feat: Generic Oauth: support for team_ids, team_ids_attribute_path, t…

…eams_url (#770) * feat: add support for team_ids, team_ids_attribute_path, teams_url for generic oauth Signed-off-by: Igor Beliakov <demtis.register@gmail.com> * chore: update docs and crd manifests Signed-off-by: Igor Beliakov <demtis.register@gmail.com>
grafana · Jun 7, 2022 · 0564d0d · 0564d0d
1 parent 1a75ad9
commit 0564d0d
Show file tree

Hide file tree

Showing 6 changed files with 96 additions and 9 deletions.
diff --git a/api/integreatly/v1alpha1/grafana_types.go b/api/integreatly/v1alpha1/grafana_types.go
@@ -405,15 +405,18 @@ type GrafanaConfigAuthGenericOauth struct {
 	// +nullable
 	Enabled *bool `json:"enabled,omitempty" ini:"enabled"`
 	// +nullable
-	AllowSignUp       *bool  `json:"allow_sign_up,omitempty" ini:"allow_sign_up"`
-	ClientId          string `json:"client_id,omitempty" ini:"client_id,omitempty"`
-	ClientSecret      string `json:"client_secret,omitempty" ini:"client_secret,omitempty"`
-	Scopes            string `json:"scopes,omitempty" ini:"scopes,omitempty"`
-	AuthUrl           string `json:"auth_url,omitempty" ini:"auth_url,omitempty"`
-	TokenUrl          string `json:"token_url,omitempty" ini:"token_url,omitempty"`
-	ApiUrl            string `json:"api_url,omitempty" ini:"api_url,omitempty"`
-	AllowedDomains    string `json:"allowed_domains,omitempty" ini:"allowed_domains,omitempty"`
-	RoleAttributePath string `json:"role_attribute_path,omitempty" ini:"role_attribute_path,omitempty"`
+	AllowSignUp          *bool  `json:"allow_sign_up,omitempty" ini:"allow_sign_up"`
+	ClientId             string `json:"client_id,omitempty" ini:"client_id,omitempty"`
+	ClientSecret         string `json:"client_secret,omitempty" ini:"client_secret,omitempty"`
+	Scopes               string `json:"scopes,omitempty" ini:"scopes,omitempty"`
+	AuthUrl              string `json:"auth_url,omitempty" ini:"auth_url,omitempty"`
+	TokenUrl             string `json:"token_url,omitempty" ini:"token_url,omitempty"`
+	ApiUrl               string `json:"api_url,omitempty" ini:"api_url,omitempty"`
+	TeamsURL             string `json:"teams_url,omitempty" ini:"teams_url,omitempty"`
+	TeamIds              string `json:"team_ids,omitempty" ini:"team_ids,omitempty"`
+	TeamIdsAttributePath string `json:"team_ids_attribute_path,omitempty" ini:"team_ids_attribute_path,omitempty"`
+	AllowedDomains       string `json:"allowed_domains,omitempty" ini:"allowed_domains,omitempty"`
+	RoleAttributePath    string `json:"role_attribute_path,omitempty" ini:"role_attribute_path,omitempty"`
 	// +nullable
 	RoleAttributeStrict *bool  `json:"role_attribute_strict,omitempty" ini:"role_attribute_strict,omitempty"`
 	EmailAttributePath  string `json:"email_attribute_path,omitempty" ini:"email_attribute_path,omitempty"`

diff --git a/config/crd/bases/integreatly.org_grafanas.yaml b/config/crd/bases/integreatly.org_grafanas.yaml
@@ -184,6 +184,12 @@ spec:
                         type: boolean
                       scopes:
                         type: string
+                      team_ids:
+                        type: string
+                      team_ids_attribute_path:
+                        type: string
+                      teams_url:
+                        type: string
                       tls_client_ca:
                         type: string
                       tls_client_cert:

diff --git a/controllers/config/grafanaIni.go b/controllers/config/grafanaIni.go
@@ -509,6 +509,9 @@ func (i *GrafanaIni) cfgAuthGenericOauth(config map[string][]string) map[string]
 	items = appendStr(items, "auth_url", i.cfg.AuthGenericOauth.AuthUrl)
 	items = appendStr(items, "token_url", i.cfg.AuthGenericOauth.TokenUrl)
 	items = appendStr(items, "api_url", i.cfg.AuthGenericOauth.ApiUrl)
+	items = appendStr(items, "teams_url", i.cfg.AuthGenericOauth.TeamsURL)
+	items = appendStr(items, "team_ids", i.cfg.AuthGenericOauth.TeamIds)
+	items = appendStr(items, "team_ids_attribute_path", i.cfg.AuthGenericOauth.TeamIdsAttributePath)
 	items = appendStr(items, "allowed_domains", i.cfg.AuthGenericOauth.AllowedDomains)
 	items = appendStr(items, "role_attribute_path", i.cfg.AuthGenericOauth.RoleAttributePath)
 	items = appendBool(items, "role_attribute_strict", i.cfg.AuthGenericOauth.RoleAttributeStrict)

diff --git a/controllers/config/grafanaIni_test.go b/controllers/config/grafanaIni_test.go
@@ -34,6 +34,12 @@ var (
 	azureAdEnabled = true
 	allowSignUp    = false
 
