grafana: add oauth support
This commit is contained in:
uumas
9
roles/grafana/defaults/main.yml
Normal file
9
roles/grafana/defaults/main.yml
Normal file
@@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
grafana_oauth_enabled: false
|
||||||
|
grafana_oauth_scopes:
|
||||||
|
- openid
|
||||||
|
- profile
|
||||||
|
- email
|
||||||
|
grafana_oauth_allow_sign_up: true
|
||||||
|
grafana_oauth_auto_login: false
|
||||||
@@ -5,6 +5,59 @@ argument_specs:
|
|||||||
short_description: Grafana
|
short_description: Grafana
|
||||||
description: "Sets up a grafana docker container"
|
description: "Sets up a grafana docker container"
|
||||||
options:
|
options:
|
||||||
|
grafana_oauth_enabled:
|
||||||
|
description: Enables generic OAuth2 authentication.
|
||||||
|
type: bool
|
||||||
|
required: false
|
||||||
|
default: false
|
||||||
|
grafana_oauth_name:
|
||||||
|
description: Name that refers to the generic OAuth2 authentication from the Grafana user interface.
|
||||||
|
type: str
|
||||||
|
required: false
|
||||||
|
grafana_oauth_client_id:
|
||||||
|
description: Client ID provided by your OAuth2 app.
|
||||||
|
type: str
|
||||||
|
required: "{{ grafana_oauth_enabled }}"
|
||||||
|
grafana_oauth_client_secret:
|
||||||
|
description: Client secret provided by your OAuth2 app.
|
||||||
|
type: str
|
||||||
|
required: "{{ grafana_oauth_enabled }}"
|
||||||
|
grafana_oauth_auth_url:
|
||||||
|
description: Authorization endpoint of your OAuth2 provider.
|
||||||
|
type: str
|
||||||
|
required: "{{ grafana_oauth_enabled }}"
|
||||||
|
grafana_oauth_token_url:
|
||||||
|
description: Endpoint used to obtain the OAuth2 access token.
|
||||||
|
type: str
|
||||||
|
required: "{{ grafana_oauth_enabled }}"
|
||||||
|
grafana_oauth_api_url:
|
||||||
|
description: Endpoint used to obtain user information compatible with OpenID UserInfo.
|
||||||
|
type: str
|
||||||
|
required: "{{ grafana_oauth_enabled }}"
|
||||||
|
grafana_oauth_scopes:
|
||||||
|
description: List of OAuth2 scopes.
|
||||||
|
type: list
|
||||||
|
required: false
|
||||||
|
items: str
|
||||||
|
default:
|
||||||
|
- openid
|
||||||
|
- profile
|
||||||
|
- email
|
||||||
|
grafana_oauth_role_attribute_path:
|
||||||
|
description: JMESPath expression to use for Grafana role lookup. Grafana will first evaluate the expression using the OAuth2 ID token. If no role is found, the expression will be evaluated using the user information obtained from the UserInfo endpoint. The result of the evaluation should be a valid Grafana role (Viewer, Editor, Admin or GrafanaAdmin).
|
||||||
|
type: str
|
||||||
|
required: false
|
||||||
|
grafana_oauth_allow_sign_up:
|
||||||
|
description: Controls Grafana user creation through the generic OAuth2 login. Only existing Grafana users can log in with generic OAuth if set to false.
|
||||||
|
type: bool
|
||||||
|
required: false
|
||||||
|
default: true
|
||||||
|
grafana_oauth_auto_login:
|
||||||
|
description: Set to true to enable users to bypass the login screen and automatically log in. This setting is ignored if you configure multiple auth providers to use auto-login.
|
||||||
|
type: bool
|
||||||
|
required: false
|
||||||
|
default: false
|
||||||
|
|
||||||
database_passwords:
|
database_passwords:
|
||||||
description: "Passed to container role"
|
description: "Passed to container role"
|
||||||
required: true
|
required: true
|
||||||
|
|||||||
@@ -7,7 +7,7 @@
|
|||||||
docker_service: grafana
|
docker_service: grafana
|
||||||
docker_image: grafana/grafana
|
docker_image: grafana/grafana
|
||||||
docker_image_http_port: 3000
|
docker_image_http_port: 3000
|
||||||
docker_volumes:
|
docker_mounts:
|
||||||
- name: data
|
- name: data
|
||||||
path: /var/lib/grafana
|
path: /var/lib/grafana
|
||||||
docker_database: postgres
|
docker_database: postgres
|
||||||
@@ -19,3 +19,15 @@
|
|||||||
GF_DATABASE_PASSWORD: "{{ database_passwords.grafana }}"
|
GF_DATABASE_PASSWORD: "{{ database_passwords.grafana }}"
|
||||||
GF_SERVER_DOMAIN: "{{ docker_vhost_domains.grafana[0] }}"
|
GF_SERVER_DOMAIN: "{{ docker_vhost_domains.grafana[0] }}"
|
||||||
GF_SERVER_ROOT_URL: "https://{{ docker_vhost_domains.grafana[0] }}"
|
GF_SERVER_ROOT_URL: "https://{{ docker_vhost_domains.grafana[0] }}"
|
||||||
|
|
||||||
|
GF_AUTH_GENERIC_OAUTH_ENABLED: "{{ 'true' if grafana_oauth_enabled else 'false' }}"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_NAME: "{{ grafana_oauth_name | default(omit) }}"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "{{ grafana_oauth_client_id }}"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "{{ grafana_oauth_client_secret }}"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_AUTH_URL: "{{ grafana_oauth_auth_url }}"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "{{ grafana_oauth_token_url }}"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_API_URL: "{{ grafana_oauth_api_url }}"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_SCOPES: "{{ grafana_oauth_scopes | join(' ') }}"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: "{{ 'true' if grafana_oauth_allow_sign_up else 'false' }}"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_AUTO_LOGIN: "{{ 'true' if grafana_oauth_auto_login else 'false' }}"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "{{ grafana_oauth_role_attribute_path | default(omit) }}"
|
||||||
|
|||||||
Reference in New Issue
Block a user