apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
58663 Commits
1683 Branches
650 Tags
2.2 GiB
Tag: Branch: Tree: 103652-docs-alert-migration-tool
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '103652-docs-alert-migration-tool'
${ noResults }
grafana/pkg/services/serviceaccounts/models.go

233 lines
8.0 KiB
Raw Permalink Normal View History Unescape

ServiceAccounts: Delete ServiceAccount (#40470) * Add extra fields to OSS types to support enterprise * WIP service accounts * Update public/app/features/api-keys/ApiKeysForm.tsx Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> * Create a service account at the same time as the API key * Use service account credentials when accessing API with APIkey * Throw better error * Use Boolean for "create service account button" * Add GetRole to service, merge RoleDTO and Role structs This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons: 1. Makes switching between OSS and Enterprise easier 2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise * Start work cloning permissions onto service account * If API key is not linked to a service account, continue login as usual * Fallback to old auth if no service account linked to key * Commented * Add CloneUserToServiceAccount * Update mock.go * Put graphical bits behind a feature toggle * Start adding LinkAPIKeyToServiceAccount * Update pkg/models/user.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Finish LinkAPIKeyToServiceAccount * Update comment * Handle api key link error * Update pkg/services/sqlstore/apikey.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Feature toggle * Update pkg/services/accesscontrol/accesscontrol.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Not needed (yet) * Better error messages for OSS accesscontrol * Set an invalid user id as default * ServiceAccountId should be string * Re-arrange field names * ServiceAccountId is integer * Update ossaccesscontrol.go * Linter * Remove fronend edits * Remove console log * Update ApiKeysForm.tsx * feat: add serviceaccount deletion * feat: make sure we do not accidently delete serviceaccount * feat: ServiceAccount Type * refactor: userDeletions function * refactor: serviceaccount deletions\ * refactor: error name and removed attribute for userDeletecommand * refactor:: remove serviceaccount type for now * WIP * add mocked function * Remove unnecessary db query, move to right place * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Better error messages * Better and correcter error messages * add mocked function * refactor: move function call, add error msg * add IsServiceAccount and fix table * add service accounts package * WIP * WIP * working serviceaccountsapi registration * WIP tests * test * test working * test running for service * moved the error out of the models package * fixed own review * linting errors * Update pkg/services/serviceaccounts/database/database.go Co-authored-by: Jeremy Price <Jeremy.price@grafana.com> * tests running for api * WIP * WIP * removed unused secrets background svc * removed background svc for serviceaccount infavor or wire.go * serviceaccounts manager tests * registering as backend service Co-authored-by: Jeremy Price <jeremy.price@grafana.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
4 years ago
package serviceaccounts
Add number of tokens to the service accounts view (#44919) * feat: add serviceaccountDTO * WIP * feat: listing number of tokens for a given service account * nit: removed fmt * Update pkg/services/serviceaccounts/database/database.go * Update public/app/features/serviceaccounts/ServiceAccountsListPage.tsx * fixes * align DTOProfile data to the frontend * reviewed myself fixes * fix: tests fix
4 years ago
import (
AuthN: Introduce `DefaultOrgID` function for managed service accounts (#93432) * Managed Service Accounts: Use AutoAssignOrgID * Fix the IsExternalServiceAccount function * Reassign service account role * Account for AutoAssignOrg * Update pkg/services/serviceaccounts/models.go * Simplify IsExternalServiceAccount function * Add tests * Easier to understand test * Revert small change
1 year ago
"fmt"
"strings"
Add number of tokens to the service accounts view (#44919) * feat: add serviceaccountDTO * WIP * feat: listing number of tokens for a given service account * nit: removed fmt * Update pkg/services/serviceaccounts/database/database.go * Update public/app/features/serviceaccounts/ServiceAccountsListPage.tsx * fixes * align DTOProfile data to the frontend * reviewed myself fixes * fix: tests fix
4 years ago
"time"
Chore: Move identity and errutil to apimachinery module (#89116)
2 years ago
"github.com/grafana/grafana/pkg/apimachinery/errutil"
"github.com/grafana/grafana/pkg/apimachinery/identity"
Add number of tokens to the service accounts view (#44919) * feat: add serviceaccountDTO * WIP * feat: listing number of tokens for a given service account * nit: removed fmt * Update pkg/services/serviceaccounts/database/database.go * Update public/app/features/serviceaccounts/ServiceAccountsListPage.tsx * fixes * align DTOProfile data to the frontend * reviewed myself fixes * fix: tests fix
4 years ago
"github.com/grafana/grafana/pkg/services/accesscontrol"
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2
3 years ago
"github.com/grafana/grafana/pkg/services/org"
Add number of tokens to the service accounts view (#44919) * feat: add serviceaccountDTO * WIP * feat: listing number of tokens for a given service account * nit: removed fmt * Update pkg/services/serviceaccounts/database/database.go * Update public/app/features/serviceaccounts/ServiceAccountsListPage.tsx * fixes * align DTOProfile data to the frontend * reviewed myself fixes * fix: tests fix
4 years ago
)
ServiceAccounts: Delete ServiceAccount (#40470) * Add extra fields to OSS types to support enterprise * WIP service accounts * Update public/app/features/api-keys/ApiKeysForm.tsx Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> * Create a service account at the same time as the API key * Use service account credentials when accessing API with APIkey * Throw better error * Use Boolean for "create service account button" * Add GetRole to service, merge RoleDTO and Role structs This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons: 1. Makes switching between OSS and Enterprise easier 2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise * Start work cloning permissions onto service account * If API key is not linked to a service account, continue login as usual * Fallback to old auth if no service account linked to key * Commented * Add CloneUserToServiceAccount * Update mock.go * Put graphical bits behind a feature toggle * Start adding LinkAPIKeyToServiceAccount * Update pkg/models/user.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Finish LinkAPIKeyToServiceAccount * Update comment * Handle api key link error * Update pkg/services/sqlstore/apikey.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Feature toggle * Update pkg/services/accesscontrol/accesscontrol.