+	// AuthGenericOauth
+	genericOauthEnabled               = true
+	genericOauthAllowSignUp           = true
+	genericOauthRoleAttributeStrict   = true
+	genericOauthTLSSkipVerifyInsecure = true
+
 	// GrafanaConfigUnifiedAlerting
 	enableGrafanaConfigUnifiedAlerting = true
 	executeAlerts                      = true
@@ -95,6 +101,27 @@ var testGrafanaConfig = v1alpha1.GrafanaConfig{
 		AllowedDomains: "azure.com",
 		AllowSignUp:    &allowSignUp,
 	},
+	AuthGenericOauth: &v1alpha1.GrafanaConfigAuthGenericOauth{
+		Enabled:               &genericOauthEnabled,
+		AllowSignUp:           &genericOauthAllowSignUp,
+		ClientId:              "ClientOauth",
+		ClientSecret:          "ClientSecretOauth",
+		Scopes:                "ScopesOauth",
+		AuthUrl:               "https://AuthURLOauth.com",
+		TokenUrl:              "https://TokenURLOauth.com",
+		ApiUrl:                "https://ApiURLOauth.com",
+		TeamsURL:              "https://TeamsURLOauth.com",
+		TeamIds:               "1,2",
+		TeamIdsAttributePath:  "team_ids[*]",
+		AllowedDomains:        "mycompanyOauth.com",
+		RoleAttributePath:     "roles[*]",
+		RoleAttributeStrict:   &genericOauthRoleAttributeStrict,
+		EmailAttributePath:    "email",
+		TLSSkipVerifyInsecure: &genericOauthTLSSkipVerifyInsecure,
+		TLSClientCert:         "/genericOauth/clientCert",
+		TLSClientKey:          "/genericOauth/clientKey",
+		TLSClientCa:           "/genericOauth/clientCa",
+	},
 	Live: &v1alpha1.GrafanaConfigLive{
 		MaxConnections: &maxConnections,
 		AllowedOrigins: "https://origin.com",
@@ -139,6 +166,27 @@ enabled = true
 scopes = Scopes
 token_url = https://TokenURL.com
 
+[auth.generic_oauth]
+allow_sign_up = true
+allowed_domains = mycompanyOauth.com
+api_url = https://ApiURLOauth.com
+auth_url = https://AuthURLOauth.com
+client_id = ClientOauth
+client_secret = ClientSecretOauth
+email_attribute_path = email
+enabled = true
+role_attribute_path = roles[*]
+role_attribute_strict = true
+scopes = ScopesOauth
+team_ids = 1,2
+team_ids_attribute_path = team_ids[*]
+teams_url = https://TeamsURLOauth.com
+tls_client_ca = /genericOauth/clientCa
+tls_client_cert = /genericOauth/clientCert
+tls_client_key = /genericOauth/clientKey
+tls_skip_verify_insecure = true
+token_url = https://TokenURLOauth.com
+
 [database]
 host = host
 name = name

diff --git a/deploy/manifests/latest/crds.yaml b/deploy/manifests/latest/crds.yaml
@@ -779,6 +779,12 @@ spec:
                         type: boolean
                       scopes:
                         type: string
+                      team_ids:
+                        type: string
+                      team_ids_attribute_path:
+                        type: string
+                      teams_url:
+                        type: string
                       tls_client_ca:
                         type: string
                       tls_client_cert:

diff --git a/documentation/api.md b/documentation/api.md
@@ -2721,6 +2721,27 @@ GrafanaConfig is the configuration for grafana
           <br/>
         </td>
         <td>false</td>
+      </tr><tr>
+        <td><b>team_ids</b></td>
+        <td>string</td>
+        <td>
+          <br/>
+        </td>
+        <td>false</td>
+      </tr><tr>
+        <td><b>team_ids_attribute_path</b></td>
+        <td>string</td>
+        <td>
+          <br/>
+        </td>
+        <td>false</td>
+      </tr><tr>
+        <td><b>teams_url</b></td>
+        <td>string</td>
+        <td>
+          <br/>
+        </td>
+        <td>false</td>
       </tr><tr>
         <td><b>tls_client_ca</b></td>
         <td>string</td>