Documentation
¶
Index ¶
- Constants
- Variables
- type AddServiceAccountTokenCommand
- type CreateServiceAccountForm
- type EnableExtSvcAccountCmd
- type ExtSvcAccount
- type ExtSvcAccountsService
- type GetSATokensQuery
- type ManageExtSvcAccountCmd
- type MigrationResult
- type SearchOrgServiceAccountsQuery
- type SearchOrgServiceAccountsResult
- type Service
- type ServiceAccount
- type ServiceAccountDTO
- type ServiceAccountFilter
- type ServiceAccountProfileDTO
- type Stats
- type UpdateServiceAccountForm
Constants ¶
View Source
const ( ServiceAccountPrefix = "sa-" ExtSvcPrefix = "extsvc-" ExtSvcLoginPrefix = ServiceAccountPrefix + extsvcauth.TmpOrgIDStr + "-" + ExtSvcPrefix )
View Source
const ( ActionRead = "serviceaccounts:read" ActionWrite = "serviceaccounts:write" ActionCreate = "serviceaccounts:create" ActionDelete = "serviceaccounts:delete" ActionPermissionsRead = "serviceaccounts.permissions:read" ActionPermissionsWrite = "serviceaccounts.permissions:write" )
Variables ¶
View Source
var ( ScopeAll = "serviceaccounts:*" ScopeID = accesscontrol.Scope("serviceaccounts", "id", accesscontrol.Parameter(":serviceAccountId")) )
View Source
var ( ErrServiceAccountNotFound = errutil.NotFound("serviceaccounts.ErrNotFound", errutil.WithPublicMessage("service account not found")) ErrServiceAccountInvalidRole = errutil.BadRequest("serviceaccounts.ErrInvalidRoleSpecified", errutil.WithPublicMessage("invalid role specified")) ErrServiceAccountRolePrivilegeDenied = errutil.Forbidden("serviceaccounts.ErrRoleForbidden", errutil.WithPublicMessage("can not assign a role higher than user's role")) ErrServiceAccountInvalidOrgID = errutil.BadRequest("serviceaccounts.ErrInvalidOrgId", errutil.WithPublicMessage("invalid org id specified")) ErrServiceAccountInvalidID = errutil.BadRequest("serviceaccounts.ErrInvalidId", errutil.WithPublicMessage("invalid service account id specified")) ErrServiceAccountInvalidAPIKeyID = errutil.BadRequest("serviceaccounts.ErrInvalidAPIKeyId", errutil.WithPublicMessage("invalid api key id specified")) ErrServiceAccountInvalidTokenID = errutil.BadRequest("serviceaccounts.ErrInvalidTokenId", errutil.WithPublicMessage("invalid service account token id specified")) ErrServiceAccountAlreadyExists = errutil.BadRequest("serviceaccounts.ErrAlreadyExists", errutil.WithPublicMessage("service account already exists")) ErrServiceAccountTokenNotFound = errutil.NotFound("serviceaccounts.ErrTokenNotFound", errutil.WithPublicMessage("service account token not found")) ErrInvalidTokenExpiration = errutil.ValidationFailed("serviceaccounts.ErrInvalidInput", errutil.WithPublicMessage("invalid SecondsToLive value")) ErrDuplicateToken = errutil.BadRequest("serviceaccounts.ErrTokenAlreadyExists", errutil.WithPublicMessage("service account token with given name already exists in the organization")) )
View Source
var AccessEvaluator = accesscontrol.EvalAny( accesscontrol.EvalPermission(ActionRead), accesscontrol.EvalPermission(ActionCreate), )
AccessEvaluator is used to protect the "Configuration > Service accounts" page access
Functions ¶
This section is empty.
Types ¶
type CreateServiceAccountForm ¶
type CreateServiceAccountForm struct {
// example: grafana
Name string `json:"name" binding:"Required"`
// example: Admin
Role *org.RoleType `json:"role"`
// example: false
IsDisabled *bool `json:"isDisabled"`
}
swagger:model
type EnableExtSvcAccountCmd ¶
type ExtSvcAccount ¶
type ExtSvcAccount struct {
ID int64
Login string
Name string
OrgID int64
IsDisabled bool
Role roletype.RoleType
}
ExtSvcAccount represents the service account associated to an external service
type ExtSvcAccountsService ¶
type ExtSvcAccountsService interface {
// EnableExtSvcAccount enables or disables the service account associated to an external service
EnableExtSvcAccount(ctx context.Context, cmd *EnableExtSvcAccountCmd) error
// ManageExtSvcAccount creates, updates or deletes the service account associated with an external service
ManageExtSvcAccount(ctx context.Context, cmd *ManageExtSvcAccountCmd) (int64, error)
// RemoveExtSvcAccount removes the external service account associated with an external service
RemoveExtSvcAccount(ctx context.Context, orgID int64, extSvcSlug string) error
// RetrieveExtSvcAccount fetches an external service account by ID
RetrieveExtSvcAccount(ctx context.Context, orgID, saID int64) (*ExtSvcAccount, error)
}
type GetSATokensQuery ¶
type ManageExtSvcAccountCmd ¶
type ManageExtSvcAccountCmd struct {
ExtSvcSlug string
Enabled bool
OrgID int64
Permissions []accesscontrol.Permission
}
type MigrationResult ¶
type SearchOrgServiceAccountsQuery ¶
type SearchOrgServiceAccountsQuery struct {
OrgID int64
Query string
Filter ServiceAccountFilter
Page int
Limit int
CountOnly bool
SignedInUser identity.Requester
}
func (*SearchOrgServiceAccountsQuery) SetDefaults ¶
func (q *SearchOrgServiceAccountsQuery) SetDefaults()
type SearchOrgServiceAccountsResult ¶
type SearchOrgServiceAccountsResult struct {
// It can be used for pagination of the user list
// E.g. if totalCount is equal to 100 users and
// the perpage parameter is set to 10 then there are 10 pages of users.
