* Add some unit tests and enable sub resource so we can start testing manually on dev
* add test to verify auth headers are stripped when being forwarding requests to client
* add integration tests
* update test packages
* polish
* fix tests
* fix panic
* fmt
* white space
* add feature flag to routing of resources endpoint
* fix missing type
* update integration tests with correct feature flag
* fix test
* update other integration tests to use ff
test: Add integration tests for empty path repositories
Add comprehensive integration tests to verify empty path repository behavior:
- Single repository with empty path syncs from repository root
- Multiple repositories with empty path can coexist
- Dashboard ownership conflicts are properly detected and reported
- Folders are duplicated per repository (12 total for 2 repos)
- Dashboards remain unique to first repository (3 total)
This validates the feature that allows repositories to use empty paths
for syncing from the root directory, while properly handling resource
ownership conflicts between multiple repositories.
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
* Add fieldSelector support to ExternalGroupMapping
* can add selectable fields in localstore
---------
Co-authored-by: Owen Smallwood <owen.smallwood@grafana.com>
Track success/failure rates of settings service fetch attempts from the request config middleware with a new counter metric: grafana_frontend_settings_fetch_total{status="success"|"error"}.
Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
Extend the frontend service request config to allow per-tenant RudderStack settings from the settings service, following the existing pattern for security settings. This enables each tenant to have independent analytics configuration.
Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
Register GET routes for /admin/secrets/keepers and /admin/secrets/keepers/*
behind the secretsManagementAppPlatformUI feature flag with keepers-specific
RBAC permissions, so direct page loads serve the SPA instead of returning 404.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Simplify unified storage client backend setup
* Gate storage backend creation by storage type
* Allow unified grpc storage without backend
* refactor(unified): ProvideStorageBackend before unified service
* refactor(unified): implement ProvideStorageBackend and provide backend before service
* Fix issues after merge
* simplify changes
* fix missing reference
* fix tests
* fix lint and add comment to NewStorageBackend
* start service in test
* separate module for unified backend
* Stop unified backend after grpc
* Fix tests
* Shutdown backend last
* Do not reply on ishealthy after shutdown started
* Cleanup a bit the code
* Init backend at register time
* Do not change health checks for now
* re-add storage metrics
* check for nil on testinfra sql.NewStorageBackend
* add tracer for backend and set max_open_conn in test
* address claude review
* make distributor an idle server
* ensure server is created in test
* Add dry-run support to app platform storage operations
What
- Added dry-run check in folder_storage.go to skip permission side effects during dry-run operations
- Added dry-run handling in dualwriter.go for Create, Delete, Update, and DeleteCollection methods
- When dry-run flag is set, operations delegate directly to unified storage which properly handles dry-run via DryRunnableStorage
- Added comprehensive test suite in dualwriter_dryrun_test.go covering all dual-writer modes (1-3) for all operation types
- Added integration test in folders_test.go (TestIntegrationFolderDryRun) validating dry-run behavior across modes
Why
- Dry-run operations must not have side effects (no permissions, no actual writes)
- Unified storage already implements correct dry-run semantics via DryRunnableStorage
- Legacy storage does not properly handle dry-run, so bypassing it ensures correctness
- Aligns dualwriter behavior with Kubernetes API semantics for dry-run requests
- Ensures data consistency and prevents unintended state changes during dry-run validation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* DualWriter: Wrap objInfo in Update dry-run path for Mode1/Mode2
What:
- Apply wrappedUpdateInfo translation in the Update dry-run path when
readUnified is false (Mode1/Mode2), matching the normal path behavior
- Add tests verifying wrapping behavior per mode
Why:
- In Mode1/Mode2, clients read from legacy storage and send legacy
UID/resourceVersion. The dry-run path was sending these directly to
unified storage, which would fail with precondition mismatches. The
normal path already wraps objInfo to clear UID/RV/preconditions for the
secondary store — the dry-run path must do the same.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
Dashboard Validator App - Prometheus support
Validates dashboard compatibility with Prometheus datasources. The app analyzes dashboard queries against available metrics to produce a compatibility score.
Backend (Go):
- App scaffolding with grafana-app-sdk, custom `/check` endpoint
- Prometheus validator: parses PromQL queries, fetches available metrics, and computes per-query and per-datasource compatibility
- Metric caching, input validation, request timeouts, and structured error handling (not found, unreachable, auth, timeout)
- Custom authorizer with role-based access control
- Datasource-scoped validation and variable interpolation support
Frontend (React/TypeScript):
- API client for the validator backend
- Compatibility badge inline on community dashboards
- Detail modal showing per-datasource and per-query results
- Gated behind dashboardValidatorApp feature flag
Tests:
- Go unit tests for parser, fetcher, validator, and JSON serialization
- Dashboard query extraction tests
Frontend: Add QPS and Burst configuration for settings service client
Make the settings service client's rate limiting configurable via INI/env vars, allowing operators to tune QPS (requests per second) and Burst without code changes.
Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
* APIServer: Surface watch errors in the UI
When watch API calls fail (e.g., for non-admin users), errors are now propagated through the Observable pipeline and displayed as toast notifications, preventing the UI from appearing stuck during bulk operations.
* pass error status
* Set error status on job when watch fails instead of clearing items
When a WebSocket watch fails, set the job's status to error with the
error message instead of clearing cached items. This keeps the job
in cache so JobContent renders the error naturally via onStatusChange,
rather than falling through to FinishedJobStatus which shows a
misleading "No job found" error.
* Add back admin-only watch restriction for testing
Temporarily limit watch subscriptions to admin users while testing
provisioning repositories. This needs to be removed later.
* Use ErrorPermissionDenied and add clarifying comments
- Map SubscribeStreamStatusPermissionDenied to centrifuge.ErrorPermissionDenied
(code 103) instead of ErrorUnauthorized for correct semantics
- Document why RxJS retry is not needed on the live channel path
- Document the listJob onError cache mutation logic
* Simplify createOnCacheEntryAdded error handling
Remove notification logic and dispatch from the error handler.
Consumers now own error handling entirely via the onError callback.
* Remove admin-only watch restriction
Remove the temporary admin-only gate on watch subscriptions that was
used for testing.
* provisioning: check quota on files API requests
* provisioning: add integration test for files quota checks
* provisioning: delete AI generated comment that's not adding much
* Alerting: Prototype global notification history view.
Adds a view for notification history in the same style as the "History" page
used to view alert state history.
_Note this is a prototype and subject to change._
* resolve lint errors in notification history components
* add tests
* Deduplicate matcherToAPIFormat and reuse matcherToOperator
* Add missing i18n strings in NotificationsListSceneObject
* use stringifyErrorLike
* fix circular dependency
---------
Co-authored-by: Sonia Aguilar <soniaaguilarpeiron@gmail.com>
* add openfeature handling + local env to frontend-service
* remove react18 manifest that was accidentally added
* fix and add some more unit tests
* review changes
* remove comment from frontend_service
* translations...