Affected by GO-2022-0342 and 27 other vulnerabilities

GO-2022-0342: Grafana XSS in Dashboard Text Panel in github.com/grafana/grafana

GO-2022-0707: Grafana Authentication Bypass in github.com/grafana/grafana

GO-2024-2483: Grafana XSS via adding a link in General feature in github.com/grafana/grafana

GO-2024-2510: Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana

GO-2024-2513: Grafana information disclosure in github.com/grafana/grafana

GO-2024-2515: Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana

GO-2024-2516: Grafana XSS via a column style in github.com/grafana/grafana

GO-2024-2517: Grafana XSS in header column rename in github.com/grafana/grafana

GO-2024-2519: Grafana world readable configuration files in github.com/grafana/grafana

GO-2024-2520: Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana

GO-2024-2523: Grafana stored XSS in github.com/grafana/grafana

GO-2024-2629: Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana

GO-2024-2661: Arbitrary file read in github.com/grafana/grafana

GO-2024-2697: Grafana: Users outside an organization can delete a snapshot with its key in github.com/grafana/grafana

GO-2024-2843: Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana

GO-2024-2844: Grafana User enumeration via forget password in github.com/grafana/grafana

GO-2024-2847: Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana

GO-2024-2848: Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana

GO-2024-2851: Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins in github.com/grafana/grafana

GO-2024-2852: Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana

GO-2024-2854: Grafana folders admin only permission privilege escalation in github.com/grafana/grafana

GO-2024-2855: Grafana Plugin signature bypass in github.com/grafana/grafana

GO-2024-2856: Grafana Race condition allowing privilege escalation in github.com/grafana/grafana

GO-2024-2857: Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana

GO-2024-2867: Grafana Spoofing originalUrl of snapshots in github.com/grafana/grafana

GO-2024-3079: Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana

GO-2024-3215: Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana

GO-2024-3240: Grafana org admin can delete pending invites in different org in github.com/grafana/grafana

api

package

v0.0.0-kmdagger3 Latest Latest Go to latest Published: Jun 12, 2023 License: AGPL-3.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/grafana/grafana

Documentation ¶

Index ¶

Constants
type CreateServiceAccountParams
type CreateServiceAccountResponse
type CreateTokenParams
type CreateTokenResponse
type DeleteServiceAccountParams
type DeleteTokenParams
type ListTokensParams
type ListTokensResponse
type RetrieveServiceAccountParams
type RetrieveServiceAccountResponse
type SearchOrgServiceAccountsWithPagingParams
type SearchOrgServiceAccountsWithPagingResponse
type ServiceAccountsAPI
- func NewServiceAccountsAPI(cfg *setting.Cfg, service service, accesscontrol accesscontrol.AccessControl, ...) *ServiceAccountsAPI
type TokenDTO
type UpdateServiceAccountParams
type UpdateServiceAccountResponse

Constants ¶

View Source

const (
	ServiceID = "sa"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CreateServiceAccountParams ¶

type CreateServiceAccountParams struct {
	//in:body
	Body serviceaccounts.CreateServiceAccountForm
}

swagger:parameters createServiceAccount

type CreateServiceAccountResponse ¶

type CreateServiceAccountResponse struct {
	// in:body
	Body *serviceaccounts.ServiceAccountDTO
}

swagger:response createServiceAccountResponse

type CreateTokenParams ¶

type CreateTokenParams struct {
	// in:path
	ServiceAccountId int64 `json:"serviceAccountId"`
	// in:body
	Body serviceaccounts.AddServiceAccountTokenCommand
}

swagger:parameters createToken

type CreateTokenResponse ¶

type CreateTokenResponse struct {
	// in:body
	Body *dtos.NewApiKeyResult
}

swagger:response createTokenResponse

type DeleteServiceAccountParams ¶

type DeleteServiceAccountParams struct {
	// in:path
	ServiceAccountId int64 `json:"serviceAccountId"`
}

swagger:parameters deleteServiceAccount

type DeleteTokenParams ¶

type DeleteTokenParams struct {
	// in:path
	TokenId int64 `json:"tokenId"`
	// in:path
	ServiceAccountId int64 `json:"serviceAccountId"`
}

swagger:parameters deleteToken

type ListTokensParams ¶

type ListTokensParams struct {
	// in:path
	ServiceAccountId int64 `json:"serviceAccountId"`
}

