apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

reload permissions after create folder (#51288)

Browse Source
pull/51392/head
Yuriy Tseretyan 3 years ago committed by GitHub
parent 24790fdf57
commit 4a9872d108
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 20 additions and 34 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      pkg/tests/api/alerting/api_alertmanager_test.go
  2. 1
      pkg/tests/api/alerting/api_notification_channel_test.go
  3. 21
      pkg/tests/api/alerting/api_prometheus_test.go
  4. 10
      pkg/tests/api/alerting/api_ruler_test.go
  5. 17
      pkg/tests/api/alerting/testing.go

5
pkg/tests/api/alerting/api_alertmanager_test.go
Unescape View File

@ -479,7 +479,6 @@ func TestAlertAndGroupsQuery(t *testing.T) {
{
// Create the namespace we'll save our alerts to.
apiClient.CreateFolder(t, "default", "default")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
}
// Create an alert that will fire as quickly as possible
@ -580,7 +579,6 @@ func TestRulerAccess(t *testing.T) {
// Create the namespace we'll save our alerts to.
client.CreateFolder(t, "default", "default")
reloadCachedPermissions(t, grafanaListedAddr, "editor", "editor")
// Now, let's test the access policies.
testCases := []struct {
@ -691,7 +689,6 @@ func TestDeleteFolderWithRules(t *testing.T) {
// Create the namespace we'll save our alerts to.
namespaceUID := "default"
apiClient.CreateFolder(t, namespaceUID, namespaceUID)
reloadCachedPermissions(t, grafanaListedAddr, "editor", "editor")
createRule(t, apiClient, "default")
@ -846,7 +843,6 @@ func TestAlertRuleCRUD(t *testing.T) {
// Create the namespace we'll save our alerts to.
apiClient.CreateFolder(t, "default", "default")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
interval, err := model.ParseDuration("1m")
require.NoError(t, err)
@ -1886,7 +1882,6 @@ func TestQuota(t *testing.T) {
apiClient := newAlertingApiClient(grafanaListedAddr, "grafana", "password")
// Create the namespace we'll save our alerts to.
apiClient.CreateFolder(t, "default", "default")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
interval, err := model.ParseDuration("1m")
require.NoError(t, err)

1
pkg/tests/api/alerting/api_notification_channel_test.go
Unescape View File

@ -758,7 +758,6 @@ func TestNotificationChannels(t *testing.T) {
{
// Create the namespace we'll save our alerts to.
apiClient.CreateFolder(t, "default", "default")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
// Post the alertmanager config.
u := fmt.Sprintf("http://grafana:password@%s/api/alertmanager/grafana/config/api/v1/alerts", grafanaListedAddr)

21
pkg/tests/api/alerting/api_prometheus_test.go
Unescape View File

@ -45,7 +45,6 @@ func TestPrometheusRules(t *testing.T) {
// Create the namespace we'll save our alerts to.
apiClient.CreateFolder(t, "default", "default")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
interval, err := model.ParseDuration("10s")
require.NoError(t, err)
@ -340,7 +339,6 @@ func TestPrometheusRulesFilterByDashboard(t *testing.T) {
// Create the namespace we'll save our alerts to.
dashboardUID := "default"
apiClient.CreateFolder(t, dashboardUID, dashboardUID)
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
interval, err := model.ParseDuration("10s")
require.NoError(t, err)
@ -642,8 +640,6 @@ func TestPrometheusRulesPermissions(t *testing.T) {
// Create the namespace we'll save our alerts to.
apiClient.CreateFolder(t, "folder2", "folder2")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
// Create rule under folder1
createRule(t, apiClient, "folder1")
@ -678,7 +674,7 @@ func TestPrometheusRulesPermissions(t *testing.T) {
// remove permissions from folder2
removeFolderPermission(t, permissionsStore, 1, userID, models.ROLE_EDITOR, "folder2")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
apiClient.ReloadCachedPermissions(t)
// make sure that folder2 is not included in the response
{
@ -703,7 +699,7 @@ func TestPrometheusRulesPermissions(t *testing.T) {
// remove permissions from folder1
removeFolderPermission(t, permissionsStore, 1, userID, models.ROLE_EDITOR, "folder1")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
apiClient.ReloadCachedPermissions(t)
// make sure that no folders are included in the response
{
@ -729,19 +725,6 @@ func TestPrometheusRulesPermissions(t *testing.T) {
}
}
func reloadCachedPermissions(t *testing.T, addr, login, password string) {
t.Helper()
u := fmt.Sprintf("http://%s:%s@%s/api/access-control/user/permissions?reloadcache=true", login, password, addr)
// nolint:gosec
resp, err := http.Get(u)
t.Cleanup(func() {
require.NoError(t, resp.Body.Close())
})
require.NoError(t, err)
require.Equal(t, http.StatusOK, resp.StatusCode)
}
func removeFolderPermission(t *testing.T, store *acdb.AccessControlStore, orgID, userID int64, role models.RoleType, uid string) {
t.Helper()
// remove user permissions on folder