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Not needed (yet) * Better error messages for OSS accesscontrol * Set an invalid user id as default * ServiceAccountId should be string * Re-arrange field names * ServiceAccountId is integer * Update ossaccesscontrol.go * Linter * Remove fronend edits * Remove console log * Update ApiKeysForm.tsx * feat: add serviceaccount deletion * feat: make sure we do not accidently delete serviceaccount * feat: ServiceAccount Type * refactor: userDeletions function * refactor: serviceaccount deletions\ * refactor: error name and removed attribute for userDeletecommand * refactor:: remove serviceaccount type for now * WIP * add mocked function * Remove unnecessary db query, move to right place * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Better error messages * Better and correcter error messages * add mocked function * refactor: move function call, add error msg * add IsServiceAccount and fix table * add service accounts package * WIP * WIP * working serviceaccountsapi registration * WIP tests * test * test working * test running for service * moved the error out of the models package * fixed own review * linting errors * Update pkg/services/serviceaccounts/database/database.go Co-authored-by: Jeremy Price <Jeremy.price@grafana.com> * tests running for api * WIP * WIP * removed unused secrets background svc * removed background svc for serviceaccount infavor or wire.go * serviceaccounts manager tests * registering as backend service Co-authored-by: Jeremy Price <jeremy.price@grafana.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
4 years ago
var (
ScopeAll = "serviceaccounts:*"
Add/Delete API keys to Service accounts (#44871) * ServiceAccounts: move token handlers to specific file * ServiceAccounts: move Add API key to Service account * APIKeys: api keys can still be used even when service accounts are enabled * APIKeys: legacy endpoint can't be used to add SA tokens * ServiceAccount: add tests for creation with nil and non-nil service account ids * ServiceAccounts: fix unnasigned cfg and AC typo * Test: test service account token adding * fix linting error * ServiceAccounts: Handle Token deletion * rename token funcs * rename token funcs and api wrapping * add token deletion tests * review Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com> * remove bus * Update pkg/api/apikey.go Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
4 years ago
ScopeID = accesscontrol.Scope("serviceaccounts", "id", accesscontrol.Parameter(":serviceAccountId"))
ServiceAccounts: Delete ServiceAccount (#40470) * Add extra fields to OSS types to support enterprise * WIP service accounts * Update public/app/features/api-keys/ApiKeysForm.tsx Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> * Create a service account at the same time as the API key * Use service account credentials when accessing API with APIkey * Throw better error * Use Boolean for "create service account button" * Add GetRole to service, merge RoleDTO and Role structs This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons: 1. Makes switching between OSS and Enterprise easier 2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise * Start work cloning permissions onto service account * If API key is not linked to a service account, continue login as usual * Fallback to old auth if no service account linked to key * Commented * Add CloneUserToServiceAccount * Update mock.go * Put graphical bits behind a feature toggle * Start adding LinkAPIKeyToServiceAccount * Update pkg/models/user.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Finish LinkAPIKeyToServiceAccount * Update comment * Handle api key link error * Update pkg/services/sqlstore/apikey.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Feature toggle * Update pkg/services/accesscontrol/accesscontrol.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Not needed (yet) * Better error messages for OSS accesscontrol * Set an invalid user id as default * ServiceAccountId should be string * Re-arrange field names * ServiceAccountId is integer * Update ossaccesscontrol.go * Linter * Remove fronend edits * Remove console log * Update ApiKeysForm.tsx * feat: add serviceaccount deletion * feat: make sure we do not accidently delete serviceaccount * feat: ServiceAccount Type * refactor: userDeletions function * refactor: serviceaccount deletions\ * refactor: error name and removed attribute for userDeletecommand * refactor:: remove serviceaccount type for now * WIP * add mocked function * Remove unnecessary db query, move to right place * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Better error messages * Better and correcter error messages * add mocked function * refactor: move function call, add error msg * add IsServiceAccount and fix table * add service accounts package * WIP * WIP * working serviceaccountsapi registration * WIP tests * test * test working * test running for service * moved the error out of the models package * fixed own review * linting errors * Update pkg/services/serviceaccounts/database/database.go Co-authored-by: Jeremy Price <Jeremy.price@grafana.com> * tests running for api * WIP * WIP * removed unused secrets background svc * removed background svc for serviceaccount infavor or wire.go * serviceaccounts manager tests * registering as backend service Co-authored-by: Jeremy Price <jeremy.price@grafana.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
4 years ago
)
auth: add serviceaccount proxy (#76815) * Add proxy service template * Replace SA srv with proxy for external SA srv * Move service account prefix to a constant * Prevent deletion from external service account * Make SA validation a resusable function * Add protection for creating service accounts * Add protection when updating service accounts * Add IsExternal field for service account * Protect ext service account token generation * Add verbose errors for form name or sa name * add tests * Add logs * Adjusts tests --------- Co-authored-by: Misi <mgyongyosi@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
2 years ago
const (
ServiceAccountPrefix = "sa-"
Chore: Move `extsvcaccounts` package to `serviceaccounts` (#76977) * Chore: Move extsvcaccounts package to serviceaccounts * Fix proxy * Fix tests * Fix linting
2 years ago
ExtSvcPrefix = "extsvc-"
auth: add serviceaccount proxy (#76815) * Add proxy service template * Replace SA srv with proxy for external SA srv * Move service account prefix to a constant * Prevent deletion from external service account * Make SA validation a resusable function * Add protection for creating service accounts * Add protection when updating service accounts * Add IsExternal field for service account * Protect ext service account token generation * Add verbose errors for form name or sa name * add tests * Add logs * Adjusts tests --------- Co-authored-by: Misi <mgyongyosi@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
2 years ago
)
