public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auth: Add a feature toggle to roll out SAML session improvements (#98750)

Browse Source 
Add separate feature toggle to roll out SAML-related external session improvements
This commit is contained in:
Misi
2025-01-09 18:02:49 +01:00
committed by GitHub
parent 4581a82ac4
commit c52ec21c75
6 changed files with 63 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/sources/setup-grafana/configure-grafana/feature-toggles/index.md
+31 -30
View File
@@ -92,36 +92,37 @@ Most [generally available](https://grafana.com/docs/release-life-cycle/#general-
[Public preview](https://grafana.com/docs/release-life-cycle/#public-preview) features are supported by our Support teams, but might be limited to enablement, configuration, and some troubleshooting.
| Feature toggle name | Description |
| --------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `panelTitleSearch` | Search for dashboards using panel title |
| `autoMigrateOldPanels` | Migrate old angular panels to supported versions (graph, table-old, worldmap, etc) |
| `autoMigrateGraphPanel` | Migrate old graph panel to supported time series panel - broken out from autoMigrateOldPanels to enable granular tracking |
| `autoMigrateTablePanel` | Migrate old table panel to supported table panel - broken out from autoMigrateOldPanels to enable granular tracking |
| `autoMigratePiechartPanel` | Migrate old piechart panel to supported piechart panel - broken out from autoMigrateOldPanels to enable granular tracking |
| `autoMigrateWorldmapPanel` | Migrate old worldmap panel to supported geomap panel - broken out from autoMigrateOldPanels to enable granular tracking |
| `autoMigrateStatPanel` | Migrate old stat panel to supported stat panel - broken out from autoMigrateOldPanels to enable granular tracking |
| `disableAngular` | Dynamic flag to disable angular at runtime. The preferred method is to set `angular_support_enabled` to `false` in the [security] settings, which allows you to change the state at runtime. |
| `grpcServer` | Run the GRPC server |
| `alertingNoNormalState` | Stop maintaining state of alerts that are not firing |
| `renderAuthJWT` | Uses JWT-based auth for rendering instead of relying on remote cache |
| `refactorVariablesTimeRange` | Refactor time range variables flow to reduce number of API calls made when query variables are chained |
| `faroDatasourceSelector` | Enable the data source selector within the Frontend Apps section of the Frontend Observability |
| `enableDatagridEditing` | Enables the edit functionality in the datagrid panel |
| `sqlDatasourceDatabaseSelection` | Enables previous SQL data source dataset dropdown behavior |
| `reportingRetries` | Enables rendering retries for the reporting feature |
| `externalServiceAccounts` | Automatic service account and token setup for plugins |
| `cloudWatchBatchQueries` | Runs CloudWatch metrics queries as separate batches |
| `teamHttpHeaders` | Enables LBAC for datasources to apply LogQL filtering of logs to the client requests for users in teams |
| `pdfTables` | Enables generating table data as PDF in reporting |
| `canvasPanelPanZoom` | Allow pan and zoom in canvas panel |
| `regressionTransformation` | Enables regression analysis transformation |
| `onPremToCloudMigrations` | Enable the Grafana Migration Assistant, which helps you easily migrate on-prem dashboards, folders, and data source configurations to your Grafana Cloud stack. |
| `ssoSettingsSAML` | Use the new SSO Settings API to configure the SAML connector |
| `azureMonitorPrometheusExemplars` | Allows configuration of Azure Monitor as a data source that can provide Prometheus exemplars |
| `ssoSettingsLDAP` | Use the new SSO Settings API to configure LDAP |
| `improvedExternalSessionHandling` | Enable improved support for OAuth and SAML external sessions in Grafana |
| `elasticsearchCrossClusterSearch` | Enables cross cluster search in the Elasticsearch datasource |
| Feature toggle name | Description |
| ------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `panelTitleSearch` | Search for dashboards using panel title |
| `autoMigrateOldPanels` | Migrate old angular panels to supported versions (graph, table-old, worldmap, etc) |
| `autoMigrateGraphPanel` | Migrate old graph panel to supported time series panel - broken out from autoMigrateOldPanels to enable granular tracking |
| `autoMigrateTablePanel` | Migrate old table panel to supported table panel - broken out from autoMigrateOldPanels to enable granular tracking |
| `autoMigratePiechartPanel` | Migrate old piechart panel to supported piechart panel - broken out from autoMigrateOldPanels to enable granular tracking |
| `autoMigrateWorldmapPanel` | Migrate old worldmap panel to supported geomap panel - broken out from autoMigrateOldPanels to enable granular tracking |
| `autoMigrateStatPanel` | Migrate old stat panel to supported stat panel - broken out from autoMigrateOldPanels to enable granular tracking |
| `disableAngular` | Dynamic flag to disable angular at runtime. The preferred method is to set `angular_support_enabled` to `false` in the [security] settings, which allows you to change the state at runtime. |
| `grpcServer` | Run the GRPC server |
| `alertingNoNormalState` | Stop maintaining state of alerts that are not firing |
| `renderAuthJWT` | Uses JWT-based auth for rendering instead of relying on remote cache |
| `refactorVariablesTimeRange` | Refactor time range variables flow to reduce number of API calls made when query variables are chained |
| `faroDatasourceSelector` | Enable the data source selector within the Frontend Apps section of the Frontend Observability |
| `enableDatagridEditing` | Enables the edit functionality in the datagrid panel |
| `sqlDatasourceDatabaseSelection` | Enables previous SQL data source dataset dropdown behavior |
| `reportingRetries` | Enables rendering retries for the reporting feature |
| `externalServiceAccounts` | Automatic service account and token setup for plugins |
| `cloudWatchBatchQueries` | Runs CloudWatch metrics queries as separate batches |
| `teamHttpHeaders` | Enables LBAC for datasources to apply LogQL filtering of logs to the client requests for users in teams |
| `pdfTables` | Enables generating table data as PDF in reporting |
| `canvasPanelPanZoom` | Allow pan and zoom in canvas panel |
| `regressionTransformation` | Enables regression analysis transformation |
| `onPremToCloudMigrations` | Enable the Grafana Migration Assistant, which helps you easily migrate on-prem dashboards, folders, and data source configurations to your Grafana Cloud stack. |
| `ssoSettingsSAML` | Use the new SSO Settings API to configure the SAML connector |
| `azureMonitorPrometheusExemplars` | Allows configuration of Azure Monitor as a data source that can provide Prometheus exemplars |
| `ssoSettingsLDAP` | Use the new SSO Settings API to configure LDAP |
| `improvedExternalSessionHandling` | Enables improved support for OAuth external sessions. After enabling this feature, users might need to re-authenticate themselves. |
| `elasticsearchCrossClusterSearch` | Enables cross cluster search in the Elasticsearch datasource |
| `improvedExternalSessionHandlingSAML` | Enables improved support for SAML external sessions. Ensure the NameID format is correctly configured in Grafana for SAML Single Logout to function properly. |
## Experimental feature toggles
packages/grafana-data/src/types/featureToggles.gen.ts
+1
View File
@@ -249,4 +249,5 @@ export interface FeatureToggles {
investigationsBackend?: boolean;
k8SFolderCounts?: boolean;
k8SFolderMove?: boolean;
improvedExternalSessionHandlingSAML?: boolean;
}
pkg/services/featuremgmt/registry.go
+7 -1
View File
@@ -1489,7 +1489,7 @@ var (
},
{
Name: "improvedExternalSessionHandling",
Description: "Enable improved support for OAuth and SAML external sessions in Grafana",
Description: "Enables improved support for OAuth external sessions. After enabling this feature, users might need to re-authenticate themselves.",
Stage: FeatureStagePublicPreview,
Owner: identityAccessTeam,
},
@@ -1723,6 +1723,12 @@ var (
Owner: grafanaSearchAndStorageSquad,
Expression: "false",
},
{
Name: "improvedExternalSessionHandlingSAML",
Description: "Enables improved support for SAML external sessions. Ensure the NameID format is correctly configured in Grafana for SAML Single Logout to function properly.",
Stage: FeatureStagePublicPreview,
Owner: identityAccessTeam,
},
}
)
pkg/services/featuremgmt/toggles_gen.csv
+1
View File
@@ -230,3 +230,4 @@ lokiLabelNamesQueryApi,GA,@grafana/observability-logs,false,false,false
investigationsBackend,experimental,@grafana/grafana-app-platform-squad,false,false,false
k8SFolderCounts,experimental,@grafana/search-and-storage,false,false,false
k8SFolderMove,experimental,@grafana/search-and-storage,false,false,false
improvedExternalSessionHandlingSAML,preview,@grafana/identity-access-team,false,false,false
1 Name Stage Owner requiresDevMode RequiresRestart FrontendOnly
230 investigationsBackend experimental @grafana/grafana-app-platform-squad false false false
231 k8SFolderCounts experimental @grafana/search-and-storage false false false
232 k8SFolderMove experimental @grafana/search-and-storage false false false
233 improvedExternalSessionHandlingSAML preview @grafana/identity-access-team false false false
pkg/services/featuremgmt/toggles_gen.go
+5 -1
View File
@@ -796,7 +796,7 @@ const (
FlagAlertingQueryAndExpressionsStepMode = "alertingQueryAndExpressionsStepMode"
// FlagImprovedExternalSessionHandling
// Enable improved support for OAuth and SAML external sessions in Grafana
// Enables improved support for OAuth external sessions. After enabling this feature, users might need to re-authenticate themselves.
FlagImprovedExternalSessionHandling = "improvedExternalSessionHandling"
// FlagUseSessionStorageForRedirection
@@ -930,4 +930,8 @@ const (
// FlagK8SFolderMove
// Enable folder's api server move
FlagK8SFolderMove = "k8SFolderMove"
// FlagImprovedExternalSessionHandlingSAML
// Enables improved support for SAML external sessions. Ensure the NameID format is correctly configured in Grafana for SAML Single Logout to function properly.
FlagImprovedExternalSessionHandlingSAML = "improvedExternalSessionHandlingSAML"
)
pkg/services/featuremgmt/toggles_gen.json
+18 -3
View File
@@ -1803,14 +1803,29 @@
{
"metadata": {
"name": "improvedExternalSessionHandling",
"resourceVersion": "1736255708514",
"resourceVersion": "1736440595516",
"creationTimestamp": "2024-09-17T10:54:39Z",
"annotations": {
"grafana.app/updatedTimestamp": "2025-01-07 13:15:08.514525 +0000 UTC"
"grafana.app/updatedTimestamp": "2025-01-09 16:36:35.516462 +0000 UTC"
}
},
"spec": {
"description": "Enable improved support for OAuth and SAML external sessions in Grafana",
"description": "Enables improved support for OAuth external sessions. After enabling this feature, users might need to re-authenticate themselves.",
"stage": "preview",
"codeowner": "@grafana/identity-access-team"
}
},
{
"metadata": {
"name": "improvedExternalSessionHandlingSAML",
"resourceVersion": "1736440619329",
"creationTimestamp": "2025-01-09T16:33:07Z",
"annotations": {
"grafana.app/updatedTimestamp": "2025-01-09 16:36:59.329967 +0000 UTC"
}
},
"spec": {
"description": "Enables improved support for SAML external sessions. Ensure the NameID format is correctly configured in Grafana for SAML Single Logout to function properly.",
"stage": "preview",
"codeowner": "@grafana/identity-access-team"
}