mirror of https://github.com/grafana/grafana
Ryan McKinley
1 year ago
commit
33917141f0
@ -0,0 +1,128 @@ |
||||
package migrator |
||||
|
||||
import ( |
||||
"context" |
||||
"fmt" |
||||
"strconv" |
||||
"strings" |
||||
|
||||
openfgav1 "github.com/openfga/api/proto/openfga/v1" |
||||
|
||||
"github.com/grafana/grafana/pkg/infra/db" |
||||
"github.com/grafana/grafana/pkg/infra/log" |
||||
"github.com/grafana/grafana/pkg/services/authz/zanzana" |
||||
) |
||||
|
||||
// A TupleCollector is responsible to build and store [openfgav1.TupleKey] into provided tuple map.
|
||||
// They key used should be a unique group key for the collector so we can skip over an already synced group.
|
||||
type TupleCollector func(ctx context.Context, tuples map[string][]*openfgav1.TupleKey) error |
||||
|
||||
// ZanzanaSynchroniser is a component to sync RBAC permissions to zanzana.
|
||||
// We should rewrite the migration after we have "migrated" all possible actions
|
||||
// into our schema. This will only do a one time migration for each action so its
|
||||
// is not really syncing the full rbac state. If a fresh sync is needed the tuple
|
||||
// needs to be cleared first.
|
||||
type ZanzanaSynchroniser struct { |
||||
log log.Logger |
||||
client zanzana.Client |
||||
collectors []TupleCollector |
||||
} |
||||
|
||||
func NewZanzanaSynchroniser(client zanzana.Client, store db.DB, collectors ...TupleCollector) *ZanzanaSynchroniser { |
||||
// Append shared collectors that is used by both enterprise and oss
|
||||
collectors = append(collectors, managedPermissionsCollector(store)) |
||||
|
||||
return &ZanzanaSynchroniser{ |
||||
log: log.New("zanzana.sync"), |
||||
collectors: collectors, |
||||
} |
||||
} |
||||
|
||||
// Sync runs all collectors and tries to write all collected tuples.
|
||||
// It will skip over any "sync group" that has already been written.
|
||||
func (z *ZanzanaSynchroniser) Sync(ctx context.Context) error { |
||||
tuplesMap := make(map[string][]*openfgav1.TupleKey) |
||||
|
||||
for _, c := range z.collectors { |
||||
if err := c(ctx, tuplesMap); err != nil { |
||||
return fmt.Errorf("failed to collect permissions: %w", err) |
||||
} |
||||
} |
||||
|
||||
for key, tuples := range tuplesMap { |
||||
if err := batch(len(tuples), 100, func(start, end int) error { |
||||
return z.client.Write(ctx, &openfgav1.WriteRequest{ |
||||
Writes: &openfgav1.WriteRequestWrites{ |
||||
TupleKeys: tuples[start:end], |
||||
}, |
||||
}) |
||||
}); err != nil { |
||||
if strings.Contains(err.Error(), "cannot write a tuple which already exists") { |
||||
z.log.Debug("Skipping already synced permissions", "sync_key", key) |
||||
continue |
||||
} |
||||
return err |
||||
} |
||||
} |
||||
|
||||
return nil |
||||
} |
||||
|
||||
// managedPermissionsCollector collects managed permissions into provided tuple map.
|
||||
// It will only store actions that are supported by our schema. Managed permissions can
|
||||
// be directly mapped to user/team/role without having to write an intermediate role.
