2021-05-12 09:23:37 -05:00
|
|
|
package setting
|
|
|
|
|
2023-05-15 12:00:54 -05:00
|
|
|
import (
|
2024-03-19 09:56:40 -05:00
|
|
|
"github.com/grafana/grafana-azure-sdk-go/v2/azsettings"
|
2023-12-14 05:48:22 -06:00
|
|
|
"github.com/grafana/grafana/pkg/util"
|
2023-05-15 12:00:54 -05:00
|
|
|
)
|
2021-05-12 09:23:37 -05:00
|
|
|
|
|
|
|
func (cfg *Cfg) readAzureSettings() {
|
2022-04-01 06:26:49 -05:00
|
|
|
azureSettings := &azsettings.AzureSettings{}
|
|
|
|
|
2021-05-12 09:23:37 -05:00
|
|
|
azureSection := cfg.Raw.Section("azure")
|
2024-03-11 03:57:42 -05:00
|
|
|
authSection := cfg.Raw.Section("auth")
|
|
|
|
|
|
|
|
// This setting is specific to Prometheus
|
|
|
|
azureSettings.AzureAuthEnabled = authSection.Key("azure_auth_enabled").MustBool(false)
|
2021-05-12 09:23:37 -05:00
|
|
|
|
|
|
|
// Cloud
|
2022-04-01 06:26:49 -05:00
|
|
|
cloudName := azureSection.Key("cloud").MustString(azsettings.AzurePublic)
|
|
|
|
azureSettings.Cloud = azsettings.NormalizeAzureCloud(cloudName)
|
2021-05-12 09:23:37 -05:00
|
|
|
|
2023-05-15 12:00:54 -05:00
|
|
|
// Managed Identity authentication
|
2022-04-01 06:26:49 -05:00
|
|
|
azureSettings.ManagedIdentityEnabled = azureSection.Key("managed_identity_enabled").MustBool(false)
|
|
|
|
azureSettings.ManagedIdentityClientId = azureSection.Key("managed_identity_client_id").String()
|
2021-05-12 09:23:37 -05:00
|
|
|
|
2023-09-28 06:05:16 -05:00
|
|
|
// Workload Identity authentication
|
|
|
|
if azureSection.Key("workload_identity_enabled").MustBool(false) {
|
|
|
|
azureSettings.WorkloadIdentityEnabled = true
|
|
|
|
workloadIdentitySettings := &azsettings.WorkloadIdentitySettings{}
|
|
|
|
|
|
|
|
if val := azureSection.Key("workload_identity_tenant_id").String(); val != "" {
|
|
|
|
workloadIdentitySettings.TenantId = val
|
|
|
|
}
|
|
|
|
if val := azureSection.Key("workload_identity_client_id").String(); val != "" {
|
|
|
|
workloadIdentitySettings.ClientId = val
|
|
|
|
}
|
|
|
|
if val := azureSection.Key("workload_identity_token_file").String(); val != "" {
|
|
|
|
workloadIdentitySettings.TokenFile = val
|
|
|
|
}
|
|
|
|
|
|
|
|
azureSettings.WorkloadIdentitySettings = workloadIdentitySettings
|
|
|
|
}
|
|
|
|
|
2023-05-15 12:00:54 -05:00
|
|
|
// User Identity authentication
|
|
|
|
if azureSection.Key("user_identity_enabled").MustBool(false) {
|
|
|
|
azureSettings.UserIdentityEnabled = true
|
|
|
|
tokenEndpointSettings := &azsettings.TokenEndpointSettings{}
|
|
|
|
|
|
|
|
// Get token endpoint from Azure AD settings if enabled
|
|
|
|
azureAdSection := cfg.Raw.Section("auth.azuread")
|
|
|
|
if azureAdSection.Key("enabled").MustBool(false) {
|
|
|
|
tokenEndpointSettings.TokenUrl = azureAdSection.Key("token_url").String()
|
|
|
|
tokenEndpointSettings.ClientId = azureAdSection.Key("client_id").String()
|
|
|
|
tokenEndpointSettings.ClientSecret = azureAdSection.Key("client_secret").String()
|
|
|
|
}
|
|
|
|
|
|
|
|
// Override individual settings
|
|
|
|
if val := azureSection.Key("user_identity_token_url").String(); val != "" {
|
|
|
|
tokenEndpointSettings.TokenUrl = val
|
|
|
|
}
|
|
|
|
if val := azureSection.Key("user_identity_client_id").String(); val != "" {
|
|
|
|
tokenEndpointSettings.ClientId = val
|
|
|
|
tokenEndpointSettings.ClientSecret = ""
|
|
|
|
}
|
|
|
|
if val := azureSection.Key("user_identity_client_secret").String(); val != "" {
|
|
|
|
tokenEndpointSettings.ClientSecret = val
|
|
|
|
}
|
2024-05-16 11:50:02 -05:00
|
|
|
if val := azureSection.Key("username_assertion").String(); val != "" && val == "username" {
|
|
|
|
tokenEndpointSettings.UsernameAssertion = true
|
|
|
|
}
|
2023-05-15 12:00:54 -05:00
|
|
|
|
|
|
|
azureSettings.UserIdentityTokenEndpoint = tokenEndpointSettings
|
2024-03-19 11:32:24 -05:00
|
|
|
azureSettings.UserIdentityFallbackCredentialsEnabled = azureSection.Key("user_identity_fallback_credentials_enabled").MustBool(true)
|
2023-05-15 12:00:54 -05:00
|
|
|
}
|
|
|
|
|
2024-05-24 11:40:04 -05:00
|
|
|
if customCloudsJSON := azureSection.Key("clouds_config").MustString(""); customCloudsJSON != "" {
|
|
|
|
if err := azureSettings.SetCustomClouds(customCloudsJSON); err != nil {
|
|
|
|
cfg.Logger.Error("Failed to parse custom Azure cloud settings", "err", err.Error())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-12-14 05:48:22 -06:00
|
|
|
azureSettings.ForwardSettingsPlugins = util.SplitString(azureSection.Key("forward_settings_to_plugins").String())
|
|
|
|
|
2024-07-16 14:08:51 -05:00
|
|
|
azureSettings.AzureEntraPasswordCredentialsEnabled = azureSection.Key("azure_entra_password_credentials_enabled").MustBool(false)
|
|
|
|
|
2022-04-01 06:26:49 -05:00
|
|
|
cfg.Azure = azureSettings
|
2021-05-12 09:23:37 -05:00
|
|
|
}
|