IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Alerting: Add RBAC actions and role for provisioning API routes (#50459)

Browse Source 
* add alert provisioning actions and role

* linter
This commit is contained in:
Yuriy Tseretyan
2022-06-09 03:18:57 -04:00
committed by GitHub
parent b5615a1a18
commit 54fa04263b
5 changed files with 39 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
pkg/services/ngalert/accesscontrol.go
View File

@@ -161,6 +161,25 @@ var (
},
Grants: []string{string(models.ROLE_EDITOR), string(models.ROLE_ADMIN)},
}
alertingProvisioningRole = accesscontrol.RoleRegistration{
Role: accesscontrol.RoleDTO{
Name: accesscontrol.FixedRolePrefix + "alerting:provisioning",
DisplayName: "Access to alert rules provisioning API",
Description: "Can manage all alert rules, contact points, notification policies, silences, etc. in the organization via provisioning API.",
Group: AlertRolesGroup,
Version: 1,
Permissions: []accesscontrol.Permission{
{
Action: accesscontrol.ActionAlertingProvisioningRead, // organization scope
},
{
Action: accesscontrol.ActionAlertingProvisioningWrite, // organization scope
},
},
},
Grants: []string{string(models.ROLE_ADMIN)},
}
)
func DeclareFixedRoles(ac accesscontrol.AccessControl) error {
@@ -168,6 +187,6 @@ func DeclareFixedRoles(ac accesscontrol.AccessControl) error {
rulesReaderRole, rulesEditorRole,
instancesReaderRole, instancesEditorRole,
notificationsReaderRole, notificationsEditorRole,
alertingReaderRole, alertingWriterRole,
alertingReaderRole, alertingWriterRole, alertingProvisioningRole,
)
}