Auth: SSO settings foundations (#77724)
* inital changes, db migration * changes * Implement basic GetAll, Delete * Add first batch of tests * Add more tests * Add service tests for GetForProvider, List * Update http_server.go + wire.go * Lint + update fixed role * Update CODEOWNERS * Change API init * Change roles, rename * Review with @kalleep * Revert a mistakenly changed part * Updates based on @dmihai 's feedback --------- Co-authored-by: Karl Persson <kalle.persson@grafana.com>
This commit is contained in:
Misi
GitHub
@@ -0,0 +1,114 @@
|
||||
package api
|
||||
|
||||
import (
|
||||
"github.com/grafana/grafana/pkg/api/response"
|
||||
"github.com/grafana/grafana/pkg/api/routing"
|
||||
"github.com/grafana/grafana/pkg/infra/log"
|
||||
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
|
||||
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
|
||||
"github.com/grafana/grafana/pkg/services/featuremgmt"
|
||||
"github.com/grafana/grafana/pkg/services/ssosettings"
|
||||
"github.com/grafana/grafana/pkg/services/ssosettings/models"
|
||||
"github.com/grafana/grafana/pkg/web"
|
||||
)
|
||||
|
||||
type Api struct {
|
||||
Log log.Logger
|
||||
RouteRegister routing.RouteRegister
|
||||
AccessControl ac.AccessControl
|
||||
Features *featuremgmt.FeatureManager
|
||||
SSOSettingsService ssosettings.Service
|
||||
}
|
||||
|
||||
func ProvideApi(
|
||||
ssoSettingsSvc ssosettings.Service,
|
||||
routeRegister routing.RouteRegister,
|
||||
ac ac.AccessControl,
|
||||
) *Api {
|
||||
api := &Api{
|
||||
SSOSettingsService: ssoSettingsSvc,
|
||||
RouteRegister: routeRegister,
|
||||
AccessControl: ac,
|
||||
Log: log.New("ssosettings.api"),
|
||||
}
|
||||
|
||||
return api
|
||||
}
|
||||
|
||||
// RegisterAPIEndpoints Registers Endpoints on Grafana Router
|
||||
func (api *Api) RegisterAPIEndpoints() {
|
||||
api.RouteRegister.Group("/api/v1/sso-settings", func(router routing.RouteRegister) {
|
||||
auth := ac.Middleware(api.AccessControl)
|
||||
|
||||
scopeKey := ac.Parameter(":key")
|
||||
settingsScope := ac.Scope("settings", "auth."+scopeKey, "*")
|
||||
|
||||
reqWriteAccess := auth(ac.EvalAny(
|
||||
ac.EvalPermission(ac.ActionSettingsWrite, ac.ScopeSettingsAuth),
|
||||
ac.EvalPermission(ac.ActionSettingsWrite, settingsScope)))
|
||||
|
||||
router.Get("/", auth(ac.EvalPermission(ac.ActionSettingsRead, ac.ScopeSettingsAuth)), routing.Wrap(api.listAllProvidersSettings))
|
||||
router.Get("/:key", auth(ac.EvalPermission(ac.ActionSettingsRead, settingsScope)), routing.Wrap(api.getProviderSettings))
|
||||
router.Put("/:key", reqWriteAccess, routing.Wrap(api.updateProviderSettings))
|
||||
router.Delete("/:key", reqWriteAccess, routing.Wrap(api.removeProviderSettings))
|
||||
})
|
||||
}
|
||||
|
||||
func (api *Api) listAllProvidersSettings(c *contextmodel.ReqContext) response.Response {
|
||||
providers, err := api.SSOSettingsService.List(c.Req.Context(), c.SignedInUser)
|
||||
if err != nil {
|
||||
return response.Error(500, "Failed to get providers", err)
|
||||
}
|
||||
|
||||
return response.JSON(200, providers)
|
||||
}
|
||||
|
||||
func (api *Api) getProviderSettings(c *contextmodel.ReqContext) response.Response {
|
||||
key, ok := web.Params(c.Req)[":key"]
|
||||
if !ok {
|
||||
return response.Error(400, "Missing key", nil)
|
||||
}
|
||||
|
||||
settings, err := api.SSOSettingsService.GetForProvider(c.Req.Context(), key)
|
||||
if err != nil {
|
||||
return response.Error(404, "The provider was not found", err)
|
||||
}
|
||||
|
||||
return response.JSON(200, settings)
|
||||
}
|
||||
|
||||
func (api *Api) updateProviderSettings(c *contextmodel.ReqContext) response.Response {
|
||||
key, ok := web.Params(c.Req)[":key"]
|
||||
if !ok {
|
||||
return response.Error(400, "Missing key", nil)
|
||||
}
|
||||
|
||||
var newSettings models.SSOSetting
|
||||
if err := web.Bind(c.Req, &newSettings); err != nil {
|
||||
return response.Error(400, "Failed to parse request body", err)
|
||||
}
|
||||
|
||||
err := api.SSOSettingsService.Upsert(c.Req.Context(), key, newSettings.Settings)
|
||||
// TODO: first check whether the error is referring to validation errors
|
||||
|
||||
// other error
|
||||
if err != nil {
|
||||
return response.Error(500, "Failed to update provider settings", err)
|
||||
}
|
||||
|
||||
return response.JSON(204, nil)
|
||||
}
|
||||
|
||||
func (api *Api) removeProviderSettings(c *contextmodel.ReqContext) response.Response {
|
||||
key, ok := web.Params(c.Req)[":key"]
|
||||
if !ok {
|
||||
return response.Error(400, "Missing key", nil)
|
||||
}
|
||||
|
||||
err := api.SSOSettingsService.Delete(c.Req.Context(), key)
|
||||
if err != nil {
|
||||
return response.Error(500, "Failed to delete provider settings", err)
|
||||
}
|
||||
|
||||
return response.JSON(204, nil)
|
||||
}
|
||||
Reference in New Issue
Block a user