IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Refactor: Move LDAP auth config frontend registration to OSS (#73941)

Browse Source 
* Refactor: move ldap auth registration to OSS

* Update public/app/features/auth-config/types.ts

* fix: permission settingswrite

* fix: types for typescript find()

* fix: linting

* fix: removed types that are implicit

* added text for no available authentication providers

* refactor: make use of ldapenabled instead for minimal changes
This commit is contained in:
Eric Leijonmarck 2023-08-29 14:49:00 +01:00 committed by GitHub
parent 37ceffb74c
commit 6b9f51c209
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 43 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/services/navtree/navtreeimpl/admin.go
View File

@ -15,7 +15,7 @@ func (s *ServiceImpl) getAdminNode(c *contextmodel.ReqContext) (*navtree.NavLink
hasAccess := ac.HasAccess(s.accessControl, c) hasAccess := ac.HasAccess(s.accessControl, c)
hasGlobalAccess := ac.HasGlobalAccess(s.accessControl, s.accesscontrolService, c) hasGlobalAccess := ac.HasGlobalAccess(s.accessControl, s.accesscontrolService, c)
orgsAccessEvaluator := ac.EvalPermission(ac.ActionOrgsRead) orgsAccessEvaluator := ac.EvalPermission(ac.ActionOrgsRead)
authConfigUIAvailable := s.license.FeatureEnabled("saml") authConfigUIAvailable := s.license.FeatureEnabled("saml") || s.cfg.LDAPAuthEnabled
// FIXME: while we don't have a permissions for listing plugins the legacy check has to stay as a default // FIXME: while we don't have a permissions for listing plugins the legacy check has to stay as a default
if pluginaccesscontrol.ReqCanAdminPlugins(s.cfg)(c) || hasAccess(pluginaccesscontrol.AdminAccessEvaluator) { if pluginaccesscontrol.ReqCanAdminPlugins(s.cfg)(c) || hasAccess(pluginaccesscontrol.AdminAccessEvaluator) {

3
public/app/app.ts
View File

@ -68,6 +68,7 @@ import { GrafanaJavascriptAgentBackend } from './core/services/echo/backends/gra
import { KeybindingSrv } from './core/services/keybindingSrv'; import { KeybindingSrv } from './core/services/keybindingSrv';
import { startMeasure, stopMeasure } from './core/utils/metrics'; import { startMeasure, stopMeasure } from './core/utils/metrics';
import { initDevFeatures } from './dev'; import { initDevFeatures } from './dev';
import { initAuthConfig } from './features/auth-config';
import { getTimeSrv } from './features/dashboard/services/TimeSrv'; import { getTimeSrv } from './features/dashboard/services/TimeSrv';
import { initGrafanaLive } from './features/live'; import { initGrafanaLive } from './features/live';
import { PanelDataErrorView } from './features/panel/components/PanelDataErrorView'; import { PanelDataErrorView } from './features/panel/components/PanelDataErrorView';
@ -132,6 +133,8 @@ export class GrafanaApp {
setTimeZoneResolver(() => config.bootData.user.timezone); setTimeZoneResolver(() => config.bootData.user.timezone);
initGrafanaLive(); initGrafanaLive();
initAuthConfig();
// Expose the app-wide eventbus // Expose the app-wide eventbus
setAppEvents(appEvents); setAppEvents(appEvents);

31
public/app/features/auth-config/index.ts
View File

@ -1,4 +1,6 @@
import { Settings, SettingsSection } from 'app/types'; import { contextSrv } from 'app/core/core';
import { getBackendSrv } from 'app/core/services/backend_srv';
import { AccessControlAction, Settings, SettingsSection } from 'app/types';
import { AuthProviderInfo, GetStatusHook, AuthProviderStatus } from './types'; import { AuthProviderInfo, GetStatusHook, AuthProviderStatus } from './types';
@ -27,7 +29,7 @@ export function getAuthProviderInfo(provider: string) {
export function getAuthProviders(cfg: Settings): SettingsSection[] { export function getAuthProviders(cfg: Settings): SettingsSection[] {
const providers: SettingsSection[] = []; const providers: SettingsSection[] = [];
for (const [section, sectionConfig] of Object.entries(cfg)) { for (const [section, sectionConfig] of Object.entries(cfg)) {
const provider = registeredAuthProviders.find((provider) => `auth.${provider.id}` === section); const provider = registeredAuthProviders.find((provider: AuthProviderInfo) => `auth.${provider.id}` === section);
if (provider) { if (provider) {
const providerData = { const providerData = {
...sectionConfig, ...sectionConfig,
@ -47,3 +49,28 @@ export async function getAuthProviderStatus(providerId: string): Promise<AuthPro
} }
return { configured: false, enabled: false }; return { configured: false, enabled: false };
} }
export function initAuthConfig() {
const ldapAuthProvider: AuthProviderInfo = {
id: 'ldap',
type: 'LDAP',
protocol: 'LDAP',
displayName: 'LDAP',
configPath: 'ldap',
};
registerAuthProvider(ldapAuthProvider, getConfigHookLDAP);
}
async function getConfigHookLDAP(): Promise<AuthProviderStatus> {
if (contextSrv.hasPermission(AccessControlAction.SettingsRead)) {
const result = await getBackendSrv().get('/api/admin/settings');
const ldapSettings = result!['auth.ldap'] || {};
return {
configured: ldapSettings['enabled'] === 'true',
enabled: ldapSettings['enabled'] === 'true',
hide: ldapSettings['enabled'] !== 'true',
};
}
return { configured: false, enabled: false };
}

19
public/app/routes/routes.tsx
View File

@ -299,19 +299,20 @@ export function getAppRoutes(): RouteDescriptor[] {
component: SafeDynamicImport(() => import(/* webpackChunkName: "TeamPages" */ 'app/features/teams/TeamPages')), component: SafeDynamicImport(() => import(/* webpackChunkName: "TeamPages" */ 'app/features/teams/TeamPages')),
}, },
// ADMIN // ADMIN
{
path: '/admin/authentication',
roles: () => contextSrv.evaluatePermission(() => ['Admin', 'ServerAdmin'], [AccessControlAction.SettingsWrite]),
component: config.licenseInfo.enabledFeatures?.saml
? SafeDynamicImport(
() => import(/* webpackChunkName: "AdminAuthentication" */ 'app/features/auth-config/AuthConfigPage')
)
: () => <Redirect to="/admin" />,
},
{ {
path: '/admin', path: '/admin',
component: () => <NavLandingPage navId="cfg" header={<ConnectionsRedirectNotice />} />, component: () => <NavLandingPage navId="cfg" header={<ConnectionsRedirectNotice />} />,
}, },
{
path: '/admin/authentication',
roles: () => contextSrv.evaluatePermission(() => ['Admin', 'ServerAdmin'], [AccessControlAction.SettingsWrite]),
component:
config.licenseInfo.enabledFeatures?.saml || config.ldapEnabled
? SafeDynamicImport(
() => import(/* webpackChunkName: "AdminAuthentication" */ 'app/features/auth-config/AuthConfigPage')
)
: () => <Redirect to="/admin" />,
},
{ {
path: '/admin/access', path: '/admin/access',
component: () => <NavLandingPage navId="admin/access" />, component: () => <NavLandingPage navId="admin/access" />,