Documentation
¶
Index ¶
- Constants
- Variables
- func GetAuthProviderLabel(authModule string) string
- func IsExternallySynced(cfg *setting.Cfg, authModule string) bool
- func IsGrafanaAdminExternallySynced(cfg *setting.Cfg, authModule string, oAuthAndAllowAssignGrafanaAdmin bool) bool
- func IsProviderEnabled(cfg *setting.Cfg, authModule string) bool
- type AuthInfoService
- type DeleteAuthInfoCommand
- type ExternalUserInfo
- type GetAuthInfoQuery
- type GetExternalUserInfoByLoginQuery
- type GetUserByAuthInfoQuery
- type GetUserLabelsQuery
- type LoginInfo
- type LoginStats
- type LoginUserQuery
- type RequestURIKey
- type Service
- type SetAuthInfoCommand
- type Store
- type TeamSyncFunc
- type UpdateAuthInfoCommand
- type UpsertUserCommand
- type UserAuth
- type UserLookupParams
- type UserProtectionService
Constants ¶
View Source
const ( // modules PasswordAuthModule = "password" APIKeyAuthModule = "apikey" SAMLAuthModule = "auth.saml" LDAPAuthModule = "ldap" AuthProxyAuthModule = "authproxy" JWTModule = "jwt" ExtendedJWTModule = "extendedjwt" RenderModule = "render" // OAuth provider modules AzureADAuthModule = "oauth_azuread" GoogleAuthModule = "oauth_google" GitLabAuthModule = "oauth_gitlab" GithubAuthModule = "oauth_github" GenericOAuthModule = "oauth_generic_oauth" GrafanaComAuthModule = "oauth_grafana_com" GrafanaNetAuthModule = "oauth_grafananet" OktaAuthModule = "oauth_okta" // labels SAMLLabel = "SAML" LDAPLabel = "LDAP" JWTLabel = "JWT" // OAuth provider labels AuthProxyLabel = "Auth Proxy" AzureADLabel = "AzureAD" GoogleLabel = "Google" GenericOAuthLabel = "Generic OAuth" GitLabLabel = "GitLab" GithubLabel = "GitHub" GrafanaComLabel = "grafana.com" OktaLabel = "Okta" )
View Source
const ( ExporterName = "grafana" MetricsCollectionInterval = time.Hour * 4 // every 4 hours, indication of duplicate users )
Variables ¶
View Source
var ( ErrInvalidCredentials = errors.New("invalid username or password") ErrUsersQuotaReached = errors.New("users quota reached") ErrGettingUserQuota = errors.New("error getting user quota") ErrSignupNotAllowed = errors.New("system administrator has disabled signup") )
View Source
var ( // MStatDuplicateUserEntries is a indication metric gauge for number of users with duplicate emails or logins MStatDuplicateUserEntries prometheus.Gauge // MStatHasDuplicateEntries is a metric for if there is duplicate users MStatHasDuplicateEntries prometheus.Gauge // MStatMixedCasedUsers is a metric for if there is duplicate users MStatMixedCasedUsers prometheus.Gauge Once sync.Once Initialised bool = false )
Functions ¶
func GetAuthProviderLabel ¶
used for frontend to display a more user friendly label
func IsExternallySynced ¶
IsExternnalySynced is used to tell if the user roles are externally synced true means that the org role sync is handled by Grafana Note: currently the users authinfo is overridden each time the user logs in https://github.com/grafana/grafana/blob/4181acec72f76df7ad02badce13769bae4a1f840/pkg/services/login/authinfoservice/database/database.go#L61 this means that if the user has multiple auth providers and one of them is set to sync org roles then IsExternallySynced will be true for this one provider and false for the others
func IsGrafanaAdminExternallySynced ¶
func IsGrafanaAdminExternallySynced(cfg *setting.Cfg, authModule string, oAuthAndAllowAssignGrafanaAdmin bool) bool
IsGrafanaAdminExternallySynced returns true if Grafana server admin role is being managed by an external auth provider, and false otherwise. Grafana admin role sync is available for JWT, OAuth providers and LDAP. For JWT and OAuth providers there is an additional config option `allow_assign_grafana_admin` that has to be enabled for Grafana Admin role to be synced.
