apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Auth: Add a feature toggle to roll out SAML session improvements (#98750)

Browse Source 
Add separate feature toggle to roll out SAML-related external session improvements
pull/98753/head
Misi 6 months ago committed by GitHub
parent 4581a82ac4
commit c52ec21c75
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 63 additions and 35 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 61
      docs/sources/setup-grafana/configure-grafana/feature-toggles/index.md
  2. 1
      packages/grafana-data/src/types/featureToggles.gen.ts
  3. 8
      pkg/services/featuremgmt/registry.go
  4. 1
      pkg/services/featuremgmt/toggles_gen.csv
  5. 6
      pkg/services/featuremgmt/toggles_gen.go
  6. 21
      pkg/services/featuremgmt/toggles_gen.json

61
docs/sources/setup-grafana/configure-grafana/feature-toggles/index.md
Unescape View File

@ -92,36 +92,37 @@ Most [generally available](https://grafana.com/docs/release-life-cycle/#general-
[Public preview](https://grafana.com/docs/release-life-cycle/#public-preview) features are supported by our Support teams, but might be limited to enablement, configuration, and some troubleshooting.
| Feature toggle name | Description |
| --------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `panelTitleSearch` | Search for dashboards using panel title |
| `autoMigrateOldPanels` | Migrate old angular panels to supported versions (graph, table-old, worldmap, etc) |
| `autoMigrateGraphPanel` | Migrate old graph panel to supported time series panel - broken out from autoMigrateOldPanels to enable granular tracking |
| `autoMigrateTablePanel` | Migrate old table panel to supported table panel - broken out from autoMigrateOldPanels to enable granular tracking |
| `autoMigratePiechartPanel` | Migrate old piechart panel to supported piechart panel - broken out from autoMigrateOldPanels to enable granular tracking |
| `autoMigrateWorldmapPanel` | Migrate old worldmap panel to supported geomap panel - broken out from autoMigrateOldPanels to enable granular tracking |
| `autoMigrateStatPanel` | Migrate old stat panel to supported stat panel - broken out from autoMigrateOldPanels to enable granular tracking |
| `disableAngular` | Dynamic flag to disable angular at runtime. The preferred method is to set `angular_support_enabled` to `false` in the [security] settings, which allows you to change the state at runtime. |
| `grpcServer` | Run the GRPC server |
| `alertingNoNormalState` | Stop maintaining state of alerts that are not firing |
| `renderAuthJWT` | Uses JWT-based auth for rendering instead of relying on remote cache |
| `refactorVariablesTimeRange` | Refactor time range variables flow to reduce number of API calls made when query variables are chained |
| `faroDatasourceSelector` | Enable the data source selector within the Frontend Apps section of the Frontend Observability |
| `enableDatagridEditing` | Enables the edit functionality in the datagrid panel |
| `sqlDatasourceDatabaseSelection` | Enables previous SQL data source dataset dropdown behavior |
| `reportingRetries` | Enables rendering retries for the reporting feature |
| `externalServiceAccounts` | Automatic service account and token setup for plugins |
| `cloudWatchBatchQueries` | Runs CloudWatch metrics queries as separate batches |
| `teamHttpHeaders` | Enables LBAC for datasources to apply LogQL filtering of logs to the client requests for users in teams |
| `pdfTables` | Enables generating table data as PDF in reporting |
| `canvasPanelPanZoom` | Allow pan and zoom in canvas panel |
| `regressionTransformation` | Enables regression analysis transformation |
| `onPremToCloudMigrations` | Enable the Grafana Migration Assistant, which helps you easily migrate on-prem dashboards, folders, and data source configurations to your Grafana Cloud stack. |
| `ssoSettingsSAML` | Use the new SSO Settings API to configure the SAML connector |
| `azureMonitorPrometheusExemplars` | Allows configuration of Azure Monitor as a data source that can provide Prometheus exemplars |
