Alerting: Update Swagger spec #6
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
…xt (grafana#83129) Logs Panel: Add option extra UI functionality for log context (grafana#83123) * use ref rather than state * add `getLogRowContextUi` to panel (cherry picked from commit f2c0309) Co-authored-by: Sven Grossmann <[email protected]>
Alerting docs: adds simplified alert routing (grafana#82158) * Alerting docs: adds simplified alert routing * adds to preview section * adds numbering * adds indent * deletes fullstop * ran prettier * adds feature toggle notes * fixes spelling error (cherry picked from commit d091e4c) Co-authored-by: brendamuir <[email protected]>
Alerting docs: Fix migrating alert links (grafana#83141) * Alerting docs: fixes migrating links * Fixes underscores and stars * Corrects numbering * ran prettier * Fix links Signed-off-by: Jack Baldry <[email protected]> * Update docs/sources/alerting/set-up/migrating-alerts/_index.md Co-authored-by: Jack Baldry <[email protected]> --------- Signed-off-by: Jack Baldry <[email protected]> Co-authored-by: Jack Baldry <[email protected]> (cherry picked from commit 4720c99) Co-authored-by: brendamuir <[email protected]>
Alerting docs: fixes oncall broken links (grafana#83139) (cherry picked from commit 4b2ef36) Co-authored-by: brendamuir <[email protected]>
Snapshots: delete from same org (grafana#83111) delete in org (cherry picked from commit 809c1ea) Co-authored-by: Ryan McKinley <[email protected]>
Alerting: Protect possible undefined (grafana#83128) Protect possible undefined (cherry picked from commit 16dee3c) Co-authored-by: Sonia Aguilar <[email protected]>
…ana#83194) Docs: add information about filtering for annotations (grafana#82957) * Added information about filtering for annotations * Update generate-transformations.ts (cherry picked from commit f18b9dd) Co-authored-by: Isabel <[email protected]>
…afana#83181) QueryVariableEditor: Select a variable ds does not work (grafana#83144) (cherry picked from commit 5460d75) Co-authored-by: Ivan Ortega Alba <[email protected]>
…3205) Alerting: Fix dashboard nav drawers disappearing (grafana#82890) Add DashNav modal renderer to handle modals rendered from Toolbar buttons (cherry picked from commit b02183e) Co-authored-by: Konrad Lalik <[email protected]>
Alerting: Fix saving evaluation group. (grafana#83188) fix saving evaluation group (cherry picked from commit 2a1873f) Co-authored-by: Sonia Aguilar <[email protected]>
…83245) Docs: update import troubleshoot dashboards links (grafana#83124) * Updated links to former manage dashboards content * Removed links to manage dashboards and added export content to Sharing page * Replaced grafana links with cloud docs links * Removed trailing slash from link * trigger CI --------- Co-authored-by: Jack Baldry <[email protected]> (cherry picked from commit 5f41cc6) Co-authored-by: Isabel <[email protected]>
…anges are made to any header (grafana#83287) AuthProxy: Invalidate previous cached item for user when changes are made to any header (grafana#81445) * fix: sign in using auth_proxy with role a -> b -> a would end up with role b * Update pkg/services/authn/clients/proxy.go Co-authored-by: Karl Persson <[email protected]> * Update pkg/services/authn/clients/proxy.go Co-authored-by: Karl Persson <[email protected]> (cherry picked from commit 9282c7a) Co-authored-by: Klesh Wong <[email protected]>
DataQuery: Track panel plugin id not type (grafana#83091) (cherry picked from commit 64e0a42) Co-authored-by: Torkel Ödegaard <[email protected]>
remove oss from security config docs (grafana#82936) (cherry picked from commit 92fa868) Co-authored-by: Kristina <[email protected]>
Docs: restructure Configure field overrides (grafana#81833) * Removed view and delete overrides sections * Added examples heading and moved examples down one heading level * Added override rules section and removed rule definitions from task * Added supported visualizations section and table and docs ref links * Docs: edit Configure field overrides (grafana#81834) * Formatted note * Added missing content and general edits * Updated screenshots and examples and general edits * Fix small formatting issues * Fixed links * Uploaded images to admin, updated image links, and removed local images * Swapped figure shortcode for simple Markdown (cherry picked from commit dfeb33f) Co-authored-by: Isabel <[email protected]>
