Skip to content

Commit be1dc13

Browse files
nyagamunenenyagamunene
authored
NOISSUE - Add alarm relation to rules (#424)
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
1 parent 178a62c commit be1dc13

File tree

4 files changed

+51
-52
lines changed

4 files changed

+51
-52
lines changed

alarms/operations.go

Lines changed: 18 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -17,18 +17,24 @@ const (
1717
OpListAlarms
1818
OpUpdateAlarm
1919
OpDeleteAlarm
20+
OpAssignAlarm
21+
OpAcknowledgeAlarm
22+
OpResolveAlarm
2023
)
2124

2225
const (
23-
OpAddAlarmStr = "OpAddAlarm"
24-
OpViewAlarmStr = "OpViewAlarm"
25-
OpListAlarmsStr = "OpListAlarms"
26-
OpUpdateAlarmStr = "OpUpdateAlarm"
27-
OpDeleteAlarmStr = "OpDeleteAlarm"
26+
OpAddAlarmStr = "OpAddAlarm"
27+
OpViewAlarmStr = "OpViewAlarm"
28+
OpListAlarmsStr = "OpListAlarms"
29+
OpUpdateAlarmStr = "OpUpdateAlarm"
30+
OpDeleteAlarmStr = "OpDeleteAlarm"
31+
OpAssignAlarmStr = "OpAssignAlarm"
32+
OpAcknowledgeAlarmStr = "OpAcknowledgeAlarm"
33+
OpResolveAlarmStr = "OpResolveAlarm"
2834
)
2935

3036
func GetPermission(op permissions.Operation) (string, error) {
31-
if op < OpAddAlarm || op > OpDeleteAlarm {
37+
if op < OpAddAlarm || op > OpResolveAlarm {
3238
return "", errors.New("invalid operation")
3339
}
3440

@@ -51,6 +57,12 @@ func OperationName(op permissions.Operation) string {
5157
return OpUpdateAlarmStr
5258
case OpDeleteAlarm:
5359
return OpDeleteAlarmStr
60+
case OpAssignAlarm:
61+
return OpAssignAlarmStr
62+
case OpAcknowledgeAlarm:
63+
return OpAcknowledgeAlarmStr
64+
case OpResolveAlarm:
65+
return OpResolveAlarmStr
5466
default:
5567
return "unknown"
5668
}

docker/permission.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,9 @@ rule:
2222
- enable: update_permission
2323
- disable: update_permission
2424
- delete: delete_permission
25+
- alarm_assign: alarm_assign_permission
26+
- alarm_acknowledge: alarm_acknowledge_permission
27+
- alarm_resolve: alarm_resolve_permission
2528
roles_operations:
2629
- add: manage_role_permission
2730
- remove: manage_role_permission

docker/spicedb/combined-schema.zed

Lines changed: 15 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -312,10 +312,6 @@ definition domain {
312312
relation alarm_update: role#member | team#member
313313
relation alarm_read: role#member | team#member
314314
relation alarm_delete: role#member | team#member
315-
relation alarm_manage_role: role#member | team#member
316-
relation alarm_add_role_users: role#member | team#member
317-
relation alarm_remove_role_users: role#member | team#member
318-
relation alarm_view_role_users: role#member | team#member
319315
relation rule_create: role#member | team#member
320316
relation rule_update: role#member | team#member
321317
relation rule_read: role#member | team#member
@@ -353,7 +349,7 @@ definition domain {
353349
channel_manage_role + channel_add_role_users + channel_remove_role_users + channel_view_role_users +
354350
group_update + group_membership + group_read + group_delete + group_set_child + group_set_parent +
355351
group_manage_role + group_add_role_users + group_remove_role_users + group_view_role_users +
356-
alarm_create + alarm_update + alarm_read + alarm_delete + alarm_manage_role + alarm_add_role_users + alarm_remove_role_users + alarm_view_role_users + rule_create + rule_update + rule_read + rule_delete + rule_manage_role + rule_add_role_users + rule_remove_role_users + rule_view_role_users + report_create + report_update + report_read + report_delete + report_manage_role + report_add_role_users + report_remove_role_users + report_view_role_users +
352+
alarm_create + alarm_update + alarm_read + alarm_delete + rule_create + rule_update + rule_read + rule_delete + rule_manage_role + rule_add_role_users + rule_remove_role_users + rule_view_role_users + rule_alarm_assign + rule_alarm_acknowledge + rule_alarm_resolve + report_create + report_update + report_read + report_delete + report_manage_role + report_add_role_users + report_remove_role_users + report_view_role_users +
357353
organization->admin
358354

