apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
54298 Commits
2186 Branches
608 Tags
1.9 GiB
Tag: Branch: Tree: d763aae5f2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd763aae5f2'
${ noResults }
grafana/pkg/services/serviceaccounts/api/api.go

421 lines
17 KiB
Raw Normal View History Unescape

ServiceAccounts: Delete ServiceAccount (#40470) * Add extra fields to OSS types to support enterprise * WIP service accounts * Update public/app/features/api-keys/ApiKeysForm.tsx Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> * Create a service account at the same time as the API key * Use service account credentials when accessing API with APIkey * Throw better error * Use Boolean for "create service account button" * Add GetRole to service, merge RoleDTO and Role structs This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons: 1. Makes switching between OSS and Enterprise easier 2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise * Start work cloning permissions onto service account * If API key is not linked to a service account, continue login as usual * Fallback to old auth if no service account linked to key * Commented * Add CloneUserToServiceAccount * Update mock.go * Put graphical bits behind a feature toggle * Start adding LinkAPIKeyToServiceAccount * Update pkg/models/user.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Finish LinkAPIKeyToServiceAccount * Update comment * Handle api key link error * Update pkg/services/sqlstore/apikey.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Feature toggle * Update pkg/services/accesscontrol/accesscontrol.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Not needed (yet) * Better error messages for OSS accesscontrol * Set an invalid user id as default * ServiceAccountId should be string * Re-arrange field names * ServiceAccountId is integer * Update ossaccesscontrol.go * Linter * Remove fronend edits * Remove console log * Update ApiKeysForm.tsx * feat: add serviceaccount deletion * feat: make sure we do not accidently delete serviceaccount * feat: ServiceAccount Type * refactor: userDeletions function * refactor: serviceaccount deletions\ * refactor: error name and removed attribute for userDeletecommand * refactor:: remove serviceaccount type for now * WIP * add mocked function * Remove unnecessary db query, move to right place * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Better error messages * Better and correcter error messages * add mocked function * refactor: move function call, add error msg * add IsServiceAccount and fix table * add service accounts package * WIP * WIP * working serviceaccountsapi registration * WIP tests * test * test working * test running for service * moved the error out of the models package * fixed own review * linting errors * Update pkg/services/serviceaccounts/database/database.go Co-authored-by: Jeremy Price <Jeremy.price@grafana.com> * tests running for api * WIP * WIP * removed unused secrets background svc * removed background svc for serviceaccount infavor or wire.go * serviceaccounts manager tests * registering as backend service Co-authored-by: Jeremy Price <jeremy.price@grafana.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
4 years ago
package api
import (
"net/http"
Remove Macaron ParamsInt64 function from code base (#43810) * draft commit * change all calls * Compilation errors
4 years ago
"strconv"
ServiceAccounts: Delete ServiceAccount (#40470) * Add extra fields to OSS types to support enterprise * WIP service accounts * Update public/app/features/api-keys/ApiKeysForm.tsx Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> * Create a service account at the same time as the API key * Use service account credentials when accessing API with APIkey * Throw better error * Use Boolean for "create service account button" * Add GetRole to service, merge RoleDTO and Role structs This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons: 1. Makes switching between OSS and Enterprise easier 2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise * Start work cloning permissions onto service account * If API key is not linked to a service account, continue login as usual * Fallback to old auth if no service account linked to key * Commented * Add CloneUserToServiceAccount * Update mock.go * Put graphical bits behind a feature toggle * Start adding LinkAPIKeyToServiceAccount * Update pkg/models/user.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Finish LinkAPIKeyToServiceAccount * Update comment * Handle api key link error * Update pkg/services/sqlstore/apikey.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Feature toggle * Update pkg/services/accesscontrol/accesscontrol.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Not needed (yet) * Better error messages for OSS accesscontrol * Set an invalid user id as default * ServiceAccountId should be string * Re-arrange field names * ServiceAccountId is integer * Update ossaccesscontrol.go * Linter * Remove fronend edits * Remove console log * Update ApiKeysForm.tsx * feat: add serviceaccount deletion * feat: make sure we do not accidently delete serviceaccount * feat: ServiceAccount Type * refactor: userDeletions function * refactor: serviceaccount deletions\ * refactor: error name and removed attribute for userDeletecommand * refactor:: remove serviceaccount type for now * WIP * add mocked function * Remove unnecessary db query, move to right place * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Better error messages * Better and correcter error messages * add mocked function * refactor: move function call, add error msg * add IsServiceAccount and fix table * add service accounts package * WIP * WIP * working serviceaccountsapi registration * WIP tests * test * test working * test running for service * moved the error out of the models package * fixed own review * linting errors * Update pkg/services/serviceaccounts/database/database.go Co-authored-by: Jeremy Price <Jeremy.price@grafana.com> * tests running for api * WIP * WIP * removed unused secrets background svc * removed background svc for serviceaccount infavor or wire.go * serviceaccounts manager tests * registering as backend service Co-authored-by: Jeremy Price <jeremy.price@grafana.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
4 years ago
Auth: use IdentityType from authlib (#91763)
11 months ago
"github.com/grafana/authlib/claims"
ServiceAccounts: Add access control metadata to service accounts (#45096) * add role to DTO * add access control metadata
3 years ago
"github.com/grafana/grafana/pkg/api/dtos"
ServiceAccounts: Delete ServiceAccount (#40470) * Add extra fields to OSS types to support enterprise * WIP service accounts * Update public/app/features/api-keys/ApiKeysForm.tsx Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> * Create a service account at the same time as the API key * Use service account credentials when accessing API with APIkey * Throw better error * Use Boolean for "create service account button" * Add GetRole to service, merge RoleDTO and Role structs This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons: 1. Makes switching between OSS and Enterprise easier 2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise * Start work cloning permissions onto service account * If API key is not linked to a service account, continue login as usual * Fallback to old auth if no service account linked to key * Commented * Add CloneUserToServiceAccount * Update mock.go * Put graphical bits behind a feature toggle * Start adding LinkAPIKeyToServiceAccount * Update pkg/models/user.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Finish LinkAPIKeyToServiceAccount * Update comment * Handle api key link error * Update pkg/services/sqlstore/apikey.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Feature toggle * Update pkg/services/accesscontrol/accesscontrol.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Not needed (yet) * Better error messages for OSS accesscontrol * Set an invalid user id as default * ServiceAccountId should be string * Re-arrange field names * ServiceAccountId is integer * Update ossaccesscontrol.go * Linter * Remove fronend edits * Remove console log * Update ApiKeysForm.tsx * feat: add serviceaccount deletion * feat: make sure we do not accidently delete serviceaccount * feat: ServiceAccount Type * refactor: userDeletions function * refactor: serviceaccount deletions\ * refactor: error name and removed attribute for userDeletecommand * refactor:: remove serviceaccount type for now * WIP * add mocked function * Remove unnecessary db query, move to right place * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Better error messages * Better and correcter error messages * add mocked function * refactor: move function call, add error msg * add IsServiceAccount and fix table * add service accounts package * WIP * WIP * working serviceaccountsapi registration * WIP tests * test * test working * test running for service * moved the error out of the models package * fixed own review * linting errors * Update pkg/services/serviceaccounts/database/database.go Co-authored-by: Jeremy Price <Jeremy.price@grafana.com> * tests running for api * WIP * WIP * removed unused secrets background svc * removed background svc for serviceaccount infavor or wire.go * serviceaccounts manager tests * registering as backend service Co-authored-by: Jeremy Price <jeremy.price@grafana.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
4 years ago
"github.com/grafana/grafana/pkg/api/response"
"github.com/grafana/grafana/pkg/api/routing"
ServiceAccounts: Add access control metadata to service accounts (#45096) * add role to DTO * add access control metadata
3 years ago
"github.com/grafana/grafana/pkg/infra/log"
Instrumentation: Set auth as owners for more routes (#75105) Signed-off-by: bergquist <carl.bergquist@gmail.com>
2 years ago
"github.com/grafana/grafana/pkg/middleware/requestmeta"
ServiceAccounts: Delete ServiceAccount (#40470) * Add extra fields to OSS types to support enterprise * WIP service accounts * Update public/app/features/api-keys/ApiKeysForm.tsx Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> * Create a service account at the same time as the API key * Use service account credentials when accessing API with APIkey * Throw better error * Use Boolean for "create service account button" * Add GetRole to service, merge RoleDTO and Role structs This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons: 1. Makes switching between OSS and Enterprise easier 2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise * Start work cloning permissions onto service account * If API key is not linked to a service account, continue login as usual * Fallback to old auth if no service account linked to key * Commented * Add CloneUserToServiceAccount * Update mock.go * Put graphical bits behind a feature toggle * Start adding LinkAPIKeyToServiceAccount * Update pkg/models/user.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Finish LinkAPIKeyToServiceAccount * Update comment * Handle api key link error * Update pkg/services/sqlstore/apikey.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Feature toggle * Update pkg/services/accesscontrol/accesscontrol.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Not needed (yet) * Better error messages for OSS accesscontrol * Set an invalid user id as default * ServiceAccountId should be string * Re-arrange field names * ServiceAccountId is integer * Update ossaccesscontrol.go * Linter * Remove fronend edits * Remove console log * Update ApiKeysForm.tsx * feat: add serviceaccount deletion * feat: make sure we do not accidently delete serviceaccount * feat: ServiceAccount Type * refactor: userDeletions function * refactor: serviceaccount deletions\ * refactor: error name and removed attribute for userDeletecommand * refactor:: remove serviceaccount type for now * WIP * add mocked function * Remove unnecessary db query, move to right place * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Better error messages * Better and correcter error messages * add mocked function * refactor: move function call, add error msg * add IsServiceAccount and fix table * add service accounts package * WIP * WIP * working serviceaccountsapi registration * WIP tests * test * test working * test running for service * moved the error out of the models package * fixed own review * linting errors * Update pkg/services/serviceaccounts/database/database.go Co-authored-by: Jeremy Price <Jeremy.price@grafana.com> * tests running for api * WIP * WIP * removed unused secrets background svc * removed background svc for serviceaccount infavor or wire.go * serviceaccounts manager tests * registering as backend service Co-authored-by: Jeremy Price <jeremy.price@grafana.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
4 years ago
"github.com/grafana/grafana/pkg/services/accesscontrol"
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2 years ago
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
IAM: Protect external service accounts frontend list page (#77834) * Add `isExternal` property to frontend model * Remove enabled and token buttons for external SA * Replace trash icon for lock icon for external SA * Block the role picker for external SA * Filter SA list using the external filter * Add only external filter at backend --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
2 years ago
"github.com/grafana/grafana/pkg/services/featuremgmt"
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2
3 years ago
"github.com/grafana/grafana/pkg/services/org"
ServiceAccounts: Delete ServiceAccount (#40470) * Add extra fields to OSS types to support enterprise * WIP service accounts * Update public/app/features/api-keys/ApiKeysForm.tsx Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> * Create a service account at the same time as the API key * Use service account credentials when accessing API with APIkey * Throw better error * Use Boolean for "create service account button" * Add GetRole to service, merge RoleDTO and Role structs This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons: 1. Makes switching between OSS and Enterprise easier 2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise * Start work cloning permissions onto service account * If API key is not linked to a service account, continue login as usual * Fallback to old auth if no service account linked to key * Commented * Add CloneUserToServiceAccount * Update mock.go * Put graphical bits behind a feature toggle * Start adding LinkAPIKeyToServiceAccount * Update pkg/models/user.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Finish LinkAPIKeyToServiceAccount * Update comment * Handle api key link error * Update pkg/services/sqlstore/apikey.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Feature toggle * Update pkg/services/accesscontrol/accesscontrol.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Not needed (yet) * Better error messages for OSS accesscontrol * Set an invalid user id as default * ServiceAccountId should be string * Re-arrange field names * ServiceAccountId is integer * Update ossaccesscontrol.go * Linter * Remove fronend edits * Remove console log * Update ApiKeysForm.tsx * feat: add serviceaccount deletion * feat: make sure we do not accidently delete serviceaccount * feat: ServiceAccount Type * refactor: userDeletions function * refactor: serviceaccount deletions\ * refactor: error name and removed attribute for userDeletecommand * refactor:: remove serviceaccount type for now * WIP * add mocked function * Remove unnecessary db query, move to right place * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Better error messages * Better and correcter error messages * add mocked function * refactor: move function call, add error msg * add IsServiceAccount and fix table * add service accounts package * WIP * WIP * working serviceaccountsapi registration * WIP tests * test * test working * test running for service * moved the error out of the models package * fixed own review * linting errors * Update pkg/services/serviceaccounts/database/database.go Co-authored-by: Jeremy Price <Jeremy.price@grafana.com> * tests running for api * WIP * WIP * removed unused secrets background svc * removed background svc for serviceaccount infavor or wire.go * serviceaccounts manager tests * registering as backend service Co-authored-by: Jeremy Price <jeremy.price@grafana.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
4 years ago
"github.com/grafana/grafana/pkg/services/serviceaccounts"
Add/Delete API keys to Service accounts (#44871) * ServiceAccounts: move token handlers to specific file * ServiceAccounts: move Add API key to Service account * APIKeys: api keys can still be used even when service accounts are enabled * APIKeys: legacy endpoint can't be used to add SA tokens * ServiceAccount: add tests for creation with nil and non-nil service account ids * ServiceAccounts: fix unnasigned cfg and AC typo * Test: test service account token adding * fix linting error * ServiceAccounts: Handle Token deletion * rename token funcs * rename token funcs and api wrapping * add token deletion tests * review Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com> * remove bus * Update pkg/api/apikey.go Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
3 years ago
"github.com/grafana/grafana/pkg/setting"
