ysde/grafana-backup-tool

Alerts restored comes with the state as "Provisioned" and they are read-only

Closed this issue · 4 comments

Alerts restored with grafana-backup-tool comes with the state as "Provisioned" and they are read-only not allowing any user edition.

image

I understand this is possibly a limitation on grafana alerting API but I'm opening this ticket to track the issue and try to find/implement a workaround.

grafana/terraform-provider-grafana#697 (comment)

Looks like a workaround is being implemented: "X-Disable-Provenance" = "disable" but it's not fully operational yet.

https://grafana.com/docs/grafana/latest/alerting/set-up/provision-alerting-resources/view-provisioned-resources/#edit-api-provisioned-alerting-resources

To enable editing of API-provisioned resources in the Grafana UI, add the X-Disable-Provenance header to the following requests in the API:

POST /api/v1/provisioning/alert-rules
PUT /api/v1/provisioning/folder/{FolderUID}/rule-groups/{Group} (calling this endpoint will change provenance for all alert rules within the alert group)
POST /api/v1/provisioning/contact-points
POST /api/v1/provisioning/mute-timings
PUT /api/v1/provisioning/policies
PUT /api/v1/provisioning/templates/{name}

Here: https://github.com/ysde/grafana-backup-tool/blob/5175db43c0c8c6e4129a0bf9d20f601c923f3ec8/grafana_backup/create_alert_rule.py#L8C39-L8C56

this environment variable HTTP_POST_HEADERS could be used to apply the X-Disable-Provenance header.
I applied and restored a recent backup. The config doesn't release the old alerts for editing and also locked the latest alerts manually created and overwritten by the restore.

Still researching...

WORKAROUND:

looks like the API doesn't allow change once it's provisioned. The process that I've followed is to delete all rules by curl and restore a backup with thew export HTTP_POST_HEADERS='x-disable-provenance'

One liner to delete all alert rules:

curl -H "Authorization: Bearer <<TOKEN>> " http://localhost:3000/api/v1/provisioning/alert-rules/export | grep -e "- uid:" | awk '{ print$3 }' | xargs -I % curl -X DELETE -H "Authorization: Bearer <<TOKEN>>" http://localhost:3000/api/v1/provisioning/alert-rules/%