IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

reload permissions after create folder (#51288)

Browse Source
This commit is contained in:
Yuriy Tseretyan
2022-06-27 09:31:49 -04:00
committed by GitHub
parent 24790fdf57
commit 4a9872d108
5 changed files with 20 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/tests/api/alerting/api_alertmanager_test.go
View File

@@ -479,7 +479,6 @@ func TestAlertAndGroupsQuery(t *testing.T) {
{ {
// Create the namespace we'll save our alerts to. // Create the namespace we'll save our alerts to.
apiClient.CreateFolder(t, "default", "default") apiClient.CreateFolder(t, "default", "default")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
} }
// Create an alert that will fire as quickly as possible // Create an alert that will fire as quickly as possible
@@ -580,7 +579,6 @@ func TestRulerAccess(t *testing.T) {
// Create the namespace we'll save our alerts to. // Create the namespace we'll save our alerts to.
client.CreateFolder(t, "default", "default") client.CreateFolder(t, "default", "default")
reloadCachedPermissions(t, grafanaListedAddr, "editor", "editor")
// Now, let's test the access policies. // Now, let's test the access policies.
testCases := []struct { testCases := []struct {
@@ -691,7 +689,6 @@ func TestDeleteFolderWithRules(t *testing.T) {
// Create the namespace we'll save our alerts to. // Create the namespace we'll save our alerts to.
namespaceUID := "default" namespaceUID := "default"
apiClient.CreateFolder(t, namespaceUID, namespaceUID) apiClient.CreateFolder(t, namespaceUID, namespaceUID)
reloadCachedPermissions(t, grafanaListedAddr, "editor", "editor")
createRule(t, apiClient, "default") createRule(t, apiClient, "default")
@@ -846,7 +843,6 @@ func TestAlertRuleCRUD(t *testing.T) {
// Create the namespace we'll save our alerts to. // Create the namespace we'll save our alerts to.
apiClient.CreateFolder(t, "default", "default") apiClient.CreateFolder(t, "default", "default")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
interval, err := model.ParseDuration("1m") interval, err := model.ParseDuration("1m")
require.NoError(t, err) require.NoError(t, err)
@@ -1886,7 +1882,6 @@ func TestQuota(t *testing.T) {
apiClient := newAlertingApiClient(grafanaListedAddr, "grafana", "password") apiClient := newAlertingApiClient(grafanaListedAddr, "grafana", "password")
// Create the namespace we'll save our alerts to. // Create the namespace we'll save our alerts to.
apiClient.CreateFolder(t, "default", "default") apiClient.CreateFolder(t, "default", "default")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
interval, err := model.ParseDuration("1m") interval, err := model.ParseDuration("1m")
require.NoError(t, err) require.NoError(t, err)

1
pkg/tests/api/alerting/api_notification_channel_test.go
View File

@@ -758,7 +758,6 @@ func TestNotificationChannels(t *testing.T) {
{ {
// Create the namespace we'll save our alerts to. // Create the namespace we'll save our alerts to.
apiClient.CreateFolder(t, "default", "default") apiClient.CreateFolder(t, "default", "default")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
// Post the alertmanager config. // Post the alertmanager config.
u := fmt.Sprintf("http://grafana:password@%s/api/alertmanager/grafana/config/api/v1/alerts", grafanaListedAddr) u := fmt.Sprintf("http://grafana:password@%s/api/alertmanager/grafana/config/api/v1/alerts", grafanaListedAddr)

21
pkg/tests/api/alerting/api_prometheus_test.go
View File

@@ -45,7 +45,6 @@ func TestPrometheusRules(t *testing.T) {
// Create the namespace we'll save our alerts to. // Create the namespace we'll save our alerts to.
apiClient.CreateFolder(t, "default", "default") apiClient.CreateFolder(t, "default", "default")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
interval, err := model.ParseDuration("10s") interval, err := model.ParseDuration("10s")
require.NoError(t, err) require.NoError(t, err)
@@ -340,7 +339,6 @@ func TestPrometheusRulesFilterByDashboard(t *testing.T) {
// Create the namespace we'll save our alerts to. // Create the namespace we'll save our alerts to.
dashboardUID := "default" dashboardUID := "default"
apiClient.CreateFolder(t, dashboardUID, dashboardUID) apiClient.CreateFolder(t, dashboardUID, dashboardUID)
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
interval, err := model.ParseDuration("10s") interval, err := model.ParseDuration("10s")
require.NoError(t, err) require.NoError(t, err)
@@ -642,8 +640,6 @@ func TestPrometheusRulesPermissions(t *testing.T) {
// Create the namespace we'll save our alerts to. // Create the namespace we'll save our alerts to.
apiClient.CreateFolder(t, "folder2", "folder2") apiClient.CreateFolder(t, "folder2", "folder2")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
// Create rule under folder1 // Create rule under folder1
createRule(t, apiClient, "folder1") createRule(t, apiClient, "folder1")
@@ -678,7 +674,7 @@ func TestPrometheusRulesPermissions(t *testing.T) {
// remove permissions from folder2 // remove permissions from folder2
removeFolderPermission(t, permissionsStore, 1, userID, models.ROLE_EDITOR, "folder2") removeFolderPermission(t, permissionsStore, 1, userID, models.ROLE_EDITOR, "folder2")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password") apiClient.ReloadCachedPermissions(t)
// make sure that folder2 is not included in the response // make sure that folder2 is not included in the response
{ {
@@ -703,7 +699,7 @@ func TestPrometheusRulesPermissions(t *testing.T) {
// remove permissions from folder1 // remove permissions from folder1
removeFolderPermission(t, permissionsStore, 1, userID, models.ROLE_EDITOR, "folder1") removeFolderPermission(t, permissionsStore, 1, userID, models.ROLE_EDITOR, "folder1")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password") apiClient.ReloadCachedPermissions(t)
// make sure that no folders are included in the response // make sure that no folders are included in the response
{ {
@@ -729,19 +725,6 @@ func TestPrometheusRulesPermissions(t *testing.T) {
} }
} }
func reloadCachedPermissions(t *testing.T, addr, login, password string) {
t.Helper()
u := fmt.Sprintf("http://%s:%s@%s/api/access-control/user/permissions?reloadcache=true", login, password, addr)
// nolint:gosec
resp, err := http.Get(u)
t.Cleanup(func() {
require.NoError(t, resp.Body.Close())
})
require.NoError(t, err)
require.Equal(t, http.StatusOK, resp.StatusCode)
}
func removeFolderPermission(t *testing.T, store *acdb.AccessControlStore, orgID, userID int64, role models.RoleType, uid string) { func removeFolderPermission(t *testing.T, store *acdb.AccessControlStore, orgID, userID int64, role models.RoleType, uid string) {
t.Helper() t.Helper()
// remove user permissions on folder // remove user permissions on folder

