Refactor: Remove fallback logic from Check and Compile methods in authzLimitedClient

Alerting: Update RuleGroupConfig definitions with missing fields (#115850 )
* Alerting: Update RuleGroupConfig definitions with missing fields This update adds previously missing fields to the `RuleGroupConfig` structs to ensure compatibility with external Prometheus-like rulers. Includes: - `labels`: per https://github.com/prometheus/prometheus/pull/11474 - `remote_write`: per https://github .com/grafana/mimir/blob/56f33fed6254fee5a53bde1eab36c604863e3d5f/pkg/mimirtool/rules/rwrulefmt/rulefmt.go#L16 Note: This does not add full support in Grafana; it only allows these fields to pass through the alerting proxy without causing unmarshal errors when using external rulers. * Update OpenAPI spec
2026-01-11 06:24:05 +08:00 · 2026-01-06 17:27:28 +01:00 · 2026-01-06 11:05:01 -05:00
9 changed files with 374 additions and 219 deletions
--- a/pkg/services/ngalert/api/tooling/api.json
+++ b/pkg/services/ngalert/api/tooling/api.json
@@ -647,12 +647,6 @@
  },
  "BacktestConfig": {
   "properties": {
-    "annotations": {
-     "additionalProperties": {
-      "type": "string"
-     },
-     "type": "object"
-    },
    "condition": {
     "type": "string"
    },
@@ -662,8 +656,16 @@
     },
     "type": "array"
    },
+    "exec_err_state": {
+     "enum": [
+      "OK",
+      "Alerting",
+      "Error"
+     ],
+     "type": "string"
+    },
    "for": {
-     "$ref": "#/definitions/Duration"
+     "type": "string"
    },
    "from": {
     "format": "date-time",
@@ -672,12 +674,22 @@
    "interval": {
     "$ref": "#/definitions/Duration"
    },
+    "keep_firing_for": {
+     "type": "string"
+    },
    "labels": {
     "additionalProperties": {
      "type": "string"
     },
     "type": "object"
    },
+    "missing_series_evals_to_resolve": {
+     "format": "int64",
+     "type": "integer"
+    },
+    "namespace_uid": {
+     "type": "string"
+    },
    "no_data_state": {
     "enum": [
      "Alerting",
@@ -686,12 +698,18 @@
     ],
     "type": "string"
    },
+    "rule_group": {
+     "type": "string"
+    },
    "title": {
     "type": "string"
    },
    "to": {
     "format": "date-time",
     "type": "string"
+    },
+    "uid": {
+     "type": "string"
    }
   },
   "type": "object"
@@ -1813,6 +1831,12 @@
    "interval": {
     "$ref": "#/definitions/Duration"
    },
+    "labels": {
+     "additionalProperties": {
+      "type": "string"
+     },
+     "type": "object"
+    },
    "limit": {
     "format": "int64",
     "type": "integer"
@@ -1823,6 +1847,12 @@
    "query_offset": {
     "type": "string"
    },
+    "remote_write": {
+     "items": {
+      "$ref": "#/definitions/RemoteWriteConfig"
+     },
+     "type": "array"
+    },
    "rules": {
     "items": {
      "$ref": "#/definitions/GettableExtendedRuleNode"
@@ -3142,6 +3172,12 @@
    "interval": {
     "$ref": "#/definitions/Duration"
    },
+    "labels": {
+     "additionalProperties": {
+      "type": "string"
+     },
+     "type": "object"
+    },
    "limit": {
     "format": "int64",
     "type": "integer"
@@ -3152,6 +3188,12 @@
    "query_offset": {
     "type": "string"
    },
+    "remote_write": {
+     "items": {
+      "$ref": "#/definitions/RemoteWriteConfig"
+     },
+     "type": "array"
+    },
    "rules": {
     "items": {
      "$ref": "#/definitions/PostableExtendedRuleNode"
@@ -3817,6 +3859,14 @@
   },
   "type": "object"
  },
+  "RemoteWriteConfig": {
+   "properties": {
+    "url": {
+     "type": "string"
+    }
+   },
+   "type": "object"
+  },
  "ResponseDetails": {
   "properties": {
    "msg": {
@@ -4093,6 +4143,12 @@
    "interval": {
     "$ref": "#/definitions/Duration"
    },
+    "labels": {
+     "additionalProperties": {
+      "type": "string"
+     },
+     "type": "object"
+    },
    "limit": {
     "format": "int64",
     "type": "integer"
@@ -4103,6 +4159,12 @@
    "query_offset": {
     "type": "string"
    },
+    "remote_write": {
+     "items": {
+      "$ref": "#/definitions/RemoteWriteConfig"
+     },
+     "type": "array"
+    },
    "rules": {
     "items": {
      "$ref": "#/definitions/GettableExtendedRuleNode"
--- a/pkg/services/ngalert/api/tooling/definitions/cortex-ruler.go
+++ b/pkg/services/ngalert/api/tooling/definitions/cortex-ruler.go
@@ -284,11 +284,20 @@ type PostableRuleGroupConfig struct {

