mirror of
https://github.com/grafana/grafana.git
synced 2024-12-26 08:51:33 -06:00
IDForwarding: Set identity type and uid (#91830)
* Set identity type and uid * Set uid without prefix * Update authlib version * Update to new claim name
This commit is contained in:
Karl Persson
GitHub
parent
d1b0e70f8d
commit
8d36111420
4
go.mod
4
go.mod
@ -75,8 +75,8 @@ require (
|
||||
github.com/gorilla/mux v1.8.1 // @grafana/grafana-backend-group
|
||||
github.com/gorilla/websocket v1.5.0 // @grafana/grafana-app-platform-squad
|
||||
github.com/grafana/alerting v0.0.0-20240812131556-611a23ff0f7f // @grafana/alerting-backend
|
||||
github.com/grafana/authlib v0.0.0-20240812070441-ccb639ea96d0 // @grafana/identity-access-team
|
||||
github.com/grafana/authlib/claims v0.0.0-20240809101159-74eaccc31a06 // @grafana/identity-access-team
|
||||
github.com/grafana/authlib v0.0.0-20240814074258-eae7d47f01db // @grafana/identity-access-team
|
||||
github.com/grafana/authlib/claims v0.0.0-20240814072707-6cffd53bb828 // @grafana/identity-access-team
|
||||
github.com/grafana/codejen v0.0.3 // @grafana/dataviz-squad
|
||||
github.com/grafana/cuetsy v0.1.11 // @grafana/grafana-as-code
|
||||
github.com/grafana/dataplane/examples v0.0.1 // @grafana/observability-metrics
|
||||
|
||||
8
go.sum
8
go.sum
@ -2308,10 +2308,10 @@ github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWm
|
||||
github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
|
||||
github.com/grafana/alerting v0.0.0-20240812131556-611a23ff0f7f h1:c8QAFXkilBiF29xc7oKO2IkbGE3bp9NIKgiNLazdooY=
|
||||
github.com/grafana/alerting v0.0.0-20240812131556-611a23ff0f7f/go.mod h1:DLj8frbtCaITljC2jc0L85JQViPF3mPfOSiYhm1osso=
|
||||
github.com/grafana/authlib v0.0.0-20240812070441-ccb639ea96d0 h1:LDLHuN0nwa9fwZUKQrOBflePLxzOz4u4AuNutI78AHk=
|
||||
github.com/grafana/authlib v0.0.0-20240812070441-ccb639ea96d0/go.mod h1:71+xJm0AE6eNGNExUvnABtyEztQ/Acb53/TAdOgwdmc=
|
||||
github.com/grafana/authlib/claims v0.0.0-20240809101159-74eaccc31a06 h1:uD1LcKwvEAqzDsgVChBudPqo5BhPxkj9AgylT5QCReo=
|
||||
github.com/grafana/authlib/claims v0.0.0-20240809101159-74eaccc31a06/go.mod h1:r+F8H6awwjNQt/KPZ2GNwjk8TvsJ7/gxzkXN26GlL/A=
|
||||
github.com/grafana/authlib v0.0.0-20240814074258-eae7d47f01db h1:z++X4DdoX+aNlZNT1ZY4cykiFay4+f077pa0AG48SGg=
|
||||
github.com/grafana/authlib v0.0.0-20240814074258-eae7d47f01db/go.mod h1:ptt910z9KFfpVSIbSbXvTRR7tS19mxD7EtmVbbJi/WE=
|
||||
github.com/grafana/authlib/claims v0.0.0-20240814072707-6cffd53bb828 h1:Hk6Oe0o1yIfdm2+2F3yHLjuaktukGVEOjju2txQXu8c=
|
||||
github.com/grafana/authlib/claims v0.0.0-20240814072707-6cffd53bb828/go.mod h1:r+F8H6awwjNQt/KPZ2GNwjk8TvsJ7/gxzkXN26GlL/A=
|
||||
github.com/grafana/codejen v0.0.3 h1:tAWxoTUuhgmEqxJPOLtJoxlPBbMULFwKFOcRsPRPXDw=
|
||||
