AuthProxy: additions to ttl config change (#20249)

* fixes according to feedback

* additions to config and docs
This commit is contained in:
Jon Gyllenswärd 2019-11-08 10:51:15 +01:00 committed by Torkel Ödegaard
parent 026d13469f
commit 3111c3620b
3 changed files with 12 additions and 5 deletions

View File

@ -396,7 +396,7 @@
;header_name = X-WEBAUTH-USER ;header_name = X-WEBAUTH-USER
;header_property = username ;header_property = username
;auto_sign_up = true ;auto_sign_up = true
;ldap_sync_ttl = 60 ;sync_ttl = 60
;whitelist = 192.168.1.1, 192.168.2.1 ;whitelist = 192.168.1.1, 192.168.2.1
;headers = Email:X-User-Email, Name:X-User-Name ;headers = Email:X-User-Email, Name:X-User-Name
# Read the auth proxy docs for details on what the setting below enables # Read the auth proxy docs for details on what the setting below enables

View File

@ -27,8 +27,9 @@ header_name = X-WEBAUTH-USER
header_property = username header_property = username
# Set to `true` to enable auto sign up of users who do not exist in Grafana DB. Defaults to `true`. # Set to `true` to enable auto sign up of users who do not exist in Grafana DB. Defaults to `true`.
auto_sign_up = true auto_sign_up = true
# If combined with Grafana LDAP integration define sync interval in minutes # Define cache time to live in minutes
ldap_sync_ttl = 60 # If combined with Grafana LDAP integration it is also the sync interval
sync_ttl = 60
# Limit where auth proxy requests come from by configuring a list of IP addresses. # Limit where auth proxy requests come from by configuring a list of IP addresses.
# This can be used to prevent users spoofing the X-WEBAUTH-USER header. # This can be used to prevent users spoofing the X-WEBAUTH-USER header.
# Example `whitelist = 192.168.1.1, 192.168.1.0/24, 2001::23, 2001::0/120` # Example `whitelist = 192.168.1.1, 192.168.1.0/24, 2001::23, 2001::0/120`

View File

@ -46,6 +46,12 @@ var (
ERR_TEMPLATE_NAME = "error" ERR_TEMPLATE_NAME = "error"
) )
// This constant corresponds to the default value for ldap_sync_ttl in .ini files
// it is used for comparision and has to be kept in sync
const (
AUTH_PROXY_SYNC_TTL = 60
)
var ( var (
// App settings. // App settings.
Env = DEV Env = DEV
@ -860,7 +866,7 @@ func (cfg *Cfg) Load(args *CommandLineArgs) error {
ldapSyncVal := authProxy.Key("ldap_sync_ttl").MustInt() ldapSyncVal := authProxy.Key("ldap_sync_ttl").MustInt()
syncVal := authProxy.Key("sync_ttl").MustInt() syncVal := authProxy.Key("sync_ttl").MustInt()
if ldapSyncVal != 60 { if ldapSyncVal != AUTH_PROXY_SYNC_TTL {
AuthProxySyncTtl = ldapSyncVal AuthProxySyncTtl = ldapSyncVal
cfg.Logger.Warn("[Deprecated] the configuration setting 'ldap_sync_ttl' is deprecated, please use 'sync_ttl' instead") cfg.Logger.Warn("[Deprecated] the configuration setting 'ldap_sync_ttl' is deprecated, please use 'sync_ttl' instead")
} else { } else {