| `ssoSettingsLDAP` | Use the new SSO Settings API to configure LDAP |
| `improvedExternalSessionHandling` | Enable improved support for OAuth and SAML external sessions in Grafana |
| `elasticsearchCrossClusterSearch` | Enables cross cluster search in the Elasticsearch datasource |
| Feature toggle name | Description |
| ------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `panelTitleSearch` | Search for dashboards using panel title |
| `autoMigrateOldPanels` | Migrate old angular panels to supported versions (graph, table-old, worldmap, etc) |
| `autoMigrateGraphPanel` | Migrate old graph panel to supported time series panel - broken out from autoMigrateOldPanels to enable granular tracking |
| `autoMigrateTablePanel` | Migrate old table panel to supported table panel - broken out from autoMigrateOldPanels to enable granular tracking |
| `autoMigratePiechartPanel` | Migrate old piechart panel to supported piechart panel - broken out from autoMigrateOldPanels to enable granular tracking |
| `autoMigrateWorldmapPanel` | Migrate old worldmap panel to supported geomap panel - broken out from autoMigrateOldPanels to enable granular tracking |
| `autoMigrateStatPanel` | Migrate old stat panel to supported stat panel - broken out from autoMigrateOldPanels to enable granular tracking |
| `disableAngular` | Dynamic flag to disable angular at runtime. The preferred method is to set `angular_support_enabled` to `false` in the [security] settings, which allows you to change the state at runtime. |
| `grpcServer` | Run the GRPC server |
| `alertingNoNormalState` | Stop maintaining state of alerts that are not firing |
| `renderAuthJWT` | Uses JWT-based auth for rendering instead of relying on remote cache |
| `refactorVariablesTimeRange` | Refactor time range variables flow to reduce number of API calls made when query variables are chained |
| `faroDatasourceSelector` | Enable the data source selector within the Frontend Apps section of the Frontend Observability |
| `enableDatagridEditing` | Enables the edit functionality in the datagrid panel |
| `sqlDatasourceDatabaseSelection` | Enables previous SQL data source dataset dropdown behavior |
| `reportingRetries` | Enables rendering retries for the reporting feature |
| `externalServiceAccounts` | Automatic service account and token setup for plugins |
| `cloudWatchBatchQueries` | Runs CloudWatch metrics queries as separate batches |
| `teamHttpHeaders` | Enables LBAC for datasources to apply LogQL filtering of logs to the client requests for users in teams |
| `pdfTables` | Enables generating table data as PDF in reporting |
| `canvasPanelPanZoom` | Allow pan and zoom in canvas panel |
| `regressionTransformation` | Enables regression analysis transformation |
| `onPremToCloudMigrations` | Enable the Grafana Migration Assistant, which helps you easily migrate on-prem dashboards, folders, and data source configurations to your Grafana Cloud stack. |
| `ssoSettingsSAML` | Use the new SSO Settings API to configure the SAML connector |
| `azureMonitorPrometheusExemplars` | Allows configuration of Azure Monitor as a data source that can provide Prometheus exemplars |
| `ssoSettingsLDAP` | Use the new SSO Settings API to configure LDAP |
| `improvedExternalSessionHandling` | Enables improved support for OAuth external sessions. After enabling this feature, users might need to re-authenticate themselves. |
| `elasticsearchCrossClusterSearch` | Enables cross cluster search in the Elasticsearch datasource |
| `improvedExternalSessionHandlingSAML` | Enables improved support for SAML external sessions. Ensure the NameID format is correctly configured in Grafana for SAML Single Logout to function properly. |
## Experimental feature toggles

1
packages/grafana-data/src/types/featureToggles.gen.ts
Unescape View File

@ -249,4 +249,5 @@ export interface FeatureToggles {
investigationsBackend?: boolean;
k8SFolderCounts?: boolean;
k8SFolderMove?: boolean;
improvedExternalSessionHandlingSAML?: boolean;
}