10
pkg/tests/api/alerting/api_ruler_test.go
View File

@@ -47,8 +47,6 @@ func TestAlertRulePermissions(t *testing.T) {
// Create the namespace we'll save our alerts to. // Create the namespace we'll save our alerts to.
apiClient.CreateFolder(t, "folder2", "folder2") apiClient.CreateFolder(t, "folder2", "folder2")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
// Create rule under folder1 // Create rule under folder1
createRule(t, apiClient, "folder1") createRule(t, apiClient, "folder1")
@@ -178,7 +176,7 @@ func TestAlertRulePermissions(t *testing.T) {
// remove permissions from folder2 // remove permissions from folder2
removeFolderPermission(t, permissionsStore, 1, userID, models.ROLE_EDITOR, "folder2") removeFolderPermission(t, permissionsStore, 1, userID, models.ROLE_EDITOR, "folder2")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password") apiClient.ReloadCachedPermissions(t)
// make sure that folder2 is not included in the response // make sure that folder2 is not included in the response
// nolint:gosec // nolint:gosec
@@ -252,7 +250,7 @@ func TestAlertRulePermissions(t *testing.T) {
// Remove permissions from folder1. // Remove permissions from folder1.
removeFolderPermission(t, permissionsStore, 1, userID, models.ROLE_EDITOR, "folder1") removeFolderPermission(t, permissionsStore, 1, userID, models.ROLE_EDITOR, "folder1")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password") apiClient.ReloadCachedPermissions(t)
{ {
u := fmt.Sprintf("http://grafana:password@%s/api/ruler/grafana/api/v1/rules", grafanaListedAddr) u := fmt.Sprintf("http://grafana:password@%s/api/ruler/grafana/api/v1/rules", grafanaListedAddr)
// nolint:gosec // nolint:gosec
@@ -405,8 +403,6 @@ func TestRulerRulesFilterByDashboard(t *testing.T) {
// Create the namespace under default organisation (orgID = 1) where we'll save our alerts to. // Create the namespace under default organisation (orgID = 1) where we'll save our alerts to.
apiClient.CreateFolder(t, "default", "default") apiClient.CreateFolder(t, "default", "default")
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
interval, err := model.ParseDuration("10s") interval, err := model.ParseDuration("10s")
require.NoError(t, err) require.NoError(t, err)
@@ -742,8 +738,6 @@ func TestRuleGroupSequence(t *testing.T) {
folder1Title := "folder1" folder1Title := "folder1"
client.CreateFolder(t, util.GenerateShortUID(), folder1Title) client.CreateFolder(t, util.GenerateShortUID(), folder1Title)
reloadCachedPermissions(t, grafanaListedAddr, "grafana", "password")
group1 := generateAlertRuleGroup(5, alertRuleGen()) group1 := generateAlertRuleGroup(5, alertRuleGen())
group2 := generateAlertRuleGroup(5, alertRuleGen()) group2 := generateAlertRuleGroup(5, alertRuleGen())

17
pkg/tests/api/alerting/testing.go
View File

@@ -171,7 +171,21 @@ func newAlertingApiClient(host, user, pass string) apiClient {
return apiClient{url: fmt.Sprintf("http://%s:%s@%s", user, pass, host)} return apiClient{url: fmt.Sprintf("http://%s:%s@%s", user, pass, host)}
} }
// CreateFolder creates a folder for storing our alerts under. // ReloadCachedPermissions sends a request to access control API to refresh cached user permissions
func (a apiClient) ReloadCachedPermissions(t *testing.T) {
t.Helper()
u := fmt.Sprintf("%s/api/access-control/user/permissions?reloadcache=true", a.url)
// nolint:gosec
resp, err := http.Get(u)
defer func() {
_ = resp.Body.Close()
}()
require.NoErrorf(t, err, "failed to reload permissions cache")
require.Equalf(t, http.StatusOK, resp.StatusCode, "failed to reload permissions cache")
}
// CreateFolder creates a folder for storing our alerts, and then refreshes the permission cache to make sure that following requests will be accepted
func (a apiClient) CreateFolder(t *testing.T, uID string, title string) { func (a apiClient) CreateFolder(t *testing.T, uID string, title string) {
t.Helper() t.Helper()
payload := fmt.Sprintf(`{"uid": "%s","title": "%s"}`, uID, title) payload := fmt.Sprintf(`{"uid": "%s","title": "%s"}`, uID, title)
@@ -184,6 +198,7 @@ func (a apiClient) CreateFolder(t *testing.T, uID string, title string) {
}() }()
require.NoError(t, err) require.NoError(t, err)
assert.Equal(t, http.StatusOK, resp.StatusCode) assert.Equal(t, http.StatusOK, resp.StatusCode)
a.ReloadCachedPermissions(t)
} }
func (a apiClient) PostRulesGroup(t *testing.T, folder string, group *apimodels.PostableRuleGroupConfig) (int, string) { func (a apiClient) PostRulesGroup(t *testing.T, folder string, group *apimodels.PostableRuleGroupConfig) (int, string) {