IAM: Protect managed service account frontend details page (#77839)

* Add `isManaged` property to frontend model * Remove enabled and token buttons for managed SA * Replace trash icon for lock icon for managed SA * Block the role picker for managed SA * Filter SA list usiong the managed filter * Rename external for managed * Add only managed filter * Toggle the enable buttons for managed sa * Disable add token and delete token buttons * Remove the edit name button * Disable the Role picker for managed sa * Hide the permissions section * Add managed by row --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
2025-02-25 18:55:37 -06:00 · 2023-11-14 17:52:48 +01:00
parent e94f8234a1
commit 408dab8c57
9 changed files with 56 additions and 10 deletions
--- a/pkg/services/serviceaccounts/models.go
+++ b/pkg/services/serviceaccounts/models.go
@@ -158,6 +158,8 @@ type ServiceAccountProfileDTO struct {
 	Teams []string `json:"teams" xorm:"-"`
 	// example: false
 	IsExternal bool `json:"isExternal,omitempty" xorm:"-"`
+	// example: grafana-app
+	RequiredBy string `json:"requiredBy,omitempty" xorm:"-"`

 	Tokens        int64           `json:"tokens,omitempty"`
 	AccessControl map[string]bool `json:"accessControl,omitempty" xorm:"-"`
--- a/pkg/services/serviceaccounts/proxy/service.go
+++ b/pkg/services/serviceaccounts/proxy/service.go
@@ -139,6 +139,7 @@ func (s *ServiceAccountsProxy) RetrieveServiceAccount(ctx context.Context, orgID

 	if s.isProxyEnabled {
 		sa.IsExternal = isExternalServiceAccount(sa.Login)
+		sa.RequiredBy = strings.ReplaceAll(sa.Name, serviceaccounts.ExtSvcPrefix, "")
 	}

 	return sa, nil