Types ¶
type AuthInfoService ¶
type AuthInfoService interface {
LookupAndUpdate(ctx context.Context, query *GetUserByAuthInfoQuery) (*user.User, error)
GetAuthInfo(ctx context.Context, query *GetAuthInfoQuery) (*UserAuth, error)
GetUserLabels(ctx context.Context, query GetUserLabelsQuery) (map[int64]string, error)
GetExternalUserInfoByLogin(ctx context.Context, query *GetExternalUserInfoByLoginQuery) (*ExternalUserInfo, error)
SetAuthInfo(ctx context.Context, cmd *SetAuthInfoCommand) error
UpdateAuthInfo(ctx context.Context, cmd *UpdateAuthInfoCommand) error
DeleteUserAuthInfo(ctx context.Context, userID int64) error
}
type DeleteAuthInfoCommand ¶
type DeleteAuthInfoCommand struct {
UserAuth *UserAuth
}
type ExternalUserInfo ¶
type ExternalUserInfo struct {
OAuthToken *oauth2.Token
AuthModule string
AuthId string
UserId int64
Email string
Login string
Name string
Groups []string
OrgRoles map[int64]org.RoleType
IsGrafanaAdmin *bool // This is a pointer to know if we should sync this or not (nil = ignore sync)
IsDisabled bool
SkipTeamSync bool
}
func (*ExternalUserInfo) String ¶
func (e *ExternalUserInfo) String() string
type GetAuthInfoQuery ¶
type GetExternalUserInfoByLoginQuery ¶
type GetExternalUserInfoByLoginQuery struct {
LoginOrEmail string
}
type GetUserByAuthInfoQuery ¶
type GetUserByAuthInfoQuery struct {
AuthModule string
AuthId string
UserLookupParams
}
type GetUserLabelsQuery ¶
type GetUserLabelsQuery struct {
UserIDs []int64
}
type LoginStats ¶
type LoginUserQuery ¶
type LoginUserQuery struct {
ReqContext *contextmodel.ReqContext
Username string
Password string
User *user.User
IpAddress string
AuthModule string
Cfg *setting.Cfg
}
type RequestURIKey ¶
type RequestURIKey struct{}
RequestURIKey is used as key to save request URI in contexts (used for the Enterprise auditing feature)
type SetAuthInfoCommand ¶
type Store ¶
type Store interface {
GetExternalUserInfoByLogin(ctx context.Context, query *GetExternalUserInfoByLoginQuery) (*ExternalUserInfo, error)
GetAuthInfo(ctx context.Context, query *GetAuthInfoQuery) (*UserAuth, error)
GetUserLabels(ctx context.Context, query GetUserLabelsQuery) (map[int64]string, error)
SetAuthInfo(ctx context.Context, cmd *SetAuthInfoCommand) error
UpdateAuthInfo(ctx context.Context, cmd *UpdateAuthInfoCommand) error
UpdateAuthInfoDate(ctx context.Context, authInfo *UserAuth) error
DeleteAuthInfo(ctx context.Context, cmd *DeleteAuthInfoCommand) error
DeleteUserAuthInfo(ctx context.Context, userID int64) error
GetUserById(ctx context.Context, id int64) (*user.User, error)
GetUserByLogin(ctx context.Context, login string) (*user.User, error)
GetUserByEmail(ctx context.Context, email string) (*user.User, error)
CollectLoginStats(ctx context.Context) (map[string]interface{}, error)
RunMetricsCollection(ctx context.Context) error
GetLoginStats(ctx context.Context) (LoginStats, error)
}
type TeamSyncFunc ¶
type TeamSyncFunc func(user *user.User, externalUser *ExternalUserInfo) error
type UpdateAuthInfoCommand ¶
type UpsertUserCommand ¶
type UpsertUserCommand struct {
ReqContext *contextmodel.ReqContext
ExternalUser *ExternalUserInfo
UserLookupParams
SignupAllowed bool
}
type UserLookupParams ¶
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.