Merge branch 'gops-configuration-tracker' into slo/gops-configuration…

…-tracker

* gops-configuration-tracker: (56 commits)
  SAML: add referemce to azure ad limitations (#87571)
  Update dependency glob to v10.3.14
  Chore: Updated go.work.sum file (#87622)
  Update dependency @types/lodash to v4.17.1 (#87419)
  AdHocFilters: Use queries in ad hoc filters api calls (#87624)
  TimeSeries: Improve keyboard focus and fix spacebar override (#86848)
  Dropdown: Fixes double call to onVisibilityChange (#87607)
  [DOC] Adds missing link to Pyroscope core data source (#85493)
  Docs: Add Configuring Elasticsearch documentation for required privileges (#87593)
  Update dependency eslint-plugin-jsdoc to v48.2.4
  Chore: Add login protection when user is trying different uppercase letters (#87588)
  Explore: lookup datasource by name when present in legacy URLs (#85222)
  Update dependency @prometheus-io/lezer-promql to v0.52.0 (#87554)
  Update dependency systemjs to v6.15.1 (#87594)
  Chore: Remove deprecated re-exported template variable types (#87459)
  Chore: Use getNextRefId instead of deprecated getNextRefIdChar (#87460)
  Chore: Remove use of deprecated method in AC code (#87541)
  Chore:: Update authlib version (#87603)
  Alerting: Reduce number of request fetching rules in the dashboard view using rtkq (#86991)
  refactor: rename variable
  ...

