Documentation ¶
Index ¶
- Constants
- Variables
- func GetAuthProviderLabel(authModule string) string
- func IsExternallySynced(cfg *setting.Cfg, authModule string) bool
- func IsProviderEnabled(cfg *setting.Cfg, authModule string) bool
- type AuthInfoService
- type DeleteAuthInfoCommand
- type ExternalUserInfo
- type GetAuthInfoQuery
- type GetExternalUserInfoByLoginQuery
- type GetUserByAuthInfoQuery
- type GetUserLabelsQuery
- type LoginInfo
- type LoginStats
- type LoginUserQuery
- type RequestURIKey
- type Service
- type SetAuthInfoCommand
- type Store
- type TeamSyncFunc
- type UpdateAuthInfoCommand
- type UpsertUserCommand
- type UserAuth
- type UserLookupParams
- type UserProtectionService
Constants ¶
View Source
const ( // modules PasswordAuthModule = "password" APIKeyAuthModule = "apikey" SAMLAuthModule = "auth.saml" LDAPAuthModule = "ldap" AuthProxyAuthModule = "authproxy" JWTModule = "jwt" ExtendedJWTModule = "extendedjwt" RenderModule = "render" // OAuth provider modules AzureADAuthModule = "oauth_azuread" GoogleAuthModule = "oauth_google" GitLabAuthModule = "oauth_gitlab" GithubAuthModule = "oauth_github" GenericOAuthModule = "oauth_generic_oauth" GrafanaComAuthModule = "oauth_grafana_com" GrafanaNetAuthModule = "oauth_grafananet" OktaAuthModule = "oauth_okta" // labels SAMLLabel = "SAML" LDAPLabel = "LDAP" JWTLabel = "JWT" // OAuth provider labels AuthProxyLabel = "Auth Proxy" AzureADLabel = "AzureAD" GoogleLabel = "Google" GenericOAuthLabel = "Generic OAuth" GitLabLabel = "GitLab" GithubLabel = "GitHub" GrafanaComLabel = "grafana.com" OktaLabel = "Okta" )
View Source
const ( ExporterName = "grafana" MetricsCollectionInterval = time.Hour * 4 // every 4 hours, indication of duplicate users )
Variables ¶
View Source
var ( ErrInvalidCredentials = errors.New("invalid username or password") ErrUsersQuotaReached = errors.New("users quota reached") ErrGettingUserQuota = errors.New("error getting user quota") ErrSignupNotAllowed = errors.New("system administrator has disabled signup") )
View Source
var ( // MStatDuplicateUserEntries is a indication metric gauge for number of users with duplicate emails or logins MStatDuplicateUserEntries prometheus.Gauge // MStatHasDuplicateEntries is a metric for if there is duplicate users MStatHasDuplicateEntries prometheus.Gauge // MStatMixedCasedUsers is a metric for if there is duplicate users MStatMixedCasedUsers prometheus.Gauge Once sync.Once Initialised bool = false )
Functions ¶
func GetAuthProviderLabel ¶
used for frontend to display a more user friendly label
func IsExternallySynced ¶
IsExternnalySynced is used to tell if the user roles are externally synced true means that the org role sync is handled by Grafana Note: currently the users authinfo is overridden each time the user logs in https://github.com/grafana/grafana/blob/4181acec72f76df7ad02badce13769bae4a1f840/pkg/services/login/authinfoservice/database/database.go#L61 this means that if the user has multiple auth providers and one of them is set to sync org roles then IsExternallySynced will be true for this one provider and false for the others
Types ¶
type AuthInfoService ¶
type AuthInfoService interface { LookupAndUpdate(ctx context.Context, query *GetUserByAuthInfoQuery) (*user.User, error) GetAuthInfo(ctx context.Context, query *GetAuthInfoQuery) (*UserAuth, error) GetUserLabels(ctx context.Context, query GetUserLabelsQuery) (map[int64]string, error) GetExternalUserInfoByLogin(ctx context.Context, query *GetExternalUserInfoByLoginQuery) (*ExternalUserInfo, error) SetAuthInfo(ctx context.Context, cmd *SetAuthInfoCommand) error UpdateAuthInfo(ctx context.Context, cmd *UpdateAuthInfoCommand) error DeleteUserAuthInfo(ctx context.Context, userID int64) error }
type DeleteAuthInfoCommand ¶
type DeleteAuthInfoCommand struct {
UserAuth *UserAuth
}
type ExternalUserInfo ¶
type ExternalUserInfo struct { OAuthToken *oauth2.Token AuthModule string AuthId string UserId int64 Email string Login string Name string Groups []string OrgRoles map[int64]org.RoleType IsGrafanaAdmin *bool // This is a pointer to know if we should sync this or not (nil = ignore sync) IsDisabled bool SkipTeamSync bool }
func (*ExternalUserInfo) String ¶
func (e *ExternalUserInfo) String() string
type GetAuthInfoQuery ¶
type GetExternalUserInfoByLoginQuery ¶
type GetExternalUserInfoByLoginQuery struct {
LoginOrEmail string
}
type GetUserByAuthInfoQuery ¶
type GetUserByAuthInfoQuery struct { AuthModule string AuthId string UserLookupParams }
type GetUserLabelsQuery ¶
type GetUserLabelsQuery struct {
UserIDs []int64
}
type LoginStats ¶
type LoginUserQuery ¶
type LoginUserQuery struct { ReqContext *contextmodel.ReqContext Username string Password string User *user.User IpAddress string AuthModule string Cfg *setting.Cfg }
type RequestURIKey ¶
type RequestURIKey struct{}
RequestURIKey is used as key to save request URI in contexts (used for the Enterprise auditing feature)
type SetAuthInfoCommand ¶
type Store ¶
type Store interface { GetExternalUserInfoByLogin(ctx context.Context, query *GetExternalUserInfoByLoginQuery) (*ExternalUserInfo, error) GetAuthInfo(ctx context.Context, query *GetAuthInfoQuery) (*UserAuth, error) GetUserLabels(ctx context.Context, query GetUserLabelsQuery) (map[int64]string, error) SetAuthInfo(ctx context.Context, cmd *SetAuthInfoCommand) error UpdateAuthInfo(ctx context.Context, cmd *UpdateAuthInfoCommand) error UpdateAuthInfoDate(ctx context.Context, authInfo *UserAuth) error DeleteAuthInfo(ctx context.Context, cmd *DeleteAuthInfoCommand) error DeleteUserAuthInfo(ctx context.Context, userID int64) error GetUserById(ctx context.Context, id int64) (*user.User, error) GetUserByLogin(ctx context.Context, login string) (*user.User, error) GetUserByEmail(ctx context.Context, email string) (*user.User, error) CollectLoginStats(ctx context.Context) (map[string]interface{}, error) RunMetricsCollection(ctx context.Context) error GetLoginStats(ctx context.Context) (LoginStats, error) }
type TeamSyncFunc ¶
type TeamSyncFunc func(user *user.User, externalUser *ExternalUserInfo) error
type UpdateAuthInfoCommand ¶
type UpsertUserCommand ¶
type UpsertUserCommand struct { ReqContext *contextmodel.ReqContext ExternalUser *ExternalUserInfo UserLookupParams SignupAllowed bool }
type UserLookupParams ¶
Click to show internal directories.
Click to hide internal directories.