This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [golang.org/x/net](https://pkg.go.dev/golang.org/x/net) | [`v0.46.0` →
`v0.48.0`](https://cs.opensource.google/go/x/net/+/refs/tags/v0.46.0...refs/tags/v0.48.0)
|
|
|
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
## Need help?
You can ask for more help in the following Slack channel:
#proj-renovate-self-hosted. In that channel you can also find ADR and
FAQ docs in the Resources section.
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42NC4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLW1pbm9yIl19-->
---------
Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com>
Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com>
Co-authored-by: Jocelyn Collado-Kuri <jcolladokuri@icloud.com>
## Summary
Implements query guardrails in the backend to prevent execution of
expensive or malformed queries that could impact customer environments.
Part of https://github.com/grafana/oss-big-tent-squad/issues/127
## Changes
### New guardrails added:
1. **Item ID validation** (`queryItemIdData`)
- Validates that item IDs are non-empty
- Validates that item IDs contain only numeric values
2. **Time range validation** (`QueryData`)
- Validates that `From` timestamp is before `To` timestamp
3. **API method allowlist** (`ZabbixAPIHandler`)
- Only allows Zabbix API methods defined in the frontend type
`zabbixMethodName`
- Blocks any write/delete/update operations not in the allowlist
### New files:
- `pkg/datasource/guardrails.go` - Validation functions and error
definitions
- `pkg/datasource/guardrails_test.go` - Unit tests for all validation
functions
### Modified files:
- `pkg/datasource/datasource.go` - Added time range validation
- `pkg/datasource/zabbix.go` - Added item ID validation
- `pkg/datasource/resource_handler.go` - Added API method validation
## Reasoning
- Allowed functions might be unnecessary as we've already prevent using
those in
[types.ts](https://github.com/grafana/grafana-zabbix/blob/main/src/datasource/zabbix/types.ts#L1-L23)
but it's nice to be cautious.
- itemid and time validation is just for sanity.
- Time range validation will be necessary in the future to warn user
agains running expensive queries.
This PR moves the health check to backend only leaving in the frontend
the functionality to test the dbconnector datasource.
Leaving the `dbconnector.testDataSource` should be fine since the
datasource types we allow for db connection with Zabbix already are
backend datasources, and so their health requests would go through the
backend.
Verified:
Clicking test and seeing a `health` request go out.
IMPORTANT: While testing this in the UI, I found a bug with the config
editor - whenever a change is made in the UI and tested, the changes
don't take effect (i.e. disabling trends, keeps `trends` set to `true`,
enabling db connection keep `dbConnectionEnabled` set to `false` and so
on.). Created a separate
[issue](https://github.com/orgs/grafana/projects/457/views/40?pane=issue&itemId=3627315751&issue=grafana%7Coss-big-tent-squad%7C132)
to fix this
Fixes https://github.com/grafana/oss-big-tent-squad/issues/124
Fixes https://github.com/grafana/grafana-zabbix/issues/2004
* Use data frames for numeric data
* Use data frames for text data
* Use data frames for IT services
* fix multiple series
* Convert to the wide format if possible
* Fix table format for text data
* Add refId to the data frames
* Align time series from Zabbix API
* Fill gaps with nulls
* Fix moving average functions
* Option for disabling data alignment
* remove unused logging
* Add labels to data frames
* Detect units
* Set min and max for if percent unit used
* Use value mapping from Zabbix
* Rename unitConverter -> convertZabbixUnit
* More units
* Add missing points in front of each series
* Fix handling table data
* fix db connector data frames handling
* fix it services data frames handling
* Detect all known grafana units
* Chore: remove unused logging
* Fix problems format
* Debug logging: show original units
* Add global option for disabling data alignment
* Add tooltip for the disableDataAlignment feature
* Add note about query options
* Functions for aligning timeseries on the backend
