mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
Karl Persson
GitHub
parent
64800f293e
commit
39d94eabcd
@ -32,10 +32,10 @@ func checkNilRequester(r Requester) bool {
|
||||
|
||||
const serviceName = "service"
|
||||
|
||||
// WithServiceIdentitiy sets creates an identity representing the service itself in provided org and store it in context.
|
||||
// WithServiceIdentity sets creates an identity representing the service itself in provided org and store it in context.
|
||||
// This is useful for background tasks that has to communicate with unfied storage. It also returns a Requester with
|
||||
// static permissions so it can be used in legacy code paths.
|
||||
func WithServiceIdentitiy(ctx context.Context, orgID int64) (context.Context, Requester) {
|
||||
func WithServiceIdentity(ctx context.Context, orgID int64) (context.Context, Requester) {
|
||||
r := &StaticRequester{
|
||||
Type: types.TypeAccessPolicy,
|
||||
Name: serviceName,
|
||||
|
||||
@ -39,7 +39,7 @@ func WithRequester(handler http.Handler) http.Handler {
|
||||
} else if ok && info.GetName() == user.APIServerUser ||
|
||||
slices.Contains(info.GetGroups(), user.SystemPrivilegedGroup) {
|
||||
// For system:apiserver we use the identity of the service itself
|
||||
ctx, _ = identity.WithServiceIdentitiy(ctx, 1)
|
||||
ctx, _ = identity.WithServiceIdentity(ctx, 1)
|
||||
req = req.WithContext(ctx)
|
||||
} else {
|
||||
klog.V(5).Info("unable to map the k8s user to grafana requester", "user", info)
|
||||
|
||||
@ -159,7 +159,7 @@ func legacyToUnifiedStorageDataSyncer(ctx context.Context, cfg *SyncerConfig) (b
|
||||
startSync := time.Now()
|
||||
|
||||
ctx = klog.NewContext(ctx, log)
|
||||
ctx, _ = identity.WithServiceIdentitiy(ctx, 0)
|
||||
ctx, _ = identity.WithServiceIdentity(ctx, 0)
|
||||
ctx = request.WithNamespace(ctx, cfg.RequestInfo.Namespace)
|
||||
ctx = request.WithRequestInfo(ctx, cfg.RequestInfo)
|
||||
|
||||
|
||||
@ -70,7 +70,7 @@ func folderTreeCollector(folderService folder.Service) legacyTupleCollector {
|
||||
ctx, span := tracer.Start(ctx, "accesscontrol.migrator.folderTreeCollector")
|
||||
defer span.End()
|
||||
|
||||
ctx, ident := identity.WithServiceIdentitiy(ctx, orgID)
|
||||
ctx, ident := identity.WithServiceIdentity(ctx, orgID)
|
||||
|
||||
q := folder.GetFoldersQuery{
|
||||
OrgID: orgID,
|
||||
|
||||
@ -118,7 +118,7 @@ func ProvideDashboardPermissions(
|
||||
ctx, span := tracer.Start(ctx, "accesscontrol.ossaccesscontrol.ProvideDashboardPermissions.ResourceValidator")
|
||||
defer span.End()
|
||||
|
||||
ctx, _ = identity.WithServiceIdentitiy(ctx, orgID)
|
||||
ctx, _ = identity.WithServiceIdentity(ctx, orgID)
|
||||
dashboard, err := getDashboard(ctx, orgID, resourceID)
|
||||
if err != nil {
|
||||
return err
|
||||
@ -131,7 +131,7 @@ func ProvideDashboardPermissions(
|
||||
return nil
|
||||
},
|
||||
InheritedScopesSolver: func(ctx context.Context, orgID int64, resourceID string) ([]string, error) {
|
||||
ctx, _ = identity.WithServiceIdentitiy(ctx, orgID)
|
||||
ctx, _ = identity.WithServiceIdentity(ctx, orgID)
|
||||
dashboard, err := getDashboard(ctx, orgID, resourceID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
||||
@ -99,7 +99,7 @@ func ProvideFolderPermissions(
|
||||
ctx, span := tracer.Start(ctx, "accesscontrol.ossaccesscontrol.ProvideFolderPermissions.ResourceValidator")
|
||||
defer span.End()
|
||||
|
||||
ctx, ident := identity.WithServiceIdentitiy(ctx, orgID)
|
||||
ctx, ident := identity.WithServiceIdentity(ctx, orgID)
|
||||
_, err := folderService.Get(ctx, &folder.GetFolderQuery{
|
||||
UID: &resourceID,
|
||||
OrgID: orgID,
|
||||
@ -124,7 +124,7 @@ func ProvideFolderPermissions(
|
||||
return nil
|
||||
},
|
||||
InheritedScopesSolver: func(ctx context.Context, orgID int64, resourceID string) ([]string, error) {
|
||||
ctx, _ = identity.WithServiceIdentitiy(ctx, orgID)
|
||||
ctx, _ = identity.WithServiceIdentity(ctx, orgID)
|
||||
return dashboards.GetInheritedScopes(ctx, orgID, resourceID, folderService)
|
||||
},
|
||||
Assignments: resourcepermissions.Assignments{
|
||||
|
||||
@ -155,7 +155,7 @@ func (dr *DashboardServiceImpl) Count(ctx context.Context, scopeParams *quota.Sc
|
||||
|
||||
total := int64(0)
|
||||
for _, org := range orgs {
|
||||
ctx, _ := identity.WithServiceIdentitiy(ctx, org.ID)
|
||||
ctx, _ := identity.WithServiceIdentity(ctx, org.ID)
|
||||
orgDashboards, err := dr.CountDashboardsInOrg(ctx, org.ID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@ -557,7 +557,7 @@ func (dr *DashboardServiceImpl) DeleteOrphanedProvisionedDashboards(ctx context.
