apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
56230 Commits
2158 Branches
608 Tags
1.9 GiB
Tag: Branch: Tree: cbb688e910
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cbb688e910'
${ noResults }
grafana/pkg/services/annotations/annotationsimpl/annotations_test.go

363 lines
12 KiB
Raw Normal View History Unescape

Annotations: Lift parts of RBAC from xorm store into auth service (#76967) * [WIP] Lift RBAC from xorm store * Cleanup RBAC, fix tests * Use the scope type map as a map * Remove dependency on dashboard service * Make dashboards a map for constant time lookups (useful later) --- * Lift RBAC tests into a new file to test at service level * Add necessary access resource structs to xorm store tests * Move authorization into separate service * Pass features to searchstore.Builder * Sort imports * Code cleanup * Remove useless scope type check * Lift permission check into `Authorize()` * Use clearer language when checking scope types * Include dashboard permissions in test to ensure they're ignored * Switch to errutil * Cleanup sql.Cfg refs
2 years ago
package annotationsimpl
import (
"context"
"errors"
"fmt"
"testing"
Folders: Show dashboards and folders with directly assigned permissions in "Shared" folder (#78465) * Folders: Show folders user has access to at the root level * Refactor * Refactor * Hide parent folders user has no access to * Skip expensive computation if possible * Fix tests * Fix potential nil access * Fix duplicated folders * Fix linter error * Fix querying folders if no managed permissions set * Update benchmark * Add special shared with me folder and fetch available non-root folders on demand * Fix parents query * Improve db query for folders * Reset benchmark changes * Fix permissions for shared with me folder * Simplify dedup * Add option to include shared folder permission to user's permissions * Fix nil UID * Remove duplicated folders from shared list * Folders: Fix fetching empty folder * Nested folders: Show dashboards with directly assigned permissions * Fix slow dashboards fetch * Refactor * Fix cycle dependencies * Move shared folder to models * Fix shared folder links * Refactor * Use feature flag for permissions * Use feature flag * Review comments * Expose shared folder UID through frontend settings * Add frontend type for sharedWithMeFolderUID option * Refactor: apply review suggestions * Fix parent uid for shared folder * Fix listing shared dashboards for users with access to all folders * Prevent creating folder with "shared" UID * Add tests for shared folders * Add test for shared dashboards * Fix linter * Add metrics for shared with me folder * Add metrics for shared with me dashboards * Fix tests * Tests: add metrics as a dependency * Fix access control metadata for shared with me folder * Use constant for shared with me * Optimize parent folders access check, fetch all folders in one query. * Use labels for metrics
2 years ago
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
Annotations: Lift parts of RBAC from xorm store into auth service (#76967) * [WIP] Lift RBAC from xorm store * Cleanup RBAC, fix tests * Use the scope type map as a map * Remove dependency on dashboard service * Make dashboards a map for constant time lookups (useful later) --- * Lift RBAC tests into a new file to test at service level * Add necessary access resource structs to xorm store tests * Move authorization into separate service * Pass features to searchstore.Builder * Sort imports * Code cleanup * Remove useless scope type check * Lift permission check into `Authorize()` * Use clearer language when checking scope types * Include dashboard permissions in test to ensure they're ignored * Switch to errutil * Cleanup sql.Cfg refs
2 years ago
"github.com/grafana/grafana/pkg/bus"
"github.com/grafana/grafana/pkg/components/simplejson"
"github.com/grafana/grafana/pkg/infra/db"
"github.com/grafana/grafana/pkg/infra/log"
"github.com/grafana/grafana/pkg/infra/tracing"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/accesscontrol/acimpl"
Annotations: Fix usage of dashboard table for permissions (#98774)
6 months ago
accesscontrolmock "github.com/grafana/grafana/pkg/services/accesscontrol/mock"
Annotations: Lift parts of RBAC from xorm store into auth service (#76967) * [WIP] Lift RBAC from xorm store * Cleanup RBAC, fix tests * Use the scope type map as a map * Remove dependency on dashboard service * Make dashboards a map for constant time lookups (useful later) --- * Lift RBAC tests into a new file to test at service level * Add necessary access resource structs to xorm store tests * Move authorization into separate service * Pass features to searchstore.Builder * Sort imports * Code cleanup * Remove useless scope type check * Lift permission check into `Authorize()` * Use clearer language when checking scope types * Include dashboard permissions in test to ensure they're ignored * Switch to errutil * Cleanup sql.Cfg refs
