grafana/pkg/services/ngalert/migration/models.go

package migration

import (
	pb "github.com/prometheus/alertmanager/silence/silencepb"

	"github.com/grafana/grafana/pkg/infra/log"
	"github.com/grafana/grafana/pkg/services/accesscontrol"
	"github.com/grafana/grafana/pkg/services/folder"
	migmodels "github.com/grafana/grafana/pkg/services/ngalert/migration/models"
	migrationStore "github.com/grafana/grafana/pkg/services/ngalert/migration/store"
	"github.com/grafana/grafana/pkg/services/ngalert/models"
	"github.com/grafana/grafana/pkg/services/ngalert/store"
	"github.com/grafana/grafana/pkg/services/secrets"
	"github.com/grafana/grafana/pkg/setting"
)

// OrgMigration is a helper struct for migrating alerts for a single org. It contains state, services, and caches.
type OrgMigration struct {
	cfg *setting.Cfg
	log log.Logger

	migrationStore    migrationStore.Store
	encryptionService secrets.Service

	orgID                      int64
	silences                   []*pb.MeshSilence
	titleDeduplicatorForFolder func(folderUID string) *migmodels.Deduplicator

	// Migrated folder for a dashboard based on permissions. Parent Folder ID -> unique dashboard permission -> custom folder.
	permissionsMap        map[int64]map[permissionHash]*folder.Folder
	folderCache           map[int64]*folder.Folder                      // Folder ID -> Folder.
	folderPermissionCache map[string][]accesscontrol.ResourcePermission // Folder UID -> Folder Permissions.
	generalAlertingFolder *folder.Folder

	state *migmodels.OrgMigrationState
}

// newOrgMigration creates a new OrgMigration for the given orgID.
func (ms *migrationService) newOrgMigration(orgID int64) *OrgMigration {
	titlededuplicatorPerFolder := make(map[string]*migmodels.Deduplicator)
	return &OrgMigration{
		cfg: ms.cfg,
		log: ms.log.New("orgID", orgID),

		migrationStore:    ms.migrationStore,
		encryptionService: ms.encryptionService,

		orgID:    orgID,
		silences: make([]*pb.MeshSilence, 0),
		titleDeduplicatorForFolder: func(folderUID string) *migmodels.Deduplicator {
			if _, ok := titlededuplicatorPerFolder[folderUID]; !ok {
				titlededuplicatorPerFolder[folderUID] = migmodels.NewDeduplicator(ms.migrationStore.CaseInsensitive(), store.AlertDefinitionMaxTitleLength)
			}
			return titlededuplicatorPerFolder[folderUID]
		},

		permissionsMap:        make(map[int64]map[permissionHash]*folder.Folder),
		folderCache:           make(map[int64]*folder.Folder),
		folderPermissionCache: make(map[string][]accesscontrol.ResourcePermission),

		state: &migmodels.OrgMigrationState{
			OrgID:          orgID,
			CreatedFolders: make([]string, 0),
		},
	}
}

type AlertPair struct {
	AlertRule *models.AlertRule
	DashAlert *migrationStore.DashAlert
}
Alerting: Move legacy alert migration from sqlstore migration to service (#72702) 2023-10-12 07:43:10 -05:00			`package migration`

			`import (`
			`pb "github.com/prometheus/alertmanager/silence/silencepb"`

			`"github.com/grafana/grafana/pkg/infra/log"`
Alerting: Handle custom dashboard permissions in migration service (#74504) * Fix migration of custom dashboard permissions Dashboard alert permissions were determined by both its dashboard and folder scoped permissions, while UA alert rules only have folder scoped permissions. This means, when migrating an alert, we'll need to decide if the parent folder is a correct location for the newly created alert rule so that users, teams, and org roles have the same access to it as they did in legacy. To do this, we translate both the folder and dashboard resource permissions to two sets of SetResourcePermissionCommands. Each of these encapsulates a mapping of all: OrgRoles -> Viewer/Editor/Admin Teams -> Viewer/Editor/Admin Users -> Viewer/Editor/Admin When the dashboard permissions (including those inherited from the parent folder) differ from the parent folder permissions alone, we need to create a new folder to represent the access-level of the legacy dashboard. Compromises: When determining the SetResourcePermissionCommands we only take into account managed and basic roles. Fixed and custom roles introduce significant complexity and synchronicity hurdles. Instead, we log a warning they had the potential to override the newly created folder permissions. Also, we don't attempt to reconcile datasource permissions that were not necessary in legacy alerting. Users without access to the necessary datasources to edit an alert rule will need to obtain said access separate from the migration. 2023-10-12 17:12:40 -05:00			`"github.com/grafana/grafana/pkg/services/accesscontrol"`
Alerting: Move legacy alert migration from sqlstore migration to service (#72702) 2023-10-12 07:43:10 -05:00			`"github.com/grafana/grafana/pkg/services/folder"`
			`migmodels "github.com/grafana/grafana/pkg/services/ngalert/migration/models"`
			`migrationStore "github.com/grafana/grafana/pkg/services/ngalert/migration/store"`
			`"github.com/grafana/grafana/pkg/services/ngalert/models"`
			`"github.com/grafana/grafana/pkg/services/ngalert/store"`
			`"github.com/grafana/grafana/pkg/services/secrets"`
			`"github.com/grafana/grafana/pkg/setting"`
			`)`