swagger:parameters listTokens

type ListTokensResponse ¶

type ListTokensResponse struct {
	// in:body
	Body *TokenDTO
}

swagger:response listTokensResponse

type RetrieveServiceAccountParams ¶

type RetrieveServiceAccountParams struct {
	// in:path
	ServiceAccountId int64 `json:"serviceAccountId"`
}

swagger:parameters retrieveServiceAccount

type RetrieveServiceAccountResponse ¶

type RetrieveServiceAccountResponse struct {
	// in:body
	Body *serviceaccounts.ServiceAccountDTO
}

swagger:response retrieveServiceAccountResponse

type SearchOrgServiceAccountsWithPagingParams ¶

type SearchOrgServiceAccountsWithPagingParams struct {
	// in:query
	// required:false
	Disabled bool `jsson:"disabled"`
	// in:query
	// required:false
	ExpiredTokens bool `json:"expiredTokens"`
	// It will return results where the query value is contained in one of the name.
	// Query values with spaces need to be URL encoded.
	// in:query
	// required:false
	Query string `json:"query"`
	// The default value is 1000.
	// in:query
	// required:false
	PerPage int `json:"perpage"`
	// The default value is 1.
	// in:query
	// required:false
	Page int `json:"page"`
}

swagger:parameters searchOrgServiceAccountsWithPaging

type SearchOrgServiceAccountsWithPagingResponse ¶

type SearchOrgServiceAccountsWithPagingResponse struct {
	// in:body
	Body *serviceaccounts.SearchOrgServiceAccountsResult
}

swagger:response searchOrgServiceAccountsWithPagingResponse

type ServiceAccountsAPI ¶

type ServiceAccountsAPI struct {
	RouterRegister routing.RouteRegister
	// contains filtered or unexported fields
}

func NewServiceAccountsAPI ¶

func NewServiceAccountsAPI(
	cfg *setting.Cfg,
	service service,
	accesscontrol accesscontrol.AccessControl,
	accesscontrolService accesscontrol.Service,
	routerRegister routing.RouteRegister,
	permissionService accesscontrol.ServiceAccountPermissionsService,
) *ServiceAccountsAPI

func (*ServiceAccountsAPI) ConvertToServiceAccount ¶

func (api *ServiceAccountsAPI) ConvertToServiceAccount(ctx *contextmodel.ReqContext) response.Response

POST /api/serviceaccounts/migrate/:keyId

func (*ServiceAccountsAPI) CreateServiceAccount ¶

func (api *ServiceAccountsAPI) CreateServiceAccount(c *contextmodel.ReqContext) response.Response

swagger:route POST /serviceaccounts service_accounts createServiceAccount

Create service account ¶

Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation): action: `serviceaccounts:write` scope: `serviceaccounts:*`

Requires basic authentication and that the authenticated user is a Grafana Admin.

Responses: 201: createServiceAccountResponse 400: badRequestError 401: unauthorisedError 403: forbiddenError 500: internalServerError

func (*ServiceAccountsAPI) CreateToken ¶

func (api *ServiceAccountsAPI) CreateToken(c *contextmodel.ReqContext) response.Response

swagger:route POST /serviceaccounts/{serviceAccountId}/tokens service_accounts createToken

CreateNewToken adds a token to a service account ¶

Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation): action: `serviceaccounts:write` scope: `serviceaccounts:id:1` (single service account)

Responses: 200: createTokenResponse 400: badRequestError 401: unauthorisedError 403: forbiddenError 404: notFoundError 409: conflictError 500: internalServerError

func (*ServiceAccountsAPI) DeleteServiceAccount ¶

func (api *ServiceAccountsAPI) DeleteServiceAccount(ctx *contextmodel.ReqContext) response.Response

swagger:route DELETE /serviceaccounts/{serviceAccountId} service_accounts deleteServiceAccount

Delete service account ¶

Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation): action: `serviceaccounts:delete` scope: `serviceaccounts:id:1` (single service account)

Responses: 200: okResponse 400: badRequestError 401: unauthorisedError 403: forbiddenError 500: internalServerError

func (*ServiceAccountsAPI) DeleteToken ¶

func (api *ServiceAccountsAPI) DeleteToken(c *contextmodel.ReqContext) response.Response

swagger:route DELETE /serviceaccounts/{serviceAccountId}/tokens/{tokenId} service_accounts deleteToken

DeleteToken deletes service account tokens ¶

Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation): action: `serviceaccounts:write` scope: `serviceaccounts:id:1` (single service account)

Requires basic authentication and that the authenticated user is a Grafana Admin.

