mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
ba717454e1
* Plugin: Remove external service on plugin removal * Early exit no service account * Add log * WIP * Cable OAuth2Server client removal * Move function lower * Add function to test removal * Add test to RemoveExternalService * Test RemoveExtSvcAccount * remove apostrophy in comment * Add cfg to plugin installer to check features * Add feature flag check in the service registration service * Comments * Move metrics Inc * Initialize map * Reorder * Initialize mutex as well * Add HasExternalService as suggested * WIP: CleanUpOrphanedExternalServices * Commit suggestion Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> * Nit on test. Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> * oauthserver return names * Name is not Slug * Use plugin ID not slug * Add background job * remove negation on feature check * Add test to the CleanUp function * Test GetExternalServiceNames * rename test * Add test for ExtSvcAccountsService_GetExternalServiceNames * Add a todo * Add todo * Option based on mix * Rewrite a bit the comment * Opinionated choice use slugs instead of names everywhere * Nit. * Comments and re-ordering * Comment * Add log * Add context --------- Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
63 lines
2.2 KiB
Go
63 lines
2.2 KiB
Go
package extsvcaccounts
|
|
|
|
import (
|
|
"github.com/grafana/grafana/pkg/models/roletype"
|
|
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
|
|
"github.com/grafana/grafana/pkg/services/extsvcauth"
|
|
"github.com/grafana/grafana/pkg/services/serviceaccounts"
|
|
"github.com/grafana/grafana/pkg/services/user"
|
|
"github.com/grafana/grafana/pkg/util/errutil"
|
|
)
|
|
|
|
const (
|
|
metricsNamespace = "grafana"
|
|
|
|
kvStoreType = "extsvc-token"
|
|
// #nosec G101 - this is not a hardcoded secret
|
|
tokenNamePrefix = "extsvc-token"
|
|
)
|
|
|
|
var (
|
|
ErrCannotBeDeleted = errutil.BadRequest("extsvcaccounts.ErrCannotBeDeleted", errutil.WithPublicMessage("external service account cannot be deleted"))
|
|
ErrCannotBeUpdated = errutil.BadRequest("extsvcaccounts.ErrCannotBeUpdated", errutil.WithPublicMessage("external service account cannot be updated"))
|
|
ErrCannotCreateToken = errutil.BadRequest("extsvcaccounts.ErrCannotCreateToken", errutil.WithPublicMessage("cannot add external service account token"))
|
|
ErrCannotDeleteToken = errutil.BadRequest("extsvcaccounts.ErrCannotDeleteToken", errutil.WithPublicMessage("cannot delete external service account token"))
|
|
ErrCannotListTokens = errutil.BadRequest("extsvcaccounts.ErrCannotListTokens", errutil.WithPublicMessage("cannot list external service account tokens"))
|
|
ErrCredentialsNotFound = errutil.NotFound("extsvcaccounts.credentials-not-found")
|
|
ErrInvalidName = errutil.BadRequest("extsvcaccounts.ErrInvalidName", errutil.WithPublicMessage("only external service account names can be prefixed with 'extsvc-'"))
|
|
|
|
extsvcuser = &user.SignedInUser{
|
|
OrgID: extsvcauth.TmpOrgID,
|
|
Permissions: map[int64]map[string][]string{
|
|
extsvcauth.TmpOrgID: {serviceaccounts.ActionRead: {"serviceaccounts:id:*"}},
|
|
},
|
|
}
|
|
)
|
|
|
|
// Credentials represents the credentials associated to an external service
|
|
type Credentials struct {
|
|
Secret string
|
|
}
|
|
|
|
type SaveCredentialsCmd struct {
|
|
ExtSvcSlug string
|
|
OrgID int64
|
|
Secret string
|
|
}
|
|
|
|
type saveCmd struct {
|
|
Enabled bool
|
|
ExtSvcSlug string
|
|
OrgID int64
|
|
Permissions []ac.Permission
|
|
SaID int64
|
|
}
|
|
|
|
func newRole(r roletype.RoleType) *roletype.RoleType {
|
|
return &r
|
|
}
|
|
|
|
func newBool(b bool) *bool {
|
|
return &b
|
|
}
|