infra/ansible-role-grafana
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added oauth2 support

Browse source
This commit is contained in:
nd 2020-12-12 23:39:03 +01:00
parent d958bac52e
commit b279d0a9e2
No known key found for this signature in database
GPG key ID: 21B5CD4DEE3670E9
2 changed files with 22 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

9
defaults/main.yml
View file

@ -4,6 +4,15 @@ grafana:
secret_key: "{{ lookup('password', '/dev/null') }}" secret_key: "{{ lookup('password', '/dev/null') }}"
instance_name: "${HOSTNAME}" instance_name: "${HOSTNAME}"
root_url: "https://localhost" root_url: "https://localhost"
oauth2:
enabled: "false"
name: "OAuth"
client_id: ""
client_secret: ""
auth_url: ""
token_url: ""
api_url: ""
scopes: ""
plugins: plugins:
"grafana-piechart-panel": {} "grafana-piechart-panel": {}
datasources: {} datasources: {}

22
templates/grafana.ini.j2
View file

@ -317,17 +317,19 @@ disable_gravatar = true
#################################### Generic OAuth ########################## #################################### Generic OAuth ##########################
[auth.generic_oauth] [auth.generic_oauth]
;enabled = false enabled = {{ grafana.config.oauth2.enabled }}
;name = OAuth name = {{ grafana.config.oauth2.name }}
;allow_sign_up = true allow_sign_up = true
;client_id = some_id client_id = {{ grafana.config.oauth2.client_id }}
;client_secret = some_secret client_secret = {{ grafana.config.oauth2.client_secret }}
;scopes = user:email,read:org scopes = {{ grafana.config.oauth2.scopes }}
;email_attribute_name = email:primary ;email_attribute_name = email:primary
;email_attribute_path = ;email_attribute_path =
;auth_url = https://foo.bar/login/oauth/authorize
;token_url = https://foo.bar/login/oauth/access_token auth_url = {{ grafana.config.oauth2.auth_url }}
;api_url = https://foo.bar/user token_url = {{ grafana.config.oauth2.token_url }}
api_url = {{ grafana.config.oauth2.api_url }}
;team_ids = ;team_ids =
;allowed_organizations = ;allowed_organizations =
;tls_skip_verify_insecure = false ;tls_skip_verify_insecure = false
@ -335,6 +337,8 @@ disable_gravatar = true
;tls_client_key = ;tls_client_key =
;tls_client_ca = ;tls_client_ca =
role_attribute_path = {{ grafana.config.oauth2.role_attribute_path }}
; Set to true to enable sending client_id and client_secret via POST body instead of Basic authentication HTTP header ; Set to true to enable sending client_id and client_secret via POST body instead of Basic authentication HTTP header
; This might be required if the OAuth provider is not RFC6749 compliant, only supporting credentials passed via POST payload ; This might be required if the OAuth provider is not RFC6749 compliant, only supporting credentials passed via POST payload
;send_client_credentials_via_post = false ;send_client_credentials_via_post = false