From 03e6bd4b006a0ffcb39e0ede42f492f65ef5ed96 Mon Sep 17 00:00:00 2001 From: Yasmin T Date: Tue, 17 Sep 2024 10:42:41 +0300 Subject: [PATCH 1/2] DEV-46158 - Allow editors to manage alerting provisioning (#42) **What is this feature?** In grafana 10 we have RBAC (role-based access control) enabled For some reason the alerting provisioning apis has permissions for Admins only. Since in logz for all the users are Editor in their organization (and only the system admin has Admin role), we need to fix so that the Editor role will also have write permissions for alerts api, otherwise they are unable to use provisioning API. **Why do we need this feature?** We want users to be able to use the provisioning API so they need the proper access with their existing roles --- pkg/services/ngalert/accesscontrol.go | 2 +- .../api/alerting/api_provisioning_test.go | 36 ++++++++++++------- 2 files changed, 25 insertions(+), 13 deletions(-) diff --git a/pkg/services/ngalert/accesscontrol.go b/pkg/services/ngalert/accesscontrol.go index 31fe1bdc8941f..44e3cf2141730 100644 --- a/pkg/services/ngalert/accesscontrol.go +++ b/pkg/services/ngalert/accesscontrol.go @@ -181,7 +181,7 @@ var ( }, }, }, - Grants: []string{string(org.RoleAdmin)}, + Grants: []string{string(org.RoleEditor), string(org.RoleAdmin)}, // LOGZ.IO GRAFANA CHANGE :: DEV-46158 - Allow editors to manage alerting provisioning } alertingProvisioningReaderWithSecretsRole = accesscontrol.RoleRegistration{ diff --git a/pkg/tests/api/alerting/api_provisioning_test.go b/pkg/tests/api/alerting/api_provisioning_test.go index c0f7e6a48084a..6b804ef55724d 100644 --- a/pkg/tests/api/alerting/api_provisioning_test.go +++ b/pkg/tests/api/alerting/api_provisioning_test.go @@ -108,15 +108,17 @@ func TestIntegrationProvisioning(t *testing.T) { require.Equal(t, 403, resp.StatusCode) }) - t.Run("editor GET should 403", func(t *testing.T) { + // LOGZ.IO GRAFANA CHANGE :: DEV-46158 - Allow editors to manage alerting provisioning + t.Run("editor GET should succeed", func(t *testing.T) { req := createTestRequest("GET", url, "editor", "") resp, err := http.DefaultClient.Do(req) require.NoError(t, err) require.NoError(t, resp.Body.Close()) - require.Equal(t, 403, resp.StatusCode) + require.Equal(t, 200, resp.StatusCode) }) + // LOGZ.IO GRAFANA CHANGE :: End t.Run("admin GET should succeed", func(t *testing.T) { req := createTestRequest("GET", url, "admin", "") @@ -148,15 +150,17 @@ func TestIntegrationProvisioning(t *testing.T) { require.Equal(t, 403, resp.StatusCode) }) - t.Run("editor PUT should 403", func(t *testing.T) { + // LOGZ.IO GRAFANA CHANGE :: DEV-46158 - Allow editors to manage alerting provisioning + t.Run("editor PUT should succeed", func(t *testing.T) { req := createTestRequest("PUT", url, "editor", body) resp, err := http.DefaultClient.Do(req) require.NoError(t, err) require.NoError(t, resp.Body.Close()) - require.Equal(t, 403, resp.StatusCode) + require.Equal(t, 202, resp.StatusCode) }) + // LOGZ.IO GRAFANA CHANGE :: End t.Run("admin PUT should succeed", func(t *testing.T) { req := createTestRequest("PUT", url, "admin", body) @@ -200,15 +204,17 @@ func TestIntegrationProvisioning(t *testing.T) { require.Equal(t, 403, resp.StatusCode) }) - t.Run("editor GET should 403", func(t *testing.T) { + // LOGZ.IO GRAFANA CHANGE :: DEV-46158 - Allow editors to manage alerting provisioning + t.Run("editor GET should succeed", func(t *testing.T) { req := createTestRequest("GET", url, "editor", "") resp, err := http.DefaultClient.Do(req) require.NoError(t, err) require.NoError(t, resp.Body.Close()) - require.Equal(t, 403, resp.StatusCode) + require.Equal(t, 200, resp.StatusCode) }) + // LOGZ.IO GRAFANA CHANGE :: End t.Run("admin GET should succeed", func(t *testing.T) { req := createTestRequest("GET", url, "admin", "") @@ -240,15 +246,17 @@ func TestIntegrationProvisioning(t *testing.T) { require.Equal(t, 403, resp.StatusCode) }) - t.Run("editor POST should 403", func(t *testing.T) { + // LOGZ.IO GRAFANA CHANGE :: DEV-46158 - Allow editors to manage alerting provisioning + t.Run("editor POST should succeed", func(t *testing.T) { req := createTestRequest("POST", url, "editor", body) resp, err := http.DefaultClient.Do(req) require.NoError(t, err) require.NoError(t, resp.Body.Close()) - require.Equal(t, 403, resp.StatusCode) + require.Equal(t, 202, resp.StatusCode) }) + // LOGZ.IO GRAFANA CHANGE :: End t.Run("admin POST should succeed", func(t *testing.T) { req := createTestRequest("POST", url, "admin", body) @@ -284,15 +292,17 @@ func TestIntegrationProvisioning(t *testing.T) { require.Equal(t, 403, resp.StatusCode) }) - t.Run("editor GET should 403", func(t *testing.T) { + // LOGZ.IO GRAFANA CHANGE :: DEV-46158 - Allow editors to manage alerting provisioning + t.Run("editor GET should succeed", func(t *testing.T) { req := createTestRequest("GET", url, "editor", "") resp, err := http.DefaultClient.Do(req) require.NoError(t, err) require.NoError(t, resp.Body.Close()) - require.Equal(t, 403, resp.StatusCode) + require.Equal(t, 200, resp.StatusCode) }) + // LOGZ.IO GRAFANA CHANGE :: End t.Run("admin GET should succeed", func(t *testing.T) { req := createTestRequest("GET", url, "admin", "") @@ -328,15 +338,17 @@ func TestIntegrationProvisioning(t *testing.T) { require.Equal(t, 403, resp.StatusCode) }) - t.Run("editor GET should 403", func(t *testing.T) { + // LOGZ.IO GRAFANA CHANGE :: DEV-46158 - Allow editors to manage alerting provisioning + t.Run("editor GET should succeed", func(t *testing.T) { req := createTestRequest("GET", url, "editor", "") resp, err := http.DefaultClient.Do(req) require.NoError(t, err) require.NoError(t, resp.Body.Close()) - require.Equal(t, 403, resp.StatusCode) + require.Equal(t, 200, resp.StatusCode) }) + // LOGZ.IO GRAFANA CHANGE :: End t.Run("admin GET should succeed", func(t *testing.T) { req := createTestRequest("GET", url, "admin", "") From 63db2525326911bb34205d98f7c3dfabd91766da Mon Sep 17 00:00:00 2001 From: Yasmin T Date: Tue, 17 Sep 2024 11:21:56 +0300 Subject: [PATCH 2/2] DEV-46512 - Add LogzioHeaders in Elasticsearch Plugin Resource API (#39) **What is this feature?** When calling elasticsearch plugin resource api for queries , we also need to add the LogzHeaders for queries to logz datasource to work. This is from flow of using logs datasource types in Grafana Dashboards. In the Alerting and Explore other APIs are used that were already added the Logz Headers , so this is another place that was missing. **Why do we need this feature?** For supporting logs datasources of logzio --- pkg/tsdb/elasticsearch/elasticsearch.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkg/tsdb/elasticsearch/elasticsearch.go b/pkg/tsdb/elasticsearch/elasticsearch.go index bc9138c657692..9be05a2ef15e3 100644 --- a/pkg/tsdb/elasticsearch/elasticsearch.go +++ b/pkg/tsdb/elasticsearch/elasticsearch.go @@ -6,6 +6,7 @@ import ( "encoding/json" "errors" "fmt" + "github.com/grafana/grafana/pkg/models" // LOGZ.IO GRAFANA CHANGE :: DEV-43889 - Add headers for logzio datasources support "io" "net/http" "net/url" @@ -225,6 +226,13 @@ func (s *Service) CallResource(ctx context.Context, req *backend.CallResourceReq logger.Debug("Sending request to Elasticsearch", "resourcePath", req.Path) start := time.Now() + + // LOGZ.IO GRAFANA CHANGE :: DEV-43889 - Add headers for logzio datasources support + logzIoHeaders := &models.LogzIoHeaders{RequestHeaders: req.Headers} + request.Header = logzIoHeaders.GetDatasourceQueryHeaders(request.Header) + request.Header.Set("Content-Type", "application/json") + logger.Debug("request details", "headers", request.Header, "url", request.URL.String()) + // LOGZ.IO GRAFANA CHANGE :: End response, err := ds.HTTPClient.Do(request) if err != nil { status := "error"