wip

Author: ndk

controllers/serviceaccount_controller.go

@@ -286,63 +286,36 @@ func buildUpdateFormIfNeeded(spec *v1beta1.GrafanaServiceAccountSpec, status *v1
 	return form
 }
 
-// computeGrafanaLogin reconstructs the internal login identifier that Grafana generates for a service account.
-//
-// Grafana internally uses two fields: 'login' (immutable identifier) and 'name' (display name).
-// When creating a service account via API, you only provide 'name', and Grafana generates 'login'
-// using the pattern: "sa-{orgID}-{name}". Since we only store the desired name in the CR spec
-// and need to find existing accounts, we need to recreate this logic to compute the expected login.
-//
-// NOTE: This is a workaround that duplicates Grafana's internal logic. Ideally, Grafana would
-// support metadata/labels on service accounts or provide direct lookup by name. Until then,
-// we rely on this reverse-engineered logic to match accounts.
-//
-// Borrowed from Grafana: https://github.com/grafana/grafana/blob/e3cb84bef8579db2cead8398b751c5d2c9d563f0/pkg/services/serviceaccounts/database/store.go#L61
-func computeGrafanaLogin(orgID int64, name string) string {
-	const (
-		serviceAccountPrefix = "sa-"
-	)
-
-	generatedLogin := fmt.Sprintf("%v-%v-%v", serviceAccountPrefix, orgID, strings.ToLower(name))
-	// in case the name has multiple spaces or dashes in the prefix or otherwise, replace them with a single dash
-	generatedLogin = strings.Replace(generatedLogin, "--", "-", 1)
-
-	return strings.ReplaceAll(generatedLogin, " ", "-")
-}
-
 // ensureAccount guarantees that a service account exists in Grafana with the desired name.
 // If found, it syncs the account status including tokens. If not found, it creates a new account.
 func (r *GrafanaServiceAccountReconciler) ensureAccount(
 	ctx context.Context,
 	gClient *genapi.GrafanaHTTPAPI,
 	cr *v1beta1.GrafanaServiceAccount,
 ) error {
-	for page := int64(1); ; page++ {
-		saList, err := gClient.ServiceAccounts.SearchOrgServiceAccountsWithPaging(
+	// If we have an ID in status, try to fetch the account directly
+	if cr.Status.Account != nil && cr.Status.Account.ID > 0 {
+		retrieve, err := gClient.ServiceAccounts.RetrieveServiceAccountWithParams(
 			service_accounts.
-				NewSearchOrgServiceAccountsWithPagingParamsWithContext(ctx).
-				WithQuery(&cr.Spec.Name).
-				WithPage(&page),
+				NewRetrieveServiceAccountParamsWithContext(ctx).
+				WithServiceAccountID(cr.Status.Account.ID),
 		)
-		if err != nil {
-			return fmt.Errorf("listing service accounts (page %d): %w", page, err)
+		if err == nil {
+			return r.populateStatusFromGrafana(ctx, gClient, cr, retrieve.Payload)
 		}
 
-		for _, sa := range saList.Payload.ServiceAccounts {
-			// TODO: Currently we use OrgID from the returned service accounts, which works
-			// because we only operate in the default org. When multi-org support is added,
-			// we should fetch the current org ID from the client to ensure correct matching:
-			// org, err := gClient.Org.GetCurrentOrgWithParams(...)
-			if sa.Login == computeGrafanaLogin(sa.OrgID, cr.Spec.Name) {
-				return r.populateStatusFromGrafana(ctx, gClient, cr, sa)
-			}
+		// ATM, service_accounts.RetrieveServiceAccountNotFound doesn't have Is, Unwrap, Unwrap.
+		// So, we cannot rely only on errors.Is().
+		_, notFound := err.(*service_accounts.RetrieveServiceAccountNotFound) // nolint:errorlint
+		if !notFound && !errors.Is(err, service_accounts.NewRetrieveServiceAccountNotFound()) {
+			return fmt.Errorf("retrieving service account by ID %d: %w", cr.Status.Account.ID, err)
 		}
 
-		if len(saList.Payload.ServiceAccounts) == 0 || (saList.Payload.Page*saList.Payload.PerPage) >= saList.Payload.TotalCount {
-			break
-		}
+		// Service account not found, clear the status and create a new one
+		cr.Status.Account = nil
 	}
 
+	// No ID in status or account not found, create a new one
 	if err := r.createAccount(ctx, gClient, cr); err != nil {
 		return fmt.Errorf("creating service account: %w", err)
 	}