apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
55561 Commits
642 Branches
650 Tags
2.3 GiB
 
 
 
 
 
 
Tag: Branch: Tree: c440bd2bda
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c440bd2bda'
${ noResults }
grafana/pkg/services/sqlstore/migrations/accesscontrol/disabled_migration.go

87 lines
3.0 KiB
Raw Blame History

package accesscontrol
import (
"fmt"
"xorm.io/xorm"
"github.com/grafana/grafana/pkg/services/sqlstore/migrator"
)
const (
disabledMigrationID = "rbac disabled migrator"
teamMigrationID = "teams permissions migration"
dashboardMigrationID = "dashboard permissions"
dashboardsUIDMigrationID = "dashboard permissions uid scopes"
datasourceMigrationID = "data source permissions"
datasourceUIDMigrationID = "data source uid permissions"
managedPermissionsMigrationID = "managed permissions migration"
alertFolderMigrationID = "managed folder permissions alert actions repeated migration"
managedPermissionsEnterpriseMigrationID = "managed permissions migration enterprise"
)
var migrations = [...]string{
teamMigrationID,
dashboardMigrationID,
dashboardsUIDMigrationID,
datasourceMigrationID,
datasourceUIDMigrationID,
managedPermissionsMigrationID,
alertFolderMigrationID,
managedPermissionsEnterpriseMigrationID,
}
func AddDisabledMigrator(mg *migrator.Migrator) {
mg.AddMigration(disabledMigrationID, &DisabledMigrator{})
}
type DisabledMigrator struct {
migrator.MigrationBase
}
func (m *DisabledMigrator) SQL(dialect migrator.Dialect) string {
return CodeMigrationSQL
}
func (m *DisabledMigrator) Exec(sess *xorm.Session, mg *migrator.Migrator) error {
enabled := mg.Cfg.Raw.Section("rbac").Key("enabled").MustBool(true)
if enabled {
// if the flag is enabled we skip the reset of data migrations
mg.Logger.Debug("skip reset of rbac data migrations")
return nil
}
if _, err := sess.Exec("DELETE FROM builtin_role WHERE role_id IN (SELECT id FROM role WHERE name LIKE 'managed:%')"); err != nil {
return fmt.Errorf("failed to remove basic role bindings: %w", err)
}
if _, err := sess.Exec("DELETE FROM team_role WHERE role_id IN (SELECT id FROM role WHERE name LIKE 'managed:%')"); err != nil {
return fmt.Errorf("failed to remove team role bindings: %w", err)
}
if _, err := sess.Exec("DELETE FROM user_role where role_id IN (SELECT id FROM role WHERE name LIKE 'managed:%')"); err != nil {
return fmt.Errorf("failed to remove user role bindings: %w", err)
}
if _, err := sess.Exec("DELETE FROM permission WHERE role_id IN (SELECT id FROM role WHERE name LIKE 'managed:%');"); err != nil {
return fmt.Errorf("failed to remove managed rbac permission: %w", err)
}
if _, err := sess.Exec("DELETE FROM role WHERE name LIKE 'managed:%';"); err != nil {
return fmt.Errorf("failed to remove managed rbac roles: %w", err)
}
params := []any{"DELETE FROM migration_log WHERE migration_id IN (?, ?, ?, ?, ?, ?, ?, ?)"}
for _, m := range migrations {
params = append(params, m)
}
if _, err := sess.Exec(params...); err != nil {
return fmt.Errorf("failed to remove managed permissions migrations: %w", err)
}
// Note: we also need to clear migration from the in-memory representation of migration log
mg.RemoveMigrationLogs(migrations[:]...)
return nil
}