public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

RBAC: Split non-empty scopes into kind, attribute and identifier fields for better search performance (#71933)

Browse Source 
* add a feature toggle

* add the fields for attribute, kind and identifier to permission

Co-authored-by: Kalle Persson <kalle.persson@grafana.com>

* set the new fields when new permissions are stored

* add migrations

Co-authored-by: Kalle Persson <kalle.persson@grafana.com>

* remove comments

* Update pkg/services/accesscontrol/migrator/migrator.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

* feedback: put column migrations behind the feature toggle, added an index, changed how wildcard scopes are split

* PR feedback: add a comment and revert an accidentally changed file

* PR feedback: handle the case with : in resource identifier

* switch from checking feature toggle through cfg to checking it through featuremgmt

* don't put the column migrations behind a feature toggle after all - this breaks permission queries from db

---------

Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
This commit is contained in:
Ieva
2023-07-21 15:23:01 +01:00
committed by GitHub
parent 59eb2f68b7
commit cfa1a2c55f
23 changed files with 179 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/services/sqlstore/migrations/accesscontrol/migrations.go
+16
View File
@@ -170,4 +170,20 @@ func AddMigration(mg *migrator.Migrator) {
mg.AddMigration("add column hidden to role table", migrator.NewAddColumnMigration(roleV1, &migrator.Column{
Name: "hidden", Type: migrator.DB_Bool, Nullable: false, Default: "0",
}))
mg.AddMigration("permission kind migration", migrator.NewAddColumnMigration(permissionV1, &migrator.Column{
Name: "kind", Type: migrator.DB_NVarchar, Length: 40, Default: "''",
}))
mg.AddMigration("permission attribute migration", migrator.NewAddColumnMigration(permissionV1, &migrator.Column{
Name: "attribute", Type: migrator.DB_NVarchar, Length: 40, Default: "''",
}))
mg.AddMigration("permission identifier migration", migrator.NewAddColumnMigration(permissionV1, &migrator.Column{
Name: "identifier", Type: migrator.DB_NVarchar, Length: 40, Default: "''",
}))
mg.AddMigration("add permission identifier index", migrator.NewAddIndexMigration(permissionV1, &migrator.Index{
Cols: []string{"identifier"},
}))
}