 	// fields below are used by Mimir/Loki rulers

-	SourceTenants                 []string        `yaml:"source_tenants,omitempty" json:"source_tenants,omitempty"`
-	EvaluationDelay               *model.Duration `yaml:"evaluation_delay,omitempty" json:"evaluation_delay,omitempty"`
-	QueryOffset                   *model.Duration `yaml:"query_offset,omitempty" json:"query_offset,omitempty"`
-	AlignEvaluationTimeOnInterval bool            `yaml:"align_evaluation_time_on_interval,omitempty" json:"align_evaluation_time_on_interval,omitempty"`
-	Limit                         int             `yaml:"limit,omitempty" json:"limit,omitempty"`
+	SourceTenants                 []string          `yaml:"source_tenants,omitempty" json:"source_tenants,omitempty"`
+	EvaluationDelay               *model.Duration   `yaml:"evaluation_delay,omitempty" json:"evaluation_delay,omitempty"`
+	QueryOffset                   *model.Duration   `yaml:"query_offset,omitempty" json:"query_offset,omitempty"`
+	AlignEvaluationTimeOnInterval bool              `yaml:"align_evaluation_time_on_interval,omitempty" json:"align_evaluation_time_on_interval,omitempty"`
+	Limit                         int               `yaml:"limit,omitempty" json:"limit,omitempty"`
+	Labels                        map[string]string `yaml:"labels,omitempty" json:"labels,omitempty"`
+
+	// GEM Ruler.
+
+	RWConfigs []RemoteWriteConfig `yaml:"remote_write,omitempty" json:"remote_write,omitempty"`
+}
+
+type RemoteWriteConfig struct {
+	URL string `yaml:"url,omitempty" json:"url,omitempty"`
 }

 func (c *PostableRuleGroupConfig) UnmarshalJSON(b []byte) error {
@@ -328,8 +337,8 @@ func (c *PostableRuleGroupConfig) validate() error {
 		return fmt.Errorf("cannot mix Grafana & Prometheus style rules")
 	}

-	if hasGrafRules && (len(c.SourceTenants) > 0 || c.EvaluationDelay != nil || c.QueryOffset != nil || c.AlignEvaluationTimeOnInterval || c.Limit > 0) {
-		return fmt.Errorf("fields source_tenants, evaluation_delay, query_offset, align_evaluation_time_on_interval and limit are not supported for Grafana rules")
+	if hasGrafRules && (len(c.SourceTenants) > 0 || c.EvaluationDelay != nil || c.QueryOffset != nil || c.AlignEvaluationTimeOnInterval || c.Limit > 0 || len(c.Labels) > 0 || len(c.RWConfigs) > 0) {
+		return fmt.Errorf("fields source_tenants, evaluation_delay, query_offset, align_evaluation_time_on_interval, limit, labels, and remote_write are not supported for Grafana rules")
 	}
 	return nil
 }
@@ -345,11 +354,16 @@ type GettableRuleGroupConfig struct {

