IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

SupportBundles: Add config enablement (#61776)

Browse Source 
* wip

* implement role middleware drop

* remove not implement feature

* change grants based on config

* Update pkg/services/supportbundles/supportbundlesimpl/models.go

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
This commit is contained in:
Jo 2023-01-20 08:59:15 +00:00 committed by GitHub
parent 9faab75668
commit caae4fd034
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 35 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
pkg/services/supportbundles/supportbundlesimpl/api.go
View File

@ -10,6 +10,7 @@ import (
"github.com/grafana/grafana/pkg/api/routing" "github.com/grafana/grafana/pkg/api/routing"
"github.com/grafana/grafana/pkg/middleware" "github.com/grafana/grafana/pkg/middleware"
"github.com/grafana/grafana/pkg/models" "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/models/roletype"
ac "github.com/grafana/grafana/pkg/services/accesscontrol" ac "github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/supportbundles" "github.com/grafana/grafana/pkg/services/supportbundles"
"github.com/grafana/grafana/pkg/web" "github.com/grafana/grafana/pkg/web"
@ -20,16 +21,21 @@ const rootUrl = "/api/support-bundles"
func (s *Service) registerAPIEndpoints(routeRegister routing.RouteRegister) { func (s *Service) registerAPIEndpoints(routeRegister routing.RouteRegister) {
authorize := ac.Middleware(s.accessControl) authorize := ac.Middleware(s.accessControl)
orgRoleMiddleware := middleware.ReqGrafanaAdmin
if !s.serverAdminOnly {
orgRoleMiddleware = middleware.RoleAuth(roletype.RoleAdmin)
}
routeRegister.Group(rootUrl, func(subrouter routing.RouteRegister) { routeRegister.Group(rootUrl, func(subrouter routing.RouteRegister) {
subrouter.Get("/", authorize(middleware.ReqGrafanaAdmin, subrouter.Get("/", authorize(orgRoleMiddleware,
ac.EvalPermission(ActionRead)), routing.Wrap(s.handleList)) ac.EvalPermission(ActionRead)), routing.Wrap(s.handleList))
subrouter.Post("/", authorize(middleware.ReqGrafanaAdmin, subrouter.Post("/", authorize(orgRoleMiddleware,
ac.EvalPermission(ActionCreate)), routing.Wrap(s.handleCreate)) ac.EvalPermission(ActionCreate)), routing.Wrap(s.handleCreate))
subrouter.Get("/:uid", authorize(middleware.ReqGrafanaAdmin, subrouter.Get("/:uid", authorize(orgRoleMiddleware,
ac.EvalPermission(ActionRead)), s.handleDownload) ac.EvalPermission(ActionRead)), s.handleDownload)
subrouter.Delete("/:uid", authorize(middleware.ReqGrafanaAdmin, subrouter.Delete("/:uid", authorize(orgRoleMiddleware,
ac.EvalPermission(ActionDelete)), s.handleRemove) ac.EvalPermission(ActionDelete)), s.handleRemove)
subrouter.Get("/collectors", authorize(middleware.ReqGrafanaAdmin, subrouter.Get("/collectors", authorize(orgRoleMiddleware,
ac.EvalPermission(ActionCreate)), routing.Wrap(s.handleGetCollectors)) ac.EvalPermission(ActionCreate)), routing.Wrap(s.handleGetCollectors))
}) })
} }

11
pkg/services/supportbundles/supportbundlesimpl/models.go
View File

@ -35,14 +35,19 @@ var (
} }
) )
func declareFixedRoles(ac accesscontrol.Service) error { func (s *Service) declareFixedRoles(ac accesscontrol.Service) error {
grants := []string{string(org.RoleAdmin), accesscontrol.RoleGrafanaAdmin}
if s.serverAdminOnly {
grants = []string{accesscontrol.RoleGrafanaAdmin}
}
bundleReader := accesscontrol.RoleRegistration{ bundleReader := accesscontrol.RoleRegistration{
Role: bundleReaderRole, Role: bundleReaderRole,
Grants: []string{string(org.RoleAdmin)}, Grants: grants,
} }
bundleWriter := accesscontrol.RoleRegistration{ bundleWriter := accesscontrol.RoleRegistration{
Role: bundleWriterRole, Role: bundleWriterRole,
Grants: []string{string(org.RoleAdmin)}, Grants: grants,
} }
return ac.DeclareFixedRoles(bundleWriter, bundleReader) return ac.DeclareFixedRoles(bundleWriter, bundleReader)

26
pkg/services/supportbundles/supportbundlesimpl/service.go
View File

@ -34,6 +34,9 @@ type Service struct {
log log.Logger log log.Logger
enabled bool
serverAdminOnly bool
collectors map[string]supportbundles.Collector collectors map[string]supportbundles.Collector
} }
@ -49,23 +52,26 @@ func ProvideService(cfg *setting.Cfg,
pluginSettings pluginsettings.Service, pluginSettings pluginsettings.Service,
features *featuremgmt.FeatureManager, features *featuremgmt.FeatureManager,
usageStats usagestats.Service) (*Service, error) { usageStats usagestats.Service) (*Service, error) {
section := cfg.SectionWithEnvOverrides("support_bundles")
s := &Service{ s := &Service{
cfg: cfg, cfg: cfg,
store: newStore(kvStore), store: newStore(kvStore),
pluginStore: pluginStore, pluginStore: pluginStore,
pluginSettings: pluginSettings, pluginSettings: pluginSettings,
accessControl: accessControl, accessControl: accessControl,
features: features, features: features,
log: log.New("supportbundle.service"), log: log.New("supportbundle.service"),
collectors: make(map[string]supportbundles.Collector), enabled: section.Key("enabled").MustBool(true),
serverAdminOnly: section.Key("server_admin_only").MustBool(true),
collectors: make(map[string]supportbundles.Collector),
} }
if !features.IsEnabled(featuremgmt.FlagSupportBundles) { if !features.IsEnabled(featuremgmt.FlagSupportBundles) || !s.enabled {
return s, nil return s, nil
} }
if !accessControl.IsDisabled() { if !accessControl.IsDisabled() {
if err := declareFixedRoles(accesscontrolService); err != nil { if err := s.declareFixedRoles(accesscontrolService); err != nil {
return nil, err return nil, err
} }
} }