fa9d6be255
* Bump grafana-azure-sdk-go * Set override values * Add Azure settings helper covering SSO cases * Ensure Azure settings are correctly created - Add mock for sso settings service - Add tests - Update wire * Minor improvements * Test updates * Move fake implementation * add interface to limit leakage * rename * work sync * Fix wire * Add fake provider * Update tests * Actually fix the workspace * More go dependency fixes * Update tests * Update workspace, again * Add missing tests * Fix dependencies * These dependencies.. * More dependency things * Okay now dependencies really are fixed * Lint * Update pkg/services/pluginsintegration/pluginconfig/request.go Co-authored-by: Misi <mgyongyosi@users.noreply.github.com> --------- Co-authored-by: Will Browne <wbrowne@tcd.ie> Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
67 lines
2.4 KiB
Go
67 lines
2.4 KiB
Go
package pluginconfig
|
|
|
|
import (
|
|
"github.com/grafana/grafana-azure-sdk-go/v2/azsettings"
|
|
|
|
"github.com/grafana/grafana/pkg/services/pluginsintegration/pluginsso"
|
|
)
|
|
|
|
// mergeAzureSettings merges the Azure AD settings from the SSO settings DB with the Azure AD settings from the config.
|
|
// Azure AD settings can be changed via the UI or SSO settings API
|
|
// They can also be overridden in the [azure] config section
|
|
// The order of precedence is:
|
|
// 1. [azure] config section (if the override flag is set)
|
|
// 2. SSO settings from the DB (if they exist)
|
|
// 3. [auth.azuread] config section (if enabled)
|
|
func mergeAzureSettings(currSettings *azsettings.AzureSettings, azureAdSettings *pluginsso.Settings) *azsettings.AzureSettings {
|
|
if azureAdSettings != nil {
|
|
settings := azureAdSettings.Values
|
|
tokenEndpointSettings := currSettings.UserIdentityTokenEndpoint
|
|
if tokenEndpointSettings == nil {
|
|
tokenEndpointSettings = &azsettings.TokenEndpointSettings{}
|
|
currSettings.UserIdentityTokenEndpoint = tokenEndpointSettings
|
|
}
|
|
|
|
tokenUrl, ok := settings["token_url"].(string)
|
|
if ok {
|
|
if !currSettings.UserIdentityTokenEndpoint.TokenUrlOverride {
|
|
currSettings.UserIdentityTokenEndpoint.TokenUrl = tokenUrl
|
|
}
|
|
}
|
|
clientAuth, ok := settings["client_authentication"].(string)
|
|
if ok {
|
|
if !currSettings.UserIdentityTokenEndpoint.ClientAuthenticationOverride {
|
|
if clientAuth != "none" {
|
|
currSettings.UserIdentityTokenEndpoint.ClientAuthentication = clientAuth
|
|
}
|
|
}
|
|
}
|
|
clientId, ok := settings["client_id"].(string)
|
|
if ok {
|
|
if !currSettings.UserIdentityTokenEndpoint.ClientIdOverride {
|
|
currSettings.UserIdentityTokenEndpoint.ClientId = clientId
|
|
}
|
|
}
|
|
clientSecret, ok := settings["client_secret"].(string)
|
|
if ok {
|
|
if !currSettings.UserIdentityTokenEndpoint.ClientSecretOverride {
|
|
currSettings.UserIdentityTokenEndpoint.ClientSecret = clientSecret
|
|
}
|
|
}
|
|
managedIdentityClientId, ok := settings["managed_identity_client_id"].(string)
|
|
if ok {
|
|
if !currSettings.UserIdentityTokenEndpoint.ManagedIdentityClientIdOverride {
|
|
currSettings.UserIdentityTokenEndpoint.ManagedIdentityClientId = managedIdentityClientId
|
|
}
|
|
}
|
|
federatedCredentialAudience, ok := settings["federated_credential_audience"].(string)
|
|
if ok {
|
|
if !currSettings.UserIdentityTokenEndpoint.FederatedCredentialAudienceOverride {
|
|
currSettings.UserIdentityTokenEndpoint.FederatedCredentialAudience = federatedCredentialAudience
|
|
}
|
|
}
|
|
}
|
|
|
|
return currSettings
|
|
}
|