	"strings"

@@ -315,12 +316,6 @@ func (s *SearchHandler) DoSearch(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	// 	sort.Slice(parsedResults.Hits, func(i, j int) bool {
-	// 		// Just sorting by resource for now. The rest should be sorted by search score already
-	// 		return parsedResults.Hits[i].Resource > parsedResults.Hits[j].Resource
-	// 	})
-	// }
-
 	result, err := s.client.Search(ctx, searchRequest)
 	if err != nil {
 		errhttp.Write(ctx, err, w)
@@ -337,6 +332,14 @@ func (s *SearchHandler) DoSearch(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	if len(searchRequest.SortBy) == 0 {
+		// default sort by resource descending ( folders then dashboards ) then title
+		sort.Slice(parsedResults.Hits, func(i, j int) bool {
+			// Just sorting by resource for now. The rest should be sorted by search score already
+			return parsedResults.Hits[i].Resource > parsedResults.Hits[j].Resource
+		})
+	}
+
 	s.write(w, parsedResults)
 }

@@ -425,18 +428,6 @@ func convertHttpSearchRequestToResourceSearchRequest(queryParams url.Values, use
 			}
 			searchRequest.SortBy = append(searchRequest.SortBy, s)
 		}
-	} else if searchRequest.Query == "" {
-		// When no query exists, return the results in a predictable order
-		searchRequest.SortBy = []*resourcepb.ResourceSearchRequest_Sort{
-			{
-				Field: resource.SEARCH_FIELD_GROUP_RESOURCE, // folders then dashboards
-				Desc:  true,
-			},
-			{
-				Field: resource.SEARCH_FIELD_TITLE, // then title
-				Desc:  false,
-			},
-		}
 	}

 	// The facet term fields
@@ -57,12 +57,6 @@ func (s *legacyStorage) ConvertToTable(ctx context.Context, object runtime.Objec
 }

 func (s *legacyStorage) List(ctx context.Context, options *internalversion.ListOptions) (runtime.Object, error) {
-	if s.dsConfigHandlerRequestsDuration != nil {
-		start := time.Now()
-		defer func() {
-			metricutil.ObserveWithExemplar(ctx, s.dsConfigHandlerRequestsDuration.WithLabelValues("legacyStorage.List"), time.Since(start).Seconds())
-		}()
-	}
 	return s.datasources.ListDataSources(ctx)
 }

@@ -70,7 +64,7 @@ func (s *legacyStorage) Get(ctx context.Context, name string, options *metav1.Ge
 	if s.dsConfigHandlerRequestsDuration != nil {
 		start := time.Now()
 		defer func() {
-			metricutil.ObserveWithExemplar(ctx, s.dsConfigHandlerRequestsDuration.WithLabelValues("legacyStorage.Get"), time.Since(start).Seconds())
+			metricutil.ObserveWithExemplar(ctx, s.dsConfigHandlerRequestsDuration.WithLabelValues("new", "Get"), time.Since(start).Seconds())
 		}()
 	}

@@ -82,7 +76,7 @@ func (s *legacyStorage) Create(ctx context.Context, obj runtime.Object, createVa
 	if s.dsConfigHandlerRequestsDuration != nil {
 		start := time.Now()
 		defer func() {
-			metricutil.ObserveWithExemplar(ctx, s.dsConfigHandlerRequestsDuration.WithLabelValues("legacyStorage.Create"), time.Since(start).Seconds())
+			metricutil.ObserveWithExemplar(ctx, s.dsConfigHandlerRequestsDuration.WithLabelValues("new", "Create"), time.Since(start).Seconds())
 		}()
 	}

@@ -98,7 +92,7 @@ func (s *legacyStorage) Update(ctx context.Context, name string, objInfo rest.Up
 	if s.dsConfigHandlerRequestsDuration != nil {
 		start := time.Now()
 		defer func() {
-			metricutil.ObserveWithExemplar(ctx, s.dsConfigHandlerRequestsDuration.WithLabelValues("legacyStorage.Update"), time.Since(start).Seconds())
+			metricutil.ObserveWithExemplar(ctx, s.dsConfigHandlerRequestsDuration.WithLabelValues("new", "Create"), time.Since(start).Seconds())
 		}()
 	}

@@ -141,7 +135,7 @@ func (s *legacyStorage) Delete(ctx context.Context, name string, deleteValidatio
 	if s.dsConfigHandlerRequestsDuration != nil {
 		start := time.Now()
 		defer func() {
-			metricutil.ObserveWithExemplar(ctx, s.dsConfigHandlerRequestsDuration.WithLabelValues("legacyStorage.Delete"), time.Since(start).Seconds())
+			metricutil.ObserveWithExemplar(ctx, s.dsConfigHandlerRequestsDuration.WithLabelValues("new", "Create"), time.Since(start).Seconds())
 		}()
 	}

@@ -151,13 +145,6 @@ func (s *legacyStorage) Delete(ctx context.Context, name string, deleteValidatio

 // DeleteCollection implements rest.CollectionDeleter.
 func (s *legacyStorage) DeleteCollection(ctx context.Context, deleteValidation rest.ValidateObjectFunc, options *metav1.DeleteOptions, listOptions *internalversion.ListOptions) (runtime.Object, error) {
-	if s.dsConfigHandlerRequestsDuration != nil {
-		start := time.Now()
-		defer func() {
-			metricutil.ObserveWithExemplar(ctx, s.dsConfigHandlerRequestsDuration.WithLabelValues("legacyStorage.DeleteCollection"), time.Since(start).Seconds())
-		}()
-	}
-
 	dss, err := s.datasources.ListDataSources(ctx)
 	if err != nil {
 		return nil, err
@@ -21,7 +21,6 @@ import (
 	datasourceV0 "github.com/grafana/grafana/pkg/apis/datasource/v0alpha1"
 	queryV0 "github.com/grafana/grafana/pkg/apis/query/v0alpha1"
 	grafanaregistry "github.com/grafana/grafana/pkg/apiserver/registry/generic"
-	"github.com/grafana/grafana/pkg/infra/metrics"
 	"github.com/grafana/grafana/pkg/infra/metrics/metricutil"
 	"github.com/grafana/grafana/pkg/plugins"
 	"github.com/grafana/grafana/pkg/plugins/manager/sources"
@@ -70,10 +69,10 @@ func RegisterAPIService(

 	dataSourceCRUDMetric := metricutil.NewHistogramVec(prometheus.HistogramOpts{
 		Namespace: "grafana",
-		Name:      "ds_config_handler_apis_requests_duration_seconds",
-		Help:      "Duration of requests handled by new k8s style APIs datasource configuration handlers",
-	}, []string{"handler"})
-	regErr := metrics.ProvideRegisterer().Register(dataSourceCRUDMetric)
+		Name:      "ds_config_handler_requests_duration_seconds",
+		Help:      "Duration of requests handled by datasource configuration handlers",
+	}, []string{"code_path", "handler"})
+	regErr := reg.Register(dataSourceCRUDMetric)
 	if regErr != nil && !errors.As(regErr, &prometheus.AlreadyRegisteredError{}) {
 		return nil, regErr
 	}
@@ -276,7 +276,7 @@ func (b *APIBuilder) oneFlagHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	if b.providerType == setting.FeaturesServiceProviderType || b.providerType == setting.OFREPProviderType {
+	if b.providerType == setting.GOFFProviderType || b.providerType == setting.OFREPProviderType {
 		b.proxyFlagReq(ctx, flagKey, isAuthedReq, w, r)
 		return
 	}
@@ -304,7 +304,7 @@ func (b *APIBuilder) allFlagsHandler(w http.ResponseWriter, r *http.Request) {
 	isAuthedReq := b.isAuthenticatedRequest(r)
 	span.SetAttributes(attribute.Bool("authenticated", isAuthedReq))

-	if b.providerType == setting.FeaturesServiceProviderType || b.providerType == setting.OFREPProviderType {
+	if b.providerType == setting.GOFFProviderType || b.providerType == setting.OFREPProviderType {
 		b.proxyAllFlagReq(ctx, isAuthedReq, w, r)
 		return
 	}
@@ -13,7 +13,6 @@ import (
 	"github.com/grafana/grafana/pkg/services/apiserver"
 	"github.com/grafana/grafana/pkg/services/apiserver/appinstaller"
 	grafanaauthorizer "github.com/grafana/grafana/pkg/services/apiserver/auth/authorizer"
-	"github.com/grafana/grafana/pkg/services/featuremgmt"
 	"github.com/grafana/grafana/pkg/services/pluginsintegration/pluginassets"
 	"github.com/grafana/grafana/pkg/services/pluginsintegration/pluginstore"
 )
@@ -37,13 +36,9 @@ func ProvideAppInstaller(
 	pluginStore pluginstore.Store,
 	pluginAssetsService *pluginassets.Service,
 	accessControlService accesscontrol.Service, accessClient authlib.AccessClient,
-	features featuremgmt.FeatureToggles,
 ) (*AppInstaller, error) {
-	//nolint:staticcheck // not yet migrated to OpenFeature
-	if features.IsEnabledGlobally(featuremgmt.FlagPluginStoreServiceLoading) {
-		if err := registerAccessControlRoles(accessControlService); err != nil {
-			return nil, fmt.Errorf("registering access control roles: %w", err)
-		}
+	if err := registerAccessControlRoles(accessControlService); err != nil {
+		return nil, fmt.Errorf("registering access control roles: %w", err)
 	}

 	localProvider := meta.NewLocalProvider(pluginStore, pluginAssetsService)
@@ -330,7 +330,6 @@ var wireBasicSet = wire.NewSet(
 	dashsnapstore.ProvideStore,
 	wire.Bind(new(dashboardsnapshots.Service), new(*dashsnapsvc.ServiceImpl)),
 	dashsnapsvc.ProvideService,
-	datasourceservice.ProvideDataSourceRetriever,
 	datasourceservice.ProvideService,
 	wire.Bind(new(datasources.DataSourceService), new(*datasourceservice.Service)),
 	datasourceservice.ProvideLegacyDataSourceLookup,
@@ -3,13 +3,11 @@ package dualwrite
 import (
 	"context"
 	"fmt"
-	"strings"

 	openfgav1 "github.com/openfga/api/proto/openfga/v1"

 	claims "github.com/grafana/authlib/types"

-	dashboardV1 "github.com/grafana/grafana/apps/dashboard/pkg/apis/dashboard/v1beta1"
 	authzextv1 "github.com/grafana/grafana/pkg/services/authz/proto/v1"
 	"github.com/grafana/grafana/pkg/services/authz/zanzana"
 )
@@ -21,30 +19,14 @@ type legacyTupleCollector func(ctx context.Context, orgID int64) (map[string]map
 type zanzanaTupleCollector func(ctx context.Context, client zanzana.Client, object string, namespace string) (map[string]*openfgav1.TupleKey, error)

 type resourceReconciler struct {
-	name               string
-	legacy             legacyTupleCollector
-	zanzana            zanzanaTupleCollector
-	client             zanzana.Client
-	orphanObjectPrefix string
-	orphanRelations    []string
+	name    string
+	legacy  legacyTupleCollector
+	zanzana zanzanaTupleCollector
+	client  zanzana.Client
 }

