Commit Graph

41 Commits

Author SHA1 Message Date
idafurjes
a14621fff6
Chore: Add user service method SetUsingOrg and GetSignedInUserWithCacheCtx (#53343)
* Chore: Add user service method SetUsingOrg

* Chore: Add user service method GetSignedInUserWithCacheCtx

* Use method GetSignedInUserWithCacheCtx from user service

* Fix lint after rebase

* Fix lint

* Fix lint error

* roll back some changes

* Roll back changes in api and middleware

* Add xorm tags to SignedInUser ID fields
2022-08-11 13:28:55 +02:00
Serge Zaitsev
191ab3bb01
Chore: Move api key models into apikey service package (#53241)
* Chore: move api key models into apikey service package

* force table name for api key
2022-08-04 14:19:09 +02:00
Serge Zaitsev
64488f6b90
Chore: split APIKey store (#52781)
* move apikey store into a separate service

* add apikey service to wire graph

* fix linter

* switch api to use apikey service

* fix provideservice in tests

* add apikey service test double

* try different sql syntax

* rolling back the dialect

* trigger drone

* trigger drone
2022-08-02 16:55:19 +02:00
Sofia Papagiannaki
7ba076de10
Chore: Move swagger definitions to the handlers (#52643) 2022-07-27 09:54:37 -04:00
Karl Persson
6c6137f45a
Access control: Pass access control metadata for api keys (#48445)
* Move ApiKeyDTO to dtos package

* Add access control filter to api keys

* pass user in GetApiKeysQuery

* Add api key metadata to DTO

* Remove scope all requirement from get api keys endpoint

* Handle api key access control metadata in frondend
2022-04-29 15:30:24 +02:00
ying-jeanne
7ddae870e7
fix status code 200 (#47818) 2022-04-15 08:01:58 -04:00
Ieva
a245531f0c
Access control: service account role check (#47710)
* forbid setting role higher than user's role

* change response code

* can assign API key permissions to non-admin users

* add: assign viewer role directly upon creation

* refactor: add AddSATcommand infavor of AddAPIkey

* refactor: frontend fixes for ServiceAccountToken

Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
2022-04-13 18:11:03 +02:00
J Guerreiro
5cb03d6e62
Separate API key store from SA token store (#45862)
* ServiceAccounts: Fix token-apikey cross deletion

* ServiceAccounts: separate API key store and service account token store

* ServiceAccounts: hide service account tokens from API Keys page

* ServiceAccounts: uppercase statement

* ServiceAccounts: fix and add new tests for SAT store

* ServiceAccounts: remove service account ID from add API key

* ServiceAccounts: clear up errors
2022-02-28 11:30:45 +01:00
J Guerreiro
94820e1f29
Add/Delete API keys to Service accounts (#44871)
* ServiceAccounts: move token handlers to specific file

* ServiceAccounts: move Add API key to Service account

* APIKeys: api keys can still be used even when service accounts are enabled

* APIKeys: legacy endpoint can't be used to add SA tokens

* ServiceAccount: add tests for creation with nil and non-nil service account ids

* ServiceAccounts: fix unnasigned cfg and AC typo

* Test: test service account token adding

* fix linting error

* ServiceAccounts: Handle Token deletion

* rename token funcs

* rename token funcs and api wrapping

* add token deletion tests

* review

Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>

* remove bus

* Update pkg/api/apikey.go

Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
2022-02-07 14:51:54 +01:00
ying-jeanne
69c764897e
remove dispatch from apikey (#44955) 2022-02-07 21:14:54 +08:00
Ryan McKinley
5d66194ec5
FeatureFlags: define features outside settings.Cfg (take 3) (#44443) 2022-01-26 09:44:20 -08:00
Agnès Toulet
65bdb3a899
FeatureFlags: Revert managing feature flags outside of settings.Cfg (#44382)
* Revert "FeatureToggles: register all enterprise feature toggles (#44336)"

This reverts commit f53b3fb007.

