Auth: Add Generic oauth skip org role sync setting (#62418)

* add: generic oauth skip org role sync * add: docs * add: backend login skip sync * fix: docs typo * add: tests * remove public key * fix markdown for generic oauth * add: generic oauth to the configuration * refactor: change debug to warn
2025-02-25 18:55:37 -06:00 · 2023-02-01 16:27:53 +00:00
parent 6b6b733229
commit 8ff19bd901
12 changed files with 107 additions and 40 deletions
--- a/public/app/features/admin/UserAdminPage.tsx
+++ b/public/app/features/admin/UserAdminPage.tsx
@@ -39,8 +39,6 @@ interface OwnProps extends GrafanaRouteComponentProps<{ id: string }> {
  error?: UserAdminError;
 }

-const SyncedOAuthLabels: string[] = ['OAuth'];
-
 export class UserAdminPage extends PureComponent<Props> {
  async componentDidMount() {
    const { match, loadAdminUserPage } = this.props;
@@ -109,8 +107,6 @@ export class UserAdminPage extends PureComponent<Props> {
    const isJWTUser = user?.authLabels?.includes('JWT');
    const canReadSessions = contextSrv.hasPermission(AccessControlAction.UsersAuthTokenList);
    const canReadLDAPStatus = contextSrv.hasPermission(AccessControlAction.LDAPStatusRead);
-    const isOAuthUserWithSkippableSync =
-      user?.isExternal && user?.authLabels?.some((r) => SyncedOAuthLabels.includes(r));
    const isSAMLUser = user?.isExternal && user?.authLabels?.includes('SAML');
    const isGoogleUser = user?.isExternal && user?.authLabels?.includes('Google');
    const isGithubUser = user?.isExternal && user?.authLabels?.includes('GitHub');
@@ -119,6 +115,7 @@ export class UserAdminPage extends PureComponent<Props> {
    const isAzureADUser = user?.isExternal && user?.authLabels?.includes('AzureAD');
    const isOktaUser = user?.isExternal && user?.authLabels?.includes('Okta');
    const isGrafanaComUser = user?.isExternal && user?.authLabels?.includes('grafana.com');
+    const isGenericOAuthUser = user?.isExternal && user?.authLabels?.includes('Generic OAuth');
    const isUserSynced =
      !config.auth.DisableSyncLock &&
      ((user?.isExternal &&
@@ -126,7 +123,7 @@ export class UserAdminPage extends PureComponent<Props> {
          isAuthProxyUser ||
          isGoogleUser ||
          isGitLabUser ||
-          isOAuthUserWithSkippableSync ||
+          isGenericOAuthUser ||
          isSAMLUser ||
          isOktaUser ||
          isLDAPUser ||
@@ -135,7 +132,6 @@ export class UserAdminPage extends PureComponent<Props> {
          isJWTUser ||
          isGrafanaComUser
        )) ||
-        (!config.auth.OAuthSkipOrgRoleUpdateSync && isOAuthUserWithSkippableSync) ||
        (!config.auth.SAMLSkipOrgRoleSync && isSAMLUser) ||
        (!config.auth.LDAPSkipOrgRoleSync && isLDAPUser) ||
        (!config.auth.JWTAuthSkipOrgRoleSync && isJWTUser) ||
@@ -145,6 +141,7 @@ export class UserAdminPage extends PureComponent<Props> {
        (!config.auth.OAuthSkipOrgRoleUpdateSync && !config.auth.GithubSkipOrgRoleSync && isGithubUser) ||
        (!config.auth.OAuthSkipOrgRoleUpdateSync && !config.auth.AzureADSkipOrgRoleSync && isAzureADUser) ||
        (!config.auth.OAuthSkipOrgRoleUpdateSync && !config.auth.GitLabSkipOrgRoleSync && isGitLabUser) ||
+        (!config.auth.OAuthSkipOrgRoleUpdateSync && !config.auth.GenericOAuthSkipOrgRoleSync && isGenericOAuthUser) ||
        (!config.auth.OAuthSkipOrgRoleUpdateSync && !config.auth.GoogleSkipOrgRoleSync && isGoogleUser));

    const pageNav: NavModelItem = {
--- a/public/app/features/admin/UserListAdminPage.tsx
+++ b/public/app/features/admin/UserListAdminPage.tsx
@@ -150,7 +150,7 @@ const UserListAdminPageUnConnected = ({
                      <Icon name="question-circle" />
                    </Tooltip>
                  </th>
-                  <th style={{ width: '1%' }}></th>
+                  <th style={{ width: '1%' }}>Synced from</th>
                </tr>
              </thead>
              <tbody>