[v11.2.x] MigrationAssistant: Restrict dashboards, folders and datasources by the org id of the signed in user (#96344)
apply security patch: v11.2.x/195-202410172117.patch
This commit is contained in:
lean.dev
GitHub
@@ -9,7 +9,6 @@ import (
|
||||
|
||||
"github.com/google/uuid"
|
||||
"github.com/grafana/grafana/pkg/api/routing"
|
||||
"github.com/grafana/grafana/pkg/components/simplejson"
|
||||
"github.com/grafana/grafana/pkg/infra/db"
|
||||
"github.com/grafana/grafana/pkg/infra/kvstore"
|
||||
"github.com/grafana/grafana/pkg/infra/tracing"
|
||||
@@ -31,7 +30,6 @@ import (
|
||||
"github.com/grafana/grafana/pkg/setting"
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/mock"
|
||||
"github.com/stretchr/testify/require"
|
||||
"go.opentelemetry.io/otel/sdk/trace/tracetest"
|
||||
)
|
||||
@@ -74,6 +72,7 @@ func Test_CreateGetRunMigrationsAndRuns(t *testing.T) {
|
||||
|
||||
cmd := cloudmigration.CloudMigrationSessionRequest{
|
||||
AuthToken: createTokenResp.Token,
|
||||
OrgID: 1,
|
||||
}
|
||||
|
||||
createResp, err := s.CreateSession(context.Background(), cmd)
|
||||
@@ -81,20 +80,20 @@ func Test_CreateGetRunMigrationsAndRuns(t *testing.T) {
|
||||
require.NotEmpty(t, createResp.UID)
|
||||
require.NotEmpty(t, createResp.Slug)
|
||||
|
||||
getMigResp, err := s.GetSession(context.Background(), createResp.UID)
|
||||
getMigResp, err := s.GetSession(context.Background(), 1, createResp.UID)
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, getMigResp)
|
||||
require.Equal(t, createResp.UID, getMigResp.UID)
|
||||
require.Equal(t, createResp.Slug, getMigResp.Slug)
|
||||
|
||||
listResp, err := s.GetSessionList(context.Background())
|
||||
listResp, err := s.GetSessionList(context.Background(), 1)
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, listResp)
|
||||
require.Equal(t, 1, len(listResp.Sessions))
|
||||
require.Equal(t, createResp.UID, listResp.Sessions[0].UID)
|
||||
require.Equal(t, createResp.Slug, listResp.Sessions[0].Slug)
|
||||
|
||||
runResp, err := s.RunMigration(ctxWithSignedInUser(), createResp.UID)
|
||||
runResp, err := s.RunMigration(ctxWithSignedInUser(), 1, createResp.UID)
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, runResp)
|
||||
resultItemsByType := make(map[string]int)
|
||||
@@ -375,22 +374,19 @@ func Test_OnlyQueriesStatusFromGMSWhenRequired(t *testing.T) {
|
||||
|
||||
func Test_DeletedDashboardsNotMigrated(t *testing.T) {
|
||||
s := setUpServiceTest(t, false).(*Service)
|
||||
|
||||
/** NOTE: this is not used at the moment since we changed the service
|
||||
|
||||
// modify what the mock returns for just this test case
|
||||
dashMock := s.dashboardService.(*dashboards.FakeDashboardService)
|
||||
dashMock.On("GetAllDashboards", mock.Anything).Return(
|
||||
[]*dashboards.Dashboard{
|
||||
{
|
||||
UID: "1",
|
||||
Data: simplejson.New(),
|
||||
},
|
||||
{
|
||||
UID: "2",
|
||||
Data: simplejson.New(),
|
||||
Deleted: time.Now(),
|
||||
},
|
||||
{UID: "1", OrgID: 1, Data: simplejson.New()},
|
||||
{UID: "2", OrgID: 1, Data: simplejson.New(), Deleted: time.Now()},
|
||||
},
|
||||
nil,
|
||||
)
|
||||
*/
|
||||
|
||||
data, err := s.getMigrationDataJSON(context.TODO(), &user.SignedInUser{OrgID: 1})
|
||||
assert.NoError(t, err)
|
||||
@@ -555,7 +551,7 @@ func TestDeleteSession(t *testing.T) {
|
||||
ctx, cancel := context.WithCancel(context.Background())
|
||||
t.Cleanup(cancel)
|
||||
|
||||
