grafana/pkg/api
Jo 26339f978b
Auth: Move access control API to SignedInUser interface (#73144)
* move access control api to SignedInUser interface

* remove unused code

* add logic for reading perms from a specific org

* move the specific org logic to org_user.go

* add a comment

---------

Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>
2023-08-18 11:42:18 +01:00
..
apierrors Chore: Fix status codes for nested folders (#59087) 2022-11-22 16:06:39 +02:00
avatar Chore: Fix goimports grouping in pkg/api (#62419) 2023-01-30 08:18:26 +00:00
datasource backend/datasources: move datasources models into the datasources service package (#51267) 2022-06-27 12:23:15 -04:00
dtos Chore: remove DisableSyncLock setting, as it's not used anymore (#72680) 2023-08-01 17:38:07 +03:00
frontendlogging Plugins: Add context to StaticRouteResolver and ErrorResolver interfaces (#73121) 2023-08-10 10:32:12 +02:00
pluginproxy Azure: Configuration for user identity authentication in datasources (Experimental) (#50277) 2023-05-15 18:00:54 +01:00
response Logger: Add feature toggle for errors in HTTP request logs (#64425) 2023-03-31 15:38:09 +02:00
routing Chore: Move ReqContext to contexthandler service (#62102) 2023-01-27 08:50:36 +01:00
static API: Extract OpenAPI specification from source code using go-swagger (#40528) 2022-02-08 13:38:43 +01:00
accesscontrol.go Auth: Move access control API to SignedInUser interface (#73144) 2023-08-18 11:42:18 +01:00
admin_encryption.go Config: Add configuration option to define custom user-facing general error message for certain error types (#70023) 2023-06-16 10:46:47 -05:00
admin_provisioning_test.go RBAC: Rewrite provisioning rbac tests (#61752) 2023-01-19 13:49:57 +01:00
admin_provisioning.go Chore: Move ReqContext to contexthandler service (#62102) 2023-01-27 08:50:36 +01:00
admin_test.go Chore: Fix goimports grouping in pkg/api (#62419) 2023-01-30 08:18:26 +00:00
admin_users_test.go Auth: Lock down Grafana admin role updates if the role is externally synced (#72677) 2023-08-01 16:39:08 +01:00
admin_users.go Auth: Lock down Grafana admin role updates if the role is externally synced (#72677) 2023-08-01 16:39:08 +01:00
admin.go Auth: Move access control API to SignedInUser interface (#73144) 2023-08-18 11:42:18 +01:00
alerting.go Chore: Remove result field from search (#65583) 2023-03-30 11:28:12 +02:00
annotations_test.go RBAC: remove some IsDisabled checks (#69272) 2023-05-31 09:58:57 +01:00
annotations.go RBAC: remove some IsDisabled checks (#69272) 2023-05-31 09:58:57 +01:00
api.go Middleware: Add team metadata to HTTP handlers (#71010) 2023-08-16 15:05:19 +02:00
apikey.go Auth: Move access control API to SignedInUser interface (#73144) 2023-08-18 11:42:18 +01:00
basic_auth_test.go Macaron: remove custom Request type (#37874) 2021-09-01 11:18:30 +02:00
basic_auth.go Macaron: remove custom Request type (#37874) 2021-09-01 11:18:30 +02:00
common_test.go Contexthandler: Remove code that is no longer used (#73101) 2023-08-09 15:17:59 +02:00
dashboard_permission_test.go AC: Remove legacy AC from dashboard permissions API (#71524) 2023-07-17 17:54:39 +02:00
dashboard_permission.go AC: Remove legacy AC from dashboard permissions API (#71524) 2023-07-17 17:54:39 +02:00
dashboard_snapshot_test.go Cfg: Move ViewersCanEdit into cfg (#64876) 2023-03-16 10:54:01 +01:00
dashboard_snapshot.go Snapshots: Fix deleting snapshot with non existent dashboard ID (#64345) 2023-03-08 10:12:02 +02:00
dashboard_test.go Auth: Use authn.Service for all tests (#72921) 2023-08-09 08:54:52 +02:00
dashboard.go RBAC: remove simple RBAC disabled checks (#71137) 2023-07-10 15:14:21 +03:00
