Configure Grafana OIDC

diff --git a/personal_infra/puppet/modules/grafana/manifests/init.pp b/personal_infra/puppet/modules/grafana/manifests/init.pp
index 13c5dd6675f65469e6e8b2d73c07c2c5edd2127a..a2fa4ad9afdaddb5d82fe150f74354c80d944562 100644 (file)
--- a/personal_infra/puppet/modules/grafana/manifests/init.pp
+++ b/personal_infra/puppet/modules/grafana/manifests/init.pp
@@ -1,4 +1,4 @@
-class grafana {
+class grafana($root_url, $oidc_client_id, $oidc_client_secret, $oidc_auth_url, $oidc_api_url, $oidc_token_url) {
   file {'/etc/yum.repos.d/grafana.repo':
     content => @("EOT")
       [grafana]
@@ -18,6 +18,25 @@ class grafana {
     require => File['/etc/yum.repos.d/grafana.repo'],
   }
   ->
+  file {'/etc/grafana/grafana.ini':
+    content => @("EOT")
+      [server]
+      root_url=$root_url
+
+      [auth.generic_oauth]
+      enabled = true
+      allow_sign_up = true
+      name = idp.pdp7.net
+      client_id = $oidc_client_id
+      client_secret = $oidc_client_secret
+      auth_url = $oidc_auth_url
+      api_url = $oidc_api_url
+      token_url = $oidc_token_url
+      scopes = openid email profile
+      | EOT
+    ,
+  }
+  ~>
   service {'grafana-server':
     enable => true,
     ensure => running,

diff --git a/personal_infra/puppet/site/grafana.h1.int.pdp7.net.pp b/personal_infra/puppet/site/grafana.h1.int.pdp7.net.pp
index 5b605e49f9b5847bc8866b8cf2ae572fd27fd8b4..96eab827bcdb01d0932d4f8d47f1b765888f8bf9 100644 (file)
--- a/personal_infra/puppet/site/grafana.h1.int.pdp7.net.pp
+++ b/personal_infra/puppet/site/grafana.h1.int.pdp7.net.pp
@@ -1,3 +1,10 @@
 node 'grafana.h1.int.pdp7.net' {
-  class {'grafana':}
+  class {'grafana':
+    oidc_client_id =>     lookup('grafana.oauth.client_id'),
+    oidc_client_secret => lookup('grafana.oauth.client_secret'),
+    oidc_auth_url      => lookup('grafana.oauth.auth_url'),
+    oidc_api_url       => lookup('grafana.oauth.api_url'),
+    oidc_token_url     => lookup('grafana.oauth.token_url'),
+    root_url => 'https://grafana.pdp7.net',
+  }
 }