2 years ago
"github.com/grafana/grafana/pkg/services/annotations"
"github.com/grafana/grafana/pkg/services/annotations/testutil"
"github.com/grafana/grafana/pkg/services/dashboards"
Annotations: Fix usage of dashboard table for permissions (#98774)
6 months ago
"github.com/grafana/grafana/pkg/services/dashboards/database"
dashboardsservice "github.com/grafana/grafana/pkg/services/dashboards/service"
Annotations: Lift parts of RBAC from xorm store into auth service (#76967) * [WIP] Lift RBAC from xorm store * Cleanup RBAC, fix tests * Use the scope type map as a map * Remove dependency on dashboard service * Make dashboards a map for constant time lookups (useful later) --- * Lift RBAC tests into a new file to test at service level * Add necessary access resource structs to xorm store tests * Move authorization into separate service * Pass features to searchstore.Builder * Sort imports * Code cleanup * Remove useless scope type check * Lift permission check into `Authorize()` * Use clearer language when checking scope types * Include dashboard permissions in test to ensure they're ignored * Switch to errutil * Cleanup sql.Cfg refs
2 years ago
"github.com/grafana/grafana/pkg/services/featuremgmt"
"github.com/grafana/grafana/pkg/services/folder"
"github.com/grafana/grafana/pkg/services/folder/folderimpl"
"github.com/grafana/grafana/pkg/services/guardian"
Alerting: Introduce alert rule models in storage (#93187) * introduce storage model for alert rule tables * remove AlertRuleVersion from models because it's not used anywhere other than in storage * update historian xorm store to use alerting store to fetch rules * fix folder tests --------- Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
10 months ago
alertingStore "github.com/grafana/grafana/pkg/services/ngalert/store"
Annotations: Fix usage of dashboard table for permissions (#98774)
6 months ago
"github.com/grafana/grafana/pkg/services/quota/quotatest"
Chore: Add support bundle for folders (#83360) * add support bundle for folders * fix ProvideService in tests * add a test for collector
1 year ago
"github.com/grafana/grafana/pkg/services/supportbundles/supportbundlestest"
Annotations: Lift parts of RBAC from xorm store into auth service (#76967) * [WIP] Lift RBAC from xorm store * Cleanup RBAC, fix tests * Use the scope type map as a map * Remove dependency on dashboard service * Make dashboards a map for constant time lookups (useful later) --- * Lift RBAC tests into a new file to test at service level * Add necessary access resource structs to xorm store tests * Move authorization into separate service * Pass features to searchstore.Builder * Sort imports * Code cleanup * Remove useless scope type check * Lift permission check into `Authorize()` * Use clearer language when checking scope types * Include dashboard permissions in test to ensure they're ignored * Switch to errutil * Cleanup sql.Cfg refs
2 years ago
"github.com/grafana/grafana/pkg/services/tag/tagimpl"
"github.com/grafana/grafana/pkg/services/user"
"github.com/grafana/grafana/pkg/setting"
Chore: Update test database initialization (#81673) * streamline initialization of test databases, support on-disk sqlite test db * clean up test databases * introduce testsuite helper * use testsuite everywhere we use a test db * update documentation * improve error handling * disable entity integration test until we can figure out locking error
1 year ago
"github.com/grafana/grafana/pkg/tests/testsuite"
Annotations: Lift parts of RBAC from xorm store into auth service (#76967) * [WIP] Lift RBAC from xorm store * Cleanup RBAC, fix tests * Use the scope type map as a map * Remove dependency on dashboard service * Make dashboards a map for constant time lookups (useful later) --- * Lift RBAC tests into a new file to test at service level * Add necessary access resource structs to xorm store tests * Move authorization into separate service * Pass features to searchstore.Builder * Sort imports * Code cleanup * Remove useless scope type check * Lift permission check into `Authorize()` * Use clearer language when checking scope types * Include dashboard permissions in test to ensure they're ignored * Switch to errutil * Cleanup sql.Cfg refs
2 years ago
)
Chore: Update test database initialization (#81673) * streamline initialization of test databases, support on-disk sqlite test db * clean up test databases * introduce testsuite helper * use testsuite everywhere we use a test db * update documentation * improve error handling * disable entity integration test until we can figure out locking error
1 year ago
func TestMain(m *testing.M) {
testsuite.Run(m)
}
