apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[release-12.0.2] Docs: Remove api key references from docs (#106849)

Browse Source 
Co-authored-by: Mihai Doarna <mihai.doarna@grafana.com>
pull/106854/head
grafana-delivery-bot[bot] 1 month ago committed by GitHub
parent d8f106637e
commit 0989a8d89f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 2 additions and 307 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      docs/sources/administration/organization-management/index.md
  2. 2
      docs/sources/administration/roles-and-permissions/_index.md
  3. 135
      docs/sources/developers/http_api/auth.md
  4. 162
      docs/sources/developers/http_api/serviceaccount.md
  5. 8
      docs/sources/setup-grafana/configure-security/planning-iam-strategy/index.md

2
docs/sources/administration/organization-management/index.md
Unescape View File

@ -39,7 +39,7 @@ The following table summarizes the resources you can share and/or isolate using
| Notification channels | Isolate only | | Notification channels | Isolate only |
| Annotations | Isolate only | | Annotations | Isolate only |
| Reports | Isolate only | | Reports | Isolate only |
| API keys | Isolate only | | Service accounts | Isolate only |
| Authentication providers | Share only | | Authentication providers | Share only |
| Configuration settings | Share only | | Configuration settings | Share only |
| Licenses | Share | | Licenses | Share |

2
docs/sources/administration/roles-and-permissions/_index.md
Unescape View File

@ -71,7 +71,7 @@ Permissions assigned to a user within an organization control the extent to whic
- plugins - plugins
- annotations - annotations
- library panels - library panels
- API keys - service accounts
For more information about managing organization users, see [User management](../user-management/manage-org-users/). For more information about managing organization users, see [User management](../user-management/manage-org-users/).

