grafana

Commit Graph

Author	SHA1	Message	Date
Gabriel MABILLE	801fde02a7	`grafana-iam`: Implement `resourcepermission` creation (#110246 ) * Extract from #108753 Co-Authored-By: mohammad-hamid <mohammad.hamid@grafana.com> * Tackle create Co-Authored-By: mohammad-hamid <mohammad.hamid@grafana.com> * WIP use identity store to resolve role names * WIP * create role * Remove unecessary comments * comments * sql templates * test role insert tplt * Add tests 😅 * Test permission insert template * Test permission delete template * Test assignment_insert template * Manually test insertion * Remove delete permissions. This is a create case we don't have permissions for that resource * generate name handled by the apiserver library * Remove comment and conversion * Small renaming nits * changes from main * Add storage backend tests * Add test to sql * Test role contains a unique permission * linting * Account for pr feedback Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Reuse mappers * Move function to models * Add check between name and spec resource * Check if the resource does not already exist Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * fix query * Check basic roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Account for error * Make struct names consistent * Nit. I prefer createAndAssignManagedRole * Remove notifyign * log errors instead of returning them * Fix exist query join * Test errors * Remove dup --------- Co-authored-by: mohammad-hamid <mohammad.hamid@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>	2025-09-05 14:22:25 +02:00
mohammad-hamid	abcdf20105	`grafana-iam`: Implement `resourcepermission` get (#110256 ) * resource permissions get * address review feedback * address comments - read using rp name - narrow by scope and actionsets - update sql tests * align with verb simplification * keep original format to avoid conflicts * add sqltests * cleanup * Remove unecessary errors * Move query template to queries * Use splitN to make sure we have three parts * Revert user permission management for now. We don't need it * Revert error change * group permissions by resource * extract parse scope * Move sql_test * Move & test parseScope * Add tests to getResourcePermission * Linting * Use namespace * Add test to the backend * Ongoing tests * Remove pagination, fix query boolean, insert basic role binding * Linting * Straightened the created and updated times * error handling and uniformization with other backend * Restore comments to avoid later conflicts * Integration testing * switch to function, no need to make it a method * isServiceAccount should default to FALSE instead of TRUE :surprised: * PR feedback * Sort spec permissions * Shouldn't happen but double proofing --------- Co-authored-by: Gabriel Mabille <gabriel.mabille@grafana.com>	2025-09-04 17:14:15 +02:00

Author

SHA1

Message

Date

Gabriel MABILLE

801fde02a7

`grafana-iam`: Implement `resourcepermission` creation (#110246 )

* Extract from #108753

Co-Authored-By: mohammad-hamid <mohammad.hamid@grafana.com>

* Tackle create

Co-Authored-By: mohammad-hamid <mohammad.hamid@grafana.com>

* WIP use identity store to resolve role names

* WIP

* create role

* Remove unecessary comments

* comments

* sql templates

* test role insert tplt

* Add tests 😅

* Test permission insert template

* Test permission delete template

* Test assignment_insert template

* Manually test insertion

* Remove delete permissions. This is a create case we don't have permissions for that resource

* generate name handled by the apiserver library

* Remove comment and conversion

* Small renaming nits

* changes from main

* Add storage backend tests

* Add test to sql

* Test role contains a unique permission

* linting

* Account for pr feedback

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

* Reuse mappers

* Move function to models

* Add check between name and spec resource

* Check if the resource does not already exist

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

* fix query

* Check basic roles

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

* Account for error

* Make struct names consistent

* Nit. I prefer createAndAssignManagedRole

* Remove notifyign

* log errors instead of returning them

* Fix exist query join

* Test errors

* Remove dup

---------

Co-authored-by: mohammad-hamid <mohammad.hamid@grafana.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

2025-09-05 14:22:25 +02:00

mohammad-hamid

abcdf20105

`grafana-iam`: Implement `resourcepermission` get (#110256 )

* resource permissions get

* address review feedback

* address comments
- read using rp name
- narrow by scope and actionsets
- update sql tests

* align with verb simplification

* keep original format to avoid conflicts

* add sqltests

* cleanup

* Remove unecessary errors

* Move query template to queries

* Use splitN to make sure we have three parts

* Revert user permission management for now. We don't need it

* Revert error change

* group permissions by resource

* extract parse scope

* Move sql_test

* Move & test parseScope

* Add tests to getResourcePermission

* Linting

* Use namespace

* Add test to the backend

* Ongoing tests

* Remove pagination, fix query boolean, insert basic role binding

* Linting

* Straightened the created and updated times

* error handling and uniformization with other backend

* Restore comments to avoid later conflicts

* Integration testing

* switch to function, no need to make it a method

* isServiceAccount should default to FALSE instead of TRUE :surprised:

* PR feedback

* Sort spec permissions

* Shouldn't happen but double proofing

---------

Co-authored-by: Gabriel Mabille <gabriel.mabille@grafana.com>

2025-09-04 17:14:15 +02:00

2 Commits