Annotations: Lift parts of RBAC from xorm store into auth service (#76967) * [WIP] Lift RBAC from xorm store * Cleanup RBAC, fix tests * Use the scope type map as a map * Remove dependency on dashboard service * Make dashboards a map for constant time lookups (useful later) --- * Lift RBAC tests into a new file to test at service level * Add necessary access resource structs to xorm store tests * Move authorization into separate service * Pass features to searchstore.Builder * Sort imports * Code cleanup * Remove useless scope type check * Lift permission check into `Authorize()` * Use clearer language when checking scope types * Include dashboard permissions in test to ensure they're ignored * Switch to errutil * Cleanup sql.Cfg refs
2 years ago
func TestIntegrationAnnotationListingWithRBAC(t *testing.T) {
if testing.Short() {
t.Skip("skipping integration test")
}
Revert read replica POC (#93551) * Revert "chore: add replDB to team service (#91799)" This reverts commit c6ae2d7999aa6fc797db39e9d66c6fea70278f83. * Revert "experiment: use read replica for Get and Find Dashboards (#91706)" This reverts commit 54177ca619dbb5ded2dcb158405802d8dbdbc982. * Revert "QuotaService: refactor to use ReplDB for Get queries (#91333)" This reverts commit 299c142f6a6e8c5673cfdea9f87b56ac304f9834. * Revert "refactor replCfg to look more like plugins/plugin config (#91142)" This reverts commit ac0b4bb34d495914cbe8daad85b7c75c31e8070d. * Revert "chore (replstore): fix registration with multiple sql drivers, again (#90990)" This reverts commit daedb358dded00d349d9fac6106aaaa6bf18322e. * Revert "Chore (sqlstore): add validation and testing for repl config (#90683)" This reverts commit af19f039b62d9945377292a8e679ee258fd56b3d. * Revert "ReplStore: Add support for round robin load balancing between multiple read replicas (#90530)" This reverts commit 27b52b1507f5218a7b38046b4d96bc004d949d46. * Revert "DashboardStore: Use ReplDB and get dashboard quotas from the ReadReplica (#90235)" This reverts commit 8a6107cd35f6444c0674ee4230d3d6bcfbbd4a58. * Revert "accesscontrol service read replica (#89963)" This reverts commit 77a4869fcadf13827d76d5767d4de74812d6dd6d. * Revert "Fix: add mapping for the new mysqlRepl driver (#89551)" This reverts commit ab5a079bcc5b0f0a6929f0a3742eb2859d4a3498. * Revert "fix: sql instrumentation dual registration error (#89508)" This reverts commit d988f5c3b064fade6e96511e0024190c22d48e50. * Revert "Experimental Feature Toggle: databaseReadReplica (#89232)" This reverts commit 50244ed4a1435cbf3e3c87d4af34fd7937f7c259.
9 months ago
sql := db.InitTestDB(t)
Annotations: Lift parts of RBAC from xorm store into auth service (#76967) * [WIP] Lift RBAC from xorm store * Cleanup RBAC, fix tests * Use the scope type map as a map * Remove dependency on dashboard service * Make dashboards a map for constant time lookups (useful later) --- * Lift RBAC tests into a new file to test at service level * Add necessary access resource structs to xorm store tests * Move authorization into separate service * Pass features to searchstore.Builder * Sort imports * Code cleanup * Remove useless scope type check * Lift permission check into `Authorize()` * Use clearer language when checking scope types * Include dashboard permissions in test to ensure they're ignored * Switch to errutil * Cleanup sql.Cfg refs
2 years ago
cfg := setting.NewCfg()
cfg.AnnotationMaximumTagsLength = 60
features := featuremgmt.WithFeatures()
tagService := tagimpl.ProvideService(sql)
Alerting: Introduce alert rule models in storage (#93187) * introduce storage model for alert rule tables * remove AlertRuleVersion from models because it's not used anywhere other than in storage * update historian xorm store to use alerting store to fetch rules * fix folder tests --------- Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
10 months ago
ruleStore := alertingStore.SetupStoreForTesting(t, sql)
Annotations: Fix usage of dashboard table for permissions (#98774)
6 months ago
origNewDashboardGuardian := guardian.New
defer func() { guardian.New = origNewDashboardGuardian }()
guardian.MockDashboardGuardian(&guardian.FakeDashboardGuardian{})
folderStore := folderimpl.ProvideDashboardFolderStore(sql)
fStore := folderimpl.ProvideStore(sql)
dashStore, err := database.ProvideDashboardStore(sql, cfg, featuremgmt.WithFeatures(), tagimpl.ProvideService(sql))
require.NoError(t, err)
Zanzana: Remove usage from legacy access control (#98883) * Zanzana: Remove usage from legacy access control * remove unused * remove zanzana client from services where it's not used * remove unused metrics * fix linter
5 months ago
ac := acimpl.ProvideAccessControl(featuremgmt.WithFeatures())
Annotations: Fix usage of dashboard table for permissions (#98774)
6 months ago
folderSvc := folderimpl.ProvideService(fStore, accesscontrolmock.New(), bus.ProvideBus(tracing.InitializeTracerForTest()),
dashStore, folderStore, sql, featuremgmt.WithFeatures(),
Filewalkwithme/unistore refactor folder service to hit folder apiserver (#98409) Refactor folder service to use Unified Storage Signed-off-by: Maicon Costa <maiconscosta@gmail.com> --------- Signed-off-by: Maicon Costa <maiconscosta@gmail.com> Co-authored-by: Stephanie Hingtgen <stephanie.hingtgen@grafana.com>
