* Clean up authenticator
* Cleanup authorizers and replace org_id and stack_id with namespace authorizer
* Remove dependency on org service
* Extract orgID from /apis/ urls and validate stack id
What is this feature?
Allows the creation of alert rules with mimirtool in a specified folder.
Why do we need this feature?
Currently, the APIs for mimirtool create namespaces and rule groups in the root folder without the ability to set a custom folder. For example, it could be a special "Imported" folder, etc.
This PR makes it possible with a special header: mimirtool ... --extra-headers="X-Grafana-Alerting-Folder-UID=123". If it's not present, the root folder is used, otherwise, the specified one is used.
mimirtool does not support nested folder structures, while Grafana allows folder nesting. To keep compatibility, we return only direct child folders of the working folder (as namespaces) with rule groups and rules that are directly in these child folders as if there are no nested folders.
For example, given this folder structure in Grafana:
```
grafana/
├── production/
│ ├── service1/
│ │ └── alerts/
│ └── service2/
└── testing/
└── service3/
```
If the working folder is "grafana":
Only namespaces "production" and "testing" are returned
Only rule groups directly within these folders are included
If the working folder is "production":
- Only namespaces "service1" and "service2" are returned
Only rule groups directly within these folders are included
* move prometheus.register for unified storage metrics into metrics.go and do most of the plumbing to get it to work
* convert StorageApiMetrics to pointer and check for nil before using it
* rename type and variables to something more sensible
---------
Co-authored-by: Jean-Philippe Quéméner <jeanphilippe.quemener@grafana.com>
Initially, Metadata had only the EditorSettings, and HasMetadata was used to understand if the incoming update request had metadata in the body because it could be omitted if it was empty. For example, when the rule is updated via the provisioning API or has only false values. If it was in the request, we used that; if not, we used the metadata from the existing rule from the database. If the rule was updated via the AlertRuleService, we didn't change Metadata at all if the rule already existed.
But now, Metadata also has the Prometheus rule definition, and we always need to update it with the new version of the AlertRuleService when the rule exists in the DB and has the same UID. HasMetadata is renamed to HasEditorSettings to keep the old behaviour only for EditorSettings.
Now, the provisioning API and the conversion API will overwrite everything except EditorSettings with the new data.
What is this feature?
Adds an API endpoint to create alert rules with mimirtool:
- POST /convert/prometheus/config/v1/rules/{NamespaceTitle} - Accepts a single rule group in a Prometheus YAML format and creates or updates a Grafana rule group from it.
The endpoint uses the conversion package from #100224.
Key parts
The API works similarly to the provisioning API. If the rule does not exist, it will be created, otherwise updated. Any rules not present in the new group will be deleted, ensuring the group is fully synchronized with the provided configuration.
Since the API works with namespace titles (folders), the handler automatically creates a folder in the root based on the provided title if it does not exist. It also requires a special header, X-Grafana-Alerting-Datasource-UID. This header specifies which datasource to use for the new rules.
If the rule group's evaluation interval is not specified, it uses the DefaultRuleEvaluationInterval from settings.
* Provisioning: Define secrets service
* Provisioning: Create and store secrets service
* Provisioning: Define safepath
* Provisioning: Define the repository
* Identity: Support a provisioning service
* Provisioning: Define a job queue
* Chore: Regen code
* Provisioning: Show progress more often
Co-Authored-By: Ryan McKinley <ryantxu@gmail.com>
* Provisioning: Rename hash field to lastRef
Co-Authored-By: =?UTF-8?q?Roberto=20Jim=C3=A9nez=20S=C3=A1nchez?= <roberto.jimenez@grafana.com>
* Provisioning: Workflows as write access
Co-Authored-By: Ryan McKinley <ryantxu@gmail.com>
* Provisioning: Regen OpenAPI snapshot
* Provisioning: Update tests to match new fields
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
Co-authored-by: =?UTF-8?q?Roberto=20Jim=C3=A9nez=20S=C3=A1nchez?= <roberto.jimenez@grafana.com>
* Provisioning: Remove S3
* Provisioning: Use URL for GitHub
Co-Authored-By: Ryan McKinley <ryantxu@gmail.com>
Co-Authored-By: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Provisioning: Use workflow list
Co-Authored-By: =?UTF-8?q?Roberto=20Jim=C3=A9nez=20S=C3=A1nchez?= <roberto.jimenez@grafana.com>
* Provisioning: Model secrets
* Provisioning: Define a total in the job summary
* Provisioning: Generate code
* Provisioning: Update testdata
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: =?UTF-8?q?Roberto=20Jim=C3=A9nez=20S=C3=A1nchez?= <roberto.jimenez@grafana.com>
* adjut quickRanges type in v2
* clean up unused time_options property
* remove deprecated time_options property on time picker
* add schema migration for time_options
* adjust test
* Provisioning: Jobs: Define repository name field
* Provisioning: Jobs: Separate options per job type
* Provisioning: Define a sanitised settings resource
* Provisioning: Jobs: Define a job summary
* Provisioning: Remove linting
* Provisioning: Update docs for a few fields
* Provisioning: Remove HelloWorld
* Provisioning: Replace Repository with Message in job info
* Provisioning: Remove YAML support
* Provisioning: Remove custom folder specification
* Provisioning: Support read-only repositories
* Provisioning: Remove edit options
* Provisioning: Add sync options for repositories
* Provisioning: Add resource statistics
* Provisioning: Make slices atomic lists
* Provisioning: Message list needs to exist even if empty
If we don't do this, we can't clear the messages field, leading to buggy UX.
* Provisioning: Support incremental syncing
* Provisioning: Remove the 'items' subresource workaround
* Provisioning: Add resource list
* Provisioning: Reformat
* Provisioning: Declare new types
* OpenAPI: Generate openapi JSON spec from generated code
* Codegen: Generate OpenAPI spec
* Provisioning: Support generating frontend API
* Codegen: Generate Go code
* Provisioning: Define the base API
* Codegen: Generate frontend endpoints for provisioning
* Refactor: yarn prettier:write
* Provisioning: Tiger team takes ownership
* Chore: Remove dir we haven't added yet
* Provisioning: Remove frontend
* Test: Update example repositories
* update generated iam client
* update API
* with meta api
* regenerate client
* with identify ref
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* create new generated iam api client and use in query library
* update betterer
* use new createBaseQuery method
* update CODEOWNERS
* fix unit tests
* use shared type
* update comment
* fix test
* Alerting: Fix Alertmanager configuration updates
Alertmanager configuration updates would behave inconsistently when performing no-op updates with `mysql` as the store.
In particular this bug manifested as a failure to reload the provisioned alertmanager configuration components with no changes to the configuration itself. This would result in a 500 error with mysql store only.
The core issue is that we were relying on the number of rows affected by the update query to determine if the configuration was found in the db or not.
While this behavior works for certain sql dialects, mysql does not return the number of rows matched by the update query but rather the number of rows actually updated.
Also discovered and fixed the mismatched `xorm` tag for the `CreatedAt` field to match the actual column name in the db.
References: https://dev.mysql.com/doc/refman/8.4/en/update.html
When exporting contact-points, mute-timings, and notification policies in the provisioning API, we need to escape the `$` character which is used in interpolation by file provisioning.
Follow up to #97985
* Extract "PermissionStore" from general store interface
* Add static and union permission stores
* Add GetStaticRoles
* Use accesscontrol.Service for inproc to provide static permissions