|
||||
func managedPermissionsCollector(store db.DB) TupleCollector { |
||||
return func(ctx context.Context, tuples map[string][]*openfgav1.TupleKey) error { |
||||
const collectorID = "managed" |
||||
const query = ` |
||||
SELECT ur.user_id, p.action, p.kind, p.identifier, r.org_id FROM permission p |
||||
INNER JOIN role r on p.role_id = r.id |
||||
LEFT JOIN user_role ur on r.id = ur.role_id |
||||
LEFT JOIN team_role tr on r.id = tr.role_id |
||||
LEFT JOIN builtin_role br on r.id = br.role_id |
||||
WHERE r.name LIKE 'managed:%' |
||||
` |
||||
type Permission struct { |
||||
RoleName string `xorm:"role_name"` |
||||
OrgID int64 `xorm:"org_id"` |
||||
Action string `xorm:"action"` |
||||
Kind string |
||||
Identifier string |
||||
UserID int64 `xorm:"user_id"` |
||||
TeamID int64 `xorm:"user_id"` |
||||
} |
||||
|
||||
var permissions []Permission |
||||
err := store.WithDbSession(ctx, func(sess *db.Session) error { |
||||
return sess.SQL(query).Find(&permissions) |
||||
}) |
||||
|
||||
if err != nil { |
||||
return err |
||||
} |
||||
|
||||
for _, p := range permissions { |
||||
var subject string |
||||
if p.UserID > 0 { |
||||
subject = zanzana.NewObject(zanzana.TypeUser, strconv.FormatInt(p.UserID, 10)) |
||||
} else if p.TeamID > 0 { |
||||
subject = zanzana.NewObject(zanzana.TypeTeam, strconv.FormatInt(p.TeamID, 10)) |
||||
} else { |
||||
// FIXME(kalleep): Unsuported role binding (org role). We need to have basic roles in place
|
||||
continue |
||||
} |
||||
|
||||
tuple, ok := zanzana.TranslateToTuple(subject, p.Action, p.Kind, p.Identifier, p.OrgID) |
||||
if !ok { |
||||
continue |
||||
} |
||||
|
||||
// our "sync key" is a combination of collectorID and action so we can run this
|
||||
// sync new data when more actions are supported
|
||||
key := fmt.Sprintf("%s-%s", collectorID, p.Action) |
||||
tuples[key] = append(tuples[key], tuple) |
||||
} |
||||
|
||||
return nil |
||||
} |
||||
} |
||||
@ -0,0 +1,60 @@ |
||||
package zanzana |
||||
|
||||
import ( |
||||
"fmt" |
||||
"strconv" |
||||
|
||||
openfgav1 "github.com/openfga/api/proto/openfga/v1" |
||||
) |
||||
|
||||
const ( |
||||
TypeUser string = "user" |
||||
TypeTeam string = "team" |
||||
) |
||||
|
||||
func NewObject(typ, id string) string { |
||||
return fmt.Sprintf("%s:%s", typ, id) |
||||
} |
||||
|
||||
func NewScopedObject(typ, id, scope string) string { |
||||
return NewObject(typ, fmt.Sprintf("%s-%s", scope, id)) |
||||
} |
||||
|
||||
// rbac action to relation translation
|
||||
var actionTranslations = map[string]string{} |
||||
|
||||
type kindTranslation struct { |
||||
typ string |
||||
orgScoped bool |
||||
} |
||||
|
||||
// all kinds that we can translate into a openFGA object
|
||||
var kindTranslations = map[string]kindTranslation{} |
||||
|
||||
func TranslateToTuple(user string, action, kind, identifier string, orgID int64) (*openfgav1.TupleKey, bool) { |
||||
relation, ok := actionTranslations[action] |
||||
if !ok { |
||||
return nil, false |
||||
} |
||||
|
||||
t, ok := kindTranslations[kind] |
||||
if !ok { |
||||
return nil, false |
||||
} |
||||
|
||||
tuple := &openfgav1.TupleKey{ |
||||
Relation: relation, |
||||
} |
||||
|
||||
tuple.User = user |
||||
tuple.Relation = relation |
||||
|
||||
// UID in grafana are not guarantee to be unique across orgs so we need to scope them.
|
||||
if t.orgScoped { |
||||
tuple.Object = NewScopedObject(t.typ, identifier, strconv.FormatInt(orgID, 10)) |
||||
} else { |
||||
tuple.Object = NewObject(t.typ, identifier) |
||||
} |
||||
|
||||
return tuple, true |
||||
} |
||||
|
@ -0,0 +1,32 @@ |
||||
// Overriding the response types when enhancing endpoints is currently fiddly.
