菜单
文档breadcrumb arrow Grafana 文档breadcrumb arrow 开发者breadcrumb arrow HTTP APIbreadcrumb arrow 服务账号 HTTP API
Enterprise 开源

服务账号 API

如果您运行的是 Grafana Enterprise,对于某些端点,您需要拥有特定的权限。有关更多信息,请参阅基于角色的访问控制权限。对于 Grafana Cloud 实例,请使用 Bearer Token 进行身份验证。本节中的示例引用了 Basic 身份验证,适用于本地部署的 Grafana 实例。

分页搜索服务账号

GET /api/serviceaccounts/search?perpage=10&page=1&query=myserviceaccount

所需权限

有关说明,请参阅简介中的注释。

操作范围
serviceaccounts:read不适用

请求示例:

http
GET /api/serviceaccounts/search?perpage=10&page=1&query=mygraf HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=

`perpage` 参数的默认值为 `1000`,`page` 参数的默认值为 `1`。响应中的 `totalCount` 字段可用于用户列表的分页。例如,如果 `totalCount` 等于 100 个用户,并且 `perpage` 参数设置为 10,则共有 10 页用户。`query` 参数是可选的,它将返回 `name` 中包含查询值的结果。带有空格的查询值需要进行 URL 编码,例如 `query=Jane%20Doe`。

响应示例:

http
HTTP/1.1 200
Content-Type: application/json
{
	"totalCount": 2,
	"serviceAccounts": [
		{
			"id": 1,
			"name": "grafana",
			"login": "sa-grafana",
			"orgId": 1,
			"isDisabled": false,
			"role": "Viewer",
			"tokens": 0,
			"avatarUrl": "/avatar/85ec38023d90823d3e5b43ef35646af9",
			"accessControl": {
				"serviceaccounts:delete": true,
				"serviceaccounts:read": true,
				"serviceaccounts:write": true
			}
		},
		{
			"id": 2,
			"name": "test",
			"login": "sa-test",
			"orgId": 1,
			"isDisabled": false,
			"role": "Viewer",
			"tokens": 0,
			"avatarUrl": "/avatar/8ea890a677d6a223c591a1beea6ea9d2",
			"accessControl": {
				"serviceaccounts:delete": true,
				"serviceaccounts:read": true,
				"serviceaccounts:write": true
			}
		}
	],
	"page": 1,
	"perPage": 10
}

创建服务账号

POST /api/serviceaccounts

所需权限

有关说明,请参阅简介中的注释。

操作范围
serviceaccounts:create不适用

请求示例:

http
POST /api/serviceaccounts HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=

{
  "name": "grafana",
  "role": "Viewer",
  "isDisabled": false
}

响应示例:

http
HTTP/1.1 201
Content-Type: application/json

{
	"id": 1,
	"name": "test",
	"login": "sa-test",
	"orgId": 1,
	"isDisabled": false,
	"createdAt": "2022-03-21T14:35:33Z",
	"updatedAt": "2022-03-21T14:35:33Z",
	"avatarUrl": "/avatar/8ea890a677d6a223c591a1beea6ea9d2",
	"role": "Viewer",
	"teams": []
}

可以使用RBAC HTTP API 为服务账号设置固定角色和自定义角色。

按 ID 获取服务账号

GET /api/serviceaccounts/:id

所需权限

有关说明,请参阅简介中的注释。

操作范围
serviceaccounts:readserviceaccounts:id:*

请求示例:

http
GET /api/serviceaccounts/1 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=

响应示例:

http
HTTP/1.1 200
Content-Type: application/json

{
	"id": 1,
	"name": "test",
	"login": "sa-test",
	"orgId": 1,
	"isDisabled": false,
	"createdAt": "2022-03-21T14:35:33Z",
	"updatedAt": "2022-03-21T14:35:33Z",
	"avatarUrl": "/avatar/8ea890a677d6a223c591a1beea6ea9d2",
	"role": "Viewer",
	"teams": []
}

更新服务账号

PATCH /api/serviceaccounts/:id

所需权限

有关说明,请参阅简介中的注释。

操作范围
serviceaccounts:writeserviceaccounts:id:*

请求示例:

http
PATCH /api/serviceaccounts/2 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=

{
  "name": "test",
	"role": "Editor"
}

响应示例:

http
HTTP/1.1 200
Content-Type: application/json

{
	"id": 2,
	"name": "test",
	"login": "sa-grafana",
	"orgId": 1,
	"isDisabled": false,
	"createdAt": "2022-03-21T14:35:44Z",
	"updatedAt": "2022-03-21T14:35:44Z",
	"avatarUrl": "/avatar/8ea890a677d6a223c591a1beea6ea9d2",
	"role": "Editor",
	"teams": []
}