 	// fields below are used by Mimir/Loki rulers

-	SourceTenants                 []string        `yaml:"source_tenants,omitempty" json:"source_tenants,omitempty"`
-	EvaluationDelay               *model.Duration `yaml:"evaluation_delay,omitempty" json:"evaluation_delay,omitempty"`
-	QueryOffset                   *model.Duration `yaml:"query_offset,omitempty" json:"query_offset,omitempty"`
-	AlignEvaluationTimeOnInterval bool            `yaml:"align_evaluation_time_on_interval,omitempty" json:"align_evaluation_time_on_interval,omitempty"`
-	Limit                         int             `yaml:"limit,omitempty" json:"limit,omitempty"`
+	SourceTenants                 []string          `yaml:"source_tenants,omitempty" json:"source_tenants,omitempty"`
+	EvaluationDelay               *model.Duration   `yaml:"evaluation_delay,omitempty" json:"evaluation_delay,omitempty"`
+	QueryOffset                   *model.Duration   `yaml:"query_offset,omitempty" json:"query_offset,omitempty"`
+	AlignEvaluationTimeOnInterval bool              `yaml:"align_evaluation_time_on_interval,omitempty" json:"align_evaluation_time_on_interval,omitempty"`
+	Limit                         int               `yaml:"limit,omitempty" json:"limit,omitempty"`
+	Labels                        map[string]string `yaml:"labels,omitempty" json:"labels,omitempty"`
+
+	// GEM Ruler.
+
+	RWConfigs []RemoteWriteConfig `yaml:"remote_write,omitempty" json:"remote_write,omitempty"`
 }