|
||||
// The below approach is taken from/related to the below:
|
||||
// https://github.com/reduxjs/redux-toolkit/issues/3901#issuecomment-1820995408
|
||||
// https://github.com/reduxjs/redux-toolkit/issues/3443#issue-1709588268
|
||||
//
|
||||
// At the time of writing there is an open PR changing the API of `enhanceEndpoints`,
|
||||
// which may help alleviate this when it lands:
|
||||
// https://github.com/reduxjs/redux-toolkit/pull/3485
|
||||
|
||||
import { DefinitionsFromApi, OverrideResultType } from '@reduxjs/toolkit/dist/query/endpointDefinitions'; |
||||
|
||||
import { |
||||
ListTimeIntervalForAllNamespacesApiResponse, |
||||
generatedTimeIntervalsApi, |
||||
} from '../openapi/timeIntervalsApi.gen'; |
||||
|
||||
type Definitions = DefinitionsFromApi<typeof generatedTimeIntervalsApi>; |
||||
type UpdatedDefinitions = Omit<Definitions, 'listTimeIntervalForAllNamespaces'> & { |
||||
listTimeIntervalForAllNamespaces: OverrideResultType< |
||||
Definitions['listTimeIntervalForAllNamespaces'], |
||||
Array<ListTimeIntervalForAllNamespacesApiResponse['items'][0]['spec']> |
||||
>; |
||||
}; |
||||
|
||||
export const timeIntervalsApi = generatedTimeIntervalsApi.enhanceEndpoints<never, UpdatedDefinitions>({ |
||||
endpoints: { |
||||
listTimeIntervalForAllNamespaces: { |
||||
transformResponse: (response: ListTimeIntervalForAllNamespacesApiResponse) => |
||||
response.items.map((item) => item.spec), |
||||
}, |
||||
}, |
||||
}); |
||||
@ -0,0 +1,204 @@ |
||||
import { alertingApi as api } from '../api/alertingApi'; |
||||
export const addTagTypes = ['TimeInterval'] as const; |
||||
const injectedRtkApi = api |
||||
.enhanceEndpoints({ |
||||
addTagTypes, |
||||
}) |
||||
.injectEndpoints({ |
||||
endpoints: (build) => ({ |
||||
listTimeIntervalForAllNamespaces: build.query< |
||||
ListTimeIntervalForAllNamespacesApiResponse, |
||||
ListTimeIntervalForAllNamespacesApiArg |
||||
>({ |
||||
query: (queryArg) => ({ |
||||
url: `/apis/notifications.alerting.grafana.app/v0alpha1/timeintervals`, |
||||
params: { |
||||
allowWatchBookmarks: queryArg.allowWatchBookmarks, |
||||
continue: queryArg['continue'], |
||||
fieldSelector: queryArg.fieldSelector, |
||||
labelSelector: queryArg.labelSelector, |
||||
limit: queryArg.limit, |
||||
pretty: queryArg.pretty, |
||||
resourceVersion: queryArg.resourceVersion, |
||||
resourceVersionMatch: queryArg.resourceVersionMatch, |
||||
sendInitialEvents: queryArg.sendInitialEvents, |
||||
timeoutSeconds: queryArg.timeoutSeconds, |
||||
watch: queryArg.watch, |
||||
}, |
||||
}), |
||||
providesTags: ['TimeInterval'], |
||||
}), |
||||
}), |
||||
overrideExisting: false, |
||||
}); |
||||
export { injectedRtkApi as generatedTimeIntervalsApi }; |
||||
export type ListTimeIntervalForAllNamespacesApiResponse = |
||||
/** status 200 OK */ ComGithubGrafanaGrafanaPkgApisAlertingNotificationsV0Alpha1TimeIntervalList; |
||||
export type ListTimeIntervalForAllNamespacesApiArg = { |
||||
/** allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. */ |
||||
allowWatchBookmarks?: boolean; |
||||
/** The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". |
||||
|
||||
This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. */ |
||||
continue?: string; |
||||
/** A selector to restrict the list of returned objects by their fields. Defaults to everything. */ |
||||
fieldSelector?: string; |
||||
/** A selector to restrict the list of returned objects by their labels. Defaults to everything. */ |
||||
labelSelector?: string; |
||||
/** limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. |
||||
|
||||
