IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-11-29 12:14:08 -06:00
Code Issues Packages Projects Releases Wiki Activity

fix scope for datasource:query action (#46973)

Browse Source
This commit is contained in:
Yuriy Tseretyan 2022-03-29 09:58:59 -04:00 committed by GitHub
parent 3bcee53478
commit c1dbe7617c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/services/ngalert/api/api_ruler_test.go
View File

@ -15,7 +15,6 @@ import (
models2 "github.com/grafana/grafana/pkg/models" models2 "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/accesscontrol" "github.com/grafana/grafana/pkg/services/accesscontrol"
acMock "github.com/grafana/grafana/pkg/services/accesscontrol/mock" acMock "github.com/grafana/grafana/pkg/services/accesscontrol/mock"
"github.com/grafana/grafana/pkg/services/dashboards"
"github.com/grafana/grafana/pkg/services/datasources" "github.com/grafana/grafana/pkg/services/datasources"
"github.com/grafana/grafana/pkg/services/ngalert/models" "github.com/grafana/grafana/pkg/services/ngalert/models"
"github.com/grafana/grafana/pkg/services/ngalert/schedule" "github.com/grafana/grafana/pkg/services/ngalert/schedule"
@ -426,7 +425,7 @@ func TestRouteDeleteAlertRules(t *testing.T) {
for _, rule := range rulesInFolder { for _, rule := range rulesInFolder {
for _, query := range rule.Data { for _, query := range rule.Data {
permissions = append(permissions, &accesscontrol.Permission{ permissions = append(permissions, &accesscontrol.Permission{
Action: datasources.ActionQuery, Scope: dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID), Action: datasources.ActionQuery, Scope: datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID),
}) })
} }
} }
@ -459,7 +458,7 @@ func TestRouteDeleteAlertRules(t *testing.T) {
for _, rule := range authorizedRulesInFolder { for _, rule := range authorizedRulesInFolder {
for _, query := range rule.Data { for _, query := range rule.Data {
permissions = append(permissions, &accesscontrol.Permission{ permissions = append(permissions, &accesscontrol.Permission{
Action: datasources.ActionQuery, Scope: dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID), Action: datasources.ActionQuery, Scope: datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID),
}) })
} }
} }
@ -494,7 +493,7 @@ func TestRouteDeleteAlertRules(t *testing.T) {
for _, rule := range authorizedRulesInGroup { for _, rule := range authorizedRulesInGroup {
for _, query := range rule.Data { for _, query := range rule.Data {
permissions = append(permissions, &accesscontrol.Permission{ permissions = append(permissions, &accesscontrol.Permission{
Action: datasources.ActionQuery, Scope: dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID), Action: datasources.ActionQuery, Scope: datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID),
}) })
} }
} }

2
pkg/services/ngalert/api/authorization.go
View File

@ -194,7 +194,7 @@ func authorizeDatasourceAccessForRule(rule *ngmodels.AlertRule, evaluator func(e
if query.QueryType == expr.DatasourceType || query.DatasourceUID == expr.OldDatasourceUID { if query.QueryType == expr.DatasourceType || query.DatasourceUID == expr.OldDatasourceUID {
continue continue
} }
if !evaluator(ac.EvalPermission(datasources.ActionQuery, dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID))) { if !evaluator(ac.EvalPermission(datasources.ActionQuery, datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID))) {
return false return false
} }
} }

10
pkg/services/ngalert/api/authorization_test.go
View File

@ -91,7 +91,7 @@ func TestAuthorizeRuleChanges(t *testing.T) {
var scopes []string var scopes []string
for _, rule := range c.New { for _, rule := range c.New {
for _, query := range rule.Data { for _, query := range rule.Data {
scopes = append(scopes, dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID)) scopes = append(scopes, datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID))
} }
} }
return map[string][]string{ return map[string][]string{
@ -126,7 +126,7 @@ func TestAuthorizeRuleChanges(t *testing.T) {
var scopes []string var scopes []string
for _, update := range c.Update { for _, update := range c.Update {
for _, query := range update.New.Data { for _, query := range update.New.Data {
scopes = append(scopes, dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID)) scopes = append(scopes, datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID))
} }
} }
@ -164,7 +164,7 @@ func TestAuthorizeRuleChanges(t *testing.T) {
var scopes []string var scopes []string
for _, update := range c.Update { for _, update := range c.Update {
for _, query := range update.New.Data { for _, query := range update.New.Data {
scopes = append(scopes, dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID)) scopes = append(scopes, datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID))
} }
} }
return map[string][]string{ return map[string][]string{
@ -221,7 +221,7 @@ func TestAuthorizeRuleDelete(t *testing.T) {
var scopes []string var scopes []string
for _, rule := range rules { for _, rule := range rules {
for _, query := range rule.Data { for _, query := range rule.Data {
scopes = append(scopes, dashboards.ScopeFoldersProvider.GetResourceScopeUID(query.DatasourceUID)) scopes = append(scopes, datasources.ScopeProvider.GetResourceScopeUID(query.DatasourceUID))
} }
} }
return scopes return scopes
@ -375,7 +375,7 @@ func TestCheckDatasourcePermissionsForRule(t *testing.T) {
expectedExecutions := rand.Intn(3) + 2 expectedExecutions := rand.Intn(3) + 2
for i := 0; i < expectedExecutions; i++ { for i := 0; i < expectedExecutions; i++ {
q := models.GenerateAlertQuery() q := models.GenerateAlertQuery()
scopes = append(scopes, dashboards.ScopeFoldersProvider.GetResourceScopeUID(q.DatasourceUID)) scopes = append(scopes, datasources.ScopeProvider.GetResourceScopeUID(q.DatasourceUID))
data = append(data, q) data = append(data, q)
} }