From 8e516c646ee42189caf153281f00bb4a08a9d840 Mon Sep 17 00:00:00 2001 From: Yevgen Bykov Date: Tue, 20 Feb 2024 08:50:25 +0100 Subject: [PATCH] Add insecure email lookup property to Grafana --- jobs/grafana/spec | 2 ++ jobs/grafana/templates/config/grafana.ini | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/jobs/grafana/spec b/jobs/grafana/spec index 9f158b88..c3d7c392 100644 --- a/jobs/grafana/spec +++ b/jobs/grafana/spec @@ -347,6 +347,8 @@ properties: description: "mask the Grafana version number for unauthenticated users" grafana.auth.oauth_skip_org_role_update_sync: description: "Skip forced assignment of OrgID 1 or 'auto_assign_org_id' for social logins" + grafana.auth.oauth_allow_insecure_email_lookup: + description: "Enable user lookup based on email in addition to using unique ID provided by IdPs." grafana.auth.azure_auth_enabled: description: "Set to true to enable Azure authentication option for HTTP-based datasources" diff --git a/jobs/grafana/templates/config/grafana.ini b/jobs/grafana/templates/config/grafana.ini index 66890847..87f9dc40 100644 --- a/jobs/grafana/templates/config/grafana.ini +++ b/jobs/grafana/templates/config/grafana.ini @@ -720,6 +720,11 @@ oauth_state_cookie_max_age = <%= oauth_state_cookie_max_age %> oauth_skip_org_role_update_sync = <%= oauth_skip_org_role_update_sync %> <% end %> +<% if_p('grafana.auth.oauth_allow_insecure_email_lookup') do |oauth_allow_insecure_email_lookup| %> +# Enable user lookup based on email in addition to using unique ID provided by IdPs. +oauth_allow_insecure_email_lookup = <%= oauth_allow_insecure_email_lookup %> +<% end %> + <% if_p('grafana.auth.api_key_max_seconds_to_live') do |api_key_max_seconds_to_live| %> # limit of api_key seconds to live before expiration api_key_max_seconds_to_live = <%= api_key_max_seconds_to_live %>