The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. */ |
||||
limit?: number; |
||||
/** If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget). */ |
||||
pretty?: string; |
||||
/** resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. |
||||
|
||||
Defaults to unset */ |
||||
resourceVersion?: string; |
||||
/** resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. |
||||
|
||||
Defaults to unset */ |
||||
resourceVersionMatch?: string; |
||||
/** `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched. |
||||
|
||||
When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan |
||||
is interpreted as "data at least as new as the provided `resourceVersion`" |
||||
and the bookmark event is send when the state is synced |
||||
to a `resourceVersion` at least as fresh as the one provided by the ListOptions. |
||||
If `resourceVersion` is unset, this is interpreted as "consistent read" and the |
||||
bookmark event is send when the state is synced at least to the moment |
||||
when request started being processed. |
||||
- `resourceVersionMatch` set to any other value or unset |
||||
Invalid error is returned. |
||||
|
||||
Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise. */ |
||||
sendInitialEvents?: boolean; |
||||
/** Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. */ |
||||
timeoutSeconds?: number; |
||||
/** Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. */ |
||||
watch?: boolean; |
||||
}; |
||||
export type IoK8SApimachineryPkgApisMetaV1Time = string; |
||||
export type IoK8SApimachineryPkgApisMetaV1FieldsV1 = object; |
||||
export type IoK8SApimachineryPkgApisMetaV1ManagedFieldsEntry = { |
||||
/** APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. */ |
||||
apiVersion?: string; |
||||
/** FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1" */ |
||||
fieldsType?: string; |
||||
/** FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. */ |
||||
fieldsV1?: IoK8SApimachineryPkgApisMetaV1FieldsV1; |
||||
/** Manager is an identifier of the workflow managing these fields. */ |
||||
manager?: string; |
||||
/** Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. */ |
||||
operation?: string; |
||||
/** Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. */ |
||||
subresource?: string; |
||||
/** Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. */ |
||||
time?: IoK8SApimachineryPkgApisMetaV1Time; |
||||
}; |
||||
export type IoK8SApimachineryPkgApisMetaV1OwnerReference = { |
||||
/** API version of the referent. */ |
||||
apiVersion: string; |
||||
/** If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. */ |
||||
blockOwnerDeletion?: boolean; |
||||
/** If true, this reference points to the managing controller. */ |
||||
controller?: boolean; |
||||
/** Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds */ |
||||
kind: string; |
||||
/** Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names */ |
||||
name: string; |
||||
/** UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids */ |
||||
uid: string; |
||||
}; |
||||
export type IoK8SApimachineryPkgApisMetaV1ObjectMeta = { |
||||
/** Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations */ |
||||
annotations?: { |
||||
[key: string]: string; |
||||
}; |
||||
/** CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. |
||||
|
||||
Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata */
|
||||
creationTimestamp?: IoK8SApimachineryPkgApisMetaV1Time; |
||||
/** Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. */ |
||||
deletionGracePeriodSeconds?: number; |
||||
/** DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. |
||||
|
||||
Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata */
|
||||
deletionTimestamp?: IoK8SApimachineryPkgApisMetaV1Time; |
||||
/** Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. */ |
||||
finalizers?: string[]; |
||||
/** GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. |
||||
|
||||
If this field is specified and the generated name exists, the server will return a 409. |
||||
|
||||
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency */
|
||||
generateName?: string; |
||||
/** A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. */ |
||||
generation?: number; |
||||
/** Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels */ |
||||
labels?: { |
||||
[key: string]: string; |
||||
}; |
||||
/** ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. */ |
||||
managedFields?: IoK8SApimachineryPkgApisMetaV1ManagedFieldsEntry[]; |
||||
/** Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names */ |
||||
name?: string; |
||||
/** Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. |
||||
|
||||
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces */
|
||||
namespace?: string; |
||||
/** List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. */ |
||||
ownerReferences?: IoK8SApimachineryPkgApisMetaV1OwnerReference[]; |
||||
/** An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. |
||||
|
||||
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency */
|
||||
resourceVersion?: string; |
||||
/** Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. */ |
||||
selfLink?: string; |
||||
/** UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. |
||||
|
||||
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids */
|
||||
uid?: string; |
||||
}; |
||||
export type ComGithubGrafanaGrafanaPkgApisAlertingNotificationsV0Alpha1TimeRange = { |
||||
end_time: string; |
||||
start_time: string; |
||||
}; |
||||
export type ComGithubGrafanaGrafanaPkgApisAlertingNotificationsV0Alpha1Interval = { |
||||
days_of_month?: string[]; |
||||
location?: string; |
||||
months?: string[]; |
||||
times?: ComGithubGrafanaGrafanaPkgApisAlertingNotificationsV0Alpha1TimeRange[]; |
||||
weekdays?: string[]; |
||||
years?: string[]; |
||||
}; |
||||
export type ComGithubGrafanaGrafanaPkgApisAlertingNotificationsV0Alpha1TimeIntervalSpec = { |
||||
name: string; |
||||
time_intervals: ComGithubGrafanaGrafanaPkgApisAlertingNotificationsV0Alpha1Interval[]; |
||||
}; |
||||
export type ComGithubGrafanaGrafanaPkgApisAlertingNotificationsV0Alpha1TimeInterval = { |
||||
/** APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources */ |
||||
apiVersion?: string; |
||||
/** Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds */ |
||||
kind?: string; |
||||
metadata: IoK8SApimachineryPkgApisMetaV1ObjectMeta; |
||||
spec: ComGithubGrafanaGrafanaPkgApisAlertingNotificationsV0Alpha1TimeIntervalSpec; |
||||
}; |
||||
export type IoK8SApimachineryPkgApisMetaV1ListMeta = { |
||||
/** continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message. */ |
||||
continue?: string; |
||||
/** remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is *estimating* the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact. */ |
||||
remainingItemCount?: number; |
||||
/** String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency */ |
||||
resourceVersion?: string; |
||||
/** Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. */ |
||||
selfLink?: string; |
||||
}; |
||||
export type ComGithubGrafanaGrafanaPkgApisAlertingNotificationsV0Alpha1TimeIntervalList = { |
||||
/** APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources */ |
||||
apiVersion?: string; |
||||