5 months ago
supportbundlestest.NewFakeBundleService(), cfg, nil, tracing.InitializeTracerForTest())
Annotations: Fix usage of dashboard table for permissions (#98774)
6 months ago
dashSvc, err := dashboardsservice.ProvideDashboardServiceImpl(cfg, dashStore, folderStore, featuremgmt.WithFeatures(), accesscontrolmock.NewMockedPermissionsService(), accesscontrolmock.NewMockedPermissionsService(),
Zanzana: Remove usage from legacy access control (#98883) * Zanzana: Remove usage from legacy access control * remove unused * remove zanzana client from services where it's not used * remove unused metrics * fix linter
5 months ago
ac, folderSvc, fStore, nil, nil, nil, nil, quotatest.New(false, nil), nil)
Annotations: Fix usage of dashboard table for permissions (#98774)
6 months ago
require.NoError(t, err)
Annotations: Lift parts of RBAC from xorm store into auth service (#76967) * [WIP] Lift RBAC from xorm store * Cleanup RBAC, fix tests * Use the scope type map as a map * Remove dependency on dashboard service * Make dashboards a map for constant time lookups (useful later) --- * Lift RBAC tests into a new file to test at service level * Add necessary access resource structs to xorm store tests * Move authorization into separate service * Pass features to searchstore.Builder * Sort imports * Code cleanup * Remove useless scope type check * Lift permission check into `Authorize()` * Use clearer language when checking scope types * Include dashboard permissions in test to ensure they're ignored * Switch to errutil * Cleanup sql.Cfg refs
2 years ago
Annotations: Fix usage of dashboard table for permissions (#98774)
6 months ago
repo := ProvideService(sql, cfg, features, tagService, tracing.InitializeTracerForTest(), ruleStore, dashSvc)
Annotations: Lift parts of RBAC from xorm store into auth service (#76967) * [WIP] Lift RBAC from xorm store * Cleanup RBAC, fix tests * Use the scope type map as a map * Remove dependency on dashboard service * Make dashboards a map for constant time lookups (useful later) --- * Lift RBAC tests into a new file to test at service level * Add necessary access resource structs to xorm store tests * Move authorization into separate service * Pass features to searchstore.Builder * Sort imports * Code cleanup * Remove useless scope type check * Lift permission check into `Authorize()` * Use clearer language when checking scope types * Include dashboard permissions in test to ensure they're ignored * Switch to errutil * Cleanup sql.Cfg refs
2 years ago
Chore: Replace sqlstore with db interface (#85366) * replace sqlstore with db interface in a few packages * remove from stats * remove sqlstore in admin test * remove sqlstore from api plugin tests * fix another createUser * remove sqlstore in publicdashboards * remove sqlstore from orgs * clean up orguser test * more clean up in sso * clean up service accounts * further cleanup * more cleanup in accesscontrol * last cleanup in accesscontrol * clean up teams * more removals * split cfg from db in testenv * few remaining fixes * fix test with bus * pass cfg for testing inside db as an option * set query retries when no opts provided * revert golden test data * rebase and rollback
1 year ago
dashboard1 := testutil.CreateDashboard(t, sql, cfg, features, dashboards.SaveDashboardCommand{
Annotations: Lift parts of RBAC from xorm store into auth service (#76967) * [WIP] Lift RBAC from xorm store * Cleanup RBAC, fix tests * Use the scope type map as a map * Remove dependency on dashboard service * Make dashboards a map for constant time lookups (useful later) --- * Lift RBAC tests into a new file to test at service level * Add necessary access resource structs to xorm store tests * Move authorization into separate service * Pass features to searchstore.Builder * Sort imports * Code cleanup * Remove useless scope type check * Lift permission check into `Authorize()` * Use clearer language when checking scope types * Include dashboard permissions in test to ensure they're ignored * Switch to errutil * Cleanup sql.Cfg refs
2 years ago
UserID: 1,
OrgID: 1,
IsFolder: false,
Dashboard: simplejson.NewFromAny(map[string]any{
"title": "Dashboard 1",
}),
})
Chore: Replace sqlstore with db interface (#85366) * replace sqlstore with db interface in a few packages * remove from stats * remove sqlstore in admin test * remove sqlstore from api plugin tests * fix another createUser * remove sqlstore in publicdashboards * remove sqlstore from orgs * clean up orguser test * more clean up in sso * clean up service accounts * further cleanup * more cleanup in accesscontrol * last cleanup in accesscontrol * clean up teams * more removals * split cfg from db in testenv * few remaining fixes * fix test with bus * pass cfg for testing inside db as an option * set query retries when no opts provided * revert golden test data * rebase and rollback
1 year ago
_ = testutil.CreateDashboard(t, sql, cfg, features, dashboards.SaveDashboardCommand{
Annotations: Lift parts of RBAC from xorm store into auth service (#76967) * [WIP] Lift RBAC from xorm store * Cleanup RBAC, fix tests * Use the scope type map as a map * Remove dependency on dashboard service * Make dashboards a map for constant time lookups (useful later) --- * Lift RBAC tests into a new file to test at service level * Add necessary access resource structs to xorm store tests * Move authorization into separate service * Pass features to searchstore.Builder * Sort imports * Code cleanup * Remove useless scope type check * Lift permission check into `Authorize()` * Use clearer language when checking scope types * Include dashboard permissions in test to ensure they're ignored * Switch to errutil * Cleanup sql.Cfg refs
2 years ago
UserID: 1,
OrgID: 1,
IsFolder: false,
Dashboard: simplejson.NewFromAny(map[string]any{
"title": "Dashboard 2",
}),
})
dash1Annotation := &annotations.Item{
OrgID: 1,
DashboardID: 1,
Epoch: 10,
}
err = repo.Save(context.Background(), dash1Annotation)
require.NoError(t, err)
dash2Annotation := &annotations.Item{
OrgID: 1,
DashboardID: 2,
Epoch: 10,
Tags: []string{"foo:bar"},
}
err = repo.Save(context.Background(), dash2Annotation)
require.NoError(t, err)
organizationAnnotation := &annotations.Item{
OrgID: 1,
Epoch: 10,
}
err = repo.Save(context.Background(), organizationAnnotation)
require.NoError(t, err)
u := &user.SignedInUser{
UserID: 1,
OrgID: 1,
}
role := testutil.SetupRBACRole(t, sql, u)
type testStruct struct {
description string
permissions map[string][]string
expectedAnnotationIds []int64
expectedError bool
}
testCases := []testStruct{
{
description: "Should find all annotations when has permissions to list all annotations and read all dashboards",
permissions: map[string][]string{
accesscontrol.ActionAnnotationsRead: {accesscontrol.ScopeAnnotationsAll},
dashboards.ActionDashboardsRead: {dashboards.ScopeDashboardsAll},
},
expectedAnnotationIds: []int64{dash1Annotation.ID, dash2Annotation.ID, organizationAnnotation.ID},
},
{
description: "Should find all dashboard annotations",
permissions: map[string][]string{
accesscontrol.ActionAnnotationsRead: {accesscontrol.ScopeAnnotationsTypeDashboard},
dashboards.ActionDashboardsRead: {dashboards.ScopeDashboardsAll},
},
expectedAnnotationIds: []int64{dash1Annotation.ID, dash2Annotation.ID},
},
{
description: "Should find only annotations from dashboards that user can read",
permissions: map[string][]string{
accesscontrol.ActionAnnotationsRead: {accesscontrol.ScopeAnnotationsTypeDashboard},
dashboards.ActionDashboardsRead: {fmt.Sprintf("dashboards:uid:%s", dashboard1.UID)},
},
expectedAnnotationIds: []int64{dash1Annotation.ID},
},
{
description: "Should find no annotations if user can't view dashboards or organization annotations",
permissions: map[string][]string{
accesscontrol.ActionAnnotationsRead: {accesscontrol.ScopeAnnotationsTypeDashboard},
},
expectedAnnotationIds: []int64{},
},
{
description: "Should find only organization annotations",
permissions: map[string][]string{
accesscontrol.ActionAnnotationsRead: {accesscontrol.ScopeAnnotationsTypeOrganization},
dashboards.ActionDashboardsRead: {dashboards.ScopeDashboardsAll},
},
expectedAnnotationIds: []int64{organizationAnnotation.ID},
},
{
description: "Should error if user doesn't have annotation read permissions",
permissions: map[string][]string{
dashboards.ActionDashboardsRead: {dashboards.ScopeDashboardsAll},
},
expectedError: true,
},
}
for _, tc := range testCases {
t.Run(tc.description, func(t *testing.T) {
u.Permissions = map[int64]map[string][]string{1: tc.permissions}
testutil.SetupRBACPermission(t, sql, role, u)
results, err := repo.Find(context.Background(), &annotations.ItemQuery{
OrgID: 1,
SignedInUser: u,
})
if tc.expectedError {
require.Error(t, err)
return
}
require.NoError(t, err)
assert.Len(t, results, len(tc.expectedAnnotationIds))
for _, r := range results {
assert.Contains(t, tc.expectedAnnotationIds, r.ID)
}
})
}
}
func TestIntegrationAnnotationListingWithInheritedRBAC(t *testing.T) {
if testing.Short() {
t.Skip("skipping integration test")
}
orgID := int64(1)
permissions := []accesscontrol.Permission{
{
Action: dashboards.ActionFoldersCreate,
Scope: dashboards.ScopeFoldersAll,
},
}
usr := &user.SignedInUser{
UserID: 1,
OrgID: orgID,
Add auth spans and remove deduplication code for scopes (#89804) Adds more spans for timing in accesscontrol and remove permission deduplicating code after benchmarking --------- Signed-off-by: Dave Henderson <dave.henderson@grafana.com> Co-authored-by: Dave Henderson <dave.henderson@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
12 months ago
Permissions: map[int64]map[string][]string{orgID: accesscontrol.GroupScopesByActionContext(context.Background(), permissions)},
