apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix scope for datasource:query action (#46973)

Browse Source
pull/47020/head
Yuriy Tseretyan 3 years ago committed by GitHub
parent 3bcee53478
commit c1dbe7617c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 10 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 7
      pkg/services/ngalert/api/api_ruler_test.go
  2. 2
      pkg/services/ngalert/api/authorization.go
  3. 10
      pkg/services/ngalert/api/authorization_test.go

7
pkg/services/ngalert/api/api_ruler_test.go
Unescape View File

@ -15,7 +15,6 @@ import (
models2 "github.com/grafana/grafana/pkg/models" models2 "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/accesscontrol" "github.com/grafana/grafana/pkg/services/accesscontrol"
acMock "github.com/grafana/grafana/pkg/services/accesscontrol/mock" acMock "github.com/grafana/grafana/pkg/services/accesscontrol/mock"
"github.com/grafana/grafana/pkg/services/dashboards"
"github.com/grafana/grafana/pkg/services/datasources" "github.com/grafana/grafana/pkg/services/datasources"
"github.com/grafana/grafana/pkg/services/ngalert/models" "github.com/grafana/grafana/pkg/services/ngalert/models"
"github.com/grafana/grafana/pkg/services/ngalert/schedule" "github.com/grafana/grafana/pkg/services/ngalert/schedule"
@ -426,7 +425,7 @@ func TestRouteDeleteAlertRules(t *testing.T) {
for _, rule := range rulesInFolder { for _, rule := range rulesInFolder {
for _, query := range rule.Data { for _, query := range rule.Data {
permissions = append(permissions, &accesscontrol.Permission{ permissions = append(permissions, &accesscontrol.Permission{
Action: datasources.ActionQuery, Scope: dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID), Action: datasources.ActionQuery, Scope: datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID),
}) })
} }
} }
@ -459,7 +458,7 @@ func TestRouteDeleteAlertRules(t *testing.T) {
for _, rule := range authorizedRulesInFolder { for _, rule := range authorizedRulesInFolder {
for _, query := range rule.Data { for _, query := range rule.Data {
permissions = append(permissions, &accesscontrol.Permission{ permissions = append(permissions, &accesscontrol.Permission{
Action: datasources.ActionQuery, Scope: dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID), Action: datasources.ActionQuery, Scope: datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID),
}) })
} }
} }
@ -494,7 +493,7 @@ func TestRouteDeleteAlertRules(t *testing.T) {
for _, rule := range authorizedRulesInGroup { for _, rule := range authorizedRulesInGroup {
for _, query := range rule.Data { for _, query := range rule.Data {
permissions = append(permissions, &accesscontrol.Permission{ permissions = append(permissions, &accesscontrol.Permission{
Action: datasources.ActionQuery, Scope: dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID), Action: datasources.ActionQuery, Scope: datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID),
}) })
} }
} }

2
pkg/services/ngalert/api/authorization.go
Unescape View File

@ -194,7 +194,7 @@ func authorizeDatasourceAccessForRule(rule *ngmodels.AlertRule, evaluator func(e
if query.QueryType == expr.DatasourceType || query.DatasourceUID == expr.OldDatasourceUID { if query.QueryType == expr.DatasourceType || query.DatasourceUID == expr.OldDatasourceUID {
continue continue
} }
if !evaluator(ac.EvalPermission(datasources.ActionQuery, dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID))) { if !evaluator(ac.EvalPermission(datasources.ActionQuery, datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID))) {
return false return false
} }
} }

10
pkg/services/ngalert/api/authorization_test.go
Unescape View File

@ -91,7 +91,7 @@ func TestAuthorizeRuleChanges(t *testing.T) {
var scopes []string var scopes []string
for _, rule := range c.New { for _, rule := range c.New {
for _, query := range rule.Data { for _, query := range rule.Data {
scopes = append(scopes, dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID)) scopes = append(scopes, datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID))
} }
} }
return map[string][]string{ return map[string][]string{
@ -126,7 +126,7 @@ func TestAuthorizeRuleChanges(t *testing.T) {
var scopes []string var scopes []string
for _, update := range c.Update { for _, update := range c.Update {
for _, query := range update.New.Data { for _, query := range update.New.Data {
scopes = append(scopes, dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID)) scopes = append(scopes, datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID))
} }
} }
@ -164,7 +164,7 @@ func TestAuthorizeRuleChanges(t *testing.T) {
var scopes []string var scopes []string
for _, update := range c.Update { for _, update := range c.Update {
for _, query := range update.New.Data { for _, query := range update.New.Data {
scopes = append(scopes, dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID)) scopes = append(scopes, datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID))
} }
} }
return map[string][]string{ return map[string][]string{
@ -221,7 +221,7 @@ func TestAuthorizeRuleDelete(t *testing.T) {
var scopes []string var scopes []string
for _, rule := range rules { for _, rule := range rules {
for _, query := range rule.Data { for _, query := range rule.Data {
scopes = append(scopes, dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID)) scopes = append(scopes, datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID))
} }
} }
return scopes return scopes
@ -375,7 +375,7 @@ func TestCheckDatasourcePermissionsForRule(t *testing.T) {
expectedExecutions := rand.Intn(3) + 2 expectedExecutions := rand.Intn(3) + 2
for i := 0; i < expectedExecutions; i++ { for i := 0; i < expectedExecutions; i++ {
q := models.GenerateAlertQuery() q := models.GenerateAlertQuery()
scopes = append(scopes, dashboards.ScopeFoldersProvider.GetResourceScopeUID(q.DatasourceUID)) scopes = append(scopes, datasources.ScopeProvider.GetResourceScopeUID(q.DatasourceUID))
data = append(data, q) data = append(data, q)
} }

Write Preview
Loading…
Cancel
Save