ServiceAccounts: Delete ServiceAccount (#40470) * Add extra fields to OSS types to support enterprise * WIP service accounts * Update public/app/features/api-keys/ApiKeysForm.tsx Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> * Create a service account at the same time as the API key * Use service account credentials when accessing API with APIkey * Throw better error * Use Boolean for "create service account button" * Add GetRole to service, merge RoleDTO and Role structs This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons: 1. Makes switching between OSS and Enterprise easier 2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise * Start work cloning permissions onto service account * If API key is not linked to a service account, continue login as usual * Fallback to old auth if no service account linked to key * Commented * Add CloneUserToServiceAccount * Update mock.go * Put graphical bits behind a feature toggle * Start adding LinkAPIKeyToServiceAccount * Update pkg/models/user.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Finish LinkAPIKeyToServiceAccount * Update comment * Handle api key link error * Update pkg/services/sqlstore/apikey.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Feature toggle * Update pkg/services/accesscontrol/accesscontrol.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Not needed (yet) * Better error messages for OSS accesscontrol * Set an invalid user id as default * ServiceAccountId should be string * Re-arrange field names * ServiceAccountId is integer * Update ossaccesscontrol.go * Linter * Remove fronend edits * Remove console log * Update ApiKeysForm.tsx * feat: add serviceaccount deletion * feat: make sure we do not accidently delete serviceaccount * feat: ServiceAccount Type * refactor: userDeletions function * refactor: serviceaccount deletions\ * refactor: error name and removed attribute for userDeletecommand * refactor:: remove serviceaccount type for now * WIP * add mocked function * Remove unnecessary db query, move to right place * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Better error messages * Better and correcter error messages * add mocked function * refactor: move function call, add error msg * add IsServiceAccount and fix table * add service accounts package * WIP * WIP * working serviceaccountsapi registration * WIP tests * test * test working * test running for service * moved the error out of the models package * fixed own review * linting errors * Update pkg/services/serviceaccounts/database/database.go Co-authored-by: Jeremy Price <Jeremy.price@grafana.com> * tests running for api * WIP * WIP * removed unused secrets background svc * removed background svc for serviceaccount infavor or wire.go * serviceaccounts manager tests * registering as backend service Co-authored-by: Jeremy Price <jeremy.price@grafana.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
4 years ago
const (
Service Accounts: Managed permissions for service accounts (#51818) * backend changes * frontend changes * linting * nit * import order * allow SA creator to access the SA page * fix merge * tests * fix frontend tests Co-authored-by: alexanderzobnin alexanderzobnin@gmail.com
3 years ago
ActionRead = "serviceaccounts:read"
ActionWrite = "serviceaccounts:write"
ActionCreate = "serviceaccounts:create"
ActionDelete = "serviceaccounts:delete"
ActionPermissionsRead = "serviceaccounts.permissions:read"
ActionPermissionsWrite = "serviceaccounts.permissions:write"
ServiceAccounts: Delete ServiceAccount (#40470) * Add extra fields to OSS types to support enterprise * WIP service accounts * Update public/app/features/api-keys/ApiKeysForm.tsx Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> * Create a service account at the same time as the API key * Use service account credentials when accessing API with APIkey * Throw better error * Use Boolean for "create service account button" * Add GetRole to service, merge RoleDTO and Role structs This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons: 1. Makes switching between OSS and Enterprise easier 2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise * Start work cloning permissions onto service account * If API key is not linked to a service account, continue login as usual * Fallback to old auth if no service account linked to key * Commented * Add CloneUserToServiceAccount * Update mock.go * Put graphical bits behind a feature toggle * Start adding LinkAPIKeyToServiceAccount * Update pkg/models/user.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Finish LinkAPIKeyToServiceAccount * Update comment * Handle api key link error * Update pkg/services/sqlstore/apikey.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Feature toggle * Update pkg/services/accesscontrol/accesscontrol.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Not needed (yet) * Better error messages for OSS accesscontrol * Set an invalid user id as default * ServiceAccountId should be string * Re-arrange field names * ServiceAccountId is integer * Update ossaccesscontrol.go * Linter * Remove fronend edits * Remove console log * Update ApiKeysForm.tsx * feat: add serviceaccount deletion * feat: make sure we do not accidently delete serviceaccount * feat: ServiceAccount Type * refactor: userDeletions function * refactor: serviceaccount deletions\ * refactor: error name and removed attribute for userDeletecommand * refactor:: remove serviceaccount type for now * WIP * add mocked function * Remove unnecessary db query, move to right place * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Better error messages * Better and correcter error messages * add mocked function * refactor: move function call, add error msg * add IsServiceAccount and fix table * add service accounts package * WIP * WIP * working serviceaccountsapi registration * WIP tests * test * test working * test running for service * moved the error out of the models package * fixed own review * linting errors * Update pkg/services/serviceaccounts/database/database.go Co-authored-by: Jeremy Price <Jeremy.price@grafana.com> * tests running for api * WIP * WIP * removed unused secrets background svc * removed background svc for serviceaccount infavor or wire.go * serviceaccounts manager tests * registering as backend service Co-authored-by: Jeremy Price <jeremy.price@grafana.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
4 years ago
)
Serviceaccounts: create serviceaccount api (#42150) * WIP * wip * wip * wip * refactor: new return of the create service accoutn * refactor: change to have correct role * refactor: ability to create service accounts * make public * refactor: make ints instead * refactor: remove location sprintf * refactor: added back named constants
4 years ago
Service accounts: Creation logic simplification (#63884) * SA creation improvements * PR feedback - put salt and rand back in and remove an unneeded line:
3 years ago
var (
Chore: Add errutils helpers (#73577) Add helpers for the errutil package in favor of errutil.NewBase.
2 years ago
ErrServiceAccountNotFound = errutil.NotFound("serviceaccounts.ErrNotFound", errutil.WithPublicMessage("service account not found"))
ErrServiceAccountInvalidRole = errutil.BadRequest("serviceaccounts.ErrInvalidRoleSpecified", errutil.WithPublicMessage("invalid role specified"))
ErrServiceAccountRolePrivilegeDenied = errutil.Forbidden("serviceaccounts.ErrRoleForbidden", errutil.WithPublicMessage("can not assign a role higher than user's role"))
ErrServiceAccountInvalidOrgID = errutil.BadRequest("serviceaccounts.ErrInvalidOrgId", errutil.WithPublicMessage("invalid org id specified"))
ErrServiceAccountInvalidID = errutil.BadRequest("serviceaccounts.ErrInvalidId", errutil.WithPublicMessage("invalid service account id specified"))
ErrServiceAccountInvalidAPIKeyID = errutil.BadRequest("serviceaccounts.ErrInvalidAPIKeyId", errutil.WithPublicMessage("invalid api key id specified"))
ErrServiceAccountInvalidTokenID = errutil.BadRequest("serviceaccounts.ErrInvalidTokenId", errutil.WithPublicMessage("invalid service account token id specified"))
ErrServiceAccountAlreadyExists = errutil.BadRequest("serviceaccounts.ErrAlreadyExists", errutil.WithPublicMessage("service account already exists"))
ErrServiceAccountTokenNotFound = errutil.NotFound("serviceaccounts.ErrTokenNotFound", errutil.WithPublicMessage("service account token not found"))
ErrInvalidTokenExpiration = errutil.ValidationFailed("serviceaccounts.ErrInvalidInput", errutil.WithPublicMessage("invalid SecondsToLive value"))
ErrDuplicateToken = errutil.BadRequest("serviceaccounts.ErrTokenAlreadyExists", errutil.WithPublicMessage("service account token with given name already exists in the organization"))
Service accounts: Creation logic simplification (#63884) * SA creation improvements * PR feedback - put salt and rand back in and remove an unneeded line:
3 years ago
)
Service accounts: UI migration results (#68789) * ui migration WIP * merge * migration tests for api * revert chagnes to align with main * revert chagnes to align with main * revert chagnes to align with main * remove unused code and comments * revert gen files * retry logic inplace * fix a any * fixed types * migraiton results now show only result if no failures * review comments * wording to make it more actionable * add migraiton summary text onyl for failed apikeys * fixed wording and added a close button to the modal * made the button close the modal * moved state into component * fix based on review, naming and removed unused code * service account migration state optional * making migration result undefined * showing total and migrated numbers for a successful migration * fix payload const to take the payload
3 years ago
type MigrationResult struct {
Service accounts: API key migration refactoring to parse as json object of the results (#69771) refactoring to parse as json object of the results
3 years ago
Total int `json:"total"`
Migrated int `json:"migrated"`
Failed int `json:"failed"`
FailedApikeyIDs []int64 `json:"failedApikeyIDs"`
FailedDetails []string `json:"failedDetails"`
Service accounts: UI migration results (#68789) * ui migration WIP * merge * migration tests for api * revert chagnes to align with main * revert chagnes to align with main * revert chagnes to align with main * remove unused code and comments * revert gen files * retry logic inplace * fix a any * fixed types * migraiton results now show only result if no failures * review comments * wording to make it more actionable * add migraiton summary text onyl for failed apikeys * fixed wording and added a close button to the modal * made the button close the modal * moved state into component * fix based on review, naming and removed unused code * service account migration state optional * making migration result undefined * showing total and migrated numbers for a successful migration * fix payload const to take the payload
3 years ago
}
API: Add service account routes to the swagger (#52398) * API: Add service account routes to the swagger
3 years ago
// swagger:model
Service accounts: refactor errors (#50917)
4 years ago
type CreateServiceAccountForm struct {
API: Add service account routes to the swagger (#52398) * API: Add service account routes to the swagger
3 years ago
// example: grafana
Name string `json:"name" binding:"Required"`
// example: Admin
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2
3 years ago
Role *org.RoleType `json:"role"`
API: Add service account routes to the swagger (#52398) * API: Add service account routes to the swagger
3 years ago
// example: false
IsDisabled *bool `json:"isDisabled"`
Service accounts: refactor errors (#50917)
4 years ago
}
API: Add service account routes to the swagger (#52398) * API: Add service account routes to the swagger
3 years ago
// swagger:model
Service Account detailed edit (#45404) * ServiceAccounts: Update service account route * ServiceAccounts: Update service account tests * ServiceAccounts: remove extraneous file
4 years ago
type UpdateServiceAccountForm struct {
Auth: Service account store refactor (#58961) * refactor: renaming of files from database to store * refactor: make service account store private - moves store interface to manager package - adds an interface to the ProvideAPI constructor - refactors tests to use the store when necessary - adds mocks for the new interface implementations in the tests package * wip * refactor: make fakestore in service * wip * wip * wip * working tests * trailing whitespaces * Update pkg/services/serviceaccounts/api/api.go * Update pkg/services/serviceaccounts/tests/common.go * Update pkg/services/serviceaccounts/tests/common.go * refactor: doc string for retriever * fix import unused * remove: serviceaccount from featuretoggle * added: back legacy serviceaccounts feature toggle * added: docs * refactor: make query for the SearchQuery * add: validation of service input fields * add validation
3 years ago
Name *string `json:"name"`
ServiceAccountID int64 `json:"serviceAccountId"`
Role *org.RoleType `json:"role"`
IsDisabled *bool `json:"isDisabled"`
Service Account detailed edit (#45404) * ServiceAccounts: Update service account route * ServiceAccounts: Update service account tests * ServiceAccounts: remove extraneous file
4 years ago
}
API: Add service account routes to the swagger (#52398) * API: Add service account routes to the swagger
3 years ago
// swagger: model
Add number of tokens to the service accounts view (#44919) * feat: add serviceaccountDTO * WIP * feat: listing number of tokens for a given service account * nit: removed fmt * Update pkg/services/serviceaccounts/database/database.go * Update public/app/features/serviceaccounts/ServiceAccountsListPage.tsx * fixes * align DTOProfile data to the frontend * reviewed myself fixes * fix: tests fix