TotalCount int64 `json:"totalCount"`
ServiceAccounts []*ServiceAccountDTO `json:"serviceAccounts"`
Page int `json:"page"`
PerPage int `json:"perPage"`
}
swagger: model
type Service ¶
type Service interface {
CreateServiceAccount(ctx context.Context, orgID int64, saForm *CreateServiceAccountForm) (*ServiceAccountDTO, error)
DeleteServiceAccount(ctx context.Context, orgID, serviceAccountID int64) error
RetrieveServiceAccount(ctx context.Context, orgID, serviceAccountID int64) (*ServiceAccountProfileDTO, error)
RetrieveServiceAccountIdByName(ctx context.Context, orgID int64, name string) (int64, error)
SearchOrgServiceAccounts(ctx context.Context, query *SearchOrgServiceAccountsQuery) (*SearchOrgServiceAccountsResult, error)
EnableServiceAccount(ctx context.Context, orgID, serviceAccountID int64, enable bool) error
UpdateServiceAccount(ctx context.Context, orgID, serviceAccountID int64,
saForm *UpdateServiceAccountForm) (*ServiceAccountProfileDTO, error)
// Tokens
AddServiceAccountToken(ctx context.Context, serviceAccountID int64,
cmd *AddServiceAccountTokenCommand) (*apikey.APIKey, error)
DeleteServiceAccountToken(ctx context.Context, orgID, serviceAccountID, tokenID int64) error
ListTokens(ctx context.Context, query *GetSATokensQuery) ([]apikey.APIKey, error)
// API specific functions
MigrateApiKey(ctx context.Context, orgID int64, keyId int64) error
MigrateApiKeysToServiceAccounts(ctx context.Context, orgID int64) (*MigrationResult, error)
}
type ServiceAccount ¶
type ServiceAccount struct {
Id int64
}
type ServiceAccountDTO ¶
type ServiceAccountDTO struct {
Id int64 `json:"id" xorm:"user_id"`
// example: grafana
Name string `json:"name" xorm:"name"`
// example: sa-grafana
Login string `json:"login" xorm:"login"`
// example: 1
OrgId int64 `json:"orgId" xorm:"org_id"`
// example: false
IsDisabled bool `json:"isDisabled" xorm:"is_disabled"`
// example: false
IsExternal bool `json:"isExternal,omitempty" xorm:"-"`
// example: Viewer
Role string `json:"role" xorm:"role"`
// example: 0
Tokens int64 `json:"tokens"`
// example: /avatar/85ec38023d90823d3e5b43ef35646af9
AvatarUrl string `json:"avatarUrl"`
// example: {"serviceaccounts:delete": true, "serviceaccounts:read": true, "serviceaccounts:write": true}
AccessControl map[string]bool `json:"accessControl,omitempty"`
}
swagger: model
type ServiceAccountFilter ¶
type ServiceAccountFilter string // used for filtering
const ( FilterOnlyExpiredTokens ServiceAccountFilter = "expiredTokens" FilterOnlyDisabled ServiceAccountFilter = "disabled" FilterIncludeAll ServiceAccountFilter = "all" FilterOnlyExternal ServiceAccountFilter = "external" )
type ServiceAccountProfileDTO ¶
type ServiceAccountProfileDTO struct {
// example: 2
Id int64 `json:"id" xorm:"user_id"`
// example: test
Name string `json:"name" xorm:"name"`
// example: sa-grafana
Login string `json:"login" xorm:"login"`
// example: 1
OrgId int64 `json:"orgId" xorm:"org_id"`
// example: false
IsDisabled bool `json:"isDisabled" xorm:"is_disabled"`
// example: 2022-03-21T14:35:33Z
Created time.Time `json:"createdAt" xorm:"created"`
// example: 2022-03-21T14:35:33Z
Updated time.Time `json:"updatedAt" xorm:"updated"`
// example: /avatar/8ea890a677d6a223c591a1beea6ea9d2
AvatarUrl string `json:"avatarUrl" xorm:"-"`
// example: Editor
Role string `json:"role" xorm:"role"`
// example: []
Teams []string `json:"teams" xorm:"-"`
// example: false
IsExternal bool `json:"isExternal,omitempty" xorm:"-"`
// example: grafana-app
RequiredBy string `json:"requiredBy,omitempty" xorm:"-"`
Tokens int64 `json:"tokens,omitempty"`
AccessControl map[string]bool `json:"accessControl,omitempty" xorm:"-"`
}
swagger:model
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.