ServiceAccounts: refactor UI (#49508) * ServiceAccounts: refactor ServiceAccountRoleRow * Refactor ServiceAccountRoleRow * Refactor ServiceAccountProfile * Refactor components * Change service accounts icon * Refine service accounts page header * Improve service accounts filtering * Change delete button style * Tweak account id * Auto focus name field when create service account * Add disable/enable button * Enable/disable service accounts * Optimize updating service account (do not fetch all) * Remove status column (replace by enable/disable button) * Add banner with service accounts description * Add tokens from main page * Update tokens count when add token from main page * Fix action buttons column * Fix tokens count when change role * Refine table row classes * Fix buttons * Simplify working with state * Show message when service account updated * Able to filter disabled accounts * Mark disabled accounts in a table * Refine disabled account view * Move non-critical components to separate folder * Remove confusing focusing * Fix date picker position when creating new token * DatePicker: able to set minimum date that can be selected * Don't allow to select expiration dates prior today * Set tomorrow as a default token expiration date * Fix displaying expiration period * Rename Add token button * Refine page styles * Show modal when disabling SA from main page * Arrange role picker * Refine SA page styles * Generate default token name * More smooth navigation between SA pages * Stop loading indicator in case of error * Remove legacy styles usage * Tweaks after code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Get rid of useDisapatch in favor of mapDispatchToProps * Tests for ServiceAccountsListPage * Tests for service account page * Show new role picker only with license * Get rid of deprecated css classes * Apply suggestion from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Fix service accounts icon * Tests for service account create page * Return service account info when update * Add behaviour tests for ServiceAccountsListPage * Fix disabled cursor on confirm button * More behavior tests for service account page * Temporary disable service account migration banner * Use safe where condition Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Apply review suggestions Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Remove autofocus from search Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Jguer <joao.guerreiro@grafana.com>
3 years ago
"github.com/grafana/grafana/pkg/util"
Serviceaccounts: create serviceaccount api (#42150) * WIP * wip * wip * wip * refactor: new return of the create service accoutn * refactor: change to have correct role * refactor: ability to create service accounts * make public * refactor: make ints instead * refactor: remove location sprintf * refactor: added back named constants
4 years ago
"github.com/grafana/grafana/pkg/web"
ServiceAccounts: Delete ServiceAccount (#40470) * Add extra fields to OSS types to support enterprise * WIP service accounts * Update public/app/features/api-keys/ApiKeysForm.tsx Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> * Create a service account at the same time as the API key * Use service account credentials when accessing API with APIkey * Throw better error * Use Boolean for "create service account button" * Add GetRole to service, merge RoleDTO and Role structs This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons: 1. Makes switching between OSS and Enterprise easier 2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise * Start work cloning permissions onto service account * If API key is not linked to a service account, continue login as usual * Fallback to old auth if no service account linked to key * Commented * Add CloneUserToServiceAccount * Update mock.go * Put graphical bits behind a feature toggle * Start adding LinkAPIKeyToServiceAccount * Update pkg/models/user.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Finish LinkAPIKeyToServiceAccount * Update comment * Handle api key link error * Update pkg/services/sqlstore/apikey.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Feature toggle * Update pkg/services/accesscontrol/accesscontrol.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Not needed (yet) * Better error messages for OSS accesscontrol * Set an invalid user id as default * ServiceAccountId should be string * Re-arrange field names * ServiceAccountId is integer * Update ossaccesscontrol.go * Linter * Remove fronend edits * Remove console log * Update ApiKeysForm.tsx * feat: add serviceaccount deletion * feat: make sure we do not accidently delete serviceaccount * feat: ServiceAccount Type * refactor: userDeletions function * refactor: serviceaccount deletions\ * refactor: error name and removed attribute for userDeletecommand * refactor:: remove serviceaccount type for now * WIP * add mocked function * Remove unnecessary db query, move to right place * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Better error messages * Better and correcter error messages * add mocked function * refactor: move function call, add error msg * add IsServiceAccount and fix table * add service accounts package * WIP * WIP * working serviceaccountsapi registration * WIP tests * test * test working * test running for service * moved the error out of the models package * fixed own review * linting errors * Update pkg/services/serviceaccounts/database/database.go Co-authored-by: Jeremy Price <Jeremy.price@grafana.com> * tests running for api * WIP * WIP * removed unused secrets background svc * removed background svc for serviceaccount infavor or wire.go * serviceaccounts manager tests * registering as backend service Co-authored-by: Jeremy Price <jeremy.price@grafana.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
4 years ago
)
type ServiceAccountsAPI struct {
Access Control: Clear user's permission cache after resource creation (#59101) * refresh user's permission cache after resource creation * clear the cache instead of reloading the permissions * don't error if can't clear cache * fix tests * fix tests again
3 years ago
cfg *setting.Cfg
auth: migrate api interface implementation (#77040) * expand serviceaccount service interface * implemet FakeServiceAccountService * Replace SA service interface from api * merge sa proxy tests with new fake service * implement DeleteServiceAccountToken * add test for DeleteServiceAccountToken
2 years ago
service serviceaccounts.Service
Access Control: Clear user's permission cache after resource creation (#59101) * refresh user's permission cache after resource creation * clear the cache instead of reloading the permissions * don't error if can't clear cache * fix tests * fix tests again
3 years ago
accesscontrol accesscontrol.AccessControl
accesscontrolService accesscontrol.Service
RouterRegister routing.RouteRegister
log log.Logger
permissionService accesscontrol.ServiceAccountPermissionsService
IAM: Protect external service accounts frontend list page (#77834) * Add `isExternal` property to frontend model * Remove enabled and token buttons for external SA * Replace trash icon for lock icon for external SA * Block the role picker for external SA * Filter SA list using the external filter * Add only external filter at backend --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
2 years ago
isExternalSAEnabled bool
ServiceAccounts: Delete ServiceAccount (#40470) * Add extra fields to OSS types to support enterprise * WIP service accounts * Update public/app/features/api-keys/ApiKeysForm.tsx Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> * Create a service account at the same time as the API key * Use service account credentials when accessing API with APIkey * Throw better error * Use Boolean for "create service account button" * Add GetRole to service, merge RoleDTO and Role structs This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons: 1. Makes switching between OSS and Enterprise easier 2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise * Start work cloning permissions onto service account * If API key is not linked to a service account, continue login as usual * Fallback to old auth if no service account linked to key * Commented * Add CloneUserToServiceAccount * Update mock.go * Put graphical bits behind a feature toggle * Start adding LinkAPIKeyToServiceAccount * Update pkg/models/user.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Finish LinkAPIKeyToServiceAccount * Update comment * Handle api key link error * Update pkg/services/sqlstore/apikey.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Feature toggle * Update pkg/services/accesscontrol/accesscontrol.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Not needed (yet) * Better error messages for OSS accesscontrol * Set an invalid user id as default * ServiceAccountId should be string * Re-arrange field names * ServiceAccountId is integer * Update ossaccesscontrol.go * Linter * Remove fronend edits * Remove console log * Update ApiKeysForm.tsx * feat: add serviceaccount deletion * feat: make sure we do not accidently delete serviceaccount * feat: ServiceAccount Type * refactor: userDeletions function * refactor: serviceaccount deletions\ * refactor: error name and removed attribute for userDeletecommand * refactor:: remove serviceaccount type for now * WIP * add mocked function * Remove unnecessary db query, move to right place * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Better error messages * Better and correcter error messages * add mocked function * refactor: move function call, add error msg * add IsServiceAccount and fix table * add service accounts package * WIP * WIP * working serviceaccountsapi registration * WIP tests * test * test working * test running for service * moved the error out of the models package * fixed own review * linting errors * Update pkg/services/serviceaccounts/database/database.go Co-authored-by: Jeremy Price <Jeremy.price@grafana.com> * tests running for api * WIP * WIP * removed unused secrets background svc * removed background svc for serviceaccount infavor or wire.go * serviceaccounts manager tests * registering as backend service Co-authored-by: Jeremy Price <jeremy.price@grafana.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
4 years ago
}
func NewServiceAccountsAPI(
Add/Delete API keys to Service accounts (#44871) * ServiceAccounts: move token handlers to specific file * ServiceAccounts: move Add API key to Service account * APIKeys: api keys can still be used even when service accounts are enabled * APIKeys: legacy endpoint can't be used to add SA tokens * ServiceAccount: add tests for creation with nil and non-nil service account ids * ServiceAccounts: fix unnasigned cfg and AC typo * Test: test service account token adding * fix linting error * ServiceAccounts: Handle Token deletion * rename token funcs * rename token funcs and api wrapping * add token deletion tests * review Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com> * remove bus * Update pkg/api/apikey.go Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
3 years ago
cfg *setting.Cfg,
auth: migrate api interface implementation (#77040) * expand serviceaccount service interface * implemet FakeServiceAccountService * Replace SA service interface from api * merge sa proxy tests with new fake service * implement DeleteServiceAccountToken * add test for DeleteServiceAccountToken
2 years ago
service serviceaccounts.Service,
ServiceAccounts: Delete ServiceAccount (#40470) * Add extra fields to OSS types to support enterprise * WIP service accounts * Update public/app/features/api-keys/ApiKeysForm.tsx Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> * Create a service account at the same time as the API key * Use service account credentials when accessing API with APIkey * Throw better error * Use Boolean for "create service account button" * Add GetRole to service, merge RoleDTO and Role structs This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons: 1. Makes switching between OSS and Enterprise easier 2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise * Start work cloning permissions onto service account * If API key is not linked to a service account, continue login as usual * Fallback to old auth if no service account linked to key * Commented * Add CloneUserToServiceAccount * Update mock.go * Put graphical bits behind a feature toggle * Start adding LinkAPIKeyToServiceAccount * Update pkg/models/user.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Finish LinkAPIKeyToServiceAccount * Update comment * Handle api key link error * Update pkg/services/sqlstore/apikey.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Feature toggle * Update pkg/services/accesscontrol/accesscontrol.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Not needed (yet) * Better error messages for OSS accesscontrol * Set an invalid user id as default * ServiceAccountId should be string * Re-arrange field names * ServiceAccountId is integer * Update ossaccesscontrol.go * Linter * Remove fronend edits * Remove console log * Update ApiKeysForm.tsx * feat: add serviceaccount deletion * feat: make sure we do not accidently delete serviceaccount * feat: ServiceAccount Type * refactor: userDeletions function * refactor: serviceaccount deletions\ * refactor: error name and removed attribute for userDeletecommand * refactor:: remove serviceaccount type for now * WIP * add mocked function * Remove unnecessary db query, move to right place * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Better error messages * Better and correcter error messages * add mocked function * refactor: move function call, add error msg * add IsServiceAccount and fix table * add service accounts package * WIP * WIP * working serviceaccountsapi registration * WIP tests * test * test working * test running for service * moved the error out of the models package * fixed own review * linting errors * Update pkg/services/serviceaccounts/database/database.go Co-authored-by: Jeremy Price <Jeremy.price@grafana.com> * tests running for api * WIP * WIP * removed unused secrets background svc * removed background svc for serviceaccount infavor or wire.go * serviceaccounts manager tests * registering as backend service Co-authored-by: Jeremy Price <jeremy.price@grafana.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
4 years ago
accesscontrol accesscontrol.AccessControl,
Access Control: Clear user's permission cache after resource creation (#59101) * refresh user's permission cache after resource creation * clear the cache instead of reloading the permissions * don't error if can't clear cache * fix tests * fix tests again
3 years ago
accesscontrolService accesscontrol.Service,
ServiceAccounts: Delete ServiceAccount (#40470) * Add extra fields to OSS types to support enterprise * WIP service accounts * Update public/app/features/api-keys/ApiKeysForm.tsx Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> * Create a service account at the same time as the API key * Use service account credentials when accessing API with APIkey * Throw better error * Use Boolean for "create service account button" * Add GetRole to service, merge RoleDTO and Role structs This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons: 1. Makes switching between OSS and Enterprise easier 2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise * Start work cloning permissions onto service account * If API key is not linked to a service account, continue login as usual * Fallback to old auth if no service account linked to key * Commented * Add CloneUserToServiceAccount * Update mock.go * Put graphical bits behind a feature toggle * Start adding LinkAPIKeyToServiceAccount * Update pkg/models/user.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Finish LinkAPIKeyToServiceAccount * Update comment * Handle api key link error * Update pkg/services/sqlstore/apikey.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Feature toggle * Update pkg/services/accesscontrol/accesscontrol.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Not needed (yet) * Better error messages for OSS accesscontrol * Set an invalid user id as default * ServiceAccountId should be string * Re-arrange field names * ServiceAccountId is integer * Update ossaccesscontrol.go * Linter * Remove fronend edits * Remove console log * Update ApiKeysForm.tsx * feat: add serviceaccount deletion * feat: make sure we do not accidently delete serviceaccount * feat: ServiceAccount Type * refactor: userDeletions function * refactor: serviceaccount deletions\ * refactor: error name and removed attribute for userDeletecommand * refactor:: remove serviceaccount type for now * WIP * add mocked function * Remove unnecessary db query, move to right place * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Better error messages * Better and correcter error messages * add mocked function * refactor: move function call, add error msg * add IsServiceAccount and fix table * add service accounts package * WIP * WIP * working serviceaccountsapi registration * WIP tests * test * test working * test running for service * moved the error out of the models package * fixed own review * linting errors * Update pkg/services/serviceaccounts/database/database.go Co-authored-by: Jeremy Price <Jeremy.price@grafana.com> * tests running for api * WIP * WIP * removed unused secrets background svc * removed background svc for serviceaccount infavor or wire.go * serviceaccounts manager tests * registering as backend service Co-authored-by: Jeremy Price <jeremy.price@grafana.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
