grafana

Commit Graph

Author	SHA1	Message	Date
Serge Zaitsev	8187d8cb66	Chore: capitalise log message for auth packages (#74332 )	2 years ago
Jo	e4649e7099	Auth: Add azure warning for conflicting settings (#72289 ) * add conflicting option debug warning * add warning for Grafana Admin sync in auth config	2 years ago
Jo	0ffd359801	Auth: Enforce role sync except if skip org role sync is enabled (#70766 ) * enforce role sync except if skip org role sync is enabled * move errors to errors file and set codes * fix docs and defaults * remove legacy parameter * support fall through token-api in generic oauth * fix error handling for generic_oauth * Update pkg/login/social/generic_oauth.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/login/social/gitlab_oauth_test.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/login/social/gitlab_oauth_test.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>	2 years ago
Jo	fbfdd6ba32	Auth: Add support for custom signing keys in auth.azure_ad (#71365 ) * fallthrough JWKS validation and caching for Azure * remove unused field	2 years ago
Douglas Adams	3a245e4945	Auth: Fix US gov azure ad oauth URL parsing (#71254 ) Updates regex for tenant ID parsing to support .us domains in addition to .com domains for Azure AD. Fixes #71252	2 years ago
Jo	d6c468c1c2	Auth: Add empty role definition (#64694 ) * Allow setting role as None Co-authored-by: gamab <gabi.mabs@gmail.com> Seeking for places where role.None would be used Co-authored-by: Jguer <joao.guerreiro@grafana.com> Adding None role to the frontend Co-authored-by: Jguer <joao.guerreiro@grafana.com> unify org role declaration and remove from add permission fix backend test fix backend lint * remove role none from frontend * Simplify checks Co-authored-by: Kalle Persson <kalle.persson@grafana.com> * nits --------- Co-authored-by: Kalle Persson <kalle.persson@grafana.com>	2 years ago
Misi	0e3fbbf636	Auth: Add missing context parameter (#70565 ) Add missing parameter	2 years ago
Jo	4821175d40	Auth: Add auth.azure_ad security improvements (#912 ) * security improvements id_token * add audience validation * add allowOrganizations * add allowOrganizations tests and documentation * add log warn on no configuration * anonymize tenant id * Apply suggestions from code review Co-authored-by: Misi <mgyongyosi@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/azuread/index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update pkg/login/social/azuread_oauth_test.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update pkg/login/social/azuread_oauth_test.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * optimize key validation and add mising fields * fix missing key_id * lint * Update docs/sources/setup-grafana/configure-security/configure-authentication/azuread/index.md Co-authored-by: Misi <mgyongyosi@users.noreply.github.com> * lint docs --------- Co-authored-by: Misi <mgyongyosi@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>	2 years ago
Jo	914daef0fd	Auth: Add request context to UserInfo calls (#70007 ) * use context for UserInfo requests * set timeouts for oauth http client * Update pkg/login/social/common.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> --------- Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>	2 years ago
Jo	ccbf200c4a	SupportBundles: Add OAuth bundle collectors (#64810 ) * wip * add oauth support bundles * add specific configs for generic oauth and azureAD * add doc entry * optimize struct packing * Update pkg/login/social/azuread_oauth.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * nit update --------- Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>	2 years ago
Jo	45fde4235b	Deps: Replace go-jose v2 with go-jose v3 (#64228 ) replace go-jose v2 with go-jose v3	2 years ago
Serge Zaitsev	7dbd2cd139	Chore: Fix goimports grouping (#62426 ) fix goimports ordering	2 years ago