|
||||
}
|
||||
|
||||
for _, org := range orgs {
|
||||
ctx, _ := identity.WithServiceIdentitiy(ctx, org.ID)
|
||||
ctx, _ := identity.WithServiceIdentity(ctx, org.ID)
|
||||
// find all dashboards in the org that have a file repo set that is not in the given readers list
|
||||
foundDashs, err := dr.searchProvisionedDashboardsThroughK8s(ctx, dashboards.FindPersistedDashboardsQuery{
|
||||
ProvisionedReposNotIn: cmd.ReaderNames,
|
||||
@ -658,7 +658,7 @@ func (dr *DashboardServiceImpl) SaveProvisionedDashboard(ctx context.Context, dt
|
||||
dto.Dashboard.Data.Set("refresh", dr.cfg.MinRefreshInterval)
|
||||
}
|
||||
|
||||
ctx, ident := identity.WithServiceIdentitiy(ctx, dto.OrgID)
|
||||
ctx, ident := identity.WithServiceIdentity(ctx, dto.OrgID)
|
||||
dto.User = ident
|
||||
|
||||
cmd, err := dr.BuildSaveDashboardCommand(ctx, dto, false)
|
||||
@ -698,7 +698,7 @@ func (dr *DashboardServiceImpl) SaveFolderForProvisionedDashboards(ctx context.C
|
||||
ctx, span := tracer.Start(ctx, "dashboards.service.SaveFolderForProvisionedDashboards")
|
||||
defer span.End()
|
||||
|
||||
ctx, ident := identity.WithServiceIdentitiy(ctx, dto.OrgID)
|
||||
ctx, ident := identity.WithServiceIdentity(ctx, dto.OrgID)
|
||||
dto.SignedInUser = ident
|
||||
|
||||
f, err := dr.folderService.Create(ctx, dto)
|
||||
@ -843,7 +843,7 @@ func (dr *DashboardServiceImpl) GetDashboardByPublicUid(ctx context.Context, das
|
||||
|
||||
// DeleteProvisionedDashboard removes dashboard from the DB even if it is provisioned.
|
||||
func (dr *DashboardServiceImpl) DeleteProvisionedDashboard(ctx context.Context, dashboardId int64, orgId int64) error {
|
||||
ctx, _ = identity.WithServiceIdentitiy(ctx, orgId)
|
||||
ctx, _ = identity.WithServiceIdentity(ctx, orgId)
|
||||
return dr.deleteDashboard(ctx, dashboardId, "", orgId, false)
|
||||
}
|
||||
|
||||
@ -925,7 +925,7 @@ func (dr *DashboardServiceImpl) UnprovisionDashboard(ctx context.Context, dashbo
|
||||
}
|
||||
|
||||
for _, org := range orgs {
|
||||
ctx, _ = identity.WithServiceIdentitiy(ctx, org.ID)
|
||||
ctx, _ = identity.WithServiceIdentity(ctx, org.ID)
|
||||
dash, err := dr.getDashboardThroughK8s(ctx, &dashboards.GetDashboardQuery{OrgID: org.ID, ID: dashboardId})
|
||||
if err != nil {
|
||||
// if we can't find it in this org, try the next one
|
||||
@ -1730,7 +1730,7 @@ type dashboardProvisioningWithUID struct {
|
||||
}
|
||||
|
||||
func (dr *DashboardServiceImpl) searchProvisionedDashboardsThroughK8s(ctx context.Context, query dashboards.FindPersistedDashboardsQuery) ([]*dashboardProvisioningWithUID, error) {
|
||||
ctx, _ = identity.WithServiceIdentitiy(ctx, query.OrgId)
|
||||
ctx, _ = identity.WithServiceIdentity(ctx, query.OrgId)
|
||||
|
||||
if query.ProvisionedRepo != "" {
|
||||
query.ProvisionedRepo = provisionedFileNameWithPrefix(query.ProvisionedRepo)
|
||||
|
||||
@ -250,7 +250,7 @@ func (l *LibraryElementService) deleteLibraryElement(c context.Context, signedIn
|
||||
}
|
||||
|
||||
// then find the dashboards that were supposed to be connected to this element
|
||||
_, requester := identity.WithServiceIdentitiy(c, signedInUser.GetOrgID())
|
||||
_, requester := identity.WithServiceIdentity(c, signedInUser.GetOrgID())
