Add service account and RBAC support (#15)

* Add the service account and rbac support

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

Author: ZPascal

Diff for: README.md

@@ -248,16 +248,46 @@ In general my focus inside this project is to implement and deliver old and new
 - Reload LDAP provisioning configuration
 - Rotate data encryption keys
 
+### Service Account
+- Search service accounts
+- Create a service account
+- Get service account by id
+- Update a service account
+- Get service account token by id
+- Create service account token by id
+- Delete service account by id
+
+### RBAC
+- Get status
+- Get all roles
+- Get role
+- Create role
+- Update role
+- Delete role
+- Get user assigned roles
+- Get user assigned permissions
+- Add user role assignment
+- Update user role assignment
+- Remove user role assignment
+- Get service account assigned roles
+- Get service account assigned permissions
+- Add service account role assignment
+- Update service account role assignment
+- Remove service account role assignment
+- Get team assigned roles
+- Add team role assignment
+- Update team role assignment
+- Remove team role assignment
+- Reset basic roles to their default
+
 ## Feature timeline
 
 The following table describes the plan to implement the rest of the Grafana API functionality. Please, open an issue and vote them up, if you prefer a faster implementation of an API functionality.
 
 | API endpoint group | Implementation week | Maintainer | PR | State |
 |:------------------:|:-------------------:|:----------:|:--:|:-----:|
-| [Fine-grained access control HTTP API](https://grafana.com/docs/grafana/latest/http_api/access_control/) | 28 |            |    |  |
-| [Library Element HTTP API](https://grafana.com/docs/grafana/latest/http_api/library_element/) | 30 | |    |  |
-| [Alerting Provisioning HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/alerting_provisioning/) | 31 | |    |  |
-| [Service Account HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/) | 28 | |    |  |
+| [Library Element HTTP API](https://grafana.com/docs/grafana/latest/http_api/library_element/) | 34 | |    |  |
+| [Alerting Provisioning HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/alerting_provisioning/) | 36 | |    |  |
 
 ## Installation
 

Diff for: docs/content/grafana_api/model.md

@@ -21,6 +21,8 @@
   * [AnnotationObject](#grafana_api.model.AnnotationObject)
   * [AnnotationGraphiteObject](#grafana_api.model.AnnotationGraphiteObject)
   * [GlobalUser](#grafana_api.model.GlobalUser)
+  * [CustomRole](#grafana_api.model.CustomRole)
+  * [RolePermission](#grafana_api.model.RolePermission)
 
 <a id="grafana_api.model"></a>
 
@@ -373,3 +375,40 @@ The class includes all necessary variables to generate a global user object
 - `password` _str_ - Specify the password of the user
 - `org_id` _int_ - Specify the optional org id of the user (default None)
 
+<a id="grafana_api.model.CustomRole"></a>
+
+## CustomRole Objects
+
+```python
+class CustomRole(NamedTuple)
+```
+
+The class includes all necessary variables to generate a custom role object
+
+**Arguments**:
+
+- `name` _str_ - Specify the name of the role
+- `uid` _str_ - Specify the optional uid of the role (default None)
+- `global_role` _bool_ - Specify the if the role is global or not. If set to False, the default org id of the authenticated user will be used from the request (default False)
+- `version` _int_ - Specify the optional version of the role (default None)
+- `description` _str_ - Specify the optional description of the role (default None)
+- `display_name` _str_ - Specify the optional display_name of the role (default None)
+- `group` _str_ - Specify the optional org group of the role (default None)
+- `hidden` _bool_ - Specify whether the role is hidden or not.  If set to True, then the role does not show in the role picker. It will not be listed by API endpoints unless explicitly specified (default False)
+- `permissions` _list_ - Specify the optional permissions of the role as a list of the RolePermission objects (default None)
+
+<a id="grafana_api.model.RolePermission"></a>
+
+## RolePermission Objects
+
+```python
+class RolePermission(NamedTuple)
+```
+
+The class includes all necessary variables to generate a role permission object
+
+**Arguments**:
+
+- `action` _str_ - Specify the custom role action definition
+- `scope` _str_ - Specify the scope definition. If not present, no scope will be mapped to the permission (default None)
+