Annotations: Lift parts of RBAC from xorm store into auth service (#76967) * [WIP] Lift RBAC from xorm store * Cleanup RBAC, fix tests * Use the scope type map as a map * Remove dependency on dashboard service * Make dashboards a map for constant time lookups (useful later) --- * Lift RBAC tests into a new file to test at service level * Add necessary access resource structs to xorm store tests * Move authorization into separate service * Pass features to searchstore.Builder * Sort imports * Code cleanup * Remove useless scope type check * Lift permission check into `Authorize()` * Use clearer language when checking scope types * Include dashboard permissions in test to ensure they're ignored * Switch to errutil * Cleanup sql.Cfg refs
2 years ago
}
var role *accesscontrol.Role
type dashInfo struct {
UID string
ID int64
}
allDashboards := make([]dashInfo, 0, folder.MaxNestedFolderDepth+1)
annotationsTexts := make([]string, 0, folder.MaxNestedFolderDepth+1)
Annotations: Fix usage of dashboard table for permissions (#98774)
6 months ago
setupFolderStructure := func() (db.DB, dashboards.DashboardService) {
Revert read replica POC (#93551) * Revert "chore: add replDB to team service (#91799)" This reverts commit c6ae2d7999aa6fc797db39e9d66c6fea70278f83. * Revert "experiment: use read replica for Get and Find Dashboards (#91706)" This reverts commit 54177ca619dbb5ded2dcb158405802d8dbdbc982. * Revert "QuotaService: refactor to use ReplDB for Get queries (#91333)" This reverts commit 299c142f6a6e8c5673cfdea9f87b56ac304f9834. * Revert "refactor replCfg to look more like plugins/plugin config (#91142)" This reverts commit ac0b4bb34d495914cbe8daad85b7c75c31e8070d. * Revert "chore (replstore): fix registration with multiple sql drivers, again (#90990)" This reverts commit daedb358dded00d349d9fac6106aaaa6bf18322e. * Revert "Chore (sqlstore): add validation and testing for repl config (#90683)" This reverts commit af19f039b62d9945377292a8e679ee258fd56b3d. * Revert "ReplStore: Add support for round robin load balancing between multiple read replicas (#90530)" This reverts commit 27b52b1507f5218a7b38046b4d96bc004d949d46. * Revert "DashboardStore: Use ReplDB and get dashboard quotas from the ReadReplica (#90235)" This reverts commit 8a6107cd35f6444c0674ee4230d3d6bcfbbd4a58. * Revert "accesscontrol service read replica (#89963)" This reverts commit 77a4869fcadf13827d76d5767d4de74812d6dd6d. * Revert "Fix: add mapping for the new mysqlRepl driver (#89551)" This reverts commit ab5a079bcc5b0f0a6929f0a3742eb2859d4a3498. * Revert "fix: sql instrumentation dual registration error (#89508)" This reverts commit d988f5c3b064fade6e96511e0024190c22d48e50. * Revert "Experimental Feature Toggle: databaseReadReplica (#89232)" This reverts commit 50244ed4a1435cbf3e3c87d4af34fd7937f7c259.
9 months ago
sql, cfg := db.InitTestDBWithCfg(t)
Annotations: Lift parts of RBAC from xorm store into auth service (#76967) * [WIP] Lift RBAC from xorm store * Cleanup RBAC, fix tests * Use the scope type map as a map * Remove dependency on dashboard service * Make dashboards a map for constant time lookups (useful later) --- * Lift RBAC tests into a new file to test at service level * Add necessary access resource structs to xorm store tests * Move authorization into separate service * Pass features to searchstore.Builder * Sort imports * Code cleanup * Remove useless scope type check * Lift permission check into `Authorize()` * Use clearer language when checking scope types * Include dashboard permissions in test to ensure they're ignored * Switch to errutil * Cleanup sql.Cfg refs
2 years ago
// enable nested folders so that the folder table is populated for all the tests
features := featuremgmt.WithFeatures(featuremgmt.FlagNestedFolders)
tagService := tagimpl.ProvideService(sql)
Annotations: Fix usage of dashboard table for permissions (#98774)
6 months ago
dashStore, err := database.ProvideDashboardStore(sql, cfg, features, tagService)
Annotations: Lift parts of RBAC from xorm store into auth service (#76967) * [WIP] Lift RBAC from xorm store * Cleanup RBAC, fix tests * Use the scope type map as a map * Remove dependency on dashboard service * Make dashboards a map for constant time lookups (useful later) --- * Lift RBAC tests into a new file to test at service level * Add necessary access resource structs to xorm store tests * Move authorization into separate service * Pass features to searchstore.Builder * Sort imports * Code cleanup * Remove useless scope type check * Lift permission check into `Authorize()` * Use clearer language when checking scope types * Include dashboard permissions in test to ensure they're ignored * Switch to errutil * Cleanup sql.Cfg refs
2 years ago
require.NoError(t, err)
origNewGuardian := guardian.New
guardian.MockDashboardGuardian(&guardian.FakeDashboardGuardian{CanViewValue: true, CanSaveValue: true})
t.Cleanup(func() {
guardian.New = origNewGuardian
})