-func newResourceReconciler(name string, legacy legacyTupleCollector, zanzanaCollector zanzanaTupleCollector, client zanzana.Client) resourceReconciler {
-	r := resourceReconciler{name: name, legacy: legacy, zanzana: zanzanaCollector, client: client}
-
-	// we only need to worry about orphaned tuples for reconcilers that use the managed permissions collector (i.e. dashboards & folders)
-	switch name {
-	case "managed folder permissions":
-		// prefix for folders is `folder:`
-		r.orphanObjectPrefix = zanzana.NewObjectEntry(zanzana.TypeFolder, "", "", "", "")
-		r.orphanRelations = append([]string{}, zanzana.RelationsFolder...)
-	case "managed dashboard permissions":
-		// prefix for dashboards will be `resource:dashboard.grafana.app/dashboards/`
-		r.orphanObjectPrefix = fmt.Sprintf("%s/", zanzana.NewObjectEntry(zanzana.TypeResource, dashboardV1.APIGroup, dashboardV1.DASHBOARD_RESOURCE, "", ""))
-		r.orphanRelations = append([]string{}, zanzana.RelationsResouce...)
-	}
-
-	return r
+func newResourceReconciler(name string, legacy legacyTupleCollector, zanzana zanzanaTupleCollector, client zanzana.Client) resourceReconciler {
+	return resourceReconciler{name, legacy, zanzana, client}
 }

 func (r resourceReconciler) reconcile(ctx context.Context, namespace string) error {
@@ -53,15 +35,6 @@ func (r resourceReconciler) reconcile(ctx context.Context, namespace string) err
 		return err
 	}

-	// 0. Fetch all tuples currently stored in Zanzana. This will be used later on
-	// to cleanup orphaned tuples.
-	// This order needs to be kept (fetching from Zanzana first) to avoid accidentally
-	// cleaning up new tuples that were added after the legacy tuples were fetched.
-	allTuplesInZanzana, err := r.readAllTuples(ctx, namespace)
-	if err != nil {
-		return fmt.Errorf("failed to read all tuples from zanzana for %s: %w", r.name, err)
-	}
-
 	// 1. Fetch grafana resources stored in grafana db.
 	res, err := r.legacy(ctx, info.OrgID)
 	if err != nil {
@@ -114,14 +87,6 @@ func (r resourceReconciler) reconcile(ctx context.Context, namespace string) err
 		}
 	}

-	// when the last managed permission for a resource is removed, the legacy results will no
-	// longer contain any tuples for that resource. this process cleans it up when applicable.
-	orphans, err := r.collectOrphanDeletes(ctx, namespace, allTuplesInZanzana, res)
-	if err != nil {
-		return fmt.Errorf("failed to collect orphan deletes (%s): %w", r.name, err)
-	}
-	deletes = append(deletes, orphans...)
-
 	if len(writes) == 0 && len(deletes) == 0 {
 		return nil
 	}
@@ -154,79 +119,3 @@ func (r resourceReconciler) reconcile(ctx context.Context, namespace string) err

 	return nil
 }
-
-// collectOrphanDeletes collects tuples that are no longer present in the legacy results
-// but still are present in zanzana. when that is the case, we need to delete the tuple from
-// zanzana. this will happen when the last managed permission for a resource is removed.
-// this is only used for dashboards and folders, as those are the only resources that use the managed permissions collector.
-func (r resourceReconciler) collectOrphanDeletes(
-	ctx context.Context,
-	namespace string,
-	allTuplesInZanzana []*authzextv1.Tuple,
-	legacyReturnedTuples map[string]map[string]*openfgav1.TupleKey,
-) ([]*openfgav1.TupleKeyWithoutCondition, error) {
-	if r.orphanObjectPrefix == "" || len(r.orphanRelations) == 0 {
-		return []*openfgav1.TupleKeyWithoutCondition{}, nil
-	}
-
-	seen := map[string]struct{}{}
-	out := []*openfgav1.TupleKeyWithoutCondition{}
-
-	// what relation types we are interested in cleaning up
-	relationsToCleanup := map[string]struct{}{}
-	for _, rel := range r.orphanRelations {
-		relationsToCleanup[rel] = struct{}{}
-	}
-
-	for _, tuple := range allTuplesInZanzana {
-		if tuple == nil || tuple.Key == nil {
-			continue
-		}
-		// only cleanup the particular relation types we are interested in
-		if _, ok := relationsToCleanup[tuple.Key.Relation]; !ok {
-			continue
-		}
-		// only cleanup the particular object types we are interested in (either dashboards or folders)
-		if !strings.HasPrefix(tuple.Key.Object, r.orphanObjectPrefix) {
-			continue
-		}
-		// if legacy returned this object, it's not orphaned
-		if _, ok := legacyReturnedTuples[tuple.Key.Object]; ok {
-			continue
-		}
-		// keep track of the tuples we have already seen and marked for deletion
-		key := fmt.Sprintf("%s|%s|%s", tuple.Key.User, tuple.Key.Relation, tuple.Key.Object)
-		if _, ok := seen[key]; ok {
-			continue
-		}
-		seen[key] = struct{}{}
-		out = append(out, &openfgav1.TupleKeyWithoutCondition{
-			User:     tuple.Key.User,
-			Relation: tuple.Key.Relation,
-			Object:   tuple.Key.Object,
-		})
-	}
-
-	return out, nil
-}
-
-func (r resourceReconciler) readAllTuples(ctx context.Context, namespace string) ([]*authzextv1.Tuple, error) {
-	var (
-		out           []*authzextv1.Tuple
-		continueToken string
-	)
-	for {
-		res, err := r.client.Read(ctx, &authzextv1.ReadRequest{
-			Namespace:         namespace,
-			ContinuationToken: continueToken,
-		})
-		if err != nil {
-			return nil, err
-		}
-		out = append(out, res.Tuples...)
-		continueToken = res.ContinuationToken
-		if continueToken == "" {
-			return out, nil
-		}
-	}
-}
@@ -1,110 +0,0 @@
-package dualwrite
-
-import (
-	"context"
-	"testing"
-
-	authlib "github.com/grafana/authlib/types"
-	openfgav1 "github.com/openfga/api/proto/openfga/v1"
-	"github.com/stretchr/testify/require"
-
-	authzextv1 "github.com/grafana/grafana/pkg/services/authz/proto/v1"
-	"github.com/grafana/grafana/pkg/services/authz/zanzana"
-)
-
-type fakeZanzanaClient struct {
-	readTuples []*authzextv1.Tuple
-	writeReqs  []*authzextv1.WriteRequest
-}
-
-func (f *fakeZanzanaClient) Read(ctx context.Context, req *authzextv1.ReadRequest) (*authzextv1.ReadResponse, error) {
-	return &authzextv1.ReadResponse{
-		Tuples:            f.readTuples,
-		ContinuationToken: "",
-	}, nil
-}
-
-func (f *fakeZanzanaClient) Write(ctx context.Context, req *authzextv1.WriteRequest) error {
-	f.writeReqs = append(f.writeReqs, req)
-	return nil
-}
-
-func (f *fakeZanzanaClient) BatchCheck(ctx context.Context, req *authzextv1.BatchCheckRequest) (*authzextv1.BatchCheckResponse, error) {
-	return &authzextv1.BatchCheckResponse{}, nil
-}
-
-func (f *fakeZanzanaClient) Mutate(ctx context.Context, req *authzextv1.MutateRequest) error {
-	return nil
-}
-
-func (f *fakeZanzanaClient) Query(ctx context.Context, req *authzextv1.QueryRequest) (*authzextv1.QueryResponse, error) {
-	return &authzextv1.QueryResponse{}, nil
-}
-
-func (f *fakeZanzanaClient) Check(ctx context.Context, info authlib.AuthInfo, req authlib.CheckRequest, folder string) (authlib.CheckResponse, error) {
-	return authlib.CheckResponse{Allowed: true}, nil
-}
-
-func (f *fakeZanzanaClient) Compile(ctx context.Context, info authlib.AuthInfo, req authlib.ListRequest) (authlib.ItemChecker, authlib.Zookie, error) {
-	return func(name, folder string) bool { return true }, authlib.NoopZookie{}, nil
-}
-
-func TestResourceReconciler_OrphanedManagedDashboardTuplesAreDeleted(t *testing.T) {
-	legacy := func(ctx context.Context, orgID int64) (map[string]map[string]*openfgav1.TupleKey, error) {
-		return map[string]map[string]*openfgav1.TupleKey{}, nil
-	}
-	zCollector := func(ctx context.Context, client zanzana.Client, object string, namespace string) (map[string]*openfgav1.TupleKey, error) {
-		return map[string]*openfgav1.TupleKey{}, nil
-	}
-
-	fake := &fakeZanzanaClient{}
-	r := newResourceReconciler("managed dashboard permissions", legacy, zCollector, fake)
-
-	require.NotEmpty(t, r.orphanObjectPrefix)
-	require.NotEmpty(t, r.orphanRelations)
-
-	relAllowed := r.orphanRelations[0]
-	objAllowed := r.orphanObjectPrefix + "dash-uid-1"
-
-	fake.readTuples = []*authzextv1.Tuple{
-		// should be removed
-		{
-			Key: &authzextv1.TupleKey{
-				User:     "user:1",
-				Relation: relAllowed,
-				Object:   objAllowed,
-			},
-		},
-
-		// same relation but different object type/prefix - should stay
-		{
-			Key: &authzextv1.TupleKey{
-				User:     "user:1",
-				Relation: relAllowed,
-				Object:   "folder:some-folder",
-			},
-		},
-		// same prefix but different relation - should stay
-		{
-			Key: &authzextv1.TupleKey{
-				User:     "user:1",
-				Relation: zanzana.RelationParent,
-				Object:   objAllowed,
-			},
-		},
-	}
-
-	err := r.reconcile(context.Background(), authlib.OrgNamespaceFormatter(1))
-	require.NoError(t, err)
-
-	require.Len(t, fake.writeReqs, 1)
-	wr := fake.writeReqs[0]
-	require.NotNil(t, wr.Deletes)
-	require.Nil(t, wr.Writes)
-
-	require.Len(t, wr.Deletes.TupleKeys, 1)
-	del := wr.Deletes.TupleKeys[0]
-	require.Equal(t, "user:1", del.User)
-	require.Equal(t, relAllowed, del.Relation)
-	require.Equal(t, objAllowed, del.Object)
-}
@@ -3,6 +3,7 @@ package authorizer
 import (
 	"context"

+	"github.com/grafana/grafana/pkg/setting"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	k8suser "k8s.io/apiserver/pkg/authentication/user"
 	"k8s.io/apiserver/pkg/authorization/authorizer"
@@ -28,9 +29,9 @@ type GrafanaAuthorizer struct {
 //  4. We check authorizer that is configured speficially for an api.
 //  5. As a last fallback we check Role, this will only happen if an api have not configured
 //     an authorizer or return authorizer.DecisionNoOpinion
-func NewGrafanaBuiltInSTAuthorizer() *GrafanaAuthorizer {
+func NewGrafanaBuiltInSTAuthorizer(cfg *setting.Cfg) *GrafanaAuthorizer {
 	authorizers := []authorizer.Authorizer{
-		NewImpersonationAuthorizer(),
+		newImpersonationAuthorizer(),
 		authorizerfactory.NewPrivilegedGroups(k8suser.SystemPrivilegedGroup),
 		newNamespaceAuthorizer(),
 	}
@@ -8,7 +8,7 @@ import (

 var _ authorizer.Authorizer = (*impersonationAuthorizer)(nil)

-func NewImpersonationAuthorizer() *impersonationAuthorizer {
+func newImpersonationAuthorizer() *impersonationAuthorizer {
 	return &impersonationAuthorizer{}
 }

@@ -76,7 +76,19 @@ var PathRewriters = []filters.PathRewriter{

 func GetDefaultBuildHandlerChainFunc(builders []APIGroupBuilder, reg prometheus.Registerer) BuildHandlerChainFunc {
 	return func(delegateHandler http.Handler, c *genericapiserver.Config) http.Handler {
-		handler := filters.WithTracingHTTPLoggingAttributes(delegateHandler)
+		requestHandler, err := GetCustomRoutesHandler(
+			delegateHandler,
+			c.LoopbackClientConfig,
+			builders,
+			reg,
+			c.MergedResourceConfig,
+		)
+		if err != nil {
+			panic(fmt.Sprintf("could not build the request handler for specified API builders: %s", err.Error()))
+		}
+
+		// Needs to run last in request chain to function as expected, hence we register it first.
+		handler := filters.WithTracingHTTPLoggingAttributes(requestHandler)

 		// filters.WithRequester needs to be after the K8s chain because it depends on the K8s user in context
 		handler = filters.WithRequester(handler)
@@ -3,306 +3,146 @@ package builder
 import (
 	"fmt"
 	"net/http"
-	"strings"

-	"github.com/emicklei/go-restful/v3"
 	"github.com/gorilla/mux"
 	"github.com/prometheus/client_golang/prometheus"
 	serverstorage "k8s.io/apiserver/pkg/server/storage"
+	restclient "k8s.io/client-go/rest"
 	klog "k8s.io/klog/v2"
 	"k8s.io/kube-openapi/pkg/spec3"
 )

-// convertHandlerToRouteFunction converts an http.HandlerFunc to a restful.RouteFunction
-// It extracts path parameters from restful.Request and populates them in the request context
-// so that mux.Vars can read them (for backward compatibility with handlers that use mux.Vars)
-func convertHandlerToRouteFunction(handler http.HandlerFunc) restful.RouteFunction {
-	return func(req *restful.Request, resp *restful.Response) {
-		// Extract path parameters from restful.Request and populate mux.Vars
-		// This is needed for backward compatibility with handlers that use mux.Vars(r)
-		vars := make(map[string]string)
-
-		// Get all path parameters from the restful.Request
-		// The restful.Request has PathParameters() method that returns a map
-		pathParams := req.PathParameters()
-		for key, value := range pathParams {
-			vars[key] = value
-		}
-
-		// Set the vars in the request context using mux.SetURLVars
-		// This makes mux.Vars(r) work correctly
-		if len(vars) > 0 {
-			req.Request = mux.SetURLVars(req.Request, vars)
-		}
-
-		handler(resp.ResponseWriter, req.Request)
-	}
+type requestHandler struct {
+	router *mux.Router
 }

-// AugmentWebServicesWithCustomRoutes adds custom routes from builders to existing WebServices
-// in the container.
-func AugmentWebServicesWithCustomRoutes(
-	container *restful.Container,
-	builders []APIGroupBuilder,
-	metricsRegistry prometheus.Registerer,
-	apiResourceConfig *serverstorage.ResourceConfig,
-) error {
-	if container == nil {
-		return fmt.Errorf("container cannot be nil")
-	}
+func GetCustomRoutesHandler(delegateHandler http.Handler, restConfig *restclient.Config, builders []APIGroupBuilder, metricsRegistry prometheus.Registerer, apiResourceConfig *serverstorage.ResourceConfig) (http.Handler, error) {
+	useful := false // only true if any routes exist anywhere
+	router := mux.NewRouter()

 	metrics := NewCustomRouteMetrics(metricsRegistry)

-	// Build a map of existing WebServices by root path
-	existingWebServices := make(map[string]*restful.WebService)
-	for _, ws := range container.RegisteredWebServices() {
-		existingWebServices[ws.RootPath()] = ws
-	}
-
-	for _, b := range builders {
-		provider, ok := b.(APIGroupRouteProvider)
+	for _, builder := range builders {
+		provider, ok := builder.(APIGroupRouteProvider)
 		if !ok || provider == nil {
 			continue
 		}

-		for _, gv := range GetGroupVersions(b) {
-			// Filter out disabled API groups
+		for _, gv := range GetGroupVersions(builder) {
+			// filter out api groups that are disabled in APIEnablementOptions
 			gvr := gv.WithResource("")
 			if apiResourceConfig != nil && !apiResourceConfig.ResourceEnabled(gvr) {
-				klog.InfoS("Skipping custom routes for disabled group version", "gv", gv.String())
+				klog.InfoS("Skipping custom route handler for disabled group version", "gv", gv.String())
 				continue
 			}
-
 			routes := provider.GetAPIRoutes(gv)
 			if routes == nil {
 				continue
 			}

-			// Find or create WebService for this group version
-			rootPath := "/apis/" + gv.String()
-			ws, exists := existingWebServices[rootPath]
-			if !exists {
-				// Create a new WebService if one doesn't exist
-				ws = new(restful.WebService)
-				ws.Path(rootPath)
-				container.Add(ws)
-				existingWebServices[rootPath] = ws
-			}
+			prefix := "/apis/" + gv.String()

-			// Add root handlers using OpenAPI specs
+			// Root handlers
+			var sub *mux.Router
 			for _, route := range routes.Root {
+				if sub == nil {
+					sub = router.PathPrefix(prefix).Subrouter()
+					sub.MethodNotAllowedHandler = &methodNotAllowedHandler{}
+				}
+
+				useful = true
+				methods, err := methodsFromSpec(route.Path, route.Spec)
+				if err != nil {
+					return nil, err
+				}
+
 				instrumentedHandler := metrics.InstrumentHandler(
 					gv.Group,
 					gv.Version,
-					route.Path,
+					route.Path, // Use path as resource identifier
 					route.Handler,
 				)
-				routeFunction := convertHandlerToRouteFunction(instrumentedHandler)

-				// Use OpenAPI spec to configure routes properly
-				if err := addRouteFromSpec(ws, route.Path, route.Spec, routeFunction, false); err != nil {
-					return fmt.Errorf("failed to add root route %s: %w", route.Path, err)
-				}
+				sub.HandleFunc("/"+route.Path, instrumentedHandler).
+					Methods(methods...)
 			}

-			// Add namespace handlers using OpenAPI specs
+			// Namespace handlers
+			sub = nil
+			prefix += "/namespaces/{namespace}"
 			for _, route := range routes.Namespace {
+				if sub == nil {
+					sub = router.PathPrefix(prefix).Subrouter()
+					sub.MethodNotAllowedHandler = &methodNotAllowedHandler{}
+				}
+
+				useful = true
+				methods, err := methodsFromSpec(route.Path, route.Spec)
+				if err != nil {
+					return nil, err
+				}
+
 				instrumentedHandler := metrics.InstrumentHandler(
 					gv.Group,
 					gv.Version,
-					route.Path,
+					route.Path, // Use path as resource identifier
 					route.Handler,
 				)
-				routeFunction := convertHandlerToRouteFunction(instrumentedHandler)

-				// Use OpenAPI spec to configure routes properly
-				if err := addRouteFromSpec(ws, route.Path, route.Spec, routeFunction, true); err != nil {
-					return fmt.Errorf("failed to add namespace route %s: %w", route.Path, err)
-				}
+				sub.HandleFunc("/"+route.Path, instrumentedHandler).
+					Methods(methods...)
 			}
 		}
 	}

-	return nil
+	if !useful {
+		return delegateHandler, nil
+	}
+
+	// Per Gorilla Mux issue here: https://github.com/gorilla/mux/issues/616#issuecomment-798807509
+	// default handler must come last
+	router.PathPrefix("/").Handler(delegateHandler)
+
+	return &requestHandler{
+		router: router,
+	}, nil
 }

-// addRouteFromSpec adds routes to a WebService using OpenAPI specs
-func addRouteFromSpec(ws *restful.WebService, routePath string, pathProps *spec3.PathProps, handler restful.RouteFunction, isNamespaced bool) error {
-	if pathProps == nil {
-		return fmt.Errorf("pathProps cannot be nil for route %s", routePath)
-	}
-
-	// Build the full path (relative to WebService root)
-	var fullPath string
-	if isNamespaced {
-		fullPath = "/namespaces/{namespace}/" + routePath
-	} else {
-		fullPath = "/" + routePath
-	}
-
-	// Add routes for each HTTP method defined in the OpenAPI spec
-	operations := map[string]*spec3.Operation{
-		"GET":    pathProps.Get,
-		"POST":   pathProps.Post,
-		"PUT":    pathProps.Put,
-		"PATCH":  pathProps.Patch,
-		"DELETE": pathProps.Delete,
-	}
-
-	for method, operation := range operations {
-		if operation == nil {
-			continue
-		}
-
-		// Create route builder for this method
-		var routeBuilder *restful.RouteBuilder
-		switch method {
-		case "GET":
-			routeBuilder = ws.GET(fullPath)
-		case "POST":
-			routeBuilder = ws.POST(fullPath)
-		case "PUT":
-			routeBuilder = ws.PUT(fullPath)
-		case "PATCH":
-			routeBuilder = ws.PATCH(fullPath)
-		case "DELETE":
-			routeBuilder = ws.DELETE(fullPath)
-		}
-
-		// Set operation ID from OpenAPI spec (with K8s verb prefix if needed)
-		operationID := operation.OperationId
-		if operationID == "" {
-			// Generate from path if not specified
-			operationID = generateOperationNameFromPath(routePath)
-		}
-		operationID = prefixRouteIDWithK8sVerbIfNotPresent(operationID, method)
-		routeBuilder = routeBuilder.Operation(operationID)
-
-		// Add description from OpenAPI spec
-		if operation.Description != "" {
-			routeBuilder = routeBuilder.Doc(operation.Description)
-		}
-
-		// Check if namespace parameter is already in the OpenAPI spec
-		hasNamespaceParam := false
-		if operation.Parameters != nil {
-			for _, param := range operation.Parameters {
-				if param.Name == "namespace" && param.In == "path" {
-					hasNamespaceParam = true
-					break
-				}
-			}
-		}
-
-		// Add namespace parameter for namespaced routes if not already in spec
-		if isNamespaced && !hasNamespaceParam {
-			routeBuilder = routeBuilder.Param(restful.PathParameter("namespace", "object name and auth scope, such as for teams and projects"))
-		}
-
-		// Add parameters from OpenAPI spec
-		if operation.Parameters != nil {
-			for _, param := range operation.Parameters {
-				switch param.In {
-				case "path":
-					routeBuilder = routeBuilder.Param(restful.PathParameter(param.Name, param.Description))
-				case "query":
-					routeBuilder = routeBuilder.Param(restful.QueryParameter(param.Name, param.Description))
-				case "header":
-					routeBuilder = routeBuilder.Param(restful.HeaderParameter(param.Name, param.Description))
-				}
-			}
-		}
-
-		// Note: Request/response schemas are already defined in the OpenAPI spec from builders
-		// and will be added to the OpenAPI document via addBuilderRoutes in openapi.go.
-		// We don't duplicate that information here since restful uses the route metadata
-		// for OpenAPI generation, which is handled separately in this codebase.
-
-		// Register the route with handler
-		ws.Route(routeBuilder.To(handler))
-	}
-
-	return nil
+func (h *requestHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+	h.router.ServeHTTP(w, req)
 }