4 years ago
type ServiceAccountDTO struct {
API: Add service account routes to the swagger (#52398) * API: Add service account routes to the swagger
3 years ago
Id int64 `json:"id" xorm:"user_id"`
ServiceAccounts: Allow use of UIDs for Service Account routes (#95401)
1 year ago
// example: fe1xejlha91xce
UID string `json:"uid" xorm:"uid"`
API: Add service account routes to the swagger (#52398) * API: Add service account routes to the swagger
3 years ago
// example: grafana
Name string `json:"name" xorm:"name"`
// example: sa-grafana
Login string `json:"login" xorm:"login"`
// example: 1
OrgId int64 `json:"orgId" xorm:"org_id"`
// example: false
IsDisabled bool `json:"isDisabled" xorm:"is_disabled"`
AuthN: Add metrics to external service accounts management (#76789) * AuthN: Add metrics to external service accounts management * Add a new metric to count stored external service accounts * Update variable names Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> * Add test to SearchOrgServiceAccounts * Add feature flags checks before registering and using the metrics --------- Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
2 years ago
// example: false
IAM: Protect external service accounts frontend list page (#77834) * Add `isExternal` property to frontend model * Remove enabled and token buttons for external SA * Replace trash icon for lock icon for external SA * Block the role picker for external SA * Filter SA list using the external filter * Add only external filter at backend --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
2 years ago
IsExternal bool `json:"isExternal,omitempty" xorm:"-"`
API: Add service account routes to the swagger (#52398) * API: Add service account routes to the swagger
3 years ago
// example: Viewer
Role string `json:"role" xorm:"role"`
// example: 0
Tokens int64 `json:"tokens"`
// example: /avatar/85ec38023d90823d3e5b43ef35646af9
AvatarUrl string `json:"avatarUrl"`
// example: {"serviceaccounts:delete": true, "serviceaccounts:read": true, "serviceaccounts:write": true}
ServiceAccounts: Add access control metadata to service accounts (#45096) * add role to DTO * add access control metadata
4 years ago
AccessControl map[string]bool `json:"accessControl,omitempty"`
Add number of tokens to the service accounts view (#44919) * feat: add serviceaccountDTO * WIP * feat: listing number of tokens for a given service account * nit: removed fmt * Update pkg/services/serviceaccounts/database/database.go * Update public/app/features/serviceaccounts/ServiceAccountsListPage.tsx * fixes * align DTOProfile data to the frontend * reviewed myself fixes * fix: tests fix
4 years ago
}
Access control: service account role check (#47710) * forbid setting role higher than user's role * change response code * can assign API key permissions to non-admin users * add: assign viewer role directly upon creation * refactor: add AddSATcommand infavor of AddAPIkey * refactor: frontend fixes for ServiceAccountToken Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
4 years ago
API Keys: Add revocation for SATs (#53896) * add apikey is_revoked field * add token store tests * Apply suggestions from code review * remove unused fields
3 years ago
type GetSATokensQuery struct {
OrgID *int64 // optional filtering by org ID
ServiceAccountID *int64 // optional filtering by service account ID
}
ServiceAccounts: Allow use of UIDs for Service Account routes (#95401)
1 year ago
type GetServiceAccountQuery struct {
OrgID int64 `json:"orgId"`
ID int64 `json:"id"`
UID string `json:"uid"`
}
Access control: service account role check (#47710) * forbid setting role higher than user's role * change response code * can assign API key permissions to non-admin users * add: assign viewer role directly upon creation * refactor: add AddSATcommand infavor of AddAPIkey * refactor: frontend fixes for ServiceAccountToken Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
4 years ago
type AddServiceAccountTokenCommand struct {
Chore: Remove Result field from serviceaccounts, ualert (#62476) * Chore: Remove Result field from serviceaccounts * Chore: Remove Result field from ualert
3 years ago
Name string `json:"name" binding:"Required"`
OrgId int64 `json:"-"`
Key string `json:"-"`
SecondsToLive int64 `json:"secondsToLive"`
Access control: service account role check (#47710) * forbid setting role higher than user's role * change response code * can assign API key permissions to non-admin users * add: assign viewer role directly upon creation * refactor: add AddSATcommand infavor of AddAPIkey * refactor: frontend fixes for ServiceAccountToken Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
4 years ago
}
Auth: Service account store refactor (#58961) * refactor: renaming of files from database to store * refactor: make service account store private - moves store interface to manager package - adds an interface to the ProvideAPI constructor - refactors tests to use the store when necessary - adds mocks for the new interface implementations in the tests package * wip * refactor: make fakestore in service * wip * wip * wip * working tests * trailing whitespaces * Update pkg/services/serviceaccounts/api/api.go * Update pkg/services/serviceaccounts/tests/common.go * Update pkg/services/serviceaccounts/tests/common.go * refactor: doc string for retriever * fix import unused * remove: serviceaccount from featuretoggle * added: back legacy serviceaccounts feature toggle * added: docs * refactor: make query for the SearchQuery * add: validation of service input fields * add validation
3 years ago
type SearchOrgServiceAccountsQuery struct {
OrgID int64
Query string
Filter ServiceAccountFilter
Page int
Limit int
AuthN: Add metrics to external service accounts management (#76789) * AuthN: Add metrics to external service accounts management * Add a new metric to count stored external service accounts * Update variable names Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> * Add test to SearchOrgServiceAccounts * Add feature flags checks before registering and using the metrics --------- Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
2 years ago
CountOnly bool
Optimize tokens count from service accounts query (#96663) * optimize tokens count from service accounts query * add unit tests for tokens count * skip broken test * fix lint error * rename Tokens to TokenCount
1 year ago
CountTokens bool
Auth: Move Service Account service to SignedInUser Interface (#73142) * move service account service to identity interface * Update pkg/services/auth/identity/requester.go
2 years ago
SignedInUser identity.Requester