Zanzana: Remove usage from legacy access control (#98883) * Zanzana: Remove usage from legacy access control * remove unused * remove zanzana client from services where it's not used * remove unused metrics * fix linter
5 months ago
ac := acimpl.ProvideAccessControl(features)
Folders: Export folder store implementation (#93897) * Export folder store implementation * Rename folder store * Add folder store as a parameter to folder service * Add folder store to dash service implementation * Fix folder store comments
9 months ago
fStore := folderimpl.ProvideStore(sql)
Annotations: Fix usage of dashboard table for permissions (#98774)
6 months ago
folderStore := folderimpl.ProvideDashboardFolderStore(sql)
Folders: Export folder store implementation (#93897) * Export folder store implementation * Rename folder store * Add folder store as a parameter to folder service * Add folder store to dash service implementation * Fix folder store comments
9 months ago
folderSvc := folderimpl.ProvideService(fStore, ac, bus.ProvideBus(tracing.InitializeTracerForTest()), dashStore,
Filewalkwithme/unistore refactor folder service to hit folder apiserver (#98409) Refactor folder service to use Unified Storage Signed-off-by: Maicon Costa <maiconscosta@gmail.com> --------- Signed-off-by: Maicon Costa <maiconscosta@gmail.com> Co-authored-by: Stephanie Hingtgen <stephanie.hingtgen@grafana.com>
5 months ago
folderStore, sql, features, supportbundlestest.NewFakeBundleService(), cfg, nil, tracing.InitializeTracerForTest())
Annotations: Fix usage of dashboard table for permissions (#98774)
6 months ago
dashSvc, err := dashboardsservice.ProvideDashboardServiceImpl(cfg, dashStore, folderStore, features, accesscontrolmock.NewMockedPermissionsService(), accesscontrolmock.NewMockedPermissionsService(),
Zanzana: Remove usage from legacy access control (#98883) * Zanzana: Remove usage from legacy access control * remove unused * remove zanzana client from services where it's not used * remove unused metrics * fix linter
5 months ago
ac, folderSvc, fStore, nil, nil, nil, nil, quotatest.New(false, nil), nil)
Annotations: Fix usage of dashboard table for permissions (#98774)
6 months ago
require.NoError(t, err)
Ensure all internal Services are using FolderService and not FolderStore (#98370) * Ensure all internal Services are using FolderService and not FolderStore Signed-off-by: Maicon Costa <maiconscosta@gmail.com> --------- Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
6 months ago
Annotations: Lift parts of RBAC from xorm store into auth service (#76967) * [WIP] Lift RBAC from xorm store * Cleanup RBAC, fix tests * Use the scope type map as a map * Remove dependency on dashboard service * Make dashboards a map for constant time lookups (useful later) --- * Lift RBAC tests into a new file to test at service level * Add necessary access resource structs to xorm store tests * Move authorization into separate service * Pass features to searchstore.Builder * Sort imports * Code cleanup * Remove useless scope type check * Lift permission check into `Authorize()` * Use clearer language when checking scope types * Include dashboard permissions in test to ensure they're ignored * Switch to errutil * Cleanup sql.Cfg refs
2 years ago
cfg.AnnotationMaximumTagsLength = 60
store := NewXormStore(cfg, log.New("annotation.test"), sql, tagService)
parentUID := ""
for i := 0; ; i++ {
uid := fmt.Sprintf("f%d", i)
f, err := folderSvc.Create(context.Background(), &folder.CreateFolderCommand{
UID: uid,
OrgID: orgID,
Title: uid,
SignedInUser: usr,
ParentUID: parentUID,
})
if err != nil {
if errors.Is(err, folder.ErrMaximumDepthReached) {
break
}
t.Log("unexpected error", "error", err)
t.Fail()
}
Annotations: Fix usage of dashboard table for permissions (#98774)
6 months ago
dashboard, err := dashSvc.SaveDashboard(context.Background(), &dashboards.SaveDashboardDTO{
User: usr,
OrgID: orgID,
Dashboard: &dashboards.Dashboard{
IsFolder: false,
Title: fmt.Sprintf("Dashboard under %s", f.UID),
Data: simplejson.New(),
FolderID: f.ID, // nolint:staticcheck
FolderUID: f.UID,
},
}, false)
require.NoError(t, err)
Annotations: Lift parts of RBAC from xorm store into auth service (#76967) * [WIP] Lift RBAC from xorm store * Cleanup RBAC, fix tests * Use the scope type map as a map * Remove dependency on dashboard service * Make dashboards a map for constant time lookups (useful later) --- * Lift RBAC tests into a new file to test at service level * Add necessary access resource structs to xorm store tests * Move authorization into separate service * Pass features to searchstore.Builder * Sort imports * Code cleanup * Remove useless scope type check * Lift permission check into `Authorize()` * Use clearer language when checking scope types * Include dashboard permissions in test to ensure they're ignored * Switch to errutil * Cleanup sql.Cfg refs
2 years ago
allDashboards = append(allDashboards, dashInfo{UID: dashboard.UID, ID: dashboard.ID})
parentUID = f.UID
