Documentation
¶
Index ¶
- Constants
- Variables
- type AddServiceAccountTokenCommand
- type CreateServiceAccountForm
- type GetSATokensQuery
- type MigrationResult
- type SearchOrgServiceAccountsQuery
- type SearchOrgServiceAccountsResult
- type Service
- type ServiceAccount
- type ServiceAccountDTO
- type ServiceAccountFilter
- type ServiceAccountProfileDTO
- type Stats
- type UpdateServiceAccountForm
Constants ¶
View Source
const ( ActionRead = "serviceaccounts:read" ActionWrite = "serviceaccounts:write" ActionCreate = "serviceaccounts:create" ActionDelete = "serviceaccounts:delete" ActionPermissionsRead = "serviceaccounts.permissions:read" ActionPermissionsWrite = "serviceaccounts.permissions:write" )
Variables ¶
View Source
var ( ScopeAll = "serviceaccounts:*" ScopeID = accesscontrol.Scope("serviceaccounts", "id", accesscontrol.Parameter(":serviceAccountId")) )
View Source
var ( ErrServiceAccountNotFound = errutil.NewBase(errutil.StatusNotFound, "serviceaccounts.ErrNotFound", errutil.WithPublicMessage("service account not found")) ErrServiceAccountInvalidRole = errutil.NewBase(errutil.StatusBadRequest, "serviceaccounts.ErrInvalidRoleSpecified", errutil.WithPublicMessage("invalid role specified")) ErrServiceAccountRolePrivilegeDenied = errutil.NewBase(errutil.StatusForbidden, "serviceaccounts.ErrRoleForbidden", errutil.WithPublicMessage("can not assign a role higher than user's role")) ErrServiceAccountInvalidOrgID = errutil.NewBase(errutil.StatusBadRequest, "serviceaccounts.ErrInvalidOrgId", errutil.WithPublicMessage("invalid org id specified")) ErrServiceAccountInvalidID = errutil.NewBase(errutil.StatusBadRequest, "serviceaccounts.ErrInvalidId", errutil.WithPublicMessage("invalid service account id specified")) ErrServiceAccountInvalidAPIKeyID = errutil.NewBase(errutil.StatusBadRequest, "serviceaccounts.ErrInvalidAPIKeyId", errutil.WithPublicMessage("invalid api key id specified")) ErrServiceAccountInvalidTokenID = errutil.NewBase(errutil.StatusBadRequest, "serviceaccounts.ErrInvalidTokenId", errutil.WithPublicMessage("invalid service account token id specified")) ErrServiceAccountAlreadyExists = errutil.NewBase(errutil.StatusBadRequest, "serviceaccounts.ErrAlreadyExists", errutil.WithPublicMessage("service account already exists")) ErrServiceAccountTokenNotFound = errutil.NewBase(errutil.StatusNotFound, "serviceaccounts.ErrTokenNotFound", errutil.WithPublicMessage("service account token not found")) ErrInvalidTokenExpiration = errutil.NewBase(errutil.StatusValidationFailed, "serviceaccounts.ErrInvalidInput", errutil.WithPublicMessage("invalid SecondsToLive value")) ErrDuplicateToken = errutil.NewBase(errutil.StatusBadRequest, "serviceaccounts.ErrTokenAlreadyExists", errutil.WithPublicMessage("service account token with given name already exists in the organization")) )
View Source
var AccessEvaluator = accesscontrol.EvalAny( accesscontrol.EvalPermission(ActionRead), accesscontrol.EvalPermission(ActionCreate), )
AccessEvaluator is used to protect the "Configuration > Service accounts" page access
Functions ¶
This section is empty.