359355
permission admin = (read & update & enable & disable & delete & manage_role & add_role_users & remove_role_users & view_role_users) + organization->admin
@@ -403,10 +399,6 @@ definition domain {
403399
permission alarm_update_permission = alarm_update + team->alarm_update + organization->admin
404400
permission alarm_read_permission = alarm_read + team->alarm_read + organization->admin
405401
permission alarm_delete_permission = alarm_delete + team->alarm_delete + organization->admin
406-
permission alarm_manage_role_permission = alarm_manage_role + team->alarm_manage_role + organization->admin
407-
permission alarm_add_role_users_permission = alarm_add_role_users + team->alarm_add_role_users + organization->admin
408-
permission alarm_remove_role_users_permission = alarm_remove_role_users + team->alarm_remove_role_users + organization->admin
409-
permission alarm_view_role_users_permission = alarm_view_role_users + team->alarm_view_role_users + organization->admin
410402
permission rule_create_permission = rule_create + team->rule_create + organization->admin
411403
permission rule_update_permission = rule_update + team->rule_update + organization->admin
412404
permission rule_read_permission = rule_read + team->rule_read + organization->admin
@@ -415,6 +407,9 @@ definition domain {
415407
permission rule_add_role_users_permission = rule_add_role_users + team->rule_add_role_users + organization->admin
416408
permission rule_remove_role_users_permission = rule_remove_role_users + team->rule_remove_role_users + organization->admin
417409
permission rule_view_role_users_permission = rule_view_role_users + team->rule_view_role_users + organization->admin
410+
permission rule_alarm_assign_permission = rule_alarm_assign + team->rule_alarm_assign + organization->admin
411+
permission rule_alarm_acknowledge_permission = rule_alarm_acknowledge + team->rule_alarm_acknowledge + organization->admin
412+
permission rule_alarm_resolve_permission = rule_alarm_resolve + team->rule_alarm_resolve + organization->admin
418413
permission report_create_permission = report_create + team->report_create + organization->admin
419414
permission report_update_permission = report_update + team->report_update + organization->admin
420415
permission report_read_permission = report_read + team->report_read + organization->admin
@@ -518,10 +513,6 @@ definition team {
518513
relation alarm_update: role#member | team#member
519514
relation alarm_read: role#member | team#member
520515
relation alarm_delete: role#member | team#member
521-
relation alarm_manage_role: role#member | team#member
522-
relation alarm_add_role_users: role#member | team#member
523-
relation alarm_remove_role_users: role#member | team#member
524-
relation alarm_view_role_users: role#member | team#member
525516
relation rule_create: role#member | team#member
526517
relation rule_update: role#member | team#member
527518
relation rule_read: role#member | team#member
@@ -530,6 +521,9 @@ definition team {
530521
relation rule_add_role_users: role#member | team#member
531522
relation rule_remove_role_users: role#member | team#member
532523
relation rule_view_role_users: role#member | team#member
524+
relation rule_alarm_assign: role#member | team#member
525+
relation rule_alarm_acknowledge: role#member | team#member
526+
relation rule_alarm_resolve: role#member | team#member
533527
relation report_create: role#member | team#member
534528
relation report_update: role#member | team#member
535529
relation report_read: role#member | team#member
@@ -646,19 +640,9 @@ relation update: role#member
646640
relation read: role#member
647641
relation delete: role#member
648642

649-
relation manage_role: role#member
650-
relation add_role_users: role#member
651-
relation remove_role_users: role#member
652-
relation view_role_users: role#member
653-
654643
permission update_permission = update + domain->alarm_update_permission
655644
permission read_permission = read + domain->alarm_read_permission
656645
permission delete_permission = delete + domain->alarm_delete_permission
657-
658-
permission manage_role_permission = manage_role + domain->alarm_manage_role_permission
659-
permission add_role_users_permission = add_role_users + domain->alarm_add_role_users_permission
660-
permission remove_role_users_permission = remove_role_users + domain->alarm_remove_role_users_permission
661-
permission view_role_users_permission = view_role_users + domain->alarm_view_role_users_permission
662646
}
663647

