IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-11-25 10:20:29 -06:00
Code Issues Packages Projects Releases Wiki Activity
1ab8857e48
grafana/pkg/setting/setting_jwt.go
Jo 6f62d970e3
JWT Authentication: Add support for specifying groups in auth.jwt for teamsync (#82175) 
* merge JSON search logic

* document public methods

* improve test coverage

* use separate JWT setting struct

* correct use of cfg.JWTAuth

* add group tests

* fix DynMap typing

* add settings to default ini

* add groups option to devenv path

* fix test

* lint

* revert jwt-proxy change

* remove redundant check

* fix parallel test
2024-02-09 16:35:58 +01:00

49 lines
2.0 KiB
Go
Raw Blame History

package setting
import "time"
type AuthJWTSettings struct {
// JWT Auth
Enabled bool
HeaderName string
URLLogin bool
EmailClaim string
UsernameClaim string
ExpectClaims string
JWKSetURL string
CacheTTL time.Duration
KeyFile string
KeyID string
JWKSetFile string
AutoSignUp bool
RoleAttributePath string
RoleAttributeStrict bool
AllowAssignGrafanaAdmin bool
SkipOrgRoleSync bool
GroupsAttributePath string
}
func (cfg *Cfg) readAuthJWTSettings() {
jwtSettings := AuthJWTSettings{}
authJWT := cfg.Raw.Section("auth.jwt")
jwtSettings.Enabled = authJWT.Key("enabled").MustBool(false)
jwtSettings.HeaderName = valueAsString(authJWT, "header_name", "")
jwtSettings.URLLogin = authJWT.Key("url_login").MustBool(false)
jwtSettings.EmailClaim = valueAsString(authJWT, "email_claim", "")
jwtSettings.UsernameClaim = valueAsString(authJWT, "username_claim", "")
jwtSettings.ExpectClaims = valueAsString(authJWT, "expect_claims", "{}")
jwtSettings.JWKSetURL = valueAsString(authJWT, "jwk_set_url", "")
jwtSettings.CacheTTL = authJWT.Key("cache_ttl").MustDuration(time.Minute * 60)
jwtSettings.KeyFile = valueAsString(authJWT, "key_file", "")
jwtSettings.KeyID = authJWT.Key("key_id").MustString("")
jwtSettings.JWKSetFile = valueAsString(authJWT, "jwk_set_file", "")
jwtSettings.AutoSignUp = authJWT.Key("auto_sign_up").MustBool(false)
jwtSettings.RoleAttributePath = valueAsString(authJWT, "role_attribute_path", "")
jwtSettings.RoleAttributeStrict = authJWT.Key("role_attribute_strict").MustBool(false)
jwtSettings.AllowAssignGrafanaAdmin = authJWT.Key("allow_assign_grafana_admin").MustBool(false)
jwtSettings.SkipOrgRoleSync = authJWT.Key("skip_org_role_sync").MustBool(false)
jwtSettings.GroupsAttributePath = valueAsString(authJWT, "groups_attribute_path", "")
cfg.JWTAuth = jwtSettings
}
Reference in New Issue View Git Blame Copy Permalink