apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

SCIM: Backport 104613 to 12.0.1 (#105332)

Browse Source 
Backport 104613 to 12.0.1
pull/105337/head
linoman 2 months ago committed by GitHub
parent f792abc737
commit 2e6b7bf74a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 76 additions and 76 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 76
      pkg/services/ssosettings/strategies/saml_strategy.go
  2. 76
      pkg/services/ssosettings/strategies/saml_strategy_test.go

76
pkg/services/ssosettings/strategies/saml_strategy.go
Unescape View File

@ -32,44 +32,44 @@ func (s *SAMLStrategy) GetProviderConfig(_ context.Context, provider string) (ma
func (s *SAMLStrategy) loadSAMLSettings() map[string]any {
section := s.settingsProvider.Section("auth.saml")
result := map[string]any{
"allow_idp_initiated": section.KeyValue("allow_idp_initiated").MustBool(false),
"allow_sign_up": section.KeyValue("allow_sign_up").MustBool(false),
"allowed_organizations": section.KeyValue("allowed_organizations").MustString(""),
"assertion_attribute_email": section.KeyValue("assertion_attribute_email").MustString(""),
"assertion_attribute_groups": section.KeyValue("assertion_attribute_groups").MustString(""),
"assertion_attribute_login": section.KeyValue("assertion_attribute_login").MustString(""),
"assertion_attribute_name": section.KeyValue("assertion_attribute_name").MustString(""),
"assertion_attribute_org": section.KeyValue("assertion_attribute_org").MustString(""),
"assertion_attribute_role": section.KeyValue("assertion_attribute_role").MustString(""),
"auto_login": section.KeyValue("auto_login").MustBool(false),
"certificate": section.KeyValue("certificate").MustString(""),
"certificate_path": section.KeyValue("certificate_path").MustString(""),
"client_id": section.KeyValue("client_id").MustString(""),
"client_secret": section.KeyValue("client_secret").MustString(""),
"enabled": section.KeyValue("enabled").MustBool(false),
"entity_id": section.KeyValue("entity_id").MustString(""),
"external_uid_assertion_name": section.KeyValue("external_uid_assertion_name").MustString(""),
"force_use_graph_api": section.KeyValue("force_use_graph_api").MustBool(false),
"idp_metadata": section.KeyValue("idp_metadata").MustString(""),
"idp_metadata_path": section.KeyValue("idp_metadata_path").MustString(""),
"idp_metadata_url": section.KeyValue("idp_metadata_url").MustString(""),
"max_issue_delay": section.KeyValue("max_issue_delay").MustDuration(90 * time.Second),
"metadata_valid_duration": section.KeyValue("metadata_valid_duration").MustDuration(48 * time.Hour),
"name": section.KeyValue("name").MustString("SAML"),
"name_id_format": section.KeyValue("name_id_format").MustString(""),
"org_mapping": section.KeyValue("org_mapping").MustString(""),
"private_key": section.KeyValue("private_key").MustString(""),
"private_key_path": section.KeyValue("private_key_path").MustString(""),
"relay_state": section.KeyValue("relay_state").MustString(""),
"role_values_admin": section.KeyValue("role_values_admin").MustString(""),
"role_values_editor": section.KeyValue("role_values_editor").MustString(""),
"role_values_grafana_admin": section.KeyValue("role_values_grafana_admin").MustString(""),
"role_values_none": section.KeyValue("role_values_none").MustString(""),
"role_values_viewer": section.KeyValue("role_values_viewer").MustString(""),
"signature_algorithm": section.KeyValue("signature_algorithm").MustString(""),
"single_logout": section.KeyValue("single_logout").MustBool(false),
"skip_org_role_sync": section.KeyValue("skip_org_role_sync").MustBool(false),
"token_url": section.KeyValue("token_url").MustString(""),
"allow_idp_initiated": section.KeyValue("allow_idp_initiated").MustBool(false),
"allow_sign_up": section.KeyValue("allow_sign_up").MustBool(false),
"allowed_organizations": section.KeyValue("allowed_organizations").MustString(""),
"assertion_attribute_email": section.KeyValue("assertion_attribute_email").MustString(""),
"assertion_attribute_external_uid": section.KeyValue("assertion_attribute_external_uid").MustString(""),
"assertion_attribute_groups": section.KeyValue("assertion_attribute_groups").MustString(""),
"assertion_attribute_login": section.KeyValue("assertion_attribute_login").MustString(""),
"assertion_attribute_name": section.KeyValue("assertion_attribute_name").MustString(""),
"assertion_attribute_org": section.KeyValue("assertion_attribute_org").MustString(""),
"assertion_attribute_role": section.KeyValue("assertion_attribute_role").MustString(""),
"auto_login": section.KeyValue("auto_login").MustBool(false),
"certificate": section.KeyValue("certificate").MustString(""),
"certificate_path": section.KeyValue("certificate_path").MustString(""),
"client_id": section.KeyValue("client_id").MustString(""),
"client_secret": section.KeyValue("client_secret").MustString(""),
"enabled": section.KeyValue("enabled").MustBool(false),
"entity_id": section.KeyValue("entity_id").MustString(""),
"force_use_graph_api": section.KeyValue("force_use_graph_api").MustBool(false),
"idp_metadata": section.KeyValue("idp_metadata").MustString(""),
"idp_metadata_path": section.KeyValue("idp_metadata_path").MustString(""),
"idp_metadata_url": section.KeyValue("idp_metadata_url").MustString(""),
"max_issue_delay": section.KeyValue("max_issue_delay").MustDuration(90 * time.Second),
"metadata_valid_duration": section.KeyValue("metadata_valid_duration").MustDuration(48 * time.Hour),
"name": section.KeyValue("name").MustString("SAML"),
"name_id_format": section.KeyValue("name_id_format").MustString(""),
"org_mapping": section.KeyValue("org_mapping").MustString(""),
"private_key": section.KeyValue("private_key").MustString(""),
"private_key_path": section.KeyValue("private_key_path").MustString(""),
"relay_state": section.KeyValue("relay_state").MustString(""),
"role_values_admin": section.KeyValue("role_values_admin").MustString(""),
"role_values_editor": section.KeyValue("role_values_editor").MustString(""),
"role_values_grafana_admin": section.KeyValue("role_values_grafana_admin").MustString(""),
"role_values_none": section.KeyValue("role_values_none").MustString(""),
"role_values_viewer": section.KeyValue("role_values_viewer").MustString(""),
"signature_algorithm": section.KeyValue("signature_algorithm").MustString(""),
"single_logout": section.KeyValue("single_logout").MustBool(false),
"skip_org_role_sync": section.KeyValue("skip_org_role_sync").MustBool(false),
"token_url": section.KeyValue("token_url").MustString(""),
}
return result
}