664648
definition rule {
@@ -673,6 +657,10 @@ relation add_role_users: role#member
673657
relation remove_role_users: role#member
674658
relation view_role_users: role#member
675659

660+
relation alarm_assign: role#member
661+
relation alarm_acknowledge: role#member
662+
relation alarm_resolve: role#member
663+
676664
permission update_permission = update + domain->rule_update_permission
677665
permission read_permission = read + domain->rule_read_permission
678666
permission delete_permission = delete + domain->rule_delete_permission
@@ -681,6 +669,10 @@ permission manage_role_permission = manage_role + domain->rule_manage_role_permi
681669
permission add_role_users_permission = add_role_users + domain->rule_add_role_users_permission
682670
permission remove_role_users_permission = remove_role_users + domain->rule_remove_role_users_permission
683671
permission view_role_users_permission = view_role_users + domain->rule_view_role_users_permission
672+
673+
permission alarm_assign_permission = alarm_assign + domain->rule_alarm_assign_permission
674+
permission alarm_acknowledge_permission = alarm_acknowledge + domain->rule_alarm_acknowledge_permission
675+
permission alarm_resolve_permission = alarm_resolve + domain->rule_alarm_resolve_permission
684676
}
685677

686678
definition report {

docker/spicedb/override-schema.zed

Lines changed: 15 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -32,10 +32,6 @@ definition domain {
3232
relation alarm_update: role#member | team#member
3333
relation alarm_read: role#member | team#member
3434
relation alarm_delete: role#member | team#member
35-
relation alarm_manage_role: role#member | team#member
36-
relation alarm_add_role_users: role#member | team#member
37-
relation alarm_remove_role_users: role#member | team#member
38-
relation alarm_view_role_users: role#member | team#member
3935

4036
relation rule_create: role#member | team#member
4137
relation rule_update: role#member | team#member
@@ -60,10 +56,6 @@ definition domain {
6056
permission alarm_update_permission = alarm_update + team->alarm_update + organization->admin
6157
permission alarm_read_permission = alarm_read + team->alarm_read + organization->admin
6258
permission alarm_delete_permission = alarm_delete + team->alarm_delete + organization->admin
63-
permission alarm_manage_role_permission = alarm_manage_role + team->alarm_manage_role + organization->admin
64-
permission alarm_add_role_users_permission = alarm_add_role_users + team->alarm_add_role_users + organization->admin
65-
permission alarm_remove_role_users_permission = alarm_remove_role_users + team->alarm_remove_role_users + organization->admin
66-
permission alarm_view_role_users_permission = alarm_view_role_users + team->alarm_view_role_users + organization->admin
6759

6860
permission rule_create_permission = rule_create + team->rule_create + organization->admin
6961
permission rule_update_permission = rule_update + team->rule_update + organization->admin
@@ -73,6 +65,9 @@ definition domain {
7365
permission rule_add_role_users_permission = rule_add_role_users + team->rule_add_role_users + organization->admin
7466
permission rule_remove_role_users_permission = rule_remove_role_users + team->rule_remove_role_users + organization->admin
7567
permission rule_view_role_users_permission = rule_view_role_users + team->rule_view_role_users + organization->admin
68+
permission rule_alarm_assign_permission = rule_alarm_assign + team->rule_alarm_assign + organization->admin
69+
permission rule_alarm_acknowledge_permission = rule_alarm_acknowledge + team->rule_alarm_acknowledge + organization->admin
70+
permission rule_alarm_resolve_permission = rule_alarm_resolve + team->rule_alarm_resolve + organization->admin
7671

7772
permission report_create_permission = report_create + team->report_create + organization->admin
7873
permission report_update_permission = report_update + team->report_update + organization->admin
@@ -84,7 +79,7 @@ definition domain {
8479
permission report_view_role_users_permission = report_view_role_users + team->report_view_role_users + organization->admin
8580

