Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth: add the missing fields for all SSO providers #83813

Merged
merged 14 commits into from Mar 19, 2024
Merged

Auth: add the missing fields for all SSO providers #83813

Changes from 1 commit
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
c4e09b9
add the missing fields for sso providers
dmihai Mar 4, 2024
5d68d0b
Merge branch 'main' into dmihai/sso-config-pages
dmihai Mar 4, 2024
7c91a3e
remove fields array
dmihai Mar 4, 2024
c643ee5
add the validate_hd field for google
dmihai Mar 4, 2024
a7fa069
submit only fields defined on the provider
dmihai Mar 5, 2024
eb0e280
fix unit tests
dmihai Mar 5, 2024
cdcf35d
add unit tests for the new fields/sections from the form
dmihai Mar 6, 2024
063772f
Merge branch 'main' into dmihai/sso-config-pages
dmihai Mar 14, 2024
51fa914
add hosted_domain field for the google provider
dmihai Mar 14, 2024
60f2e5d
Merge remote-tracking branch 'origin/main' into dmihai/sso-config-pages
mgyongyosi Mar 18, 2024
9196315
reorder fields in user mapping
dmihai Mar 18, 2024
dfb97cb
Merge remote-tracking branch 'origin/dmihai/sso-config-pages' into dm…
dmihai Mar 18, 2024
4a90197
remove authStyle field from gitlab and okta
dmihai Mar 18, 2024
7f7c11c
Merge branch 'main' into dmihai/sso-config-pages
dmihai Mar 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
138 changes: 124 additions & 14 deletions public/app/features/auth-config/fields.tsx
View file
Open in desktop
Expand Up @@ -11,21 +11,7 @@ import { isUrlValid } from './utils/url';

/** Map providers to their settings */
export const fields: Record<SSOProvider['provider'], Array<keyof SSOProvider['settings']>> = {
github: ['name', 'clientId', 'clientSecret', 'teamIds', 'allowedOrganizations'],
google: ['name', 'clientId', 'clientSecret', 'allowedDomains'],
gitlab: ['name', 'clientId', 'clientSecret', 'allowedOrganizations', 'teamIds'],
azuread: ['name', 'clientId', 'clientSecret', 'authUrl', 'tokenUrl', 'scopes', 'allowedGroups', 'allowedDomains'],
okta: [
'name',
'clientId',
'clientSecret',
'authUrl',
'tokenUrl',
'apiUrl',
'roleAttributePath',
'allowedGroups',
'allowedDomains',
],
};

type Section = Record<
Expand Down Expand Up @@ -94,6 +80,130 @@ export const sectionFields: Section = {
],
},
],
google: [
{
name: 'General settings',
id: 'general',
fields: ['name', 'clientId', 'clientSecret', 'scopes', 'allowSignUp', 'autoLogin', 'signoutRedirectUrl'],
},
{
name: 'User mapping',
id: 'user',
fields: ['allowAssignGrafanaAdmin', 'roleAttributePath', 'roleAttributeStrict', 'skipOrgRoleSync'],
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please fix the order of these in each of the new configurations. The order should be (based on generic_oauth): 'roleAttributePath', 'roleAttributeStrict','allowAssignGrafanaAdmin','skipOrgRoleSync'.

Thanks!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed this for all providers.

},
{
name: 'Extra security measures',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please add the validate_hd setting? #83229

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added the new field validate_hd. Can you please check the description I added to it? https://github.com/grafana/grafana/blob/dmihai/sso-config-pages/public/app/features/auth-config/fields.tsx#L595-L600

id: 'extra',
fields: [
'allowedDomains',
'allowedGroups',
'usePkce',
'useRefreshToken',
'tlsSkipVerifyInsecure',
'tlsClientCert',
'tlsClientKey',
'tlsClientCa',
],
},
],
github: [
{
name: 'General settings',
id: 'general',
fields: ['name', 'clientId', 'clientSecret', 'scopes', 'allowSignUp', 'autoLogin', 'signoutRedirectUrl'],
},
{
name: 'User mapping',
id: 'user',
fields: ['allowAssignGrafanaAdmin', 'roleAttributePath', 'roleAttributeStrict', 'skipOrgRoleSync'],
},
{
name: 'Extra security measures',
id: 'extra',
fields: [
'allowedOrganizations',
'allowedDomains',
'teamIds',
'usePkce',
'useRefreshToken',
'tlsSkipVerifyInsecure',
'tlsClientCert',
'tlsClientKey',
'tlsClientCa',
],
},
],
gitlab: [
{
name: 'General settings',
id: 'general',
fields: [
'name',
'clientId',
'clientSecret',
'scopes',
'authStyle',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not needed.

'allowSignUp',
'autoLogin',
'signoutRedirectUrl',
],
},
{
name: 'User mapping',
id: 'user',
fields: ['allowAssignGrafanaAdmin', 'roleAttributePath', 'roleAttributeStrict', 'skipOrgRoleSync'],
},
{
name: 'Extra security measures',
id: 'extra',
fields: [
'allowedDomains',
'allowedGroups',
'usePkce',
'useRefreshToken',
'tlsSkipVerifyInsecure',
'tlsClientCert',
'tlsClientKey',
'tlsClientCa',
],
},
],
okta: [
{
name: 'General settings',
id: 'general',
fields: [
'name',
'clientId',
'clientSecret',
'scopes',
'authStyle',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not needed.

'authUrl',
'tokenUrl',
'apiUrl',
'signoutRedirectUrl',
],
},
{
name: 'User mapping',
id: 'user',
fields: ['allowAssignGrafanaAdmin', 'roleAttributePath', 'roleAttributeStrict', 'skipOrgRoleSync'],
},
{
name: 'Extra security measures',
id: 'extra',
fields: [
'allowedDomains',
'allowedGroups',
'usePkce',
'useRefreshToken',
'tlsSkipVerifyInsecure',
'tlsClientCert',
'tlsClientKey',
'tlsClientCa',
],
},
],
};

/**
Expand Down