4 years ago
routerRegister routing.RouteRegister,
Service Accounts: Managed permissions for service accounts (#51818) * backend changes * frontend changes * linting * nit * import order * allow SA creator to access the SA page * fix merge * tests * fix frontend tests Co-authored-by: alexanderzobnin alexanderzobnin@gmail.com
3 years ago
permissionService accesscontrol.ServiceAccountPermissionsService,
Feature Flags: use FeatureToggles interface where possible (#85131) * Feature Flags: use FeatureToggles interface where possible Signed-off-by: Dave Henderson <dave.henderson@grafana.com> * Replace TestFeatureToggles with existing WithFeatures Signed-off-by: Dave Henderson <dave.henderson@grafana.com> --------- Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
1 year ago
features featuremgmt.FeatureToggles,
ServiceAccounts: Delete ServiceAccount (#40470) * Add extra fields to OSS types to support enterprise * WIP service accounts * Update public/app/features/api-keys/ApiKeysForm.tsx Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> * Create a service account at the same time as the API key * Use service account credentials when accessing API with APIkey * Throw better error * Use Boolean for "create service account button" * Add GetRole to service, merge RoleDTO and Role structs This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons: 1. Makes switching between OSS and Enterprise easier 2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise * Start work cloning permissions onto service account * If API key is not linked to a service account, continue login as usual * Fallback to old auth if no service account linked to key * Commented * Add CloneUserToServiceAccount * Update mock.go * Put graphical bits behind a feature toggle * Start adding LinkAPIKeyToServiceAccount * Update pkg/models/user.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Finish LinkAPIKeyToServiceAccount * Update comment * Handle api key link error * Update pkg/services/sqlstore/apikey.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Feature toggle * Update pkg/services/accesscontrol/accesscontrol.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Not needed (yet) * Better error messages for OSS accesscontrol * Set an invalid user id as default * ServiceAccountId should be string * Re-arrange field names * ServiceAccountId is integer * Update ossaccesscontrol.go * Linter * Remove fronend edits * Remove console log * Update ApiKeysForm.tsx * feat: add serviceaccount deletion * feat: make sure we do not accidently delete serviceaccount * feat: ServiceAccount Type * refactor: userDeletions function * refactor: serviceaccount deletions\ * refactor: error name and removed attribute for userDeletecommand * refactor:: remove serviceaccount type for now * WIP * add mocked function * Remove unnecessary db query, move to right place * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Better error messages * Better and correcter error messages * add mocked function * refactor: move function call, add error msg * add IsServiceAccount and fix table * add service accounts package * WIP * WIP * working serviceaccountsapi registration * WIP tests * test * test working * test running for service * moved the error out of the models package * fixed own review * linting errors * Update pkg/services/serviceaccounts/database/database.go Co-authored-by: Jeremy Price <Jeremy.price@grafana.com> * tests running for api * WIP * WIP * removed unused secrets background svc * removed background svc for serviceaccount infavor or wire.go * serviceaccounts manager tests * registering as backend service Co-authored-by: Jeremy Price <jeremy.price@grafana.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
4 years ago
) *ServiceAccountsAPI {
ManagedServiceAccounts: Add a config option to disable the feature on-prem (#93571) * ManagedServiceAccounts: Add a config option to disabled by default * Update log in pkg/services/extsvcauth/registry/service.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
9 months ago
enabled := features.IsEnabledGlobally(featuremgmt.FlagExternalServiceAccounts) && cfg.ManagedServiceAccountsEnabled
ServiceAccounts: Delete ServiceAccount (#40470) * Add extra fields to OSS types to support enterprise * WIP service accounts * Update public/app/features/api-keys/ApiKeysForm.tsx Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> * Create a service account at the same time as the API key * Use service account credentials when accessing API with APIkey * Throw better error * Use Boolean for "create service account button" * Add GetRole to service, merge RoleDTO and Role structs This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons: 1. Makes switching between OSS and Enterprise easier 2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise * Start work cloning permissions onto service account * If API key is not linked to a service account, continue login as usual * Fallback to old auth if no service account linked to key * Commented * Add CloneUserToServiceAccount * Update mock.go * Put graphical bits behind a feature toggle * Start adding LinkAPIKeyToServiceAccount * Update pkg/models/user.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Finish LinkAPIKeyToServiceAccount * Update comment * Handle api key link error * Update pkg/services/sqlstore/apikey.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Feature toggle * Update pkg/services/accesscontrol/accesscontrol.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Not needed (yet) * Better error messages for OSS accesscontrol * Set an invalid user id as default * ServiceAccountId should be string * Re-arrange field names * ServiceAccountId is integer * Update ossaccesscontrol.go * Linter * Remove fronend edits * Remove console log * Update ApiKeysForm.tsx * feat: add serviceaccount deletion * feat: make sure we do not accidently delete serviceaccount * feat: ServiceAccount Type * refactor: userDeletions function * refactor: serviceaccount deletions\ * refactor: error name and removed attribute for userDeletecommand * refactor:: remove serviceaccount type for now * WIP * add mocked function * Remove unnecessary db query, move to right place * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Better error messages * Better and correcter error messages * add mocked function * refactor: move function call, add error msg * add IsServiceAccount and fix table * add service accounts package * WIP * WIP * working serviceaccountsapi registration * WIP tests * test * test working * test running for service * moved the error out of the models package * fixed own review * linting errors * Update pkg/services/serviceaccounts/database/database.go Co-authored-by: Jeremy Price <Jeremy.price@grafana.com> * tests running for api * WIP * WIP * removed unused secrets background svc * removed background svc for serviceaccount infavor or wire.go * serviceaccounts manager tests * registering as backend service Co-authored-by: Jeremy Price <jeremy.price@grafana.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
4 years ago
return &ServiceAccountsAPI{
Access Control: Clear user's permission cache after resource creation (#59101) * refresh user's permission cache after resource creation * clear the cache instead of reloading the permissions * don't error if can't clear cache * fix tests * fix tests again
3 years ago
cfg: cfg,
service: service,
accesscontrol: accesscontrol,
accesscontrolService: accesscontrolService,
RouterRegister: routerRegister,
log: log.New("serviceaccounts.api"),
permissionService: permissionService,
ManagedServiceAccounts: Add a config option to disable the feature on-prem (#93571) * ManagedServiceAccounts: Add a config option to disabled by default * Update log in pkg/services/extsvcauth/registry/service.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
9 months ago
isExternalSAEnabled: enabled,
ServiceAccounts: Delete ServiceAccount (#40470) * Add extra fields to OSS types to support enterprise * WIP service accounts * Update public/app/features/api-keys/ApiKeysForm.tsx Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> * Create a service account at the same time as the API key * Use service account credentials when accessing API with APIkey * Throw better error * Use Boolean for "create service account button" * Add GetRole to service, merge RoleDTO and Role structs This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons: 1. Makes switching between OSS and Enterprise easier 2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise * Start work cloning permissions onto service account * If API key is not linked to a service account, continue login as usual * Fallback to old auth if no service account linked to key * Commented * Add CloneUserToServiceAccount * Update mock.go * Put graphical bits behind a feature toggle * Start adding LinkAPIKeyToServiceAccount * Update pkg/models/user.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Finish LinkAPIKeyToServiceAccount * Update comment * Handle api key link error * Update pkg/services/sqlstore/apikey.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Feature toggle * Update pkg/services/accesscontrol/accesscontrol.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Not needed (yet) * Better error messages for OSS accesscontrol * Set an invalid user id as default * ServiceAccountId should be string * Re-arrange field names * ServiceAccountId is integer * Update ossaccesscontrol.go * Linter * Remove fronend edits * Remove console log * Update ApiKeysForm.tsx * feat: add serviceaccount deletion * feat: make sure we do not accidently delete serviceaccount * feat: ServiceAccount Type * refactor: userDeletions function * refactor: serviceaccount deletions\ * refactor: error name and removed attribute for userDeletecommand * refactor:: remove serviceaccount type for now * WIP * add mocked function * Remove unnecessary db query, move to right place * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Better error messages * Better and correcter error messages * add mocked function * refactor: move function call, add error msg * add IsServiceAccount and fix table * add service accounts package * WIP * WIP * working serviceaccountsapi registration * WIP tests * test * test working * test running for service * moved the error out of the models package * fixed own review * linting errors * Update pkg/services/serviceaccounts/database/database.go Co-authored-by: Jeremy Price <Jeremy.price@grafana.com> * tests running for api * WIP * WIP * removed unused secrets background svc * removed background svc for serviceaccount infavor or wire.go * serviceaccounts manager tests * registering as backend service Co-authored-by: Jeremy Price <jeremy.price@grafana.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
4 years ago
}
}
Service accounts: Grafana service accounts are enabled by default (#51402) * Remove feature flag for service accounts * Fix failing tests and remove remaining usage * Fix failing tests and remove remaining usage
3 years ago
func (api *ServiceAccountsAPI) RegisterAPIEndpoints() {
Access Control: Move access control middlewares to domain package (#48322) * Move access control middleware to domain package
3 years ago
auth := accesscontrol.Middleware(api.accesscontrol)
fix: remove migrated, and /org endpoint (#44788) * fix: remove migrated, and /org endpoint * Update pkg/api/index.go
3 years ago
api.RouterRegister.Group("/api/serviceaccounts", func(serviceAccountsRoute routing.RouteRegister) {
RBAC: Remove legacy ac from authorization middleware (#68898) remove legacy AC fallback from RBAC middleware, and some unused auth logic
2 years ago
serviceAccountsRoute.Get("/search", auth(accesscontrol.EvalPermission(serviceaccounts.ActionRead)), routing.Wrap(api.SearchOrgServiceAccountsWithPaging))
serviceAccountsRoute.Post("/", auth(accesscontrol.EvalPermission(serviceaccounts.ActionCreate)), routing.Wrap(api.CreateServiceAccount))
serviceAccountsRoute.Get("/:serviceAccountId", auth(accesscontrol.EvalPermission(serviceaccounts.ActionRead, serviceaccounts.ScopeID)), routing.Wrap(api.RetrieveServiceAccount))
serviceAccountsRoute.Patch("/:serviceAccountId", auth(accesscontrol.EvalPermission(serviceaccounts.ActionWrite, serviceaccounts.ScopeID)), routing.Wrap(api.UpdateServiceAccount))
serviceAccountsRoute.Delete("/:serviceAccountId", auth(accesscontrol.EvalPermission(serviceaccounts.ActionDelete, serviceaccounts.ScopeID)), routing.Wrap(api.DeleteServiceAccount))
serviceAccountsRoute.Get("/:serviceAccountId/tokens", auth(accesscontrol.EvalPermission(serviceaccounts.ActionRead, serviceaccounts.ScopeID)), routing.Wrap(api.ListTokens))
serviceAccountsRoute.Post("/:serviceAccountId/tokens", auth(accesscontrol.EvalPermission(serviceaccounts.ActionWrite, serviceaccounts.ScopeID)), routing.Wrap(api.CreateToken))
serviceAccountsRoute.Delete("/:serviceAccountId/tokens/:tokenId", auth(accesscontrol.EvalPermission(serviceaccounts.ActionWrite, serviceaccounts.ScopeID)), routing.Wrap(api.DeleteToken))
serviceAccountsRoute.Post("/migrate", auth(accesscontrol.EvalPermission(serviceaccounts.ActionCreate)), routing.Wrap(api.MigrateApiKeysToServiceAccounts))
serviceAccountsRoute.Post("/migrate/:keyId", auth(accesscontrol.EvalPermission(serviceaccounts.ActionCreate)), routing.Wrap(api.ConvertToServiceAccount))
Instrumentation: Set auth as owners for more routes (#75105) Signed-off-by: bergquist <carl.bergquist@gmail.com>
2 years ago
}, requestmeta.SetOwner(requestmeta.TeamAuth))
ServiceAccounts: Delete ServiceAccount (#40470) * Add extra fields to OSS types to support enterprise * WIP service accounts * Update public/app/features/api-keys/ApiKeysForm.tsx Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> * Create a service account at the same time as the API key * Use service account credentials when accessing API with APIkey * Throw better error * Use Boolean for "create service account button" * Add GetRole to service, merge RoleDTO and Role structs This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons: 1. Makes switching between OSS and Enterprise easier 2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise * Start work cloning permissions onto service account * If API key is not linked to a service account, continue login as usual * Fallback to old auth if no service account linked to key * Commented * Add CloneUserToServiceAccount * Update mock.go * Put graphical bits behind a feature toggle * Start adding LinkAPIKeyToServiceAccount * Update pkg/models/user.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Update pkg/api/apikey.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Finish LinkAPIKeyToServiceAccount * Update comment * Handle api key link error * Update pkg/services/sqlstore/apikey.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Feature toggle * Update pkg/services/accesscontrol/accesscontrol.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Not needed (yet) * Better error messages for OSS accesscontrol * Set an invalid user id as default * ServiceAccountId should be string * Re-arrange field names * ServiceAccountId is integer * Update ossaccesscontrol.go * Linter * Remove fronend edits * Remove console log * Update ApiKeysForm.tsx * feat: add serviceaccount deletion * feat: make sure we do not accidently delete serviceaccount * feat: ServiceAccount Type * refactor: userDeletions function * refactor: serviceaccount deletions\ * refactor: error name and removed attribute for userDeletecommand * refactor:: remove serviceaccount type for now * WIP * add mocked function * Remove unnecessary db query, move to right place * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/accesscontrol/mock/mock.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Better error messages * Better and correcter error messages * add mocked function * refactor: move function call, add error msg * add IsServiceAccount and fix table * add service accounts package * WIP * WIP * working serviceaccountsapi registration * WIP tests * test * test working * test running for service * moved the error out of the models package * fixed own review * linting errors * Update pkg/services/serviceaccounts/database/database.go Co-authored-by: Jeremy Price <Jeremy.price@grafana.com> * tests running for api * WIP * WIP * removed unused secrets background svc * removed background svc for serviceaccount infavor or wire.go * serviceaccounts manager tests * registering as backend service Co-authored-by: Jeremy Price <jeremy.price@grafana.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
4 years ago
}
Chore: Move swagger definitions to the handlers (#52643)
3 years ago
// swagger:route POST /serviceaccounts service_accounts createServiceAccount
//
API Keys: Add revocation for SATs (#53896) * add apikey is_revoked field * add token store tests * Apply suggestions from code review * remove unused fields
3 years ago
// # Create service account
Chore: Move swagger definitions to the handlers (#52643)
3 years ago
//
// Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation):
// action: `serviceaccounts:write` scope: `serviceaccounts:*`
//
// Requires basic authentication and that the authenticated user is a Grafana Admin.
//
// Responses:
// 201: createServiceAccountResponse
// 400: badRequestError
// 401: unauthorisedError
// 403: forbiddenError
// 500: internalServerError
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2 years ago
func (api *ServiceAccountsAPI) CreateServiceAccount(c *contextmodel.ReqContext) response.Response {
Service accounts: refactor errors (#50917)
3 years ago
cmd := serviceaccounts.CreateServiceAccountForm{}
Serviceaccounts: create serviceaccount api (#42150) * WIP * wip * wip * wip * refactor: new return of the create service accoutn * refactor: change to have correct role * refactor: ability to create service accounts * make public * refactor: make ints instead * refactor: remove location sprintf * refactor: added back named constants
4 years ago
if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "Bad request data", err)
}
Service Accounts: small typo and dto fixes (#45677) * ServiceAccounts: respect js casing and small fixes to displayed values * ServiceAccounts: fix typos on service account * ServiceAccounts: fix missing orgID in service account * ServiceAccounts: Small fixes to dtos for profile * ServiceAccounts: use result org id * ServiceAccounts: return value is always nil
3 years ago
Auth: Move Service Account service to SignedInUser Interface (#73142) * move service account service to identity interface * Update pkg/services/auth/identity/requester.go
2 years ago
if err := api.validateRole(cmd.Role, c.SignedInUser.GetOrgRole()); err != nil {
Service accounts: fix usage of `errutil` errors and convert more errors to `errutil` (#64299) * fix usage of errutil errors and convert more errors to errutil * fix tests
2 years ago
return response.ErrOrFallback(http.StatusInternalServerError, "failed to create service account", err)
Service account: Update service accounts creation (#51848)
3 years ago
}
Auth: Move Service Account service to SignedInUser Interface (#73142) * move service account service to identity interface * Update pkg/services/auth/identity/requester.go
2 years ago
serviceAccount, err := api.service.CreateServiceAccount(c.Req.Context(), c.SignedInUser.GetOrgID(), &cmd)
Service accounts: fix usage of `errutil` errors and convert more errors to `errutil` (#64299) * fix usage of errutil errors and convert more errors to errutil * fix tests
2 years ago
if err != nil {
return response.ErrOrFallback(http.StatusInternalServerError, "Failed to create service account", err)
Serviceaccounts: create serviceaccount api (#42150) * WIP * wip * wip * wip * refactor: new return of the create service accoutn * refactor: change to have correct role * refactor: ability to create service accounts * make public * refactor: make ints instead * refactor: remove location sprintf * refactor: added back named constants
4 years ago
}
Service Accounts: Display name to ID (#46258) * ServiceAccounts: modernize SA creation interface * ServiceAccounts: improve service account ID generation * ServiceAccounts: remove unused method * ServiceAccounts: Make SA ID display name dependent * ServiceAccounts: Add tests for Service Account creation * trim trailing whitespace * Update pkg/services/serviceaccounts/api/api.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update pkg/services/serviceaccounts/api/api.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
3 years ago
RBAC: Allow omitting default permissions when a new resource is created (#90720) * Cfg: Move rbac settings to own struct * Cfg: Add setting to control if resource should generate managed permissions when created * Dashboards: Check if we should generate default permissions when dashboard is created * Folders: Check if we should generate default permissions when folder is created * Datasource: Check if we should generate default permissions when datasource is created * ServiceAccount: Check if we should generate default permissions when service account is created * Cfg: Add option to specify resources for wich we should default seed * ManagedPermissions: Move providers to their own files * Dashboards: Default seed all possible managed permissions if configured * Folders: Default seed all possible managed permissions if configured * Cfg: Remove service account from list * RBAC: Move utility function * remove managed permission settings from the config file examples, change the setting names * remove ini file changes from the PR * fix setting reading * fix linting errors * fix tests * fix wildcard role seeding --------- Co-authored-by: Karl Persson <kalle.persson@grafana.com> Co-authored-by: jguer <me@jguer.space>
11 months ago
if api.cfg.RBAC.PermissionsOnCreation("service-account") {
Identity: Remove typed id (#91801) * Refactor identity struct to store type in separate field * Update ResolveIdentity to take string representation of typedID * Add IsIdentityType to requester interface * Use IsIdentityType from interface * Remove usage of TypedID * Remote typedID struct * fix GetInternalID
11 months ago
if c.SignedInUser.IsIdentityType(claims.TypeUser) {
RBAC: Allow omitting default permissions when a new resource is created (#90720) * Cfg: Move rbac settings to own struct * Cfg: Add setting to control if resource should generate managed permissions when created * Dashboards: Check if we should generate default permissions when dashboard is created * Folders: Check if we should generate default permissions when folder is created * Datasource: Check if we should generate default permissions when datasource is created * ServiceAccount: Check if we should generate default permissions when service account is created * Cfg: Add option to specify resources for wich we should default seed * ManagedPermissions: Move providers to their own files * Dashboards: Default seed all possible managed permissions if configured * Folders: Default seed all possible managed permissions if configured * Cfg: Remove service account from list * RBAC: Move utility function * remove managed permission settings from the config file examples, change the setting names * remove ini file changes from the PR * fix setting reading * fix linting errors * fix tests * fix wildcard role seeding --------- Co-authored-by: Karl Persson <kalle.persson@grafana.com> Co-authored-by: jguer <me@jguer.space>
11 months ago
// Clear permission cache for the user who's created the service account, so that new permissions are fetched for their next call
// Required for cases when caller wants to immediately interact with the newly created object
api.accesscontrolService.ClearUserPermissionCache(c.SignedInUser)
Service Accounts: Managed permissions for service accounts (#51818) * backend changes * frontend changes * linting * nit * import order * allow SA creator to access the SA page * fix merge * tests * fix frontend tests Co-authored-by: alexanderzobnin alexanderzobnin@gmail.com
3 years ago
}
}
Service Accounts: Display name to ID (#46258) * ServiceAccounts: modernize SA creation interface * ServiceAccounts: improve service account ID generation * ServiceAccounts: remove unused method * ServiceAccounts: Make SA ID display name dependent * ServiceAccounts: Add tests for Service Account creation * trim trailing whitespace * Update pkg/services/serviceaccounts/api/api.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update pkg/services/serviceaccounts/api/api.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
3 years ago
return response.JSON(http.StatusCreated, serviceAccount)
Serviceaccounts: create serviceaccount api (#42150) * WIP * wip * wip * wip * refactor: new return of the create service accoutn * refactor: change to have correct role * refactor: ability to create service accounts * make public * refactor: make ints instead * refactor: remove location sprintf * refactor: added back named constants
4 years ago
}
Chore: Move swagger definitions to the handlers (#52643)
3 years ago
// swagger:route GET /serviceaccounts/{serviceAccountId} service_accounts retrieveServiceAccount
//
API Keys: Add revocation for SATs (#53896) * add apikey is_revoked field * add token store tests * Apply suggestions from code review * remove unused fields
3 years ago
// # Get single serviceaccount by Id
Chore: Move swagger definitions to the handlers (#52643)
3 years ago
//
// Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation):
// action: `serviceaccounts:read` scope: `serviceaccounts:id:1` (single service account)
//
// Responses:
// 200: retrieveServiceAccountResponse
// 400: badRequestError
// 401: unauthorisedError
// 403: forbiddenError
// 404: notFoundError
// 500: internalServerError
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2 years ago
func (api *ServiceAccountsAPI) RetrieveServiceAccount(ctx *contextmodel.ReqContext) response.Response {
ServiceAccounts: Add detail view of service account (#44164) * ServiceAccounts: Add detail view of service account Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com> * ServiceAccount: Make detail view scopeID Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com> * ServiceAccount: fix lint error Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com> Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
3 years ago
scopeID, err := strconv.ParseInt(web.Params(ctx.Req)[":serviceAccountId"], 10, 64)
if err != nil {
Service Accounts: Link final components in service accounts detail page (#45929) * ServiceAccounts: Delete/Disable service account from details page * ServiceAccounts: capitalize viewable messages from UI * ServiceAccounts: Link new update endpoint to details page * ServiceAccounts: reimplement service account retrieve to include is_disabled and only target service accounts * Cleanup styles * Fix modal show * ServiceAccounts: simplify handler functions * Apply suggestions from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Clarity-89 <homes89@ukr.net> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
3 years ago
return response.Error(http.StatusBadRequest, "Service Account ID is invalid", err)
ServiceAccounts: Add detail view of service account (#44164) * ServiceAccounts: Add detail view of service account Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com> * ServiceAccount: Make detail view scopeID Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com> * ServiceAccount: fix lint error Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com> Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
3 years ago
}
Auth: Move Service Account service to SignedInUser Interface (#73142) * move service account service to identity interface * Update pkg/services/auth/identity/requester.go
2 years ago
serviceAccount, err := api.service.RetrieveServiceAccount(ctx.Req.Context(), ctx.SignedInUser.GetOrgID(), scopeID)
ServiceAccounts: Add detail view of service account (#44164) * ServiceAccounts: Add detail view of service account Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com> * ServiceAccount: Make detail view scopeID Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com> * ServiceAccount: fix lint error Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com> Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
3 years ago
if err != nil {
Service accounts: fix usage of `errutil` errors and convert more errors to `errutil` (#64299) * fix usage of errutil errors and convert more errors to errutil * fix tests
2 years ago
return response.ErrOrFallback(http.StatusInternalServerError, "Failed to retrieve service account", err)
ServiceAccounts: Add detail view of service account (#44164) * ServiceAccounts: Add detail view of service account Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com> * ServiceAccount: Make detail view scopeID Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com> * ServiceAccount: fix lint error Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com> Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
3 years ago
}
Service Accounts: small typo and dto fixes (#45677) * ServiceAccounts: respect js casing and small fixes to displayed values * ServiceAccounts: fix typos on service account * ServiceAccounts: fix missing orgID in service account * ServiceAccounts: Small fixes to dtos for profile * ServiceAccounts: use result org id * ServiceAccounts: return value is always nil
3 years ago
Service Accounts: Polish service account detail page (#45846) * ServiceAccounts: add teams to service account DTO * ServiceAccounts: Add team display to service accounts * ServiceAccounts: add AC metadata to detail route * ServiceAccounts: add role picker to detail page * ServiceAccounts: Add role to profile DTO * ServiceAccounts: remove wip mention of created by
3 years ago
saIDString := strconv.FormatInt(serviceAccount.Id, 10)
metadata := api.getAccessControlMetadata(ctx, map[string]bool{saIDString: true})
Chore: Remove public vars in setting package (#81018) Removes the public variable setting.SecretKey plus some other ones. Introduces some new functions for creating setting.Cfg.
