public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f2f1663dba8a5f6884df19bebd2dbe61c831d8d5
grafana/pkg/services/sqlstore/migrations/ualert/receiver_scope_mig.go
T
Serge Zaitsev 694b9dfe50 Chore: Replace xorm.io/xorm imports (#104458) 
* replace xorm.io/xorm imports

* replace xorm from other go.mod files

* clean up workspace

* nolint does not make sense anymore as it is not a module

* try if nolint directive helps

* use nolint:all for xorm

* add more nolints

* try to skip xorm in linter config

* exclude xorm differently

* retrigger ci
2025-05-02 17:13:01 +02:00

50 lines
2.0 KiB
Go
Raw Blame History

package ualert
import (
"github.com/grafana/grafana/pkg/util/xorm"
"github.com/grafana/grafana/pkg/services/sqlstore/migrator"
)
const (
AlertingAddReceiverActionScopes = "Add scope to alert.notifications.receivers:read and alert.notifications.receivers.secrets:read"
)
// AddReceiverActionScopesMigration is a migration that will add scopes to alert.notifications.receivers:read and
// alert.notifications.receivers.secrets:read actions.
// Originally, they were created without any scope, but treated as if all actions were globally scoped.
// With the introduction of receiver FGAC, we need to scope these actions to UID so any existing roles should be updated
// to explicitly have the global scope.
func AddReceiverActionScopesMigration(mg *migrator.Migrator) {
mg.AddMigration(AlertingAddReceiverActionScopes, &addReceiverActionScopesMigrator{})
}
var _ migrator.CodeMigration = (*addReceiverActionScopesMigrator)(nil)
type addReceiverActionScopesMigrator struct {
migrator.MigrationBase
}
func (p addReceiverActionScopesMigrator) SQL(migrator.Dialect) string {
return codeMigration
}
func (p addReceiverActionScopesMigrator) Exec(sess *xorm.Session, migrator *migrator.Migrator) error {
// Vendored.
actionAlertingReceiversRead := "alert.notifications.receivers:read"
actionAlertingReceiversReadSecrets := "alert.notifications.receivers.secrets:read"
_, err := sess.Exec("UPDATE permission SET `scope` = 'receivers:*', `kind` = 'receivers', `attribute` = '*', `identifier` = '*' WHERE action = ?", actionAlertingReceiversRead)
if err != nil {
migrator.Logger.Error("Failed to update permissions for action", "action", actionAlertingReceiversRead, "error", err)
return err
}
_, err = sess.Exec("UPDATE permission SET `scope` = 'receivers:*', `kind` = 'receivers', `attribute` = '*', `identifier` = '*' WHERE action = ?", actionAlertingReceiversReadSecrets)
if err != nil {
migrator.Logger.Error("Failed to update permissions for action", "action", actionAlertingReceiversReadSecrets, "error", err)
return err
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink