|
|
|
|
@ -178,13 +178,38 @@ var ( |
|
|
|
|
}, |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
timeIntervalsReaderRole = accesscontrol.RoleRegistration{ |
|
|
|
|
Role: accesscontrol.RoleDTO{ |
|
|
|
|
Name: accesscontrol.FixedRolePrefix + "alerting.time-intervals:reader", |
|
|
|
|
DisplayName: "Time Intervals Reader", |
|
|
|
|
Description: "Read all time intervals in Grafana alerting", |
|
|
|
|
Group: AlertRolesGroup, |
|
|
|
|
Permissions: []accesscontrol.Permission{ |
|
|
|
|
{Action: accesscontrol.ActionAlertingNotificationsTimeIntervalsRead}, |
|
|
|
|
}, |
|
|
|
|
}, |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
timeIntervalsWriterRole = accesscontrol.RoleRegistration{ |
|
|
|
|
Role: accesscontrol.RoleDTO{ |
|
|
|
|
Name: accesscontrol.FixedRolePrefix + "alerting.time-intervals:writer", |
|
|
|
|
DisplayName: "Time Intervals Writer", |
|
|
|
|
Description: "Create, update, and delete all time intervals in Grafana alerting", |
|
|
|
|
Group: AlertRolesGroup, |
|
|
|
|
Permissions: accesscontrol.ConcatPermissions(timeIntervalsReaderRole.Role.Permissions, []accesscontrol.Permission{ |
|
|
|
|
{Action: accesscontrol.ActionAlertingNotificationsTimeIntervalsWrite}, |
|
|
|
|
{Action: accesscontrol.ActionAlertingNotificationsTimeIntervalsDelete}, |
|
|
|
|
}), |
|
|
|
|
}, |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
notificationsReaderRole = accesscontrol.RoleRegistration{ |
|
|
|
|
Role: accesscontrol.RoleDTO{ |
|
|
|
|
Name: accesscontrol.FixedRolePrefix + "alerting.notifications:reader", |
|
|
|
|
DisplayName: "Notifications Reader", |
|
|
|
|
Description: "Read notification policies and contact points in Grafana and external providers", |
|
|
|
|
Group: AlertRolesGroup, |
|
|
|
|
Permissions: accesscontrol.ConcatPermissions(receiversReaderRole.Role.Permissions, templatesReaderRole.Role.Permissions, []accesscontrol.Permission{ |
|
|
|
|
Permissions: accesscontrol.ConcatPermissions(receiversReaderRole.Role.Permissions, templatesReaderRole.Role.Permissions, timeIntervalsReaderRole.Role.Permissions, []accesscontrol.Permission{ |
|
|
|
|
{ |
|
|
|
|
Action: accesscontrol.ActionAlertingNotificationsRead, |
|
|
|
|
}, |
|
|
|
|
@ -192,9 +217,6 @@ var ( |
|
|
|
|
Action: accesscontrol.ActionAlertingNotificationsExternalRead, |
|
|
|
|
Scope: datasources.ScopeAll, |
|
|
|
|
}, |
|
|
|
|
{ |
|
|
|
|
Action: accesscontrol.ActionAlertingNotificationsTimeIntervalsRead, |
|
|
|
|
}, |
|
|
|
|
}), |
|
|
|
|
}, |
|
|
|
|
} |
|
|
|
|
@ -205,7 +227,7 @@ var ( |
|
|
|
|
DisplayName: "Notifications Writer", |
|
|
|
|
Description: "Add, update, and delete contact points and notification policies in Grafana and external providers", |
|
|
|
|
Group: AlertRolesGroup, |
|
|
|
|
Permissions: accesscontrol.ConcatPermissions(notificationsReaderRole.Role.Permissions, receiversWriterRole.Role.Permissions, templatesWriterRole.Role.Permissions, []accesscontrol.Permission{ |
|
|
|
|
Permissions: accesscontrol.ConcatPermissions(notificationsReaderRole.Role.Permissions, receiversWriterRole.Role.Permissions, templatesWriterRole.Role.Permissions, timeIntervalsWriterRole.Role.Permissions, []accesscontrol.Permission{ |
|
|
|
|
{ |
|
|
|
|
Action: accesscontrol.ActionAlertingNotificationsWrite, |
|
|
|
|
}, |
|
|
|
|
@ -337,7 +359,7 @@ func DeclareFixedRoles(service accesscontrol.Service, features featuremgmt.Featu |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if features.IsEnabledGlobally(featuremgmt.FlagAlertingApiServer) { |
|
|
|
|
fixedRoles = append(fixedRoles, receiversReaderRole, receiversCreatorRole, receiversWriterRole, templatesReaderRole, templatesWriterRole) |
|
|
|
|
fixedRoles = append(fixedRoles, receiversReaderRole, receiversCreatorRole, receiversWriterRole, templatesReaderRole, templatesWriterRole, timeIntervalsReaderRole, timeIntervalsWriterRole) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
return service.DeclareFixedRoles(fixedRoles...) |
|
|
|
|
|
Yuri Tseretyan
10 months ago
committed by