Docs/grafana helm (grafana#80390) * added the helm project * added page metadata * added the intro section * fixed menuTitle * added section i.e. Setting up the Grafana Helm repository * added the deployment section * finished the deploying grafana section * completed access grafana section * updating changes * added persistent storage section * added debugging section * fixed typos * fixed headings * fixed numerious typos * Apply suggestions from code review looks good now !! Co-authored-by: Christopher Moyer <[email protected]> * Apply suggestions from code review Thanks for the changes. It looks much better now Co-authored-by: Christopher Moyer <[email protected]> * fixed the suggested changes and fixed minor typos * Apply suggestions from code review thanks for the improvements. looks polished now!! Co-authored-by: Christopher Moyer <[email protected]> * fixed download link * fixed typo * final adjustments * corrects spelling * makes prettier --------- Co-authored-by: Christopher Moyer <[email protected]> Co-authored-by: Chris Moyer <[email protected]> (cherry picked from commit 9f88a88) Co-authored-by: Usman Ahmad <[email protected]>
…not being rendered on first page load (grafana#83526) Plugins: Angular deprecation: Fix AngularDeprecationNotice not being rendered on first page load (grafana#83221) * Plugins: Angular deprecation: Wait for plugins to be inizialized before rendering AngularDeprecationNotice * use then * fix tests * mockCleanUpDashboardAndVariables.mockReset(); * Handle plugin not found * PR review feedback * Add comment * removed unnecessary return * PR review feedback * Use grafanaBootData * Removed comments * fix tests * Use config for hideDeprecation as well (cherry picked from commit e068804) Co-authored-by: Giuseppe Guerra <[email protected]>
… filter (grafana#83404) Annotations: Improve query performance when using dashboard filter (grafana#83112) * Annotations: Improve query performance when using dashboard filter * Add dashboard id filter (cherry picked from commit e7a1ecc) Co-authored-by: Alexander Zobnin <[email protected]>
…ndex page (grafana#83554) Docs: Add missing visualizations to Grafana vizualization index page (grafana#83351) Co-authored-by: Nathan Marrs <[email protected]> Co-authored-by: Isabel Matwawana <[email protected]> Co-authored-by: jev forsberg <[email protected]> (cherry picked from commit e8df629) Co-authored-by: Señor Performo - Leandro Melendez <[email protected]>
…de (grafana#83597) Elasticsearch: Fix adhoc filters not applied in frontend mode (grafana#83592) (cherry picked from commit 411c890) Co-authored-by: Sven Grossmann <[email protected]>
…na#83622) docs: link annotation queries video to documentation (grafana#83586) (cherry picked from commit ba4470d) Co-authored-by: Marie Cruz <[email protected]>
Co-authored-by: Jack Baldry <[email protected]>
…rafana#83628) Anonymous: Add docs for anon users charged on enterprise (grafana#83626) add anon users enterprise (cherry picked from commit b89de96) Co-authored-by: Eric Leijonmarck <[email protected]>
Tempo: Better fallbacks for metrics query (grafana#83619) * Use query as fallback when there's one series and no labels. Use "" as the fallback for empty label values. Stop using the `promLabels` value from the Tempo response * Set refId to remove mentions of promLabels * Add quotes around the string value, add space after comma separator * Use name as refId when possible (cherry picked from commit 036e190) Co-authored-by: Andre Pereira <[email protected]>
…fana#83667) Tempo: Add template variable interpolation for filters (grafana#83213) * Interpolate template variables in filters * Add tests (cherry picked from commit 1631e41) Co-authored-by: Joey <[email protected]>
Docs: restructure Configure panel options (grafana#83438) * Moved view json panel content from configure panel options to panel inspect view * Converted add title and description task to reference section * Removed edit panel section * Updated bullet list to match content * Removed view json content to be integrated later * Ran prettier * Docs: Edit Configure panel options (grafana#83439) * Updated intro * Updated intro, descriptions, and repeating panels task * Reformatted sections of task and updated wording of LLM info * Copy edits * Added Cloud links and updated version syntax * Fixed link * Fixed formatting and removed vestigial sentence (cherry picked from commit 2c95782) Co-authored-by: Isabel Matwawana <[email protected]>