Eric Leijonmarck	c5e74ee607	Auth: Add skip_org_role_sync for AzureAD OAuth (#60322 ) * [WIP] Auth: add backend skipOrgRoleSync to AzureAD OAuth - add: skipOrgRoleSync - rename: skipOrgRoleSync to skipOrgRoleSyncBase (to make it clear that it is the base version of SocialBase) - add: tests for skipOrgRoleSync in AzureAD TODO: - [ ] frontend changes * add: docs * refactor: remove role from basicinfo * add: settings for grafanacom * add: settigns for frontend * add: logic for azureAD user skip org role * add: docs for skip_org_role_sync * refactor: docs a bit * add: tests for userinfo * refactor: to only extract if skiporgrolesync false * refactor: based on review comments * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>	2 years ago
Karl Persson	6e3cb2e3ed	Oauth: Remove unused function for oauth implementations (#58887 ) * Oauth: remove unused function * Oauth: remove unused Oauth types	3 years ago
Jo	eb84358aa7	Auth: Validate Azure ID token version on login is not v1 (#58088 )	3 years ago
Karl Persson	052d1426f9	Oauth: Display friendly error message when role_attribute_strict=true and no valid role found (#57818 ) * Oauth: change error type to a struct that unwraps into a social error * Oauth: Handle empty role in error and fix unwrap * Oauth: provide more informatio in error * Oauth: return InvalidBasicRoleError * Oauth: Fix tests * Login: Remove casing * Oath: Change to warning logs	3 years ago
Gabriel MABILLE	0f4d126109	AzureAD: Add option to force fetch the groups from the Graph API (#56916 ) * Add a new option to systematically fetch AzureAD groups from the Graph API	3 years ago
Gabriel MABILLE	80dfa788c6	Azure OAuth: Use TID from id_token by default (#56264 ) Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com>	3 years ago
Jo	00e7324bf6	Auth: Restore legacy behavior and add deprecation notice for empty org role in oauth (#55118 ) * Auth: Add deprecation notice for empty org role Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * fix recasts * fix azure tests missing logger * Adding test to gitlab oauth * Covering more cases * Cover more options * Add role attributestrict check fail * Adding one more edge case test * Using legacy for gitlab * Yet another edge case YAEC * Reverting github oauth to legacy Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Not using token Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Nit. * Adding warning in docs Co-authored-by: Jguer <joao.guerreiro@grafana.com> * add warning to generic oauth Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Be more precise Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Adding warning to github oauth Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Adding warning to gitlab oauth Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Adding warning to okta oauth Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Add docs about mapping to AzureAD Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Clarify oauth_skip_org_role_update_sync Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Nit. * Nit on Azure AD Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Reorder docs index Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Fix typo Co-authored-by: Jguer <joao.guerreiro@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com>	3 years ago
Jo	ef245874da	OAuth: Allow assigning Server Admin (#54780 ) * extract errors to errors file * implement oauth server admin assignment * add server admin tests * deduplicate autoAssignOrgRole * deduplicate strict setting * deduplicate strict setting * add support for generic oauth * add role attribute strict support for generic oauth * add support for github/gitlab * assignGrafanaAdmin option is here to stay * unify similar errors * add config option * add okta server admin mapping * remove never used Company attribute * unify generic oauth role extract with other methods * case insensitive role match as in azure * add ini settings * add server admin to devenv * remove duplicate fields * add documentation to oauth * fix titlecase test * implement doc feedback	3 years ago
idafurjes	6afad51761	Move SignedInUser to user service and RoleType and Roles to org (#53445 ) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2	3 years ago
Jo	ff1c294963	AzureAD: Don't copy claims around (#52950 )	3 years ago
Jguer	d2ab3556fa	OAuth: Restore debug log behavior (#51244 )	3 years ago
Kat Yang	31630edf0c	Chore: Remove Wrapf (#50128 ) * Chore: Remove Wrapf * Remove all Wrapf refs * Remove last Wrapf ref * Fix lint errors * Remove Wrap and Wrapf definitions * Remove unnecessary colon	3 years ago
