New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SAML: Add option to skip org role sync #55230
SAML: Add option to skip org role sync #55230
Conversation
83fdbe7
to
dd5528a
Compare
Drone build failed: https://drone.grafana.net/grafana/grafana-enterprise/33574 |
dd5528a
to
bb35788
Compare
Drone build failed: https://drone.grafana.net/grafana/grafana-enterprise/33580 |
b1f1575
to
80d3d8e
Compare
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
Drone build failed: https://drone.grafana.net/grafana/grafana-enterprise/33623 |
Drone build failed: https://drone.grafana.net/grafana/grafana-enterprise/33626 |
Drone build failed: https://drone.grafana.net/grafana/grafana-enterprise/33633 |
Drone build failed: https://drone.grafana.net/grafana/grafana-enterprise/33634 |
…org_role_update_sync` is enabled (#55182) * Auth: Allow admins to change oauth user info it it's not synced. Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update public/app/features/admin/UserAdminPage.tsx Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Add missing import * Simplify init Co-authored-by: Josh Hunt <joshhunt@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * SAML: Add option to skip org role sync (#55230) * SAML: Add option to skip org role sync * Modify frontend accordingly * Remove update from config option name Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Remove update from config option name Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Fix typo Co-authored-by: Jguer <joao.guerreiro@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com> Co-authored-by: Josh Hunt <joshhunt@users.noreply.github.com>
Hi @gamab it seems the enterprise-test is broken with this PR. Would it be ok if you can check it. I've seen in my PR that this commit breaks it https://drone.grafana.net/grafana/grafana-enterprise/33692/2/7 but im not entirely sure. |
…org_role_update_sync` is enabled (#55182) * Auth: Allow admins to change oauth user info it it's not synced. Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update public/app/features/admin/UserAdminPage.tsx Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Add missing import * Simplify init Co-authored-by: Josh Hunt <joshhunt@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * SAML: Add option to skip org role sync (#55230) * SAML: Add option to skip org role sync * Modify frontend accordingly * Remove update from config option name Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Remove update from config option name Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Fix typo Co-authored-by: Jguer <joao.guerreiro@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com> Co-authored-by: Josh Hunt <joshhunt@users.noreply.github.com> (cherry picked from commit 3e2e9f9)
Hey @lpskdl, I don't think this is related. This PR has nothing to do with reports and the impacted file seem to be |
Hi @gamab @Clarity-89 , Apologies for the false alarm. It's weird because my changes are in the main grafana repository and not in the enterprise repo 🤔. |
No worries! In that case I think your branch was run against an older version of the Enterprise main (before the Enterprise main was fixed). Try updating your branch to the latest main and see if that helps. |
* OAuth: Allow assigning Server Admin (#54780) * extract errors to errors file * implement oauth server admin assignment * add server admin tests * deduplicate autoAssignOrgRole * deduplicate strict setting * deduplicate strict setting * add support for generic oauth * add role attribute strict support for generic oauth * add support for github/gitlab * assignGrafanaAdmin option is here to stay * unify similar errors * add config option * add okta server admin mapping * remove never used Company attribute * unify generic oauth role extract with other methods * case insensitive role match as in azure * add ini settings * add server admin to devenv * remove duplicate fields * add documentation to oauth * fix titlecase test * implement doc feedback (cherry picked from commit ef24587) * Auth: Restore legacy behavior and add deprecation notice for empty org role in oauth (#55118) * Auth: Add deprecation notice for empty org role Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * fix recasts * fix azure tests missing logger * Adding test to gitlab oauth * Covering more cases * Cover more options * Add role attributestrict check fail * Adding one more edge case test * Using legacy for gitlab * Yet another edge case YAEC * Reverting github oauth to legacy Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Not using token Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Nit. * Adding warning in docs Co-authored-by: Jguer <joao.guerreiro@grafana.com> * add warning to generic oauth Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Be more precise Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Adding warning to github oauth Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Adding warning to gitlab oauth Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Adding warning to okta oauth Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Add docs about mapping to AzureAD Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Clarify oauth_skip_org_role_update_sync Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Nit. * Nit on Azure AD Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Reorder docs index Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Fix typo Co-authored-by: Jguer <joao.guerreiro@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com> (cherry picked from commit 00e7324) * Auth: Allow admins to manually change oauth user role if `oauth_skip_org_role_update_sync` is enabled (#55182) * Auth: Allow admins to change oauth user info it it's not synced. Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update public/app/features/admin/UserAdminPage.tsx Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Add missing import * Simplify init Co-authored-by: Josh Hunt <joshhunt@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * SAML: Add option to skip org role sync (#55230) * SAML: Add option to skip org role sync * Modify frontend accordingly * Remove update from config option name Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Remove update from config option name Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Fix typo Co-authored-by: Jguer <joao.guerreiro@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com> Co-authored-by: Josh Hunt <joshhunt@users.noreply.github.com> (cherry picked from commit 3e2e9f9) * Update gitlab_oauth_test.go * Update gitlab_oauth_test.go
What this PR does / why we need it:
Adding an option for users that don't want user organizations and roles to be synchronized with the IdP. They can use the
skip_org_role_sync
configuration option.Example configuration:
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Enterprise part of this: https://github.com/grafana/grafana-enterprise/pull/3848