RBAC: Rename alerting roles to match naming convention (#50504)

2025-02-25 18:55:37 -06:00 · 2022-06-09 14:29:27 +02:00
parent 7fad8d6171
commit 840a442796
2 changed files with 47 additions and 47 deletions
--- a/pkg/services/ngalert/accesscontrol.go
+++ b/pkg/services/ngalert/accesscontrol.go
@@ -14,9 +14,9 @@ var (
 		Role: accesscontrol.RoleDTO{
 			Name:        accesscontrol.FixedRolePrefix + "alerting.rules:reader",
 			DisplayName: "Rules Reader",
-			Description: "Can read alert rules in all Grafana folders and external providers",
+			Description: "Read alert rules in all Grafana folders and external providers",
 			Group:       AlertRolesGroup,
-			Version:     2,
+			Version:     3,
 			Permissions: []accesscontrol.Permission{
 				{
 					Action: accesscontrol.ActionAlertingRuleRead,
@@ -30,13 +30,13 @@ var (
 		},
 	}

-	rulesEditorRole = accesscontrol.RoleRegistration{
+	rulesWriterRole = accesscontrol.RoleRegistration{
 		Role: accesscontrol.RoleDTO{
-			Name:        accesscontrol.FixedRolePrefix + "alerting.rules:editor",
-			DisplayName: "Rules Editor",
-			Description: "Can add, update, and delete rules in any Grafana folder and external providers",
+			Name:        accesscontrol.FixedRolePrefix + "alerting.rules:writer",
+			DisplayName: "Rules Writer",
+			Description: "Add, update, and delete rules in any Grafana folder and external providers",
 			Group:       AlertRolesGroup,
-			Version:     3,
+			Version:     4,
 			Permissions: accesscontrol.ConcatPermissions(rulesReaderRole.Role.Permissions, []accesscontrol.Permission{
 				{
 					Action: accesscontrol.ActionAlertingRuleCreate,
@@ -62,9 +62,9 @@ var (
 		Role: accesscontrol.RoleDTO{
 			Name:        accesscontrol.FixedRolePrefix + "alerting.instances:reader",
 			DisplayName: "Instances and Silences Reader",
-			Description: "Can read instances and silences of Grafana and external providers",
+			Description: "Read instances and silences of Grafana and external providers",
 			Group:       AlertRolesGroup,
-			Version:     1,
+			Version:     2,
 			Permissions: []accesscontrol.Permission{
 				{
 					Action: accesscontrol.ActionAlertingInstanceRead,
@@ -78,13 +78,13 @@ var (
 		},
 	}

-	instancesEditorRole = accesscontrol.RoleRegistration{
+	instancesWriterRole = accesscontrol.RoleRegistration{
 		Role: accesscontrol.RoleDTO{
-			Name:        accesscontrol.FixedRolePrefix + "alerting.instances:editor",
-			DisplayName: "Silences Editor",
-			Description: "Can add and update silences in Grafana and external providers",
+			Name:        accesscontrol.FixedRolePrefix + "alerting.instances:writer",
+			DisplayName: "Silences Writer",
+			Description: "Add and update silences in Grafana and external providers",
 			Group:       AlertRolesGroup,
-			Version:     2,
+			Version:     3,
 			Permissions: accesscontrol.ConcatPermissions(instancesReaderRole.Role.Permissions, []accesscontrol.Permission{
 				{
 					Action: accesscontrol.ActionAlertingInstanceCreate,
@@ -104,9 +104,9 @@ var (
 		Role: accesscontrol.RoleDTO{
 			Name:        accesscontrol.FixedRolePrefix + "alerting.notifications:reader",
 			DisplayName: "Notifications Reader",
-			Description: "Can read notification policies and contact points in Grafana and external providers",
+			Description: "Read notification policies and contact points in Grafana and external providers",
 			Group:       AlertRolesGroup,
-			Version:     1,
+			Version:     2,
 			Permissions: []accesscontrol.Permission{
 				{
 					Action: accesscontrol.ActionAlertingNotificationsRead,
@@ -119,13 +119,13 @@ var (
 		},
 	}

-	notificationsEditorRole = accesscontrol.RoleRegistration{
+	notificationsWriterRole = accesscontrol.RoleRegistration{
 		Role: accesscontrol.RoleDTO{
-			Name:        accesscontrol.FixedRolePrefix + "alerting.notifications:editor",
-			DisplayName: "Notifications Editor",
-			Description: "Can add, update, and delete contact points and notification policies in Grafana and external providers",
+			Name:        accesscontrol.FixedRolePrefix + "alerting.notifications:writer",
+			DisplayName: "Notifications Writer",
+			Description: "Add, update, and delete contact points and notification policies in Grafana and external providers",
 			Group:       AlertRolesGroup,
-			Version:     2,
+			Version:     3,
 			Permissions: accesscontrol.ConcatPermissions(notificationsReaderRole.Role.Permissions, []accesscontrol.Permission{
 				{
 					Action: accesscontrol.ActionAlertingNotificationsWrite,
@@ -142,9 +142,9 @@ var (
 		Role: accesscontrol.RoleDTO{
 			Name:        accesscontrol.FixedRolePrefix + "alerting:reader",
 			DisplayName: "Full read-only access",
-			Description: "Can read alert rules, instances, silences, contact points, and notification policies in Grafana and all external providers",
+			Description: "Read alert rules, instances, silences, contact points, and notification policies in Grafana and all external providers",
 			Group:       AlertRolesGroup,
-			Version:     2,
+			Version:     3,
 			Permissions: accesscontrol.ConcatPermissions(rulesReaderRole.Role.Permissions, instancesReaderRole.Role.Permissions, notificationsReaderRole.Role.Permissions),
 		},
 		Grants: []string{string(models.ROLE_VIEWER)},
@@ -152,23 +152,23 @@ var (

 	alertingWriterRole = accesscontrol.RoleRegistration{
 		Role: accesscontrol.RoleDTO{
-			Name:        accesscontrol.FixedRolePrefix + "alerting:editor",
+			Name:        accesscontrol.FixedRolePrefix + "alerting:writer",
 			DisplayName: "Full access",
-			Description: "Can add,update and delete alert rules, instances, silences, contact points, and notification policies in Grafana and all external providers",
+			Description: "Add,update and delete alert rules, instances, silences, contact points, and notification policies in Grafana and all external providers",
 			Group:       AlertRolesGroup,
-			Version:     3,
-			Permissions: accesscontrol.ConcatPermissions(rulesEditorRole.Role.Permissions, instancesEditorRole.Role.Permissions, notificationsEditorRole.Role.Permissions),
+			Version:     4,
+			Permissions: accesscontrol.ConcatPermissions(rulesWriterRole.Role.Permissions, instancesWriterRole.Role.Permissions, notificationsWriterRole.Role.Permissions),
 		},
 		Grants: []string{string(models.ROLE_EDITOR), string(models.ROLE_ADMIN)},
 	}

-	alertingProvisioningRole = accesscontrol.RoleRegistration{
+	alertingProvisionerRole = accesscontrol.RoleRegistration{
 		Role: accesscontrol.RoleDTO{
-			Name:        accesscontrol.FixedRolePrefix + "alerting:provisioning",
+			Name:        accesscontrol.FixedRolePrefix + "alerting.provisioning:writer",
 			DisplayName: "Access to alert rules provisioning API",
-			Description: "Can manage all alert rules, contact points, notification policies, silences, etc. in the organization via provisioning API.",
+			Description: "Manage all alert rules, contact points, notification policies, silences, etc. in the organization via provisioning API.",
 			Group:       AlertRolesGroup,
-			Version:     1,
+			Version:     2,
 			Permissions: []accesscontrol.Permission{
 				{
 					Action: accesscontrol.ActionAlertingProvisioningRead, // organization scope
@@ -184,9 +184,9 @@ var (

 func DeclareFixedRoles(ac accesscontrol.AccessControl) error {
 	return ac.DeclareFixedRoles(
-		rulesReaderRole, rulesEditorRole,
-		instancesReaderRole, instancesEditorRole,
-		notificationsReaderRole, notificationsEditorRole,
-		alertingReaderRole, alertingWriterRole, alertingProvisioningRole,
+		rulesReaderRole, rulesWriterRole,
+		instancesReaderRole, instancesWriterRole,
+		notificationsReaderRole, notificationsWriterRole,
+		alertingReaderRole, alertingWriterRole, alertingProvisionerRole,
 	)
 }