 func (c *GettableRuleGroupConfig) UnmarshalJSON(b []byte) error {
--- a/pkg/services/ngalert/api/tooling/post.json
+++ b/pkg/services/ngalert/api/tooling/post.json
@@ -647,12 +647,6 @@
  },
  "BacktestConfig": {
   "properties": {
-    "annotations": {
-     "additionalProperties": {
-      "type": "string"
-     },
-     "type": "object"
-    },
    "condition": {
     "type": "string"
    },
@@ -662,8 +656,16 @@
     },
     "type": "array"
    },
+    "exec_err_state": {
+     "enum": [
+      "OK",
+      "Alerting",
+      "Error"
+     ],
+     "type": "string"
+    },
    "for": {
-     "$ref": "#/definitions/Duration"
+     "type": "string"
    },
    "from": {
     "format": "date-time",
@@ -672,12 +674,22 @@
    "interval": {
     "$ref": "#/definitions/Duration"
    },
+    "keep_firing_for": {
+     "type": "string"
+    },
    "labels": {
     "additionalProperties": {
      "type": "string"
     },
     "type": "object"
    },
+    "missing_series_evals_to_resolve": {
+     "format": "int64",
+     "type": "integer"
+    },
+    "namespace_uid": {
+     "type": "string"
+    },
    "no_data_state": {
     "enum": [
      "Alerting",
@@ -686,12 +698,18 @@
     ],
     "type": "string"
    },
+    "rule_group": {
+     "type": "string"
+    },
    "title": {
     "type": "string"
    },
    "to": {
     "format": "date-time",
     "type": "string"
+    },
+    "uid": {
+     "type": "string"
    }
   },
   "type": "object"
@@ -1813,6 +1831,12 @@
    "interval": {
     "$ref": "#/definitions/Duration"
    },
+    "labels": {
+     "additionalProperties": {
+      "type": "string"
+     },
+     "type": "object"
+    },
    "limit": {
     "format": "int64",
     "type": "integer"
@@ -1823,6 +1847,12 @@
    "query_offset": {
     "type": "string"
    },
+    "remote_write": {
+     "items": {
+      "$ref": "#/definitions/RemoteWriteConfig"
+     },
+     "type": "array"
+    },
    "rules": {
     "items": {
      "$ref": "#/definitions/GettableExtendedRuleNode"
@@ -3142,6 +3172,12 @@
    "interval": {
     "$ref": "#/definitions/Duration"
    },
+    "labels": {
+     "additionalProperties": {
+      "type": "string"
+     },
+     "type": "object"
+    },
    "limit": {
     "format": "int64",
     "type": "integer"
@@ -3152,6 +3188,12 @@
    "query_offset": {
     "type": "string"
    },
+    "remote_write": {
+     "items": {
+      "$ref": "#/definitions/RemoteWriteConfig"
+     },
+     "type": "array"
+    },
    "rules": {
     "items": {
      "$ref": "#/definitions/PostableExtendedRuleNode"
@@ -3817,6 +3859,14 @@
   },
   "type": "object"
  },
+  "RemoteWriteConfig": {
+   "properties": {
+    "url": {
+     "type": "string"
+    }
+   },
+   "type": "object"
+  },
  "ResponseDetails": {
   "properties": {
    "msg": {
@@ -4093,6 +4143,12 @@
    "interval": {
     "$ref": "#/definitions/Duration"
    },
+    "labels": {
+     "additionalProperties": {
+      "type": "string"
+     },
+     "type": "object"
+    },
    "limit": {
     "format": "int64",
     "type": "integer"
@@ -4103,6 +4159,12 @@
    "query_offset": {
     "type": "string"
    },
+    "remote_write": {
+     "items": {
+      "$ref": "#/definitions/RemoteWriteConfig"
+     },
+     "type": "array"
+    },
    "rules": {
     "items": {
      "$ref": "#/definitions/GettableExtendedRuleNode"
--- a/pkg/services/ngalert/api/tooling/spec.json
+++ b/pkg/services/ngalert/api/tooling/spec.json
@@ -5072,12 +5072,6 @@
    "BacktestConfig": {
      "type": "object",
      "properties": {
-        "annotations": {
-          "type": "object",
-          "additionalProperties": {
-            "type": "string"
-          }
-        },
        "condition": {
          "type": "string"
        },
@@ -5087,8 +5081,16 @@
            "$ref": "#/definitions/AlertQuery"
          }
        },
+        "exec_err_state": {
+          "type": "string",
+          "enum": [
+            "OK",
+            "Alerting",
+            "Error"
+          ]
+        },
        "for": {
-          "$ref": "#/definitions/Duration"
+          "type": "string"
        },
        "from": {
          "type": "string",
@@ -5097,12 +5099,22 @@
        "interval": {
          "$ref": "#/definitions/Duration"
        },
+        "keep_firing_for": {
+          "type": "string"
+        },
        "labels": {
          "type": "object",
          "additionalProperties": {
            "type": "string"
          }
        },
+        "missing_series_evals_to_resolve": {
+          "type": "integer",
+          "format": "int64"
+        },
+        "namespace_uid": {
+          "type": "string"
+        },
        "no_data_state": {
          "type": "string",
          "enum": [
@@ -5111,12 +5123,18 @@
            "OK"
          ]
        },
+        "rule_group": {
+          "type": "string"
+        },
        "title": {
          "type": "string"
        },
        "to": {
          "type": "string",
          "format": "date-time"
+        },
+        "uid": {
+          "type": "string"
        }
      }
    },
@@ -6239,6 +6257,12 @@
        "interval": {
          "$ref": "#/definitions/Duration"
        },
+        "labels": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "string"
+          }
+        },
        "limit": {
          "type": "integer",
          "format": "int64"
@@ -6249,6 +6273,12 @@
        "query_offset": {
          "type": "string"
        },
+        "remote_write": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/RemoteWriteConfig"
+          }
+        },
        "rules": {
          "type": "array",
          "items": {
@@ -7569,6 +7599,12 @@
        "interval": {
          "$ref": "#/definitions/Duration"
        },
+        "labels": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "string"
+          }
+        },
        "limit": {
          "type": "integer",
          "format": "int64"
@@ -7579,6 +7615,12 @@
        "query_offset": {
          "type": "string"
        },
+        "remote_write": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/RemoteWriteConfig"
+          }
+        },
        "rules": {
          "type": "array",
          "items": {
@@ -8243,6 +8285,14 @@
        }
      }
    },
+    "RemoteWriteConfig": {
+      "type": "object",
+      "properties": {
+        "url": {
+          "type": "string"
+        }
+      }
+    },
    "ResponseDetails": {
      "type": "object",
      "properties": {
@@ -8520,6 +8570,12 @@
        "interval": {
          "$ref": "#/definitions/Duration"
        },
+        "labels": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "string"
+          }
+        },
        "limit": {
          "type": "integer",
          "format": "int64"
@@ -8530,6 +8586,12 @@
        "query_offset": {
          "type": "string"
        },
+        "remote_write": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/RemoteWriteConfig"
+          }
+        },
        "rules": {
          "type": "array",
          "items": {
--- a/pkg/storage/unified/resource/access.go
+++ b/pkg/storage/unified/resource/access.go
@@ -110,24 +110,9 @@ func (c authzLimitedClient) Check(ctx context.Context, id claims.AuthInfo, req c
 		attribute.String("name", req.Name),
 		attribute.String("verb", req.Verb),
 		attribute.String("folder", folder),
-		attribute.Bool("fallback_used", FallbackUsed(ctx)),
 	))
 	defer span.End()

-	if FallbackUsed(ctx) {
-		if req.Namespace == "" {
-			// cross namespace queries are not allowed when fallback is used
-			span.SetAttributes(attribute.Bool("allowed", false))
-			span.SetStatus(codes.Error, "Namespace empty")
-			err := fmt.Errorf("namespace empty")
-			span.RecordError(err)
-			return claims.CheckResponse{Allowed: false}, err
-		}
-
-		span.SetAttributes(attribute.Bool("allowed", true))
-		return claims.CheckResponse{Allowed: true}, nil
-	}
-
 	if !claims.NamespaceMatches(id.GetNamespace(), req.Namespace) {
 		span.SetAttributes(attribute.Bool("allowed", false))
 		span.SetStatus(codes.Error, "Namespace mismatch")
@@ -155,28 +140,14 @@ func (c authzLimitedClient) Check(ctx context.Context, id claims.AuthInfo, req c
 // Compile implements claims.AccessClient.
 func (c authzLimitedClient) Compile(ctx context.Context, id claims.AuthInfo, req claims.ListRequest) (claims.ItemChecker, claims.Zookie, error) {
 	t := time.Now()
-	fallbackUsed := FallbackUsed(ctx)
 	ctx, span := tracer.Start(ctx, "resource.authzLimitedClient.Compile", trace.WithAttributes(
 		attribute.String("group", req.Group),
 		attribute.String("resource", req.Resource),
 		attribute.String("namespace", req.Namespace),
 		attribute.String("verb", req.Verb),
-		attribute.Bool("fallback_used", fallbackUsed),
 	))
 	defer span.End()
-	if fallbackUsed {
-		if req.Namespace == "" {
-			// cross namespace queries are not allowed when fallback is used
-			span.SetAttributes(attribute.Bool("allowed", false))
-			span.SetStatus(codes.Error, "Namespace empty")
-			err := fmt.Errorf("namespace empty")
-			span.RecordError(err)
-			return nil, claims.NoopZookie{}, err
-		}
-		return func(name, folder string) bool {
-			return true
-		}, claims.NoopZookie{}, nil
-	}
+
 	if !claims.NamespaceMatches(id.GetNamespace(), req.Namespace) {
 		span.SetAttributes(attribute.Bool("allowed", false))
 		span.SetStatus(codes.Error, "Namespace mismatch")
@@ -211,13 +182,3 @@ func (c authzLimitedClient) IsCompatibleWithRBAC(group, resource string) bool {
 }

 var _ claims.AccessClient = &authzLimitedClient{}
-
-type contextFallbackKey struct{}
-
-func WithFallback(ctx context.Context) context.Context {
-	return context.WithValue(ctx, contextFallbackKey{}, true)
-}
-
-func FallbackUsed(ctx context.Context) bool {
-	return ctx.Value(contextFallbackKey{}) != nil
-}
--- a/pkg/storage/unified/resource/access_test.go
+++ b/pkg/storage/unified/resource/access_test.go
@@ -158,67 +158,3 @@ func TestNamespaceMatching(t *testing.T) {
 		})
 	}
 }
-
-// TestNamespaceMatchingFallback tests namespace matching in Check and Compile methods when fallback is used
-func TestNamespaceMatchingFallback(t *testing.T) {
-	// Create a mock client that always returns allowed=true
-	mockClient := authlib.FixedAccessClient(true)
-	client := NewAuthzLimitedClient(mockClient, AuthzOptions{})
-
-	// Create a context with fallback disabled
-	ctx := context.Background()
-
-	tests := []struct {
-		name          string
-		authNamespace string
-		reqNamespace  string
-		expectError   bool
-	}{
-		{
-			name:         "with namespace fallback",
-			reqNamespace: "ns1",
-			expectError:  false,
-		},
-		{
-			name:         "empty request namespace with fallback",
-			reqNamespace: "",
-			expectError:  true,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			// Test Check method with namespace matching
-			checkReq := authlib.CheckRequest{
-				Group:     "unknown.group", // Use unknown group to bypass RBAC check
-				Resource:  "unknown.resource",
-				Verb:      utils.VerbGet,
-				Namespace: tt.reqNamespace,
-			}
-			ctx = WithFallback(ctx)
-			// Create a mock auth info with the specified namespace
-			// Test Check method
-			user := &identity.StaticRequester{Namespace: tt.authNamespace}
-			_, checkErr := client.Check(ctx, user, checkReq, "")
-
-			// Test Compile method
-			compileReq := authlib.ListRequest{
-				Group:     "unknown.group", // Use unknown group to bypass RBAC check
-				Resource:  "unknown.resource",
-				Verb:      utils.VerbGet,
-				Namespace: tt.reqNamespace,
-			}
-			_, _, compileErr := client.Compile(ctx, user, compileReq)
-
-			if tt.expectError {
-				require.Error(t, checkErr, "Check should return error")
-				require.Error(t, compileErr, "Compile should return error")
-				assert.ErrorContains(t, checkErr, "namespace empty", "Check should return namespace mismatch error")
-				assert.ErrorContains(t, compileErr, "namespace empty", "Compile should return namespace mismatch error")
-			} else {
-				assert.NoError(t, checkErr, "Check should not return error when namespaces match")
-				assert.NoError(t, compileErr, "Compile should not return error when namespaces match")
-			}
-		})
-	}
-}
--- a/pkg/storage/unified/sql/service.go
+++ b/pkg/storage/unified/sql/service.go
@@ -13,9 +13,7 @@ import (

