IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-14 09:33:34 -06:00
Code Issues Packages Projects Releases Wiki Activity
5f48619c9a
grafana/pkg/services
History
Matthew Jacobson 5f48619c9a
Alerting: Handle custom dashboard permissions in migration service (#74504) 
* Fix migration of custom dashboard permissions

Dashboard alert permissions were determined by both its dashboard and
folder scoped permissions, while UA alert rules only have folder
scoped permissions.

This means, when migrating an alert, we'll need to decide if the parent folder
is a correct location for the newly created alert rule so that users, teams,
and org roles have the same access to it as they did in legacy.

To do this, we translate both the folder and dashboard resource
permissions to two sets of SetResourcePermissionCommands. Each of these
encapsulates a mapping of all:

OrgRoles -> Viewer/Editor/Admin
Teams -> Viewer/Editor/Admin
Users -> Viewer/Editor/Admin

When the dashboard permissions (including those inherited from the parent
folder) differ from the parent folder permissions alone, we need to create a
new folder to represent the access-level of the legacy dashboard.

Compromises:

When determining the SetResourcePermissionCommands we only take into account
managed and basic roles. Fixed and custom roles introduce significant complexity
and synchronicity hurdles. Instead, we log a warning they had the potential to
override the newly created folder permissions.

Also, we don't attempt to reconcile datasource permissions that were
not necessary in legacy alerting. Users without access to the necessary
datasources to edit an alert rule will need to obtain said access separate from
the migration.
2023-10-12 18:12:40 -04:00
..
accesscontrol LibraryPanels: Add RBAC support (#73475) 2023-10-12 00:30:50 +01:00
alerting Tracing: Standardize on otel tracing (#75528) 2023-10-03 14:54:20 +02:00
annotations Identity: Port snapshots and annotations to Requester (#76103) 2023-10-06 11:59:48 +02:00
anonymous Anon: Use xorm for anon service (#75964) 2023-10-04 17:19:56 +02:00
apikey Auth: Move apikey service from userSignedIn to identity.Requester interface (#74323) 2023-09-07 16:54:38 +01:00
auth Signingkeys: Add local cache (#76234) 2023-10-10 14:17:16 +02:00
authn Authn: Prevent empty username and email during sync (#76330) 2023-10-11 14:27:43 +02:00
caching Fixing typos (#70487) 2023-06-22 09:43:38 +01:00
cleanup Tracing: Standardize on otel tracing (#75528) 2023-10-03 14:54:20 +02:00
contexthandler Chore: Clean up the context handler (#75864) 2023-10-04 17:56:51 +02:00
correlations Identity: Unfurl OrgID in pkg/services to allow using identity.Requester interface (#76113) 2023-10-09 10:40:19 +02:00
dashboardimport Plugins: Move store and plugin dto to pluginsintegration (#74655) 2023-09-11 13:59:24 +02:00
dashboards Update origin annotation names (#76301) 2023-10-11 18:28:26 -04:00
dashboardsnapshots Identity: Port snapshots and annotations to Requester (#76103) 2023-10-06 11:59:48 +02:00
dashboardversion Chore: use any rather than interface{} (#74066) 2023-08-30 18:46:47 +03:00
datasourceproxy DatasourceProxy: Fix spelling (#75859) 2023-10-03 10:23:23 +02:00
datasources Chore: Rename testdata plugin with a fully qualified name (#75104) 2023-09-22 15:00:40 +03:00
encryption Chore: use any rather than interface{} (#74066) 2023-08-30 18:46:47 +03:00
extsvcauth AuthN: Add service account token generation to ExtSvcAccountsService (#76327) 2023-10-12 16:15:16 +02:00
featuremgmt Alerting: Add rules export on a folder level (#76016) 2023-10-12 20:17:32 +03:00
folder Revert "Nested Folders: Fix fetching a folder by title" (#76469) 2023-10-12 18:31:49 +03:00
grafana-apiserver K8s: Namespace parsing updates (default + stack-id) (#76310) 2023-10-12 21:34:50 +03:00
grpcserver Chore: make GPRCServerService private (#74612) 2023-09-08 12:44:18 -07:00
guardian Replace signed in user for identity.requester (#74048) 2023-08-30 16:51:18 +02:00
hooks Hooks: Remove AddLoginHook and RunLogin hooks (#73227) 2023-08-17 09:51:45 +02:00