|
||||
dashs, err := l.dashboardsService.FindDashboards(c, &dashboards.FindPersistedDashboardsQuery{
|
||||
OrgId: signedInUser.GetOrgID(),
|
||||
DashboardIds: dashboardIDs,
|
||||
|
||||
@ -45,7 +45,7 @@ func (prov *defaultAlertRuleProvisioner) Provision(ctx context.Context,
|
||||
files []*AlertingFile) error {
|
||||
for _, file := range files {
|
||||
for _, group := range file.Groups {
|
||||
ctx, u := identity.WithServiceIdentitiy(ctx, group.OrgID)
|
||||
ctx, u := identity.WithServiceIdentity(ctx, group.OrgID)
|
||||
|
||||
folderUID, err := prov.getOrCreateFolderFullpath(ctx, group.FolderFullpath, group.OrgID)
|
||||
if err != nil {
|
||||
@ -121,7 +121,7 @@ func (prov *defaultAlertRuleProvisioner) getOrCreateFolderFullpath(
|
||||
|
||||
func (prov *defaultAlertRuleProvisioner) getOrCreateFolderByTitle(
|
||||
ctx context.Context, folderName string, orgID int64, parentUID *string) (string, error) {
|
||||
ctx, user := identity.WithServiceIdentitiy(ctx, orgID)
|
||||
ctx, user := identity.WithServiceIdentity(ctx, orgID)
|
||||
|
||||
cmd := &folder.GetFolderQuery{
|
||||
Title: &folderName,
|
||||
|
||||
@ -148,7 +148,7 @@ func (fr *FileReader) isDatabaseAccessRestricted() bool {
|
||||
// storeDashboardsInFolder saves dashboards from the filesystem on disk to the folder from config
|
||||
func (fr *FileReader) storeDashboardsInFolder(ctx context.Context, filesFoundOnDisk map[string]os.FileInfo,
|
||||
dashboardRefs map[string]*dashboards.DashboardProvisioning, usageTracker *usageTracker) error {
|
||||
ctx, _ = identity.WithServiceIdentitiy(ctx, fr.Cfg.OrgID)
|
||||
ctx, _ = identity.WithServiceIdentity(ctx, fr.Cfg.OrgID)
|
||||
|
||||
folderID, folderUID, err := fr.getOrCreateFolder(ctx, fr.Cfg, fr.dashboardProvisioningService, fr.Cfg.Folder)
|
||||
if err != nil && !errors.Is(err, ErrFolderNameMissing) {
|
||||
@ -180,7 +180,7 @@ func (fr *FileReader) storeDashboardsInFoldersFromFileStructure(ctx context.Cont
|
||||
folderName = filepath.Base(dashboardsFolder)
|
||||
}
|
||||
|
||||
ctx, _ = identity.WithServiceIdentitiy(ctx, fr.Cfg.OrgID)
|
||||
ctx, _ = identity.WithServiceIdentity(ctx, fr.Cfg.OrgID)
|
||||
folderID, folderUID, err := fr.getOrCreateFolder(ctx, fr.Cfg, fr.dashboardProvisioningService, folderName)
|
||||
if err != nil && !errors.Is(err, ErrFolderNameMissing) {
|
||||
return fmt.Errorf("%w with name %q from file system structure: %w", ErrGetOrCreateFolder, folderName, err)
|
||||
|
||||
@ -411,7 +411,7 @@ func TestDashboardFileReader(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
|
||||
ctx := context.Background()
|
||||
ctx, _ = identity.WithServiceIdentitiy(ctx, 1)
|
||||
ctx, _ = identity.WithServiceIdentity(ctx, 1)
|
||||
_, _, err = r.getOrCreateFolder(ctx, cfg, fakeService, cfg.Folder)
|
||||
require.NoError(t, err)
|
||||
})
|
||||
@ -433,7 +433,7 @@ func TestDashboardFileReader(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
|
||||
ctx := context.Background()
|
||||
ctx, _ = identity.WithServiceIdentitiy(ctx, 1)
|
||||
ctx, _ = identity.WithServiceIdentity(ctx, 1)
|
||||
_, _, err = r.getOrCreateFolder(ctx, cfg, fakeService, cfg.Folder)
|
||||
require.ErrorIs(t, err, dashboards.ErrFolderInvalidUID)
