Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User identity authentication support #32

Merged
merged 4 commits into from
May 10, 2023
Merged

User identity authentication support #32

merged 4 commits into from
May 10, 2023

Conversation

kostrse
Copy link
Collaborator

@kostrse kostrse commented Apr 20, 2023
edited

This PR extends functionality of Azure token provider to support user identity authentication based on introduced earlier azcredentials.AadCurrentUserCredentials and user identity settings in azsettings.AzureSettings.

Original token_provider.go was refactored and token retrievers were moved into separated files retriever_msi.go, retriever_clientsecret.go. Implementation of aztokenprovider.AzureTokenProvider was split into two serviceTokenProvider and userTokenProvider, former is for user-agnostic service identities and the later is for user identities. They have different implementation of GetAccessToken func.

NewAzureAccessTokenProvider creates a new instance of serviceTokenProvider or userTokenProvider depending on type of credentials provided.

For user identity authentication to work:

Example of Azure configuration in datasource code (here):

authOpts := azhttpclient.NewAuthOptions(azureSettings)

// Allow user identity authentication for this datasource if it's configured in Grafana config
authOpts.AllowUserIdentity()

azhttpclient.AddAzureAuthentication(&clientOpts, authOpts, credentials)

httpClient, err := httpclient.NewProvider().New(clientOpts)

Fixes #6

@kostrse kostrse mentioned this pull request Apr 20, 2023
Closed
6 tasks
@aangelisc aangelisc mentioned this pull request May 2, 2023
Merged
aangelisc
aangelisc approved these changes May 10, 2023
View reviewed changes
Copy link
Contributor

@aangelisc aangelisc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work @kostrse, this looks good and I've built and tested this locally and everything seems to work as expected 😊

@kostrse kostrse merged commit 6112a9b into grafana:main May 10, 2023
@kostrse kostrse deleted the user-token-provider branch May 12, 2023 05:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aangelisc aangelisc aangelisc approved these changes

@asimpson asimpson Awaiting requested review from asimpson

@bossinc bossinc Awaiting requested review from bossinc

@alyssabull alyssabull Awaiting requested review from alyssabull

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for user identity authentication via custom token endpoint
2 participants
@kostrse @aangelisc