服务账号 API
如果您运行的是 Grafana Enterprise,对于某些端点,您需要拥有特定的权限。有关更多信息,请参阅基于角色的访问控制权限。对于 Grafana Cloud 实例,请使用 Bearer Token 进行身份验证。本节中的示例引用了 Basic 身份验证,适用于本地部署的 Grafana 实例。
分页搜索服务账号
GET /api/serviceaccounts/search?perpage=10&page=1&query=myserviceaccount
所需权限
有关说明,请参阅简介中的注释。
操作 | 范围 |
---|---|
serviceaccounts:read | 不适用 |
请求示例:
GET /api/serviceaccounts/search?perpage=10&page=1&query=mygraf HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
`perpage` 参数的默认值为 `1000`,`page` 参数的默认值为 `1`。响应中的 `totalCount` 字段可用于用户列表的分页。例如,如果 `totalCount` 等于 100 个用户,并且 `perpage` 参数设置为 10,则共有 10 页用户。`query` 参数是可选的,它将返回 `name` 中包含查询值的结果。带有空格的查询值需要进行 URL 编码,例如 `query=Jane%20Doe`。
响应示例:
HTTP/1.1 200
Content-Type: application/json
{
"totalCount": 2,
"serviceAccounts": [
{
"id": 1,
"name": "grafana",
"login": "sa-grafana",
"orgId": 1,
"isDisabled": false,
"role": "Viewer",
"tokens": 0,
"avatarUrl": "/avatar/85ec38023d90823d3e5b43ef35646af9",
"accessControl": {
"serviceaccounts:delete": true,
"serviceaccounts:read": true,
"serviceaccounts:write": true
}
},
{
"id": 2,
"name": "test",
"login": "sa-test",
"orgId": 1,
"isDisabled": false,
"role": "Viewer",
"tokens": 0,
"avatarUrl": "/avatar/8ea890a677d6a223c591a1beea6ea9d2",
"accessControl": {
"serviceaccounts:delete": true,
"serviceaccounts:read": true,
"serviceaccounts:write": true
}
}
],
"page": 1,
"perPage": 10
}
创建服务账号
POST /api/serviceaccounts
所需权限
有关说明,请参阅简介中的注释。
操作 | 范围 |
---|---|
serviceaccounts:create | 不适用 |
请求示例:
POST /api/serviceaccounts HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
{
"name": "grafana",
"role": "Viewer",
"isDisabled": false
}
响应示例:
HTTP/1.1 201
Content-Type: application/json
{
"id": 1,
"name": "test",
"login": "sa-test",
"orgId": 1,
"isDisabled": false,
"createdAt": "2022-03-21T14:35:33Z",
"updatedAt": "2022-03-21T14:35:33Z",
"avatarUrl": "/avatar/8ea890a677d6a223c591a1beea6ea9d2",
"role": "Viewer",
"teams": []
}
可以使用RBAC HTTP API 为服务账号设置固定角色和自定义角色。
按 ID 获取服务账号
GET /api/serviceaccounts/:id
所需权限
有关说明,请参阅简介中的注释。
操作 | 范围 |
---|---|
serviceaccounts:read | serviceaccounts:id:* |
请求示例:
GET /api/serviceaccounts/1 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
响应示例:
HTTP/1.1 200
Content-Type: application/json
{
"id": 1,
"name": "test",
"login": "sa-test",
"orgId": 1,
"isDisabled": false,
"createdAt": "2022-03-21T14:35:33Z",
"updatedAt": "2022-03-21T14:35:33Z",
"avatarUrl": "/avatar/8ea890a677d6a223c591a1beea6ea9d2",
"role": "Viewer",
"teams": []
}
更新服务账号
PATCH /api/serviceaccounts/:id
所需权限
有关说明,请参阅简介中的注释。
操作 | 范围 |
---|---|
serviceaccounts:write | serviceaccounts:id:* |
请求示例:
PATCH /api/serviceaccounts/2 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
{
"name": "test",
"role": "Editor"
}
响应示例:
HTTP/1.1 200
Content-Type: application/json
{
"id": 2,
"name": "test",
"login": "sa-grafana",
"orgId": 1,
"isDisabled": false,
"createdAt": "2022-03-21T14:35:44Z",
"updatedAt": "2022-03-21T14:35:44Z",
"avatarUrl": "/avatar/8ea890a677d6a223c591a1beea6ea9d2",
"role": "Editor",
"teams": []
}
可以使用RBAC HTTP API 为服务账号设置固定角色和自定义角色。
删除服务账号
DELETE /api/serviceaccounts/:id
所需权限
有关说明,请参阅简介中的注释。
操作 | 范围 |
---|---|
serviceaccounts:delete | serviceaccounts:id:* |
请求示例:
DELETE /api/serviceaccounts/2 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
响应示例:
HTTP/1.1 200
Content-Type: application/json
{
"message": "Service account deleted"
}
将 API 密钥迁移到服务账号
POST /api/serviceaccounts/migrate
所需权限
有关说明,请参阅简介中的注释。
操作 | 范围 |
---|---|
serviceaccounts:write | serviceaccounts:* |
请求示例:
POST /api/serviceaccounts/migrate HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
响应示例:
HTTP/1.1 200
Content-Type: application/json
{
"message": "API keys migrated to service accounts"
}
将 API 密钥迁移到服务账号
POST /api/serviceaccounts/migrate/:keyId
所需权限
有关说明,请参阅简介中的注释。
操作 | 范围 |
---|---|
serviceaccounts:write | serviceaccounts:* |
请求示例:
POST /api/serviceaccounts/migrate/4 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
响应示例:
HTTP/1.1 200
Content-Type: application/json
{
"message": "Service accounts migrated"
}
获取 API 密钥到服务账号的迁移状态
GET /api/serviceaccounts/migrationstatus
所需权限
有关说明,请参阅简介中的注释。
操作 | 范围 |
---|---|
serviceaccounts:read | serviceaccounts:* |
请求示例:
POST /api/serviceaccounts/migrationstatus HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
响应示例:
HTTP/1.1 200
Content-Type: application/json
{
"migrated": true
}
隐藏 API 密钥标签页
GET /api/serviceaccounts/hideApiKeys
所需权限
有关说明,请参阅简介中的注释。
操作 | 范围 |
---|---|
serviceaccounts:write | serviceaccounts:* |
请求示例:
POST /api/serviceaccounts/hideApiKeys HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
响应示例:
HTTP/1.1 200
Content-Type: application/json
{
"message": "API keys hidden"
}
获取服务账号令牌
GET /api/serviceaccounts/:id/tokens
所需权限
有关说明,请参阅简介中的注释。
操作 | 范围 |
---|---|
serviceaccounts:read | serviceaccounts:id:* |
请求示例:
GET /api/serviceaccounts/2/tokens HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
响应示例:
HTTP/1.1 200
Content-Type: application/json
[
{
"id": 1,
"name": "grafana",
"role": "Viewer",
"created": "2022-03-23T10:31:02Z",
"expiration": null,
"secondsUntilExpiration": 0,
"hasExpired": false
}
]
创建服务账号令牌
POST /api/serviceaccounts/:id/tokens
所需权限
有关说明,请参阅简介中的注释。
操作 | 范围 |
---|---|
serviceaccounts:write | serviceaccounts:id:* |
请求示例:
POST /api/serviceaccounts/2/tokens HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
{
"name": "grafana",
"secondsToLive": 604800
}
`secondsToLive` 的默认值为 0,这意味着服务账号令牌永不过期。
响应示例:
HTTP/1.1 200
Content-Type: application/json
{
"id": 7,
"name": "grafana",
"key": "eyJrIjoiVjFxTHZ6dGdPSjg5Um92MjN1RlhjMkNqYkZUbm9jYkwiLCJuIjoiZ3JhZmFuYSIsImlkIjoxfQ=="
}
删除服务账号令牌
DELETE /api/serviceaccounts/:id/tokens/:tokenId
所需权限
有关说明,请参阅简介中的注释。
操作 | 范围 |
---|---|
serviceaccounts:write | serviceaccounts:id:* |
请求示例:
DELETE /api/serviceaccounts/2/tokens/1 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
响应示例:
HTTP/1.1 200
Content-Type: application/json
{
"message": "API key deleted"
}
将服务账号令牌还原为 API 密钥
DELETE /api/serviceaccounts/:serviceAccountId/revert/:keyId
此操作将删除服务账号,并为给定的 `keyId` 创建一个旧版 API 密钥。
所需权限
有关说明,请参阅简介中的注释。
操作 | 范围 |
---|---|
serviceaccounts:delete | serviceaccounts:id:* |
请求示例:
DELETE /api/serviceaccounts/1/revert/glsa_VVQjot0nijQ59lun6pMZRtsdBXxnFQ9M_77c34a79 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
响应示例:
HTTP/1.1 200
Content-Type: application/json
{
"message": "Reverted service account to API key"
}