@@ -4,13 +4,13 @@ import (
44 "context"
55 "flag"
66 "fmt"
7- "github.com/grafana/detect-angular-dashboards/build"
87 "net/url"
98 "os"
109 "strings"
1110
1211 "github.com/grafana/detect-angular-dashboards/api/gcom"
1312 "github.com/grafana/detect-angular-dashboards/api/grafana"
13+ "github.com/grafana/detect-angular-dashboards/build"
1414 "github.com/grafana/detect-angular-dashboards/logger"
1515)
1616
@@ -64,6 +64,25 @@ func _main() error {
6464 // Fall back to GCOM (< 10.1.0)
6565 log .Verbosef ("Using GCOM to find Angular plugins" )
6666 log .Logf ("(WARNING, dependencies on private plugins won't be flagged)" )
67+
68+ // Double check that the token has the correct permissions, which is "datasources:create".
69+ // If we don't have such permissions, the plugins endpoint will still return a valid response,
70+ // but it will contain only core plugins:
71+ // https://github.com/grafana/grafana/blob/0315b911ef45b4ce9d3d5c182d8b112c6b9b41da/pkg/api/plugins.go#L56
72+ permissions , err := grCl .GetServiceAccountPermissions (ctx )
73+ if err != nil {
74+ // Do not hard fail if we can't get service account permissions
75+ // as we may be running against an old Grafana version without service accounts
76+ log .Logf ("(WARNING: could not get service account permissions: %v)" , err )
77+ log .Logf ("Please make sure that you have created an ADMIN token or the output will be wrong" )
78+ } else if _ , ok := permissions ["datasources:create" ]; ! ok {
79+ return fmt .Errorf (
80+ `the service account does not have "datasources:create" permission, please provide a ` +
81+ "token for a service account with admin privileges" ,
82+ )
83+ }
84+
85+ // Get the plugins
6786 plugins , err := grCl .GetPlugins (ctx )
6887 if err != nil {
6988 return fmt .Errorf ("get plugins: %w" , err )
0 commit comments