CI: Bump `alpine` image version (grafana#83716) Bump image version (cherry picked from commit c9d8d87)
* Fix typos (grafana#83621) Co-authored-by: Isabel Matwawana <[email protected]> Co-authored-by: Jack Baldry <[email protected]> (cherry picked from commit 2a429cd) Signed-off-by: Jack Baldry <[email protected]> * Fixed typo --------- Signed-off-by: Jack Baldry <[email protected]> Co-authored-by: omahs <[email protected]> Co-authored-by: Isabel Matwawana <[email protected]>
Docs: fix config file info in upgrade guide (grafana#83273) * Updated incorrect custom config file names and locations * Corrected default config file name * Updated more config file info * Apply suggestions from code review Co-authored-by: Pepe Cano <[email protected]> * Reverted change * Fixed default config file info, added second custom file option, and added note about file locations * Added file path for second custom option * Apply suggestion from review Co-authored-by: Usman Ahmad <[email protected]> * Apply suggestion from review Co-authored-by: Usman Ahmad <[email protected]> * Apply suggestions from review Co-authored-by: Usman Ahmad <[email protected]> * Apply suggestion from review * Add version interpolation syntax * Updated wording * Ran prettier --------- Co-authored-by: Pepe Cano <[email protected]> Co-authored-by: Usman Ahmad <[email protected]> (cherry picked from commit e26cd86) Co-authored-by: Isabel Matwawana <[email protected]>
… able to use LDAP active sync (grafana#83751) LDAP: Fix LDAP users authenticated via auth proxy not being able to use LDAP active sync (grafana#83715) * fix LDAP users authenticated via auth proxy not being able to use ldap sync * simplify id resolution at the cost of no fallthrough * remove unused services * remove unused cache key (cherry picked from commit 2182cc4) Co-authored-by: Jo <[email protected]>
github-actions
bot
force-pushed
the
update-alerting-swagger-spec
branch
from
2a83769
to
bbbbb10
Compare
![cycode-security[bot]](https://avatars.githubusercontent.com/in/39308?s=60&v=4){kind=small}
| "alerts": alerts, | ||
| } | ||
|
|
||
| payload, err := json.Marshal(body) |
There was a problem hiding this comment.
❗Cycode: SAST violation: 'Unsanitized user input in deserialization method'.
Severity: Critical
Description
Deserializing data from untrusted sources, like user inputs or request parameters, without proper verification is a security risk. Attackers can embed malicious code or payloads within serialized data. When your application deserializes this data without checks, it becomes vulnerable to attacks.
Cycode Remediation Guideline
- Do not deserialize data from untrusted sources directly. This can lead to security vulnerabilities.
- Do validate and sanitize all data before deserializing it. Ensure that the data is coming from a trusted source and is in the expected format.
References
Would you like to exclude this SAST violation from your status checks?
Tell us what to do with one of the following hashtags:
| Tag | Short Description |
|---|---|
| #cycode_sast_ignore_everywhere | Applies to this SAST violation for all repos in your organization |
| #cycode_sast_ignore_here | Applies to this request only |
| #cycode_sast_false_positive | Applies to this SAST violation for all repos in your organization |
| } | ||
|
|
||
| func sendAlert(logger *log.ConcreteLogger, ctx context.Context, c *http.Client, url string, payload []byte, headers map[string]string) error { | ||
| req, err := http.NewRequest("POST", url, bytes.NewReader(payload)) |
There was a problem hiding this comment.
❗Cycode: SAST violation: 'Unsanitized user input in HTTP request (SSRF)'.
Severity: High
Description
Including unsanitized user input in HTTP requests puts your application at risk of Server-Side Request Forgery (SSRF). This is a security vulnerability that occurs when a server-side application makes HTTP requests to arbitrary URLs controlled by the user. SSRF can be exploited by attackers to target internal systems behind firewalls that are otherwise inaccessible from the external network, by tricking the server into making requests to these systems.
Cycode Remediation Guideline
- Do not use direct user input to construct URLs for backend requests. If user input is necessary, ensure it is strictly validated or sanitized to prevent malicious manipulation.
- Do use a safelist or predefined mapping when incorporating user input in URLs. This ensures that your application only redirects users to safe and intended destinations.
safeURLs := map[string]string{
"key1": "https://safe-domain1.com",
"key2": "https://safe-domain2.com",
}
requestedKey := getUserInput()
if url, ok := safeURLs[requestedKey]; ok {
// continue with request
} else {
log.Fatal("Requested URL is not allowed")
}- Do implement IP safelists and blocklists to customize and block specific IP ranges, especially those that are private, loopback, or otherwise non-routable.
- Do use network-level security measures. If your HTTP client does not support IP range blocking, run it with restricted system permissions or within a network environment where firewall rules can effectively block requests to dangerous addresses.
- Do consider using a secure HTTP proxy to route all backend HTTP requests. This proxy can serve as a filter to block requests to potentially harmful addresses, acting as an additional layer of security.
References
Would you like to exclude this SAST violation from your status checks?
Tell us what to do with one of the following hashtags:
| Tag | Short Description |
|---|---|
| #cycode_sast_ignore_everywhere | Applies to this SAST violation for all repos in your organization |
| #cycode_sast_ignore_here | Applies to this request only |
| #cycode_sast_false_positive | Applies to this SAST violation for all repos in your organization |
github-actions
bot
force-pushed
the
update-alerting-swagger-spec
branch
from
bbbbb10
to
004a89c
Compare
** What is this feature? ** Support the Logz.io query datasources by adding necessary additions into the elasticsearch and prometheus calls and throughout the system. Changes were added on the entry points of the different query APIs, to pass the headers of the requests, and in the client side, where the requests to the datasource is being sent. ** Why do we need this feature? ** To be able to query datasources that are managed in logzio we need to pass relevant headers and params so the query services APIs will accept the calls. ** PR Changes **: * Added required changes in elasticsearch and prometheus clients to add logz headers so we can call logz datasources * Refactored implementation in logz alert evaluation so we only pass headers because url change is no longer required * Added fix to alert evaluation to check if rule routine exists instead of getOrCreate which caused routines not to be created via scheduler if eval called before scheduler updates registry. * Added to custom.ini required configs for logz alert evaluation to work (we will probably remove in the future
github-actions
bot
force-pushed
the
update-alerting-swagger-spec
branch
from
004a89c
to
c322b34
Compare
**Changes required for logz alert evaluation integration:** * Added the logzio_alerts_route_url in defaults.ini so it can be configured as part of the image variables, instead of custom.ini file, as it is based on environment * Added metrics alerts Query-Source header in the alert evaluation api. * In elasticsearch client fix to send the correct querySource
github-actions
bot
force-pushed
the
update-alerting-swagger-spec
branch
from
c322b34
to
c1b9be1
Compare
*What is this feature?* For Logzio alert notifications, we add as part of the PostableAlert annotations the LogzioAccountId so we can use it on the notification templates for generating urls to the Logzio app *Why do we need this feature?* So url generated in alert notifications can redirect to the relevant account
github-actions
bot
force-pushed
the
update-alerting-swagger-spec
branch
from
c1b9be1
to
6e5f778
Compare
* update data-viz-alerting version
DEV-43657 - Add AppUrl with Additional Path to support App url for logzio for alert notification: * add new config value root_url_additional_path to be added on root_url * added ParsedAppUrl for usage on urls build in alert notifications and templates * add the parsedAppUrl in the ExternalUrl for alertmanager
github-actions
bot
force-pushed
the
update-alerting-swagger-spec
branch
from
6e5f778
to
287683c
Compare
github-actions
bot
force-pushed
the
update-alerting-swagger-spec
branch
from
287683c
to
5ba85bc
Compare
github-actions
bot
force-pushed
the
update-alerting-swagger-spec
branch
from
5ba85bc
to
50ed671
Compare
|
This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 2 weeks if no further activity occurs. Please feel free to give a status update or ping for review. Thank you for your contributions! |
|
This pull request has been automatically closed because it has not had any further activity in the last 2 weeks. Thank you for your contributions! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is an automated pull request to update the alerting swagger spec.
Please review and merge.