apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix scope for datasource:query action (#46973)

Browse Source
pull/47020/head
Yuriy Tseretyan 3 years ago committed by GitHub
parent 3bcee53478
commit c1dbe7617c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 10 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 7
      pkg/services/ngalert/api/api_ruler_test.go
  2. 2
      pkg/services/ngalert/api/authorization.go
  3. 10
      pkg/services/ngalert/api/authorization_test.go

7
pkg/services/ngalert/api/api_ruler_test.go
Unescape View File

@ -15,7 +15,6 @@ import (
models2 "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/accesscontrol"
acMock "github.com/grafana/grafana/pkg/services/accesscontrol/mock"
"github.com/grafana/grafana/pkg/services/dashboards"
"github.com/grafana/grafana/pkg/services/datasources"
"github.com/grafana/grafana/pkg/services/ngalert/models"
"github.com/grafana/grafana/pkg/services/ngalert/schedule"
@ -426,7 +425,7 @@ func TestRouteDeleteAlertRules(t *testing.T) {
for _, rule := range rulesInFolder {
for _, query := range rule.Data {
permissions = append(permissions, &accesscontrol.Permission{
Action: datasources.ActionQuery, Scope: dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID),
Action: datasources.ActionQuery, Scope: datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID),
})
}
}
@ -459,7 +458,7 @@ func TestRouteDeleteAlertRules(t *testing.T) {
for _, rule := range authorizedRulesInFolder {
for _, query := range rule.Data {
permissions = append(permissions, &accesscontrol.Permission{
Action: datasources.ActionQuery, Scope: dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID),
Action: datasources.ActionQuery, Scope: datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID),
})
}
}
@ -494,7 +493,7 @@ func TestRouteDeleteAlertRules(t *testing.T) {
for _, rule := range authorizedRulesInGroup {
for _, query := range rule.Data {
permissions = append(permissions, &accesscontrol.Permission{
Action: datasources.ActionQuery, Scope: dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID),
Action: datasources.ActionQuery, Scope: datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID),
})
}
}

2
pkg/services/ngalert/api/authorization.go
Unescape View File

@ -194,7 +194,7 @@ func authorizeDatasourceAccessForRule(rule *ngmodels.AlertRule, evaluator func(e
if query.QueryType == expr.DatasourceType || query.DatasourceUID == expr.OldDatasourceUID {
continue
}
if !evaluator(ac.EvalPermission(datasources.ActionQuery, dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID))) {
if !evaluator(ac.EvalPermission(datasources.ActionQuery, datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID))) {
return false
}
}

10
pkg/services/ngalert/api/authorization_test.go
Unescape View File

@ -91,7 +91,7 @@ func TestAuthorizeRuleChanges(t *testing.T) {
var scopes []string
for _, rule := range c.New {
for _, query := range rule.Data {
scopes = append(scopes, dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID))
scopes = append(scopes, datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID))
}
}
return map[string][]string{
@ -126,7 +126,7 @@ func TestAuthorizeRuleChanges(t *testing.T) {
var scopes []string
for _, update := range c.Update {
for _, query := range update.New.Data {
scopes = append(scopes, dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID))
scopes = append(scopes, datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID))
}
}
@ -164,7 +164,7 @@ func TestAuthorizeRuleChanges(t *testing.T) {
var scopes []string
for _, update := range c.Update {
for _, query := range update.New.Data {
scopes = append(scopes, dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID))
scopes = append(scopes, datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID))
}
}
return map[string][]string{
@ -221,7 +221,7 @@ func TestAuthorizeRuleDelete(t *testing.T) {
var scopes []string
for _, rule := range rules {
for _, query := range rule.Data {
scopes = append(scopes, dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID))
scopes = append(scopes, datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID))
}
}
return scopes
@ -375,7 +375,7 @@ func TestCheckDatasourcePermissionsForRule(t *testing.T) {
expectedExecutions := rand.Intn(3) + 2
for i := 0; i < expectedExecutions; i++ {
q := models.GenerateAlertQuery()
scopes = append(scopes, dashboards.ScopeFoldersProvider.GetResourceScopeUID(q.DatasourceUID))
scopes = append(scopes, datasources.ScopeProvider.GetResourceScopeUID(q.DatasourceUID))
data = append(data, q)
}

Write Preview
Loading…
Cancel
Save