diff --git a/pkg/services/authn/authnimpl/service.go b/pkg/services/authn/authnimpl/service.go index 08fd7e300525cee..c819131ad3555d3 100644 --- a/pkg/services/authn/authnimpl/service.go +++ b/pkg/services/authn/authnimpl/service.go @@ -90,7 +90,7 @@ func ProvideService( usageStats.RegisterMetricsFunc(s.getUsageStats) s.RegisterClient(clients.ProvideRender(userService, renderService)) - s.RegisterClient(clients.ProvideAPIKey(apikeyService, userService)) + s.RegisterClient(clients.ProvideAPIKey(apikeyService)) if cfg.LoginCookieName != "" { s.RegisterClient(clients.ProvideSession(cfg, sessionService)) diff --git a/pkg/services/authn/authnimpl/sync/user_sync.go b/pkg/services/authn/authnimpl/sync/user_sync.go index 71a96c18124d252..6ba757b5615271f 100644 --- a/pkg/services/authn/authnimpl/sync/user_sync.go +++ b/pkg/services/authn/authnimpl/sync/user_sync.go @@ -111,7 +111,7 @@ func (s *UserSync) FetchSyncedUserHook(ctx context.Context, identity *authn.Iden return nil } namespace, id := identity.GetNamespacedID() - if namespace != authn.NamespaceUser { + if namespace != authn.NamespaceUser && namespace != authn.NamespaceServiceAccount { return nil } diff --git a/pkg/services/authn/clients/api_key.go b/pkg/services/authn/clients/api_key.go index 34c3fc180fef15b..400500563118533 100644 --- a/pkg/services/authn/clients/api_key.go +++ b/pkg/services/authn/clients/api_key.go @@ -14,7 +14,6 @@ import ( "github.com/grafana/grafana/pkg/services/authn" "github.com/grafana/grafana/pkg/services/login" "github.com/grafana/grafana/pkg/services/org" - "github.com/grafana/grafana/pkg/services/user" "github.com/grafana/grafana/pkg/util" "github.com/grafana/grafana/pkg/util/errutil" ) @@ -29,17 +28,15 @@ var ( var _ authn.HookClient = new(APIKey) var _ authn.ContextAwareClient = new(APIKey) -func ProvideAPIKey(apiKeyService apikey.Service, userService user.Service) *APIKey { +func ProvideAPIKey(apiKeyService apikey.Service) *APIKey { return &APIKey{ log: log.New(authn.ClientAPIKey), - userService: userService, apiKeyService: apiKeyService, } } type APIKey struct { log log.Logger - userService user.Service apiKeyService apikey.Service } @@ -81,16 +78,12 @@ func (s *APIKey) Authenticate(ctx context.Context, r *authn.Request) (*authn.Ide }, nil } - usr, err := s.userService.GetSignedInUserWithCacheCtx(ctx, &user.GetSignedInUserQuery{ - UserID: *apiKey.ServiceAccountId, - OrgID: apiKey.OrgID, - }) - - if err != nil { - return nil, err - } - - return authn.IdentityFromSignedInUser(authn.NamespacedID(authn.NamespaceServiceAccount, usr.UserID), usr, authn.ClientParams{SyncPermissions: true}, login.APIKeyAuthModule), nil + return &authn.Identity{ + ID: authn.NamespacedID(authn.NamespaceServiceAccount, *apiKey.ServiceAccountId), + OrgID: apiKey.OrgID, + AuthenticatedBy: login.APIKeyAuthModule, + ClientParams: authn.ClientParams{FetchSyncedUser: true, SyncPermissions: true}, + }, nil } func (s *APIKey) getAPIKey(ctx context.Context, token string) (*apikey.APIKey, error) { diff --git a/pkg/services/authn/clients/api_key_test.go b/pkg/services/authn/clients/api_key_test.go index f4dce265cf0206d..5cb8ae6311887de 100644 --- a/pkg/services/authn/clients/api_key_test.go +++ b/pkg/services/authn/clients/api_key_test.go @@ -16,8 +16,6 @@ import ( "github.com/grafana/grafana/pkg/services/authn" "github.com/grafana/grafana/pkg/services/login" "github.com/grafana/grafana/pkg/services/org" - "github.com/grafana/grafana/pkg/services/user" - "github.com/grafana/grafana/pkg/services/user/usertest" ) var ( @@ -30,7 +28,6 @@ func TestAPIKey_Authenticate(t *testing.T) { desc string req *authn.Request expectedKey *apikey.APIKey - expectedUser *user.SignedInUser expectedErr error expectedIdentity *authn.Identity } @@ -72,20 +69,11 @@ func TestAPIKey_Authenticate(t *testing.T) { Key: hash, ServiceAccountId: intPtr(1), }, - expectedUser: &user.SignedInUser{ - UserID: 1, - OrgID: 1, - IsServiceAccount: true, - OrgRole: org.RoleViewer, - Name: "test", - }, expectedIdentity: &authn.Identity{ - ID: "service-account:1", - OrgID: 1, - Name: "test", - OrgRoles: map[int64]org.RoleType{1: org.RoleViewer}, - IsGrafanaAdmin: boolPtr(false), + ID: "service-account:1", + OrgID: 1, ClientParams: authn.ClientParams{ + FetchSyncedUser: true, SyncPermissions: true, }, AuthenticatedBy: login.APIKeyAuthModule, @@ -124,11 +112,7 @@ func TestAPIKey_Authenticate(t *testing.T) { for _, tt := range tests { t.Run(tt.desc, func(t *testing.T) { - c := ProvideAPIKey(&apikeytest.Service{ - ExpectedAPIKey: tt.expectedKey, - }, &usertest.FakeUserService{ - ExpectedSignedInUser: tt.expectedUser, - }) + c := ProvideAPIKey(&apikeytest.Service{ExpectedAPIKey: tt.expectedKey}) identity, err := c.Authenticate(context.Background(), tt.req) if tt.expectedErr != nil { @@ -195,7 +179,7 @@ func TestAPIKey_Test(t *testing.T) { for _, tt := range tests { t.Run(tt.desc, func(t *testing.T) { - c := ProvideAPIKey(&apikeytest.Service{}, usertest.NewUserServiceFake()) + c := ProvideAPIKey(&apikeytest.Service{}) assert.Equal(t, tt.expected, c.Test(context.Background(), tt.req)) }) } @@ -286,19 +270,11 @@ func TestAPIKey_GetAPIKeyIDFromIdentity(t *testing.T) { }, }} - signedInUser := &user.SignedInUser{ - UserID: 1, - OrgID: 1, - Name: "test", - } - for _, tt := range tests { t.Run(tt.desc, func(t *testing.T) { c := ProvideAPIKey(&apikeytest.Service{ ExpectedError: tt.expectedError, ExpectedAPIKey: tt.expectedKey, - }, &usertest.FakeUserService{ - ExpectedSignedInUser: signedInUser, }) id, exists := c.getAPIKeyID(context.Background(), tt.expectedIdentity, req) assert.Equal(t, tt.expectedExists, exists)