1 year ago
serviceAccount.AvatarUrl = dtos.GetGravatarUrlWithDefault(api.cfg, "", serviceAccount.Name)
Service Accounts: Polish service account detail page (#45846) * ServiceAccounts: add teams to service account DTO * ServiceAccounts: Add team display to service accounts * ServiceAccounts: add AC metadata to detail route * ServiceAccounts: add role picker to detail page * ServiceAccounts: Add role to profile DTO * ServiceAccounts: remove wip mention of created by
3 years ago
serviceAccount.AccessControl = metadata[saIDString]
ServiceAccounts: refactor UI (#49508) * ServiceAccounts: refactor ServiceAccountRoleRow * Refactor ServiceAccountRoleRow * Refactor ServiceAccountProfile * Refactor components * Change service accounts icon * Refine service accounts page header * Improve service accounts filtering * Change delete button style * Tweak account id * Auto focus name field when create service account * Add disable/enable button * Enable/disable service accounts * Optimize updating service account (do not fetch all) * Remove status column (replace by enable/disable button) * Add banner with service accounts description * Add tokens from main page * Update tokens count when add token from main page * Fix action buttons column * Fix tokens count when change role * Refine table row classes * Fix buttons * Simplify working with state * Show message when service account updated * Able to filter disabled accounts * Mark disabled accounts in a table * Refine disabled account view * Move non-critical components to separate folder * Remove confusing focusing * Fix date picker position when creating new token * DatePicker: able to set minimum date that can be selected * Don't allow to select expiration dates prior today * Set tomorrow as a default token expiration date * Fix displaying expiration period * Rename Add token button * Refine page styles * Show modal when disabling SA from main page * Arrange role picker * Refine SA page styles * Generate default token name * More smooth navigation between SA pages * Stop loading indicator in case of error * Remove legacy styles usage * Tweaks after code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Get rid of useDisapatch in favor of mapDispatchToProps * Tests for ServiceAccountsListPage * Tests for service account page * Show new role picker only with license * Get rid of deprecated css classes * Apply suggestion from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Fix service accounts icon * Tests for service account create page * Return service account info when update * Add behaviour tests for ServiceAccountsListPage * Fix disabled cursor on confirm button * More behavior tests for service account page * Temporary disable service account migration banner * Use safe where condition Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Apply review suggestions Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Remove autofocus from search Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Jguer <joao.guerreiro@grafana.com>
3 years ago
Auth: Service account store refactor (#58961) * refactor: renaming of files from database to store * refactor: make service account store private - moves store interface to manager package - adds an interface to the ProvideAPI constructor - refactors tests to use the store when necessary - adds mocks for the new interface implementations in the tests package * wip * refactor: make fakestore in service * wip * wip * wip * working tests * trailing whitespaces * Update pkg/services/serviceaccounts/api/api.go * Update pkg/services/serviceaccounts/tests/common.go * Update pkg/services/serviceaccounts/tests/common.go * refactor: doc string for retriever * fix import unused * remove: serviceaccount from featuretoggle * added: back legacy serviceaccounts feature toggle * added: docs * refactor: make query for the SearchQuery * add: validation of service input fields * add validation
3 years ago
tokens, err := api.service.ListTokens(ctx.Req.Context(), &serviceaccounts.GetSATokensQuery{
API Keys: Add revocation for SATs (#53896) * add apikey is_revoked field * add token store tests * Apply suggestions from code review * remove unused fields
3 years ago
OrgID: &serviceAccount.OrgId,
ServiceAccountID: &serviceAccount.Id,
})
ServiceAccounts: refactor UI (#49508) * ServiceAccounts: refactor ServiceAccountRoleRow * Refactor ServiceAccountRoleRow * Refactor ServiceAccountProfile * Refactor components * Change service accounts icon * Refine service accounts page header * Improve service accounts filtering * Change delete button style * Tweak account id * Auto focus name field when create service account * Add disable/enable button * Enable/disable service accounts * Optimize updating service account (do not fetch all) * Remove status column (replace by enable/disable button) * Add banner with service accounts description * Add tokens from main page * Update tokens count when add token from main page * Fix action buttons column * Fix tokens count when change role * Refine table row classes * Fix buttons * Simplify working with state * Show message when service account updated * Able to filter disabled accounts * Mark disabled accounts in a table * Refine disabled account view * Move non-critical components to separate folder * Remove confusing focusing * Fix date picker position when creating new token * DatePicker: able to set minimum date that can be selected * Don't allow to select expiration dates prior today * Set tomorrow as a default token expiration date * Fix displaying expiration period * Rename Add token button * Refine page styles * Show modal when disabling SA from main page * Arrange role picker * Refine SA page styles * Generate default token name * More smooth navigation between SA pages * Stop loading indicator in case of error * Remove legacy styles usage * Tweaks after code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Get rid of useDisapatch in favor of mapDispatchToProps * Tests for ServiceAccountsListPage * Tests for service account page * Show new role picker only with license * Get rid of deprecated css classes * Apply suggestion from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Fix service accounts icon * Tests for service account create page * Return service account info when update * Add behaviour tests for ServiceAccountsListPage * Fix disabled cursor on confirm button * More behavior tests for service account page * Temporary disable service account migration banner * Use safe where condition Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Apply review suggestions Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Remove autofocus from search Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Jguer <joao.guerreiro@grafana.com>
3 years ago
if err != nil {
api.log.Warn("Failed to list tokens for service account", "serviceAccount", serviceAccount.Id)
}
serviceAccount.Tokens = int64(len(tokens))
ServiceAccounts: Add detail view of service account (#44164) * ServiceAccounts: Add detail view of service account Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com> * ServiceAccount: Make detail view scopeID Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com> * ServiceAccount: fix lint error Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com> Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
3 years ago
return response.JSON(http.StatusOK, serviceAccount)
}
Service Account detailed edit (#45404) * ServiceAccounts: Update service account route * ServiceAccounts: Update service account tests * ServiceAccounts: remove extraneous file
3 years ago
Chore: Move swagger definitions to the handlers (#52643)
3 years ago
// swagger:route PATCH /serviceaccounts/{serviceAccountId} service_accounts updateServiceAccount
//
API Keys: Add revocation for SATs (#53896) * add apikey is_revoked field * add token store tests * Apply suggestions from code review * remove unused fields
3 years ago
// # Update service account
Chore: Move swagger definitions to the handlers (#52643)
3 years ago
//
// Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation):
// action: `serviceaccounts:write` scope: `serviceaccounts:id:1` (single service account)
//
// Responses:
// 200: updateServiceAccountResponse
// 400: badRequestError
// 401: unauthorisedError
// 403: forbiddenError
// 404: notFoundError
// 500: internalServerError
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2 years ago
func (api *ServiceAccountsAPI) UpdateServiceAccount(c *contextmodel.ReqContext) response.Response {
Service Account detailed edit (#45404) * ServiceAccounts: Update service account route * ServiceAccounts: Update service account tests * ServiceAccounts: remove extraneous file
3 years ago
scopeID, err := strconv.ParseInt(web.Params(c.Req)[":serviceAccountId"], 10, 64)
if err != nil {
Service Accounts: Link final components in service accounts detail page (#45929) * ServiceAccounts: Delete/Disable service account from details page * ServiceAccounts: capitalize viewable messages from UI * ServiceAccounts: Link new update endpoint to details page * ServiceAccounts: reimplement service account retrieve to include is_disabled and only target service accounts * Cleanup styles * Fix modal show * ServiceAccounts: simplify handler functions * Apply suggestions from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Clarity-89 <homes89@ukr.net> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
3 years ago
return response.Error(http.StatusBadRequest, "Service Account ID is invalid", err)
Service Account detailed edit (#45404) * ServiceAccounts: Update service account route * ServiceAccounts: Update service account tests * ServiceAccounts: remove extraneous file
3 years ago
}
Service accounts: refactor errors (#50917)
3 years ago
cmd := serviceaccounts.UpdateServiceAccountForm{}
Service Account detailed edit (#45404) * ServiceAccounts: Update service account route * ServiceAccounts: Update service account tests * ServiceAccounts: remove extraneous file
3 years ago
if err := web.Bind(c.Req, &cmd); err != nil {
Service Accounts: Link final components in service accounts detail page (#45929) * ServiceAccounts: Delete/Disable service account from details page * ServiceAccounts: capitalize viewable messages from UI * ServiceAccounts: Link new update endpoint to details page * ServiceAccounts: reimplement service account retrieve to include is_disabled and only target service accounts * Cleanup styles * Fix modal show * ServiceAccounts: simplify handler functions * Apply suggestions from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Clarity-89 <homes89@ukr.net> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
3 years ago
return response.Error(http.StatusBadRequest, "Bad request data", err)
Service Account detailed edit (#45404) * ServiceAccounts: Update service account route * ServiceAccounts: Update service account tests * ServiceAccounts: remove extraneous file
3 years ago
}
Auth: Move Service Account service to SignedInUser Interface (#73142) * move service account service to identity interface * Update pkg/services/auth/identity/requester.go
2 years ago
if err := api.validateRole(cmd.Role, c.SignedInUser.GetOrgRole()); err != nil {
Service accounts: fix usage of `errutil` errors and convert more errors to `errutil` (#64299) * fix usage of errutil errors and convert more errors to errutil * fix tests
2 years ago
return response.ErrOrFallback(http.StatusInternalServerError, "failed to update service account", err)
Access control: service account role check (#47710) * forbid setting role higher than user's role * change response code * can assign API key permissions to non-admin users * add: assign viewer role directly upon creation * refactor: add AddSATcommand infavor of AddAPIkey * refactor: frontend fixes for ServiceAccountToken Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
3 years ago
}
Service Account detailed edit (#45404) * ServiceAccounts: Update service account route * ServiceAccounts: Update service account tests * ServiceAccounts: remove extraneous file
3 years ago
Auth: Move Service Account service to SignedInUser Interface (#73142) * move service account service to identity interface * Update pkg/services/auth/identity/requester.go
2 years ago
resp, err := api.service.UpdateServiceAccount(c.Req.Context(), c.SignedInUser.GetOrgID(), scopeID, &cmd)
Service Account detailed edit (#45404) * ServiceAccounts: Update service account route * ServiceAccounts: Update service account tests * ServiceAccounts: remove extraneous file
3 years ago
if err != nil {
Service accounts: fix usage of `errutil` errors and convert more errors to `errutil` (#64299) * fix usage of errutil errors and convert more errors to errutil * fix tests
2 years ago
return response.ErrOrFallback(http.StatusInternalServerError, "Failed update service account", err)
Service Account detailed edit (#45404) * ServiceAccounts: Update service account route * ServiceAccounts: Update service account tests * ServiceAccounts: remove extraneous file
3 years ago
}
ServiceAccounts: Fix role update (#46568) * ServiceAccounts: Fix role update Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Fix patch missing metadata Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Fix patch missing metadata Co-authored-by: Jguer <joao.guerreiro@grafana.com> Co-authored-by: Jguer <joao.guerreiro@grafana.com>
3 years ago
saIDString := strconv.FormatInt(resp.Id, 10)
metadata := api.getAccessControlMetadata(c, map[string]bool{saIDString: true})
Chore: Remove public vars in setting package (#81018) Removes the public variable setting.SecretKey plus some other ones. Introduces some new functions for creating setting.Cfg.