-func prefixRouteIDWithK8sVerbIfNotPresent(operationID string, method string) string {
-	for _, verb := range allowedK8sVerbs {
-		if len(operationID) > len(verb) && operationID[:len(verb)] == verb {
-			return operationID
-		}
-	}
-	return fmt.Sprintf("%s%s", httpMethodToK8sVerb[strings.ToUpper(method)], operationID)
-}
-
-var allowedK8sVerbs = []string{
-	"get", "log", "read", "replace", "patch", "delete", "deletecollection", "watch", "connect", "proxy", "list", "create", "patch",
-}
-
-var httpMethodToK8sVerb = map[string]string{
-	http.MethodGet:     "get",
-	http.MethodPost:    "create",
-	http.MethodPut:     "replace",
-	http.MethodPatch:   "patch",
-	http.MethodDelete:  "delete",
-	http.MethodConnect: "connect",
-	http.MethodOptions: "connect", // No real equivalent to options and head
-	http.MethodHead:    "connect",
-}
-
-// generateOperationNameFromPath creates an operation name from a route path.
-// The operation name is used by the OpenAPI generator and should be descriptive.
-// It uses meaningful path segments to create readable yet unique operation names.
-// Examples:
-//   - "/search" -> "Search"
-//   - "/snapshots/create" -> "SnapshotsCreate"
-//   - "ofrep/v1/evaluate/flags" -> "OfrepEvaluateFlags"
-//   - "ofrep/v1/evaluate/flags/{flagKey}" -> "OfrepEvaluateFlagsFlagKey"
-func generateOperationNameFromPath(routePath string) string {
-	// Remove leading slash and split by path segments
-	parts := strings.Split(strings.TrimPrefix(routePath, "/"), "/")
-
-	// Filter to keep meaningful segments and path parameters
-	var nameParts []string
-	skipPrefixes := map[string]bool{
-		"namespaces": true,
-		"apis":       true,
+func methodsFromSpec(slug string, props *spec3.PathProps) ([]string, error) {
+	if props == nil {
+		return []string{"GET", "POST", "PUT", "PATCH", "DELETE"}, nil
 	}

-	for _, part := range parts {
-		if part == "" {
-			continue
-		}
-
-		// Extract parameter name from {paramName} format
-		if strings.HasPrefix(part, "{") && strings.HasSuffix(part, "}") {
-			paramName := part[1 : len(part)-1]
-			// Skip generic parameters like {namespace}, but keep specific ones like {flagKey}
-			if paramName != "namespace" && paramName != "name" {
-				nameParts = append(nameParts, strings.ToUpper(paramName[:1])+paramName[1:])
-			}
-			continue
-		}
-
-		// Skip common prefixes
-		if skipPrefixes[strings.ToLower(part)] {
-			continue
-		}
-
-		// Skip version segments like v1, v0alpha1, v2beta1, etc.
-		if strings.HasPrefix(strings.ToLower(part), "v") &&
-			(len(part) <= 3 || strings.Contains(strings.ToLower(part), "alpha") || strings.Contains(strings.ToLower(part), "beta")) {
-			continue
-		}
-
-		// Capitalize first letter and add to parts
-		if len(part) > 0 {
-			nameParts = append(nameParts, strings.ToUpper(part[:1])+part[1:])
-		}
+	methods := make([]string, 0)
+	if props.Get != nil {
+		methods = append(methods, "GET")
+	}
+	if props.Post != nil {
+		methods = append(methods, "POST")
+	}
+	if props.Put != nil {
+		methods = append(methods, "PUT")
+	}
+	if props.Patch != nil {
+		methods = append(methods, "PATCH")
+	}
+	if props.Delete != nil {
+		methods = append(methods, "DELETE")
 	}

-	if len(nameParts) == 0 {
-		return "Route"
+	if len(methods) == 0 {
+		return nil, fmt.Errorf("invalid OpenAPI Spec for slug=%s without any methods in PathProps", slug)
 	}

-	return strings.Join(nameParts, "")
+	return methods, nil
+}
+
+type methodNotAllowedHandler struct{}
+
+func (h *methodNotAllowedHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+	w.WriteHeader(405) // method not allowed
 }
@@ -5,6 +5,7 @@ import (
 	"net"
 	"path/filepath"
 	"strconv"
+	"strings"

 	"github.com/grafana/grafana/pkg/services/apiserver/options"
 	"github.com/grafana/grafana/pkg/services/featuremgmt"
@@ -40,6 +41,15 @@ func applyGrafanaConfig(cfg *setting.Cfg, features featuremgmt.FeatureToggles, o
 	apiserverCfg := cfg.SectionWithEnvOverrides("grafana-apiserver")

 	runtimeConfig := apiserverCfg.Key("runtime_config").String()
+	runtimeConfigSplit := strings.Split(runtimeConfig, ",")
+
+	// TODO: temporary fix to allow disabling local features service and still being able to use its authz handler
+	if !cfg.OpenFeature.APIEnabled {
+		runtimeConfigSplit = append(runtimeConfigSplit, "features.grafana.app/v0alpha1=false")
+	}
+
+	runtimeConfig = strings.Join(runtimeConfigSplit, ",")
+
 	if runtimeConfig != "" {
 		if err := o.APIEnablementOptions.RuntimeConfig.Set(runtimeConfig); err != nil {
 			return fmt.Errorf("failed to set runtime config: %w", err)
@@ -155,7 +155,7 @@ func ProvideService(
 		features:                          features,
 		rr:                                rr,
 		builders:                          []builder.APIGroupBuilder{},
-		authorizer:                        authorizer.NewGrafanaBuiltInSTAuthorizer(),
+		authorizer:                        authorizer.NewGrafanaBuiltInSTAuthorizer(cfg),
 		tracing:                           tracing,
 		db:                                db, // For Unified storage
 		metrics:                           reg,
@@ -443,19 +443,6 @@ func (s *service) start(ctx context.Context) error {
 		return err
 	}

-	// Augment existing WebServices with custom routes from builders
-	// This directly adds routes to existing WebServices using the OpenAPI specs from builders
-	if server.Handler != nil && server.Handler.GoRestfulContainer != nil {
-		if err := builder.AugmentWebServicesWithCustomRoutes(
-			server.Handler.GoRestfulContainer,
-			builders,
-			s.metrics,
-			serverConfig.MergedResourceConfig,
-		); err != nil {
-			return fmt.Errorf("failed to augment web services with custom routes: %w", err)
-		}
-	}
-
 	// stash the options for later use
 	s.options = o

@@ -1,8 +1,6 @@
 package authnimpl

 import (
-	"context"
-
 	"github.com/grafana/grafana/pkg/infra/log"
 	"github.com/grafana/grafana/pkg/infra/remotecache"
 	"github.com/grafana/grafana/pkg/infra/tracing"
@@ -83,8 +81,7 @@ func ProvideRegistration(
 		}
 	}

-	//nolint:staticcheck // not yet migrated to OpenFeature
-	if cfg.PasswordlessMagicLinkAuth.Enabled && features.IsEnabled(context.Background(), featuremgmt.FlagPasswordlessMagicLinkAuthentication) {
+	if cfg.PasswordlessMagicLinkAuth.Enabled {
 		hasEnabledProviders := authnSvc.IsClientEnabled(authn.ClientSAML) || authnSvc.IsClientEnabled(authn.ClientLDAP)
 		if !hasEnabledProviders {
 			oauthInfos := socialService.GetOAuthInfoProviders()
@@ -32,8 +32,6 @@ func NewOpenFGAServer(cfg setting.ZanzanaServerSettings, store storage.OpenFGADa
 	opts := []server.OpenFGAServiceV1Option{
 		server.WithDatastore(store),
 		server.WithLogger(zlogger.New(logger)),
-
-		// Cache settings
 		server.WithCheckCacheLimit(cfg.CacheSettings.CheckCacheLimit),
 		server.WithCacheControllerEnabled(cfg.CacheSettings.CacheControllerEnabled),
 		server.WithCacheControllerTTL(cfg.CacheSettings.CacheControllerTTL),
@@ -42,25 +40,16 @@ func NewOpenFGAServer(cfg setting.ZanzanaServerSettings, store storage.OpenFGADa
 		server.WithCheckIteratorCacheEnabled(cfg.CacheSettings.CheckIteratorCacheEnabled),
 		server.WithCheckIteratorCacheMaxResults(cfg.CacheSettings.CheckIteratorCacheMaxResults),
 		server.WithCheckIteratorCacheTTL(cfg.CacheSettings.CheckIteratorCacheTTL),
-
-		// ListObjects settings
 		server.WithListObjectsMaxResults(cfg.ListObjectsMaxResults),
 		server.WithListObjectsIteratorCacheEnabled(cfg.CacheSettings.ListObjectsIteratorCacheEnabled),
 		server.WithListObjectsIteratorCacheMaxResults(cfg.CacheSettings.ListObjectsIteratorCacheMaxResults),
 		server.WithListObjectsIteratorCacheTTL(cfg.CacheSettings.ListObjectsIteratorCacheTTL),
-		server.WithListObjectsDeadline(cfg.ListObjectsDeadline),
-
-		// Shared iterator settings
 		server.WithSharedIteratorEnabled(cfg.CacheSettings.SharedIteratorEnabled),
 		server.WithSharedIteratorLimit(cfg.CacheSettings.SharedIteratorLimit),
 		server.WithSharedIteratorTTL(cfg.CacheSettings.SharedIteratorTTL),
-
-		server.WithContextPropagationToDatastore(true),
+		server.WithListObjectsDeadline(cfg.ListObjectsDeadline),
 	}

-	openfgaOpts := withOpenFGAOptions(cfg)
-	opts = append(opts, openfgaOpts...)
-
 	srv, err := server.NewServerWithOpts(opts...)
 	if err != nil {
 		return nil, err
@@ -69,129 +58,6 @@ func NewOpenFGAServer(cfg setting.ZanzanaServerSettings, store storage.OpenFGADa
 	return srv, nil
 }