.betterer.results

@@ -108,9 +108,6 @@ exports[`better eslint`] = {
       [0, 0, 0, "Do not use any type assertions.", "7"],
       [0, 0, 0, "Do not use any type assertions.", "8"]
     ],
-    "packages/grafana-data/src/datetime/rangeutil.ts:5381": [
-      [0, 0, 0, "Do not use any type assertions.", "0"]
-    ],
     "packages/grafana-data/src/events/EventBus.ts:5381": [
       [0, 0, 0, "Unexpected any. Specify a different type.", "0"],
       [0, 0, 0, "Unexpected any. Specify a different type.", "1"]
@@ -1401,36 +1398,12 @@ exports[`better eslint`] = {
       [0, 0, 0, "Do not use export all (\`export * from ...\`)", "1"],
       [0, 0, 0, "Do not use export all (\`export * from ...\`)", "2"]
     ],
-    "public/app/features/canvas/element.ts:5381": [
-      [0, 0, 0, "Unexpected any. Specify a different type.", "0"],
-      [0, 0, 0, "Unexpected any. Specify a different type.", "1"],
-      [0, 0, 0, "Unexpected any. Specify a different type.", "2"],
-      [0, 0, 0, "Unexpected any. Specify a different type.", "3"],
-      [0, 0, 0, "Unexpected any. Specify a different type.", "4"]
-    ],
     "public/app/features/canvas/index.ts:5381": [
       [0, 0, 0, "Do not use export all (\`export * from ...\`)", "0"],
       [0, 0, 0, "Do not use export all (\`export * from ...\`)", "1"],
       [0, 0, 0, "Do not re-export imported variable (\`./frame\`)", "2"],
       [0, 0, 0, "Do not use export all (\`export * from ...\`)", "3"]
     ],
-    "public/app/features/canvas/runtime/element.tsx:5381": [
-      [0, 0, 0, "Unexpected any. Specify a different type.", "0"],
-      [0, 0, 0, "Do not use any type assertions.", "1"],
-      [0, 0, 0, "Do not use any type assertions.", "2"],
-      [0, 0, 0, "Do not use any type assertions.", "3"],
-      [0, 0, 0, "Do not use any type assertions.", "4"],
-      [0, 0, 0, "Do not use any type assertions.", "5"]
-    ],
-    "public/app/features/canvas/runtime/frame.tsx:5381": [
-      [0, 0, 0, "Do not use any type assertions.", "0"]
-    ],
-    "public/app/features/canvas/runtime/scene.tsx:5381": [
-      [0, 0, 0, "Do not use any type assertions.", "0"],
-      [0, 0, 0, "Do not use any type assertions.", "1"],
-      [0, 0, 0, "Styles should be written using objects.", "2"],
-      [0, 0, 0, "Styles should be written using objects.", "3"]
-    ],
     "public/app/features/canvas/types.ts:5381": [
       [0, 0, 0, "Do not re-export imported variable (\`Placement\`)", "0"],
       [0, 0, 0, "Do not re-export imported variable (\`Constraint\`)", "1"],
@@ -3548,22 +3521,20 @@ exports[`better eslint`] = {
     ],
     "public/app/features/variables/types.ts:5381": [
       [0, 0, 0, "Do not re-export imported variable (\`@grafana/data\`)", "0"],
-      [0, 0, 0, "Do not re-export imported variable (\`VariableHide\`)", "1"],
+      [0, 0, 0, "Unexpected any. Specify a different type.", "1"],
       [0, 0, 0, "Unexpected any. Specify a different type.", "2"],
       [0, 0, 0, "Unexpected any. Specify a different type.", "3"],
       [0, 0, 0, "Unexpected any. Specify a different type.", "4"],
-      [0, 0, 0, "Unexpected any. Specify a different type.", "5"],
-      [0, 0, 0, "Unexpected any. Specify a different type.", "6"]
+      [0, 0, 0, "Unexpected any. Specify a different type.", "5"]
     ],
     "public/app/features/variables/utils.ts:5381": [
       [0, 0, 0, "Unexpected any. Specify a different type.", "0"],
       [0, 0, 0, "Unexpected any. Specify a different type.", "1"],
       [0, 0, 0, "Unexpected any. Specify a different type.", "2"],
-      [0, 0, 0, "Do not use any type assertions.", "3"],
+      [0, 0, 0, "Unexpected any. Specify a different type.", "3"],
       [0, 0, 0, "Unexpected any. Specify a different type.", "4"],
       [0, 0, 0, "Unexpected any. Specify a different type.", "5"],
-      [0, 0, 0, "Unexpected any. Specify a different type.", "6"],
-      [0, 0, 0, "Do not use any type assertions.", "7"]
+      [0, 0, 0, "Do not use any type assertions.", "6"]
     ],
     "public/app/features/visualization/data-hover/DataHoverRows.tsx:5381": [
       [0, 0, 0, "Styles should be written using objects.", "0"]
@@ -3678,8 +3649,9 @@ exports[`better eslint`] = {
     "public/app/plugins/datasource/cloud-monitoring/datasource.ts:5381": [
       [0, 0, 0, "Do not use any type assertions.", "0"],
       [0, 0, 0, "Unexpected any. Specify a different type.", "1"],
-      [0, 0, 0, "Unexpected any. Specify a different type.", "2"],
-      [0, 0, 0, "Do not use any type assertions.", "3"]
+      [0, 0, 0, "Do not use any type assertions.", "2"],
+      [0, 0, 0, "Unexpected any. Specify a different type.", "3"],
+      [0, 0, 0, "Do not use any type assertions.", "4"]
     ],
     "public/app/plugins/datasource/cloud-monitoring/functions.ts:5381": [
       [0, 0, 0, "Do not use any type assertions.", "0"],

.github/workflows/alerting-swagger-gen.yml

@@ -16,7 +16,7 @@ jobs:
       - name: Set go version
         uses: actions/setup-go@v4
         with:
-          go-version: '1.22.3'
+          go-version-file: go.mod
       - name: Build swagger
         run: |
           make -C pkg/services/ngalert/api/tooling post.json api.json

.github/workflows/bump-version.yml

@@ -58,7 +58,7 @@ jobs:
       # Go is required for also updating the schema versions as part of the precommit hook:
       - uses: actions/setup-go@v4
         with:
-          go-version: '1.22.3'
+          go-version-file: go.mod
       - uses: actions/setup-node@v4
         with:
           node-version: '18'

.github/workflows/codeql-analysis.yml

@@ -48,7 +48,7 @@ jobs:
       name: Set go version
       uses: actions/setup-go@v4
       with:
-        go-version: '1.22.3'
+        go-version-file: go.mod
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/pr-codeql-analysis-go.yml

@@ -36,7 +36,7 @@ jobs:
     - name: Set go version
       uses: actions/setup-go@v4
       with:
-        go-version: '1.22.3'
+        go-version-file: go.mod
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/pr-go-workspace-check.yml

@@ -22,7 +22,7 @@ jobs:
     - name: Set go version
       uses: actions/setup-go@v4
       with:
-        go-version: '1.22.3'
+        go-version-file: go.mod
 
