mirror of
https://github.com/grafana/grafana.git
synced 2025-07-28 02:32:07 +08:00
fc988c8771
* fixes/adds azure workload identity authentication. Issue #78249 * Updates default values. Adds `workload_identity_token_file` defaults * Updates example config. Adds `workload_identity_token_file` * Updates docummentation: adds Federated credentials for Workload Identity * Update docs/sources/setup-grafana/configure-security/configure-authentication/azuread/index.md Co-authored-by: Misi <mgyongyosi@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/azuread/index.md Co-authored-by: Misi <mgyongyosi@users.noreply.github.com> * Docs: add link to official documentation. Clarifies example. * 1. Add workload_identity_enabled and workload_identity_token_file settings to [auth.azuread] for workload identity support. 2. Extend OAuthInfo struct to include workload identity fields. 3. Update OAuth authentication logic to handle Azure AD workload identity using federated token as client assertion. 4. Update sample configuration and documentation for new settings. * ensure environment variable overrides are respected for OAuth SSO settings - Ensure that settings loaded in pkg/services/ssosettings/strategies/oauth_strategy.go correctly reflect environment variable overrides, matching Grafana's config behavior. - Align config loading logic with main config loader to prevent issues where INI values would override environment variables. * updates documentation * test: add workload identity configuration tests for Azure AD OAuth strategy. Add test coverage for workload_identity_enabled and workload_identity_token_file settings * feat: add workload identity support to Azure AD SSO configuration UI * updates documentation * Simplify OAuth flow by removing unnecessary switch-case structure * Small changes * Lint + i18n gen * refactor: remove redundant workload_identity_enabled setting as auth method gets defined by client_authentication * update documentation * refactor: remove redundant workload_identity_enabled setting as auth method gets defined by client_authentication * updates documentation - configuration options table: adds `client_authentication`, `workload_identity_token_file`, and `federated_credential_audience` * Small changes, lint, i18n --------- Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>