Refactor: Move LDAP auth config frontend registration to OSS (#73941)

* Refactor: move ldap auth registration to OSS * Update public/app/features/auth-config/types.ts * fix: permission settingswrite * fix: types for typescript find() * fix: linting * fix: removed types that are implicit * added text for no available authentication providers * refactor: make use of ldapenabled instead for minimal changes
2025-02-25 18:55:37 -06:00 · 2023-08-29 14:49:00 +01:00 · 2023-08-29 14:49:00 +01:00 · 6b9f51c209
commit 6b9f51c209
parent 37ceffb74c
4 changed files with 43 additions and 12 deletions
--- a/pkg/services/navtree/navtreeimpl/admin.go
+++ b/pkg/services/navtree/navtreeimpl/admin.go
@ -15,7 +15,7 @@ func (s *ServiceImpl) getAdminNode(c *contextmodel.ReqContext) (*navtree.NavLink
 	hasAccess := ac.HasAccess(s.accessControl, c)
 	hasGlobalAccess := ac.HasGlobalAccess(s.accessControl, s.accesscontrolService, c)
 	orgsAccessEvaluator := ac.EvalPermission(ac.ActionOrgsRead)
-	authConfigUIAvailable := s.license.FeatureEnabled("saml")
+	authConfigUIAvailable := s.license.FeatureEnabled("saml") || s.cfg.LDAPAuthEnabled

 	// FIXME: while we don't have a permissions for listing plugins the legacy check has to stay as a default
 	if pluginaccesscontrol.ReqCanAdminPlugins(s.cfg)(c) || hasAccess(pluginaccesscontrol.AdminAccessEvaluator) {
--- a/public/app/app.ts
+++ b/public/app/app.ts
@ -68,6 +68,7 @@ import { GrafanaJavascriptAgentBackend } from './core/services/echo/backends/gra
 import { KeybindingSrv } from './core/services/keybindingSrv';
 import { startMeasure, stopMeasure } from './core/utils/metrics';
 import { initDevFeatures } from './dev';
+import { initAuthConfig } from './features/auth-config';
 import { getTimeSrv } from './features/dashboard/services/TimeSrv';
 import { initGrafanaLive } from './features/live';
 import { PanelDataErrorView } from './features/panel/components/PanelDataErrorView';
@ -132,6 +133,8 @@ export class GrafanaApp {
      setTimeZoneResolver(() => config.bootData.user.timezone);
      initGrafanaLive();

+      initAuthConfig();
+
      // Expose the app-wide eventbus
      setAppEvents(appEvents);

--- a/public/app/features/auth-config/index.ts
+++ b/public/app/features/auth-config/index.ts
@ -1,4 +1,6 @@
-import { Settings, SettingsSection } from 'app/types';
+import { contextSrv } from 'app/core/core';
+import { getBackendSrv } from 'app/core/services/backend_srv';
+import { AccessControlAction, Settings, SettingsSection } from 'app/types';

 import { AuthProviderInfo, GetStatusHook, AuthProviderStatus } from './types';

@ -27,7 +29,7 @@ export function getAuthProviderInfo(provider: string) {
 export function getAuthProviders(cfg: Settings): SettingsSection[] {
  const providers: SettingsSection[] = [];
  for (const [section, sectionConfig] of Object.entries(cfg)) {
-    const provider = registeredAuthProviders.find((provider) => `auth.${provider.id}` === section);
+    const provider = registeredAuthProviders.find((provider: AuthProviderInfo) => `auth.${provider.id}` === section);
    if (provider) {
      const providerData = {
        ...sectionConfig,
@ -47,3 +49,28 @@ export async function getAuthProviderStatus(providerId: string): Promise<AuthPro
  }
  return { configured: false, enabled: false };
 }
+
+export function initAuthConfig() {
+  const ldapAuthProvider: AuthProviderInfo = {
+    id: 'ldap',
+    type: 'LDAP',
+    protocol: 'LDAP',
+    displayName: 'LDAP',
+    configPath: 'ldap',
+  };
+  registerAuthProvider(ldapAuthProvider, getConfigHookLDAP);
+}
+
+async function getConfigHookLDAP(): Promise<AuthProviderStatus> {
+  if (contextSrv.hasPermission(AccessControlAction.SettingsRead)) {
+    const result = await getBackendSrv().get('/api/admin/settings');
+    const ldapSettings = result!['auth.ldap'] || {};
+    return {
+      configured: ldapSettings['enabled'] === 'true',
+      enabled: ldapSettings['enabled'] === 'true',
+      hide: ldapSettings['enabled'] !== 'true',
+    };
+  }
+
+  return { configured: false, enabled: false };
+}
--- a/public/app/routes/routes.tsx
+++ b/public/app/routes/routes.tsx
@ -299,19 +299,20 @@ export function getAppRoutes(): RouteDescriptor[] {
      component: SafeDynamicImport(() => import(/* webpackChunkName: "TeamPages" */ 'app/features/teams/TeamPages')),
    },
    // ADMIN
-    {
-      path: '/admin/authentication',
-      roles: () => contextSrv.evaluatePermission(() => ['Admin', 'ServerAdmin'], [AccessControlAction.SettingsWrite]),
-      component: config.licenseInfo.enabledFeatures?.saml
-        ? SafeDynamicImport(
-            () => import(/* webpackChunkName: "AdminAuthentication" */ 'app/features/auth-config/AuthConfigPage')
-          )
-        : () => <Redirect to="/admin" />,
-    },
    {
      path: '/admin',
      component: () => <NavLandingPage navId="cfg" header={<ConnectionsRedirectNotice />} />,
    },
+    {
+      path: '/admin/authentication',
+      roles: () => contextSrv.evaluatePermission(() => ['Admin', 'ServerAdmin'], [AccessControlAction.SettingsWrite]),
+      component:
+        config.licenseInfo.enabledFeatures?.saml || config.ldapEnabled
+          ? SafeDynamicImport(
+              () => import(/* webpackChunkName: "AdminAuthentication" */ 'app/features/auth-config/AuthConfigPage')
+            )
+          : () => <Redirect to="/admin" />,
+    },
    {
      path: '/admin/access',
      component: () => <NavLandingPage navId="admin/access" />,