Auth: Service account store refactor (#58961) * refactor: renaming of files from database to store * refactor: make service account store private - moves store interface to manager package - adds an interface to the ProvideAPI constructor - refactors tests to use the store when necessary - adds mocks for the new interface implementations in the tests package * wip * refactor: make fakestore in service * wip * wip * wip * working tests * trailing whitespaces * Update pkg/services/serviceaccounts/api/api.go * Update pkg/services/serviceaccounts/tests/common.go * Update pkg/services/serviceaccounts/tests/common.go * refactor: doc string for retriever * fix import unused * remove: serviceaccount from featuretoggle * added: back legacy serviceaccounts feature toggle * added: docs * refactor: make query for the SearchQuery * add: validation of service input fields * add validation
3 years ago
}
func (q *SearchOrgServiceAccountsQuery) SetDefaults() {
q.Page = 1
q.Limit = 100
}
API: Add service account routes to the swagger (#52398) * API: Add service account routes to the swagger
3 years ago
// swagger: model
Auth: Service account store refactor (#58961) * refactor: renaming of files from database to store * refactor: make service account store private - moves store interface to manager package - adds an interface to the ProvideAPI constructor - refactors tests to use the store when necessary - adds mocks for the new interface implementations in the tests package * wip * refactor: make fakestore in service * wip * wip * wip * working tests * trailing whitespaces * Update pkg/services/serviceaccounts/api/api.go * Update pkg/services/serviceaccounts/tests/common.go * Update pkg/services/serviceaccounts/tests/common.go * refactor: doc string for retriever * fix import unused * remove: serviceaccount from featuretoggle * added: back legacy serviceaccounts feature toggle * added: docs * refactor: make query for the SearchQuery * add: validation of service input fields * add validation
3 years ago
type SearchOrgServiceAccountsResult struct {
API: Add service account routes to the swagger (#52398) * API: Add service account routes to the swagger
3 years ago
// It can be used for pagination of the user list
// E.g. if totalCount is equal to 100 users and
// the perpage parameter is set to 10 then there are 10 pages of users.
Service accounts: Split user and service account database (#46442) * ServiceAccounts: remove unused endpoint * ServiceAccounts: remove usage of getOrgUsers from service accounts * use dialect for boolean str true in delete * return service account results directly * Move Service Account Deletions to sa package Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com> * Move service account methods to service accounts Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com> * Service accounts should not interfere with users Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * filter service accounts in user services * mispell fix * fix overextended lines Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * fix variable Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com>
4 years ago
TotalCount int64 `json:"totalCount"`
ServiceAccounts []*ServiceAccountDTO `json:"serviceAccounts"`
Page int `json:"page"`
PerPage int `json:"perPage"`
}
Add number of tokens to the service accounts view (#44919) * feat: add serviceaccountDTO * WIP * feat: listing number of tokens for a given service account * nit: removed fmt * Update pkg/services/serviceaccounts/database/database.go * Update public/app/features/serviceaccounts/ServiceAccountsListPage.tsx * fixes * align DTOProfile data to the frontend * reviewed myself fixes * fix: tests fix
4 years ago
API: Add service account routes to the swagger (#52398) * API: Add service account routes to the swagger
3 years ago
// swagger:model
Add number of tokens to the service accounts view (#44919) * feat: add serviceaccountDTO * WIP * feat: listing number of tokens for a given service account * nit: removed fmt * Update pkg/services/serviceaccounts/database/database.go * Update public/app/features/serviceaccounts/ServiceAccountsListPage.tsx * fixes * align DTOProfile data to the frontend * reviewed myself fixes * fix: tests fix
4 years ago
type ServiceAccountProfileDTO struct {
API: Add service account routes to the swagger (#52398) * API: Add service account routes to the swagger
3 years ago
// example: 2
Id int64 `json:"id" xorm:"user_id"`
ServiceAccounts: Allow use of UIDs for Service Account routes (#95401)
1 year ago
// example: fe1xejlha91xce
UID string `json:"uid" xorm:"uid"`
API: Add service account routes to the swagger (#52398) * API: Add service account routes to the swagger
3 years ago
// example: test
Name string `json:"name" xorm:"name"`
// example: sa-grafana
Login string `json:"login" xorm:"login"`
// example: 1
OrgId int64 `json:"orgId" xorm:"org_id"`
// example: false
IsDisabled bool `json:"isDisabled" xorm:"is_disabled"`
// example: 2022-03-21T14:35:33Z
Created time.Time `json:"createdAt" xorm:"created"`
// example: 2022-03-21T14:35:33Z
Updated time.Time `json:"updatedAt" xorm:"updated"`
// example: /avatar/8ea890a677d6a223c591a1beea6ea9d2
AvatarUrl string `json:"avatarUrl" xorm:"-"`
// example: Editor
Role string `json:"role" xorm:"role"`
// example: []
auth: add serviceaccount proxy (#76815) * Add proxy service template * Replace SA srv with proxy for external SA srv * Move service account prefix to a constant * Prevent deletion from external service account * Make SA validation a resusable function * Add protection for creating service accounts * Add protection when updating service accounts * Add IsExternal field for service account * Protect ext service account token generation * Add verbose errors for form name or sa name * add tests * Add logs * Adjusts tests --------- Co-authored-by: Misi <mgyongyosi@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
2 years ago
Teams []string `json:"teams" xorm:"-"`
// example: false
IAM: Protect external service accounts frontend list page (#77834) * Add `isExternal` property to frontend model * Remove enabled and token buttons for external SA * Replace trash icon for lock icon for external SA * Block the role picker for external SA * Filter SA list using the external filter * Add only external filter at backend --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
2 years ago
IsExternal bool `json:"isExternal,omitempty" xorm:"-"`
IAM: Protect managed service account frontend details page (#77839) * Add `isManaged` property to frontend model * Remove enabled and token buttons for managed SA * Replace trash icon for lock icon for managed SA * Block the role picker for managed SA * Filter SA list usiong the managed filter * Rename external for managed * Add only managed filter * Toggle the enable buttons for managed sa * Disable add token and delete token buttons * Remove the edit name button * Disable the Role picker for managed sa * Hide the permissions section * Add managed by row --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