Types ¶
type CreateServiceAccountForm ¶
type CreateServiceAccountForm struct {
// example: grafana
Name string `json:"name" binding:"Required"`
// example: Admin
Role *org.RoleType `json:"role"`
// example: false
IsDisabled *bool `json:"isDisabled"`
}
swagger:model
type GetSATokensQuery ¶
type MigrationResult ¶
type SearchOrgServiceAccountsQuery ¶
type SearchOrgServiceAccountsQuery struct {
OrgID int64
Query string
Filter ServiceAccountFilter
Page int
Limit int
SignedInUser identity.Requester
}
func (*SearchOrgServiceAccountsQuery) SetDefaults ¶
func (q *SearchOrgServiceAccountsQuery) SetDefaults()
type SearchOrgServiceAccountsResult ¶
type SearchOrgServiceAccountsResult struct {
// It can be used for pagination of the user list
// E.g. if totalCount is equal to 100 users and
// the perpage parameter is set to 10 then there are 10 pages of users.
TotalCount int64 `json:"totalCount"`
ServiceAccounts []*ServiceAccountDTO `json:"serviceAccounts"`
Page int `json:"page"`
PerPage int `json:"perPage"`
}
swagger: model
type Service ¶
type Service interface {
CreateServiceAccount(ctx context.Context, orgID int64, saForm *CreateServiceAccountForm) (*ServiceAccountDTO, error)
DeleteServiceAccount(ctx context.Context, orgID, serviceAccountID int64) error
RetrieveServiceAccount(ctx context.Context, orgID, serviceAccountID int64) (*ServiceAccountProfileDTO, error)
RetrieveServiceAccountIdByName(ctx context.Context, orgID int64, name string) (int64, error)
UpdateServiceAccount(ctx context.Context, orgID, serviceAccountID int64,
saForm *UpdateServiceAccountForm) (*ServiceAccountProfileDTO, error)
AddServiceAccountToken(ctx context.Context, serviceAccountID int64,
cmd *AddServiceAccountTokenCommand) (*apikey.APIKey, error)
}
ServiceAccountService is the service that manages service accounts.
Service accounts are used to authenticate API requests. They are not users and do not have a password.
type ServiceAccount ¶
type ServiceAccount struct {
Id int64
}
type ServiceAccountDTO ¶
type ServiceAccountDTO struct {
Id int64 `json:"id" xorm:"user_id"`
// example: grafana
Name string `json:"name" xorm:"name"`
// example: sa-grafana
Login string `json:"login" xorm:"login"`
// example: 1
OrgId int64 `json:"orgId" xorm:"org_id"`
// example: false
IsDisabled bool `json:"isDisabled" xorm:"is_disabled"`
// example: Viewer
Role string `json:"role" xorm:"role"`
// example: 0
Tokens int64 `json:"tokens"`
// example: /avatar/85ec38023d90823d3e5b43ef35646af9
AvatarUrl string `json:"avatarUrl"`
// example: {"serviceaccounts:delete": true, "serviceaccounts:read": true, "serviceaccounts:write": true}
AccessControl map[string]bool `json:"accessControl,omitempty"`
}
swagger: model
type ServiceAccountFilter ¶
type ServiceAccountFilter string // used for filtering
const ( FilterOnlyExpiredTokens ServiceAccountFilter = "expiredTokens" FilterOnlyDisabled ServiceAccountFilter = "disabled" FilterIncludeAll ServiceAccountFilter = "all" )
type ServiceAccountProfileDTO ¶
type ServiceAccountProfileDTO struct {
// example: 2
Id int64 `json:"id" xorm:"user_id"`
// example: test
Name string `json:"name" xorm:"name"`
// example: sa-grafana
Login string `json:"login" xorm:"login"`
// example: 1
OrgId int64 `json:"orgId" xorm:"org_id"`
// example: false
IsDisabled bool `json:"isDisabled" xorm:"is_disabled"`
// example: 2022-03-21T14:35:33Z
Created time.Time `json:"createdAt" xorm:"created"`
// example: 2022-03-21T14:35:33Z
Updated time.Time `json:"updatedAt" xorm:"updated"`
// example: /avatar/8ea890a677d6a223c591a1beea6ea9d2
AvatarUrl string `json:"avatarUrl" xorm:"-"`
// example: Editor
Role string `json:"role" xorm:"role"`
// example: []
Teams []string `json:"teams" xorm:"-"`
Tokens int64 `json:"tokens,omitempty"`
AccessControl map[string]bool `json:"accessControl,omitempty" xorm:"-"`
}
swagger:model
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.