IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-12-01 13:09:22 -06:00
Code Issues Packages Projects Releases Wiki Activity
cb0bcb6fe4
grafana/pkg/services/ngalert/accesscontrol/fakes/rules.go

75 lines
3.1 KiB
Go
Raw Normal View History

Alerting: Alerting accesscontrol utilities (#84508) * create fake for accesscontrol.RuleService * make errAuthorizationGeneric public
2024-03-14 13:03:53 -05:00
package fakes
import (
"context"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/auth/identity"
"github.com/grafana/grafana/pkg/services/ngalert/models"
"github.com/grafana/grafana/pkg/services/ngalert/store"
)
type Call struct {
MethodName string
Arguments []interface{}
}
type FakeRuleService struct {
HasAccessFunc func(context.Context, identity.Requester, accesscontrol.Evaluator) (bool, error)
HasAccessOrErrorFunc func(context.Context, identity.Requester, accesscontrol.Evaluator, func() string) error
AuthorizeDatasourceAccessForRuleFunc func(context.Context, identity.Requester, *models.AlertRule) error
HasAccessToRuleGroupFunc func(context.Context, identity.Requester, models.RulesGroup) (bool, error)
AuthorizeAccessToRuleGroupFunc func(context.Context, identity.Requester, models.RulesGroup) error
AuthorizeRuleChangesFunc func(context.Context, identity.Requester, *store.GroupDelta) error
Calls []Call
}
func (s *FakeRuleService) HasAccess(ctx context.Context, user identity.Requester, evaluator accesscontrol.Evaluator) (bool, error) {
s.Calls = append(s.Calls, Call{"HasAccess", []interface{}{ctx, user, evaluator}})
if s.HasAccessFunc != nil {
return s.HasAccessFunc(ctx, user, evaluator)
}
return false, nil
}
func (s *FakeRuleService) HasAccessOrError(ctx context.Context, user identity.Requester, evaluator accesscontrol.Evaluator, action func() string) error {
s.Calls = append(s.Calls, Call{"HasAccessOrError", []interface{}{ctx, user, evaluator, action}})
if s.HasAccessOrErrorFunc != nil {
return s.HasAccessOrErrorFunc(ctx, user, evaluator, action)
}
return nil
}
func (s *FakeRuleService) AuthorizeDatasourceAccessForRule(ctx context.Context, user identity.Requester, rule *models.AlertRule) error {
s.Calls = append(s.Calls, Call{"AuthorizeDatasourceAccessForRule", []interface{}{ctx, user, rule}})
if s.AuthorizeDatasourceAccessForRuleFunc != nil {
return s.AuthorizeDatasourceAccessForRuleFunc(ctx, user, rule)
}
return nil
}
func (s *FakeRuleService) HasAccessToRuleGroup(ctx context.Context, user identity.Requester, rules models.RulesGroup) (bool, error) {
s.Calls = append(s.Calls, Call{"HasAccessToRuleGroup", []interface{}{ctx, user, rules}})
if s.HasAccessToRuleGroupFunc != nil {
return s.HasAccessToRuleGroupFunc(ctx, user, rules)
}
return false, nil
}
func (s *FakeRuleService) AuthorizeAccessToRuleGroup(ctx context.Context, user identity.Requester, rules models.RulesGroup) error {
Alerting: Update provisioning API to support regular permissions (#77007) * allow users with regular actions access provisioning API paths * update methods that read rules skip new authorization logic if user CanReadAllRules to avoid performance impact on file-provisioning update all methods to accept identity.Requester that contains all permissions and is required by access control. * create deltas for single rul e * update modify methods skip new authorization logic if user CanWriteAllRules to avoid performance impact on file-provisioning update all methods to accept identity.Requester that contains all permissions and is required by access control. * implement RuleAccessControlService in provisioning * update file provisioning user to have all permissions to bypass authz * update provisioning API to return errutil errors correctly --------- Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com>
2024-03-22 14:37:10 -05:00
s.Calls = append(s.Calls, Call{"AuthorizeRuleGroupRead", []interface{}{ctx, user, rules}})
Alerting: Alerting accesscontrol utilities (#84508) * create fake for accesscontrol.RuleService * make errAuthorizationGeneric public
2024-03-14 13:03:53 -05:00
if s.AuthorizeAccessToRuleGroupFunc != nil {
return s.AuthorizeAccessToRuleGroupFunc(ctx, user, rules)
}
return nil
}
func (s *FakeRuleService) AuthorizeRuleChanges(ctx context.Context, user identity.Requester, change *store.GroupDelta) error {
Alerting: Update provisioning API to support regular permissions (#77007) * allow users with regular actions access provisioning API paths * update methods that read rules skip new authorization logic if user CanReadAllRules to avoid performance impact on file-provisioning update all methods to accept identity.Requester that contains all permissions and is required by access control. * create deltas for single rul e * update modify methods skip new authorization logic if user CanWriteAllRules to avoid performance impact on file-provisioning update all methods to accept identity.Requester that contains all permissions and is required by access control. * implement RuleAccessControlService in provisioning * update file provisioning user to have all permissions to bypass authz * update provisioning API to return errutil errors correctly --------- Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com>
2024-03-22 14:37:10 -05:00
s.Calls = append(s.Calls, Call{"AuthorizeRuleGroupWrite", []interface{}{ctx, user, change}})
Alerting: Alerting accesscontrol utilities (#84508) * create fake for accesscontrol.RuleService * make errAuthorizationGeneric public
2024-03-14 13:03:53 -05:00
if s.AuthorizeRuleChangesFunc != nil {
return s.AuthorizeRuleChangesFunc(ctx, user, change)
}
return nil
}
Reference in New Issue Copy Permalink