Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

samlsettings: add sso settings saml feature flag #84433

Merged
merged 8 commits into from Mar 14, 2024
Merged

samlsettings: add sso settings saml feature flag #84433

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
22808b8
add feature flag for ssosettings saml configuration
linoman Mar 14, 2024
1d1bd81
add generated files
linoman Mar 14, 2024
f40b114
use sso settings saml feature flag
linoman Mar 14, 2024
c9bc668
address pr comments
linoman Mar 14, 2024
ad92ae1
regenerate feature flag files
linoman Mar 14, 2024
615a8a1
remove interaction with service
linoman Mar 14, 2024
f2e2121
remove interaction with service
linoman Mar 14, 2024
56bb613
remove whitespace
linoman Mar 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions packages/grafana-data/src/types/featureToggles.gen.ts
View file
Open in desktop
Expand Up @@ -181,4 +181,5 @@ export interface FeatureToggles {
alertingUpgradeDryrunOnStart?: boolean;
scopeFilters?: boolean;
emailVerificationEnforcement?: boolean;
ssoSettingsSAML?: boolean;
}
8 changes: 8 additions & 0 deletions pkg/services/featuremgmt/registry.go
View file
Open in desktop
Expand Up @@ -1217,6 +1217,14 @@ var (
HideFromDocs: true,
HideFromAdminPage: true,
},
{
Name: "ssoSettingsSAML",
Description: "Enables the SSO settings API and the SAML configuration UIs in Grafana",
linoman marked this conversation as resolved.
Show resolved Hide resolved
linoman marked this conversation as resolved.
Show resolved Hide resolved
Stage: FeatureStageExperimental,
Owner: identityAccessTeam,
HideFromDocs: true,
HideFromAdminPage: true,
},
}
)

Expand Down
1 change: 1 addition & 0 deletions pkg/services/featuremgmt/toggles_gen.csv
View file
Open in desktop
Expand Up @@ -162,3 +162,4 @@ betterPageScrolling,GA,@grafana/grafana-frontend-platform,false,false,true
alertingUpgradeDryrunOnStart,GA,@grafana/alerting-squad,false,true,false
scopeFilters,experimental,@grafana/dashboards-squad,false,false,false
emailVerificationEnforcement,experimental,@grafana/identity-access-team,false,false,false
ssoSettingsSAML,experimental,@grafana/identity-access-team,false,false,false
4 changes: 4 additions & 0 deletions pkg/services/featuremgmt/toggles_gen.go
View file
Open in desktop
Expand Up @@ -658,4 +658,8 @@ const (
// FlagEmailVerificationEnforcement
// Force email verification for users, even when authenticating through sso.
FlagEmailVerificationEnforcement = "emailVerificationEnforcement"

// FlagSsoSettingsSAML
// Enables the SSO settings API and the SAML configuration UIs in Grafana
FlagSsoSettingsSAML = "ssoSettingsSAML"
)
14 changes: 14 additions & 0 deletions pkg/services/featuremgmt/toggles_gen.json
View file
Open in desktop
Expand Up @@ -2118,6 +2118,20 @@
"hideFromAdminPage": true,
"hideFromDocs": true
}
},
{
"metadata": {
"name": "ssoSettingsSAML",
"resourceVersion": "1710409277313",
"creationTimestamp": "2024-03-14T09:41:17Z"
},
"spec": {
"description": "Enables the SSO settings API and the SAML configuration UIs in Grafana",
"stage": "experimental",
"codeowner": "@grafana/identity-access-team",
"hideFromAdminPage": true,
"hideFromDocs": true
}
}
]
}
21 changes: 14 additions & 7 deletions pkg/services/ssosettings/ssosettingsimpl/service.go
View file
Open in desktop
Expand Up @@ -28,12 +28,13 @@ import (
var _ ssosettings.Service = (*Service)(nil)

type Service struct {
logger log.Logger
cfg *setting.Cfg
store ssosettings.Store
ac ac.AccessControl
secrets secrets.Service
metrics *metrics
logger log.Logger
cfg *setting.Cfg
store ssosettings.Store
ac ac.AccessControl
secrets secrets.Service
metrics *metrics
features featuremgmt.FeatureToggles

fbStrategies []ssosettings.FallbackStrategy
reloadables map[string]ssosettings.Reloadable
Expand All @@ -58,11 +59,12 @@ func ProvideService(cfg *setting.Cfg, sqlStore db.DB, ac ac.AccessControl,
secrets: secrets,
metrics: newMetrics(registerer),
reloadables: make(map[string]ssosettings.Reloadable),
features: features,
}

usageStats.RegisterMetricsFunc(svc.getUsageStats)

if features.IsEnabledGlobally(featuremgmt.FlagSsoSettingsApi) {
if svc.features.IsEnabledGlobally(featuremgmt.FlagSsoSettingsApi) {
ssoSettingsApi := api.ProvideApi(svc, routeRegister, ac)
ssoSettingsApi.RegisterAPIEndpoints()
}
Expand Down Expand Up @@ -414,6 +416,11 @@ func (s *Service) decryptSecrets(ctx context.Context, settings map[string]any) (

func (s *Service) isProviderConfigurable(provider string) bool {
_, ok := s.cfg.SSOSettingsConfigurableProviders[provider]

if provider == "saml" && !s.features.IsEnabledGlobally(featuremgmt.FlagSsoSettingsSAML) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

saml will not be added by default to the configurable_providers list, so I don't think we need this check here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

removed as discussed

return false
}

return ok
}

Expand Down