			`// OrgMigration is a helper struct for migrating alerts for a single org. It contains state, services, and caches.`
			`type OrgMigration struct {`
			`cfg *setting.Cfg`
			`log log.Logger`

			`migrationStore migrationStore.Store`
			`encryptionService secrets.Service`

Alerting: In migration improve deduplication of title and group (#78351) * Alerting: In migration improve deduplication of title and group This change improves alert titles generated in the legacy migration that occur when we need to deduplicate titles. Now when duplicate titles are detected we will first attempt to append a sequential index, falling back to a random uid if none are unique within 10 attempts. This should cause shorter and more easily readable deduplicated titles in most cases. In addition, groups are no longer deduplicated. Instead we set them to a combination of truncated dashboard name and humanized alert frequency. This way, alerts from the same dashboard share a group if they have the same evaluation interval. In the event that truncation causes overlap, it won't be a big issue as all alerts will still be in a group with the correct evaluation interval. 2023-11-29 09:05:00 -06:00			`orgID int64`
			`silences []*pb.MeshSilence`
			`titleDeduplicatorForFolder func(folderUID string) *migmodels.Deduplicator`
Alerting: Move legacy alert migration from sqlstore migration to service (#72702) 2023-10-12 07:43:10 -05:00
Alerting: Handle custom dashboard permissions in migration service (#74504) * Fix migration of custom dashboard permissions Dashboard alert permissions were determined by both its dashboard and folder scoped permissions, while UA alert rules only have folder scoped permissions. This means, when migrating an alert, we'll need to decide if the parent folder is a correct location for the newly created alert rule so that users, teams, and org roles have the same access to it as they did in legacy. To do this, we translate both the folder and dashboard resource permissions to two sets of SetResourcePermissionCommands. Each of these encapsulates a mapping of all: OrgRoles -> Viewer/Editor/Admin Teams -> Viewer/Editor/Admin Users -> Viewer/Editor/Admin When the dashboard permissions (including those inherited from the parent folder) differ from the parent folder permissions alone, we need to create a new folder to represent the access-level of the legacy dashboard. Compromises: When determining the SetResourcePermissionCommands we only take into account managed and basic roles. Fixed and custom roles introduce significant complexity and synchronicity hurdles. Instead, we log a warning they had the potential to override the newly created folder permissions. Also, we don't attempt to reconcile datasource permissions that were not necessary in legacy alerting. Users without access to the necessary datasources to edit an alert rule will need to obtain said access separate from the migration. 2023-10-12 17:12:40 -05:00			`// Migrated folder for a dashboard based on permissions. Parent Folder ID -> unique dashboard permission -> custom folder.`
			`permissionsMap map[int64]map[permissionHash]*folder.Folder`
			`folderCache map[int64]*folder.Folder // Folder ID -> Folder.`
			`folderPermissionCache map[string][]accesscontrol.ResourcePermission // Folder UID -> Folder Permissions.`
Alerting: Move legacy alert migration from sqlstore migration to service (#72702) 2023-10-12 07:43:10 -05:00			`generalAlertingFolder *folder.Folder`

			`state *migmodels.OrgMigrationState`
			`}`

			`// newOrgMigration creates a new OrgMigration for the given orgID.`
Alerting: Fix flaky SQLITE_BUSY when migrating with provisioned dashboards (#76658) * Alerting: Move migration from background service run to ngalert init sqlite database write contention between the migration's single transaction and dashboard provisioning's frequent commits was causing the migration to fail with SQLITE_BUSY/SQLITE_BUSY_SNAPSHOT on all retries. This is not a new issue for sqlite+grafana, but the discrepancy between the length of the transactions was causing it to be very consistent. In addition, since a failed migration has implications on the assumed correctness of the alertmanager and alert rule definition state, we cause a server shutdown on error. This can make e2e tests as well as some high-load provisioned sqlite installations flaky on startup. The correct fix for this is better transaction management across various services and is out of scope for this change as we're primarily interested in mitigating the current bout of server failures in e2e tests when using sqlite. 2023-10-19 09:03:00 -05:00			`func (ms migrationService) newOrgMigration(orgID int64) OrgMigration {`
Alerting: In migration improve deduplication of title and group (#78351) * Alerting: In migration improve deduplication of title and group This change improves alert titles generated in the legacy migration that occur when we need to deduplicate titles. Now when duplicate titles are detected we will first attempt to append a sequential index, falling back to a random uid if none are unique within 10 attempts. This should cause shorter and more easily readable deduplicated titles in most cases. In addition, groups are no longer deduplicated. Instead we set them to a combination of truncated dashboard name and humanized alert frequency. This way, alerts from the same dashboard share a group if they have the same evaluation interval. In the event that truncation causes overlap, it won't be a big issue as all alerts will still be in a group with the correct evaluation interval. 2023-11-29 09:05:00 -06:00			`titlededuplicatorPerFolder := make(map[string]*migmodels.Deduplicator)`
Alerting: Move legacy alert migration from sqlstore migration to service (#72702) 2023-10-12 07:43:10 -05:00			`return &OrgMigration{`
			`cfg: ms.cfg,`
			`log: ms.log.New("orgID", orgID),`

			`migrationStore: ms.migrationStore,`
			`encryptionService: ms.encryptionService,`

Alerting: In migration improve deduplication of title and group (#78351) * Alerting: In migration improve deduplication of title and group This change improves alert titles generated in the legacy migration that occur when we need to deduplicate titles. Now when duplicate titles are detected we will first attempt to append a sequential index, falling back to a random uid if none are unique within 10 attempts. This should cause shorter and more easily readable deduplicated titles in most cases. In addition, groups are no longer deduplicated. Instead we set them to a combination of truncated dashboard name and humanized alert frequency. This way, alerts from the same dashboard share a group if they have the same evaluation interval. In the event that truncation causes overlap, it won't be a big issue as all alerts will still be in a group with the correct evaluation interval. 2023-11-29 09:05:00 -06:00			`orgID: orgID,`
			`silences: make([]*pb.MeshSilence, 0),`
			`titleDeduplicatorForFolder: func(folderUID string) *migmodels.Deduplicator {`
			`if _, ok := titlededuplicatorPerFolder[folderUID]; !ok {`
			`titlededuplicatorPerFolder[folderUID] = migmodels.NewDeduplicator(ms.migrationStore.CaseInsensitive(), store.AlertDefinitionMaxTitleLength)`
			`}`
			`return titlededuplicatorPerFolder[folderUID]`
			`},`
Alerting: Handle custom dashboard permissions in migration service (#74504) * Fix migration of custom dashboard permissions Dashboard alert permissions were determined by both its dashboard and folder scoped permissions, while UA alert rules only have folder scoped permissions. This means, when migrating an alert, we'll need to decide if the parent folder is a correct location for the newly created alert rule so that users, teams, and org roles have the same access to it as they did in legacy. To do this, we translate both the folder and dashboard resource permissions to two sets of SetResourcePermissionCommands. Each of these encapsulates a mapping of all: OrgRoles -> Viewer/Editor/Admin Teams -> Viewer/Editor/Admin Users -> Viewer/Editor/Admin When the dashboard permissions (including those inherited from the parent folder) differ from the parent folder permissions alone, we need to create a new folder to represent the access-level of the legacy dashboard. Compromises: When determining the SetResourcePermissionCommands we only take into account managed and basic roles. Fixed and custom roles introduce significant complexity and synchronicity hurdles. Instead, we log a warning they had the potential to override the newly created folder permissions. Also, we don't attempt to reconcile datasource permissions that were not necessary in legacy alerting. Users without access to the necessary datasources to edit an alert rule will need to obtain said access separate from the migration. 2023-10-12 17:12:40 -05:00
			`permissionsMap: make(map[int64]map[permissionHash]*folder.Folder),`
			`folderCache: make(map[int64]*folder.Folder),`
			`folderPermissionCache: make(map[string][]accesscontrol.ResourcePermission),`
Alerting: Move legacy alert migration from sqlstore migration to service (#72702) 2023-10-12 07:43:10 -05:00
			`state: &migmodels.OrgMigrationState{`
			`OrgID: orgID,`
			`CreatedFolders: make([]string, 0),`
			`},`
			`}`
			`}`

			`type AlertPair struct {`
			`AlertRule *models.AlertRule`
			`DashAlert *migrationStore.DashAlert`
			`}`