Responses: 200: okResponse 400: badRequestError 401: unauthorisedError 403: forbiddenError 404: notFoundError 500: internalServerError

func (*ServiceAccountsAPI) ListTokens ¶

func (api *ServiceAccountsAPI) ListTokens(ctx *contextmodel.ReqContext) response.Response

swagger:route GET /serviceaccounts/{serviceAccountId}/tokens service_accounts listTokens

Get service account tokens ¶

Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation): action: `serviceaccounts:read` scope: `global:serviceaccounts:id:1` (single service account)

Requires basic authentication and that the authenticated user is a Grafana Admin.

Responses: 200: listTokensResponse 400: badRequestError 401: unauthorisedError 403: forbiddenError 500: internalServerError

func (*ServiceAccountsAPI) MigrateApiKeysToServiceAccounts ¶

func (api *ServiceAccountsAPI) MigrateApiKeysToServiceAccounts(ctx *contextmodel.ReqContext) response.Response

POST /api/serviceaccounts/migrate

func (*ServiceAccountsAPI) RegisterAPIEndpoints ¶

func (api *ServiceAccountsAPI) RegisterAPIEndpoints()

func (*ServiceAccountsAPI) RetrieveServiceAccount ¶

func (api *ServiceAccountsAPI) RetrieveServiceAccount(ctx *contextmodel.ReqContext) response.Response

swagger:route GET /serviceaccounts/{serviceAccountId} service_accounts retrieveServiceAccount

Get single serviceaccount by Id ¶

Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation): action: `serviceaccounts:read` scope: `serviceaccounts:id:1` (single service account)

Responses: 200: retrieveServiceAccountResponse 400: badRequestError 401: unauthorisedError 403: forbiddenError 404: notFoundError 500: internalServerError

func (*ServiceAccountsAPI) SearchOrgServiceAccountsWithPaging ¶

func (api *ServiceAccountsAPI) SearchOrgServiceAccountsWithPaging(c *contextmodel.ReqContext) response.Response

swagger:route GET /serviceaccounts/search service_accounts searchOrgServiceAccountsWithPaging

Search service accounts with paging ¶

Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation): action: `serviceaccounts:read` scope: `serviceaccounts:*`

Responses: 200: searchOrgServiceAccountsWithPagingResponse 401: unauthorisedError 403: forbiddenError 500: internalServerError

func (*ServiceAccountsAPI) UpdateServiceAccount ¶

func (api *ServiceAccountsAPI) UpdateServiceAccount(c *contextmodel.ReqContext) response.Response

swagger:route PATCH /serviceaccounts/{serviceAccountId} service_accounts updateServiceAccount

Update service account ¶

Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation): action: `serviceaccounts:write` scope: `serviceaccounts:id:1` (single service account)

Responses: 200: updateServiceAccountResponse 400: badRequestError 401: unauthorisedError 403: forbiddenError 404: notFoundError 500: internalServerError

type TokenDTO ¶

type TokenDTO struct {
	// example: 1
	Id int64 `json:"id"`
	// example: grafana
	Name string `json:"name"`
	// example: 2022-03-23T10:31:02Z
	Created *time.Time `json:"created"`
	// example: 2022-03-23T10:31:02Z
	LastUsedAt *time.Time `json:"lastUsedAt"`
	// example: 2022-03-23T10:31:02Z
	Expiration *time.Time `json:"expiration"`
	// example: 0
	SecondsUntilExpiration *float64 `json:"secondsUntilExpiration"`
	// example: false
	HasExpired bool `json:"hasExpired"`
	// example: false
	IsRevoked *bool `json:"isRevoked"`
}

swagger:model

type UpdateServiceAccountParams ¶

type UpdateServiceAccountParams struct {
	// in:path
	ServiceAccountId int64 `json:"serviceAccountId"`
	// in:body
	Body serviceaccounts.UpdateServiceAccountForm
}

swagger:parameters updateServiceAccount

type UpdateServiceAccountResponse ¶

type UpdateServiceAccountResponse struct {
	// in:body
	Body struct {
		Message        string                                    `json:"message"`
		ID             int64                                     `json:"id"`
		Name           string                                    `json:"name"`
		ServiceAccount *serviceaccounts.ServiceAccountProfileDTO `json:"serviceaccount"`
	}
}

swagger:response updateServiceAccountResponse

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL