IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-12 08:35:43 -06:00
Code Issues Packages Projects Releases Wiki Activity

ExtSvcAuth: Add traces to external service accounts setup (#76779)

Browse Source 
* AuthN: Add traces to external service accounts setup
This commit is contained in:
Gabriel MABILLE 2023-11-16 20:45:31 +01:00 committed by GitHub
parent 7397f975b6
commit 25c2d99350
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 41 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
pkg/services/serviceaccounts/extsvcaccounts/service.go
View File

@ -12,6 +12,7 @@ import (
"github.com/grafana/grafana/pkg/infra/db" "github.com/grafana/grafana/pkg/infra/db"
"github.com/grafana/grafana/pkg/infra/log" "github.com/grafana/grafana/pkg/infra/log"
"github.com/grafana/grafana/pkg/infra/slugify" "github.com/grafana/grafana/pkg/infra/slugify"
"github.com/grafana/grafana/pkg/infra/tracing"
"github.com/grafana/grafana/pkg/models/roletype" "github.com/grafana/grafana/pkg/models/roletype"
ac "github.com/grafana/grafana/pkg/services/accesscontrol" ac "github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/extsvcauth" "github.com/grafana/grafana/pkg/services/extsvcauth"
@ -30,9 +31,10 @@ type ExtSvcAccountsService struct {
metrics *metrics metrics *metrics
saSvc sa.Service saSvc sa.Service
skvStore kvstore.SecretsKVStore skvStore kvstore.SecretsKVStore
tracer tracing.Tracer
} }
func ProvideExtSvcAccountsService(acSvc ac.Service, bus bus.Bus, db db.DB, features *featuremgmt.FeatureManager, reg prometheus.Registerer, saSvc *manager.ServiceAccountsService, secretsSvc secrets.Service) *ExtSvcAccountsService { func ProvideExtSvcAccountsService(acSvc ac.Service, bus bus.Bus, db db.DB, features *featuremgmt.FeatureManager, reg prometheus.Registerer, saSvc *manager.ServiceAccountsService, secretsSvc secrets.Service, tracer tracing.Tracer) *ExtSvcAccountsService {
logger := log.New("serviceauth.extsvcaccounts") logger := log.New("serviceauth.extsvcaccounts")
esa := &ExtSvcAccountsService{ esa := &ExtSvcAccountsService{
acSvc: acSvc, acSvc: acSvc,
@ -40,6 +42,7 @@ func ProvideExtSvcAccountsService(acSvc ac.Service, bus bus.Bus, db db.DB, featu
saSvc: saSvc, saSvc: saSvc,
features: features, features: features,
skvStore: kvstore.NewSQLSecretsKVStore(db, secretsSvc, logger), // Using SQL store to avoid a cyclic dependency skvStore: kvstore.NewSQLSecretsKVStore(db, secretsSvc, logger), // Using SQL store to avoid a cyclic dependency
tracer: tracer,
} }
if features.IsEnabledGlobally(featuremgmt.FlagExternalServiceAccounts) || features.IsEnabledGlobally(featuremgmt.FlagExternalServiceAuth) { if features.IsEnabledGlobally(featuremgmt.FlagExternalServiceAccounts) || features.IsEnabledGlobally(featuremgmt.FlagExternalServiceAuth) {
@ -55,6 +58,9 @@ func ProvideExtSvcAccountsService(acSvc ac.Service, bus bus.Bus, db db.DB, featu
// EnableExtSvcAccount enables or disables the service account associated to an external service // EnableExtSvcAccount enables or disables the service account associated to an external service
func (esa *ExtSvcAccountsService) EnableExtSvcAccount(ctx context.Context, cmd *sa.EnableExtSvcAccountCmd) error { func (esa *ExtSvcAccountsService) EnableExtSvcAccount(ctx context.Context, cmd *sa.EnableExtSvcAccountCmd) error {
ctx, span := esa.tracer.Start(ctx, "ExtSvcAccountsService.EnableExtSvcAccount")
defer span.End()
saName := sa.ExtSvcPrefix + slugify.Slugify(cmd.ExtSvcSlug) saName := sa.ExtSvcPrefix + slugify.Slugify(cmd.ExtSvcSlug)
saID, errRetrieve := esa.saSvc.RetrieveServiceAccountIdByName(ctx, cmd.OrgID, saName) saID, errRetrieve := esa.saSvc.RetrieveServiceAccountIdByName(ctx, cmd.OrgID, saName)
@ -67,6 +73,9 @@ func (esa *ExtSvcAccountsService) EnableExtSvcAccount(ctx context.Context, cmd *
// HasExternalService returns whether an external service has been saved with that name. // HasExternalService returns whether an external service has been saved with that name.
func (esa *ExtSvcAccountsService) HasExternalService(ctx context.Context, name string) (bool, error) { func (esa *ExtSvcAccountsService) HasExternalService(ctx context.Context, name string) (bool, error) {
ctx, span := esa.tracer.Start(ctx, "ExtSvcAccountsService.HasExternalService")
defer span.End()
saName := sa.ExtSvcPrefix + slugify.Slugify(name) saName := sa.ExtSvcPrefix + slugify.Slugify(name)
saID, errRetrieve := esa.saSvc.RetrieveServiceAccountIdByName(ctx, extsvcauth.TmpOrgID, saName) saID, errRetrieve := esa.saSvc.RetrieveServiceAccountIdByName(ctx, extsvcauth.TmpOrgID, saName)
@ -79,6 +88,9 @@ func (esa *ExtSvcAccountsService) HasExternalService(ctx context.Context, name s
// RetrieveExtSvcAccount fetches an external service account by ID // RetrieveExtSvcAccount fetches an external service account by ID
func (esa *ExtSvcAccountsService) RetrieveExtSvcAccount(ctx context.Context, orgID, saID int64) (*sa.ExtSvcAccount, error) { func (esa *ExtSvcAccountsService) RetrieveExtSvcAccount(ctx context.Context, orgID, saID int64) (*sa.ExtSvcAccount, error) {
ctx, span := esa.tracer.Start(ctx, "ExtSvcAccountsService.RetrieveExtSvcAccount")
defer span.End()
svcAcc, err := esa.saSvc.RetrieveServiceAccount(ctx, orgID, saID) svcAcc, err := esa.saSvc.RetrieveServiceAccount(ctx, orgID, saID)
if err != nil { if err != nil {
return nil, err return nil, err
@ -95,6 +107,9 @@ func (esa *ExtSvcAccountsService) RetrieveExtSvcAccount(ctx context.Context, org
// GetExternalServiceNames get the names of External Service in store // GetExternalServiceNames get the names of External Service in store
func (esa *ExtSvcAccountsService) GetExternalServiceNames(ctx context.Context) ([]string, error) { func (esa *ExtSvcAccountsService) GetExternalServiceNames(ctx context.Context) ([]string, error) {
ctx, span := esa.tracer.Start(ctx, "ExtSvcAccountsService.GetExternalServiceNames")
defer span.End()
esa.logger.Debug("Get external service names from store") esa.logger.Debug("Get external service names from store")
sas, err := esa.saSvc.SearchOrgServiceAccounts(ctx, &sa.SearchOrgServiceAccountsQuery{ sas, err := esa.saSvc.SearchOrgServiceAccounts(ctx, &sa.SearchOrgServiceAccountsQuery{
OrgID: extsvcauth.TmpOrgID, OrgID: extsvcauth.TmpOrgID,
@ -123,6 +138,9 @@ func (esa *ExtSvcAccountsService) SaveExternalService(ctx context.Context, cmd *
return nil, nil return nil, nil
} }
ctx, span := esa.tracer.Start(ctx, "ExtSvcAccountsService.SaveExternalService")
defer span.End()
if cmd == nil { if cmd == nil {
esa.logger.Warn("Received no input") esa.logger.Warn("Received no input")
return nil, nil return nil, nil
@ -167,10 +185,17 @@ func (esa *ExtSvcAccountsService) RemoveExternalService(ctx context.Context, nam
esa.logger.Warn("This feature is behind a feature flag, please set it if you want to save external services") esa.logger.Warn("This feature is behind a feature flag, please set it if you want to save external services")
return nil return nil
} }
ctx, span := esa.tracer.Start(ctx, "ExtSvcAccountsService.RemoveExternalService")
defer span.End()
return esa.RemoveExtSvcAccount(ctx, extsvcauth.TmpOrgID, slugify.Slugify(name)) return esa.RemoveExtSvcAccount(ctx, extsvcauth.TmpOrgID, slugify.Slugify(name))
} }
func (esa *ExtSvcAccountsService) RemoveExtSvcAccount(ctx context.Context, orgID int64, extSvcSlug string) error { func (esa *ExtSvcAccountsService) RemoveExtSvcAccount(ctx context.Context, orgID int64, extSvcSlug string) error {
ctx, span := esa.tracer.Start(ctx, "ExtSvcAccountsService.RemoveExtSvcAccount")
defer span.End()
saID, errRetrieve := esa.saSvc.RetrieveServiceAccountIdByName(ctx, orgID, sa.ExtSvcPrefix+extSvcSlug) saID, errRetrieve := esa.saSvc.RetrieveServiceAccountIdByName(ctx, orgID, sa.ExtSvcPrefix+extSvcSlug)
if errRetrieve != nil && !errors.Is(errRetrieve, sa.ErrServiceAccountNotFound) { if errRetrieve != nil && !errors.Is(errRetrieve, sa.ErrServiceAccountNotFound) {
return errRetrieve return errRetrieve
@ -200,6 +225,9 @@ func (esa *ExtSvcAccountsService) ManageExtSvcAccount(ctx context.Context, cmd *
return 0, nil return 0, nil
} }
ctx, span := esa.tracer.Start(ctx, "ExtSvcAccountsService.ManageExtSvcAccount")
defer span.End()
if cmd == nil { if cmd == nil {
esa.logger.Warn("Received no input") esa.logger.Warn("Received no input")
return 0, nil return 0, nil
@ -243,9 +271,12 @@ func (esa *ExtSvcAccountsService) ManageExtSvcAccount(ctx context.Context, cmd *
// saveExtSvcAccount creates or updates the service account associated with an external service // saveExtSvcAccount creates or updates the service account associated with an external service
func (esa *ExtSvcAccountsService) saveExtSvcAccount(ctx context.Context, cmd *saveCmd) (int64, error) { func (esa *ExtSvcAccountsService) saveExtSvcAccount(ctx context.Context, cmd *saveCmd) (int64, error) {
ctx, span := esa.tracer.Start(ctx, "ExtSvcAccountsService.saveExtSvcAccount")
defer span.End()
if cmd.SaID <= 0 { if cmd.SaID <= 0 {
// Create a service account // Create a service account
esa.logger.Debug("Create service account", "service", cmd.ExtSvcSlug, "orgID", cmd.OrgID) esa.logger.Info("Create service account", "service", cmd.ExtSvcSlug, "orgID", cmd.OrgID)
sa, err := esa.saSvc.CreateServiceAccount(ctx, cmd.OrgID, &sa.CreateServiceAccountForm{ sa, err := esa.saSvc.CreateServiceAccount(ctx, cmd.OrgID, &sa.CreateServiceAccountForm{
Name: sa.ExtSvcPrefix + cmd.ExtSvcSlug, Name: sa.ExtSvcPrefix + cmd.ExtSvcSlug,
Role: newRole(roletype.RoleNone), Role: newRole(roletype.RoleNone),
@ -282,6 +313,9 @@ func (esa *ExtSvcAccountsService) saveExtSvcAccount(ctx context.Context, cmd *sa
// deleteExtSvcAccount deletes a service account by ID and removes its associated role // deleteExtSvcAccount deletes a service account by ID and removes its associated role
func (esa *ExtSvcAccountsService) deleteExtSvcAccount(ctx context.Context, orgID int64, slug string, saID int64) error { func (esa *ExtSvcAccountsService) deleteExtSvcAccount(ctx context.Context, orgID int64, slug string, saID int64) error {
ctx, span := esa.tracer.Start(ctx, "ExtSvcAccountsService.deleteExtSvcAccount")
defer span.End()
esa.logger.Info("Delete service account", "service", slug, "orgID", orgID, "saID", saID) esa.logger.Info("Delete service account", "service", slug, "orgID", orgID, "saID", saID)
if err := esa.saSvc.DeleteServiceAccount(ctx, orgID, saID); err != nil { if err := esa.saSvc.DeleteServiceAccount(ctx, orgID, saID); err != nil {
return err return err
@ -298,6 +332,9 @@ func (esa *ExtSvcAccountsService) deleteExtSvcAccount(ctx context.Context, orgID
// getExtSvcAccountToken get or create the token of an External Service // getExtSvcAccountToken get or create the token of an External Service
func (esa *ExtSvcAccountsService) getExtSvcAccountToken(ctx context.Context, orgID, saID int64, extSvcSlug string) (string, error) { func (esa *ExtSvcAccountsService) getExtSvcAccountToken(ctx context.Context, orgID, saID int64, extSvcSlug string) (string, error) {
ctx, span := esa.tracer.Start(ctx, "ExtSvcAccountsService.getExtSvcAccountToken")
defer span.End()
// Get credentials from store // Get credentials from store
credentials, err := esa.GetExtSvcCredentials(ctx, orgID, extSvcSlug) credentials, err := esa.GetExtSvcCredentials(ctx, orgID, extSvcSlug)
if err != nil && !errors.Is(err, ErrCredentialsNotFound) { if err != nil && !errors.Is(err, ErrCredentialsNotFound) {

2
pkg/services/serviceaccounts/extsvcaccounts/service_test.go
View File

@ -6,6 +6,7 @@ import (
"github.com/grafana/grafana/pkg/infra/localcache" "github.com/grafana/grafana/pkg/infra/localcache"
"github.com/grafana/grafana/pkg/infra/log" "github.com/grafana/grafana/pkg/infra/log"
"github.com/grafana/grafana/pkg/infra/tracing"
"github.com/grafana/grafana/pkg/models/roletype" "github.com/grafana/grafana/pkg/models/roletype"
ac "github.com/grafana/grafana/pkg/services/accesscontrol" ac "github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/accesscontrol/acimpl" "github.com/grafana/grafana/pkg/services/accesscontrol/acimpl"
@ -47,6 +48,7 @@ func setupTestEnv(t *testing.T) *TestEnv {
metrics: newMetrics(nil, env.SaSvc, logger), metrics: newMetrics(nil, env.SaSvc, logger),
saSvc: env.SaSvc, saSvc: env.SaSvc,
skvStore: env.SkvStore, skvStore: env.SkvStore,
tracer: tracing.InitializeTracerForTest(),
} }
return env return env
} }