-func withOpenFGAOptions(cfg setting.ZanzanaServerSettings) []server.OpenFGAServiceV1Option {
-	opts := make([]server.OpenFGAServiceV1Option, 0)
-
-	listOpts := withListOptions(cfg)
-	opts = append(opts, listOpts...)
-
-	// Check settings
-	if cfg.OpenFgaServerSettings.MaxConcurrentReadsForCheck != 0 {
-		opts = append(opts, server.WithMaxConcurrentReadsForCheck(cfg.OpenFgaServerSettings.MaxConcurrentReadsForCheck))
-	}
-	if cfg.OpenFgaServerSettings.CheckDatabaseThrottleThreshold != 0 || cfg.OpenFgaServerSettings.CheckDatabaseThrottleDuration != 0 {
-		opts = append(opts, server.WithCheckDatabaseThrottle(cfg.OpenFgaServerSettings.CheckDatabaseThrottleThreshold, cfg.OpenFgaServerSettings.CheckDatabaseThrottleDuration))
-	}
-
-	// Batch check settings
-	if cfg.OpenFgaServerSettings.MaxConcurrentChecksPerBatchCheck != 0 {
-		opts = append(opts, server.WithMaxConcurrentChecksPerBatchCheck(cfg.OpenFgaServerSettings.MaxConcurrentChecksPerBatchCheck))
-	}
-	if cfg.OpenFgaServerSettings.MaxChecksPerBatchCheck != 0 {
-		opts = append(opts, server.WithMaxChecksPerBatchCheck(cfg.OpenFgaServerSettings.MaxChecksPerBatchCheck))
-	}
-
-	// Resolve node settings
-	if cfg.OpenFgaServerSettings.ResolveNodeLimit != 0 {
-		opts = append(opts, server.WithResolveNodeLimit(cfg.OpenFgaServerSettings.ResolveNodeLimit))
-	}
-	if cfg.OpenFgaServerSettings.ResolveNodeBreadthLimit != 0 {
-		opts = append(opts, server.WithResolveNodeBreadthLimit(cfg.OpenFgaServerSettings.ResolveNodeBreadthLimit))
-	}
-
-	// Dispatch throttling settings
-	if cfg.OpenFgaServerSettings.DispatchThrottlingCheckResolverEnabled {
-		opts = append(opts, server.WithDispatchThrottlingCheckResolverEnabled(cfg.OpenFgaServerSettings.DispatchThrottlingCheckResolverEnabled))
-	}
-	if cfg.OpenFgaServerSettings.DispatchThrottlingCheckResolverFrequency != 0 {
-		opts = append(opts, server.WithDispatchThrottlingCheckResolverFrequency(cfg.OpenFgaServerSettings.DispatchThrottlingCheckResolverFrequency))
-	}
-	if cfg.OpenFgaServerSettings.DispatchThrottlingCheckResolverThreshold != 0 {
-		opts = append(opts, server.WithDispatchThrottlingCheckResolverThreshold(cfg.OpenFgaServerSettings.DispatchThrottlingCheckResolverThreshold))
-	}
-	if cfg.OpenFgaServerSettings.DispatchThrottlingCheckResolverMaxThreshold != 0 {
-		opts = append(opts, server.WithDispatchThrottlingCheckResolverMaxThreshold(cfg.OpenFgaServerSettings.DispatchThrottlingCheckResolverMaxThreshold))
-	}
-
-	// Shadow check/query settings
-	if cfg.OpenFgaServerSettings.ShadowCheckResolverTimeout != 0 {
-		opts = append(opts, server.WithShadowCheckResolverTimeout(cfg.OpenFgaServerSettings.ShadowCheckResolverTimeout))
-	}
-	if cfg.OpenFgaServerSettings.ShadowListObjectsQueryTimeout != 0 {
-		opts = append(opts, server.WithShadowListObjectsQueryTimeout(cfg.OpenFgaServerSettings.ShadowListObjectsQueryTimeout))
-	}
-	if cfg.OpenFgaServerSettings.ShadowListObjectsQueryMaxDeltaItems != 0 {
-		opts = append(opts, server.WithShadowListObjectsQueryMaxDeltaItems(cfg.OpenFgaServerSettings.ShadowListObjectsQueryMaxDeltaItems))
-	}
-
-	if cfg.OpenFgaServerSettings.RequestTimeout != 0 {
-		opts = append(opts, server.WithRequestTimeout(cfg.OpenFgaServerSettings.RequestTimeout))
-	}
-	if cfg.OpenFgaServerSettings.MaxAuthorizationModelSizeInBytes != 0 {
-		opts = append(opts, server.WithMaxAuthorizationModelSizeInBytes(cfg.OpenFgaServerSettings.MaxAuthorizationModelSizeInBytes))
-	}
-	if cfg.OpenFgaServerSettings.AuthorizationModelCacheSize != 0 {
-		opts = append(opts, server.WithAuthorizationModelCacheSize(cfg.OpenFgaServerSettings.AuthorizationModelCacheSize))
-	}
-	if cfg.OpenFgaServerSettings.ChangelogHorizonOffset != 0 {
-		opts = append(opts, server.WithChangelogHorizonOffset(cfg.OpenFgaServerSettings.ChangelogHorizonOffset))
-	}
-
-	return opts
-}
-
-func withListOptions(cfg setting.ZanzanaServerSettings) []server.OpenFGAServiceV1Option {
-	opts := make([]server.OpenFGAServiceV1Option, 0)
-
-	// ListObjects settings
-	if cfg.OpenFgaServerSettings.MaxConcurrentReadsForListObjects != 0 {
-		opts = append(opts, server.WithMaxConcurrentReadsForListObjects(cfg.OpenFgaServerSettings.MaxConcurrentReadsForListObjects))
-	}
-	if cfg.OpenFgaServerSettings.ListObjectsDispatchThrottlingEnabled {
-		opts = append(opts, server.WithListObjectsDispatchThrottlingEnabled(cfg.OpenFgaServerSettings.ListObjectsDispatchThrottlingEnabled))
-	}
-	if cfg.OpenFgaServerSettings.ListObjectsDispatchThrottlingFrequency != 0 {
-		opts = append(opts, server.WithListObjectsDispatchThrottlingFrequency(cfg.OpenFgaServerSettings.ListObjectsDispatchThrottlingFrequency))
-	}
-	if cfg.OpenFgaServerSettings.ListObjectsDispatchThrottlingThreshold != 0 {
-		opts = append(opts, server.WithListObjectsDispatchThrottlingThreshold(cfg.OpenFgaServerSettings.ListObjectsDispatchThrottlingThreshold))
-	}
-	if cfg.OpenFgaServerSettings.ListObjectsDispatchThrottlingMaxThreshold != 0 {
-		opts = append(opts, server.WithListObjectsDispatchThrottlingMaxThreshold(cfg.OpenFgaServerSettings.ListObjectsDispatchThrottlingMaxThreshold))
-	}
-	if cfg.OpenFgaServerSettings.ListObjectsDatabaseThrottleThreshold != 0 || cfg.OpenFgaServerSettings.ListObjectsDatabaseThrottleDuration != 0 {
-		opts = append(opts, server.WithListObjectsDatabaseThrottle(cfg.OpenFgaServerSettings.ListObjectsDatabaseThrottleThreshold, cfg.OpenFgaServerSettings.ListObjectsDatabaseThrottleDuration))
-	}
-
-	// ListUsers settings
-	if cfg.OpenFgaServerSettings.ListUsersDeadline != 0 {
-		opts = append(opts, server.WithListUsersDeadline(cfg.OpenFgaServerSettings.ListUsersDeadline))
-	}
-	if cfg.OpenFgaServerSettings.ListUsersMaxResults != 0 {
-		opts = append(opts, server.WithListUsersMaxResults(cfg.OpenFgaServerSettings.ListUsersMaxResults))
-	}
-	if cfg.OpenFgaServerSettings.MaxConcurrentReadsForListUsers != 0 {
-		opts = append(opts, server.WithMaxConcurrentReadsForListUsers(cfg.OpenFgaServerSettings.MaxConcurrentReadsForListUsers))
-	}
-	if cfg.OpenFgaServerSettings.ListUsersDispatchThrottlingEnabled {
-		opts = append(opts, server.WithListUsersDispatchThrottlingEnabled(cfg.OpenFgaServerSettings.ListUsersDispatchThrottlingEnabled))
-	}
-	if cfg.OpenFgaServerSettings.ListUsersDispatchThrottlingFrequency != 0 {
-		opts = append(opts, server.WithListUsersDispatchThrottlingFrequency(cfg.OpenFgaServerSettings.ListUsersDispatchThrottlingFrequency))
-	}
-	if cfg.OpenFgaServerSettings.ListUsersDispatchThrottlingThreshold != 0 {
-		opts = append(opts, server.WithListUsersDispatchThrottlingThreshold(cfg.OpenFgaServerSettings.ListUsersDispatchThrottlingThreshold))
-	}
-	if cfg.OpenFgaServerSettings.ListUsersDispatchThrottlingMaxThreshold != 0 {
-		opts = append(opts, server.WithListUsersDispatchThrottlingMaxThreshold(cfg.OpenFgaServerSettings.ListUsersDispatchThrottlingMaxThreshold))
-	}
-	if cfg.OpenFgaServerSettings.ListUsersDatabaseThrottleThreshold != 0 || cfg.OpenFgaServerSettings.ListUsersDatabaseThrottleDuration != 0 {
-		opts = append(opts, server.WithListUsersDatabaseThrottle(cfg.OpenFgaServerSettings.ListUsersDatabaseThrottleThreshold, cfg.OpenFgaServerSettings.ListUsersDatabaseThrottleDuration))
-	}
-
-	return opts
-}
-
 func NewOpenFGAHttpServer(cfg setting.ZanzanaServerSettings, srv grpcserver.Provider) (*http.Server, error) {
 	dialOpts := []grpc.DialOption{
 		grpc.WithTransportCredentials(insecure.NewCredentials()),
@@ -51,7 +51,6 @@ type Service struct {
 	pluginStore               pluginstore.Store
 	pluginClient              plugins.Client
 	basePluginContextProvider plugincontext.BasePluginContextProvider
-	retriever                 DataSourceRetriever

 	ptc proxyTransportCache
 }
@@ -71,7 +70,6 @@ func ProvideService(
 	features featuremgmt.FeatureToggles, ac accesscontrol.AccessControl, datasourcePermissionsService accesscontrol.DatasourcePermissionsService,
 	quotaService quota.Service, pluginStore pluginstore.Store, pluginClient plugins.Client,
 	basePluginContextProvider plugincontext.BasePluginContextProvider,
-	retriever DataSourceRetriever,
 ) (*Service, error) {
 	dslogger := log.New("datasources")
 	store := &SqlStore{db: db, logger: dslogger, features: features}
@@ -91,7 +89,6 @@ func ProvideService(
 		pluginStore:               pluginStore,
 		pluginClient:              pluginClient,
 		basePluginContextProvider: basePluginContextProvider,
-		retriever:                 retriever,
 	}

 	ac.RegisterScopeAttributeResolver(NewNameScopeResolver(store))
@@ -178,11 +175,11 @@ func NewIDScopeResolver(db DataSourceRetriever) (string, accesscontrol.ScopeAttr
 }

