IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Auth: Add skip_org_role_sync for AzureAD OAuth (#60322)

Browse Source 
* [WIP] Auth: add backend skipOrgRoleSync to AzureAD OAuth

- add: skipOrgRoleSync
- rename: skipOrgRoleSync to skipOrgRoleSyncBase (to make it clear that
  it is the base version of SocialBase)
- add: tests for skipOrgRoleSync in AzureAD

TODO:
- [ ] frontend changes

* add: docs

* refactor: remove role from basicinfo

* add: settings for grafanacom

* add: settigns for frontend

* add: logic for azureAD user skip org role

* add: docs for skip_org_role_sync

* refactor: docs a bit

* add: tests for userinfo

* refactor: to only extract if skiporgrolesync false

* refactor: based on review comments

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
This commit is contained in:
Eric Leijonmarck
2023-01-16 13:16:01 +01:00
committed by GitHub
parent 7e505ea49c
commit c5e74ee607
10 changed files with 217 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
public/app/features/admin/UserAdminPage.tsx
View File

@@ -39,7 +39,7 @@ interface OwnProps extends GrafanaRouteComponentProps<{ id: string }> {
error?: UserAdminError;
}
const SyncedOAuthLabels: string[] = ['GitHub', 'GitLab', 'AzureAD', 'OAuth'];
const SyncedOAuthLabels: string[] = ['GitHub', 'GitLab', 'OAuth'];
export class UserAdminPage extends PureComponent<Props> {
async componentDidMount() {
@@ -113,9 +113,8 @@ export class UserAdminPage extends PureComponent<Props> {
const isSAMLUser = user?.isExternal && user?.authLabels?.includes('SAML');
const isGoogleUser = user?.isExternal && user?.authLabels?.includes('Google');
const isAuthProxyUser = user?.isExternal && user?.authLabels?.includes('Auth Proxy');
const isAzureADUser = user?.isExternal && user?.authLabels?.includes('AzureAD');
const isGrafanaComUser = user?.isExternal && user?.authLabels?.includes('grafana.com');
// isGrafanaComUser true
// isOAuthUserWithSkippableSync true
const isUserSynced =
!config.auth.DisableSyncLock &&
((user?.isExternal &&
@@ -125,13 +124,15 @@ export class UserAdminPage extends PureComponent<Props> {
isOAuthUserWithSkippableSync ||
isSAMLUser ||
isLDAPUser ||
isAzureADUser ||
isGrafanaComUser
)) ||
(!config.auth.OAuthSkipOrgRoleUpdateSync && isOAuthUserWithSkippableSync) ||
(!config.auth.SAMLSkipOrgRoleSync && isSAMLUser) ||
(!config.auth.LDAPSkipOrgRoleSync && isLDAPUser) ||
// both OAuthSkipOrgRoleUpdateSync and GrafanaComSkipOrgRoleSync needs to be false for a GrafanaComUser to be synced
(!config.auth.OAuthSkipOrgRoleUpdateSync && !config.auth.GrafanaComSkipOrgRoleSync && isGrafanaComUser));
// both OAuthSkipOrgRoleUpdateSync and specific provider settings needs to be false for a user to be synced
(!config.auth.OAuthSkipOrgRoleUpdateSync && !config.auth.GrafanaComSkipOrgRoleSync && isGrafanaComUser) ||
(!config.auth.OAuthSkipOrgRoleUpdateSync && !config.auth.AzureADSkipOrgRoleSync && isAzureADUser));
const pageNav: NavModelItem = {
text: user?.login ?? '',