items: ComGithubGrafanaGrafanaPkgApisAlertingNotificationsV0Alpha1TimeInterval[]; |
||||
/** Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds */ |
||||
kind?: string; |
||||
metadata: IoK8SApimachineryPkgApisMetaV1ListMeta; |
||||
}; |
||||
@ -1,73 +0,0 @@ |
||||
@use 'sass:color'; |
||||
|
||||
// Button backgrounds |
||||
// ------------------ |
||||
@mixin buttonBackground($startColor, $endColor, $text-color: #fff, $textShadow: 0px 1px 0 rgba(0, 0, 0, 0.1)) { |
||||
// gradientBar will set the background to a pleasing blend of these, to support IE<=9 |
||||
@include gradientBar($startColor, $endColor, $text-color, $textShadow); |
||||
|
||||
// in these cases the gradient won't cover the background, so we override |
||||
&:hover, |
||||
&:focus, |
||||
&:active, |
||||
&.active, |
||||
&.disabled, |
||||
&[disabled] { |
||||
color: $text-color; |
||||
background-image: none; |
||||
background-color: $startColor; |
||||
} |
||||
} |
||||
|
||||
// Button sizes |
||||
@mixin button-size($padding-y, $padding-x, $font-size, $border-radius) { |
||||
padding: $padding-y $padding-x; |
||||
font-size: $font-size; |
||||
//box-shadow: inset 0 (-$padding-y/3) rgba(0,0,0,0.15); |
||||
|
||||
@include border-radius($border-radius); |
||||
} |
||||
|
||||
@mixin button-outline-variant($color) { |
||||
color: $white; |
||||
background-image: none; |
||||
background-color: transparent; |
||||
border: 1px solid $white; |
||||
|
||||
@include hover { |
||||
color: $white; |
||||
background-color: $color; |
||||
} |
||||
|
||||
&:focus, |
||||
&.focus { |
||||
color: $white; |
||||
background-color: $color; |
||||
} |
||||
|
||||
&:active, |
||||
&.active, |
||||
.open > &.dropdown-toggle { |
||||
color: $white; |
||||
background-color: $color; |
||||
|
||||
&:hover, |
||||
&:focus, |
||||
&.focus { |
||||
color: $white; |
||||
background-color: color.adjust($color, $lightness: -17%); |
||||
border-color: color.adjust($color, $lightness: -25%); |
||||
} |
||||
} |
||||
|
||||
&.disabled, |
||||
&:disabled { |
||||
&:focus, |
||||
&.focus { |
||||
border-color: color.adjust($color, $lightness: 20%); |
||||
} |
||||
@include hover { |
||||
border-color: color.adjust($color, $lightness: 20%); |
||||
} |
||||
} |
||||
} |
||||
@ -1,66 +0,0 @@ |
||||
@use 'sass:color'; |
||||
|
||||
@mixin form-control-validation($color) { |
||||
// Color the label and help text |
||||
.text-help, |
||||
.form-control-label, |
||||
.radio, |
||||
.checkbox, |
||||
.radio-inline, |
||||
.checkbox-inline, |
||||
&.radio label, |
||||
&.checkbox label, |
||||
&.radio-inline label, |
||||
&.checkbox-inline label, |
||||
.custom-control { |
||||
color: $color; |
||||
} |
||||
|
||||
.form-control { |
||||
border-color: $color; |
||||
} |
||||
|
||||
// Set validation states also for addons |
||||
.input-group-addon { |
||||
color: $color; |
||||
border-color: $color; |
||||
background-color: color.adjust($color, $lightness: 40%); |
||||
} |
||||
// Optional feedback icon |
||||
.form-control-feedback { |
||||
color: $color; |
||||
} |
||||
} |
||||
|
||||
@mixin form-control-focus() { |
||||
&:focus { |
||||
border-color: $input-border-focus; |
||||
outline: none; |
||||
} |
||||
} |
||||
|
||||
// Form control sizing |
||||
// |
||||
// Relative text size, padding, and border-radii changes for form controls. For |
||||
// horizontal sizing, wrap controls in the predefined grid classes. `<select>` |
||||
// element gets special love because it's special, and that's a fact! |
||||
|
||||
@mixin input-size($parent, $input-height, $padding-y, $padding-x, $font-size, $line-height, $border-radius) { |
||||