 	"github.com/gorilla/mux"
 	"github.com/prometheus/client_golang/prometheus"
-	"github.com/prometheus/client_golang/prometheus/promauto"
 	"go.opentelemetry.io/otel"
-	"go.opentelemetry.io/otel/attribute"
 	"go.opentelemetry.io/otel/trace"
 	"google.golang.org/grpc/health/grpc_health_v1"

@@ -34,7 +32,6 @@ import (
 	"github.com/grafana/grafana/pkg/services/grpcserver/interceptors"
 	"github.com/grafana/grafana/pkg/setting"
 	"github.com/grafana/grafana/pkg/storage/unified/resource"
-	"github.com/grafana/grafana/pkg/storage/unified/resource/grpc"
 	"github.com/grafana/grafana/pkg/storage/unified/resourcepb"
 	"github.com/grafana/grafana/pkg/storage/unified/search"
 	"github.com/grafana/grafana/pkg/util/scheduler"
@@ -103,12 +100,8 @@ func ProvideUnifiedStorageGrpcService(
 	var err error
 	tracer := otel.Tracer("unified-storage")

-	// FIXME: This is a temporary solution while we are migrating to the new authn interceptor
-	// grpcutils.NewGrpcAuthenticator should be used instead.
-	authn := NewAuthenticatorWithFallback(cfg, reg, tracer, func(ctx context.Context) (context.Context, error) {
-		auth := grpc.Authenticator{Tracer: tracer}
-		return auth.Authenticate(ctx)
-	})
+	authCfg := ReadGrpcServerConfig(cfg)
+	authn := grpcutils.NewAuthenticator(authCfg, tracer)

 	s := &service{
 		backend:            backend,
@@ -378,50 +371,6 @@ func (s *service) stopping(_ error) error {
 	return nil
 }

-type authenticatorWithFallback struct {
-	authenticator func(ctx context.Context) (context.Context, error)
-	fallback      func(ctx context.Context) (context.Context, error)
-	metrics       *metrics
-	tracer        trace.Tracer
-}
-
-type metrics struct {
-	requestsTotal *prometheus.CounterVec
-}
-
-func (f *authenticatorWithFallback) Authenticate(ctx context.Context) (context.Context, error) {
-	ctx, span := f.tracer.Start(ctx, "grpcutils.AuthenticatorWithFallback.Authenticate")
-	defer span.End()
-
-	// Try to authenticate with the new authenticator first
-	span.SetAttributes(attribute.Bool("fallback_used", false))
-	newCtx, err := f.authenticator(ctx)
-	if err == nil {
-		// fallback not used, authentication successful
-		f.metrics.requestsTotal.WithLabelValues("false", "true").Inc()
-		return newCtx, nil
-	}
-
-	// In case of error, fallback to the legacy authenticator
-	span.SetAttributes(attribute.Bool("fallback_used", true))
-	newCtx, err = f.fallback(ctx)
-	if newCtx != nil {
-		newCtx = resource.WithFallback(newCtx)
-	}
-	f.metrics.requestsTotal.WithLabelValues("true", fmt.Sprintf("%t", err == nil)).Inc()
-	return newCtx, err
-}
-
-func newMetrics(reg prometheus.Registerer) *metrics {
-	return &metrics{
-		requestsTotal: promauto.With(reg).NewCounterVec(
-			prometheus.CounterOpts{
-				Name: "grafana_grpc_authenticator_with_fallback_requests_total",
-				Help: "Number requests using the authenticator with fallback",
-			}, []string{"fallback_used", "result"}),
-	}
-}
-
 func ReadGrpcServerConfig(cfg *setting.Cfg) *grpcutils.AuthenticatorConfig {
 	section := cfg.SectionWithEnvOverrides("grpc_server_authentication")