 func (s *Service) GetDataSource(ctx context.Context, query *datasources.GetDataSourceQuery) (*datasources.DataSource, error) {
-	return s.retriever.GetDataSource(ctx, query)
+	return s.SQLStore.GetDataSource(ctx, query)
 }

 func (s *Service) GetDataSourceInNamespace(ctx context.Context, namespace, name, group string) (*datasources.DataSource, error) {
-	return s.retriever.GetDataSourceInNamespace(ctx, namespace, name, group)
+	return s.SQLStore.GetDataSourceInNamespace(ctx, namespace, name, group)
 }

 func (s *Service) GetDataSources(ctx context.Context, query *datasources.GetDataSourcesQuery) ([]*datasources.DataSource, error) {
@@ -832,9 +832,8 @@ func TestIntegrationService_DeleteDataSource(t *testing.T) {
 		quotaService := quotatest.New(false, nil)
 		permissionSvc := acmock.NewMockedPermissionsService()
 		permissionSvc.On("DeleteResourcePermissions", mock.Anything, mock.Anything, mock.Anything).Return(nil).Maybe()
-		features := featuremgmt.WithFeatures()
-		dsRetriever := ProvideDataSourceRetriever(sqlStore, features)
-		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, &setting.Cfg{}, features, acmock.New(), permissionSvc, quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil, dsRetriever)
+
+		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, &setting.Cfg{}, featuremgmt.WithFeatures(), acmock.New(), permissionSvc, quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil)
 		require.NoError(t, err)

 		cmd := &datasources.DeleteDataSourceCommand{
@@ -858,9 +857,7 @@ func TestIntegrationService_DeleteDataSource(t *testing.T) {
 		permissionSvc.On("DeleteResourcePermissions", mock.Anything, mock.Anything, mock.Anything).Return(nil).Once()
 		cfg := &setting.Cfg{}
 		enableRBACManagedPermissions(t, cfg)
-		features := featuremgmt.WithFeatures()
-		dsRetriever := ProvideDataSourceRetriever(sqlStore, features)
-		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, features, acmock.New(), permissionSvc, quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil, dsRetriever)
+		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), permissionSvc, quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil)
 		require.NoError(t, err)

 		// First add the datasource
@@ -1127,9 +1124,7 @@ func TestIntegrationService_GetHttpTransport(t *testing.T) {
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
 		quotaService := quotatest.New(false, nil)
-		features := featuremgmt.WithFeatures()
-		dsRetriever := ProvideDataSourceRetriever(sqlStore, features)
-		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, features, acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil, dsRetriever)
+		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil)
 		require.NoError(t, err)

 		rt1, err := dsService.GetHTTPTransport(context.Background(), &ds, provider)
@@ -1166,9 +1161,7 @@ func TestIntegrationService_GetHttpTransport(t *testing.T) {
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
 		quotaService := quotatest.New(false, nil)
-		features := featuremgmt.WithFeatures()
-		dsRetriever := ProvideDataSourceRetriever(sqlStore, features)
-		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, features, acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil, dsRetriever)
+		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil)
 		require.NoError(t, err)

 		ds := datasources.DataSource{
@@ -1219,9 +1212,7 @@ func TestIntegrationService_GetHttpTransport(t *testing.T) {
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
 		quotaService := quotatest.New(false, nil)
-		features := featuremgmt.WithFeatures()
-		dsRetriever := ProvideDataSourceRetriever(sqlStore, features)
-		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, features, acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil, dsRetriever)
+		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil)
 		require.NoError(t, err)

 		ds := datasources.DataSource{
@@ -1269,9 +1260,7 @@ func TestIntegrationService_GetHttpTransport(t *testing.T) {
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
 		quotaService := quotatest.New(false, nil)
-		features := featuremgmt.WithFeatures()
-		dsRetriever := ProvideDataSourceRetriever(sqlStore, features)
-		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, features, acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil, dsRetriever)
+		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil)
 		require.NoError(t, err)

 		ds := datasources.DataSource{
@@ -1327,9 +1316,7 @@ func TestIntegrationService_GetHttpTransport(t *testing.T) {
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
 		quotaService := quotatest.New(false, nil)
-		features := featuremgmt.WithFeatures()
-		dsRetriever := ProvideDataSourceRetriever(sqlStore, features)
-		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, features, acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil, dsRetriever)
+		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil)
 		require.NoError(t, err)

 		ds := datasources.DataSource{
@@ -1364,9 +1351,7 @@ func TestIntegrationService_GetHttpTransport(t *testing.T) {
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
 		quotaService := quotatest.New(false, nil)
-		features := featuremgmt.WithFeatures()
-		dsRetriever := ProvideDataSourceRetriever(sqlStore, features)
-		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, features, acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil, dsRetriever)
+		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil)
 		require.NoError(t, err)

 		ds := datasources.DataSource{
@@ -1435,9 +1420,7 @@ func TestIntegrationService_GetHttpTransport(t *testing.T) {
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
 		quotaService := quotatest.New(false, nil)
-		features := featuremgmt.WithFeatures()
-		dsRetriever := ProvideDataSourceRetriever(sqlStore, features)
-		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, features, acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil, dsRetriever)
+		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil)
 		require.NoError(t, err)

 		ds := datasources.DataSource{
@@ -1516,9 +1499,7 @@ func TestIntegrationService_GetHttpTransport(t *testing.T) {
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
 		quotaService := quotatest.New(false, nil)
-		features := featuremgmt.WithFeatures()
-		dsRetriever := ProvideDataSourceRetriever(sqlStore, features)
-		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, features, acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil, dsRetriever)
+		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil)
 		require.NoError(t, err)

 		ds := datasources.DataSource{
@@ -1541,9 +1522,7 @@ func TestIntegrationService_getProxySettings(t *testing.T) {
 	secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 	secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
 	quotaService := quotatest.New(false, nil)
-	features := featuremgmt.WithFeatures()
-	dsRetriever := ProvideDataSourceRetriever(sqlStore, features)
-	dsService, err := ProvideService(sqlStore, secretsService, secretsStore, &setting.Cfg{}, features, acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil, dsRetriever)
+	dsService, err := ProvideService(sqlStore, secretsService, secretsStore, &setting.Cfg{}, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil)
 	require.NoError(t, err)

 	t.Run("Should default to disabled", func(t *testing.T) {
@@ -1641,9 +1620,7 @@ func TestIntegrationService_getTimeout(t *testing.T) {
 	secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 	secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
 	quotaService := quotatest.New(false, nil)
-	features := featuremgmt.WithFeatures()
-	dsRetriever := ProvideDataSourceRetriever(sqlStore, features)
-	dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, features, acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil, dsRetriever)
+	dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil)
 	require.NoError(t, err)

 	for _, tc := range testCases {
@@ -1668,9 +1645,7 @@ func TestIntegrationService_GetDecryptedValues(t *testing.T) {
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
 		quotaService := quotatest.New(false, nil)
-		features := featuremgmt.WithFeatures()
-		dsRetriever := ProvideDataSourceRetriever(sqlStore, features)
-		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, nil, features, acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil, dsRetriever)
+		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, nil, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil)
 		require.NoError(t, err)

 		jsonData := map[string]string{
@@ -1698,9 +1673,7 @@ func TestIntegrationService_GetDecryptedValues(t *testing.T) {
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
 		quotaService := quotatest.New(false, nil)
-		features := featuremgmt.WithFeatures()
-		dsRetriever := ProvideDataSourceRetriever(sqlStore, features)
-		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, nil, features, acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil, dsRetriever)
+		dsService, err := ProvideService(sqlStore, secretsService, secretsStore, nil, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil)
 		require.NoError(t, err)

 		jsonData := map[string]string{
@@ -1726,9 +1699,7 @@ func TestIntegrationDataSource_CustomHeaders(t *testing.T) {
 	secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 	secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
 	quotaService := quotatest.New(false, nil)
-	features := featuremgmt.WithFeatures()
-	dsRetriever := ProvideDataSourceRetriever(sqlStore, features)
-	dsService, err := ProvideService(sqlStore, secretsService, secretsStore, nil, features, acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil, dsRetriever)
+	dsService, err := ProvideService(sqlStore, secretsService, secretsStore, nil, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService(), quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, nil)
 	require.NoError(t, err)

 	dsService.cfg = setting.NewCfg()
@@ -1817,9 +1788,7 @@ func initDSService(t *testing.T) *Service {
 	quotaService := quotatest.New(false, nil)
 	mockPermission := acmock.NewMockedPermissionsService()
 	mockPermission.On("SetPermissions", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return([]accesscontrol.ResourcePermission{}, nil)
-	features := featuremgmt.WithFeatures()
-	dsRetriever := ProvideDataSourceRetriever(sqlStore, features)
-	dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, features, actest.FakeAccessControl{}, mockPermission, quotaService, &pluginstore.FakePluginStore{
+	dsService, err := ProvideService(sqlStore, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), actest.FakeAccessControl{}, mockPermission, quotaService, &pluginstore.FakePluginStore{
 		PluginList: []pluginstore.Plugin{{
 			JSONData: plugins.JSONData{
 				ID:   "test",
@@ -1839,7 +1808,7 @@ func initDSService(t *testing.T) *Service {
 				ObjectBytes: req.ObjectBytes,
 			}, nil
 		},
-	}, plugincontext.ProvideBaseService(cfg, pluginconfig.NewFakePluginRequestConfigProvider()), dsRetriever)
+	}, plugincontext.ProvideBaseService(cfg, pluginconfig.NewFakePluginRequestConfigProvider()))
 	require.NoError(t, err)

 	return dsService
@@ -1,34 +0,0 @@
-package service
-
-import (
-	"context"
-
-	"github.com/grafana/grafana/pkg/infra/db"
-	"github.com/grafana/grafana/pkg/infra/log"
-	"github.com/grafana/grafana/pkg/services/datasources"
-	"github.com/grafana/grafana/pkg/services/featuremgmt"
-)
-
-// DataSourceRetrieverImpl implements DataSourceRetriever by delegating to a Store.
-type DataSourceRetrieverImpl struct {
-	store Store
-}
-
-var _ DataSourceRetriever = (*DataSourceRetrieverImpl)(nil)
-
-// ProvideDataSourceRetriever creates a DataSourceRetriever for wire injection.
-func ProvideDataSourceRetriever(db db.DB, features featuremgmt.FeatureToggles) DataSourceRetriever {
-	dslogger := log.New("datasources-retriever")
-	store := &SqlStore{db: db, logger: dslogger, features: features}
-	return &DataSourceRetrieverImpl{store: store}
-}
-
-// GetDataSource gets a datasource.
-func (r *DataSourceRetrieverImpl) GetDataSource(ctx context.Context, query *datasources.GetDataSourceQuery) (*datasources.DataSource, error) {
-	return r.store.GetDataSource(ctx, query)
-}
-
-// GetDataSourceInNamespace gets a datasource by namespace, name (datasource uid), and group (datasource type).
-func (r *DataSourceRetrieverImpl) GetDataSourceInNamespace(ctx context.Context, namespace, name, group string) (*datasources.DataSource, error) {
-	return r.store.GetDataSourceInNamespace(ctx, namespace, name, group)
-}
@@ -7,7 +7,7 @@ import (
 	"github.com/open-feature/go-sdk/openfeature"
 )