* Revert "FeatureFlags: manage feature flags outside of settings.Cfg (#43692)"

This reverts commit f94c0decbd.
2022-01-24 16:08:05 +01:00
Ryan McKinley
f94c0decbd
FeatureFlags: manage feature flags outside of settings.Cfg (#43692) 2022-01-20 13:42:05 -08:00
ying-jeanne
7422789ec7
Remove Macaron ParamsInt64 function from code base (#43810)
* draft commit

* change all calls

* Compilation errors
2022-01-15 00:55:57 +08:00
Jeremy Price
e894837b7e
Accesscontrol: Remove service account creation code from addapikey (#43900)
* Remove service account creation code from addapikey
Co-authored-by: J Guerreiro <joao.guerreiro@grafana.com>
2022-01-12 15:18:57 +01:00
idafurjes
8e6d6af744
Rename DispatchCtx to Dispatch (#43563) 2021-12-28 17:36:22 +01:00
Jeremy Price
13fdc5231d
AccessControl: upgrade apikeys by adding service accounts (#42425)
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

* Change default options for cloned service account

* Run in background

* Add endpoint to upgrade api keys to service accounts
2021-12-16 14:28:16 +01:00
Serge Zaitsev
d9cdcb550e
Chore: Refactor api handlers to use web.Bind (#42199)
* Chore: Refactor api handlers to use web.Bind

* fix comments

* fix comment

* trying to fix most of the tests and force routing.Wrap type check

* fix library panels tests

* fix frontend logging tests

* allow passing nil as a response to skip writing

* return nil instead of the response

* rewrite login handler function types

* remove handlerFuncCtx

* make linter happy

* remove old bindings from the libraryelements

* restore comments
2021-11-29 10:18:01 +01:00
Jeremy Price
a145ec37bb
Handle request service account when not enabled (#42122)
* Handle request service account when not enabled
2021-11-24 11:56:55 +01:00
Jeremy Price
69c5370e94
Accesscontrol: Add additional API keys to service account, move cloneserviceaccount to sqlstore (#41189)
* Add additional api key, move cloneserviceaccount

* Remove TODOs, for now

* Error messages

* Linter

* Security check

* Add comments

* Take service account id from correct variable

* Update user.go
2021-11-11 10:42:21 +00:00
Jeremy Price
6dbb6408d4
Access Control: Add service accounts (#38994)
* Add extra fields to OSS types to support enterprise

* Create a service account at the same time as the API key

* Use service account credentials when accessing API with APIkey

* Add GetRole to service, merge RoleDTO and Role structs

This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons:

1.  Makes switching between OSS and Enterprise easier
2.  Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise

* If API key is not linked to a service account, continue login as usual

* Fallback to old auth if no service account linked to key

* Add CloneUserToServiceAccount

* Adding LinkAPIKeyToServiceAccount

* Handle api key link error

* Better error messages for OSS accesscontrol

* Set an invalid user id as default

* Re-arrange field names

* ServiceAccountId is integer

* Better error messages

Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com>
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
2021-10-20 14:36:11 +02:00
Carl Bergquist
f20de5588b
add context to api crud calls (#40047)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2021-10-11 14:35:31 +02:00
Christian Haudum
076e2ce06a
Return 404 when deleting non-existing API key (#33346)
The server needs to return a HTTP 404 (Not Found) when an API key that does not exist is deleted.
2021-04-28 13:30:09 +02:00
Hugo Häggmark
3d41267fc4
Chore: Moves common and response into separate packages (#30298)
* Chore: moves common and response into separate packages

* Chore: moves common and response into separate packages

* Update pkg/api/utils/common.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Chore: changes after PR comments

* Chore: move wrap to routing package

* Chore: move functions in common to response package

* Chore: move functions in common to response package

* Chore: formats imports

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 14:43:20 +01:00
Arve Knudsen
294770f411
Chore: Handle wrapped errors (#29223)
* Chore: Handle wrapped errors

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2020-11-19 13:34:28 +01:00
Agnès Toulet
6dd109b927
API: return resource ID for auth key creation, folder permissions update and user invite complete endpoints (#27419)
* API: add ID to auth key and folder endpoints

* API: add test for folder permissions update

* API: add created user id for /invite/complete endpoint
2020-09-07 17:06:11 +02:00
Sofia Papagiannaki
d1c523838b
API: Optionally list expired keys (#20468)
* API: Optionally list expired keys

* Update docs
2019-11-20 13:14:57 +02:00
Arve Knudsen
35e0e078b7
pkg/util: Check errors (#19832)
* pkg/util: Check errors
* pkg/services: DRY up code
2019-10-23 10:40:12 +02:00
Anthony Templeton
3680b95b44 Auth: Duplicate API Key Name Handle With Useful HTTP Code (#17905)
* API: Duplicate API Key Name Handle With Useful HTTP Code

* 17447: make changes requested during review

- use dialect.IsUniqueContraintViolation
- change if statement to match others
- return error properly

* Revert "17447: make changes requested during review"

This reverts commit a4a674ea83.

* API: useful http code on duplicate api key error w/ tests

* API: API Key Duplicate Handling

fixed small typo associated with error
2019-07-11 11:20:34 +03:00
Sofia Papagiannaki
dc9ec7dc91
Auth: Allow expiration of API keys (#17678)
* Modify backend to allow expiration of API Keys

* Add middleware test for expired api keys

* Modify frontend to enable expiration of API Keys

* Fix frontend tests

* Fix migration and add index for `expires` field

* Add api key tests for database access

* Substitude time.Now() by a mock for test usage

* Front-end modifications

* Change input label to `Time to live`
* Change input behavior to comply with the other similar
* Add tooltip

* Modify AddApiKey api call response

Expiration should be *time.Time instead of string

* Present expiration date in the selected timezone

* Use kbn for transforming intervals to seconds

* Use `assert` library for tests

* Frontend fixes

Add checks for empty/undefined/null values

* Change expires column from datetime to integer

* Restrict api key duration input

It should be interval not number

* AddApiKey must complain if SecondsToLive is negative

* Declare ErrInvalidApiKeyExpiration

* Move configuration to auth section

* Update docs

* Eliminate alias for models in modified files

* Omit expiration from api response if empty

* Eliminate Goconvey from test file

* Fix test

Do not sleep, use mocked timeNow() instead

* Remove index for expires from api_key table

The index should be anyway on both org_id and expires fields.
However this commit eliminates completely the index for now
since not many rows are expected to be in this table.

* Use getTimeZone function

* Minor change in api key listing

The frontend should display a message instead of empty string
if the key does not expire.
2019-06-26 09:47:03 +03:00
Julian Kornberger
0a415c50d0 Make golint happier 2018-03-22 22:38:44 +01:00
Julian Kornberger
7aab6a8887 Make golint happier 2018-03-22 12:40:21 +01:00
Dan Cech
c0ecdee375
rename Context to ReqContext 2018-03-07 11:54:50 -05:00
Dan Cech
338655dd37
move Context and session out of middleware 2018-03-06 18:16:49 -05:00
Torkel Ödegaard
f81bde5643 Refactoring some api handlers to use the new Response return object 2015-05-18 21:23:40 +02:00
Torkel Ödegaard
c75aa23092 New implementation for API Keys that only stores hashed api keys, and the client key is base64 decoded json web token with the unhashed key, Closes #1440 2015-02-26 17:23:28 +01:00
Torkel Ödegaard
6a2a6afc1d Merge branch 'develop' into apikey_hashed
Conflicts:
	pkg/api/apikey.go
	pkg/services/sqlstore/migrations.go
2015-02-26 15:48:54 +01:00
Torkel Ödegaard
26e4809e2e Big Backend Refatoring: Renamed Account -> Org 2015-02-23 20:07:49 +01:00
Torkel Ödegaard
5269422f7c Began work on hashing api keys 2015-02-09 13:30:04 +01:00
Torkel Ödegaard
10820f31c2 Changed go package path 2015-02-05 10:37:13 +01:00
Torkel Ödegaard
951ce0a102 API token -> API key rename 2015-01-27 08:26:11 +01:00