1 year ago
resp.AvatarUrl = dtos.GetGravatarUrlWithDefault(api.cfg, "", resp.Name)
ServiceAccounts: Fix role update (#46568) * ServiceAccounts: Fix role update Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Fix patch missing metadata Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Fix patch missing metadata Co-authored-by: Jguer <joao.guerreiro@grafana.com> Co-authored-by: Jguer <joao.guerreiro@grafana.com>
3 years ago
resp.AccessControl = metadata[saIDString]
ServiceAccounts: refactor UI (#49508) * ServiceAccounts: refactor ServiceAccountRoleRow * Refactor ServiceAccountRoleRow * Refactor ServiceAccountProfile * Refactor components * Change service accounts icon * Refine service accounts page header * Improve service accounts filtering * Change delete button style * Tweak account id * Auto focus name field when create service account * Add disable/enable button * Enable/disable service accounts * Optimize updating service account (do not fetch all) * Remove status column (replace by enable/disable button) * Add banner with service accounts description * Add tokens from main page * Update tokens count when add token from main page * Fix action buttons column * Fix tokens count when change role * Refine table row classes * Fix buttons * Simplify working with state * Show message when service account updated * Able to filter disabled accounts * Mark disabled accounts in a table * Refine disabled account view * Move non-critical components to separate folder * Remove confusing focusing * Fix date picker position when creating new token * DatePicker: able to set minimum date that can be selected * Don't allow to select expiration dates prior today * Set tomorrow as a default token expiration date * Fix displaying expiration period * Rename Add token button * Refine page styles * Show modal when disabling SA from main page * Arrange role picker * Refine SA page styles * Generate default token name * More smooth navigation between SA pages * Stop loading indicator in case of error * Remove legacy styles usage * Tweaks after code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Get rid of useDisapatch in favor of mapDispatchToProps * Tests for ServiceAccountsListPage * Tests for service account page * Show new role picker only with license * Get rid of deprecated css classes * Apply suggestion from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Fix service accounts icon * Tests for service account create page * Return service account info when update * Add behaviour tests for ServiceAccountsListPage * Fix disabled cursor on confirm button * More behavior tests for service account page * Temporary disable service account migration banner * Use safe where condition Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Apply review suggestions Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Remove autofocus from search Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Jguer <joao.guerreiro@grafana.com>
3 years ago
return response.JSON(http.StatusOK, util.DynMap{
"message": "Service account updated",
"id": resp.Id,
"name": resp.Name,
"serviceaccount": resp,
})
Service Account detailed edit (#45404) * ServiceAccounts: Update service account route * ServiceAccounts: Update service account tests * ServiceAccounts: remove extraneous file
3 years ago
}
Searchable service accounts (#45844) * WIP * draft of WIP * feat: search and filtering works :rainbow: * Update pkg/models/org_user.go * Apply suggestions from code review * refactor: remove unsed function * refactor: formatting * Apply suggestions from code review Co-authored-by: J Guerreiro <joao.guerreiro@grafana.com> * WIP * comment * Update public/app/features/serviceaccounts/ServiceAccountsListPage.tsx Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * review comments * wip * working search and initial load of service accounts * number of tokens working * removed api call * Apply suggestions from code review * added accescontrol param * accesscontrol prefix corrected Co-authored-by: J Guerreiro <joao.guerreiro@grafana.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
3 years ago
Auth: Move Service Account service to SignedInUser Interface (#73142) * move service account service to identity interface * Update pkg/services/auth/identity/requester.go
2 years ago
func (api *ServiceAccountsAPI) validateRole(r *org.RoleType, orgRole org.RoleType) error {
Service account: Update service accounts creation (#51848)
3 years ago
if r != nil && !r.IsValid() {
Service accounts: fix usage of `errutil` errors and convert more errors to `errutil` (#64299) * fix usage of errutil errors and convert more errors to errutil * fix tests
2 years ago
return serviceaccounts.ErrServiceAccountInvalidRole.Errorf("invalid role specified")
Service account: Update service accounts creation (#51848)
3 years ago
}
if r != nil && !orgRole.Includes(*r) {
Service accounts: fix usage of `errutil` errors and convert more errors to `errutil` (#64299) * fix usage of errutil errors and convert more errors to errutil * fix tests
2 years ago
return serviceaccounts.ErrServiceAccountRolePrivilegeDenied.Errorf("can not assign a role higher than user's role")
Service account: Update service accounts creation (#51848)
3 years ago
}
return nil
}
Chore: Move swagger definitions to the handlers (#52643)
3 years ago
// swagger:route DELETE /serviceaccounts/{serviceAccountId} service_accounts deleteServiceAccount
//
API Keys: Add revocation for SATs (#53896) * add apikey is_revoked field * add token store tests * Apply suggestions from code review * remove unused fields
3 years ago
// # Delete service account
Chore: Move swagger definitions to the handlers (#52643)
3 years ago
//
// Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation):
// action: `serviceaccounts:delete` scope: `serviceaccounts:id:1` (single service account)
//
// Responses:
// 200: okResponse
// 400: badRequestError
// 401: unauthorisedError
// 403: forbiddenError
// 500: internalServerError
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2 years ago
func (api *ServiceAccountsAPI) DeleteServiceAccount(ctx *contextmodel.ReqContext) response.Response {
ServiceAccounts: API keys migration (#50002) * ServiceAccounts: able to get upgrade status * Banner with API keys migration info * Show API keys migration info on Service accounts page * Migrate individual API keys * Use transaction for key migration * Migrate all api keys to service accounts * Hide api keys after migration * Migrate API keys separately for each org * Revert API key * Revert key API method * Rename migration actions and reducers * Fix linter errors * Tests for migrating single API key * Tests for migrating all api keys * More tests * Fix reverting tokens * API: rename convert to migrate * Add api route descriptions to methods * rearrange methods in api.go * Refactor: rename and move some methods * Prevent assigning tokens to non-existing service accounts * Refactor: ID TO Id * Refactor: fix error message * Delete service account if migration failed * Fix linter errors
3 years ago
scopeID, err := strconv.ParseInt(web.Params(ctx.Req)[":serviceAccountId"], 10, 64)
if err != nil {
return response.Error(http.StatusBadRequest, "Service account ID is invalid", err)
}
Auth: Move Service Account service to SignedInUser Interface (#73142) * move service account service to identity interface * Update pkg/services/auth/identity/requester.go
2 years ago
err = api.service.DeleteServiceAccount(ctx.Req.Context(), ctx.SignedInUser.GetOrgID(), scopeID)
ServiceAccounts: API keys migration (#50002) * ServiceAccounts: able to get upgrade status * Banner with API keys migration info * Show API keys migration info on Service accounts page * Migrate individual API keys * Use transaction for key migration * Migrate all api keys to service accounts * Hide api keys after migration * Migrate API keys separately for each org * Revert API key * Revert key API method * Rename migration actions and reducers * Fix linter errors * Tests for migrating single API key * Tests for migrating all api keys * More tests * Fix reverting tokens * API: rename convert to migrate * Add api route descriptions to methods * rearrange methods in api.go * Refactor: rename and move some methods * Prevent assigning tokens to non-existing service accounts * Refactor: ID TO Id * Refactor: fix error message * Delete service account if migration failed * Fix linter errors
3 years ago
if err != nil {
return response.Error(http.StatusInternalServerError, "Service account deletion error", err)
}
return response.Success("Service account deleted")
}
Chore: Move swagger definitions to the handlers (#52643)
3 years ago
// swagger:route GET /serviceaccounts/search service_accounts searchOrgServiceAccountsWithPaging
//
API Keys: Add revocation for SATs (#53896) * add apikey is_revoked field * add token store tests * Apply suggestions from code review * remove unused fields
3 years ago
// # Search service accounts with paging
Chore: Move swagger definitions to the handlers (#52643)
3 years ago
//
// Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation):
// action: `serviceaccounts:read` scope: `serviceaccounts:*`
//
// Responses:
// 200: searchOrgServiceAccountsWithPagingResponse
// 401: unauthorisedError
// 403: forbiddenError
// 500: internalServerError
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2 years ago
func (api *ServiceAccountsAPI) SearchOrgServiceAccountsWithPaging(c *contextmodel.ReqContext) response.Response {
Searchable service accounts (#45844) * WIP * draft of WIP * feat: search and filtering works :rainbow: * Update pkg/models/org_user.go * Apply suggestions from code review * refactor: remove unsed function * refactor: formatting * Apply suggestions from code review Co-authored-by: J Guerreiro <joao.guerreiro@grafana.com> * WIP * comment * Update public/app/features/serviceaccounts/ServiceAccountsListPage.tsx Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * review comments * wip * working search and initial load of service accounts * number of tokens working * removed api call * Apply suggestions from code review * added accescontrol param * accesscontrol prefix corrected Co-authored-by: J Guerreiro <joao.guerreiro@grafana.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
3 years ago
ctx := c.Req.Context()
perPage := c.QueryInt("perpage")
if perPage <= 0 {
perPage = 1000
}
page := c.QueryInt("page")
if page < 1 {
page = 1
}
Filtering of service accounts by expired tokens (#46251) * Refactor to ServiceAccounts Query * filtering expiredtokens on backend * WIP * WIP * WIP * fix: missing that we do not cover for no service accounts * fix: wrong link * feat: filter able to get only service accounts with expired tokens * refactor: naming * Update pkg/services/serviceaccounts/models.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * goimported * Update pkg/services/serviceaccounts/api/api.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
3 years ago
// its okay that it fails, it is only filtering that might be weird, but to safe quard against any weird incoming query param
onlyWithExpiredTokens := c.QueryBool("expiredTokens")
ServiceAccounts: refactor UI (#49508) * ServiceAccounts: refactor ServiceAccountRoleRow * Refactor ServiceAccountRoleRow * Refactor ServiceAccountProfile * Refactor components * Change service accounts icon * Refine service accounts page header * Improve service accounts filtering * Change delete button style * Tweak account id * Auto focus name field when create service account * Add disable/enable button * Enable/disable service accounts * Optimize updating service account (do not fetch all) * Remove status column (replace by enable/disable button) * Add banner with service accounts description * Add tokens from main page * Update tokens count when add token from main page * Fix action buttons column * Fix tokens count when change role * Refine table row classes * Fix buttons * Simplify working with state * Show message when service account updated * Able to filter disabled accounts * Mark disabled accounts in a table * Refine disabled account view * Move non-critical components to separate folder * Remove confusing focusing * Fix date picker position when creating new token * DatePicker: able to set minimum date that can be selected * Don't allow to select expiration dates prior today * Set tomorrow as a default token expiration date * Fix displaying expiration period * Rename Add token button * Refine page styles * Show modal when disabling SA from main page * Arrange role picker * Refine SA page styles * Generate default token name * More smooth navigation between SA pages * Stop loading indicator in case of error * Remove legacy styles usage * Tweaks after code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Get rid of useDisapatch in favor of mapDispatchToProps * Tests for ServiceAccountsListPage * Tests for service account page * Show new role picker only with license * Get rid of deprecated css classes * Apply suggestion from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Fix service accounts icon * Tests for service account create page * Return service account info when update * Add behaviour tests for ServiceAccountsListPage * Fix disabled cursor on confirm button * More behavior tests for service account page * Temporary disable service account migration banner * Use safe where condition Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Apply review suggestions Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Remove autofocus from search Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Jguer <joao.guerreiro@grafana.com>
3 years ago
onlyDisabled := c.QueryBool("disabled")
IAM: Protect external service accounts frontend list page (#77834) * Add `isExternal` property to frontend model * Remove enabled and token buttons for external SA * Replace trash icon for lock icon for external SA * Block the role picker for external SA * Filter SA list using the external filter * Add only external filter at backend --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
2 years ago
onlyExternal := c.QueryBool("external")
Filtering of service accounts by expired tokens (#46251) * Refactor to ServiceAccounts Query * filtering expiredtokens on backend * WIP * WIP * WIP * fix: missing that we do not cover for no service accounts * fix: wrong link * feat: filter able to get only service accounts with expired tokens * refactor: naming * Update pkg/services/serviceaccounts/models.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * goimported * Update pkg/services/serviceaccounts/api/api.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
3 years ago
filter := serviceaccounts.FilterIncludeAll
if onlyWithExpiredTokens {
filter = serviceaccounts.FilterOnlyExpiredTokens
}
IAM: Protect external service accounts frontend list page (#77834) * Add `isExternal` property to frontend model * Remove enabled and token buttons for external SA * Replace trash icon for lock icon for external SA * Block the role picker for external SA * Filter SA list using the external filter * Add only external filter at backend --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
2 years ago
if api.isExternalSAEnabled && onlyExternal {
filter = serviceaccounts.FilterOnlyExternal
}