Diff for: docs/content/index.md

@@ -17,10 +17,9 @@ The following list describes the currently supported features of the Grafana API
 - [x] [Folder Permissions HTTP API](https://grafana.com/docs/grafana/v7.5/http_api/folder_permissions/)
 - [x] [Search HTTP API](https://grafana.com/docs/grafana/v7.5/http_api/folder_dashboard_search/)
 - [x] [External Group Sync HTTP API](https://grafana.com/docs/grafana/latest/http_api/external_group_sync/)
-- [ ] [Access control HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/access_control/)
+- [x] [Access control HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/access_control/)
 - [x] [HTTP Preferences API](https://grafana.com/docs/grafana/latest/http_api/preferences/)
 - [x] [HTTP Snapshot API](https://grafana.com/docs/grafana/latest/http_api/snapshot/)
-- [ ] [Library Element HTTP API](https://grafana.com/docs/grafana/latest/http_api/library_element/)
 - [x] [Query History API](https://grafana.com/docs/grafana/latest/http_api/query_history/)
 - [x] [Licensing HTTP API](https://grafana.com/docs/grafana/latest/http_api/licensing/)
 - [x] [Organization HTTP API](https://grafana.com/docs/grafana/latest/http_api/org/)
@@ -30,7 +29,9 @@ The following list describes the currently supported features of the Grafana API
 - [x] [Short URL HTTP API](https://grafana.com/docs/grafana/latest/http_api/short_url/)
 - [x] [Team HTTP API](https://grafana.com/docs/grafana/latest/http_api/team/)
 - [x] [User HTTP API](https://grafana.com/docs/grafana/latest/http_api/user/)
-- [ ] [Service Account HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/)
+- [x] [Service Account HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/)
+- [x] [RBAC HTTP API](https://grafana.com/docs/grafana/latest/http_api/access_control/)
+- [ ] [Library Element HTTP API](https://grafana.com/docs/grafana/latest/http_api/library_element/)
 - [ ] [Alerting Provisioning HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/alerting_provisioning/)
 
 ## Installation

Diff for: docs/grafana_api_sdk.md

@@ -17,10 +17,9 @@ The following list describes the currently supported features of the Grafana API
 - [x] [Folder Permissions HTTP API](https://grafana.com/docs/grafana/v7.5/http_api/folder_permissions/)
 - [x] [Search HTTP API](https://grafana.com/docs/grafana/v7.5/http_api/folder_dashboard_search/)
 - [x] [External Group Sync HTTP API](https://grafana.com/docs/grafana/latest/http_api/external_group_sync/)
-- [ ] [Access control HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/access_control/)
+- [x] [Access control HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/access_control/)
 - [x] [HTTP Preferences API](https://grafana.com/docs/grafana/latest/http_api/preferences/)
 - [x] [HTTP Snapshot API](https://grafana.com/docs/grafana/latest/http_api/snapshot/)
-- [ ] [Library Element HTTP API](https://grafana.com/docs/grafana/latest/http_api/library_element/)
 - [x] [Query History API](https://grafana.com/docs/grafana/latest/http_api/query_history/)
 - [x] [Licensing HTTP API](https://grafana.com/docs/grafana/latest/http_api/licensing/)
 - [x] [Organization HTTP API](https://grafana.com/docs/grafana/latest/http_api/org/)
@@ -30,7 +29,9 @@ The following list describes the currently supported features of the Grafana API
 - [x] [Short URL HTTP API](https://grafana.com/docs/grafana/latest/http_api/short_url/)
 - [x] [Team HTTP API](https://grafana.com/docs/grafana/latest/http_api/team/)
 - [x] [User HTTP API](https://grafana.com/docs/grafana/latest/http_api/user/)
-- [ ] [Service Account HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/)
+- [x] [Service Account HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/)
+- [x] [RBAC HTTP API](https://grafana.com/docs/grafana/latest/http_api/access_control/)
+- [ ] [Library Element HTTP API](https://grafana.com/docs/grafana/latest/http_api/library_element/)
 - [ ] [Alerting Provisioning HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/alerting_provisioning/)
 
 ## Installation

Diff for: setup.py

@@ -8,7 +8,7 @@
 
 setuptools.setup(
     name="grafana-api-sdk",
-    version="0.0.7",
+    version="0.0.8",
     author="Pascal Zimmermann",
     author_email="[email protected]",
     description="A Grafana API SDK",

