* fix: increase login_attempt.ip_address column length for IPv6 support
- Expand ip_address column from VARCHAR(30) to VARCHAR(50) to accommodate IPv6 addresses
- Add database migration with support for PostgreSQL, MySQL, and SQLite
- Add comprehensive integration tests for various IPv6 address formats
- Resolves 500 errors when login fails over IPv6, now returns proper 401 errors
Fixes#106362
* test: add missing test skip to TestIntegrationIPv6AddressSupport
Skip integration test when running with -short flag to separate unit and integration tests
* Update pkg/services/sqlstore/migrations/login_attempt_mig.go
Co-authored-by: Victor Cinaglia <victor@grafana.com>
* fix missing bracket
* fix: resolve PostgreSQL timestamp overflow in IPv6 test
- Use controlled time mock instead of time.Now() to avoid timestamp conversion issues
- Follow existing test patterns with xormStore and mock time functions
- Add proper Since parameter to GetIPLoginAttemptCount query
- Fixes PostgreSQL error: 'pq: value "-62135596800" is out of range for type integer'
* fix: resolve PostgreSQL UTF-8 encoding error in IPv6 test
Replace string(rune(i)) with fmt.Sprintf to avoid null bytes (0x00)
when i=0, which caused 'invalid byte sequence for encoding UTF8' error
---------
Co-authored-by: Victor Cinaglia <victor@grafana.com>
* replace xorm.io/xorm imports
* replace xorm from other go.mod files
* clean up workspace
* nolint does not make sense anymore as it is not a module
* try if nolint directive helps
* use nolint:all for xorm
* add more nolints
* try to skip xorm in linter config
* exclude xorm differently
* retrigger ci
* add columns external_id and is_provisioned to the team table
* generate openapi specs
* rename column to external_uid
* generate open api specs
* increase limit for external_uid to 256
* CI: Allow Bench conversion to fail
We shouldn't mark PRs and commits as X if they fail to convert logs with Bench.
* Fix: Prints should always include new lines
* fix: remove unused import
* Validate authID when user is provisioned
* Add new `user_unique_id` to `user_auth` table
* Validate provisioned user with saml assertion
* Rework `ExternalUID`
* Validate for ExternalUID only
* Enhance verbosity
* Move ExternalUID to saml config
* Rename db variable for externalUID
* Add verbosity to debug ExternalUID
* Assign new error for ExternalUID mismatch
* Add `GetByLoginFn`
* Add new configuration to saml tests
* add validation for empty externalUID
* Fix UNION syntax in resourcepermissions package.
* Fix migrations in usermig package to work with Spanner.
* Fix health query.
* Use more connections for integration tests.
* Add test-go-integration-spanner target to run integration tests against Spanner emulator.
* Add test for enterprise.
* Don't delete sequence number for migration_log.id column.
* Only bump max open connections to 20 for Spanner.
Lower integration test timeout.
* Add migration to remove datasources:drilldown
* remove role assignments as well
* rename to datasources:drilldown
* remove the role assignments
* made it simple instead
* Update pkg/services/sqlstore/migrations/accesscontrol/datasource_drilldown_removal.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Update pkg/services/sqlstore/migrations/accesscontrol/datasource_drilldown_removal.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
What is this feature?
This PR introduces a new alert rule configuration option, keep_firing_for (Prometheus documentation).
keep_firing_for prevents alerts from resolving immediately after the alert condition returns to normal. Instead, they transition into a "Recovering" state and are not considered resolved by the Alertmanager. Once the recovery period ends (or after the next evaluation if it is bigger than keep_firing_for), the alert transitions to "Normal" if it doesn't start alerting again:
Before
+----------+ +----------+
| Alerting |---->| Normal |
+----------+ +----------+
-----
After
+----------+ +------------+ +----------+
| Alerting |----->| Recovering |---->| Normal |
+----------+ +------------+ +----------+
Why do we need this feature?
This feature prevents flapping alerts by adding a recovery period. This helps avoid false resolutions caused by brief alert
* Adds ability to run integration tests against spanner (by using GRAFANA_TEST_DB=spanner env variable. SPANNER_DB variable then specifies database to use: spannertest, emulator or string like /projects/<project>/instances/<instance>/databases/<db>)
* Adds feature to migration dialects to create database from a snapshot, instead of running individual migrations.
* Adds first version of Spanner snapshot, prepared from "OSS" migrations.
* Uses generated bit-reversed-positive values instead of auto_increment. (As an experiment)
* Add isProvisioned field to model
* Add new isProvisioned column to migration
* Disable auto assignment to organization if the user is provisioned
* add annotation to user model
* add annotation to user models
* Remove IsProvisioned field from Identity
* Move new field assignenment and add default value
* Update annotations for user query results
* Remove isProvisioned from identity
* Add new column to test
* Resolve user from identity at SyncOrgHook
* add column guid to alert rule table and rule_guid to rule version table
+ populate the new field with UUID
* update storage and domain models
* patch GUID
* ignore GUID in fingerprint tests
* introduce new fields created_by in rule tables
* update domain model and compat layer to support UpdatedBy
* add alert rule generator mutators for UpdatedBy
* ignore UpdatedBy in diff and hash calculation
* Add user context to alert rule insert/update operations
Updated InsertAlertRules and UpdateAlertRules methods to accept a user context parameter. This change ensures auditability and better tracking of user actions when creating or updating alert rules. Adjusted all relevant calls and interfaces to pass the user context accordingly.
* set UpdatedBy in PreSave because this is where Updated is set
* Use nil userID for system-initiated updates
This ensures differentiation between system and user-initiated changes for better traceability and clarity in update origins.
---------
Signed-off-by: Yuri Tseretyan <yuriy.tseretyan@grafana.com>
Certain combinations of KeepLast state transition annotations exceed the current
limit of 25 characters. This increases the column size limit to be able to
handle the longest combination (27) with some extra space for comfort.
* start on loading the error code
* error code to message mapping
* use resource code type
* use defined error code
* partial updates from comments
* i18nKey gen
* fixed t
* fixed translations
* typing
