AuthProxy: additions to ttl config change (#20249)

* fixes according to feedback

* additions to config and docs
This commit is contained in:
Jon Gyllenswärd 2019-11-08 10:51:15 +01:00 committed by Torkel Ödegaard
parent 026d13469f
commit 3111c3620b
3 changed files with 12 additions and 5 deletions

View File

@ -329,7 +329,7 @@
;token_url = https://foo.bar/login/oauth/access_token
;api_url = https://foo.bar/user
;team_ids =
;allowed_organizations =
;allowed_organizations =
;role_attribute_path =
;tls_skip_verify_insecure = false
;tls_client_cert =
@ -396,7 +396,7 @@
;header_name = X-WEBAUTH-USER
;header_property = username
;auto_sign_up = true
;ldap_sync_ttl = 60
;sync_ttl = 60
;whitelist = 192.168.1.1, 192.168.2.1
;headers = Email:X-User-Email, Name:X-User-Name
# Read the auth proxy docs for details on what the setting below enables

View File

@ -27,8 +27,9 @@ header_name = X-WEBAUTH-USER
header_property = username
# Set to `true` to enable auto sign up of users who do not exist in Grafana DB. Defaults to `true`.
auto_sign_up = true
# If combined with Grafana LDAP integration define sync interval in minutes
ldap_sync_ttl = 60
# Define cache time to live in minutes
# If combined with Grafana LDAP integration it is also the sync interval
sync_ttl = 60
# Limit where auth proxy requests come from by configuring a list of IP addresses.
# This can be used to prevent users spoofing the X-WEBAUTH-USER header.
# Example `whitelist = 192.168.1.1, 192.168.1.0/24, 2001::23, 2001::0/120`

View File

@ -46,6 +46,12 @@ var (
ERR_TEMPLATE_NAME = "error"
)
// This constant corresponds to the default value for ldap_sync_ttl in .ini files
// it is used for comparision and has to be kept in sync
const (
AUTH_PROXY_SYNC_TTL = 60
)
var (
// App settings.
Env = DEV
@ -860,7 +866,7 @@ func (cfg *Cfg) Load(args *CommandLineArgs) error {
ldapSyncVal := authProxy.Key("ldap_sync_ttl").MustInt()
syncVal := authProxy.Key("sync_ttl").MustInt()
if ldapSyncVal != 60 {
if ldapSyncVal != AUTH_PROXY_SYNC_TTL {
AuthProxySyncTtl = ldapSyncVal
cfg.Logger.Warn("[Deprecated] the configuration setting 'ldap_sync_ttl' is deprecated, please use 'sync_ttl' instead")
} else {