可以使用RBAC HTTP API 为服务账号设置固定角色和自定义角色。

删除服务账号

DELETE /api/serviceaccounts/:id

所需权限

有关说明,请参阅简介中的注释。

操作范围
serviceaccounts:deleteserviceaccounts:id:*

请求示例:

http
DELETE /api/serviceaccounts/2 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=

响应示例:

http
HTTP/1.1 200
Content-Type: application/json

{
	"message": "Service account deleted"
}

将 API 密钥迁移到服务账号

POST /api/serviceaccounts/migrate

所需权限

有关说明,请参阅简介中的注释。

操作范围
serviceaccounts:writeserviceaccounts:*

请求示例:

http
POST /api/serviceaccounts/migrate HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=

响应示例:

http
HTTP/1.1 200
Content-Type: application/json

{
	"message": "API keys migrated to service accounts"
}

将 API 密钥迁移到服务账号

POST /api/serviceaccounts/migrate/:keyId

所需权限

有关说明,请参阅简介中的注释。

操作范围
serviceaccounts:writeserviceaccounts:*

请求示例:

http
POST /api/serviceaccounts/migrate/4 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=

响应示例:

http
HTTP/1.1 200
Content-Type: application/json

{
	"message": "Service accounts migrated"
}

获取 API 密钥到服务账号的迁移状态

GET /api/serviceaccounts/migrationstatus

所需权限

有关说明,请参阅简介中的注释。

操作范围
serviceaccounts:readserviceaccounts:*

请求示例:

http
POST /api/serviceaccounts/migrationstatus HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=

响应示例:

http
HTTP/1.1 200
Content-Type: application/json

{
	"migrated": true
}

隐藏 API 密钥标签页

GET /api/serviceaccounts/hideApiKeys

所需权限

有关说明,请参阅简介中的注释。

操作范围
serviceaccounts:writeserviceaccounts:*

请求示例:

http
POST /api/serviceaccounts/hideApiKeys HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=

响应示例:

http
HTTP/1.1 200
Content-Type: application/json

{
	"message": "API keys hidden"
}

获取服务账号令牌

GET /api/serviceaccounts/:id/tokens

所需权限

有关说明,请参阅简介中的注释。

操作范围
serviceaccounts:readserviceaccounts:id:*

请求示例:

http
GET /api/serviceaccounts/2/tokens HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=

响应示例:

http
HTTP/1.1 200
Content-Type: application/json

[
	{
		"id": 1,
		"name": "grafana",
		"role": "Viewer",
		"created": "2022-03-23T10:31:02Z",
		"expiration": null,
		"secondsUntilExpiration": 0,
		"hasExpired": false
	}
]

创建服务账号令牌

POST /api/serviceaccounts/:id/tokens

所需权限

有关说明,请参阅简介中的注释。

操作范围
serviceaccounts:writeserviceaccounts:id:*

请求示例:

http
POST /api/serviceaccounts/2/tokens HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=

{
	"name": "grafana",
	"secondsToLive": 604800
}

`secondsToLive` 的默认值为 0,这意味着服务账号令牌永不过期。

响应示例:

http
HTTP/1.1 200
Content-Type: application/json

{
	"id": 7,
	"name": "grafana",
	"key": "eyJrIjoiVjFxTHZ6dGdPSjg5Um92MjN1RlhjMkNqYkZUbm9jYkwiLCJuIjoiZ3JhZmFuYSIsImlkIjoxfQ=="
}

删除服务账号令牌

DELETE /api/serviceaccounts/:id/tokens/:tokenId

所需权限

有关说明,请参阅简介中的注释。

操作范围
serviceaccounts:writeserviceaccounts:id:*

请求示例:

http
DELETE /api/serviceaccounts/2/tokens/1 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=

响应示例:

http
HTTP/1.1 200
Content-Type: application/json

{
	"message": "API key deleted"
}

将服务账号令牌还原为 API 密钥

DELETE /api/serviceaccounts/:serviceAccountId/revert/:keyId

此操作将删除服务账号,并为给定的 `keyId` 创建一个旧版 API 密钥。

所需权限

有关说明,请参阅简介中的注释。

操作范围
serviceaccounts:deleteserviceaccounts:id:*

请求示例:

http
DELETE /api/serviceaccounts/1/revert/glsa_VVQjot0nijQ59lun6pMZRtsdBXxnFQ9M_77c34a79 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=

响应示例:

http
HTTP/1.1 200
Content-Type: application/json

{
	"message": "Reverted service account to API key"
}