dataproxy.go Chore: Move ReqContext to contexthandler service (#62102) 2023-01-27 08:50:36 +01:00
datasources_test.go Chore: Return correct error for name taken and validation error on add/update datasource (#70465) 2023-07-17 16:27:19 +02:00
datasources.go Chore: Return correct error for name taken and validation error on add/update datasource (#70465) 2023-07-17 16:27:19 +02:00
fakes.go Plugins: Add context to StaticRouteResolver and ErrorResolver interfaces (#73121) 2023-08-10 10:32:12 +02:00
featuremgmt_test.go Feature Toggles: Create API for updating feature toggle state from the feature toggle admin page (#73022) 2023-08-09 11:32:28 -04:00
featuremgmt.go Feature Toggles: Create API for updating feature toggle state from the feature toggle admin page (#73022) 2023-08-09 11:32:28 -04:00
folder_bench_test.go Search v1: Remove unnecessary subqueries (#72388) 2023-08-02 10:39:25 +03:00
folder_permission_test.go AC: Remove legacy AC from folders permissions API (#71526) 2023-07-17 19:21:01 +03:00
folder_permission.go AC: Remove legacy AC from folders permissions API (#71526) 2023-07-17 19:21:01 +03:00
folder_test.go NestedFolders: Return full folder hierarchy in Folder response (#66835) 2023-04-25 11:22:20 +03:00
folder.go Auth: Move access control API to SignedInUser interface (#73144) 2023-08-18 11:42:18 +01:00
frontend_logging_test.go Frontend logging: Remove Sentry javascript agent support (#67493) 2023-05-02 12:10:56 +03:00
frontend_logging.go Plugins: Add context to StaticRouteResolver and ErrorResolver interfaces (#73121) 2023-08-10 10:32:12 +02:00
frontend_metrics.go Chore: Move ReqContext to contexthandler service (#62102) 2023-01-27 08:50:36 +01:00
frontendsettings_test.go Plugins: Migrate PluginStore mock to pre-existing fakes package (#71664) 2023-07-17 10:21:44 +00:00
frontendsettings.go Chore: remove DisableSyncLock setting, as it's not used anymore (#72680) 2023-08-01 17:38:07 +03:00
grafana_com_proxy.go API: don't re-add /api suffix to grafana.com API URL (#62280) 2023-01-27 10:20:55 +01:00
health_test.go Chore: Fix goimports grouping in pkg/api (#62419) 2023-01-30 08:18:26 +00:00
health.go Chore: Remove Store interface and use db.DB instead (#60160) 2022-12-13 11:03:36 +01:00
http_server_test.go Chore: Fix goimports grouping in pkg/api (#62419) 2023-01-30 08:18:26 +00:00
http_server.go Middleware: Add team metadata to HTTP handlers (#71010) 2023-08-16 15:05:19 +02:00
index.go Auth: remove org count from signedInUser (#72661) 2023-08-01 14:04:37 +02:00
login_oauth_test.go Auth: Remove auth broker flag and clean up login handlers (#73109) 2023-08-10 09:56:04 +02:00
login_oauth.go Auth: Remove unused Authenticator service (#73143) 2023-08-10 11:02:32 +02:00
login_test.go Auth: Use authn.Service for all tests (#72921) 2023-08-09 08:54:52 +02:00
login.go Auth: Remove unused Authenticator service (#73143) 2023-08-10 11:02:32 +02:00
metrics_test.go Plugins: Migrate PluginStore mock to pre-existing fakes package (#71664) 2023-07-17 10:21:44 +00:00
metrics.go Plugins: Refactor creation of plugin context to dedicated service (#66451) 2023-06-08 13:59:51 +02:00
openapi3.go Modify Content-Security-Policy for Swagger UI (#63568) 2023-08-01 11:27:44 +03:00
org_invite_test.go Chore: Fix goimports grouping in pkg/api (#62419) 2023-01-30 08:18:26 +00:00
org_invite.go Auth: Org Invite and Team API SignedInUser interfacing (#73085) 2023-08-09 12:33:35 +02:00
org_test.go MESA: Allow using synced permissions (#71377) 2023-07-12 13:28:04 +03:00
org_users_test.go Contexthandler: Remove code that is no longer used (#73101) 2023-08-09 15:17:59 +02:00
org_users.go Auth: Move access control API to SignedInUser interface (#73144) 2023-08-18 11:42:18 +01:00
org.go AC: Remove legacy AC from dashboard permissions API (#71524) 2023-07-17 17:54:39 +02:00
password.go Chore: Remove result fields from login (#65136) 2023-03-28 20:32:21 +02:00
playlist_play.go Chore: Remove result field from search (#65583) 2023-03-30 11:28:12 +02:00
playlist.go Chore: Move ReqContext to contexthandler service (#62102) 2023-01-27 08:50:36 +01:00
plugin_dashboards_test.go Chore: Fix goimports grouping in pkg/api (#62419) 2023-01-30 08:18:26 +00:00
plugin_dashboards.go Chore: Move ReqContext to contexthandler service (#62102) 2023-01-27 08:50:36 +01:00
plugin_metrics_test.go Chore: Fix goimports grouping in pkg/api (#62419) 2023-01-30 08:18:26 +00:00
plugin_metrics.go Chore: Fix goimports grouping in pkg/api (#62419) 2023-01-30 08:18:26 +00:00
plugin_proxy_test.go Plugins: Handle app plugin proxy routes per request (#51835) 2022-08-23 13:05:31 +02:00
plugin_proxy.go Plugins: Only configure plugin proxy transport once (#71735) 2023-07-17 13:37:03 +02:00
plugin_resource_test.go Plugins: Add validation stage to plugin loader pipeline (#73053) 2023-08-09 18:25:28 +02:00
plugin_resource.go Plugins: Account for nil user when constructing plugin context (#69811) 2023-06-08 19:36:41 +03:00
plugins_test.go Plugins: Make Installer responsible for removing plugins from file system (#73323) 2023-08-16 15:44:20 +02:00
plugins.go Auth: Move access control API to SignedInUser interface (#73144) 2023-08-18 11:42:18 +01:00
preferences_test.go Chore: remove tests for legacy AC, update other tests to work with RBAC (#68895) 2023-05-23 15:29:20 +01:00
preferences.go Preferences: Fixing preference PUT validation (#68557) 2023-05-16 19:38:51 +02:00
quota_test.go MESA: Allow using synced permissions (#71377) 2023-07-12 13:28:04 +03:00
quota.go Chore: Move ReqContext to contexthandler service (#62102) 2023-01-27 08:50:36 +01:00
README.md API: Enable serving Swagger UI by default and add docs and guidelines (#63489) 2023-03-01 16:36:37 +02:00
render.go Chore: Move ReqContext to contexthandler service (#62102) 2023-01-27 08:50:36 +01:00
search.go Search API: Search by folder UID (#65040) 2023-08-04 12:43:47 +03:00
short_url_test.go Chore: Fix goimports grouping in pkg/api (#62419) 2023-01-30 08:18:26 +00:00
short_url.go Chore: Move ReqContext to contexthandler service (#62102) 2023-01-27 08:50:36 +01:00
signup.go Orgs: Remove auto assign globals (#63754) 2023-02-27 10:23:38 +01:00
swagger_responses.go Chore: Move swagger definitions to the handlers (#52643) 2022-07-27 09:54:37 -04:00
swagger_tags.json Chore: Move swagger definitions to the handlers (#52643) 2022-07-27 09:54:37 -04:00
swagger.go Modify Content-Security-Policy for Swagger UI (#63568) 2023-08-01 11:27:44 +03:00
team_members_test.go Chore: Remove legacy AC checks from team (#68715) 2023-05-22 18:41:53 +02:00
team_members.go Chore: Remove legacy AC checks from team (#68715) 2023-05-22 18:41:53 +02:00
team_test.go Chore: Remove legacy AC checks from team (#68715) 2023-05-22 18:41:53 +02:00
team.go Auth: Move access control API to SignedInUser interface (#73144) 2023-08-18 11:42:18 +01:00
user_test.go Auth: Lock down Grafana admin role updates if the role is externally synced (#72677) 2023-08-01 16:39:08 +01:00
user_token_test.go AuthToken: client token rotation fix (#65709) 2023-03-31 16:44:08 +02:00
user_token.go AuthToken: client token rotation fix (#65709) 2023-03-31 16:44:08 +02:00
user.go Auth: Lock down Grafana admin role updates if the role is externally synced (#72677) 2023-08-01 16:39:08 +01:00
utils.go Auth: Add feature flag to move token rotation to client (#65060) 2023-03-23 14:39:04 +01:00

OpenAPI specifications

Since version 8.4, HTTP API details are specified using OpenAPI v2. Starting from version 9.1, there is also an OpenAPI v3 specification (generated by the v2 one using this script).

OpenAPI annotations

The OpenAPI v2 specification is generated automatically from the annotated Go code using go-swagger which scans the source code for annotation rules. Refer to this getting started guide for getting familiar with the toolkit.

Developers modifying the HTTP API endpoints need to make sure to add the necessary annotations so that their changes are reflected into the generated specifications.

Example of endpoint annotation

The following route defines a PATCH endpoint under the /serviceaccounts/{serviceAccountId} path with tag service_accounts (used for grouping together several routes) and operation ID updateServiceAccount (used for uniquely identifying routes and associate parameters and response with them).


// swagger:route PATCH /serviceaccounts/{serviceAccountId} service_accounts updateServiceAccount
//
// # Update service account
//
// Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation):
// action: `serviceaccounts:write` scope: `serviceaccounts:id:1` (single service account)
//
// Responses:
// 200: updateServiceAccountResponse
// 400: badRequestError
// 401: unauthorisedError
// 403: forbiddenError
// 404: notFoundError
// 500: internalServerError

The go-swagger can discover such annotations by scanning any code imported by pkg/server but by convention we place the endpoint annotations above the endpoint definition.

Example of endpoint parameters

The following struct defines the route parameters for the updateServiceAccount endpoint. The route expects:

  • a path parameter denoting the service account identifier and
  • a body parameter with the new values for the specific service account

// swagger:parameters updateServiceAccount
type UpdateServiceAccountParams struct {
	// in:path
	ServiceAccountId int64 `json:"serviceAccountId"`
	// in:body
	Body serviceaccounts.UpdateServiceAccountForm
}

Example of endpoint response

The following struct defines the response for the updateServiceAccount endpoint in case of a successful 200 response.


// swagger:response updateServiceAccountResponse
type UpdateServiceAccountResponse struct {
	// in:body
	Body struct {
		Message        string                                    `json:"message"`
		ID             int64                                     `json:"id"`
		Name           string                                    `json:"name"`
		ServiceAccount *serviceaccounts.ServiceAccountProfileDTO `json:"serviceaccount"`
	}
}

OpenAPI generation

Developers can re-create the OpenAPI v2 and v3 specifications using the following command:


make clean-api-spec && make openapi3-gen

They can observe its output into the public/api-merged.json and public/openapi3.json files.

Finally, they can browser and try out both the OpenAPI v2 and v3 via the Swagger UI editor (served by the grafana server) by navigating to /swagger-ui and /openapi3 respectivally.