#{$parent} { |
||||
height: $input-height; |
||||
padding: $padding-y $padding-x; |
||||
font-size: $font-size; |
||||
line-height: $line-height; |
||||
@include border-radius($border-radius); |
||||
} |
||||
|
||||
select#{$parent} { |
||||
height: $input-height; |
||||
line-height: $input-height; |
||||
} |
||||
|
||||
textarea#{$parent}, |
||||
select[multiple]#{$parent} { |
||||
height: auto; |
||||
} |
||||
} |
||||
@ -1,48 +0,0 @@ |
||||
// Framework grid generation |
||||
// |
||||
// Used only by Bootstrap to generate the correct number of grid classes given |
||||
// any value of `$grid-columns`. |
||||
|
||||
@mixin make-grid-columns($columns: $grid-columns, $gutter: $grid-gutter-width, $breakpoints: $grid-breakpoints) { |
||||
$breakpoint-counter: 0; |
||||
@each $breakpoint in map-keys($breakpoints) { |
||||
$breakpoint-counter: ($breakpoint-counter + 1); |
||||
@include media-breakpoint-up($breakpoint, $breakpoints) { |
||||
@if $enable-flex { |
||||
.col-#{$breakpoint} { |
||||
position: relative; |
||||
flex-basis: 0; |
||||
flex-grow: 1; |
||||
max-width: 100%; |
||||
min-height: 1px; |
||||
padding-right: calc($grid-gutter-width / 2); |
||||
padding-left: calc($grid-gutter-width / 2); |
||||
} |
||||
} |
||||
|
||||
@for $i from 1 through $columns { |
||||
.col-#{$breakpoint}-#{$i} { |
||||
@include make-col($i, $columns); |
||||
} |
||||
} |
||||
|
||||
@each $modifier in (pull, push) { |
||||
@for $i from 0 through $columns { |
||||
.#{$modifier}-#{$breakpoint}-#{$i} { |
||||
@include make-col-modifier($modifier, $i, $columns); |
||||
} |
||||
} |
||||
} |
||||
|
||||
// `$columns - 1` because offsetting by the width of an entire row isn't possible |
||||
@for $i from 0 through ($columns - 1) { |
||||
@if $breakpoint-counter != 1 or $i != 0 { |
||||
// Avoid emitting useless .col-xs-offset-0 |
||||
.offset-#{$breakpoint}-#{$i} { |
||||
@include make-col-modifier(offset, $i, $columns); |
||||
} |
||||
} |
||||
} |
||||
} |
||||
} |
||||
} |
||||
@ -1,76 +0,0 @@ |
||||
@use 'sass:math'; |
||||
|
||||
/// Grid system |
||||
// |
||||
// Generate semantic grid columns with these mixins. |
||||
|
||||
@mixin make-container($gutter: $grid-gutter-width) { |
||||
margin-left: auto; |
||||
margin-right: auto; |
||||
padding-left: calc($gutter / 2); |
||||
padding-right: calc($gutter / 2); |
||||
@if not $enable-flex { |
||||
@include clearfix(); |
||||
} |
||||
} |
||||
|
||||
// For each breakpoint, define the maximum width of the container in a media query |
||||
@mixin make-container-max-widths($max-widths: $container-max-widths, $breakpoints: $grid-breakpoints) { |
||||
@each $breakpoint, $container-max-width in $max-widths { |
||||
@include media-breakpoint-up($breakpoint, $breakpoints) { |
||||
max-width: $container-max-width; |
||||
} |
||||
} |
||||
} |
||||
|
||||
@mixin make-row($gutter: $grid-gutter-width) { |
||||
@if $enable-flex { |
||||
display: flex; |
||||
flex-wrap: wrap; |
||||
} @else { |
||||
@include clearfix(); |
||||
} |
||||
margin-left: calc($gutter / -2); |
||||
margin-right: calc($gutter / -2); |
||||
} |
||||
|
||||
@mixin make-col($size, $columns: $grid-columns) { |
||||
position: relative; |
||||
min-height: 1px; |
||||
padding-right: calc($grid-gutter-width / 2); |
||||
padding-left: calc($grid-gutter-width / 2); |
||||
|
||||
@if $enable-flex { |
||||
flex: 0 0 math.percentage(calc($size / $columns)); |
||||
// Add a `max-width` to ensure content within each column does not blow out |
||||
// the width of the column. Applies to IE10+ and Firefox. Chrome and Safari |
||||
// do not appear to require this. |
||||
