* optimize tokens count from service accounts query
* add unit tests for tokens count
* skip broken test
* fix lint error
* rename Tokens to TokenCount
* run service account creation DB queries in transaction
* extract the signed in user from the context
* undo unneeded change
* don't error out if a user is not found
* Update pkg/services/serviceaccounts/manager/service.go
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Update pkg/services/serviceaccounts/manager/service.go
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* ManagedServiceAccounts: Add a config option to disabled by default
* Update log in pkg/services/extsvcauth/registry/service.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Refactor identity struct to store type in separate field
* Update ResolveIdentity to take string representation of typedID
* Add IsIdentityType to requester interface
* Use IsIdentityType from interface
* Remove usage of TypedID
* Remote typedID struct
* fix GetInternalID
* Cfg: Move rbac settings to own struct
* Cfg: Add setting to control if resource should generate managed permissions when created
* Dashboards: Check if we should generate default permissions when dashboard is created
* Folders: Check if we should generate default permissions when folder is created
* Datasource: Check if we should generate default permissions when datasource is created
* ServiceAccount: Check if we should generate default permissions when service account is created
* Cfg: Add option to specify resources for wich we should default seed
* ManagedPermissions: Move providers to their own files
* Dashboards: Default seed all possible managed permissions if configured
* Folders: Default seed all possible managed permissions if configured
* Cfg: Remove service account from list
* RBAC: Move utility function
* remove managed permission settings from the config file examples, change the setting names
* remove ini file changes from the PR
* fix setting reading
* fix linting errors
* fix tests
* fix wildcard role seeding
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: jguer <me@jguer.space>
* AuthN: Remove embedded oauth server
* Restore main
* go mod tidy
* Fix problem
* Remove permission intersection
* Fix test and lint
* Fix TestData test
* Revert to origin/main
* Update go.mod
* Update go.mod
* Update go.sum
* Add `isExternal` property to frontend model
* Remove enabled and token buttons for external SA
* Replace trash icon for lock icon for external SA
* Block the role picker for external SA
* Filter SA list using the external filter
* Add only external filter at backend
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* expand serviceaccount service interface
* implemet FakeServiceAccountService
* Replace SA service interface from api
* merge sa proxy tests with new fake service
* implement DeleteServiceAccountToken
* add test for DeleteServiceAccountToken
* ui migration WIP
* merge
* migration tests for api
* revert chagnes to align with main
* revert chagnes to align with main
* revert chagnes to align with main
* remove unused code and comments
* revert gen files
* retry logic inplace
* fix a any
* fixed types
* migraiton results now show only result if no failures
* review comments
* wording to make it more actionable
* add migraiton summary text onyl for failed apikeys
* fixed wording and added a close button to the modal
* made the button close the modal
* moved state into component
* fix based on review, naming and removed unused code
* service account migration state optional
* making migration result undefined
* showing total and migrated numbers for a successful migration
* fix payload const to take the payload
* remove state and refactor interface to IsDisabled
* update docs and span
* Update pkg/services/apikey/apikey.go
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
---------
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* add: hide apikeys tab on start
* make use of store method
* added hiding of apikeys tab for new org creation
* missing err check
* removed unused files
* implemennted fake to make tests run
* move check for globalHideApikeys from org to admin
* refactor to remove the fake
* removed unused method calls for interface
* Update pkg/services/serviceaccounts/manager/service.go
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* Update pkg/services/serviceaccounts/manager/service.go
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* remove the checkglobal method
* removed duplicate global set const
* add count of apikeys for performance
* remove apikeys adding in UI
* added back deleted file
* added comment on component
* changed wording and copy for hiding and migrating service accounts
* refactor: remove migrationstatus in front/backend
This removes the migrationstatus state from the UI in favor of only
looking at the number of API keys to determine what to show to the user.
This simplifies the logic and makes less calls to the backend with each
page load. This was called both on the API keys page and the Service
accounts page.
