added oauth2 support

defaults/main.yml

@@ -4,6 +4,15 @@ grafana:
     secret_key: "{{ lookup('password', '/dev/null') }}"
     instance_name: "${HOSTNAME}"
     root_url: "https://localhost"
+    oauth2:
+      enabled: "false"
+      name: "OAuth"
+      client_id: ""
+      client_secret: ""
+      auth_url: ""
+      token_url: ""
+      api_url: ""
+      scopes: ""
   plugins:
     "grafana-piechart-panel": {}
   datasources: {}

templates/grafana.ini.j2

@@ -317,17 +317,19 @@ disable_gravatar = true
 
 #################################### Generic OAuth ##########################
 [auth.generic_oauth]
-;enabled = false
-;name = OAuth
-;allow_sign_up = true
-;client_id = some_id
-;client_secret = some_secret
-;scopes = user:email,read:org
+enabled = {{ grafana.config.oauth2.enabled }}
+name = {{ grafana.config.oauth2.name }}
+allow_sign_up = true
+client_id = {{ grafana.config.oauth2.client_id }}
+client_secret = {{ grafana.config.oauth2.client_secret }}
+scopes = {{ grafana.config.oauth2.scopes }}
 ;email_attribute_name = email:primary
 ;email_attribute_path =
-;auth_url = https://foo.bar/login/oauth/authorize
-;token_url = https://foo.bar/login/oauth/access_token
-;api_url = https://foo.bar/user
+
+auth_url = {{ grafana.config.oauth2.auth_url }}
+token_url = {{ grafana.config.oauth2.token_url }}
+api_url = {{ grafana.config.oauth2.api_url }}
+
 ;team_ids =
 ;allowed_organizations =
 ;tls_skip_verify_insecure = false
@@ -335,6 +337,8 @@ disable_gravatar = true
 ;tls_client_key =
 ;tls_client_ca =
 
+role_attribute_path = {{ grafana.config.oauth2.role_attribute_path }}
+
 ; Set to true to enable sending client_id and client_secret via POST body instead of Basic authentication HTTP header
 ; This might be required if the OAuth provider is not RFC6749 compliant, only supporting credentials passed via POST payload
 ;send_client_credentials_via_post = false