10
pkg/tests/api/alerting/api_ruler_test.go
Unescape View File

@ -47,8 +47,6 @@ func TestAlertRulePermissions(t *testing.T) {
// Create the namespace we'll save our alerts to.
apiClient.CreateFolder(t, "folder2", "folder2")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
// Create rule under folder1
createRule(t, apiClient, "folder1")
@ -178,7 +176,7 @@ func TestAlertRulePermissions(t *testing.T) {
// remove permissions from folder2
removeFolderPermission(t, permissionsStore, 1, userID, models.ROLE_EDITOR, "folder2")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
apiClient.ReloadCachedPermissions(t)
// make sure that folder2 is not included in the response
// nolint:gosec
@ -252,7 +250,7 @@ func TestAlertRulePermissions(t *testing.T) {
// Remove permissions from folder1.
removeFolderPermission(t, permissionsStore, 1, userID, models.ROLE_EDITOR, "folder1")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
apiClient.ReloadCachedPermissions(t)
{
u := fmt.Sprintf("http://grafana:password@%s/api/ruler/grafana/api/v1/rules", grafanaListedAddr)
// nolint:gosec
@ -405,8 +403,6 @@ func TestRulerRulesFilterByDashboard(t *testing.T) {
// Create the namespace under default organisation (orgID = 1) where we'll save our alerts to.
apiClient.CreateFolder(t, "default", "default")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
interval, err := model.ParseDuration("10s")
require.NoError(t, err)
@ -742,8 +738,6 @@ func TestRuleGroupSequence(t *testing.T) {
folder1Title := "folder1"
client.CreateFolder(t, util.GenerateShortUID(), folder1Title)
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
group1 := generateAlertRuleGroup(5, alertRuleGen())
group2 := generateAlertRuleGroup(5, alertRuleGen())

17
pkg/tests/api/alerting/testing.go
Unescape View File

@ -171,7 +171,21 @@ func newAlertingApiClient(host, user, pass string) apiClient {
return apiClient{url: fmt.Sprintf("http://%s:%s@%s", user, pass, host)}
}
// CreateFolder creates a folder for storing our alerts under.
// ReloadCachedPermissions sends a request to access control API to refresh cached user permissions
func (a apiClient) ReloadCachedPermissions(t *testing.T) {
t.Helper()
u := fmt.Sprintf("%s/api/access-control/user/permissions?reloadcache=true", a.url)
// nolint:gosec
resp, err := http.Get(u)
defer func() {
_ = resp.Body.Close()
}()
require.NoErrorf(t, err, "failed to reload permissions cache")
require.Equalf(t, http.StatusOK, resp.StatusCode, "failed to reload permissions cache")
}
// CreateFolder creates a folder for storing our alerts, and then refreshes the permission cache to make sure that following requests will be accepted
func (a apiClient) CreateFolder(t *testing.T, uID string, title string) {
t.Helper()
payload := fmt.Sprintf(`{"uid": "%s","title": "%s"}`, uID, title)
@ -184,6 +198,7 @@ func (a apiClient) CreateFolder(t *testing.T, uID string, title string) {
}()
require.NoError(t, err)
assert.Equal(t, http.StatusOK, resp.StatusCode)
a.ReloadCachedPermissions(t)
}
func (a apiClient) PostRulesGroup(t *testing.T, folder string, group *apimodels.PostableRuleGroupConfig) (int, string) {

Write Preview
Loading…
Cancel
Save