fix(grafana): resolve CI failures

syrull · syrull · commit 82d037b759a5 · 2026-04-01T15:49:16.000+03:00
- Add license header to grafana.lr (copywrite check)
- Fix gofmt struct tag alignment in service_accounts.go
- Extract fetchServiceAccountPage helper to avoid defer resp.Body.Close()
  inside pagination loop (FD leak on multi-page results)
diff --git a/providers/grafana/resources/grafana.lr b/providers/grafana/resources/grafana.lr
@@ -1,3 +1,6 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 option provider = "go.mondoo.com/mql/v13/providers/grafana"
 option go_package = "go.mondoo.com/mql/v13/providers/grafana/resources"
 
diff --git a/providers/grafana/resources/service_accounts.go b/providers/grafana/resources/service_accounts.go
@@ -11,6 +11,7 @@ import (
 	"strconv"
 
 	"go.mondoo.com/mql/v13/llx"
+	"go.mondoo.com/mql/v13/providers/grafana/connection"
 )
 
 // grafanaServiceAccountJSON mirrors one element of the /api/serviceaccounts/search response.
@@ -26,10 +27,10 @@ type grafanaServiceAccountJSON struct {
 
 // grafanaServiceAccountsResponse wraps the paginated service accounts endpoint.
 type grafanaServiceAccountsResponse struct {
-	TotalCount      int                             `json:"totalCount"`
-	ServiceAccounts []grafanaServiceAccountJSON      `json:"serviceAccounts"`
-	Page            int                             `json:"page"`
-	PerPage         int                             `json:"perPage"`
+	TotalCount      int                         `json:"totalCount"`
+	ServiceAccounts []grafanaServiceAccountJSON `json:"serviceAccounts"`
+	Page            int                         `json:"page"`
+	PerPage         int                         `json:"perPage"`
 }
 
 // grafanaTokenJSON mirrors one element of the /api/serviceaccounts/{id}/tokens response.
@@ -45,6 +46,27 @@ type grafanaTokenJSON struct {
 
 const serviceAccountPageSize = 1000
 
+// fetchServiceAccountPage fetches a single page of service accounts and closes
+// the response body before returning, avoiding FD leaks in pagination loops.
+func fetchServiceAccountPage(conn *connection.GrafanaConnection, page int) (*grafanaServiceAccountsResponse, error) {
+	path := fmt.Sprintf("/api/serviceaccounts/search?perpage=%d&page=%d", serviceAccountPageSize, page)
+	resp, err := conn.Get(context.Background(), path)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("grafana: GET /api/serviceaccounts/search returned status %d", resp.StatusCode)
+	}
+
+	var result grafanaServiceAccountsResponse
+	if err := json.NewDecoder(resp.Body).Decode(&result); err != nil {
+		return nil, fmt.Errorf("grafana: decoding /api/serviceaccounts/search response: %w", err)
+	}
+	return &result, nil
+}
+
 func (g *mqlGrafana) serviceAccounts() ([]interface{}, error) {
 	conn, err := grafanaConnection(g.MqlRuntime)
 	if err != nil {
@@ -56,20 +78,10 @@ func (g *mqlGrafana) serviceAccounts() ([]interface{}, error) {
 	// page returns fewer results than requested.
 	var allSAs []grafanaServiceAccountJSON
 	for page := 1; ; page++ {
-		path := fmt.Sprintf("/api/serviceaccounts/search?perpage=%d&page=%d", serviceAccountPageSize, page)
-		resp, err := conn.Get(context.Background(), path)
+		result, err := fetchServiceAccountPage(conn, page)
 		if err != nil {
 			return nil, err
 		}
-		defer resp.Body.Close()
-		if resp.StatusCode != http.StatusOK {
-			return nil, fmt.Errorf("grafana: GET /api/serviceaccounts/search returned status %d", resp.StatusCode)
-		}
-
-		var result grafanaServiceAccountsResponse
-		if err := json.NewDecoder(resp.Body).Decode(&result); err != nil {
-			return nil, fmt.Errorf("grafana: decoding /api/serviceaccounts/search response: %w", err)
-		}
 
 		allSAs = append(allSAs, result.ServiceAccounts...)
 