Diff for: src/grafana_api/admin.py

@@ -77,7 +77,7 @@ def update_settings(self, updates: dict = None, removals: dict = None):
                 .call_the_api(
                     f"{APIEndpoints.ADMIN.value}/settings",
                     RequestsMethods.PUT,
-                    json.dumps(settings_update)
+                    json.dumps(settings_update),
                 )
                 .json()
             )
@@ -153,8 +153,21 @@ def create_global_user(self, user: GlobalUser) -> int:
             api_call (int): Returns the corresponding user id
         """
 
-        if user is not None and len(user.name) != 0 and len(user.email) != 0 and len(user.login) != 0 and len(user.password) != 0:
-            user_object: dict = dict({"name": user.name, "email": user.email, "login": user.login, "password": user.password})
+        if (
+            user is not None
+            and len(user.name) != 0
+            and len(user.email) != 0
+            and len(user.login) != 0
+            and len(user.password) != 0
+        ):
+            user_object: dict = dict(
+                {
+                    "name": user.name,
+                    "email": user.email,
+                    "login": user.login,
+                    "password": user.password,
+                }
+            )
 
             if user.org_id is not None:
                 user_object.update(dict({"OrgId": user.org_id}))
@@ -199,7 +212,7 @@ def update_user_password(self, id: int, password: str):
                 .call_the_api(
                     f"{APIEndpoints.ADMIN.value}/users/{id}/password",
                     RequestsMethods.PUT,
-                    json.dumps(dict({"password": password}))
+                    json.dumps(dict({"password": password})),
                 )
                 .json()
             )
@@ -208,7 +221,9 @@ def update_user_password(self, id: int, password: str):
                 logging.error(f"Please, check the error: {api_call}.")
                 raise Exception
             else:
-                logging.info("You successfully updated the corresponding user password.")
+                logging.info(
+                    "You successfully updated the corresponding user password."
+                )
         else:
             logging.error("There is no id or password defined.")
             raise ValueError
@@ -234,7 +249,7 @@ def update_user_permissions(self, id: int, is_grafana_admin: bool = None):
                 .call_the_api(
                     f"{APIEndpoints.ADMIN.value}/users/{id}/permissions",
                     RequestsMethods.PUT,
-                    json.dumps(dict({"isGrafanaAdmin": is_grafana_admin}))
+                    json.dumps(dict({"isGrafanaAdmin": is_grafana_admin})),
                 )
                 .json()
             )
@@ -243,7 +258,9 @@ def update_user_permissions(self, id: int, is_grafana_admin: bool = None):
                 logging.error(f"Please, check the error: {api_call}.")
                 raise Exception
             else:
-                logging.info("You successfully updated the corresponding user permissions.")
+                logging.info(
+                    "You successfully updated the corresponding user permissions."
+                )
         else:
             logging.error("There is no id or is_grafana_admin defined.")
             raise ValueError
@@ -297,7 +314,7 @@ def pause_all_alerts(self):
             .call_the_api(
                 f"{APIEndpoints.ADMIN.value}/pause-all-alerts",
                 RequestsMethods.POST,
-                json.dumps(dict({"paused": True}))
+                json.dumps(dict({"paused": True})),
             )
             .json()
         )
@@ -324,7 +341,7 @@ def unpause_all_alerts(self):
             .call_the_api(
                 f"{APIEndpoints.ADMIN.value}/pause-all-alerts",
                 RequestsMethods.POST,
-                json.dumps(dict({"paused": False}))
+                json.dumps(dict({"paused": False})),
             )
             .json()
         )
@@ -388,7 +405,7 @@ def revoke_user_auth_token(self, id: int, auth_token_id: int):
                 .call_the_api(
                     f"{APIEndpoints.ADMIN.value}/users/{id}/revoke-auth-token",
                     RequestsMethods.POST,
-                    json.dumps(dict({"authTokenId": auth_token_id}))
+                    json.dumps(dict({"authTokenId": auth_token_id})),
                 )
                 .json()
             )
@@ -422,7 +439,7 @@ def logout_user(self, id: int):
                 .call_the_api(
                     f"{APIEndpoints.ADMIN.value}/users/{id}/logout",
                     RequestsMethods.POST,
-                    json.dumps(dict())
+                    json.dumps(dict()),
                 )
                 .json()
             )
@@ -451,7 +468,7 @@ def reload_dashboards_provisioning_configuration(self):
             .call_the_api(
                 f"{APIEndpoints.ADMIN.value}/provisioning/dashboards/reload",
                 RequestsMethods.POST,
-                json.dumps(dict())
+                json.dumps(dict()),
             )
             .json()
         )
@@ -477,7 +494,7 @@ def reload_datasources_provisioning_configuration(self):
             .call_the_api(
                 f"{APIEndpoints.ADMIN.value}/provisioning/datasources/reload",
                 RequestsMethods.POST,
-                json.dumps(dict())
+                json.dumps(dict()),
             )
             .json()
         )
@@ -503,7 +520,7 @@ def reload_plugins_provisioning_configuration(self):
             .call_the_api(
                 f"{APIEndpoints.ADMIN.value}/provisioning/plugins/reload",
                 RequestsMethods.POST,
-                json.dumps(dict())
+                json.dumps(dict()),
             )
             .json()
         )
@@ -529,7 +546,7 @@ def reload_notifications_provisioning_configuration(self):
             .call_the_api(
                 f"{APIEndpoints.ADMIN.value}/provisioning/notifications/reload",
                 RequestsMethods.POST,
-                json.dumps(dict())
+                json.dumps(dict()),
             )
             .json()
         )
@@ -555,7 +572,7 @@ def reload_access_controls_provisioning_configuration(self):
             .call_the_api(
                 f"{APIEndpoints.ADMIN.value}/provisioning/access-control/reload",
                 RequestsMethods.POST,
-                json.dumps(dict())
+                json.dumps(dict()),
             )
             .json()
         )
@@ -581,7 +598,7 @@ def reload_ldap_configuration(self):
             .call_the_api(
                 f"{APIEndpoints.ADMIN.value}/ldap/reload",
                 RequestsMethods.POST,
-                json.dumps(dict())
+                json.dumps(dict()),
             )
             .json()
         )
@@ -602,13 +619,10 @@ def rotate_data_encryption_keys(self):
             None
         """
 
-        api_call: any = (
-            Api(self.grafana_api_model)
-            .call_the_api(
-                f"{APIEndpoints.ADMIN.value}/encryption/rotate-data-keys",
-                RequestsMethods.POST,
-                json.dumps(dict())
-            )
+        api_call: any = Api(self.grafana_api_model).call_the_api(
+            f"{APIEndpoints.ADMIN.value}/encryption/rotate-data-keys",
+            RequestsMethods.POST,
+            json.dumps(dict()),
         )
 
         if api_call.status_code != 204:

Diff for: src/grafana_api/model.py

@@ -42,6 +42,8 @@ class APIEndpoints(Enum):
     ORG_PREFERENCES = f"{api_prefix}/org/preferences"
     ANNOTATIONS = f"{api_prefix}/annotations"
     ADMIN = f"{api_prefix}/admin"
+    SERVICE_ACCOUNTS = f"{api_prefix}/serviceaccounts"
+    RBAC = f"{api_prefix}/access-control"
 
 
 class RequestsMethods(Enum):
@@ -383,3 +385,41 @@ class GlobalUser(NamedTuple):
     login: str
     password: str
     org_id: int = None
+
+
+class CustomRole(NamedTuple):
+    """The class includes all necessary variables to generate a custom role object
+
+    Args:
+        name (str): Specify the name of the role
+        uid (str): Specify the optional uid of the role (default None)
+        global_role (bool): Specify the if the role is global or not. If set to False, the default org id of the authenticated user will be used from the request (default False)
+        version (int): Specify the optional version of the role (default None)
+        description (str): Specify the optional description of the role (default None)
+        display_name (str): Specify the optional display_name of the role (default None)
+        group (str): Specify the optional org group of the role (default None)
+        hidden (bool): Specify whether the role is hidden or not.  If set to True, then the role does not show in the role picker. It will not be listed by API endpoints unless explicitly specified (default False)
+        permissions (list): Specify the optional permissions of the role as a list of the RolePermission objects (default None)
+    """
+
+    name: str
+    uid: str = None
+    global_role: bool = False
+    version: int = None
+    description: str = None
+    display_name: str = None
+    group: str = None
+    hidden: bool = False
+    permissions: list = None
+
+
+class RolePermission(NamedTuple):
+    """The class includes all necessary variables to generate a role permission object
+
+    Args:
+        action (str): Specify the custom role action definition
+        scope (str): Specify the scope definition. If not present, no scope will be mapped to the permission (default None)
+    """
+
+    action: str
+    scope: str = None