grafana: rebase grafana.ini to grafana 10.2.3-1

roles/grafana/templates/grafana.ini.j2

@@ -10,6 +10,7 @@
 ;instance_name = ${HOSTNAME}
 
 # force migration will run migrations that might cause dataloss
+# Deprecated, use clean_upgrade option in [unified_alerting.upgrade] instead.
 ;force_migration = false
 
 #################################### Paths ####################################
@@ -290,6 +291,9 @@ check_for_updates = false
 # Rudderstack Config url, optional, used by Rudderstack SDK to fetch source config
 ;rudderstack_config_url =
 
+# Rudderstack Integrations URL, optional. Only valid if you pass the SDK version 1.1 or higher
+;rudderstack_integrations_url =
+
 # Intercom secret, optional, used to hash user_id before passing to Intercom via Rudderstack
 ;intercom_secret =
 
@@ -559,6 +563,17 @@ signout_redirect_url = https://accounts.archlinux.org/realms/archlinux/protocol/
 # Use email lookup in addition to the unique ID provided by the IdP
 ;oauth_allow_insecure_email_lookup = false
 
+# Set to true to include id of identity as a response header
+;id_response_header_enabled = false
+
+# Prefix used for the id response header, X-Grafana-Identity-Id
+;id_response_header_prefix = X-Grafana
+
+# List of identity namespaces to add id response headers for, separated by space.
+# Available namespaces are user, api-key and service-account.
+# The header value will encode the namespace ("user:<id>", "api-key:<id>", "service-account:<id>")
+;id_response_header_namespaces = user api-key service-account
+
 #################################### Anonymous Auth ######################
 [auth.anonymous]
 # enable anonymous access
@@ -586,6 +601,7 @@ hide_version = true
 ;auth_url = https://github.com/login/oauth/authorize
 ;token_url = https://github.com/login/oauth/access_token
 ;api_url = https://api.github.com/user
+;signout_redirect_url =
 ;allowed_domains =
 ;team_ids =
 ;allowed_organizations =
@@ -607,6 +623,7 @@ hide_version = true
 ;auth_url = https://gitlab.com/oauth/authorize
 ;token_url = https://gitlab.com/oauth/token
 ;api_url = https://gitlab.com/api/v4
+;signout_redirect_url =
 ;allowed_domains =
 ;allowed_groups =
 ;role_attribute_path =
@@ -632,6 +649,7 @@ hide_version = true
 ;auth_url = https://accounts.google.com/o/oauth2/v2/auth
 ;token_url = https://oauth2.googleapis.com/token
 ;api_url = https://openidconnect.googleapis.com/v1/userinfo
+;signout_redirect_url =
 ;allowed_domains =
 ;hosted_domain =
 ;allowed_groups =
@@ -666,6 +684,7 @@ hide_version = true
 ;scopes = openid email profile
 ;auth_url = https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize
 ;token_url = https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token
+;signout_redirect_url =
 ;allowed_domains =
 ;allowed_groups =
 ;allowed_organizations =
@@ -687,6 +706,7 @@ hide_version = true
 ;auth_url = https://<tenant-id>.okta.com/oauth2/v1/authorize
 ;token_url = https://<tenant-id>.okta.com/oauth2/v1/token
 ;api_url = https://<tenant-id>.okta.com/oauth2/v1/userinfo
+;signout_redirect_url =
 ;allowed_domains =
 ;allowed_groups =
 ;role_attribute_path =
@@ -714,6 +734,7 @@ email_attribute_path = email
 auth_url = https://accounts.archlinux.org/realms/archlinux/protocol/openid-connect/auth
 token_url = https://accounts.archlinux.org/realms/archlinux/protocol/openid-connect/token
 api_url = https://accounts.archlinux.org/realms/archlinux/protocol/openid-connect/userinfo
+;signout_redirect_url =
 ;teams_url =
 ;allowed_domains =
 ;team_ids =
@@ -1083,8 +1104,8 @@ mode = syslog
 # The timeout string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
 ;evaluation_timeout = 30s
 
-# Number of times we'll attempt to evaluate an alert rule before giving up on that evaluation. This option has a legacy version in the `[alerting]` section that takes precedence.
-;max_attempts = 3
+# Number of times we'll attempt to evaluate an alert rule before giving up on that evaluation. The default value is 1.
+;max_attempts = 1
 
 # Minimum interval to enforce between rule evaluations. Rules will be adjusted if they are less than this value  or if they are not multiple of the scheduler interval (10s). Higher values can help with resource management as we'll schedule fewer evaluations over time. This option has a legacy version in the `[alerting]` section that takes precedence.
 # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
@@ -1145,6 +1166,13 @@ mode = syslog
 # Any number of label key-value-pairs can be provided.
 ; mylabelkey = mylabelvalue
 
+[unified_alerting.upgrade]
+# If set to true when upgrading from legacy alerting to Unified Alerting, grafana will first delete all existing
+# Unified Alerting resources, thus re-upgrading all organizations from scratch. If false or unset, organizations that
+# have previously upgraded will not lose their existing Unified Alerting data when switching between legacy and
+# Unified Alerting. Should be kept false when not needed as it may cause unintended data-loss if left enabled.
+;clean_upgrade = false
+
 #################################### Alerting ############################
 [alerting]
 # Disable legacy alerting engine & UI features