Gabriel MABILLE	3049534c40	Azure OAuth: silent fail on getting groups (#49909 )	3 years ago
Karl Persson	624f8ef40d	AzureAD: Fallback to no groups if user does not have permission to query groups from azure (#49506 ) * If GroupMemver.Read.All permissions is not configured return no groups * fix log	3 years ago
Kyle Schouviller	7b224adf9f	AzureAd Oauth: Fix strictMode to reject users without an assigned role (#48474 ) * AzureAd Oauth: Fix strictMode to reject users without an assigned role Signed-off-by: kyschouv <kyschouv@microsoft.com> * AzureAd OAuth: Add test for strictMode auth when no role claims are returned Signed-off-by: kyschouv <kyschouv@microsoft.com>	3 years ago
sivamu	6c468daabc	AzureAD OAuth: Add optional strict parsing of role_attribute_path for Azure AD (#42157 ) * AzureAD OAuth: Add optional strict parsing of role_attribute_path for Azure AD Fix casting issues modify unit tests Unit test fix Add proper test args * Return empty role when using strict attribute mode * Raise error on empty role * Fix UT for latest case	3 years ago
Karl Persson	0003bf7cc2	AzureAD OAuth: Add support for fetching user groups (#43470 ) * Add functionallity to extractGroups to handle groups-overage claims Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	3 years ago
Leonard Gram	09a96ad2ad	Azure OAuth: debug logs for user information (#36389 )	4 years ago
idafurjes	1f5a28ec63	Chore: Remove global setting var from azure ad oath (#35040 ) * Remove global setting var from azure ad oath * Remove more glob var from social * Use GrafanaComURL from cfg	4 years ago
idafurjes	48f6d6f7e6	Oauth: Assign role from GF_USERS_AUTO_ASSIGN_ORG_ROLE for Azure AD Oauth (#34838 ) * 30555:Assign correct role with environment variable GF_USERS_AUTO_ASSIGN_ORG_ROLE * 30555:Remove unused condition	4 years ago
Arve Knudsen	c2cad26ca9	Chore: Disable default golangci-lint filter (#29751 ) * Disable default golangci-lint filter Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: Fix linter warnings Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	4 years ago
Alexander Zobnin	7afdfd2ef4	Okta OAuth provider (team sync support) (#22972 ) * Okta OAuth support * Chore: fix linter error * Chore: move IsEmailAllowed to SocialBase * Chore: move IsSignupAllowed to SocialBase * Chore: review fixes * Okta: support allowed_groups * Okta: default config * Chore: move extractEmail() to OktaClaims struct * Chore: review fixes * generic_oauth_test: Handle error cases Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * generic_oauth_test: Handle error cases Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Docs: Okta OAuth * Chore: don't return expected errors from searchJSONForAttr * Docs: role mapping * Chore: review fixes (searchJSONForAttr) * Docs: review fixes * Update docs/sources/auth/okta.md Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com> * Update docs/sources/auth/okta.md Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com> * Chore: log error if searchJSONForAttr failed * Docs: add Okta login link * Docs: review fixes * Docs: add reference to the org roles Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Alexander Zobnin	f2fc7aa3aa	Azure OAuth: enable teamsync (#22160 ) * Azure OAuth: extract groups from token for teamsync * Docs: changed some headers * Azure OAuth: fix tests * Azure OAuth: fix linter error (simplify) * Azure OAuth: add allowed_groups option * Azure OAuth: docs for team sync and allowed_groups * Azure OAuth: tests for allowed_groups * Update docs/sources/auth/azuread.md Co-Authored-By: Leonard Gram <leo@xlson.com> Co-authored-by: Leonard Gram <leo@xlson.com>	5 years ago
twendt	ff6a082e23	Auth: Azure AD OAuth (#20030 ) * Implement Azure AD oauth * Use go-jose and cleanup * Update go-jose in go.mod * cleanup * Add unit tests * Fix scopes * Add documentation page * Improve documentation * Convert extract_role into function. * Do not use upn and replace unique_name with preferred_username * Configure login button * Use official microsoft icon and color from branding guideline. * Add Azure AD config section in sample.ini.	5 years ago

36 Commits (8187d8cb660b83629b9dc5c270754fadf43fe242)