-func newFeaturesServiceProvider(url string, client *http.Client) (openfeature.FeatureProvider, error) {
+func newGOFFProvider(url string, client *http.Client) (openfeature.FeatureProvider, error) {
 	options := gofeatureflag.ProviderOptions{
 		Endpoint: url,
 		// consider using github.com/grafana/grafana/pkg/infra/httpclient/provider.go
@@ -19,11 +19,11 @@ const (

 // OpenFeatureConfig holds configuration for initializing OpenFeature
 type OpenFeatureConfig struct {
-	// ProviderType is either "static", "features-service", or "ofrep"
+	// ProviderType is either "static", "goff", or "ofrep"
 	ProviderType string
-	// URL is the remote provider's URL (required for features-service + OFREP providers)
+	// URL is the GOFF or OFREP service URL (required for GOFF + OFREP providers)
 	URL *url.URL
-	// HTTPClient is a pre-configured HTTP client (optional, used by features-service + OFREP providers)
+	// HTTPClient is a pre-configured HTTP client (optional, used for GOFF + OFREP providers)
 	HTTPClient *http.Client
 	// StaticFlags are the feature flags to use with static provider
 	StaticFlags map[string]bool
@@ -35,9 +35,9 @@ type OpenFeatureConfig struct {

 // InitOpenFeature initializes OpenFeature with the provided configuration
 func InitOpenFeature(config OpenFeatureConfig) error {
-	// For remote providers, ensure we have a URL
-	if (config.ProviderType == setting.FeaturesServiceProviderType || config.ProviderType == setting.OFREPProviderType) && (config.URL == nil || config.URL.String() == "") {
-		return fmt.Errorf("URL is required for remote providers")
+	// For GOFF + OFREP providers, ensure we have a URL
+	if (config.ProviderType == setting.GOFFProviderType || config.ProviderType == setting.OFREPProviderType) && (config.URL == nil || config.URL.String() == "") {
+		return fmt.Errorf("URL is required for GOFF + OFREP providers")
 	}

 	p, err := createProvider(config.ProviderType, config.URL, config.StaticFlags, config.HTTPClient)
@@ -66,10 +66,10 @@ func InitOpenFeatureWithCfg(cfg *setting.Cfg) error {
 	}

 	var httpcli *http.Client
-	if cfg.OpenFeature.ProviderType == setting.FeaturesServiceProviderType || cfg.OpenFeature.ProviderType == setting.OFREPProviderType {
+	if cfg.OpenFeature.ProviderType == setting.GOFFProviderType || cfg.OpenFeature.ProviderType == setting.OFREPProviderType {
 		var m *clientauthmiddleware.TokenExchangeMiddleware

-		if cfg.OpenFeature.ProviderType == setting.FeaturesServiceProviderType {
+		if cfg.OpenFeature.ProviderType == setting.GOFFProviderType {
 			m, err = clientauthmiddleware.NewTokenExchangeMiddleware(cfg)
 			if err != nil {
 				return fmt.Errorf("failed to create token exchange middleware: %w", err)
@@ -103,13 +103,13 @@ func createProvider(
 	staticFlags map[string]bool,
 	httpClient *http.Client,
 ) (openfeature.FeatureProvider, error) {
-	if providerType == setting.FeaturesServiceProviderType || providerType == setting.OFREPProviderType {
+	if providerType == setting.GOFFProviderType || providerType == setting.OFREPProviderType {
 		if u == nil || u.String() == "" {
-			return nil, fmt.Errorf("feature provider url is required for FeaturesServiceProviderType + OFREPProviderType")
+			return nil, fmt.Errorf("feature provider url is required for GOFFProviderType + OFREPProviderType")
 		}

-		if providerType == setting.FeaturesServiceProviderType {
-			return newFeaturesServiceProvider(u.String(), httpClient)
+		if providerType == setting.GOFFProviderType {
+			return newGOFFProvider(u.String(), httpClient)
 		}

 		if providerType == setting.OFREPProviderType {
@@ -35,9 +35,9 @@ func TestCreateProvider(t *testing.T) {
 			expectedProvider: setting.StaticProviderType,
 		},
 		{
-			name: "features-service provider",
+			name: "goff provider",
 			cfg: setting.OpenFeatureSettings{
-				ProviderType: setting.FeaturesServiceProviderType,
+				ProviderType: setting.GOFFProviderType,
 				URL:          u,
 				TargetingKey: "grafana",
 			},
@@ -45,12 +45,12 @@ func TestCreateProvider(t *testing.T) {
 				Namespace: "*",
 				Audiences: []string{"features.grafana.app"},
 			},
-			expectedProvider: setting.FeaturesServiceProviderType,
+			expectedProvider: setting.GOFFProviderType,
 		},
 		{
-			name: "features-service provider with failing token exchange",
+			name: "goff provider with failing token exchange",
 			cfg: setting.OpenFeatureSettings{
-				ProviderType: setting.FeaturesServiceProviderType,
+				ProviderType: setting.GOFFProviderType,
 				URL:          u,
 				TargetingKey: "grafana",
 			},
@@ -58,7 +58,7 @@ func TestCreateProvider(t *testing.T) {
 				Namespace: "*",
 				Audiences: []string{"features.grafana.app"},
 			},
-			expectedProvider: setting.FeaturesServiceProviderType,
+			expectedProvider: setting.GOFFProviderType,
 			failSigning:      true,
 		},
 		{
@@ -107,7 +107,7 @@ func TestCreateProvider(t *testing.T) {

 			tokenExchangeMiddleware := middleware.TestingTokenExchangeMiddleware(tokenExchangeClient)
 			httpClient, err := createHTTPClient(tokenExchangeMiddleware)
-			require.NoError(t, err, "failed to create features-service http client")
+			require.NoError(t, err, "failed to create goff http client")
 			provider, err := createProvider(tc.cfg.ProviderType, tc.cfg.URL, nil, httpClient)
 			require.NoError(t, err)

@@ -115,7 +115,7 @@ func TestCreateProvider(t *testing.T) {
 			require.NoError(t, err, "failed to set provider")

 			switch tc.expectedProvider {
-			case setting.FeaturesServiceProviderType:
+			case setting.GOFFProviderType:
 				_, ok := provider.(*gofeatureflag.Provider)
 				assert.True(t, ok, "expected provider to be of type goff.Provider")

@@ -141,10 +141,10 @@ func testGoFFProvider(t *testing.T, failSigning bool) {
 	_, err := openfeature.NewDefaultClient().BooleanValueDetails(ctx, "test", false, openfeature.NewEvaluationContext("test", map[string]interface{}{"test": "test"}))

 	// Error related to the token exchange should be returned if signing fails
-	// otherwise, it should return a connection refused error since the features-service URL is not set
+	// otherwise, it should return a connection refused error since the goff URL is not set
 	if failSigning {
 		assert.ErrorContains(t, err, "failed to exchange token: error signing token", "should return an error when signing fails")
 	} else {
-		assert.ErrorContains(t, err, "connect: connection refused", "should return an error when features-service url is not set")
+		assert.ErrorContains(t, err, "connect: connection refused", "should return an error when goff url is not set")
 	}
 }
@@ -650,6 +650,13 @@ var (
 			Stage:        FeatureStageExperimental,
 			Owner:        grafanaDatavizSquad,
 		},
+		{
+			Name:         "kubernetesFeatureToggles",
+			Description:  "Use the kubernetes API for feature toggle management in the frontend",
+			Stage:        FeatureStageExperimental,
+			FrontendOnly: true,
+			Owner:        grafanaOperatorExperienceSquad,
+		},
 		{
 			Name:            "cloudRBACRoles",
 			Description:     "Enabled grafana cloud specific RBAC roles",
@@ -1148,14 +1155,7 @@ var (
 			Owner:           grafanaAppPlatformSquad,
 			RequiresRestart: true,
 		},
-		{
-			Name:         "passwordlessMagicLinkAuthentication",
-			Description:  "Enable passwordless login via magic link authentication",
-			Stage:        FeatureStageExperimental,
-			Owner:        identityAccessTeam,
-			HideFromDocs: true,
-		},
-		{
+			{
 			Name:         "exploreMetricsRelatedLogs",
 			Description:  "Display Related Logs in Grafana Metrics Drilldown",
 			Stage:        FeatureStageExperimental,
@@ -2083,13 +2083,6 @@ var (
 			FrontendOnly: false,
 			Owner:        grafanaOperatorExperienceSquad,
 		},
-		{
-			Name:         "profilesExemplars",
-			Description:  "Enables profiles exemplars support in profiles drilldown",
-			Stage:        FeatureStageExperimental,
-			Owner:        grafanaObservabilityTracesAndProfilingSquad,
-			FrontendOnly: false,
-		},
 	}
 )

@@ -90,6 +90,7 @@ pdfTables,preview,@grafana/grafana-operator-experience-squad,false,false,false
 canvasPanelPanZoom,preview,@grafana/dataviz-squad,false,false,true
 timeComparison,experimental,@grafana/dataviz-squad,false,false,true
 tableSharedCrosshair,experimental,@grafana/dataviz-squad,false,false,true
+kubernetesFeatureToggles,experimental,@grafana/grafana-operator-experience-squad,false,false,true
 cloudRBACRoles,preview,@grafana/identity-access-team,false,true,false
 alertingQueryOptimization,GA,@grafana/alerting-squad,false,false,false
 jitterAlertRulesWithinGroups,preview,@grafana/alerting-squad,false,true,false
@@ -159,7 +160,6 @@ timeRangePan,experimental,@grafana/dataviz-squad,false,false,true
 newTimeRangeZoomShortcuts,experimental,@grafana/dataviz-squad,false,false,true
 azureMonitorDisableLogLimit,GA,@grafana/partner-datasources,false,false,false
 playlistsReconciler,experimental,@grafana/grafana-app-platform-squad,false,true,false
-passwordlessMagicLinkAuthentication,experimental,@grafana/identity-access-team,false,false,false
 exploreMetricsRelatedLogs,experimental,@grafana/observability-metrics,false,false,true
 prometheusSpecialCharsInLabelValues,experimental,@grafana/oss-big-tent,false,false,true
 enableExtensionsAdminPage,experimental,@grafana/plugins-platform-backend,false,true,false
@@ -282,4 +282,3 @@ useMTPlugins,experimental,@grafana/plugins-platform-backend,false,false,true
 multiPropsVariables,experimental,@grafana/dashboards-squad,false,false,true
 smoothingTransformation,experimental,@grafana/datapro,false,false,true
 secretsManagementAppPlatformAwsKeeper,experimental,@grafana/grafana-operator-experience-squad,false,false,false
-profilesExemplars,experimental,@grafana/observability-traces-and-profiling,false,false,false
@@ -483,10 +483,6 @@ const (
 	// Enables experimental reconciler for playlists
 	FlagPlaylistsReconciler = "playlistsReconciler"

