public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

API Keys: Add revocation for SATs (#53896)

Browse Source 
* add apikey is_revoked field

* add token store tests

* Apply suggestions from code review

* remove unused fields
This commit is contained in:
Jo
2022-08-18 16:54:39 +02:00
committed by GitHub
parent 8b18530cb8
commit 4a9137ac40
18 changed files with 235 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/services/apikey/apikeyimpl/store.go
+6 -2
View File
@@ -10,6 +10,7 @@ import (
"github.com/grafana/grafana/pkg/services/sqlstore"
"github.com/grafana/grafana/pkg/services/sqlstore/db"
"github.com/grafana/grafana/pkg/setting"
"github.com/pkg/errors"
"xorm.io/xorm"
)
@@ -111,6 +112,7 @@ func (ss *sqlStore) AddAPIKey(ctx context.Context, cmd *apikey.AddCommand) error
return apikey.ErrInvalidExpiration
}
isRevoked := false
t := apikey.APIKey{
OrgId: cmd.OrgId,
Name: cmd.Name,
@@ -119,12 +121,14 @@ func (ss *sqlStore) AddAPIKey(ctx context.Context, cmd *apikey.AddCommand) error
Created: updated,
Updated: updated,
Expires: expires,
ServiceAccountId: nil,
ServiceAccountId: cmd.ServiceAccountID,
IsRevoked: &isRevoked,
}
if _, err := sess.Insert(&t); err != nil {
return err
return errors.Wrap(err, "failed to insert token")
}
cmd.Result = &t
return nil
})
pkg/services/apikey/model.go
+9 -6
View File
@@ -26,18 +26,21 @@ type APIKey struct {
LastUsedAt *time.Time `xorm:"last_used_at"`
Expires *int64
ServiceAccountId *int64
IsRevoked *bool `xorm:"is_revoked"`
}
func (k APIKey) TableName() string { return "api_key" }
// swagger:model
type AddCommand struct {
Name string `json:"name" binding:"Required"`
Role org.RoleType `json:"role" binding:"Required"`
OrgId int64 `json:"-"`
Key string `json:"-"`
SecondsToLive int64 `json:"secondsToLive"`
Result *APIKey `json:"-"`
Name string `json:"name" binding:"Required"`
Role org.RoleType `json:"role" binding:"Required"`
OrgId int64 `json:"-"`
Key string `json:"-"`
SecondsToLive int64 `json:"secondsToLive"`
ServiceAccountID *int64 `json:"-"`
Result *APIKey `json:"-"`
}
type DeleteCommand struct {