Affected by 
Documentation
¶
Index ¶
- Constants
- Variables
- type APIKeysMigrationStatus
- type AddServiceAccountTokenCommand
- type CreateServiceAccountForm
- type GetSATokensQuery
- type SearchServiceAccountsResult
- type Service
- type ServiceAccount
- type ServiceAccountDTO
- type ServiceAccountFilter
- type ServiceAccountProfileDTO
- type Stats
- type Store
- type UpdateServiceAccountForm
Constants ¶
View Source
const ( ActionRead = "serviceaccounts:read" ActionWrite = "serviceaccounts:write" ActionCreate = "serviceaccounts:create" ActionDelete = "serviceaccounts:delete" ActionPermissionsRead = "serviceaccounts.permissions:read" ActionPermissionsWrite = "serviceaccounts.permissions:write" )
Variables ¶
View Source
var ( ErrServiceAccountNotFound = errors.New("service account not found") ErrServiceAccountInvalidRole = errors.New("invalid role specified") ErrServiceAccountRolePrivilegeDenied = errors.New("can not assign a role higher than user's role") )
View Source
var ( ScopeAll = "serviceaccounts:*" ScopeID = accesscontrol.Scope("serviceaccounts", "id", accesscontrol.Parameter(":serviceAccountId")) )
View Source
var AccessEvaluator = accesscontrol.EvalAny( accesscontrol.EvalPermission(ActionRead), accesscontrol.EvalPermission(ActionCreate), )
AccessEvaluator is used to protect the "Configuration > Service accounts" page access
Functions ¶
This section is empty.
Types ¶
type APIKeysMigrationStatus ¶
type APIKeysMigrationStatus struct {
Migrated bool `json:"migrated"`
}
type CreateServiceAccountForm ¶
type CreateServiceAccountForm struct {
// example: grafana
Name string `json:"name" binding:"Required"`
// example: Admin
Role *org.RoleType `json:"role"`
// example: false
IsDisabled *bool `json:"isDisabled"`
}
swagger:model
type GetSATokensQuery ¶
type SearchServiceAccountsResult ¶
type SearchServiceAccountsResult struct {
// It can be used for pagination of the user list
// E.g. if totalCount is equal to 100 users and
// the perpage parameter is set to 10 then there are 10 pages of users.
TotalCount int64 `json:"totalCount"`
ServiceAccounts []*ServiceAccountDTO `json:"serviceAccounts"`
Page int `json:"page"`
PerPage int `json:"perPage"`
}
swagger: model
type Service ¶
type Service interface {
CreateServiceAccount(ctx context.Context, orgID int64, saForm *CreateServiceAccountForm) (*ServiceAccountDTO, error)
DeleteServiceAccount(ctx context.Context, orgID, serviceAccountID int64) error
RetrieveServiceAccountIdByName(ctx context.Context, orgID int64, name string) (int64, error)
}
this should reflect the api
type ServiceAccount ¶
type ServiceAccount struct {
Id int64
}
type ServiceAccountDTO ¶
type ServiceAccountDTO struct {
Id int64 `json:"id" xorm:"user_id"`
// example: grafana
Name string `json:"name" xorm:"name"`
// example: sa-grafana
Login string `json:"login" xorm:"login"`
// example: 1
OrgId int64 `json:"orgId" xorm:"org_id"`
// example: false
IsDisabled bool `json:"isDisabled" xorm:"is_disabled"`
// example: Viewer
Role string `json:"role" xorm:"role"`
// example: 0
Tokens int64 `json:"tokens"`
// example: /avatar/85ec38023d90823d3e5b43ef35646af9
AvatarUrl string `json:"avatarUrl"`
// example: {"serviceaccounts:delete": true, "serviceaccounts:read": true, "serviceaccounts:write": true}
AccessControl map[string]bool `json:"accessControl,omitempty"`
}
swagger: model
type ServiceAccountFilter ¶
type ServiceAccountFilter string // used for filtering
const ( FilterOnlyExpiredTokens ServiceAccountFilter = "expiredTokens" FilterOnlyDisabled ServiceAccountFilter = "disabled" FilterIncludeAll ServiceAccountFilter = "all" )
type ServiceAccountProfileDTO ¶
type ServiceAccountProfileDTO struct {
// example: 2
Id int64 `json:"id" xorm:"user_id"`
// example: test
Name string `json:"name" xorm:"name"`
// example: sa-grafana
Login string `json:"login" xorm:"login"`
// example: 1
OrgId int64 `json:"orgId" xorm:"org_id"`
// example: false
IsDisabled bool `json:"isDisabled" xorm:"is_disabled"`
// example: 2022-03-21T14:35:33Z
Created time.Time `json:"createdAt" xorm:"created"`
// example: 2022-03-21T14:35:33Z
Updated time.Time `json:"updatedAt" xorm:"updated"`
// example: /avatar/8ea890a677d6a223c591a1beea6ea9d2
AvatarUrl string `json:"avatarUrl" xorm:"-"`
// example: Editor
Role string `json:"role" xorm:"role"`
// example: []
Teams []string `json:"teams" xorm:"-"`
Tokens int64 `json:"tokens,omitempty"`
AccessControl map[string]bool `json:"accessControl,omitempty" xorm:"-"`
}
swagger:model
type Store ¶
type Store interface {
CreateServiceAccount(ctx context.Context, orgID int64, saForm *CreateServiceAccountForm) (*ServiceAccountDTO, error)
SearchOrgServiceAccounts(ctx context.Context, orgID int64, query string, filter ServiceAccountFilter, page int, limit int,
signedInUser *user.SignedInUser) (*SearchServiceAccountsResult, error)
UpdateServiceAccount(ctx context.Context, orgID, serviceAccountID int64,
saForm *UpdateServiceAccountForm) (*ServiceAccountProfileDTO, error)
RetrieveServiceAccount(ctx context.Context, orgID, serviceAccountID int64) (*ServiceAccountProfileDTO, error)
RetrieveServiceAccountIdByName(ctx context.Context, orgID int64, name string) (int64, error)
DeleteServiceAccount(ctx context.Context, orgID, serviceAccountID int64) error
GetAPIKeysMigrationStatus(ctx context.Context, orgID int64) (*APIKeysMigrationStatus, error)
HideApiKeysTab(ctx context.Context, orgID int64) error
MigrateApiKeysToServiceAccounts(ctx context.Context, orgID int64) error
MigrateApiKey(ctx context.Context, orgID int64, keyId int64) error
RevertApiKey(ctx context.Context, saId int64, keyId int64) error
ListTokens(ctx context.Context, query *GetSATokensQuery) ([]apikey.APIKey, error)
DeleteServiceAccountToken(ctx context.Context, orgID, serviceAccountID, tokenID int64) error
RevokeServiceAccountToken(ctx context.Context, orgId, serviceAccountId, tokenId int64) error
AddServiceAccountToken(ctx context.Context, serviceAccountID int64, cmd *AddServiceAccountTokenCommand) error
GetUsageMetrics(ctx context.Context) (*Stats, error)
}
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.