github.com/grafana/codejen v0.0.3/go.mod h1:zmwwM/DRyQB7pfuBjTWII3CWtxcXh8LTwAYGfDfpR6s=
|
||||
github.com/grafana/cue v0.0.0-20230926092038-971951014e3f h1:TmYAMnqg3d5KYEAaT6PtTguL2GjLfvr6wnAX8Azw6tQ=
|
||||
|
||||
@ -3,8 +3,8 @@ module github.com/grafana/grafana/pkg/apimachinery
|
||||
go 1.22.4
|
||||
|
||||
require (
|
||||
github.com/grafana/authlib v0.0.0-20240812070441-ccb639ea96d0 // @grafana/identity-access-team
|
||||
github.com/grafana/authlib/claims v0.0.0-20240809101159-74eaccc31a06 // @grafana/identity-access-team
|
||||
github.com/grafana/authlib v0.0.0-20240814074258-eae7d47f01db // @grafana/identity-access-team
|
||||
github.com/grafana/authlib/claims v0.0.0-20240814072707-6cffd53bb828 // @grafana/identity-access-team
|
||||
github.com/stretchr/testify v1.9.0
|
||||
k8s.io/apimachinery v0.31.0
|
||||
k8s.io/apiserver v0.31.0
|
||||
|
||||
@ -28,10 +28,10 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
|
||||
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
|
||||
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
|
||||
github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
|
||||
github.com/grafana/authlib v0.0.0-20240812070441-ccb639ea96d0 h1:LDLHuN0nwa9fwZUKQrOBflePLxzOz4u4AuNutI78AHk=
|
||||
github.com/grafana/authlib v0.0.0-20240812070441-ccb639ea96d0/go.mod h1:71+xJm0AE6eNGNExUvnABtyEztQ/Acb53/TAdOgwdmc=
|
||||
github.com/grafana/authlib/claims v0.0.0-20240809101159-74eaccc31a06 h1:uD1LcKwvEAqzDsgVChBudPqo5BhPxkj9AgylT5QCReo=
|
||||
github.com/grafana/authlib/claims v0.0.0-20240809101159-74eaccc31a06/go.mod h1:r+F8H6awwjNQt/KPZ2GNwjk8TvsJ7/gxzkXN26GlL/A=
|
||||
github.com/grafana/authlib v0.0.0-20240814074258-eae7d47f01db h1:z++X4DdoX+aNlZNT1ZY4cykiFay4+f077pa0AG48SGg=
|
||||
github.com/grafana/authlib v0.0.0-20240814074258-eae7d47f01db/go.mod h1:ptt910z9KFfpVSIbSbXvTRR7tS19mxD7EtmVbbJi/WE=
|
||||
github.com/grafana/authlib/claims v0.0.0-20240814072707-6cffd53bb828 h1:Hk6Oe0o1yIfdm2+2F3yHLjuaktukGVEOjju2txQXu8c=
|
||||
github.com/grafana/authlib/claims v0.0.0-20240814072707-6cffd53bb828/go.mod h1:r+F8H6awwjNQt/KPZ2GNwjk8TvsJ7/gxzkXN26GlL/A=
|
||||
github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
|
||||
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
|
||||
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
|
||||
|
||||
@ -38,19 +38,8 @@ func (i *IDClaimsWrapper) IdentityType() claims.IdentityType {
|
||||
return i.Source.GetIdentityType()
|
||||
}
|
||||
|
||||
// GetInternalID implements claims.IdentityClaims.
|
||||
func (i *IDClaimsWrapper) InternalID() int64 {
|
||||
v, _ := i.Source.GetInternalID()
|
||||
return v
|
||||
}
|
||||
|
||||
// GetOrgID implements claims.IdentityClaims.
|
||||
func (i *IDClaimsWrapper) OrgID() int64 {
|
||||
return i.Source.GetOrgID()
|
||||
}
|
||||
|
||||
// GetRawUID implements claims.IdentityClaims.
