public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f648781497dd5f3cf7bd0bde01ac54f8b97c1eb7
grafana/pkg/services/sqlstore/migrations/migrations.go
T
Ieva 534b23eb9d [v10.3.x] RBAC: Annotation permission migration (#81399) 
RBAC: Annotation permission migration (#78899)

* add annotation permissions to dashboard managed role and add migrations for annotation permissions

* fix a bug with conditional access level definitions

* add tests

* Update pkg/services/sqlstore/migrations/accesscontrol/dashboard_permissions.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

* apply feedback

* add batching, fix tests and a typo

* add one more test

* undo unneeded change

* undo unwanted change

* only check the default basic permissions for non-OSS instances

* account for all wildcards and simplify the check a bit

* error handling and extra conditionals to avoid test failures

* fix a bug with admin permissions not appearing for folders

* fix the OSS check

---------

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
(cherry picked from commit 048d1e7c86)
2024-01-26 22:28:25 +02:00

143 lines
4.7 KiB
Go
Raw Blame History

package migrations
import (
dashboardFolderMigrations "github.com/grafana/grafana/pkg/services/dashboards/database/migrations"
"github.com/grafana/grafana/pkg/services/featuremgmt"
"github.com/grafana/grafana/pkg/services/sqlstore/migrations/accesscontrol"
"github.com/grafana/grafana/pkg/services/sqlstore/migrations/anonservice"
"github.com/grafana/grafana/pkg/services/sqlstore/migrations/oauthserver"
"github.com/grafana/grafana/pkg/services/sqlstore/migrations/signingkeys"
"github.com/grafana/grafana/pkg/services/sqlstore/migrations/ssosettings"
"github.com/grafana/grafana/pkg/services/sqlstore/migrations/ualert"
. "github.com/grafana/grafana/pkg/services/sqlstore/migrator"
)
// --- Migration Guide line ---
// 1. Never change a migration that is committed and pushed to main
// 2. Always add new migrations (to change or undo previous migrations)
// 3. Some migrations are not yet written (rename column, table, drop table, index etc)
// 4. Putting migrations behind feature flags is no longer recommended as broken
// migrations may not be caught by integration tests unless feature flags are
// specifically added
type OSSMigrations struct {
}
func ProvideOSSMigrations() *OSSMigrations {
return &OSSMigrations{}
}
func (*OSSMigrations) AddMigration(mg *Migrator) {
mg.AddCreateMigration()
addUserMigrations(mg)
addTempUserMigrations(mg)
addStarMigrations(mg)
addOrgMigrations(mg)
addDashboardMigration(mg) // Do NOT add more migrations to this function.
addDataSourceMigration(mg)
addApiKeyMigrations(mg)
addDashboardSnapshotMigrations(mg)
addQuotaMigration(mg)
addAppSettingsMigration(mg)
addSessionMigration(mg)
addPlaylistMigrations(mg)
addPreferencesMigrations(mg)
addAlertMigrations(mg)
addAnnotationMig(mg)
addTestDataMigrations(mg)
addDashboardVersionMigration(mg)
addTeamMigrations(mg)
addDashboardACLMigrations(mg) // Do NOT add more migrations to this function.
addTagMigration(mg)
addLoginAttemptMigrations(mg)
addUserAuthMigrations(mg)
addServerlockMigrations(mg)
addUserAuthTokenMigrations(mg)
addCacheMigration(mg)
addShortURLMigrations(mg)
ualert.AddTablesMigrations(mg)
addLibraryElementsMigrations(mg)
ualert.FixEarlyMigration(mg)
addSecretsMigration(mg)
addKVStoreMigrations(mg)
ualert.AddDashboardUIDPanelIDMigration(mg)
accesscontrol.AddMigration(mg)
addQueryHistoryMigrations(mg)
accesscontrol.AddDisabledMigrator(mg)
accesscontrol.AddTeamMembershipMigrations(mg)
accesscontrol.AddDashboardPermissionsMigrator(mg)
accesscontrol.AddAlertingPermissionsMigrator(mg)
addQueryHistoryStarMigrations(mg)
addCorrelationsMigrations(mg)
addEntityEventsTableMigration(mg)
addPublicDashboardMigration(mg)
addDbFileStorageMigration(mg)
accesscontrol.AddManagedPermissionsMigration(mg, accesscontrol.ManagedPermissionsMigrationID)
accesscontrol.AddManagedFolderAlertActionsMigration(mg)
accesscontrol.AddActionNameMigrator(mg)
addPlaylistUIDMigration(mg)
ualert.UpdateRuleGroupIndexMigration(mg)
accesscontrol.AddManagedFolderAlertActionsRepeatMigration(mg)
accesscontrol.AddAdminOnlyMigration(mg)
accesscontrol.AddSeedAssignmentMigrations(mg)
accesscontrol.AddManagedFolderAlertActionsRepeatFixedMigration(mg)
accesscontrol.AddManagedFolderLibraryPanelActionsMigration(mg)
AddExternalAlertmanagerToDatasourceMigration(mg)
addFolderMigrations(mg)
// nolint:staticcheck
if mg.Cfg != nil && mg.Cfg.IsFeatureToggleEnabled != nil {
// nolint:staticcheck
if mg.Cfg.IsFeatureToggleEnabled(featuremgmt.FlagExternalServiceAuth) {
oauthserver.AddMigration(mg)
}
}
anonservice.AddMigration(mg)
signingkeys.AddMigration(mg)
ualert.MigrationServiceMigration(mg)
ualert.CreatedFoldersMigration(mg)
dashboardFolderMigrations.AddDashboardFolderMigrations(mg)
ssosettings.AddMigration(mg)
ualert.CreateOrgMigratedKVStoreEntries(mg)
// https://github.com/grafana/identity-access-team/issues/546: tracks removal of the feature toggle from the annotation permission migration
// nolint:staticcheck
if mg.Cfg != nil && mg.Cfg.IsFeatureToggleEnabled != nil {
// nolint:staticcheck
if mg.Cfg.IsFeatureToggleEnabled(featuremgmt.FlagAnnotationPermissionUpdate) {
accesscontrol.AddManagedDashboardAnnotationActionsMigration(mg)
}
}
}
func addStarMigrations(mg *Migrator) {
starV1 := Table{
Name: "star",
Columns: []*Column{
{Name: "id", Type: DB_BigInt, IsPrimaryKey: true, IsAutoIncrement: true},
{Name: "user_id", Type: DB_BigInt, Nullable: false},
{Name: "dashboard_id", Type: DB_BigInt, Nullable: false},
},
Indices: []*Index{
{Cols: []string{"user_id", "dashboard_id"}, Type: UniqueIndex},
},
}
mg.AddMigration("create star table", NewAddTableMigration(starV1))
mg.AddMigration("add unique index star.user_id_dashboard_id", NewAddIndexMigration(starV1, starV1.Indices[0]))
}
Reference in New Issue View Git Blame Copy Permalink