max-width: math.percentage(calc($size / $columns)); |
||||
} @else { |
||||
float: left; |
||||
width: math.percentage(calc($size / $columns)); |
||||
} |
||||
} |
||||
|
||||
@mixin make-col-offset($size, $columns: $grid-columns) { |
||||
margin-left: math.percentage(calc($size / $columns)); |
||||
} |
||||
|
||||
@mixin make-col-push($size, $columns: $grid-columns) { |
||||
left: if($size > 0, math.percentage(calc($size / $columns)), auto); |
||||
} |
||||
|
||||
@mixin make-col-pull($size, $columns: $grid-columns) { |
||||
right: if($size > 0, math.percentage(calc($size / $columns)), auto); |
||||
} |
||||
|
||||
@mixin make-col-modifier($type, $size, $columns) { |
||||
// Work around the lack of dynamic mixin @include support (https://github.com/sass/sass/issues/626) |
||||
@if $type == push { |
||||
@include make-col-push($size, $columns); |
||||
} @else if $type == pull { |
||||
@include make-col-pull($size, $columns); |
||||
} @else if $type == offset { |
||||
@include make-col-offset($size, $columns); |
||||
} |
||||
} |
||||
@ -1,67 +0,0 @@ |
||||
@mixin hover { |
||||
@if $enable-hover-media-query { |
||||
// See Media Queries Level 4: http://drafts.csswg.org/mediaqueries/#hover |
||||
// Currently shimmed by https://github.com/twbs/mq4-hover-shim |
||||
@media (hover: hover) { |
||||
&:hover { |
||||
@content; |
||||
} |
||||
} |
||||
} @else { |
||||
&:hover { |
||||
@content; |
||||
} |
||||
} |
||||
} |
||||
|
||||
@mixin hover-focus { |
||||
@if $enable-hover-media-query { |
||||
&:focus { |
||||
@content; |
||||
} |
||||
@include hover { |
||||
@content; |
||||
} |
||||
} @else { |
||||
&:focus, |
||||
&:hover { |
||||
@content; |
||||
} |
||||
} |
||||
} |
||||
|
||||
@mixin plain-hover-focus { |
||||
@if $enable-hover-media-query { |
||||
&, |
||||
&:focus { |
||||
@content; |
||||
} |
||||
@include hover { |
||||
@content; |
||||
} |
||||
} @else { |
||||
&, |
||||
&:focus, |
||||
&:hover { |
||||
@content; |
||||
} |
||||
} |
||||
} |
||||
|
||||
@mixin hover-focus-active { |
||||
@if $enable-hover-media-query { |
||||
&:focus, |
||||
&:active { |
||||
@content; |
||||
} |
||||
@include hover { |
||||
@content; |
||||
} |
||||
} @else { |
||||
&:focus, |
||||
&:active, |
||||
&:hover { |
||||
@content; |
||||
} |
||||
} |
||||
} |
||||
@ -0,0 +1,38 @@ |
||||
/** |
||||
* To generate alerting k8s APIs, run: |
||||
* `npx rtk-query-codegen-openapi ./scripts/generate-alerting-rtk-apis.ts` |
||||
*/ |
||||
|
||||
import { ConfigFile } from '@rtk-query/codegen-openapi'; |
||||
import { accessSync } from 'fs'; |
||||
|
||||
const schemaFile = '../data/alerting/openapi.json'; |
||||
|
||||
try { |
||||
// Check we have the OpenAPI before generating alerting RTK APIs,
|
||||
// as this is currently a manual process
|
||||
accessSync(schemaFile); |
||||
} catch (e) { |
||||
console.error('\nCould not find OpenAPI definition.\n'); |
||||
console.error( |
||||
'Please visit /openapi/v3/apis/notifications.alerting.grafana.app/v0alpha1 and save the OpenAPI definition to data/alerting/openapi.json\n' |
||||
); |
||||
throw e; |
||||
} |
||||
|
||||
const config: ConfigFile = { |
||||
schemaFile, |
||||
apiFile: '', |
||||
tag: true, |
||||
outputFiles: { |
||||
'../public/app/features/alerting/unified/openapi/timeIntervalsApi.gen.ts': { |
||||
apiFile: '../public/app/features/alerting/unified/api/alertingApi.ts', |
||||
apiImport: 'alertingApi', |
||||
filterEndpoints: ['listTimeIntervalForAllNamespaces'], |
||||
exportName: 'generatedTimeIntervalsApi', |
||||
flattenArg: false, |
||||
}, |
||||
}, |
||||
}; |
||||
|
||||
export default config; |
||||
Loading…
Reference in new issue