     - name: Workspace Sync
       run: go work sync
@@ -33,6 +33,7 @@ jobs:
           echo "Changes detected:"
           git diff
           echo "Please run 'go work sync' and commit the changes."
+          echo "If there is a change in enterprise dependencies, please update pkg/extensions/main.go."
           exit 1
         fi
 
@@ -45,5 +46,6 @@ jobs:
           echo "Changes detected:"
           git diff
           echo "Please run 'make build-go' and commit the changes."
+          echo "If there is a change in enterprise dependencies, please update pkg/extensions/main.go."
           exit 1
         fi

.github/workflows/publish-kinds-next.yml

@@ -36,7 +36,7 @@ jobs:
       - name: "Setup Go"
         uses: "actions/setup-go@v4"
         with:
-          go-version: '1.22.3'
+          go-version-file: go.mod
 
       - name: "Verify kinds"
         run: go run .github/workflows/scripts/kinds/verify-kinds.go

.github/workflows/publish-kinds-release.yml

@@ -39,7 +39,7 @@ jobs:
       - name: "Setup Go"
         uses: "actions/setup-go@v4"
         with:
-          go-version: '1.22.3'
+          go-version-file: go.mod
 
       - name: "Verify kinds"
         run: go run .github/workflows/scripts/kinds/verify-kinds.go

.github/workflows/verify-kinds.yml

@@ -18,7 +18,7 @@ jobs:
       - name: "Setup Go"
         uses: "actions/setup-go@v4"
         with:
-          go-version: '1.22.3'
+          go-version-file: go.mod
 
       - name: "Verify kinds"
         run: go run .github/workflows/scripts/kinds/verify-kinds.go

contribute/backend/upgrading-go-version.md

@@ -6,17 +6,15 @@ Example PR: https://github.com/grafana/grafana/pull/79329
 
 ## The main areas that need to change during the upgrade are:
 
-- https://github.com/grafana/grafana/blob/d8ecea4ed93efb2e4d64a5ee24bc08f3805f413d/scripts/drone/variables.star#L6
-- https://github.com/grafana/grafana/blob/d8ecea4ed93efb2e4d64a5ee24bc08f3805f413d/Makefile#L264
-- https://github.com/grafana/grafana/blob/d8ecea4ed93efb2e4d64a5ee24bc08f3805f413d/Dockerfile#L6
+- [`go.mod`](/go.mod#L3)
+- [`go.work`](/go.work#L1)
+- [`scripts/drone/variables.star`](/scripts/drone/variables.star#L6)
+- [`Makefile`](/Makefile#L12)
+- [`Dockerfile`](/Dockerfile#L6)
 
-Make sure to run `make drone` so that changes to `.star` files are reflected and `drone.yml` is generated.
+Then, run `go mod tidy` and `go work sync`. Also run `make drone` so changes to `.star` files are reflected and `drone.yml` is updated.
 
 ### Additional files to change
 
 - Take a look in `.github/workflows` folder for what `go` version is being used there in various workflows.
 - Make sure to create a PR with the corresponding changes in `grafana/grafana-enterprise` repository.
-
-## Updating the go.mod file
-
-Please avoid updating the `go.mod` to the newest version unless really necessary. This ensures backwards compatibility and introduces less breaking changes. Always upgrade Go version in the runtime files above first, let them run for a couple of weeks and only then consider updating the `go.mod` file if necessary.

docs/sources/datasources/_index.md

@@ -113,6 +113,7 @@ These built-in core data sources are also included in the Grafana documentation:
 - [OpenTSDB]({{< relref "./opentsdb" >}})
 - [PostgreSQL]({{< relref "./postgres" >}})
 - [Prometheus]({{< relref "./prometheus" >}})
+- [Pyroscope]({{< relref "./pyroscope" >}})
 - [Tempo]({{< relref "./tempo" >}})
 - [Testdata]({{< relref "./testdata" >}})
 - [Zipkin]({{< relref "./zipkin" >}})

docs/sources/datasources/elasticsearch/configure-elasticsearch-data-source.md

@@ -28,6 +28,14 @@ For instructions on how to add a data source to Grafana, refer to the [administr
 Only users with the organization `administrator` role can add data sources.
 Administrators can also [configure the data source via YAML](#provision-the-data-source) with Grafana's provisioning system.
 