76
pkg/services/ssosettings/strategies/saml_strategy_test.go
Unescape View File

@ -54,44 +54,44 @@ var (
`
expectedSAMLInfo = map[string]any{
"enabled": true,
"entity_id": "custom-entity-id",
"external_uid_assertion_name": "",
"single_logout": true,
"allow_sign_up": true,
"auto_login": true,
"name": "SAML Test",
"certificate": "devenv/docker/blocks/auth/saml-enterprise/cert.crt",
"certificate_path": "/path/to/cert",
"private_key": "dGhpcyBpcyBteSBwcml2YXRlIGtleSB0aGF0IEkgd2FudCB0byBnZXQgZW5jb2RlZCBpbiBiYXNlIDY0",
"private_key_path": "devenv/docker/blocks/auth/saml-enterprise/key.pem",
"signature_algorithm": "rsa-sha256",
"idp_metadata": "dGhpcyBpcyBteSBwcml2YXRlIGtleSB0aGF0IEkgd2FudCB0byBnZXQgZW5jb2RlZCBpbiBiYXNlIDY0",
"idp_metadata_path": "/path/to/metadata",
"idp_metadata_url": "http://localhost:8086/realms/grafana/protocol/saml/descriptor",
"max_issue_delay": 90 * time.Second,
"metadata_valid_duration": 48 * time.Hour,
"allow_idp_initiated": false,
"relay_state": "relay_state",
"assertion_attribute_name": "name",
"assertion_attribute_login": "login",
"assertion_attribute_email": "email",
"assertion_attribute_groups": "groups",
"assertion_attribute_role": "roles",
"assertion_attribute_org": "orgs",
"allowed_organizations": "org1 org2",
"org_mapping": "org1:1:editor, *:2:viewer",
"role_values_viewer": "viewer",
"role_values_editor": "editor",
"role_values_admin": "admin",
"role_values_grafana_admin": "serveradmin",
"name_id_format": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"skip_org_role_sync": false,
"role_values_none": "guest disabled",
"token_url": "http://localhost:8086/auth/realms/grafana/protocol/openid-connect/token",
"client_id": "grafana",
"client_secret": "grafana",
"force_use_graph_api": false,
"enabled": true,
"entity_id": "custom-entity-id",
"single_logout": true,
"allow_sign_up": true,
"auto_login": true,
"name": "SAML Test",
"certificate": "devenv/docker/blocks/auth/saml-enterprise/cert.crt",
"certificate_path": "/path/to/cert",
"private_key": "dGhpcyBpcyBteSBwcml2YXRlIGtleSB0aGF0IEkgd2FudCB0byBnZXQgZW5jb2RlZCBpbiBiYXNlIDY0",
"private_key_path": "devenv/docker/blocks/auth/saml-enterprise/key.pem",
"signature_algorithm": "rsa-sha256",
"idp_metadata": "dGhpcyBpcyBteSBwcml2YXRlIGtleSB0aGF0IEkgd2FudCB0byBnZXQgZW5jb2RlZCBpbiBiYXNlIDY0",
"idp_metadata_path": "/path/to/metadata",
"idp_metadata_url": "http://localhost:8086/realms/grafana/protocol/saml/descriptor",
"max_issue_delay": 90 * time.Second,
"metadata_valid_duration": 48 * time.Hour,
"allow_idp_initiated": false,
"relay_state": "relay_state",
"assertion_attribute_name": "name",
"assertion_attribute_login": "login",
"assertion_attribute_email": "email",
"assertion_attribute_external_uid": "",
"assertion_attribute_groups": "groups",
"assertion_attribute_role": "roles",
"assertion_attribute_org": "orgs",
"allowed_organizations": "org1 org2",
"org_mapping": "org1:1:editor, *:2:viewer",
"role_values_viewer": "viewer",
"role_values_editor": "editor",
"role_values_admin": "admin",
"role_values_grafana_admin": "serveradmin",
"name_id_format": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"skip_org_role_sync": false,
"role_values_none": "guest disabled",
"token_url": "http://localhost:8086/auth/realms/grafana/protocol/openid-connect/token",
"client_id": "grafana",
"client_secret": "grafana",
"force_use_graph_api": false,
}
)

Write Preview
Loading…
Cancel
Save