-	// FlagPasswordlessMagicLinkAuthentication
-	// Enable passwordless login via magic link authentication
-	FlagPasswordlessMagicLinkAuthentication = "passwordlessMagicLinkAuthentication"
-
 	// FlagEnableExtensionsAdminPage
 	// Enables the extension admin page regardless of development mode
 	FlagEnableExtensionsAdminPage = "enableExtensionsAdminPage"
@@ -785,8 +781,4 @@ const (
 	// FlagSecretsManagementAppPlatformAwsKeeper
 	// Enables the creation of keepers that manage secrets stored on AWS secrets manager
 	FlagSecretsManagementAppPlatformAwsKeeper = "secretsManagementAppPlatformAwsKeeper"
-
-	// FlagProfilesExemplars
-	// Enables profiles exemplars support in profiles drilldown
-	FlagProfilesExemplars = "profilesExemplars"
 )
@@ -2044,8 +2044,7 @@
      "metadata": {
        "name": "kubernetesFeatureToggles",
        "resourceVersion": "1764664939750",
-        "creationTimestamp": "2024-01-18T05:32:44Z",
-        "deletionTimestamp": "2026-01-07T12:02:51Z"
+        "creationTimestamp": "2024-01-18T05:32:44Z"
      },
      "spec": {
        "description": "Use the kubernetes API for feature toggle management in the frontend",
@@ -2662,7 +2661,8 @@
      "metadata": {
        "name": "passwordlessMagicLinkAuthentication",
        "resourceVersion": "1764664939750",
-        "creationTimestamp": "2024-11-14T13:50:55Z"
+        "creationTimestamp": "2024-11-14T13:50:55Z",
+        "deletionTimestamp": "2026-01-08T15:33:29Z"
      },
      "spec": {
        "description": "Enable passwordless login via magic link authentication",
@@ -2867,18 +2867,6 @@
        "expression": "true"
      }
    },
-    {
-      "metadata": {
-        "name": "profilesExemplars",
-        "resourceVersion": "1767777507980",
-        "creationTimestamp": "2026-01-07T09:18:27Z"
-      },
-      "spec": {
-        "description": "Enables profiles exemplars support in profiles drilldown",
-        "stage": "experimental",
-        "codeowner": "@grafana/observability-traces-and-profiling"
-      }
-    },
    {
      "metadata": {
        "name": "prometheusAzureOverrideAudience",
@@ -6,6 +6,7 @@ import (
 	"github.com/grafana/grafana/pkg/infra/tracing"
 	"github.com/grafana/grafana/pkg/plugins"
 	"github.com/grafana/grafana/pkg/plugins/auth"
+	"github.com/grafana/grafana/pkg/plugins/backendplugin/coreplugin"
 	"github.com/grafana/grafana/pkg/plugins/config"
 	"github.com/grafana/grafana/pkg/plugins/envvars"
 	"github.com/grafana/grafana/pkg/plugins/manager/loader/angular/angularinspector"
@@ -18,7 +19,6 @@ import (
 	"github.com/grafana/grafana/pkg/plugins/manager/registry"
 	"github.com/grafana/grafana/pkg/plugins/manager/signature"
 	"github.com/grafana/grafana/pkg/plugins/pluginassets"
-	"github.com/grafana/grafana/pkg/services/pluginsintegration/coreplugin"
 	"github.com/grafana/grafana/pkg/services/pluginsintegration/pluginaccesscontrol"
 	"github.com/grafana/grafana/pkg/services/pluginsintegration/provisionedplugins"
 )
@@ -10,6 +10,8 @@ import (
 	"github.com/grafana/grafana/pkg/infra/tracing"
 	"github.com/grafana/grafana/pkg/plugins"
 	"github.com/grafana/grafana/pkg/plugins/auth"
+	"github.com/grafana/grafana/pkg/plugins/backendplugin/coreplugin"
+	"github.com/grafana/grafana/pkg/plugins/backendplugin/provider"
 	"github.com/grafana/grafana/pkg/plugins/envvars"
 	"github.com/grafana/grafana/pkg/plugins/log"
 	"github.com/grafana/grafana/pkg/plugins/manager/client"
@@ -37,7 +39,6 @@ import (
 	"github.com/grafana/grafana/pkg/services/pluginsintegration/angularinspector"
 	"github.com/grafana/grafana/pkg/services/pluginsintegration/angularpatternsstore"
 	"github.com/grafana/grafana/pkg/services/pluginsintegration/clientmiddleware"
-	"github.com/grafana/grafana/pkg/services/pluginsintegration/coreplugin"
 	"github.com/grafana/grafana/pkg/services/pluginsintegration/installsync"
 	"github.com/grafana/grafana/pkg/services/pluginsintegration/keyretriever"
 	"github.com/grafana/grafana/pkg/services/pluginsintegration/keyretriever/dynamic"
@@ -145,7 +146,8 @@ var WireSet = wire.NewSet(
 // WireExtensionSet provides a wire.ProviderSet of plugin providers that can be
 // extended.
 var WireExtensionSet = wire.NewSet(
-	coreplugin.ProvideCoreProvider,
+	provider.ProvideService,
+	wire.Bind(new(plugins.BackendFactoryProvider), new(*provider.Service)),
 	signature.ProvideOSSAuthorizer,
 	wire.Bind(new(plugins.PluginLoaderAuthorizer), new(*signature.UnsignedPluginAuthorizer)),
 	ProvideClientWithMiddlewares,
@@ -19,10 +19,10 @@ import (
 	"github.com/grafana/grafana/pkg/infra/fs"
 	"github.com/grafana/grafana/pkg/infra/tracing"
 	"github.com/grafana/grafana/pkg/plugins"
+	"github.com/grafana/grafana/pkg/plugins/backendplugin/coreplugin"
 	"github.com/grafana/grafana/pkg/services/featuremgmt"
 	"github.com/grafana/grafana/pkg/services/org"
 	"github.com/grafana/grafana/pkg/services/pluginsintegration"
-	"github.com/grafana/grafana/pkg/services/pluginsintegration/coreplugin"
 	"github.com/grafana/grafana/pkg/services/pluginsintegration/pluginstore"
 	"github.com/grafana/grafana/pkg/services/searchV2"
 	"github.com/grafana/grafana/pkg/services/sqlstore"
@@ -8,6 +8,8 @@ import (
 	"github.com/grafana/grafana/pkg/infra/tracing"
 	"github.com/grafana/grafana/pkg/plugins"
 	"github.com/grafana/grafana/pkg/plugins/backendplugin"
+	"github.com/grafana/grafana/pkg/plugins/backendplugin/coreplugin"
+	"github.com/grafana/grafana/pkg/plugins/backendplugin/provider"
 	pluginsCfg "github.com/grafana/grafana/pkg/plugins/config"
 	"github.com/grafana/grafana/pkg/plugins/manager/client"
 	"github.com/grafana/grafana/pkg/plugins/manager/loader"
@@ -25,7 +27,6 @@ import (
 	"github.com/grafana/grafana/pkg/plugins/pluginassets"
 	"github.com/grafana/grafana/pkg/plugins/pluginerrs"
 	"github.com/grafana/grafana/pkg/services/featuremgmt"
-	"github.com/grafana/grafana/pkg/services/pluginsintegration/coreplugin"
 	"github.com/grafana/grafana/pkg/services/pluginsintegration/pipeline"
 	"github.com/grafana/grafana/pkg/services/pluginsintegration/pluginconfig"
 	"github.com/grafana/grafana/pkg/services/pluginsintegration/pluginsources"
@@ -51,7 +52,7 @@ func CreateIntegrationTestCtx(t *testing.T, cfg *setting.Cfg, coreRegistry *core
 	disc := pipeline.ProvideDiscoveryStage(pCfg, reg)
 	boot := pipeline.ProvideBootstrapStage(pCfg, signature.ProvideService(pCfg, statickey.New()), pluginassets.NewLocalProvider())
 	valid := pipeline.ProvideValidationStage(pCfg, signature.NewValidator(signature.NewUnsignedAuthorizer(pCfg)), angularInspector)
-	init := pipeline.ProvideInitializationStage(pCfg, reg, coreplugin.ProvideCoreProvider(coreRegistry), proc, &pluginfakes.FakeAuthService{}, pluginfakes.NewFakeRoleRegistry(), pluginfakes.NewFakeActionSetRegistry(), nil, tracing.InitializeTracerForTest(), provisionedplugins.NewNoop())
+	init := pipeline.ProvideInitializationStage(pCfg, reg, provider.ProvideService(coreRegistry), proc, &pluginfakes.FakeAuthService{}, pluginfakes.NewFakeRoleRegistry(), pluginfakes.NewFakeActionSetRegistry(), nil, tracing.InitializeTracerForTest(), provisionedplugins.NewNoop())
 	term, err := pipeline.ProvideTerminationStage(pCfg, reg, proc)
 	require.NoError(t, err)

@@ -97,7 +98,7 @@ func CreateTestLoader(t *testing.T, cfg *pluginsCfg.PluginManagementCfg, opts Lo
 	if opts.Initializer == nil {
 		reg := registry.ProvideService()
 		coreRegistry := coreplugin.NewRegistry(make(map[string]backendplugin.PluginFactoryFunc))
-		opts.Initializer = pipeline.ProvideInitializationStage(cfg, reg, coreplugin.ProvideCoreProvider(coreRegistry), process.ProvideService(), &pluginfakes.FakeAuthService{}, pluginfakes.NewFakeRoleRegistry(), pluginfakes.NewFakeActionSetRegistry(), nil, tracing.InitializeTracerForTest(), provisionedplugins.NewNoop())
+		opts.Initializer = pipeline.ProvideInitializationStage(cfg, reg, provider.ProvideService(coreRegistry), process.ProvideService(), &pluginfakes.FakeAuthService{}, pluginfakes.NewFakeRoleRegistry(), pluginfakes.NewFakeActionSetRegistry(), nil, tracing.InitializeTracerForTest(), provisionedplugins.NewNoop())
 	}

 	if opts.Terminator == nil {
@@ -542,10 +542,9 @@ func setupEnv(t *testing.T, sqlStore db.DB, cfg *setting.Cfg, b bus.Bus, quotaSe
 	dashService.RegisterDashboardPermissions(acmock.NewMockedPermissionsService())
 	secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 	secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
-	dsRetriever := dsservice.ProvideDataSourceRetriever(sqlStore, featuremgmt.WithFeatures())
 	_, err = dsservice.ProvideService(sqlStore, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService(),
 		quotaService, &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{}, plugincontext.
-			ProvideBaseService(cfg, pluginconfig.NewFakePluginRequestConfigProvider()), dsRetriever)
+			ProvideBaseService(cfg, pluginconfig.NewFakePluginRequestConfigProvider()))
 	require.NoError(t, err)
 	m := metrics.NewNGAlert(prometheus.NewRegistry())

--- a/Show More
+++ b/Show More