+## Configuring permissions
+
+When Elasticsearch security features are enabled, it is essential to configure the necessary cluster privileges to ensure seamless operation. Below is a list of the required privileges along with their purposes:
+
+- **monitor** - Necessary to retrieve the version information of the connected Elasticsearch instance.
+- **view_index_metadata** - Required for accessing mapping definitions of indices.
+- **read** - Grants the ability to perform search and retrieval operations on indices. This is essential for querying and extracting data from the cluster.
+
 ## Add the data source
 
 To add the Elasticsearch data source, complete the following steps:

docs/sources/panels-visualizations/query-transform-data/transform-data/index.md

@@ -39,7 +39,7 @@ labels:
     - enterprise
     - oss
 title: Transform data
-description: Use transformations to rename fields, join series data, apply mathematical operations, and more
+description: Use transformations to rename fields, join time series/SQL-like data, apply mathematical operations, and more
 weight: 100
 ---
 
@@ -48,7 +48,7 @@ weight: 100
 Transformations are a powerful way to manipulate data returned by a query before the system applies a visualization. Using transformations, you can:
 
 - Rename fields
-- Join time series data
+- Join time series/SQL-like data
 - Perform mathematical operations across queries
 - Use the output of one transformation as the input to another transformation
 
@@ -761,13 +761,13 @@ Use this transformation to merge multiple results into a single table, enabling
 
 This is especially useful for converting multiple time series results into a single wide table with a shared time field.
 
-#### Inner join
+#### Inner join (for Time Series or SQL-like data)
 
 An inner join merges data from multiple tables where all tables share the same value from the selected field. This type of join excludes data where values do not match in every result.
 
-Use this transformation to combine the results from multiple queries (combining on a passed join field or the first time column) into one result, and drop rows where a successful join cannot occur.
+Use this transformation to combine the results from multiple queries (combining on a passed join field or the first time column) into one result, and drop rows where a successful join cannot occur. This is not optimized for large Time Series datasets.
 
-In the following example, two queries return table data. It is visualized as two separate tables before applying the inner join transformation.
+In the following example, two queries return Time Series data. It is visualized as two separate tables before applying the inner join transformation.
 
 **Query A:**
 
@@ -792,7 +792,39 @@ The result after applying the inner join transformation looks like the following
 | 2020-07-07 11:34:20 | node    | 25260122  | server 1 | 15     |
 | 2020-07-07 11:24:20 | postgre | 123001233 | server 2 | 5      |
 
-#### Outer join
+This works in the same way for non-Time Series tabular data as well.
+
+**Students**
+
+| StudentID | Name     | Major            |
+| --------- | -------- | ---------------- |
+| 1         | John     | Computer Science |
+| 2         | Emily    | Mathematics      |
+| 3         | Michael  | Physics          |
+| 4         | Jennifer | Chemistry        |
+
+**Enrollments**
+
+| StudentID | CourseID | Grade |
+| --------- | -------- | ----- |
+| 1         | CS101    | A     |
+| 1         | CS102    | B     |
+| 2         | MATH201  | A     |
+| 3         | PHYS101  | B     |
+| 5         | HIST101  | B     |
+
+The result after applying the inner join transformation looks like the following:
+
+| StudentID | Name    | Major            | CourseID | Grade |
+| --------- | ------- | ---------------- | -------- | ----- |
+| 1         | John    | Computer Science | CS101    | A     |
+| 1         | John    | Computer Science | CS102    | B     |
+| 2         | Emily   | Mathematics      | MATH201  | A     |
+| 3         | Michael | Physics          | PHYS101  | B     |
+
+The inner join only includes rows where there is a match between the "StudentID" in both tables. In this case, the result does not include "Jennifer" from the "Students" table because there are no matching enrollments for her in the "Enrollments" table.
+
+#### Outer join (for Time Series data)
 
 An outer join includes all data from an inner join and rows where values do not match in every input. While the inner join joins Query A and Query B on the time field, the outer join includes all rows that don't match on the time field.
 
