-
Notifications
You must be signed in to change notification settings - Fork 11.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSO: Add GitHub auth configuration page #78933
Conversation
@@ -0,0 +1,117 @@ | |||
import { css } from '@emotion/css'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a copy of the component from Enterprise. It'd be removed from there and this version should be used instead.
/deploy-to-hg |
|
|
# Conflicts: # docs/sources/setup-grafana/configure-grafana/feature-toggles/index.md
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The UI for configuring the SSO settings for providers looks good, I only found a couple of small issues while testing locally:
- When clicking on a provider from the
/admin/authentication
page, the UI can load the provider data using the get provider endpoint (for github:/api/v1/sso-settings/github
) instead of list all providers endpoint (api/v1/sso-settings
) - In the provider form page (
admin/authentication/advanced/github
), if the user clicks on any field without modifying its value then the form becomes "dirty" and clicking onDiscard
will show the modal with the 2 options:Continue editing
andDiscard unsaved changes
. I think the form should become dirty only after a value has been modified. - After saving the changes from a provider config page (
admin/authentication/advanced/github
) the notificationSettings saved
appears but then the user cannot directly navigate to a different page because the modalLeave page? Changes that you made may not be saved.
with 2 options (leave page, discard changes) appears. This may happen because UI expects PUT api/v1/sso-settings/github to respond with 204 No Content instead of 200 OK (I modified this while testing locally). - When the user changes the config for a provider, The UI should send only the fields that the user can change. For example, for github those fields are: clientId, clientSecret, teamIds, allowedOrganizations. Now the UI also sends fields that cannot be modified by the user, for example: tlsClientCa, hostedDomain.
This was specifically requested, so that's why it works the way it is. |
Okay, lets keep the current behaviour for now and see later if we want to change it. |
I thought that part was not ready yet? When I try to submit a form for any provider I get
|
I've figured out how to fix this without a working API. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested and it works/looks great. Great work!
return async (dispatch) => { | ||
if (!config.featureToggles.ssoSettingsApi) { | ||
return []; | ||
} | ||
const result = await getBackendSrv().get('/api/v1/sso-settings'); | ||
dispatch(providersLoaded(result)); | ||
const result = await getBackendSrv().get(`/api/v1/sso-settings/${provider}`); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If provider
is empty and we want the list of all providers then the URL should not contain the ending /
. So for requesting the list of providers this should be used /api/v1/sso-settings
instead of /api/v1/sso-settings/
. If we include the /
at the end then the backend will interpret it as a single provider request with an empty provider name (and it will return an error).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch, I'll fix it.
What is this feature?
Enable configuring SSO for GitHub from the UI.
Which issue(s) does this PR fix?:
Part of https://github.com/grafana/identity-access-team/issues/500.
Special notes for your reviewer:
![Screenshot 2023-12-01 at 7 56 26](https://private-user-images.githubusercontent.com/8878045/287161377-b5255c19-3464-4308-b2bb-5f468f3560fa.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjIxODg4MjYsIm5iZiI6MTcyMjE4ODUyNiwicGF0aCI6Ii84ODc4MDQ1LzI4NzE2MTM3Ny1iNTI1NWMxOS0zNDY0LTQzMDgtYjJiYi01ZjQ2OGYzNTYwZmEucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyOCUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjhUMTc0MjA2WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9YzQ4MjYzOWJlYTUwOTkxZDE1Yjc0NzYyZjVjZTRlMTExZDA0MTJjZWY4NjcyNjFlYjU2NWRiMjNjOTUwMzA3OSZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.CmLqwat31dPkSnGz4ia7Gq8DX2EjpYBH7zzNAB53Ofw)
Please check that: