IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

RBAC: Add cache for oss rbac permissions (#55098)

Browse Source 
* RBAC: Add cache for oss permissions

* RBAC: include service account actions

* RBAC: revert changes to fetch service account permissions

* Update comment for setting

* RBAC: Disable permission chache for tests
This commit is contained in:
Karl Persson
2022-09-14 09:13:10 +02:00
committed by GitHub
parent 716bdde3f6
commit 870929b463
6 changed files with 81 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
pkg/services/accesscontrol/ossaccesscontrol/permissions_services.go
View File

@@ -258,6 +258,20 @@ func (e DatasourcePermissionsService) MapActions(permission accesscontrol.Resour
return ""
}
var (
ServiceAccountEditActions = []string{
serviceaccounts.ActionRead,
serviceaccounts.ActionWrite,
}
ServiceAccountAdminActions = []string{
serviceaccounts.ActionRead,
serviceaccounts.ActionWrite,
serviceaccounts.ActionDelete,
serviceaccounts.ActionPermissionsRead,
serviceaccounts.ActionPermissionsWrite,
}
)
type ServiceAccountPermissionsService struct {
*resourcepermissions.Service
}
@@ -283,8 +297,8 @@ func ProvideServiceAccountPermissions(
BuiltInRoles: false,
},
PermissionsToActions: map[string][]string{
"Edit": {serviceaccounts.ActionRead, serviceaccounts.ActionWrite},
"Admin": {serviceaccounts.ActionRead, serviceaccounts.ActionWrite, serviceaccounts.ActionDelete, serviceaccounts.ActionPermissionsRead, serviceaccounts.ActionPermissionsWrite},
"Edit": ServiceAccountEditActions,
"Admin": ServiceAccountAdminActions,
},
ReaderRoleName: "Service account permission reader",
WriterRoleName: "Service account permission writer",