ServiceAccounts: refactor UI (#49508) * ServiceAccounts: refactor ServiceAccountRoleRow * Refactor ServiceAccountRoleRow * Refactor ServiceAccountProfile * Refactor components * Change service accounts icon * Refine service accounts page header * Improve service accounts filtering * Change delete button style * Tweak account id * Auto focus name field when create service account * Add disable/enable button * Enable/disable service accounts * Optimize updating service account (do not fetch all) * Remove status column (replace by enable/disable button) * Add banner with service accounts description * Add tokens from main page * Update tokens count when add token from main page * Fix action buttons column * Fix tokens count when change role * Refine table row classes * Fix buttons * Simplify working with state * Show message when service account updated * Able to filter disabled accounts * Mark disabled accounts in a table * Refine disabled account view * Move non-critical components to separate folder * Remove confusing focusing * Fix date picker position when creating new token * DatePicker: able to set minimum date that can be selected * Don't allow to select expiration dates prior today * Set tomorrow as a default token expiration date * Fix displaying expiration period * Rename Add token button * Refine page styles * Show modal when disabling SA from main page * Arrange role picker * Refine SA page styles * Generate default token name * More smooth navigation between SA pages * Stop loading indicator in case of error * Remove legacy styles usage * Tweaks after code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Get rid of useDisapatch in favor of mapDispatchToProps * Tests for ServiceAccountsListPage * Tests for service account page * Show new role picker only with license * Get rid of deprecated css classes * Apply suggestion from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Fix service accounts icon * Tests for service account create page * Return service account info when update * Add behaviour tests for ServiceAccountsListPage * Fix disabled cursor on confirm button * More behavior tests for service account page * Temporary disable service account migration banner * Use safe where condition Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Apply review suggestions Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Remove autofocus from search Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Jguer <joao.guerreiro@grafana.com>
3 years ago
if onlyDisabled {
filter = serviceaccounts.FilterOnlyDisabled
}
Auth: Service account store refactor (#58961) * refactor: renaming of files from database to store * refactor: make service account store private - moves store interface to manager package - adds an interface to the ProvideAPI constructor - refactors tests to use the store when necessary - adds mocks for the new interface implementations in the tests package * wip * refactor: make fakestore in service * wip * wip * wip * working tests * trailing whitespaces * Update pkg/services/serviceaccounts/api/api.go * Update pkg/services/serviceaccounts/tests/common.go * Update pkg/services/serviceaccounts/tests/common.go * refactor: doc string for retriever * fix import unused * remove: serviceaccount from featuretoggle * added: back legacy serviceaccounts feature toggle * added: docs * refactor: make query for the SearchQuery * add: validation of service input fields * add validation
3 years ago
q := serviceaccounts.SearchOrgServiceAccountsQuery{
Auth: Move Service Account service to SignedInUser Interface (#73142) * move service account service to identity interface * Update pkg/services/auth/identity/requester.go
2 years ago
OrgID: c.SignedInUser.GetOrgID(),
Auth: Service account store refactor (#58961) * refactor: renaming of files from database to store * refactor: make service account store private - moves store interface to manager package - adds an interface to the ProvideAPI constructor - refactors tests to use the store when necessary - adds mocks for the new interface implementations in the tests package * wip * refactor: make fakestore in service * wip * wip * wip * working tests * trailing whitespaces * Update pkg/services/serviceaccounts/api/api.go * Update pkg/services/serviceaccounts/tests/common.go * Update pkg/services/serviceaccounts/tests/common.go * refactor: doc string for retriever * fix import unused * remove: serviceaccount from featuretoggle * added: back legacy serviceaccounts feature toggle * added: docs * refactor: make query for the SearchQuery * add: validation of service input fields * add validation
3 years ago
Query: c.Query("query"),
Page: page,
Limit: perPage,
Filter: filter,
SignedInUser: c.SignedInUser,
}
serviceAccountSearch, err := api.service.SearchOrgServiceAccounts(ctx, &q)
Searchable service accounts (#45844) * WIP * draft of WIP * feat: search and filtering works :rainbow: * Update pkg/models/org_user.go * Apply suggestions from code review * refactor: remove unsed function * refactor: formatting * Apply suggestions from code review Co-authored-by: J Guerreiro <joao.guerreiro@grafana.com> * WIP * comment * Update public/app/features/serviceaccounts/ServiceAccountsListPage.tsx Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * review comments * wip * working search and initial load of service accounts * number of tokens working * removed api call * Apply suggestions from code review * added accescontrol param * accesscontrol prefix corrected Co-authored-by: J Guerreiro <joao.guerreiro@grafana.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
3 years ago
if err != nil {
return response.Error(http.StatusInternalServerError, "Failed to get service accounts for current organization", err)
}
saIDs := map[string]bool{}
Service accounts: Split user and service account database (#46442) * ServiceAccounts: remove unused endpoint * ServiceAccounts: remove usage of getOrgUsers from service accounts * use dialect for boolean str true in delete * return service account results directly * Move Service Account Deletions to sa package Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com> * Move service account methods to service accounts Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com> * Service accounts should not interfere with users Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * filter service accounts in user services * mispell fix * fix overextended lines Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * fix variable Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com>
3 years ago
for i := range serviceAccountSearch.ServiceAccounts {
sa := serviceAccountSearch.ServiceAccounts[i]
Chore: Remove public vars in setting package (#81018) Removes the public variable setting.SecretKey plus some other ones. Introduces some new functions for creating setting.Cfg.
1 year ago
sa.AvatarUrl = dtos.GetGravatarUrlWithDefault(api.cfg, "", sa.Name)
Searchable service accounts (#45844) * WIP * draft of WIP * feat: search and filtering works :rainbow: * Update pkg/models/org_user.go * Apply suggestions from code review * refactor: remove unsed function * refactor: formatting * Apply suggestions from code review Co-authored-by: J Guerreiro <joao.guerreiro@grafana.com> * WIP * comment * Update public/app/features/serviceaccounts/ServiceAccountsListPage.tsx Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * review comments * wip * working search and initial load of service accounts * number of tokens working * removed api call * Apply suggestions from code review * added accescontrol param * accesscontrol prefix corrected Co-authored-by: J Guerreiro <joao.guerreiro@grafana.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
3 years ago
Service accounts: Split user and service account database (#46442) * ServiceAccounts: remove unused endpoint * ServiceAccounts: remove usage of getOrgUsers from service accounts * use dialect for boolean str true in delete * return service account results directly * Move Service Account Deletions to sa package Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com> * Move service account methods to service accounts Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com> * Service accounts should not interfere with users Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * filter service accounts in user services * mispell fix * fix overextended lines Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * fix variable Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com>
3 years ago
saIDString := strconv.FormatInt(sa.Id, 10)
Searchable service accounts (#45844) * WIP * draft of WIP * feat: search and filtering works :rainbow: * Update pkg/models/org_user.go * Apply suggestions from code review * refactor: remove unsed function * refactor: formatting * Apply suggestions from code review Co-authored-by: J Guerreiro <joao.guerreiro@grafana.com> * WIP * comment * Update public/app/features/serviceaccounts/ServiceAccountsListPage.tsx Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * review comments * wip * working search and initial load of service accounts * number of tokens working * removed api call * Apply suggestions from code review * added accescontrol param * accesscontrol prefix corrected Co-authored-by: J Guerreiro <joao.guerreiro@grafana.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
3 years ago
saIDs[saIDString] = true
metadata := api.getAccessControlMetadata(c, map[string]bool{saIDString: true})
Service accounts: Split user and service account database (#46442) * ServiceAccounts: remove unused endpoint * ServiceAccounts: remove usage of getOrgUsers from service accounts * use dialect for boolean str true in delete * return service account results directly * Move Service Account Deletions to sa package Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com> * Move service account methods to service accounts Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com> * Service accounts should not interfere with users Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * filter service accounts in user services * mispell fix * fix overextended lines Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * fix variable Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com>
3 years ago
sa.AccessControl = metadata[strconv.FormatInt(sa.Id, 10)]
Auth: Service account store refactor (#58961) * refactor: renaming of files from database to store * refactor: make service account store private - moves store interface to manager package - adds an interface to the ProvideAPI constructor - refactors tests to use the store when necessary - adds mocks for the new interface implementations in the tests package * wip * refactor: make fakestore in service * wip * wip * wip * working tests * trailing whitespaces * Update pkg/services/serviceaccounts/api/api.go * Update pkg/services/serviceaccounts/tests/common.go * Update pkg/services/serviceaccounts/tests/common.go * refactor: doc string for retriever * fix import unused * remove: serviceaccount from featuretoggle * added: back legacy serviceaccounts feature toggle * added: docs * refactor: make query for the SearchQuery * add: validation of service input fields * add validation
3 years ago
tokens, err := api.service.ListTokens(ctx, &serviceaccounts.GetSATokensQuery{
API Keys: Add revocation for SATs (#53896) * add apikey is_revoked field * add token store tests * Apply suggestions from code review * remove unused fields
3 years ago
OrgID: &sa.OrgId, ServiceAccountID: &sa.Id,
})
Searchable service accounts (#45844) * WIP * draft of WIP * feat: search and filtering works :rainbow: * Update pkg/models/org_user.go * Apply suggestions from code review * refactor: remove unsed function * refactor: formatting * Apply suggestions from code review Co-authored-by: J Guerreiro <joao.guerreiro@grafana.com> * WIP * comment * Update public/app/features/serviceaccounts/ServiceAccountsListPage.tsx Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * review comments * wip * working search and initial load of service accounts * number of tokens working * removed api call * Apply suggestions from code review * added accescontrol param * accesscontrol prefix corrected Co-authored-by: J Guerreiro <joao.guerreiro@grafana.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
3 years ago
if err != nil {
Service accounts: Split user and service account database (#46442) * ServiceAccounts: remove unused endpoint * ServiceAccounts: remove usage of getOrgUsers from service accounts * use dialect for boolean str true in delete * return service account results directly * Move Service Account Deletions to sa package Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com> * Move service account methods to service accounts Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com> * Service accounts should not interfere with users Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * filter service accounts in user services * mispell fix * fix overextended lines Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * fix variable Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com>
3 years ago
api.log.Warn("Failed to list tokens for service account", "serviceAccount", sa.Id)
Searchable service accounts (#45844) * WIP * draft of WIP * feat: search and filtering works :rainbow: * Update pkg/models/org_user.go * Apply suggestions from code review * refactor: remove unsed function * refactor: formatting * Apply suggestions from code review Co-authored-by: J Guerreiro <joao.guerreiro@grafana.com> * WIP * comment * Update public/app/features/serviceaccounts/ServiceAccountsListPage.tsx Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * review comments * wip * working search and initial load of service accounts * number of tokens working * removed api call * Apply suggestions from code review * added accescontrol param * accesscontrol prefix corrected Co-authored-by: J Guerreiro <joao.guerreiro@grafana.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
3 years ago
}
Service accounts: Split user and service account database (#46442) * ServiceAccounts: remove unused endpoint * ServiceAccounts: remove usage of getOrgUsers from service accounts * use dialect for boolean str true in delete * return service account results directly * Move Service Account Deletions to sa package Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com> * Move service account methods to service accounts Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com> * Service accounts should not interfere with users Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * filter service accounts in user services * mispell fix * fix overextended lines Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * fix variable Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com>
3 years ago
sa.Tokens = int64(len(tokens))
Searchable service accounts (#45844) * WIP * draft of WIP * feat: search and filtering works :rainbow: * Update pkg/models/org_user.go * Apply suggestions from code review * refactor: remove unsed function * refactor: formatting * Apply suggestions from code review Co-authored-by: J Guerreiro <joao.guerreiro@grafana.com> * WIP * comment * Update public/app/features/serviceaccounts/ServiceAccountsListPage.tsx Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * review comments * wip * working search and initial load of service accounts * number of tokens working * removed api call * Apply suggestions from code review * added accescontrol param * accesscontrol prefix corrected Co-authored-by: J Guerreiro <joao.guerreiro@grafana.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
3 years ago
}
Service accounts: Split user and service account database (#46442) * ServiceAccounts: remove unused endpoint * ServiceAccounts: remove usage of getOrgUsers from service accounts * use dialect for boolean str true in delete * return service account results directly * Move Service Account Deletions to sa package Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com> * Move service account methods to service accounts Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com> * Service accounts should not interfere with users Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * filter service accounts in user services * mispell fix * fix overextended lines Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * fix variable Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com>
3 years ago
return response.JSON(http.StatusOK, serviceAccountSearch)
Searchable service accounts (#45844) * WIP * draft of WIP * feat: search and filtering works :rainbow: * Update pkg/models/org_user.go * Apply suggestions from code review * refactor: remove unsed function * refactor: formatting * Apply suggestions from code review Co-authored-by: J Guerreiro <joao.guerreiro@grafana.com> * WIP * comment * Update public/app/features/serviceaccounts/ServiceAccountsListPage.tsx Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * review comments * wip * working search and initial load of service accounts * number of tokens working * removed api call * Apply suggestions from code review * added accescontrol param * accesscontrol prefix corrected Co-authored-by: J Guerreiro <joao.guerreiro@grafana.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
3 years ago
}
