* Alerting: Allow selection of recording rule write target on per-rule basis.
Introduces a new feature flag (`grafanaManagedRecordingRulesDatasources`),
disabled by default, to enable the ability to write recording rules data using
data source settings, and selecting the data source to use on a per-rule basis.
To cope with the scenario of users upgrading, a configuration file option
allows setting the default data source to use, if none is specified in the rule,
emulating the behaviour of recording rules without the flag enabled.
* Lint
* Update conf/sample.ini
Co-authored-by: Alexander Akhmetov <me@alx.cx>
---------
Co-authored-by: Alexander Akhmetov <me@alx.cx>
* feat(auth/JWTAuth): add support for the TlsSkipVerify parameter
* feat(auth/JWTAuth): add param to default.ini and sample.ini
---------
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
* Auth: Add IP address login attempt validation
* LoginAttempt struct IpAddress field must be camelCase to match db ip_address column
* add setting DisableIPAddressLoginProtection
* lint
* add DisableIPAddressLoginProtection setting to tests
* add request object to authenticate password test
* nit suggestions & rename tests
* add login attempt on failed password authentication
* dont need to reset login attempts if successful
* don't change error message
* revert go.work.sum
* Update pkg/services/authn/clients/password.go
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* added changes for rebase
* ran go mod tidy and ran a build
* ran a build
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
* updated go.work.sum to upstream
* added newline to match upstream
* added more specificity in documentation
---------
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
* Datasources: Add toggle to control default behaviour of 'Manage alerts via Alerts UI' toggle
* Update documentation with suggestions
Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com>
* added backend support for client_secret_jwt
* added backend support for client_secret_jwt
* added all logic to the exchange function (overloaded social exchange in azuread_oauth to handle managed identity client id)
* ran yarn install to update lock file
* added support for client_secret_jwt when managed_identity_client_id is null
* added audience flag and changed exchange to directly access oauth config using .info
* added logic in setting oauth.Config for supported client authentication values
* added client_authentication, managed_identity_client_id, and audience to sample.ini file
* using provided ctx in ManagedIdentityCallback function
* added frontend support for federated identity credential auth
* added client authentication field
* added Azure AD documentation for Grafana
* added bold font to "Add" keyword in documentation
* minor wording change relating to previous commit
* addressed changing audience to federated_credential_audience, moving validation, and changing managedIdentityCallback to private function
* correction to audience name changing
* fixed orgMappingClientAuthentication function name, and added in logic into validateFederatedCredentialAudience function
* Change docs
* Add iam team as owner of azcore pkg
* added backend support for client_secret_jwt
* added all logic to the exchange function (overloaded social exchange in azuread_oauth to handle managed identity client id)
* ran yarn install to update lock file
* added support for client_secret_jwt when managed_identity_client_id is null
* added audience flag and changed exchange to directly access oauth config using .info
* added logic in setting oauth.Config for supported client authentication values
* added client_authentication, managed_identity_client_id, and audience to sample.ini file
* using provided ctx in ManagedIdentityCallback function
* added frontend support for federated identity credential auth
* added client authentication field
* added Azure AD documentation for Grafana
* added bold font to "Add" keyword in documentation
* minor wording change relating to previous commit
* addressed changing audience to federated_credential_audience, moving validation, and changing managedIdentityCallback to private function
* correction to audience name changing
* fixed orgMappingClientAuthentication function name, and added in logic into validateFederatedCredentialAudience function
* Change docs
* Add iam team as owner of azcore pkg
* updated yarn lock file
* updated doc for correction
* removed wrong changes in pkg directory
* removed newline in dashboard-generate.yaml and unified.ts
* updated yarn.lock to match upstream
* Lint
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* removing unwanted changes
* added back removed newline
* fixed failing test in azuread_oauth_test.go
* Update azuread_oauth.go
removed unnecessary newline, fixed lint
---------
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
Currently the default is 1, this means that by default users will see transient
query errors reflected as alert evaluation failures, when often an immediate
retry is sufficient to evaluate the rule successfully.
Enabling retries by default leads to a better experience out of the box.
