This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [golang.org/x/net](https://pkg.go.dev/golang.org/x/net) | [`v0.46.0` →
`v0.48.0`](https://cs.opensource.google/go/x/net/+/refs/tags/v0.46.0...refs/tags/v0.48.0)
|
|
|
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
## Need help?
You can ask for more help in the following Slack channel:
#proj-renovate-self-hosted. In that channel you can also find ADR and
FAQ docs in the Resources section.
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42NC4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLW1pbm9yIl19-->
---------
Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com>
Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com>
Co-authored-by: Jocelyn Collado-Kuri <jcolladokuri@icloud.com>
## Summary
Implements query guardrails in the backend to prevent execution of
expensive or malformed queries that could impact customer environments.
Part of https://github.com/grafana/oss-big-tent-squad/issues/127
## Changes
### New guardrails added:
1. **Item ID validation** (`queryItemIdData`)
- Validates that item IDs are non-empty
- Validates that item IDs contain only numeric values
2. **Time range validation** (`QueryData`)
- Validates that `From` timestamp is before `To` timestamp
3. **API method allowlist** (`ZabbixAPIHandler`)
- Only allows Zabbix API methods defined in the frontend type
`zabbixMethodName`
- Blocks any write/delete/update operations not in the allowlist
### New files:
- `pkg/datasource/guardrails.go` - Validation functions and error
definitions
- `pkg/datasource/guardrails_test.go` - Unit tests for all validation
functions
### Modified files:
- `pkg/datasource/datasource.go` - Added time range validation
- `pkg/datasource/zabbix.go` - Added item ID validation
- `pkg/datasource/resource_handler.go` - Added API method validation
## Reasoning
- Allowed functions might be unnecessary as we've already prevent using
those in
[types.ts](https://github.com/grafana/grafana-zabbix/blob/main/src/datasource/zabbix/types.ts#L1-L23)
but it's nice to be cautious.
- itemid and time validation is just for sanity.
- Time range validation will be necessary in the future to warn user
agains running expensive queries.
This PR moves the health check to backend only leaving in the frontend
the functionality to test the dbconnector datasource.
Leaving the `dbconnector.testDataSource` should be fine since the
datasource types we allow for db connection with Zabbix already are
backend datasources, and so their health requests would go through the
backend.
Verified:
Clicking test and seeing a `health` request go out.
IMPORTANT: While testing this in the UI, I found a bug with the config
editor - whenever a change is made in the UI and tested, the changes
don't take effect (i.e. disabling trends, keeps `trends` set to `true`,
enabling db connection keep `dbConnectionEnabled` set to `false` and so
on.). Created a separate
[issue](https://github.com/orgs/grafana/projects/457/views/40?pane=issue&itemId=3627315751&issue=grafana%7Coss-big-tent-squad%7C132)
to fix this
Fixes https://github.com/grafana/oss-big-tent-squad/issues/124
Fixes https://github.com/grafana/grafana-zabbix/issues/2004
Fixes#1986Fixes#1994
- Updated .gitignore to include SSL certificate files.
- Introduced new GitHub Actions workflows for testing compatibility with
Zabbix versions 5.0, 6.0, 7.0, and 7.2.
- Added integration tests for Zabbix API for each version, ensuring
proper authentication and API version handling.
- Updated Docker Compose files to support SSL configuration for Zabbix
web services.
- Removed deprecated default Docker Compose and bootstrap files.
- Removed devenv for version 6.2.