ServiceAccounts: API keys migration (#50002) * ServiceAccounts: able to get upgrade status * Banner with API keys migration info * Show API keys migration info on Service accounts page * Migrate individual API keys * Use transaction for key migration * Migrate all api keys to service accounts * Hide api keys after migration * Migrate API keys separately for each org * Revert API key * Revert key API method * Rename migration actions and reducers * Fix linter errors * Tests for migrating single API key * Tests for migrating all api keys * More tests * Fix reverting tokens * API: rename convert to migrate * Add api route descriptions to methods * rearrange methods in api.go * Refactor: rename and move some methods * Prevent assigning tokens to non-existing service accounts * Refactor: ID TO Id * Refactor: fix error message * Delete service account if migration failed * Fix linter errors
3 years ago
// POST /api/serviceaccounts/migrate
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2 years ago
func (api *ServiceAccountsAPI) MigrateApiKeysToServiceAccounts(ctx *contextmodel.ReqContext) response.Response {
Auth: Move Service Account service to SignedInUser Interface (#73142) * move service account service to identity interface * Update pkg/services/auth/identity/requester.go
2 years ago
results, err := api.service.MigrateApiKeysToServiceAccounts(ctx.Req.Context(), ctx.SignedInUser.GetOrgID())
Service accounts: UI migration results (#68789) * ui migration WIP * merge * migration tests for api * revert chagnes to align with main * revert chagnes to align with main * revert chagnes to align with main * remove unused code and comments * revert gen files * retry logic inplace * fix a any * fixed types * migraiton results now show only result if no failures * review comments * wording to make it more actionable * add migraiton summary text onyl for failed apikeys * fixed wording and added a close button to the modal * made the button close the modal * moved state into component * fix based on review, naming and removed unused code * service account migration state optional * making migration result undefined * showing total and migrated numbers for a successful migration * fix payload const to take the payload
2 years ago
if err != nil {
return response.JSON(http.StatusInternalServerError, results)
ServiceAccounts: API keys migration (#50002) * ServiceAccounts: able to get upgrade status * Banner with API keys migration info * Show API keys migration info on Service accounts page * Migrate individual API keys * Use transaction for key migration * Migrate all api keys to service accounts * Hide api keys after migration * Migrate API keys separately for each org * Revert API key * Revert key API method * Rename migration actions and reducers * Fix linter errors * Tests for migrating single API key * Tests for migrating all api keys * More tests * Fix reverting tokens * API: rename convert to migrate * Add api route descriptions to methods * rearrange methods in api.go * Refactor: rename and move some methods * Prevent assigning tokens to non-existing service accounts * Refactor: ID TO Id * Refactor: fix error message * Delete service account if migration failed * Fix linter errors
3 years ago
}
ServiceAccounts: Fix errors returning API key and simplify conditions (#50885) * ServiceAccounts: Fix naming API key->Service account token * simplify redundant elses * Apply suggestions from code review Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com> Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
3 years ago
Service accounts: UI migration results (#68789) * ui migration WIP * merge * migration tests for api * revert chagnes to align with main * revert chagnes to align with main * revert chagnes to align with main * remove unused code and comments * revert gen files * retry logic inplace * fix a any * fixed types * migraiton results now show only result if no failures * review comments * wording to make it more actionable * add migraiton summary text onyl for failed apikeys * fixed wording and added a close button to the modal * made the button close the modal * moved state into component * fix based on review, naming and removed unused code * service account migration state optional * making migration result undefined * showing total and migrated numbers for a successful migration * fix payload const to take the payload
2 years ago
return response.JSON(http.StatusOK, results)
ServiceAccounts: API keys migration (#50002) * ServiceAccounts: able to get upgrade status * Banner with API keys migration info * Show API keys migration info on Service accounts page * Migrate individual API keys * Use transaction for key migration * Migrate all api keys to service accounts * Hide api keys after migration * Migrate API keys separately for each org * Revert API key * Revert key API method * Rename migration actions and reducers * Fix linter errors * Tests for migrating single API key * Tests for migrating all api keys * More tests * Fix reverting tokens * API: rename convert to migrate * Add api route descriptions to methods * rearrange methods in api.go * Refactor: rename and move some methods * Prevent assigning tokens to non-existing service accounts * Refactor: ID TO Id * Refactor: fix error message * Delete service account if migration failed * Fix linter errors
3 years ago
}
// POST /api/serviceaccounts/migrate/:keyId
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2 years ago
func (api *ServiceAccountsAPI) ConvertToServiceAccount(ctx *contextmodel.ReqContext) response.Response {
ServiceAccounts: API keys migration (#50002) * ServiceAccounts: able to get upgrade status * Banner with API keys migration info * Show API keys migration info on Service accounts page * Migrate individual API keys * Use transaction for key migration * Migrate all api keys to service accounts * Hide api keys after migration * Migrate API keys separately for each org * Revert API key * Revert key API method * Rename migration actions and reducers * Fix linter errors * Tests for migrating single API key * Tests for migrating all api keys * More tests * Fix reverting tokens * API: rename convert to migrate * Add api route descriptions to methods * rearrange methods in api.go * Refactor: rename and move some methods * Prevent assigning tokens to non-existing service accounts * Refactor: ID TO Id * Refactor: fix error message * Delete service account if migration failed * Fix linter errors
3 years ago
keyId, err := strconv.ParseInt(web.Params(ctx.Req)[":keyId"], 10, 64)
if err != nil {
return response.Error(http.StatusBadRequest, "Key ID is invalid", err)
}
ServiceAccounts: Fix errors returning API key and simplify conditions (#50885) * ServiceAccounts: Fix naming API key->Service account token * simplify redundant elses * Apply suggestions from code review Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com> Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
3 years ago
Auth: Move Service Account service to SignedInUser Interface (#73142) * move service account service to identity interface * Update pkg/services/auth/identity/requester.go
2 years ago
if err := api.service.MigrateApiKey(ctx.Req.Context(), ctx.SignedInUser.GetOrgID(), keyId); err != nil {
ServiceAccounts: API keys migration (#50002) * ServiceAccounts: able to get upgrade status * Banner with API keys migration info * Show API keys migration info on Service accounts page * Migrate individual API keys * Use transaction for key migration * Migrate all api keys to service accounts * Hide api keys after migration * Migrate API keys separately for each org * Revert API key * Revert key API method * Rename migration actions and reducers * Fix linter errors * Tests for migrating single API key * Tests for migrating all api keys * More tests * Fix reverting tokens * API: rename convert to migrate * Add api route descriptions to methods * rearrange methods in api.go * Refactor: rename and move some methods * Prevent assigning tokens to non-existing service accounts * Refactor: ID TO Id * Refactor: fix error message * Delete service account if migration failed * Fix linter errors
3 years ago
return response.Error(http.StatusInternalServerError, "Error converting API key", err)
}
ServiceAccounts: Fix errors returning API key and simplify conditions (#50885) * ServiceAccounts: Fix naming API key->Service account token * simplify redundant elses * Apply suggestions from code review Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com> Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
3 years ago
return response.Success("Service accounts migrated")
ServiceAccounts: API keys migration (#50002) * ServiceAccounts: able to get upgrade status * Banner with API keys migration info * Show API keys migration info on Service accounts page * Migrate individual API keys * Use transaction for key migration * Migrate all api keys to service accounts * Hide api keys after migration * Migrate API keys separately for each org * Revert API key * Revert key API method * Rename migration actions and reducers * Fix linter errors * Tests for migrating single API key * Tests for migrating all api keys * More tests * Fix reverting tokens * API: rename convert to migrate * Add api route descriptions to methods * rearrange methods in api.go * Refactor: rename and move some methods * Prevent assigning tokens to non-existing service accounts * Refactor: ID TO Id * Refactor: fix error message * Delete service account if migration failed * Fix linter errors
3 years ago
}
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2 years ago
func (api *ServiceAccountsAPI) getAccessControlMetadata(c *contextmodel.ReqContext, saIDs map[string]bool) map[string]accesscontrol.Metadata {
RBAC: remove some `IsDisabled` checks (#69272) * remove some access contorl IsDisabled() checks * cleaning up tests * update tests * linting
2 years ago
if !c.QueryBool("accesscontrol") {
ServiceAccounts: API keys migration (#50002) * ServiceAccounts: able to get upgrade status * Banner with API keys migration info * Show API keys migration info on Service accounts page * Migrate individual API keys * Use transaction for key migration * Migrate all api keys to service accounts * Hide api keys after migration * Migrate API keys separately for each org * Revert API key * Revert key API method * Rename migration actions and reducers * Fix linter errors * Tests for migrating single API key * Tests for migrating all api keys * More tests * Fix reverting tokens * API: rename convert to migrate * Add api route descriptions to methods * rearrange methods in api.go * Refactor: rename and move some methods * Prevent assigning tokens to non-existing service accounts * Refactor: ID TO Id * Refactor: fix error message * Delete service account if migration failed * Fix linter errors
3 years ago
return map[string]accesscontrol.Metadata{}
}
Auth: Move Service Account service to SignedInUser Interface (#73142) * move service account service to identity interface * Update pkg/services/auth/identity/requester.go
2 years ago
if len(c.SignedInUser.GetPermissions()) == 0 {
ServiceAccounts: API keys migration (#50002) * ServiceAccounts: able to get upgrade status * Banner with API keys migration info * Show API keys migration info on Service accounts page * Migrate individual API keys * Use transaction for key migration * Migrate all api keys to service accounts * Hide api keys after migration * Migrate API keys separately for each org * Revert API key * Revert key API method * Rename migration actions and reducers * Fix linter errors * Tests for migrating single API key * Tests for migrating all api keys * More tests * Fix reverting tokens * API: rename convert to migrate * Add api route descriptions to methods * rearrange methods in api.go * Refactor: rename and move some methods * Prevent assigning tokens to non-existing service accounts * Refactor: ID TO Id * Refactor: fix error message * Delete service account if migration failed * Fix linter errors
3 years ago
return map[string]accesscontrol.Metadata{}
}
Auth: Move Service Account service to SignedInUser Interface (#73142) * move service account service to identity interface * Update pkg/services/auth/identity/requester.go
2 years ago
permissions := c.SignedInUser.GetPermissions()
ServiceAccounts: API keys migration (#50002) * ServiceAccounts: able to get upgrade status * Banner with API keys migration info * Show API keys migration info on Service accounts page * Migrate individual API keys * Use transaction for key migration * Migrate all api keys to service accounts * Hide api keys after migration * Migrate API keys separately for each org * Revert API key * Revert key API method * Rename migration actions and reducers * Fix linter errors * Tests for migrating single API key * Tests for migrating all api keys * More tests * Fix reverting tokens * API: rename convert to migrate * Add api route descriptions to methods * rearrange methods in api.go * Refactor: rename and move some methods * Prevent assigning tokens to non-existing service accounts * Refactor: ID TO Id * Refactor: fix error message * Delete service account if migration failed * Fix linter errors
3 years ago
return accesscontrol.GetResourcesMetadata(c.Req.Context(), permissions, "serviceaccounts:id:", saIDs)
}
Chore: Move swagger definitions to the handlers (#52643)
3 years ago
// swagger:parameters searchOrgServiceAccountsWithPaging
type SearchOrgServiceAccountsWithPagingParams struct {
// in:query
// required:false
Disabled bool `jsson:"disabled"`
// in:query
// required:false
ExpiredTokens bool `json:"expiredTokens"`
// It will return results where the query value is contained in one of the name.
// Query values with spaces need to be URL encoded.
// in:query
// required:false
Query string `json:"query"`
// The default value is 1000.
// in:query
// required:false
PerPage int `json:"perpage"`
// The default value is 1.
// in:query
// required:false
Page int `json:"page"`
}
// swagger:parameters createServiceAccount
type CreateServiceAccountParams struct {
//in:body
Body serviceaccounts.CreateServiceAccountForm
}
// swagger:parameters retrieveServiceAccount
type RetrieveServiceAccountParams struct {
// in:path
ServiceAccountId int64 `json:"serviceAccountId"`
}
// swagger:parameters updateServiceAccount
type UpdateServiceAccountParams struct {
// in:path
ServiceAccountId int64 `json:"serviceAccountId"`
// in:body
Body serviceaccounts.UpdateServiceAccountForm
}
// swagger:parameters deleteServiceAccount
type DeleteServiceAccountParams struct {
// in:path
ServiceAccountId int64 `json:"serviceAccountId"`
}
// swagger:response searchOrgServiceAccountsWithPagingResponse
type SearchOrgServiceAccountsWithPagingResponse struct {
// in:body
Auth: Service account store refactor (#58961) * refactor: renaming of files from database to store * refactor: make service account store private - moves store interface to manager package - adds an interface to the ProvideAPI constructor - refactors tests to use the store when necessary - adds mocks for the new interface implementations in the tests package * wip * refactor: make fakestore in service * wip * wip * wip * working tests * trailing whitespaces * Update pkg/services/serviceaccounts/api/api.go * Update pkg/services/serviceaccounts/tests/common.go * Update pkg/services/serviceaccounts/tests/common.go * refactor: doc string for retriever * fix import unused * remove: serviceaccount from featuretoggle * added: back legacy serviceaccounts feature toggle * added: docs * refactor: make query for the SearchQuery * add: validation of service input fields * add validation
3 years ago
Body *serviceaccounts.SearchOrgServiceAccountsResult
Chore: Move swagger definitions to the handlers (#52643)
3 years ago
}
// swagger:response createServiceAccountResponse
type CreateServiceAccountResponse struct {
// in:body
Body *serviceaccounts.ServiceAccountDTO
}
// swagger:response retrieveServiceAccountResponse
type RetrieveServiceAccountResponse struct {
// in:body
Body *serviceaccounts.ServiceAccountDTO
}
// swagger:response updateServiceAccountResponse
type UpdateServiceAccountResponse struct {
// in:body
Body struct {
Message string `json:"message"`
ID int64 `json:"id"`
Name string `json:"name"`
ServiceAccount *serviceaccounts.ServiceAccountProfileDTO `json:"serviceaccount"`
}
}