@@ -831,6 +863,38 @@ I applied a transformation to join the query results using the time field. Now I
 
 {{< figure src="/static/img/docs/transformations/join-fields-after-7-0.png" class="docs-image--no-shadow" max-width= "1100px" alt="A table visualization showing results for multiple servers" >}}
 
+#### Outer join (for SQL-like data)
+
+A tabular outer join combining tables so that the result includes matched and unmatched rows from either or both tables.
+
+| StudentID | Name     | Major            |
+| --------- | -------- | ---------------- |
+| 1         | John     | Computer Science |
+| 2         | Emily    | Mathematics      |
+| 3         | Michael  | Physics          |
+| 4         | Jennifer | Chemistry        |
+
+Can now be joined with:
+
+| StudentID | CourseID | Grade |
+| --------- | -------- | ----- |
+| 1         | CS101    | A     |
+| 1         | CS102    | B     |
+| 2         | MATH201  | A     |
+| 3         | PHYS101  | B     |
+| 5         | HIST101  | B     |
+
+The result after applying the outer join transformation looks like the following:
+
+| StudentID | Name     | Major            | CourseID | Grade |
+| --------- | -------- | ---------------- | -------- | ----- |
+| 1         | John     | Computer Science | CS101    | A     |
+| 1         | John     | Computer Science | CS102    | B     |
+| 2         | Emily    | Mathematics      | MATH201  | A     |
+| 3         | Michael  | Physics          | PHYS101  | B     |
+| 4         | Jennifer | Chemistry        | NULL     | NULL  |
+| 5         | NULL     | NULL             | HIST101  | B     |
+
 Combine and analyze data from various queries with table joining for a comprehensive view of your information.
 
 ### Join by labels

docs/sources/setup-grafana/configure-grafana/enterprise-configuration/index.md

@@ -180,7 +180,7 @@ Name of the TrueType font file with italic style.
 
 ### max_retries_per_panel
 
-Maximum number of panel rendering request retries before returning an error. To disable the retry feature, enter `0`. This is available in public preview and requires the 'reportingRetries' feature toggle.
+Maximum number of panel rendering request retries before returning an error. To disable the retry feature, enter `0`. This is available in public preview and requires the `reportingRetries` feature toggle.
 
 ## [auditing]
 
@@ -531,6 +531,34 @@ A space-separated list of memcached servers. Example: `memcached-server-1:11211
 
 The default is `"localhost:11211"`.
 
+{{% admonition type="note" %}}
+The following memcached configuration requires the `tlsMemcached` feature toggle.
+{{% /admonition %}}
+
+### tls_enabled
+
+Enables TLS authentication for memcached. Defaults to `false`.
+
+### tls_cert_path
+
+Path to the client certificate, which will be used for authenticating with the server. Also requires the key path to be configured.
+
+### tls_key_path
+
+Path to the key for the client certificate. Also requires the client certificate to be configured.
+
+### tls_ca_path
+
+Path to the CA certificates to validate the server certificate against. If not set, the host's root CA certificates are used.
+
+### tls_server_name
+
+Override the expected name on the server certificate.
+
+### connection_timeout
+
+Timeout for the memcached client to connect to memcached. Defaults to `0`, which uses the memcached client default timeout per connection scheme.
+
 ## [recorded_queries]
 
 ### enabled

docs/sources/setup-grafana/configure-security/configure-authentication/saml/index.md

@@ -58,6 +58,15 @@ In terms of initiation, Grafana supports:
 
 By default, SP-initiated requests are enabled. For instructions on how to enable IdP-initiated logins, see [IdP-initiated Single Sign-On (SSO)]({{< relref "#idp-initiated-single-sign-on-sso" >}}).
 
+{{% admonition type="warning" %}}
+It is possible to setup Grafana with SAML authentication using Azure AD. However, Azure AD limits the number of groups that can be sent in the SAML assertion to 150. If you have more than 150 groups, Azure AD provides a link to retrieve the groups that only works for OIDC/OAuth workflows. At the moment it is not possible to use this link with SAML authentication in Grafana.
+
+It is preferable to take this into consideration when setting up SAML authentication with Azure AD. We encourage the use of [Azure AD OAuth integration]({{< relref "../azuread" >}}) instead of SAML if you have more than 150 groups.
+
+- [Azure AD SAML limitations](https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference#groups-overage-claim)
+
+{{% /admonition %}}
+
 ### Edit SAML options in the Grafana config file
 
 1. In the `[auth.saml]` section in the Grafana configuration file, set [`enabled`]({{< relref "../../../configure-grafana/enterprise-configuration#enabled" >}}) to `true`.