2 years ago
// example: grafana-app
RequiredBy string `json:"requiredBy,omitempty" xorm:"-"`
auth: add serviceaccount proxy (#76815) * Add proxy service template * Replace SA srv with proxy for external SA srv * Move service account prefix to a constant * Prevent deletion from external service account * Make SA validation a resusable function * Add protection for creating service accounts * Add protection when updating service accounts * Add IsExternal field for service account * Protect ext service account token generation * Add verbose errors for form name or sa name * add tests * Add logs * Adjusts tests --------- Co-authored-by: Misi <mgyongyosi@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
2 years ago
ServiceAccounts: refactor UI (#49508) * ServiceAccounts: refactor ServiceAccountRoleRow * Refactor ServiceAccountRoleRow * Refactor ServiceAccountProfile * Refactor components * Change service accounts icon * Refine service accounts page header * Improve service accounts filtering * Change delete button style * Tweak account id * Auto focus name field when create service account * Add disable/enable button * Enable/disable service accounts * Optimize updating service account (do not fetch all) * Remove status column (replace by enable/disable button) * Add banner with service accounts description * Add tokens from main page * Update tokens count when add token from main page * Fix action buttons column * Fix tokens count when change role * Refine table row classes * Fix buttons * Simplify working with state * Show message when service account updated * Able to filter disabled accounts * Mark disabled accounts in a table * Refine disabled account view * Move non-critical components to separate folder * Remove confusing focusing * Fix date picker position when creating new token * DatePicker: able to set minimum date that can be selected * Don't allow to select expiration dates prior today * Set tomorrow as a default token expiration date * Fix displaying expiration period * Rename Add token button * Refine page styles * Show modal when disabling SA from main page * Arrange role picker * Refine SA page styles * Generate default token name * More smooth navigation between SA pages * Stop loading indicator in case of error * Remove legacy styles usage * Tweaks after code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Get rid of useDisapatch in favor of mapDispatchToProps * Tests for ServiceAccountsListPage * Tests for service account page * Show new role picker only with license * Get rid of deprecated css classes * Apply suggestion from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Fix service accounts icon * Tests for service account create page * Return service account info when update * Add behaviour tests for ServiceAccountsListPage * Fix disabled cursor on confirm button * More behavior tests for service account page * Temporary disable service account migration banner * Use safe where condition Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Apply review suggestions Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Remove autofocus from search Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Jguer <joao.guerreiro@grafana.com>
4 years ago
Tokens int64 `json:"tokens,omitempty"`
Service Accounts: Link final components in service accounts detail page (#45929) * ServiceAccounts: Delete/Disable service account from details page * ServiceAccounts: capitalize viewable messages from UI * ServiceAccounts: Link new update endpoint to details page * ServiceAccounts: reimplement service account retrieve to include is_disabled and only target service accounts * Cleanup styles * Fix modal show * ServiceAccounts: simplify handler functions * Apply suggestions from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Clarity-89 <homes89@ukr.net> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
4 years ago
AccessControl map[string]bool `json:"accessControl,omitempty" xorm:"-"`
Add number of tokens to the service accounts view (#44919) * feat: add serviceaccountDTO * WIP * feat: listing number of tokens for a given service account * nit: removed fmt * Update pkg/services/serviceaccounts/database/database.go * Update public/app/features/serviceaccounts/ServiceAccountsListPage.tsx * fixes * align DTOProfile data to the frontend * reviewed myself fixes * fix: tests fix
4 years ago
}
Filtering of service accounts by expired tokens (#46251) * Refactor to ServiceAccounts Query * filtering expiredtokens on backend * WIP * WIP * WIP * fix: missing that we do not cover for no service accounts * fix: wrong link * feat: filter able to get only service accounts with expired tokens * refactor: naming * Update pkg/services/serviceaccounts/models.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * goimported * Update pkg/services/serviceaccounts/api/api.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
4 years ago
type ServiceAccountFilter string // used for filtering
const (
FilterOnlyExpiredTokens ServiceAccountFilter = "expiredTokens"
ServiceAccounts: refactor UI (#49508) * ServiceAccounts: refactor ServiceAccountRoleRow * Refactor ServiceAccountRoleRow * Refactor ServiceAccountProfile * Refactor components * Change service accounts icon * Refine service accounts page header * Improve service accounts filtering * Change delete button style * Tweak account id * Auto focus name field when create service account * Add disable/enable button * Enable/disable service accounts * Optimize updating service account (do not fetch all) * Remove status column (replace by enable/disable button) * Add banner with service accounts description * Add tokens from main page * Update tokens count when add token from main page * Fix action buttons column * Fix tokens count when change role * Refine table row classes * Fix buttons * Simplify working with state * Show message when service account updated * Able to filter disabled accounts * Mark disabled accounts in a table * Refine disabled account view * Move non-critical components to separate folder * Remove confusing focusing * Fix date picker position when creating new token * DatePicker: able to set minimum date that can be selected * Don't allow to select expiration dates prior today * Set tomorrow as a default token expiration date * Fix displaying expiration period * Rename Add token button * Refine page styles * Show modal when disabling SA from main page * Arrange role picker * Refine SA page styles * Generate default token name * More smooth navigation between SA pages * Stop loading indicator in case of error * Remove legacy styles usage * Tweaks after code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Get rid of useDisapatch in favor of mapDispatchToProps * Tests for ServiceAccountsListPage * Tests for service account page * Show new role picker only with license * Get rid of deprecated css classes * Apply suggestion from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Fix service accounts icon * Tests for service account create page * Return service account info when update * Add behaviour tests for ServiceAccountsListPage * Fix disabled cursor on confirm button * More behavior tests for service account page * Temporary disable service account migration banner * Use safe where condition Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Apply review suggestions Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Remove autofocus from search Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Jguer <joao.guerreiro@grafana.com>
