Configure Grafana OIDC

1 files changed, 20 insertions, 1 deletions

diff --git a/personal_infra/puppet/modules/grafana/manifests/init.pp b/personal_infra/puppet/modules/grafana/manifests/init.pp
index 13c5dd66..a2fa4ad9 100644
--- a/personal_infra/puppet/modules/grafana/manifests/init.pp
+++ b/personal_infra/puppet/modules/grafana/manifests/init.pp
@@ -1,4 +1,4 @@
-class grafana {
+class grafana($root_url, $oidc_client_id, $oidc_client_secret, $oidc_auth_url, $oidc_api_url, $oidc_token_url) {
   file {'/etc/yum.repos.d/grafana.repo':
     content => @("EOT")
       [grafana]
@@ -18,6 +18,25 @@ class grafana {
     require => File['/etc/yum.repos.d/grafana.repo'],
   }
   ->
+  file {'/etc/grafana/grafana.ini':
+    content => @("EOT")
+      [server]
+      root_url=$root_url
+
+      [auth.generic_oauth]
+      enabled = true
+      allow_sign_up = true
+      name = idp.pdp7.net
+      client_id = $oidc_client_id
+      client_secret = $oidc_client_secret
+      auth_url = $oidc_auth_url
+      api_url = $oidc_api_url
+      token_url = $oidc_token_url
+      scopes = openid email profile
+      | EOT
+    ,
+  }
+  ~>
   service {'grafana-server':
     enable => true,
     ensure => running,