8681
// Explicit extension injected into SuperMQ domain `permission membership`.
87-
permission membership_extension = alarm_create + alarm_update + alarm_read + alarm_delete + alarm_manage_role + alarm_add_role_users + alarm_remove_role_users + alarm_view_role_users + rule_create + rule_update + rule_read + rule_delete + rule_manage_role + rule_add_role_users + rule_remove_role_users + rule_view_role_users + report_create + report_update + report_read + report_delete + report_manage_role + report_add_role_users + report_remove_role_users + report_view_role_users
82+
permission membership_extension = alarm_create + alarm_update + alarm_read + alarm_delete + rule_create + rule_update + rule_read + rule_delete + rule_manage_role + rule_add_role_users + rule_remove_role_users + rule_view_role_users + rule_alarm_assign + rule_alarm_acknowledge + rule_alarm_resolve + report_create + report_update + report_read + report_delete + report_manage_role + report_add_role_users + report_remove_role_users + report_view_role_users
8883

8984
}
9085

@@ -95,10 +90,6 @@ definition team {
9590
relation alarm_update: role#member | team#member
9691
relation alarm_read: role#member | team#member
9792
relation alarm_delete: role#member | team#member
98-
relation alarm_manage_role: role#member | team#member
99-
relation alarm_add_role_users: role#member | team#member
100-
relation alarm_remove_role_users: role#member | team#member
101-
relation alarm_view_role_users: role#member | team#member
10293

10394
relation rule_create: role#member | team#member
10495
relation rule_update: role#member | team#member
@@ -108,6 +99,9 @@ definition team {
10899
relation rule_add_role_users: role#member | team#member
109100
relation rule_remove_role_users: role#member | team#member
110101
relation rule_view_role_users: role#member | team#member
102+
relation rule_alarm_assign: role#member | team#member
103+
relation rule_alarm_acknowledge: role#member | team#member
104+
relation rule_alarm_resolve: role#member | team#member
111105

112106
relation report_create: role#member | team#member
113107
relation report_update: role#member | team#member
@@ -127,19 +121,9 @@ relation update: role#member
127121
relation read: role#member
128122
relation delete: role#member
129123

130-
relation manage_role: role#member
131-
relation add_role_users: role#member
132-
relation remove_role_users: role#member
133-
relation view_role_users: role#member
134-
135124
permission update_permission = update + domain->alarm_update_permission
136125
permission read_permission = read + domain->alarm_read_permission
137126
permission delete_permission = delete + domain->alarm_delete_permission
138-
139-
permission manage_role_permission = manage_role + domain->alarm_manage_role_permission
140-
permission add_role_users_permission = add_role_users + domain->alarm_add_role_users_permission
141-
permission remove_role_users_permission = remove_role_users + domain->alarm_remove_role_users_permission
142-
permission view_role_users_permission = view_role_users + domain->alarm_view_role_users_permission
143127
}
144128

145129
definition rule {
@@ -154,6 +138,10 @@ relation add_role_users: role#member
154138
relation remove_role_users: role#member
155139
relation view_role_users: role#member
156140

141+
relation alarm_assign: role#member
142+
relation alarm_acknowledge: role#member
143+
relation alarm_resolve: role#member
144+
157145
permission update_permission = update + domain->rule_update_permission
158146
permission read_permission = read + domain->rule_read_permission
159147
permission delete_permission = delete + domain->rule_delete_permission
@@ -162,6 +150,10 @@ permission manage_role_permission = manage_role + domain->rule_manage_role_permi
162150
permission add_role_users_permission = add_role_users + domain->rule_add_role_users_permission
163151
permission remove_role_users_permission = remove_role_users + domain->rule_remove_role_users_permission
164152
permission view_role_users_permission = view_role_users + domain->rule_view_role_users_permission
153+
154+
permission alarm_assign_permission = alarm_assign + domain->rule_alarm_assign_permission
155+
permission alarm_acknowledge_permission = alarm_acknowledge + domain->rule_alarm_acknowledge_permission
156+
permission alarm_resolve_permission = alarm_resolve + domain->rule_alarm_resolve_permission
165157
}
166158

167159
definition report {

0 commit comments

Comments
 (0)