Plugins: Rename externalServiceAuthentication to iam (#78686)

Plugins: Rename externalServiceAuthentication to iam
2023-12-04 13:14:21 +01:00
parent 0825b63b79
commit 5b70130e6c
14 changed files with 53 additions and 66 deletions
@@ -478,51 +478,37 @@
      "type": "boolean",
      "description": "For data source plugins, if the plugin supports tracing. Used for example to link logs (e.g. Loki logs) with tracing plugins."
    },
-    "externalServiceRegistration": {
+    "iam": {
      "type": "object",
-      "description": "Oauth App Service Registration.",
+      "description": "Identity and Access Management.",
      "properties": {
+        "permissions": {
+          "type": "array",
+          "description": "Permissions are the permissions that the plugin needs its associated service account to have",
+          "items": {
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+              "action": {
+                "type": "string"
+              },
+              "scope": {
+                "type": "string"
+              }
+            }
+          }
+        },
        "impersonation": {
          "type": "object",
-          "description": "Impersonation describes the permissions that the external service will have on behalf of the user.",
+          "description": "Impersonation describes the permissions that the plugin will be restricted to when acting on behalf of the user.",
          "properties": {
-            "enabled": {
-              "type": "boolean",
-              "description": "Enabled allows the service to request access tokens to impersonate users using the jwtbearer grant"
-            },
            "groups": {
              "type": "boolean",
              "description": "Groups allows the service to list the impersonated user's teams."
            },
            "permissions": {
              "type": "array",
-              "description": "Permissions are the permissions that the external service needs when impersonating a user. The intersection of this set with the impersonated user's permission guarantees that the client will not gain more privileges than the impersonated user has.",
-              "items": {
-                "type": "object",
-                "additionalProperties": false,
-                "properties": {
-                  "action": {
-                    "type": "string"
-                  },
-                  "scope": {
-                    "type": "string"
-                  }
-                }
-              }
-            }
-          }
-        },
-        "self": {
-          "type": "object",
-          "description": "Self describes the permissions that the external service will have on behalf of itself",
-          "properties": {
-            "enabled": {
-              "type": "boolean",
-              "description": "Enabled allows the service to request access tokens for itself using the client_credentials grant"
-            },
-            "permissions": {
-              "type": "array",
-              "description": "Permissions are the permissions that the external service needs its associated service account to have",
+              "description": "Permissions are the permissions that the plugin needs when impersonating a user. The intersection of this set with the impersonated user's permission guarantees that the client will not gain more privileges than the impersonated user has.",
              "items": {
                "type": "object",
                "additionalProperties": false,