AuthN: Use sync hook to fetch service account (#84078)

* Use sync hook to fetch service account
2025-02-25 18:55:37 -06:00 · 2024-03-11 15:56:53 +01:00
parent d8b8a2c2b0
commit 9c292d2c3f
4 changed files with 14 additions and 45 deletions
--- a/pkg/services/authn/clients/api_key_test.go
+++ b/pkg/services/authn/clients/api_key_test.go
@@ -16,8 +16,6 @@ import (
 	"github.com/grafana/grafana/pkg/services/authn"
 	"github.com/grafana/grafana/pkg/services/login"
 	"github.com/grafana/grafana/pkg/services/org"
-	"github.com/grafana/grafana/pkg/services/user"
-	"github.com/grafana/grafana/pkg/services/user/usertest"
 )

 var (
@@ -30,7 +28,6 @@ func TestAPIKey_Authenticate(t *testing.T) {
 		desc             string
 		req              *authn.Request
 		expectedKey      *apikey.APIKey
-		expectedUser     *user.SignedInUser
 		expectedErr      error
 		expectedIdentity *authn.Identity
 	}
@@ -72,20 +69,11 @@ func TestAPIKey_Authenticate(t *testing.T) {
 				Key:              hash,
 				ServiceAccountId: intPtr(1),
 			},
-			expectedUser: &user.SignedInUser{
-				UserID:           1,
-				OrgID:            1,
-				IsServiceAccount: true,
-				OrgRole:          org.RoleViewer,
-				Name:             "test",
-			},
 			expectedIdentity: &authn.Identity{
-				ID:             "service-account:1",
-				OrgID:          1,
-				Name:           "test",
-				OrgRoles:       map[int64]org.RoleType{1: org.RoleViewer},
-				IsGrafanaAdmin: boolPtr(false),
+				ID:    "service-account:1",
+				OrgID: 1,
 				ClientParams: authn.ClientParams{
+					FetchSyncedUser: true,
 					SyncPermissions: true,
 				},
 				AuthenticatedBy: login.APIKeyAuthModule,
@@ -124,11 +112,7 @@ func TestAPIKey_Authenticate(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.desc, func(t *testing.T) {
-			c := ProvideAPIKey(&apikeytest.Service{
-				ExpectedAPIKey: tt.expectedKey,
-			}, &usertest.FakeUserService{
-				ExpectedSignedInUser: tt.expectedUser,
-			})
+			c := ProvideAPIKey(&apikeytest.Service{ExpectedAPIKey: tt.expectedKey})

 			identity, err := c.Authenticate(context.Background(), tt.req)
 			if tt.expectedErr != nil {
@@ -195,7 +179,7 @@ func TestAPIKey_Test(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.desc, func(t *testing.T) {
-			c := ProvideAPIKey(&apikeytest.Service{}, usertest.NewUserServiceFake())
+			c := ProvideAPIKey(&apikeytest.Service{})
 			assert.Equal(t, tt.expected, c.Test(context.Background(), tt.req))
 		})
 	}
@@ -286,19 +270,11 @@ func TestAPIKey_GetAPIKeyIDFromIdentity(t *testing.T) {
 		},
 	}}

-	signedInUser := &user.SignedInUser{
-		UserID: 1,
-		OrgID:  1,
-		Name:   "test",
-	}
-
 	for _, tt := range tests {
 		t.Run(tt.desc, func(t *testing.T) {
 			c := ProvideAPIKey(&apikeytest.Service{
 				ExpectedError:  tt.expectedError,
 				ExpectedAPIKey: tt.expectedKey,
-			}, &usertest.FakeUserService{
-				ExpectedSignedInUser: signedInUser,
 			})
 			id, exists := c.getAPIKeyID(context.Background(), tt.expectedIdentity, req)
 			assert.Equal(t, tt.expectedExists, exists)