Auth: Add skip_org_role_sync setting for GrafanaCom (#60553)

* add frontend settings and setting for grafanacom * removed println * add skip-org-role-sync on login * add deprecation notice for this field * remove println * remove newline * change and renamed variables * fix for reconfiguring the settings for grafanacom * add documentationf or grafanacom setup * WIP tests * added tests * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * updated steps * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * doc: updated the docs to reflect what happens to grafana.com users * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * add blankline * rephrase of doc improvements for explaing of the settings * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * add frontend setting for grafanacom. * WIP tests * refactor docs * frontend to adhere to skipping org role sync for GrafanaCom users * update docs to reflect desired behavior * tests: added test for skip and nonskip * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Jo <joao.guerreiro@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2025-02-25 18:55:37 -06:00 · 2023-01-12 16:44:08 +01:00
parent e7b8b82c14
commit 91322bebb5
12 changed files with 278 additions and 16 deletions
--- a/public/app/features/admin/UserAdminPage.tsx
+++ b/public/app/features/admin/UserAdminPage.tsx
@@ -113,13 +113,25 @@ export class UserAdminPage extends PureComponent<Props> {
    const isSAMLUser = user?.isExternal && user?.authLabels?.includes('SAML');
    const isGoogleUser = user?.isExternal && user?.authLabels?.includes('Google');
    const isAuthProxyUser = user?.isExternal && user?.authLabels?.includes('Auth Proxy');
+    const isGrafanaComUser = user?.isExternal && user?.authLabels?.includes('grafana.com');
+    // isGrafanaComUser true
+    // isOAuthUserWithSkippableSync true
    const isUserSynced =
      !config.auth.DisableSyncLock &&
      ((user?.isExternal &&
-        !(isAuthProxyUser || isGoogleUser || isOAuthUserWithSkippableSync || isSAMLUser || isLDAPUser)) ||
+        !(
+          isAuthProxyUser ||
+          isGoogleUser ||
+          isOAuthUserWithSkippableSync ||
+          isSAMLUser ||
+          isLDAPUser ||
+          isGrafanaComUser
+        )) ||
        (!config.auth.OAuthSkipOrgRoleUpdateSync && isOAuthUserWithSkippableSync) ||
        (!config.auth.SAMLSkipOrgRoleSync && isSAMLUser) ||
-        (!config.auth.LDAPSkipOrgRoleSync && isLDAPUser));
+        (!config.auth.LDAPSkipOrgRoleSync && isLDAPUser) ||
+        // both OAuthSkipOrgRoleUpdateSync and GrafanaComSkipOrgRoleSync needs to be false for a GrafanaComUser to be synced
+        (!config.auth.OAuthSkipOrgRoleUpdateSync && !config.auth.GrafanaComSkipOrgRoleSync && isGrafanaComUser));

    const pageNav: NavModelItem = {
      text: user?.login ?? '',