* Add setting to adjust number of login attempts before user login gets locked
* Ensure at least one attempt can be made
* Update documentation with new setting
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
* Use a enable configuration to enable frontend sandbox
* Modify settings to load enableFrontendSandbox
* Check for signature type
* Update commment
* Fix e2e tests for the frontend sandbox
* Modify logic so a custom check function is used instead of a list of checks
* Fixes flaky test
* fix comment
* Update comment
* Empty commit
* Empty commit
* ManagedServiceAccounts: Add a config option to disabled by default
* Update log in pkg/services/extsvcauth/registry/service.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* allow post URL
* check for config
* allow relative paths
* add allowed internal pattern; add checks for method
* update defaults.ini
* add custom header
* update config comment
* use globbing, switch to older middleware - deprecated call
* add codeowner
* update to use current api, add test
* update fall through logic
* Update pkg/middleware/validate_action_url.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update pkg/middleware/validate_action_url.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* add more tests
* Update pkg/middleware/validate_action_url_test.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* fix request headers
* add additional tests for all verbs
* fix request headers++
* throw error when method is unknown
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
Co-authored-by: Brian Gann <bkgann@gmail.com>
Co-authored-by: Brian Gann <briangann@users.noreply.github.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
* update oauthtoken service to use remote cache and server lock
* remove token cache
* retry is lock is held by an in-flight refresh
* refactor token renewal to avoid race condition
* re-add refresh token expiry cache, but in SyncOauthTokenHook
* Add delta to the cache ttl
* Fix merge
* Change lockTimeConfig
* Always set the token from within the server lock
* Improvements
* early return when user is not authed by OAuth or refresh is disabled
* Allow more time for token refresh, tracing
* Retry on Mysql Deadlock error 1213
* Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go
Co-authored-by: Dan Cech <dcech@grafana.com>
* Add settings for configuring min wait time between retries
* Add docs for the new setting
* Clean up
* Update docs/sources/setup-grafana/configure-grafana/_index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
---------
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* add gms client function
* add timeout config for endpoint
* report events to gms
* fix lint error
* clean up report calls and make sure reports all have local ids
* extra validation
* improve error logging and fix url
* implement querying gms for snapshot status
* add some documentation
* provide snapshot resources after snapshot is created
* add rate limiting to backend
* fix compilation error
* fix typo
* add unit tests
* finish merge
* lint
* swagger gen
* more testing
* remove duplicate test
* address a couple PR comments
* update switch statement to a map
* add timeouts to gms client through the http client
* remove extra whitespace
* put method back where it was so the PR is less confusing
* fix tests
* add todo
* fix final unit test
* Alerting: Add setting for maximum allowed rule evaluation results
Added a new configuration setting `quota.alerting_rule_evaluation_results` to set the maximum number of alert rule evaluation results per rule. If the limit is exceeded, the evaluation will result in an error.
* Simple replace of State.Resolved with State.ResolvedAt
* Retain ResolvedAt time between Normal->Normal transition
* Introduce ResolvedRetention to keep sending recently resolved alerts
* Make ResolvedRetention configurable with resolved_alert_retention
* Tick-based LastSentAt for testing of ResendDelay and ResolvedRetention
* Do not reset ResolvedAt during Normal->Pending transition
Initially this was done to be inline with Prom ruler. However, Prom ruler
doesn't keep track of Inactive->Pending/Alerting using the same alert instance,
so it's more understandable that they choose not to retain ResolvedAt. In our
case, since we use the same cached instance to represent the transition, it
makes more sense to retain it.
This should help alleviate some odd situations where temporarily entering
Pending will stop future resolved notifications that would have happened
because of ResolvedRetention.
* Pointers for ResolvedAt & LastSentAt
To avoid awkward time.Time{}.Unix() defaults on persist
* Docs: Update "Configure high availability" guide with ha_reconnect_timeout configuration
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Auth: Implement org role mapping for google oauth provider
* Update docs
* Remove unused function
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
Steve Simpson
Lucy Chen
Filip "Ret2Me" Poplewski
Jean-Philippe Quéméner
Eric Leijonmarck
Nicolas Simonds
colin-stuart
John Naizer
Matheus Macabu
Alexander Akhmetov
Karl Persson
Fayzal Ghantiwala
Josh Hunt
Tobias Skarhed
Esteban Beltran
Brandon
Gabriel MABILLE
Todd Treece
Adela Almasan
Alexander Weaver
Dan Cech
Tom Ratcliffe
lean.dev
Ryan McKinley
Michael Mandrus
Santiago
Andrew Hackmann
Timur Olzhabayev
Yuri Tseretyan
Rajguru
Matthew Jacobson
William Wernert
Jacob Valdemar
Kristin Laemmert
Misi