From: alex Date: Sat, 21 Oct 2023 19:40:10 +0000 (+0200) Subject: Configure Grafana OIDC X-Git-Tag: 20240214-emacs~176 X-Git-Url: https://xn--ix-yja.es/gitweb/?a=commitdiff_plain;h=a07068ede86a1e626ae8debac1568da696d322d0;p=alex.git Configure Grafana OIDC --- diff --git a/personal_infra/puppet/modules/grafana/manifests/init.pp b/personal_infra/puppet/modules/grafana/manifests/init.pp index 13c5dd6..a2fa4ad 100644 --- a/personal_infra/puppet/modules/grafana/manifests/init.pp +++ b/personal_infra/puppet/modules/grafana/manifests/init.pp @@ -1,4 +1,4 @@ -class grafana { +class grafana($root_url, $oidc_client_id, $oidc_client_secret, $oidc_auth_url, $oidc_api_url, $oidc_token_url) { file {'/etc/yum.repos.d/grafana.repo': content => @("EOT") [grafana] @@ -18,6 +18,25 @@ class grafana { require => File['/etc/yum.repos.d/grafana.repo'], } -> + file {'/etc/grafana/grafana.ini': + content => @("EOT") + [server] + root_url=$root_url + + [auth.generic_oauth] + enabled = true + allow_sign_up = true + name = idp.pdp7.net + client_id = $oidc_client_id + client_secret = $oidc_client_secret + auth_url = $oidc_auth_url + api_url = $oidc_api_url + token_url = $oidc_token_url + scopes = openid email profile + | EOT + , + } + ~> service {'grafana-server': enable => true, ensure => running, diff --git a/personal_infra/puppet/site/grafana.h1.int.pdp7.net.pp b/personal_infra/puppet/site/grafana.h1.int.pdp7.net.pp index 5b605e4..96eab82 100644 --- a/personal_infra/puppet/site/grafana.h1.int.pdp7.net.pp +++ b/personal_infra/puppet/site/grafana.h1.int.pdp7.net.pp @@ -1,3 +1,10 @@ node 'grafana.h1.int.pdp7.net' { - class {'grafana':} + class {'grafana': + oidc_client_id => lookup('grafana.oauth.client_id'), + oidc_client_secret => lookup('grafana.oauth.client_secret'), + oidc_auth_url => lookup('grafana.oauth.auth_url'), + oidc_api_url => lookup('grafana.oauth.api_url'), + oidc_token_url => lookup('grafana.oauth.token_url'), + root_url => 'https://grafana.pdp7.net', + } }