135
docs/sources/developers/http_api/auth.md
Unescape View File

@ -1,135 +0,0 @@
---
aliases:
- ../../http_api/auth/
- ../../http_api/authentication/
canonical: /docs/grafana/latest/developers/http_api/auth/
description: Grafana Authentication HTTP API
keywords:
- grafana
- http
- documentation
- api
- authentication
labels:
products:
- enterprise
- oss
title: 'Authentication HTTP API '
---
# Authentication API
The Authentication HTTP API is used to manage API keys.
{{% admonition type="note" %}}
Grafana recommends using service accounts instead of API keys. For more information, refer to [Grafana service account API reference](../serviceaccount/).
{{% /admonition %}}
> If you are running Grafana Enterprise, for some endpoints you would need to have relevant permissions. Refer to [Role-based access control permissions](../../../administration/roles-and-permissions/access-control/custom-role-actions-scopes/) for more information.
## List API keys
{{% admonition type="warning" %}}
This endpoint is deprecated.
{{% /admonition %}}
`GET /api/auth/keys`
**Required permissions**
See note in the [introduction](#authentication-api) for an explanation.
| Action | Scope |
| -------------- | ----------- |
| `apikeys:read` | `apikeys:*` |
**Example Request**:
```http
GET /api/auth/keys HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
```
Query Parameters:
- `includeExpired`: boolean. enable listing of expired keys. Optional.
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
[
{
"id": 3,
"name": "API",
"role": "Admin"
},
{
"id": 1,
"name": "TestAdmin",
"role": "Admin",
"expiration": "2019-06-26T10:52:03+03:00"
}
]
```
## Create API Key
{{% admonition type="warning" %}}
This endpoint has been made obsolete in Grafana 11.3.0.
{{% /admonition %}}
Endpoint is obsolete and has been moved to [Grafana service account API](../serviceaccount/). For more information, refer to [Migrate to Grafana service account API](/docs/grafana/<GRAFANA_VERSION>/administration/service-accounts/migrate-api-keys/).
`POST /api/auth/keys`
**Example Response**:
```http
HTTP/1.1 410
Content-Type: application/json
{"message":"this endpoint has been removed, please use POST /api/serviceaccounts and POST /api/serviceaccounts/{id}/tokens instead"}
```
## Delete API Key
{{% admonition type="warning" %}}
### DEPRECATED
{{% /admonition %}}
`DELETE /api/auth/keys/:id`
**Required permissions**
See note in the [introduction](#authentication-api) for an explanation.
| Action | Scope |
| ---------------- | ---------- |
| `apikeys:delete` | apikeys:\* |
**Example Request**:
```http
DELETE /api/auth/keys/3 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
{"message":"API key deleted"}
```

162
docs/sources/developers/http_api/serviceaccount.md
Unescape View File

@ -260,134 +260,6 @@ Content-Type: application/json
--- ---
## Migrate API keys to service accounts
`POST /api/serviceaccounts/migrate`
**Required permissions**
See note in the [introduction](#service-account-api) for an explanation.
| Action | Scope |
| --------------------- | ------------------ |
| serviceaccounts:write | serviceaccounts:\* |
**Example Request**:
```http
POST /api/serviceaccounts/migrate HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
{
"message": "API keys migrated to service accounts"
}
```
## Migrate API key to service account
`POST /api/serviceaccounts/migrate/:keyId`
**Required permissions**
See note in the [introduction](#service-account-api) for an explanation.
| Action | Scope |
| --------------------- | ------------------ |
| serviceaccounts:write | serviceaccounts:\* |
**Example Request**:
```http
POST /api/serviceaccounts/migrate/4 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
{
"message": "Service accounts migrated"
}
```
## Get API key to service account migration status
`GET /api/serviceaccounts/migrationstatus`
**Required permissions**
See note in the [introduction](#service-account-api) for an explanation.
| Action | Scope |
| -------------------- | ------------------ |
| serviceaccounts:read | serviceaccounts:\* |
**Example Request**:
```http
POST /api/serviceaccounts/migrationstatus HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
{
"migrated": true
}
```
## Hide the API keys tab
`GET /api/serviceaccounts/hideApiKeys`
**Required permissions**
See note in the [introduction](#service-account-api) for an explanation.
| Action | Scope |
| --------------------- | ------------------ |
| serviceaccounts:write | serviceaccounts:\* |
**Example Request**:
```http
POST /api/serviceaccounts/hideApiKeys HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
{
"message": "API keys hidden"
}
```
## Get service account tokens ## Get service account tokens
`GET /api/serviceaccounts/:id/tokens` `GET /api/serviceaccounts/:id/tokens`
@ -500,37 +372,3 @@ Content-Type: application/json
"message": "API key deleted" "message": "API key deleted"
} }
``` ```
## Revert service account token to API key
`DELETE /api/serviceaccounts/:serviceAccountId/revert/:keyId`
This operation will delete the service account and create a legacy API Key for the given `keyId`.
**Required permissions**
See note in the [introduction](#service-account-api) for an explanation.
| Action | Scope |
| ---------------------- | --------------------- |
| serviceaccounts:delete | serviceaccounts:id:\* |
**Example Request**:
```http
DELETE /api/serviceaccounts/1/revert/glsa_VVQjot0nijQ59lun6pMZRtsdBXxnFQ9M_77c34a79 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
{
"message": "Reverted service account to API key"
}
```

8
docs/sources/setup-grafana/configure-security/planning-iam-strategy/index.md
Unescape View File

@ -133,14 +133,6 @@ In Grafana's audit logs it will still show up as the same service account.
Service account access tokens inherit permissions from the service account. Service account access tokens inherit permissions from the service account.
### API keys
{{< admonition type="note" >}}
Grafana recommends using service accounts instead of API keys. API keys will be deprecated in the near future. For more information, refer to [Grafana service accounts](./#service-accounts).
{{< /admonition >}}
You can use Grafana API keys to interact with data sources via HTTP APIs.
## How to work with roles? ## How to work with roles?
Grafana roles control the access of users and service accounts to specific resources and determine their authorized actions. Grafana roles control the access of users and service accounts to specific resources and determine their authorized actions.

Write Preview
Loading…
Cancel
Save