@@ -432,21 +381,6 @@ func ReadGrpcServerConfig(cfg *setting.Cfg) *grpcutils.AuthenticatorConfig {
 	}
 }

-func NewAuthenticatorWithFallback(cfg *setting.Cfg, reg prometheus.Registerer, tracer trace.Tracer, fallback func(context.Context) (context.Context, error)) func(context.Context) (context.Context, error) {
-	authCfg := ReadGrpcServerConfig(cfg)
-	authenticator := grpcutils.NewAuthenticator(authCfg, tracer)
-	metrics := newMetrics(reg)
-	return func(ctx context.Context) (context.Context, error) {
-		a := &authenticatorWithFallback{
-			authenticator: authenticator,
-			fallback:      fallback,
-			tracer:        tracer,
-			metrics:       metrics,
-		}
-		return a.Authenticate(ctx)
-	}
-}
-
 func toLifecyclerConfig(cfg *setting.Cfg, logger log.Logger) (ring.BasicLifecyclerConfig, error) {
 	instanceAddr, err := ring.GetInstanceAddr(cfg.MemberlistBindAddr, netutil.PrivateNetworkInterfacesWithFallback([]string{"eth0", "en0"}, logger), logger, true)
 	if err != nil {
--- a/public/api-merged.json
+++ b/public/api-merged.json
@@ -13829,12 +13829,6 @@
    "BacktestConfig": {
      "type": "object",
      "properties": {
-        "annotations": {
-          "type": "object",
-          "additionalProperties": {
-            "type": "string"
-          }
-        },
        "condition": {
          "type": "string"
        },
@@ -13844,8 +13838,16 @@
            "$ref": "#/definitions/AlertQuery"
          }
        },
+        "exec_err_state": {
+          "type": "string",
+          "enum": [
+            "OK",
+            "Alerting",
+            "Error"
+          ]
+        },
        "for": {
-          "$ref": "#/definitions/Duration"
+          "type": "string"
        },
        "from": {
          "type": "string",
@@ -13854,12 +13856,22 @@
        "interval": {
          "$ref": "#/definitions/Duration"
        },
+        "keep_firing_for": {
+          "type": "string"
+        },
        "labels": {
          "type": "object",
          "additionalProperties": {
            "type": "string"
          }
        },
+        "missing_series_evals_to_resolve": {
+          "type": "integer",
+          "format": "int64"
+        },
+        "namespace_uid": {
+          "type": "string"
+        },
        "no_data_state": {
          "type": "string",
          "enum": [
@@ -13868,12 +13880,18 @@
            "OK"
          ]
        },
+        "rule_group": {
+          "type": "string"
+        },
        "title": {
          "type": "string"
        },
        "to": {
          "type": "string",
          "format": "date-time"
+        },
+        "uid": {
+          "type": "string"
        }
      }
    },
@@ -16778,6 +16796,12 @@
        "interval": {
          "$ref": "#/definitions/Duration"
        },
+        "labels": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "string"
+          }
+        },
        "limit": {
          "type": "integer",
          "format": "int64"
@@ -16788,6 +16812,12 @@
        "query_offset": {
          "type": "string"
        },
+        "remote_write": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/RemoteWriteConfig"
+          }
+        },
        "rules": {
          "type": "array",
          "items": {
@@ -19263,6 +19293,12 @@
        "interval": {
          "$ref": "#/definitions/Duration"
        },
+        "labels": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "string"
+          }
+        },
        "limit": {
          "type": "integer",
          "format": "int64"
@@ -19273,6 +19309,12 @@
        "query_offset": {
          "type": "string"
        },
+        "remote_write": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/RemoteWriteConfig"
+          }
+        },
        "rules": {
          "type": "array",
          "items": {
@@ -20310,6 +20352,14 @@
        }
      }
    },
+    "RemoteWriteConfig": {
+      "type": "object",
+      "properties": {
+        "url": {
+          "type": "string"
+        }
+      }
+    },
    "Report": {
      "type": "object",
      "properties": {
@@ -21009,6 +21059,12 @@
        "interval": {
          "$ref": "#/definitions/Duration"
        },
+        "labels": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "string"
+          }
+        },
        "limit": {
          "type": "integer",
          "format": "int64"
@@ -21019,6 +21075,12 @@
        "query_offset": {
          "type": "string"
        },
+        "remote_write": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/RemoteWriteConfig"
+          }
+        },
        "rules": {
          "type": "array",
          "items": {
--- a/public/openapi3.json
+++ b/public/openapi3.json
@@ -3364,12 +3364,6 @@
      },
      "BacktestConfig": {
        "properties": {
-          "annotations": {
-            "additionalProperties": {
-              "type": "string"
-            },
-            "type": "object"
-          },
          "condition": {
            "type": "string"
          },
@@ -3379,8 +3373,16 @@
            },
            "type": "array"
          },
+          "exec_err_state": {
+            "enum": [
+              "OK",
+              "Alerting",
+              "Error"
+            ],
+            "type": "string"
+          },
          "for": {
-            "$ref": "#/components/schemas/Duration"
+            "type": "string"
          },
          "from": {
            "format": "date-time",
@@ -3389,12 +3391,22 @@
          "interval": {
            "$ref": "#/components/schemas/Duration"
          },
+          "keep_firing_for": {
+            "type": "string"
+          },
          "labels": {
            "additionalProperties": {
              "type": "string"
            },
            "type": "object"
          },
+          "missing_series_evals_to_resolve": {
+            "format": "int64",
+            "type": "integer"
+          },
+          "namespace_uid": {
+            "type": "string"
+          },
          "no_data_state": {
            "enum": [
              "Alerting",
@@ -3403,12 +3415,18 @@
            ],
            "type": "string"
          },
+          "rule_group": {
+            "type": "string"
+          },
          "title": {
            "type": "string"
          },
          "to": {
            "format": "date-time",
            "type": "string"
+          },
+          "uid": {
+            "type": "string"
          }
        },
        "type": "object"
@@ -6313,6 +6331,12 @@
          "interval": {
            "$ref": "#/components/schemas/Duration"
          },
+          "labels": {
+            "additionalProperties": {
+              "type": "string"
+            },
+            "type": "object"
+          },
          "limit": {
            "format": "int64",
            "type": "integer"
@@ -6323,6 +6347,12 @@
          "query_offset": {
            "type": "string"
          },
+          "remote_write": {
+            "items": {
+              "$ref": "#/components/schemas/RemoteWriteConfig"
+            },
+            "type": "array"
+          },
          "rules": {
            "items": {
              "$ref": "#/components/schemas/GettableExtendedRuleNode"
@@ -8798,6 +8828,12 @@
          "interval": {
            "$ref": "#/components/schemas/Duration"
          },
+          "labels": {
+            "additionalProperties": {
+              "type": "string"
+            },
+            "type": "object"
+          },
          "limit": {
            "format": "int64",
            "type": "integer"
@@ -8808,6 +8844,12 @@
          "query_offset": {
            "type": "string"
          },
+          "remote_write": {
+            "items": {
+              "$ref": "#/components/schemas/RemoteWriteConfig"
+            },
+            "type": "array"
+          },
          "rules": {
            "items": {
              "$ref": "#/components/schemas/PostableExtendedRuleNode"
@@ -9846,6 +9888,14 @@
        },
        "type": "object"
      },
+      "RemoteWriteConfig": {
+        "properties": {
+          "url": {
+            "type": "string"
+          }
+        },
+        "type": "object"
+      },
      "Report": {
        "properties": {
          "created": {
@@ -10544,6 +10594,12 @@
          "interval": {
            "$ref": "#/components/schemas/Duration"
          },
+          "labels": {
+            "additionalProperties": {
+              "type": "string"
+            },
+            "type": "object"
+          },
          "limit": {
            "format": "int64",
            "type": "integer"
@@ -10554,6 +10610,12 @@
          "query_offset": {
            "type": "string"
          },
+          "remote_write": {
+            "items": {
+              "$ref": "#/components/schemas/RemoteWriteConfig"
+            },
+            "type": "array"
+          },
          "rules": {
            "items": {
              "$ref": "#/components/schemas/GettableExtendedRuleNode"