- removes the state of migrationstatus from the UI
- removes the backend call
- removes the backend endpoint for migrationstatus
* Update pkg/services/apikey/apikeyimpl/xorm_store.go
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* changes the contet to also be primary
* change id of version for footer component
---------
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* refactor: renaming of files from database to store
* refactor: make service account store private
- moves store interface to manager package
- adds an interface to the ProvideAPI constructor
- refactors tests to use the store when necessary
- adds mocks for the new interface implementations in the tests package
* wip
* refactor: make fakestore in service
* wip
* wip
* wip
* working tests
* trailing whitespaces
* Update pkg/services/serviceaccounts/api/api.go
* Update pkg/services/serviceaccounts/tests/common.go
* Update pkg/services/serviceaccounts/tests/common.go
* refactor: doc string for retriever
* fix import unused
* remove: serviceaccount from featuretoggle
* added: back legacy serviceaccounts feature toggle
* added: docs
* refactor: make query for the SearchQuery
* add: validation of service input fields
* add validation
* Chore: Add user service method SetUsingOrg
* Chore: Add user service method GetSignedInUserWithCacheCtx
* Use method GetSignedInUserWithCacheCtx from user service
* Fix lint after rebase
* Fix lint
* Fix lint error
* roll back some changes
* Roll back changes in api and middleware
* Add xorm tags to SignedInUser ID fields
* Move SignedInUser to user service and RoleType and Roles to org
* Use go naming convention for roles
* Fix some imports and leftovers
* Fix ldap debug test
* Fix lint
* Fix lint 2
* Fix lint 3
* Fix type and not needed conversion
* Clean up messages in api tests
* Clean up api tests 2
* Service account: Ensure that you can revert only service accounts which you can access
* Remove prettier messup with docs
* Remove prettier messup with docs
* Prettier run
* ServiceAccounts: able to get upgrade status
* Banner with API keys migration info
* Show API keys migration info on Service accounts page
* Migrate individual API keys
* Use transaction for key migration
* Migrate all api keys to service accounts
* Hide api keys after migration
* Migrate API keys separately for each org
* Revert API key
* Revert key API method
* Rename migration actions and reducers
* Fix linter errors
* Tests for migrating single API key
* Tests for migrating all api keys
* More tests
* Fix reverting tokens
* API: rename convert to migrate
* Add api route descriptions to methods
* rearrange methods in api.go
* Refactor: rename and move some methods
* Prevent assigning tokens to non-existing service accounts
* Refactor: ID TO Id
* Refactor: fix error message
* Delete service account if migration failed
* Fix linter errors
* ServiceAccounts: refactor ServiceAccountRoleRow
* Refactor ServiceAccountRoleRow
* Refactor ServiceAccountProfile
* Refactor components
* Change service accounts icon
* Refine service accounts page header
* Improve service accounts filtering
* Change delete button style
* Tweak account id
* Auto focus name field when create service account
* Add disable/enable button
* Enable/disable service accounts
* Optimize updating service account (do not fetch all)
* Remove status column (replace by enable/disable button)
* Add banner with service accounts description
* Add tokens from main page
* Update tokens count when add token from main page
* Fix action buttons column
* Fix tokens count when change role
* Refine table row classes
* Fix buttons
* Simplify working with state
* Show message when service account updated
* Able to filter disabled accounts
* Mark disabled accounts in a table
* Refine disabled account view
* Move non-critical components to separate folder
* Remove confusing focusing
* Fix date picker position when creating new token
* DatePicker: able to set minimum date that can be selected
* Don't allow to select expiration dates prior today
* Set tomorrow as a default token expiration date
* Fix displaying expiration period
* Rename Add token button
* Refine page styles
* Show modal when disabling SA from main page
* Arrange role picker
* Refine SA page styles
* Generate default token name
* More smooth navigation between SA pages
* Stop loading indicator in case of error
* Remove legacy styles usage
* Tweaks after code review
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Get rid of useDisapatch in favor of mapDispatchToProps
* Tests for ServiceAccountsListPage
* Tests for service account page
* Show new role picker only with license
* Get rid of deprecated css classes
* Apply suggestion from code review
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Fix service accounts icon
* Tests for service account create page
* Return service account info when update
* Add behaviour tests for ServiceAccountsListPage
* Fix disabled cursor on confirm button
* More behavior tests for service account page
* Temporary disable service account migration banner
* Use safe where condition
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Apply review suggestions
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Remove autofocus from search
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* WIP
* fix: bug for saving name did not remove edit
* refactor: better error msg
* Display the column Roles even when user can't see the role picker
* Remove spaces when building the search query request
* Disable Edit button and fix token addition and deletion
* Fix the error message text
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
* forbid setting role higher than user's role
* change response code
* can assign API key permissions to non-admin users
* add: assign viewer role directly upon creation
* refactor: add AddSATcommand infavor of AddAPIkey
* refactor: frontend fixes for ServiceAccountToken
Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
* Add option to set ResourceAttribute for a permissions service
* Use prefix in access control sql filter to parse scopes
* Use prefix in access control metadata to check access
* Refactor to ServiceAccounts Query
* filtering expiredtokens on backend
* WIP
* WIP
* WIP
* fix: missing that we do not cover for no service accounts
* fix: wrong link
* feat: filter able to get only service accounts with expired tokens
* refactor: naming
* Update pkg/services/serviceaccounts/models.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* goimported
* Update pkg/services/serviceaccounts/api/api.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Mihai Doarna
Jo
Ieva
Gabriel MABILLE
Karl Persson
Ryan McKinley
Dave Henderson
Marcus Efraimsson
linoman
Carl Bergquist
Eric Leijonmarck
suntala
idafurjes
Sofia Papagiannaki
Vardan Torosyan
Alexander Zobnin
ying-jeanne