4 years ago
FilterOnlyDisabled ServiceAccountFilter = "disabled"
Filtering of service accounts by expired tokens (#46251) * Refactor to ServiceAccounts Query * filtering expiredtokens on backend * WIP * WIP * WIP * fix: missing that we do not cover for no service accounts * fix: wrong link * feat: filter able to get only service accounts with expired tokens * refactor: naming * Update pkg/services/serviceaccounts/models.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * goimported * Update pkg/services/serviceaccounts/api/api.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
4 years ago
FilterIncludeAll ServiceAccountFilter = "all"
AuthN: Add metrics to external service accounts management (#76789) * AuthN: Add metrics to external service accounts management * Add a new metric to count stored external service accounts * Update variable names Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> * Add test to SearchOrgServiceAccounts * Add feature flags checks before registering and using the metrics --------- Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
2 years ago
FilterOnlyExternal ServiceAccountFilter = "external"
Filtering of service accounts by expired tokens (#46251) * Refactor to ServiceAccounts Query * filtering expiredtokens on backend * WIP * WIP * WIP * fix: missing that we do not cover for no service accounts * fix: wrong link * feat: filter able to get only service accounts with expired tokens * refactor: naming * Update pkg/services/serviceaccounts/models.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * goimported * Update pkg/services/serviceaccounts/api/api.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
4 years ago
)
Service Accounts: Separate metrics logic from store (#54085) * separate stats logic from store * remove in_teams unused stat * use init instead
3 years ago
type Stats struct {
Auth: Add empty role usage metrics for service and user accounts (#73108) * Add tests for service accounts metrics usage * Add service account store implementation * Add service account service implementation * Add tests for org metrics usage * Add org implementation * Add service implementation
2 years ago
ServiceAccounts int64 `xorm:"serviceaccounts"`
ServiceAccountsWithNoRole int64 `xorm:"serviceaccounts_with_no_role"`
Tokens int64 `xorm:"serviceaccount_tokens"`
ForcedExpiryEnabled bool `xorm:"-"`
Service Accounts: Separate metrics logic from store (#54085) * separate stats logic from store * remove in_teams unused stat * use init instead
3 years ago
}
NavTree: Refactor out the navtree building from api/index.go and into it's own service (#55552)
3 years ago
Chore: Move `extsvcaccounts` package to `serviceaccounts` (#76977) * Chore: Move extsvcaccounts package to serviceaccounts * Fix proxy * Fix tests * Fix linting
2 years ago
// ExtSvcAccount represents the service account associated to an external service
type ExtSvcAccount struct {
ID int64
Login string
Name string
OrgID int64
IsDisabled bool
Chore: Move identity and errutil to apimachinery module (#89116)
2 years ago
Role identity.RoleType
Chore: Move `extsvcaccounts` package to `serviceaccounts` (#76977) * Chore: Move extsvcaccounts package to serviceaccounts * Fix proxy * Fix tests * Fix linting
2 years ago
}
type ManageExtSvcAccountCmd struct {
ExtSvcSlug string
Plugin: Enable service account based on plugin settings on init (#77193) * Disable plugin service account * Revert extsvc injection * handle plugin state changes * Use isProxyEnabled * Remove plugininteg changes * Change update function to also work for mysql :weary: * Plugin: enable service account based on plugin settings on initialization * Remove misleading comment * Fix tests * test message * Clean up tests * Simplify tests * Re-order imports * Remove unecessary comment * Enable datasource plugins by default Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com> --------- Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
2 years ago
Enabled bool
Chore: Move `extsvcaccounts` package to `serviceaccounts` (#76977) * Chore: Move extsvcaccounts package to serviceaccounts * Fix proxy * Fix tests * Fix linting
2 years ago
OrgID int64
Permissions []accesscontrol.Permission
}
AuthN: Change the external service account state on plugin state change (#77157) * Disable plugin service account * Revert extsvc injection * handle plugin state changes * Use isProxyEnabled * Remove plugininteg changes * Change update function to also work for mysql :weary: * Change test to also check no collateral update * Update pkg/services/serviceaccounts/database/store_test.go * Update pkg/services/serviceaccounts/database/store_test.go
2 years ago
type EnableExtSvcAccountCmd struct {
ExtSvcSlug string
Enabled bool
OrgID int64
}
NavTree: Refactor out the navtree building from api/index.go and into it's own service (#55552)
3 years ago
// AccessEvaluator is used to protect the "Configuration > Service accounts" page access
var AccessEvaluator = accesscontrol.EvalAny(
accesscontrol.EvalPermission(ActionRead),
accesscontrol.EvalPermission(ActionCreate),
)
AuthN: Introduce `DefaultOrgID` function for managed service accounts (#93432) * Managed Service Accounts: Use AutoAssignOrgID * Fix the IsExternalServiceAccount function * Reassign service account role * Account for AutoAssignOrg * Update pkg/services/serviceaccounts/models.go * Simplify IsExternalServiceAccount function * Add tests * Easier to understand test * Revert small change
1 year ago
func ExtSvcLoginPrefix(orgID int64) string {
return fmt.Sprintf("%s%d-%s", ServiceAccountPrefix, orgID, ExtSvcPrefix)
}
func IsExternalServiceAccount(login string) bool {
parts := strings.SplitAfter(login, "-")
if len(parts) < 4 {
return false
}
return parts[0] == ServiceAccountPrefix && parts[2] == ExtSvcPrefix
}