# What this PR does
It introduces soft-delete of organization, since grafana stacks are
soft-deleted too. Also, we had a problem with deleting orgs with large
amounts of alerts, so soft-deletion will fix this problem. I think, that
problem of cleaning alerts of deleted orgs should be solved as a part of
alert retention
* Centralize timezone validation into one spot + add serializer validation
for schedules and oncall shifts (both public and internal API)
* add engine-manage make command
* Modify plugin.json to support RBAC role registration
* defines 26 new custom roles in plugin.json. The main roles are:
- Admin: read/write access to everything in OnCall
- Reader: read access to everything in OnCall
- OnCaller : read access to everything in OnCall + edit access to Alert Groups and Schedules
- <object-type> Editor: read/write access to everything related to <object-type>
- <object-type> Reader: read access for <object-type>
- User Settings Admin: read/write access to all user's settings, not just own settings. This is in comparison to User Settings Editor which can only read/write own settings
* update changelog and documentation (#686)
* implement RBAC for OnCall backend
This commit refactors backend authorization. It trys to use RBAC authorization if the org's grafana instance supports it, otherwise it falls back to basic role authorization.
* update RBAC backend tests
* add tests for RBAC changes
- run backend tests as matrix where RBAC is enabled/disabled. When RBAC is enabled, the permissions granted are read from the role grants in the frontend's plugin.json file (instead of relying what we specify in RBACPermission.Permissions)
- remove --reuse-db --nomigrations flags from engine/tox.ini
- minor autoformatting changes to docker-compose-developer.yml
* remove --ds=settings.ci-test from pytest CI command
DJANGO_SETTINGS_MODULE is already specified as an env var so this is just unecessary duplication
* update gitignore
* update github action job name for "test"
* RBAC frontend changes
* refactors the use of basic roles (ex. Viewer, Editor, Admin) use RBAC permissions (when supported), or falling back to basic roles when RBAC is not supported.
- updates the UserAction enum in grafana-plugin/src/state/userAction.ts. Previously this was hardcoded to a list of strings that were being returned by the OnCall API. Now the values here correspond to the permissions in plugin.json (plus a fallback role)
* changes per Gabriel's comments:
- get rid of group attribute in rbac roles
- remove displayName role attribute
- remove hidden role attribute
- add back role to includes section
* don't try to update user timezone if they don't have permission
* Add test for out of range route's order value
* Add additional validation for route's position when manual ordering is applied
* Remove print()
* Remove print
* remove email verification related code
* remove email verification related code
* remove sendgrid callback
* remove sendgrid related code
* remove sendgrid related code
* rename sendgrid app to email
* remove email from built-in channels
* remove email from built-in channels
* remove email from built-in channels
* add email backend: https://github.com/grafana/oncall/pull/50
* add email templater
* add email templater
* convert md to html
* add email settings to live settings
* use task to send email, handle some exceptions to create logs
* remove ERROR_NOTIFICATION_MAIL_DELIVERY_FAILED usage
* add email limit logic
* fix tests
* add docs
* remove old email templates
* remove old email templates
* add template_fields to messaging backend
* add messaging backends templates to public api
* add comment for deprecated fields
* fix test
* fix tests
* disable email by default
* don't retry on SMTPException and TimeoutError
* add tests
* bring email back to public api docs
* return ERROR_NOTIFICATION_MAIL_LIMIT_EXCEEDED
* make template_fields tuple
* build_subject_and_title -> build_subject_and_message
* add one more comment about template deprecation
* use 8 as backend id
* add comment about gaierror and BadHeaderError
* add comment on importing in notify_user_async
* edit oss docs
* Allow non-JSON custom webhook templates, provided they render as valid JSON
Previously, both the provided template _and_ the rendered template had
to be valid JSON in order for validation to pass. This was unnecessarily
restrictive: really, only the rendered template needs to be valid JSON.
It also disallowed using templates such as:
{
"labels": {{ alert_payload.labels | tojson }}
}
even though this would be valid JSON after rendering.
This commit relaxes the validation of custom webhook templates so that
they don't need to be valid JSON, provided that the rendered template
_is_ valid JSON. This is checked using a dummy dictionary of render
params, which use a constant string for the `alert_group_id` field
and a `defaultdict(dict)` for the `alert_payload` field. This should
permit templates like the one above, but still deny templates such as
{
"labels": {{ alert_payload.labels }}
}
which would otherwise fail later if `labels` is not valid JSON.
This should resolve#638.
* Use defaultdict(str) instead of defaultdict(lambda: "")
* Add missing comment to resolution note validation code
* Update validation of resolution notes in public API, too
* Add extra test cases for JSON webhook templates endpoint of public API
* Use create_engine_url to add prefix to previous/next links
* Remove override of get_paginated_response since it is unchanged from parent
* More concise override
* Make both overrides behave the same
* add test for public API alert groups pagination
Co-authored-by: Vadim Stepanov <vadimkerr@gmail.com>
* add .python-version to .gitignore
* add .nvmrc to frontend
Also update DEVELOPER.md to mention optionally using nvm
* update DEVELOPER.md to reflect running successfully locally
* markdown autoformatter styling changes
* add slack permalink to alertgroup public api http response
* update changelog
* address PR comments
- rename permalink to permalinks in alert group public api seralizer
- add permalinks property to AlertGroup model
- update public api alert groups test
- update alertgroups public documentation to include permalinks property
* add default DEBUG = True in dev.py settings
* Revert "Revert "Alert list view & caching rework (#216)""
This reverts commit 730dccc3
* Revert "fix AlertGroupClassicMarkdownRenderer"
This reverts commit 82e53d8e0c513feb8aaef332fc1d3800e90538fc.
* optimize alert group list view
* optimize alert group list view
