apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
45603 Commits
5948 Branches
591 Tags
1.7 GiB
 
 
 
 
 
 
Tag: Branch: Tree: e902d8fd10
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e902d8fd10'
${ noResults }
grafana/pkg/services/extsvcauth/models.go

91 lines
2.9 KiB
Raw Blame History

package extsvcauth
import (
"context"
"github.com/grafana/grafana/pkg/services/accesscontrol"
)
const (
OAuth2Server AuthProvider = "OAuth2Server"
)
type AuthProvider string
type ExternalServiceRegistry interface {
// SaveExternalService creates or updates an external service in the database. Based on the requested auth provider,
// it generates client_id, secrets and any additional provider specificities (ex: rsa keys). It also ensures that the
// associated service account has the correct permissions.
SaveExternalService(ctx context.Context, cmd *ExternalServiceRegistration) (*ExternalService, error)
}
type SelfCfg struct {
// Enabled allows the service to request access tokens for itself
Enabled bool
// Permissions are the permissions that the external service needs its associated service account to have.
Permissions []accesscontrol.Permission
}
type ImpersonationCfg struct {
// Enabled allows the service to request access tokens to impersonate users
Enabled bool
// Groups allows the service to list the impersonated user's teams
Groups bool
// Permissions are the permissions that the external service needs when impersonating a user.
// The intersection of this set with the impersonated user's permission guarantees that the client will not
// gain more privileges than the impersonated user has and vice versa.
Permissions []accesscontrol.Permission
}
// ExternalServiceRegistration represents the registration form to save new client.
type ExternalServiceRegistration struct {
Name string
// Impersonation access configuration
// (this is not available on all auth providers)
Impersonation ImpersonationCfg
// Self access configuration
Self SelfCfg
// Auth Provider that the client will use to connect to Grafana
AuthProvider AuthProvider
// Auth Provider specific config
OAuthProviderCfg *OAuthProviderCfg
}
// ExternalService represents the credentials that the ExternalService can use to connect to Grafana.
type ExternalService struct {
Name string
ID string
Secret string
OAuthExtra *OAuthExtra // Auth Provider specificities (ex: ecdsa key pair)
}
type KeyOption struct {
// URL string `json:"url,omitempty"` // TODO allow specifying a URL (to a .jwks file) to fetch the key from
// PublicPEM contains the Base64 encoded public key in PEM format
PublicPEM string
Generate bool
}
// ProviderCfg represents the registration form specificities needed to register OAuth2 clients.
type OAuthProviderCfg struct {
// RedirectURI is the URI that is used in the code flow.
// Note that this is not used yet.
RedirectURI *string
// Key is the option to specify a public key or ask the server to generate a crypto key pair.
Key *KeyOption
}
type KeyResult struct {
URL string
PrivatePem string
PublicPem string
Generated bool
}
// OAuthExtra represents the specificities of an OAuth2 client.
type OAuthExtra struct {
Audiences string
GrantTypes string
KeyResult *KeyResult
RedirectURI string
}