2023-10-10 02:20:52 -05:00
package extsvcaccounts
import (
"github.com/grafana/grafana/pkg/models/roletype"
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
2023-11-16 05:07:42 -06:00
"github.com/grafana/grafana/pkg/services/extsvcauth"
"github.com/grafana/grafana/pkg/services/serviceaccounts"
"github.com/grafana/grafana/pkg/services/user"
2023-10-23 07:09:42 -05:00
"github.com/grafana/grafana/pkg/util/errutil"
2023-10-10 02:20:52 -05:00
)
2023-10-12 09:15:16 -05:00
const (
2023-10-24 08:54:14 -05:00
metricsNamespace = "grafana"
2023-10-24 04:01:04 -05:00
kvStoreType = "extsvc-token"
2023-10-12 09:15:16 -05:00
// #nosec G101 - this is not a hardcoded secret
tokenNamePrefix = "extsvc-token"
2024-05-28 03:39:46 -05:00
maxTokenGenRetries = 10
2023-10-12 09:15:16 -05:00
)
2023-10-23 07:09:42 -05:00
var (
2024-05-28 03:39:46 -05:00
ErrCannotBeDeleted = errutil . BadRequest ( "extsvcaccounts.ErrCannotBeDeleted" , errutil . WithPublicMessage ( "external service account cannot be deleted" ) )
ErrCannotBeUpdated = errutil . BadRequest ( "extsvcaccounts.ErrCannotBeUpdated" , errutil . WithPublicMessage ( "external service account cannot be updated" ) )
ErrCannotCreateToken = errutil . BadRequest ( "extsvcaccounts.ErrCannotCreateToken" , errutil . WithPublicMessage ( "cannot add external service account token" ) )
ErrCannotDeleteToken = errutil . BadRequest ( "extsvcaccounts.ErrCannotDeleteToken" , errutil . WithPublicMessage ( "cannot delete external service account token" ) )
ErrCannotListTokens = errutil . BadRequest ( "extsvcaccounts.ErrCannotListTokens" , errutil . WithPublicMessage ( "cannot list external service account tokens" ) )
ErrCredentialsGenFailed = errutil . Internal ( "extsvcaccounts.ErrCredentialsGenFailed" )
ErrCredentialsNotFound = errutil . NotFound ( "extsvcaccounts.ErrCredentialsNotFound" )
ErrInvalidName = errutil . BadRequest ( "extsvcaccounts.ErrInvalidName" , errutil . WithPublicMessage ( "only external service account names can be prefixed with 'extsvc-'" ) )
2023-11-16 05:07:42 -06:00
extsvcuser = & user . SignedInUser {
OrgID : extsvcauth . TmpOrgID ,
Permissions : map [ int64 ] map [ string ] [ ] string {
extsvcauth . TmpOrgID : { serviceaccounts . ActionRead : { "serviceaccounts:id:*" } } ,
} ,
}
2023-10-23 07:09:42 -05:00
)
2023-10-12 09:15:16 -05:00
// Credentials represents the credentials associated to an external service
type Credentials struct {
Secret string
}
type SaveCredentialsCmd struct {
ExtSvcSlug string
OrgID int64
Secret string
}
type saveCmd struct {
2023-10-27 07:27:06 -05:00
Enabled bool
2023-10-10 02:20:52 -05:00
ExtSvcSlug string
OrgID int64
Permissions [ ] ac . Permission
SaID int64
}
func newRole ( r roletype . RoleType ) * roletype . RoleType {
return & r
}
func newBool ( b bool ) * bool {
return & b
}
