2023-06-26 22:38:43 +08:00
|
|
|
package serviceregistration
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
|
2023-09-28 18:18:09 +08:00
|
|
|
"github.com/grafana/grafana/pkg/plugins/auth"
|
2023-06-27 14:47:25 +08:00
|
|
|
"github.com/grafana/grafana/pkg/plugins/plugindef"
|
|
|
|
|
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
2023-10-06 00:13:06 +08:00
|
|
|
"github.com/grafana/grafana/pkg/services/extsvcauth"
|
2023-06-26 22:38:43 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type Service struct {
|
2023-10-06 00:13:06 +08:00
|
|
|
os extsvcauth.ExternalServiceRegistry
|
2023-06-26 22:38:43 +08:00
|
|
|
}
|
|
|
|
|
|
2023-10-06 00:13:06 +08:00
|
|
|
func ProvideService(os extsvcauth.ExternalServiceRegistry) *Service {
|
2023-06-26 22:38:43 +08:00
|
|
|
s := &Service{
|
|
|
|
|
os: os,
|
|
|
|
|
}
|
|
|
|
|
return s
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// RegisterExternalService is a simplified wrapper around SaveExternalService for the plugin use case.
|
2023-09-28 18:18:09 +08:00
|
|
|
func (s *Service) RegisterExternalService(ctx context.Context, svcName string, svc *plugindef.ExternalServiceRegistration) (*auth.ExternalService, error) {
|
2023-10-06 00:13:06 +08:00
|
|
|
impersonation := extsvcauth.ImpersonationCfg{}
|
2023-06-26 22:38:43 +08:00
|
|
|
if svc.Impersonation != nil {
|
2023-06-27 14:47:25 +08:00
|
|
|
impersonation.Permissions = toAccessControlPermissions(svc.Impersonation.Permissions)
|
2023-06-26 22:38:43 +08:00
|
|
|
if svc.Impersonation.Enabled != nil {
|
|
|
|
|
impersonation.Enabled = *svc.Impersonation.Enabled
|
|
|
|
|
} else {
|
|
|
|
|
impersonation.Enabled = true
|
|
|
|
|
}
|
|
|
|
|
if svc.Impersonation.Groups != nil {
|
|
|
|
|
impersonation.Groups = *svc.Impersonation.Groups
|
|
|
|
|
} else {
|
|
|
|
|
impersonation.Groups = true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-06 00:13:06 +08:00
|
|
|
self := extsvcauth.SelfCfg{}
|
2023-10-17 22:21:23 +08:00
|
|
|
if len(svc.Permissions) > 0 {
|
|
|
|
|
self.Permissions = toAccessControlPermissions(svc.Permissions)
|
|
|
|
|
self.Enabled = true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
registration := &extsvcauth.ExternalServiceRegistration{
|
|
|
|
|
Name: svcName,
|
|
|
|
|
Impersonation: impersonation,
|
|
|
|
|
Self: self,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Default authProvider now is ServiceAccounts
|
|
|
|
|
registration.AuthProvider = extsvcauth.ServiceAccounts
|
|
|
|
|
if svc.Impersonation != nil {
|
|
|
|
|
registration.AuthProvider = extsvcauth.OAuth2Server
|
|
|
|
|
registration.OAuthProviderCfg = &extsvcauth.OAuthProviderCfg{Key: &extsvcauth.KeyOption{Generate: true}}
|
2023-06-26 22:38:43 +08:00
|
|
|
}
|
2023-10-06 00:13:06 +08:00
|
|
|
|
2023-10-17 22:21:23 +08:00
|
|
|
extSvc, err := s.os.SaveExternalService(ctx, registration)
|
|
|
|
|
if err != nil || extSvc == nil {
|
2023-06-26 22:38:43 +08:00
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-06 00:13:06 +08:00
|
|
|
privateKey := ""
|
|
|
|
|
if extSvc.OAuthExtra != nil {
|
|
|
|
|
privateKey = extSvc.OAuthExtra.KeyResult.PrivatePem
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-28 18:18:09 +08:00
|
|
|
return &auth.ExternalService{
|
2023-06-26 22:38:43 +08:00
|
|
|
ClientID: extSvc.ID,
|
|
|
|
|
ClientSecret: extSvc.Secret,
|
2023-10-06 00:13:06 +08:00
|
|
|
PrivateKey: privateKey}, nil
|
2023-06-26 22:38:43 +08:00
|
|
|
}
|
2023-06-27 14:47:25 +08:00
|
|
|
|
|
|
|
|
func toAccessControlPermissions(ps []plugindef.Permission) []accesscontrol.Permission {
|
|
|
|
|
res := make([]accesscontrol.Permission, 0, len(ps))
|
|
|
|
|
for _, p := range ps {
|
|
|
|
|
scope := ""
|
|
|
|
|
if p.Scope != nil {
|
|
|
|
|
scope = *p.Scope
|
|
|
|
|
}
|
|
|
|
|
res = append(res, accesscontrol.Permission{
|
|
|
|
|
Action: p.Action,
|
|
|
|
|
Scope: scope,
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
return res
|
|
|
|
|
}
|
