IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

RBAC: Make uid for managed role names deterministic during migrations (#56620)

Browse Source 
* RBAC: Change the generate uid function to be deterministic so we can avoid collision

* RBAC: Use fmt.Errorf

* RBAC: Add comment

* RBAC: Export GenerateManagedRoleUID
This commit is contained in:
Karl Persson 2022-10-17 12:15:20 +02:00 committed by GitHub
parent ecc252429e
commit 21792fdf37
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/services/sqlstore/migrations/accesscontrol/managed_permission_migrator.go
View File

@ -106,7 +106,7 @@ func (sp *managedPermissionMigrator) Exec(sess *xorm.Session, mg *migrator.Migra
}
if !ok {
uid, err := generateNewRoleUID(sess, orgID)
uid, err := GenerateManagedRoleUID(orgID, managedRole)
if err != nil {
return err
}

27
pkg/services/sqlstore/migrations/accesscontrol/permission_migrator.go
View File

@ -10,7 +10,6 @@ import (
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/sqlstore/migrator"
"github.com/grafana/grafana/pkg/util"
)
var (
@ -137,11 +136,10 @@ func (m *permissionMigrator) createRoles(roles []*accesscontrol.Role) ([]*access
args := make([]interface{}, 0, len(roles)*5)
for i, r := range roles {
uid, err := generateNewRoleUID(m.sess, r.OrgID)
uid, err := GenerateManagedRoleUID(r.OrgID, r.Name)
if err != nil {
return nil, err
}
valueStrings[i] = "(?, ?, ?, 1, ?, ?)"
args = append(args, r.OrgID, uid, r.Name, ts, ts)
}
@ -165,11 +163,10 @@ func (m *permissionMigrator) createRolesMySQL(roles []*accesscontrol.Role) ([]*a
args := make([]interface{}, 0, len(roles)*2)
for i := range roles {
uid, err := generateNewRoleUID(m.sess, roles[i].OrgID)
uid, err := GenerateManagedRoleUID(roles[i].OrgID, roles[i].Name)
if err != nil {
return nil, err
}
roles[i].UID = uid
roles[i].Created = ts
roles[i].Updated = ts
@ -210,19 +207,11 @@ func batch(count, batchSize int, eachFn func(start, end int) error) error {
return nil
}
func generateNewRoleUID(sess *xorm.Session, orgID int64) (string, error) {
for i := 0; i < 3; i++ {
uid := util.GenerateShortUID()
exists, err := sess.Where("org_id=? AND uid=?", orgID, uid).Get(&accesscontrol.Role{})
if err != nil {
return "", err
}
if !exists {
return uid, nil
}
// GenerateManagedRoleUID generated a deterministic uid of the form `managed_{org_id}_{type}_{id}`.
func GenerateManagedRoleUID(orgID int64, name string) (string, error) {
parts := strings.Split(name, ":")
if len(parts) != 4 {
return "", fmt.Errorf("unexpected role name: %s", name)
}
return "", fmt.Errorf("failed to generate uid")
return fmt.Sprintf("managed_%d_%s_%s", orgID, parts[1], parts[2]), nil
}