8
pkg/services/featuremgmt/registry.go
Unescape View File

@ -1489,7 +1489,7 @@ var (
},
{
Name: "improvedExternalSessionHandling",
Description: "Enable improved support for OAuth and SAML external sessions in Grafana",
Description: "Enables improved support for OAuth external sessions. After enabling this feature, users might need to re-authenticate themselves.",
Stage: FeatureStagePublicPreview,
Owner: identityAccessTeam,
},
@ -1723,6 +1723,12 @@ var (
Owner: grafanaSearchAndStorageSquad,
Expression: "false",
},
{
Name: "improvedExternalSessionHandlingSAML",
Description: "Enables improved support for SAML external sessions. Ensure the NameID format is correctly configured in Grafana for SAML Single Logout to function properly.",
Stage: FeatureStagePublicPreview,
Owner: identityAccessTeam,
},
}
)

1
pkg/services/featuremgmt/toggles_gen.csv
Unescape View File

@ -230,3 +230,4 @@ lokiLabelNamesQueryApi,GA,@grafana/observability-logs,false,false,false
investigationsBackend,experimental,@grafana/grafana-app-platform-squad,false,false,false
k8SFolderCounts,experimental,@grafana/search-and-storage,false,false,false
k8SFolderMove,experimental,@grafana/search-and-storage,false,false,false
improvedExternalSessionHandlingSAML,preview,@grafana/identity-access-team,false,false,false

1 Name Stage Owner requiresDevMode RequiresRestart FrontendOnly
230 investigationsBackend experimental @grafana/grafana-app-platform-squad false false false
231 k8SFolderCounts experimental @grafana/search-and-storage false false false
232 k8SFolderMove experimental @grafana/search-and-storage false false false
233 improvedExternalSessionHandlingSAML preview @grafana/identity-access-team false false false

6
pkg/services/featuremgmt/toggles_gen.go
Unescape View File

@ -796,7 +796,7 @@ const (
FlagAlertingQueryAndExpressionsStepMode = "alertingQueryAndExpressionsStepMode"
// FlagImprovedExternalSessionHandling
// Enable improved support for OAuth and SAML external sessions in Grafana
// Enables improved support for OAuth external sessions. After enabling this feature, users might need to re-authenticate themselves.
FlagImprovedExternalSessionHandling = "improvedExternalSessionHandling"
// FlagUseSessionStorageForRedirection
@ -930,4 +930,8 @@ const (
// FlagK8SFolderMove
// Enable folder's api server move
FlagK8SFolderMove = "k8SFolderMove"
// FlagImprovedExternalSessionHandlingSAML
// Enables improved support for SAML external sessions. Ensure the NameID format is correctly configured in Grafana for SAML Single Logout to function properly.
FlagImprovedExternalSessionHandlingSAML = "improvedExternalSessionHandlingSAML"
)

21
pkg/services/featuremgmt/toggles_gen.json
Unescape View File

@ -1803,14 +1803,29 @@
{
"metadata": {
"name": "improvedExternalSessionHandling",
"resourceVersion": "1736255708514",
"resourceVersion": "1736440595516",
"creationTimestamp": "2024-09-17T10:54:39Z",
"annotations": {
"grafana.app/updatedTimestamp": "2025-01-07 13:15:08.514525 +0000 UTC"
"grafana.app/updatedTimestamp": "2025-01-09 16:36:35.516462 +0000 UTC"
}
},
"spec": {
"description": "Enable improved support for OAuth and SAML external sessions in Grafana",
"description": "Enables improved support for OAuth external sessions. After enabling this feature, users might need to re-authenticate themselves.",
"stage": "preview",
"codeowner": "@grafana/identity-access-team"
}
},
{
"metadata": {
"name": "improvedExternalSessionHandlingSAML",
"resourceVersion": "1736440619329",
"creationTimestamp": "2025-01-09T16:33:07Z",
"annotations": {
"grafana.app/updatedTimestamp": "2025-01-09 16:36:59.329967 +0000 UTC"
}
},
"spec": {
"description": "Enables improved support for SAML external sessions. Ensure the NameID format is correctly configured in Grafana for SAML Single Logout to function properly.",
"stage": "preview",
"codeowner": "@grafana/identity-access-team"
}

Write Preview
Loading…
Cancel
Save