session, err := s.DeleteSession(ctx, "invalid-session-uid")
|
||||
session, err := s.DeleteSession(ctx, 2, "invalid-session-uid")
|
||||
require.Nil(t, session)
|
||||
require.Error(t, err)
|
||||
})
|
||||
@@ -570,6 +566,7 @@ func TestDeleteSession(t *testing.T) {
|
||||
|
||||
cmd := cloudmigration.CloudMigrationSessionRequest{
|
||||
AuthToken: createTokenResp.Token,
|
||||
OrgID: 3,
|
||||
}
|
||||
|
||||
createResp, err := s.CreateSession(ctx, cmd)
|
||||
@@ -577,12 +574,12 @@ func TestDeleteSession(t *testing.T) {
|
||||
require.NotEmpty(t, createResp.UID)
|
||||
require.NotEmpty(t, createResp.Slug)
|
||||
|
||||
deletedSession, err := s.DeleteSession(ctx, createResp.UID)
|
||||
deletedSession, err := s.DeleteSession(ctx, cmd.OrgID, createResp.UID)
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, deletedSession)
|
||||
require.Equal(t, deletedSession.UID, createResp.UID)
|
||||
|
||||
notFoundSession, err := s.GetSession(ctx, deletedSession.UID)
|
||||
notFoundSession, err := s.GetSession(ctx, cmd.OrgID, deletedSession.UID)
|
||||
require.ErrorIs(t, err, cloudmigration.ErrMigrationNotFound)
|
||||
require.Nil(t, notFoundSession)
|
||||
})
|
||||
@@ -638,7 +635,7 @@ func setUpServiceTest(t *testing.T, withDashboardMock bool) cloudmigration.Servi
|
||||
spanRecorder := tracetest.NewSpanRecorder()
|
||||
tracer := tracing.InitializeTracerForTest(tracing.WithSpanProcessor(spanRecorder))
|
||||
mockFolder := &foldertest.FakeService{
|
||||
ExpectedFolder: &folder.Folder{UID: "folderUID", Title: "Folder"},
|
||||
ExpectedFolder: &folder.Folder{UID: "folderUID", OrgID: 1, Title: "Folder"},
|
||||
}
|
||||
|
||||
cfg := setting.NewCfg()
|
||||
@@ -651,6 +648,7 @@ func setUpServiceTest(t *testing.T, withDashboardMock bool) cloudmigration.Servi
|
||||
cfg.CloudMigration.SnapshotFolder = filepath.Join(os.TempDir(), uuid.NewString())
|
||||
|
||||
dashboardService := dashboards.NewFakeDashboardService(t)
|
||||
/**
|
||||
if withDashboardMock {
|
||||
dashboardService.On("GetAllDashboards", mock.Anything).Return(
|
||||
[]*dashboards.Dashboard{
|
||||
@@ -662,14 +660,28 @@ func setUpServiceTest(t *testing.T, withDashboardMock bool) cloudmigration.Servi
|
||||
nil,
|
||||
)
|
||||
}
|
||||
*/
|
||||
|
||||
dsService := &datafakes.FakeDataSourceService{
|
||||
DataSources: []*datasources.DataSource{
|
||||
{Name: "mmm", Type: "mysql"},
|
||||
{Name: "ZZZ", Type: "infinity"},
|
||||
{Name: "mmm", OrgID: 1, Type: "mysql"},
|
||||
{Name: "ZZZ", OrgID: 1, Type: "infinity"},
|
||||
},
|
||||
}
|
||||
|
||||
// Insert test data for dashboard test, should be removed later
|
||||
_, err = sqlStore.GetSqlxSession().Exec(context.Background(), `
|
||||
INSERT INTO
|
||||
dashboard (id, org_id, data, deleted, slug, title, created, version, updated )
|
||||
VALUES
|
||||
(1, 1, '{}', null, 'asdf', 'ghjk', '2024-03-27 15:30:43.000' , '1','2024-03-27 15:30:43.000' ),
|
||||
(2, 1, '{}', '2024-03-27 15:30:43.000','qwert', 'yuio', '2024-03-27 15:30:43.000' , '2','2024-03-27 15:30:43.000'),
|
||||
(3, 2, '{}', null, 'asdf', 'ghjk', '2024-03-27 15:30:43.000' , '1','2024-03-27 15:30:43.000' ),
|
||||
(4, 2, '{}', '2024-03-27 15:30:43.000','qwert', 'yuio', '2024-03-27 15:30:43.000' , '2','2024-03-27 15:30:43.000');
|
||||
`,
|
||||
)
|
||||
require.NoError(t, err)
|
||||
|
||||
s, err := ProvideService(
|
||||
cfg,
|
||||
featuremgmt.WithFeatures(
|
||||
|
||||
Reference in New Issue
Block a user