|
||||
func (i *IDClaimsWrapper) UID() string {
|
||||
func (i *IDClaimsWrapper) Identifier() string {
|
||||
return i.Source.GetRawIdentifier()
|
||||
}
|
||||
|
||||
|
||||
@ -4,7 +4,7 @@ go 1.22.4
|
||||
|
||||
require (
|
||||
github.com/google/go-cmp v0.6.0
|
||||
github.com/grafana/authlib/claims v0.0.0-20240809101159-74eaccc31a06
|
||||
github.com/grafana/authlib/claims v0.0.0-20240814072707-6cffd53bb828
|
||||
github.com/grafana/grafana/pkg/apimachinery v0.0.0-20240701135906-559738ce6ae1
|
||||
github.com/prometheus/client_golang v1.19.1
|
||||
github.com/stretchr/testify v1.9.0
|
||||
|
||||
@ -77,8 +77,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
|
||||
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
|
||||
github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
|
||||
github.com/grafana/authlib/claims v0.0.0-20240809101159-74eaccc31a06 h1:uD1LcKwvEAqzDsgVChBudPqo5BhPxkj9AgylT5QCReo=
|
||||
github.com/grafana/authlib/claims v0.0.0-20240809101159-74eaccc31a06/go.mod h1:r+F8H6awwjNQt/KPZ2GNwjk8TvsJ7/gxzkXN26GlL/A=
|
||||
github.com/grafana/authlib/claims v0.0.0-20240814072707-6cffd53bb828 h1:Hk6Oe0o1yIfdm2+2F3yHLjuaktukGVEOjju2txQXu8c=
|
||||
github.com/grafana/authlib/claims v0.0.0-20240814072707-6cffd53bb828/go.mod h1:r+F8H6awwjNQt/KPZ2GNwjk8TvsJ7/gxzkXN26GlL/A=
|
||||
github.com/grafana/grafana/pkg/apimachinery v0.0.0-20240701135906-559738ce6ae1 h1:ItDcDxUjVLPKja+hogpqgW/kj8LxUL2qscelXIsN1Bs=
|
||||
github.com/grafana/grafana/pkg/apimachinery v0.0.0-20240701135906-559738ce6ae1/go.mod h1:DkxMin+qOh1Fgkxfbt+CUfBqqsCQJMG9op8Os/irBPA=
|
||||
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDaL56wXCB/5+wF6uHfaI=
|
||||
|
||||
@ -96,7 +96,9 @@ func (s *Service) SignIdentity(ctx context.Context, id identity.Requester) (stri
|
||||
IssuedAt: jwt.NewNumericDate(now),
|
||||
},
|
||||
Rest: authnlib.IDTokenClaims{
|
||||
Namespace: s.nsMapper(id.GetOrgID()),
|
||||
Namespace: s.nsMapper(id.GetOrgID()),
|
||||
Identifier: id.GetRawIdentifier(),
|
||||
Type: id.GetIdentityType(),
|
||||
},
|
||||
}
|
||||
|
||||
@ -105,7 +107,6 @@ func (s *Service) SignIdentity(ctx context.Context, id identity.Requester) (stri
|
||||
claims.Rest.EmailVerified = id.IsEmailVerified()
|
||||
claims.Rest.AuthenticatedBy = id.GetAuthenticatedBy()
|
||||
claims.Rest.Username = id.GetLogin()
|
||||
claims.Rest.UID = id.GetUID()
|
||||
claims.Rest.DisplayName = id.GetDisplayName()
|
||||
}
|
||||
|
||||
|
||||
@ -93,11 +93,12 @@ func TestService_SignIdentity(t *testing.T) {
|
||||
parsed, err := jwt.ParseSigned(token)
|
||||
require.NoError(t, err)
|
||||
|
||||
claims := &auth.IDClaims{}
|
||||
require.NoError(t, parsed.UnsafeClaimsWithoutVerification(&claims.Claims, &claims.Rest))
|
||||
assert.Equal(t, login.AzureADAuthModule, claims.Rest.AuthenticatedBy)
|
||||
assert.Equal(t, "U1", claims.Rest.Username)
|
||||
assert.Equal(t, "user:edpu3nnt61se8e", claims.Rest.UID)
|
||||
gotClaims := &auth.IDClaims{}
|
||||
require.NoError(t, parsed.UnsafeClaimsWithoutVerification(&gotClaims.Claims, &gotClaims.Rest))
|
||||
assert.Equal(t, login.AzureADAuthModule, gotClaims.Rest.AuthenticatedBy)
|
||||
assert.Equal(t, "U1", gotClaims.Rest.Username)
|
||||
assert.Equal(t, claims.TypeUser, gotClaims.Rest.Type)
|
||||
assert.Equal(t, "edpu3nnt61se8e", gotClaims.Rest.Identifier)
|
||||
})
|
||||
|
||||
t.Run("should sign identity with authenticated by if user is externally authenticated", func(t *testing.T) {
|
||||
@ -117,6 +118,7 @@ func TestService_SignIdentity(t *testing.T) {
|
||||
|
||||
assert.Equal(t, login.AzureADAuthModule, gotClaims.Rest.AuthenticatedBy)
|
||||
assert.Equal(t, "U1", gotClaims.Rest.Username)
|
||||
assert.Equal(t, "user:edpu3nnt61se8e", gotClaims.Rest.UID)
|
||||
assert.Equal(t, claims.TypeUser, gotClaims.Rest.Type)
|
||||
assert.Equal(t, "edpu3nnt61se8e", gotClaims.Rest.Identifier)
|
||||
})
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user