|
||||
})
|
||||
|
||||
@ -56,7 +56,7 @@ func TestDuplicatesValidator(t *testing.T) {
|
||||
const folderName = "duplicates-validator-folder"
|
||||
|
||||
ctx := context.Background()
|
||||
ctx, _ = identity.WithServiceIdentitiy(ctx, 1)
|
||||
ctx, _ = identity.WithServiceIdentity(ctx, 1)
|
||||
|
||||
fakeStore := &fakeDashboardStore{}
|
||||
r, err := NewDashboardFileReader(cfg, logger, nil, fakeStore, folderSvc)
|
||||
@ -115,7 +115,7 @@ func TestDuplicatesValidator(t *testing.T) {
|
||||
const folderName = "duplicates-validator-folder"
|
||||
|
||||
ctx := context.Background()
|
||||
ctx, _ = identity.WithServiceIdentitiy(ctx, 1)
|
||||
ctx, _ = identity.WithServiceIdentity(ctx, 1)
|
||||
|
||||
fakeStore := &fakeDashboardStore{}
|
||||
r, err := NewDashboardFileReader(cfg, logger, nil, fakeStore, folderSvc)
|
||||
@ -221,7 +221,7 @@ func TestDuplicatesValidator(t *testing.T) {
|
||||
duplicates := duplicateValidator.getDuplicates()
|
||||
|
||||
ctx := context.Background()
|
||||
ctx, _ = identity.WithServiceIdentitiy(ctx, 1)
|
||||
ctx, _ = identity.WithServiceIdentity(ctx, 1)
|
||||
|
||||
r, err := NewDashboardFileReader(cfg, logger, nil, fakeStore, folderSvc)
|
||||
require.NoError(t, err)
|
||||
|
||||
@ -44,7 +44,7 @@ type sqlStatsService struct {
|
||||
func (ss *sqlStatsService) getDashboardCount(ctx context.Context, orgs []*org.OrgDTO) (int64, error) {
|
||||
count := int64(0)
|
||||
for _, org := range orgs {
|
||||
ctx, _ = identity.WithServiceIdentitiy(ctx, org.ID)
|
||||
ctx, _ = identity.WithServiceIdentity(ctx, org.ID)
|
||||
dashsCount, err := ss.dashSvc.CountDashboardsInOrg(ctx, org.ID)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
@ -58,7 +58,7 @@ func (ss *sqlStatsService) getDashboardCount(ctx context.Context, orgs []*org.Or
|
||||
func (ss *sqlStatsService) getTagCount(ctx context.Context, orgs []*org.OrgDTO) (int64, error) {
|
||||
total := 0
|
||||
for _, org := range orgs {
|
||||
ctx, _ = identity.WithServiceIdentitiy(ctx, org.ID)
|
||||
ctx, _ = identity.WithServiceIdentity(ctx, org.ID)
|
||||
tags, err := ss.dashSvc.GetDashboardTags(ctx, &dashboards.GetDashboardTagsQuery{
|
||||
OrgID: org.ID,
|
||||
})
|
||||
@ -74,7 +74,7 @@ func (ss *sqlStatsService) getTagCount(ctx context.Context, orgs []*org.OrgDTO)
|
||||
func (ss *sqlStatsService) getFolderCount(ctx context.Context, orgs []*org.OrgDTO) (int64, error) {
|
||||
total := 0
|
||||
for _, org := range orgs {
|
||||
ctx, ident := identity.WithServiceIdentitiy(ctx, org.ID)
|
||||
ctx, ident := identity.WithServiceIdentity(ctx, org.ID)
|
||||
folders, err := ss.folderSvc.GetFolders(ctx, folder.GetFoldersQuery{
|
||||
OrgID: org.ID,
|
||||
SignedInUser: ident,
|
||||
|
||||
@ -16,7 +16,7 @@ func TestIDTokenExtractor(t *testing.T) {
|
||||
assert.Empty(t, token)
|
||||
})
|
||||
t.Run("should return an empty token when grafana identity is set", func(t *testing.T) {
|
||||
ctx, _ := identity.WithServiceIdentitiy(context.Background(), 0)
|
||||
ctx, _ := identity.WithServiceIdentity(context.Background(), 0)
|
||||
token, err := idTokenExtractor(ctx)
|
||||
assert.NoError(t, err)
|
||||
assert.Empty(t, token)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user