-
Notifications
You must be signed in to change notification settings - Fork 11.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Alerting: Add RBAC logic for silences creation #87322
base: tmp/silence-with-metadata-TR
Are you sure you want to change the base?
Alerting: Add RBAC logic for silences creation #87322
Conversation
1559db5
to
0c06b39
Compare
0c06b39
to
6e3e441
Compare
/deploy-to-hg |
|
|
6e3e441
to
0d73340
Compare
5cdfad4
to
ec311c9
Compare
/deploy-to-hg |
|
|
// User may have selected an alertmanager elsewhere in the application that has then ended up being filtered out | ||
// In this case, we default back to Grafana AM | ||
const selectedValue = options.some((am) => am.value === selectedAlertmanager) | ||
? selectedAlertmanager | ||
: GRAFANA_RULES_SOURCE_NAME; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IIRC the user wouldn't see anything only if they have no access to either the internal AM or any external AMs.
With this change I believe we would be showing the Grafana AM even if they might not have access to it?
public/app/features/alerting/unified/components/rule-viewer/RuleViewer.tsx
Outdated
Show resolved
Hide resolved
public/app/features/alerting/unified/components/silences/SilenceDetails.tsx
Show resolved
Hide resolved
@@ -35,7 +35,7 @@ export const SilencedAlertsTableRow = ({ alert, className }: Props) => { | |||
<td> | |||
<AmAlertStateTag state={alert.status.state} /> | |||
</td> | |||
<td>for {duration} seconds</td> | |||
<td>for {duration}</td> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch! :D
return ( | ||
<> | ||
<Divider /> | ||
<SilenceDetails silence={data} /> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Much nicer!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes LGTM!
What is this feature?
Adds RBAC logic for Silences creation UI.
Note
Relies on the changes from #88000. This PR is targeting a version of that branch + latest from main (I will change to
main
once that PR is merged)Also relies on that PR changing the response structure so that it returns
accessControl
and notmetadata.permissions
When scoped in a role, will only allow silence creation for rules with the specific folder.
If the user has the global permissions (i.e. alert instances create), then they can create global silences (those that do not target a specific alert rule UID).
Custom role (replace
bdeymnpj3jhtse
with some folder UID from your environment):