annotationTxt := fmt.Sprintf("annotation %d", i)
dash1Annotation := &annotations.Item{
OrgID: orgID,
DashboardID: dashboard.ID,
Epoch: 10,
Text: annotationTxt,
}
err = store.Add(context.Background(), dash1Annotation)
require.NoError(t, err)
annotationsTexts = append(annotationsTexts, annotationTxt)
}
role = testutil.SetupRBACRole(t, sql, usr)
Annotations: Fix usage of dashboard table for permissions (#98774)
6 months ago
return sql, dashSvc
Annotations: Lift parts of RBAC from xorm store into auth service (#76967) * [WIP] Lift RBAC from xorm store * Cleanup RBAC, fix tests * Use the scope type map as a map * Remove dependency on dashboard service * Make dashboards a map for constant time lookups (useful later) --- * Lift RBAC tests into a new file to test at service level * Add necessary access resource structs to xorm store tests * Move authorization into separate service * Pass features to searchstore.Builder * Sort imports * Code cleanup * Remove useless scope type check * Lift permission check into `Authorize()` * Use clearer language when checking scope types * Include dashboard permissions in test to ensure they're ignored * Switch to errutil * Cleanup sql.Cfg refs
2 years ago
}
Annotations: Fix usage of dashboard table for permissions (#98774)
6 months ago
sql, dashSvc := setupFolderStructure()
Annotations: Lift parts of RBAC from xorm store into auth service (#76967) * [WIP] Lift RBAC from xorm store * Cleanup RBAC, fix tests * Use the scope type map as a map * Remove dependency on dashboard service * Make dashboards a map for constant time lookups (useful later) --- * Lift RBAC tests into a new file to test at service level * Add necessary access resource structs to xorm store tests * Move authorization into separate service * Pass features to searchstore.Builder * Sort imports * Code cleanup * Remove useless scope type check * Lift permission check into `Authorize()` * Use clearer language when checking scope types * Include dashboard permissions in test to ensure they're ignored * Switch to errutil * Cleanup sql.Cfg refs
2 years ago
testCases := []struct {
desc string
features featuremgmt.FeatureToggles
permissions map[string][]string
expectedAnnotationText []string
expectedError bool
}{
{
desc: "Should find only annotations from dashboards under folders that user can read",
features: featuremgmt.WithFeatures(),
permissions: map[string][]string{
accesscontrol.ActionAnnotationsRead: {accesscontrol.ScopeAnnotationsTypeDashboard},
dashboards.ActionDashboardsRead: {"folders:uid:f0"},
},
expectedAnnotationText: annotationsTexts[:1],
},
{
desc: "Should find only annotations from dashboards under inherited folders if nested folder are enabled",
features: featuremgmt.WithFeatures(featuremgmt.FlagNestedFolders),
permissions: map[string][]string{
accesscontrol.ActionAnnotationsRead: {accesscontrol.ScopeAnnotationsTypeDashboard},
dashboards.ActionDashboardsRead: {"folders:uid:f0"},
},
expectedAnnotationText: annotationsTexts[:],
},
}
for _, tc := range testCases {
t.Run(tc.desc, func(t *testing.T) {
cfg := setting.NewCfg()
cfg.AnnotationMaximumTagsLength = 60
Alerting: Introduce alert rule models in storage (#93187) * introduce storage model for alert rule tables * remove AlertRuleVersion from models because it's not used anywhere other than in storage * update historian xorm store to use alerting store to fetch rules * fix folder tests --------- Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
10 months ago
ruleStore := alertingStore.SetupStoreForTesting(t, sql)
Annotations: Fix usage of dashboard table for permissions (#98774)
6 months ago
repo := ProvideService(sql, cfg, tc.features, tagimpl.ProvideService(sql), tracing.InitializeTracerForTest(), ruleStore, dashSvc)
Annotations: Lift parts of RBAC from xorm store into auth service (#76967) * [WIP] Lift RBAC from xorm store * Cleanup RBAC, fix tests * Use the scope type map as a map * Remove dependency on dashboard service * Make dashboards a map for constant time lookups (useful later) --- * Lift RBAC tests into a new file to test at service level * Add necessary access resource structs to xorm store tests * Move authorization into separate service * Pass features to searchstore.Builder * Sort imports * Code cleanup * Remove useless scope type check * Lift permission check into `Authorize()` * Use clearer language when checking scope types * Include dashboard permissions in test to ensure they're ignored * Switch to errutil * Cleanup sql.Cfg refs
2 years ago
usr.Permissions = map[int64]map[string][]string{1: tc.permissions}
testutil.SetupRBACPermission(t, sql, role, usr)
results, err := repo.Find(context.Background(), &annotations.ItemQuery{
OrgID: 1,
SignedInUser: usr,
})
if tc.expectedError {
require.Error(t, err)
return
}
require.NoError(t, err)
require.Len(t, results, len(tc.expectedAnnotationText))
for _, r := range results {
assert.Contains(t, tc.expectedAnnotationText, r.Text)
}
})
}
}