From 39e4f8ec1bb5696aa38dd5362cf7f7d1789d0ed0 Mon Sep 17 00:00:00 2001 From: Mihai Doarna Date: Fri, 12 Jan 2024 10:24:16 +0200 Subject: [PATCH] Auth: configure SSO settings reload interval from the ini file (#80290) * configure sso reload interval from ini file * change section name to sso_settings --- conf/defaults.ini | 11 +++++++++-- pkg/services/ssosettings/ssosettingsimpl/service.go | 7 ++++++- pkg/setting/setting.go | 7 +++++++ 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/conf/defaults.ini b/conf/defaults.ini index 44cf482e6d2..a12fccf8467 100644 --- a/conf/defaults.ini +++ b/conf/defaults.ini @@ -577,6 +577,13 @@ id_response_header_prefix = X-Grafana # The header value will encode the namespace ("user:", "api-key:", "service-account:") id_response_header_namespaces = user api-key service-account +#################################### SSO Settings ########################### +[sso_settings] +# interval for reloading the SSO Settings from the database +# useful in high availability setups running multiple Grafana instances +# set to 0 to disable this feature +reload_interval = 1m + #################################### Anonymous Auth ###################### [auth.anonymous] # enable anonymous access @@ -592,7 +599,7 @@ org_role = Viewer hide_version = false # number of devices in total -device_limit = +device_limit = #################################### GitHub Auth ######################### [auth.github] @@ -843,7 +850,7 @@ skip_org_role_sync = false sync_cron = "0 1 * * *" active_sync_enabled = true -#################################### AWS ########################### +#################################### AWS ##################################### [aws] # Enter a comma-separated list of allowed AWS authentication providers. # Options are: default (AWS SDK Default), keys (Access && secret key), credentials (Credentials field), ec2_iam_role (EC2 IAM Role) diff --git a/pkg/services/ssosettings/ssosettingsimpl/service.go b/pkg/services/ssosettings/ssosettingsimpl/service.go index c183f45928d..d3cc7d12568 100644 --- a/pkg/services/ssosettings/ssosettingsimpl/service.go +++ b/pkg/services/ssosettings/ssosettingsimpl/service.go @@ -252,7 +252,12 @@ func (s *SSOSettingsService) encryptSecrets(ctx context.Context, settings map[st } func (s *SSOSettingsService) Run(ctx context.Context) error { - ticker := time.NewTicker(1 * time.Minute) + interval := s.cfg.SSOSettingsReloadInterval + if interval == 0 { + return nil + } + + ticker := time.NewTicker(interval) // start a background process for reloading the SSO settings for all providers at a fixed interval // it is useful for high availability setups running multiple Grafana instances diff --git a/pkg/setting/setting.go b/pkg/setting/setting.go index 5d64662721a..c972504d2a3 100644 --- a/pkg/setting/setting.go +++ b/pkg/setting/setting.go @@ -342,6 +342,9 @@ type Cfg struct { ExtendedJWTExpectIssuer string ExtendedJWTExpectAudience string + // SSO Settings Auth + SSOSettingsReloadInterval time.Duration + // Dataproxy SendUserHeader bool DataProxyLogging bool @@ -1623,6 +1626,10 @@ func readAuthSettings(iniFile *ini.File, cfg *Cfg) (err error) { cfg.AuthProxyHeadersEncoded = authProxy.Key("headers_encoded").MustBool(false) + // SSO Settings + ssoSettings := iniFile.Section("sso_settings") + cfg.SSOSettingsReloadInterval = ssoSettings.Key("reload_interval").MustDuration(1 * time.Minute) + return nil }