kmsproviders Secrets: Make the Migrator extensible (#67307) 2023-06-19 23:44:01 +02:00
ldap AuthN: Change EnableDisabledUserHook to EnableUserHook (#75248) 2023-09-27 11:16:53 +02:00
libraryelements LibraryPanels: Add RBAC support (#73475) 2023-10-12 00:30:50 +01:00
librarypanels LibraryPanels: Add RBAC support (#73475) 2023-10-12 00:30:50 +01:00
licensing Chore: Clean up old navigation (#66287) 2023-04-14 09:43:11 +01:00
live Live: Allow setting the engine password (#76289) 2023-10-11 09:45:24 +01:00
login Chore: use any rather than interface{} (#74066) 2023-08-30 18:46:47 +03:00
loginattempt Chore: capitalise log message for auth packages (#74332) 2023-09-04 18:49:47 +02:00
navtree RBAC: Fix plugins pages access-control (#76321) 2023-10-12 10:46:43 +02:00
ngalert Alerting: Handle custom dashboard permissions in migration service (#74504) 2023-10-12 18:12:40 -04:00
notifications Chore: use any rather than interface{} (#74066) 2023-08-30 18:46:47 +03:00
oauthtoken Auth: OAuth token sync improvements (#75943) 2023-10-05 11:19:43 +02:00
org User: Support sort query param for user and org user, search endpoints (#75229) 2023-09-28 10:16:18 +02:00
playlist Playlist: Use a different go struct for sql service vs k8s (#76393) 2023-10-12 08:29:06 -07:00
plugindashboards Plugins: Move store and plugin dto to pluginsintegration (#74655) 2023-09-11 13:59:24 +02:00
pluginsintegration Plugins: Chore: Renamed instrumentation middleware to metrics middleware (#76186) 2023-10-11 12:42:32 +02:00
preference Teams: Move team API to own service (#76347) 2023-10-12 10:10:54 +02:00
provisioning Chore: Log failures during provisioning initialization (#75550) 2023-09-28 10:00:36 +03:00
publicdashboards PublicDashboards: Add validation deletion (#75336) 2023-10-11 11:59:13 +00:00
query Plugins: Set grafana config, plugin version and user agent on plugin requests (#75171) 2023-09-21 11:33:31 +02:00
queryhistory Chore: use any rather than interface{} (#74066) 2023-08-30 18:46:47 +03:00
quota Authn: Prevent empty username and email during sync (#76330) 2023-10-11 14:27:43 +02:00
rendering Chore: use any rather than interface{} (#74066) 2023-08-30 18:46:47 +03:00
screenshot Chore: use any rather than interface{} (#74066) 2023-08-30 18:46:47 +03:00
search User: Support sort query param for user and org user, search endpoints (#75229) 2023-09-28 10:16:18 +02:00
searchusers Team: Support sort query param for teams search endpoint (#75622) 2023-09-28 18:20:51 +03:00
searchV2 Identity: Unfurl OrgID in pkg/services to allow using identity.Requester interface (#76113) 2023-10-09 10:40:19 +02:00
secrets Auth: Signing Key persistence (#75487) 2023-10-04 10:37:27 +02:00
serviceaccounts Instrumentation: Set auth as owners for more routes (#75105) 2023-09-20 10:18:52 +02:00
shorturls Chore: Add errutils helpers (#73577) 2023-08-22 12:52:24 +02:00
signingkeys Siningkeys: Fix test setup (#76333) 2023-10-11 13:50:38 +02:00
sqlstore Alerting: Move legacy alert migration from sqlstore migration to service (#72702) 2023-10-12 13:43:10 +01:00
star Auth: Move star service to identity interface (#73114) 2023-08-10 17:17:27 +02:00
stats Chore: use any rather than interface{} (#74066) 2023-08-30 18:46:47 +03:00
store Playlist: Use a different go struct for sql service vs k8s (#76393) 2023-10-12 08:29:06 -07:00
supportbundles Plugins: Move store and plugin dto to pluginsintegration (#74655) 2023-09-11 13:59:24 +02:00
tag Annotations: Ignore unique constraint violations for tags (#65935) 2023-04-18 14:21:38 +02:00
team Teams: Move team API to own service (#76347) 2023-10-12 10:10:54 +02:00
temp_user Chore: use any rather than interface{} (#74066) 2023-08-30 18:46:47 +03:00
updatechecker Plugins: Move store and plugin dto to pluginsintegration (#74655) 2023-09-11 13:59:24 +02:00
user Authn: Prevent empty username and email during sync (#76330) 2023-10-11 14:27:43 +02:00
validations chore: move validations model into the validations service (#61953) 2023-01-23 15:10:14 -05:00