-
Notifications
You must be signed in to change notification settings - Fork 11.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Alerting: Fix deleting rules in a folder with matching UID in another organization #78258
Alerting: Fix deleting rules in a folder with matching UID in another organization #78258
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM from a code perspective. Do you need help testing this?
return err | ||
} | ||
if alertRulesInFolder > 0 { | ||
return folder.ErrFolderContainsAlertRules.Errorf("") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should Errorf("")
have a message here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not necessary because Errorf argument changes the private message and log messages. Whereas the public message gets returned to the user here
grafana/pkg/api/response/response.go
Lines 272 to 274 in e4d1fdc
resp := JSON(grafanaErr.Reason.Status().HTTPStatus(), grafanaErr.Public()) | |
resp.errMessage = string(grafanaErr.Reason.Status()) | |
resp.err = grafanaErr |
Anyway, I think we can return just folder.ErrFolderContainsAlertRules
because errutil.Base
implements the Error
interface.
As a side note, I think we should add method Error
to the errutil.Base
so we can get just a plain simple errutil.Error
and avoid controversial Errorf("")
.
@@ -16,6 +16,7 @@ var ErrDatabaseError = errutil.Internal("folder.database-error") | |||
var ErrInternal = errutil.Internal("folder.internal") | |||
var ErrCircularReference = errutil.BadRequest("folder.circular-reference", errutil.WithPublicMessage("Circular reference detected")) | |||
var ErrTargetRegistrySrvConflict = errutil.Internal("folder.target-registry-srv-conflict") | |||
var ErrFolderContainsAlertRules = errutil.BadRequest("folder.contains-alert-rules", errutil.WithPublicMessage("Folder cannot be deleted: folder contains alert rules")) | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if it would be better to have msgID more generic "folder.non-empty". It's simpler to change the public message than msgId.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed in a869362
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The change looks good. However, there is one missing piece in this flow: the service should validate that user has permissions to delete alert rules in this folder, i.e. action alert.rules:delete
. We can add it to the folder service for now and later move to the service that will be wrapper for the DbStore.
…elete-remove-obsolete-function
I think I have addressed all the review suggestions: you can check once again |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested and everything works fine. The only problem is that the 403 response does not have much info about why user access was denied but I think we can address it later.
LGTM!
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new branch
git switch --create backport-78258-to-v10.1.x origin/v10.1.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x 6d4625ad52b2e2ad3b2b88e394f69e8fde83c04b When the conflicts are resolved, stage and commit the changes:
If you have the GitHub CLI installed: # Push the branch to GitHub:
git push --set-upstream origin backport-78258-to-v10.1.x
# Create the PR body template
PR_BODY=$(gh pr view 78258 --json body --template 'Backport 6d4625ad52b2e2ad3b2b88e394f69e8fde83c04b from #78258{{ "\n\n---\n\n" }}{{ index . "body" }}')
# Create the PR on GitHub
echo "${PR_BODY}" | gh pr create --title "[v10.1.x] Alerting: Fix deleting rules in a folder with matching UID in another organization" --body-file - --label "type/bug" --label "area/backend" --label "add to changelog" --label "backport" --base v10.1.x --milestone 10.1.x --web Or, if you don't have the GitHub CLI installed (we recommend you install it!): # Push the branch to GitHub:
git push --set-upstream origin backport-78258-to-v10.1.x
# Create a pull request where the `base` branch is `v10.1.x` and the `compare`/`head` branch is `backport-78258-to-v10.1.x`.
# Remove the local backport branch
git switch main
git branch -D backport-78258-to-v10.1.x |
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new branch
git switch --create backport-78258-to-v10.2.x origin/v10.2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x 6d4625ad52b2e2ad3b2b88e394f69e8fde83c04b When the conflicts are resolved, stage and commit the changes:
If you have the GitHub CLI installed: # Push the branch to GitHub:
git push --set-upstream origin backport-78258-to-v10.2.x
# Create the PR body template
PR_BODY=$(gh pr view 78258 --json body --template 'Backport 6d4625ad52b2e2ad3b2b88e394f69e8fde83c04b from #78258{{ "\n\n---\n\n" }}{{ index . "body" }}')
# Create the PR on GitHub
echo "${PR_BODY}" | gh pr create --title "[v10.2.x] Alerting: Fix deleting rules in a folder with matching UID in another organization" --body-file - --label "type/bug" --label "area/backend" --label "add to changelog" --label "backport" --base v10.2.x --milestone 10.2.x --web Or, if you don't have the GitHub CLI installed (we recommend you install it!): # Push the branch to GitHub:
git push --set-upstream origin backport-78258-to-v10.2.x
# Create a pull request where the `base` branch is `v10.2.x` and the `compare`/`head` branch is `backport-78258-to-v10.2.x`.
# Remove the local backport branch
git switch main
git branch -D backport-78258-to-v10.2.x |
What is this feature?
The deleteFolderAlertRules() function that is declared inside dashboard service has become obsolete since #67259 (alert rules get deleted here using DeleteInFolder()) but it was still got called.
Unfortunately, this function doesn't take into account the
org_id
. As a result:folder cannot be deleted: folder contains alert rules
forceDeleteRules=true
would wrongly delete alert rules with matching folder (namespace_uid) UID in another organization (with alerts)Why do we need this feature?
It fixes the above issues by removing the obsolete call.
Who is this feature for?
[Add information on what kind of user the feature is for.]
Which issue(s) does this PR fix?:
Fixes #
Special notes for your reviewer:
Please check that: