feat(api): add grafana legacy (#2797)

Signed-off-by: Shahar Glazner <[email protected]>
Co-authored-by: Kirill Chernakov <[email protected]>

Author: shahargl

docs/providers/documentation/grafana-provider.mdx

@@ -4,6 +4,28 @@ description: "Grafana Provider allows either pull/push alerts from Grafana to Ke
 ---
 <Tip>Grafana currently supports pulling/pushing alerts. We will add querying and notifying soon.</Tip>
 
+## Legacy vs Unified Alerting
+
+Keep supports both Grafana's legacy alerting system and the newer Unified Alerting system. Here are the key differences:
+
+### Legacy Alerting
+- Uses notification channels for alert delivery
+- Configured at the dashboard level
+- Uses a different API endpoint (`/api/alerts` and `/api/alert-notifications`)
+- Simpler setup but fewer features
+- Alerts are tightly coupled with dashboard panels
+
+### Unified Alerting (Default from Grafana 9.0)
+- Uses alert rules and contact points
+- Configured centrally in the Alerting section
+- Uses the newer `/api/v1/alerts` endpoint
+- More powerful features including label-based routing
+- Supports multiple data sources in a single alert rule
+
+<Note>
+If you're using Grafana 8.x or earlier, or have explicitly enabled legacy alerting in newer versions, make sure to configure Keep accordingly using the legacy alerting configuration.
+</Note>
+
 ## Inputs
 
 Grafana Provider does not currently support the `notify` function.

ee/identitymanager/identity_managers/keycloak/keycloak_authverifier.py

@@ -21,6 +21,9 @@ def __init__(self, scopes: list[str] = []) -> None:
         self.keycloak_realm = os.environ.get("KEYCLOAK_REALM")
         self.keycloak_client_id = os.environ.get("KEYCLOAK_CLIENT_ID")
         self.keycloak_audience = os.environ.get("KEYCLOAK_AUDIENCE")
+        self.keycloak_verify_cert = (
+            os.environ.get("KEYCLOAK_VERIFY_CERT", "true").lower() == "true"
+        )
         if (
             not self.keycloak_url
             or not self.keycloak_realm
@@ -35,12 +38,14 @@ def __init__(self, scopes: list[str] = []) -> None:
             realm_name=self.keycloak_realm,
             client_id=self.keycloak_client_id,
             client_secret_key=os.environ.get("KEYCLOAK_CLIENT_SECRET"),
+            verify=self.keycloak_verify_cert,
         )
         self.keycloak_openid_connection = KeycloakOpenIDConnection(
             server_url=self.keycloak_url,
             realm_name=self.keycloak_realm,
             client_id=self.keycloak_client_id,
             client_secret_key=os.environ.get("KEYCLOAK_CLIENT_SECRET"),
+            verify=self.keycloak_verify_cert,
         )
         self.keycloak_uma = KeycloakUMA(connection=self.keycloak_openid_connection)
         # will be populated in on_start of the identity manager

ee/identitymanager/identity_managers/keycloak/keycloak_identitymanager.py

@@ -45,13 +45,16 @@ class KeycloakIdentityManager(BaseIdentityManager):
     def __init__(self, tenant_id, context_manager: ContextManager, **kwargs):
         super().__init__(tenant_id, context_manager, **kwargs)
         self.server_url = os.environ.get("KEYCLOAK_URL")
+        self.keycloak_verify_cert = (
+            os.environ.get("KEYCLOAK_VERIFY_CERT", "true").lower() == "true"
+        )
         try:
             self.keycloak_admin = KeycloakAdmin(
                 server_url=os.environ["KEYCLOAK_URL"] + "/admin",
                 username=os.environ.get("KEYCLOAK_ADMIN_USER"),
                 password=os.environ.get("KEYCLOAK_ADMIN_PASSWORD"),
                 realm_name=os.environ["KEYCLOAK_REALM"],
-                verify=True,
+                verify=self.keycloak_verify_cert,
             )
             self.client_id = self.keycloak_admin.get_client_id(
                 os.environ["KEYCLOAK_CLIENT_ID"]
@@ -61,6 +64,7 @@ def __init__(self, tenant_id, context_manager: ContextManager, **kwargs):
                 client_id=os.environ["KEYCLOAK_CLIENT_ID"],
                 realm_name=os.environ["KEYCLOAK_REALM"],
                 client_secret_key=os.environ["KEYCLOAK_CLIENT_SECRET"],
+                verify=self.keycloak_verify_cert,
             )
 
             self.admin_url = f'{os.environ["KEYCLOAK_URL"]}/admin/realms/{os.environ["KEYCLOAK_REALM"]}/clients/{self.client_id}'