Alerting: Update rule access control to return errutil errors (#78284)

* update rule access control to return errutil errors * use alerting in msgID
2025-02-25 18:55:37 -06:00 · 2023-12-01 18:42:11 -05:00
parent 6644e5e676
commit 64feeddc23
12 changed files with 187 additions and 102 deletions
--- a/pkg/tests/api/alerting/api_alertmanager_test.go
+++ b/pkg/tests/api/alerting/api_alertmanager_test.go
@@ -1051,7 +1051,7 @@ func TestIntegrationAlertRuleCRUD(t *testing.T) {
 				}(),
 				expectedMessage: func() string {
 					if setting.IsEnterprise {
-						return "user is not authorized to create a new alert rule 'AlwaysFiring' because the user does not have read permissions for one or many datasources the rule uses"
+						return "user is not authorized to create a new alert rule 'AlwaysFiring'"
 					}
 					return "failed to update rule group: invalid alert rule 'AlwaysFiring': failed to build query 'A': data source not found"
 				}(),
@@ -2284,7 +2284,7 @@ func TestIntegrationEval(t *testing.T) {
 			},
 			expectedMessage: func() string {
 				if setting.IsEnterprise {
-					return "user is not authorized to query one or many data sources used by the rule"
+					return "user is not authorized to access one or many data sources"
 				}
 				return "Failed to build evaluator for queries and expressions: failed to build query 'A': data source not found"
 			},
--- a/pkg/tests/api/alerting/api_backtesting_test.go
+++ b/pkg/tests/api/alerting/api_backtesting_test.go
@@ -18,7 +18,6 @@ import (
 	apimodels "github.com/grafana/grafana/pkg/services/ngalert/api/tooling/definitions"
 	"github.com/grafana/grafana/pkg/services/org"
 	"github.com/grafana/grafana/pkg/services/user"
-	"github.com/grafana/grafana/pkg/setting"
 	"github.com/grafana/grafana/pkg/tests/testinfra"
 )

@@ -92,10 +91,6 @@ func TestBacktesting(t *testing.T) {
 	})

 	t.Run("if user does not have permissions", func(t *testing.T) {
-		if !setting.IsEnterprise {
-			t.Skip("Enterprise-only test")
-		}
-
 		testUserId := createUser(t, env.SQLStore, user.CreateUserCommand{
 			DefaultOrgRole: "",
 			Password:       "test",
@@ -128,7 +123,7 @@ func TestBacktesting(t *testing.T) {

 		t.Run("fail if can't query data sources", func(t *testing.T) {
 			status, body := testUserApiCli.SubmitRuleForBacktesting(t, queryRequest)
-			require.Contains(t, body, "user is not authorized to query one or many data sources used by the rule")
+			require.Contains(t, body, "user is not authorized to access rule group")
 			require.Equalf(t, http.StatusUnauthorized, status, "Response: %s", body)
 		})
 	})