Add grafana role

2025-07-10 00:56:23 +03:00
parent d6083ec2be
commit 303d3a384a
4 changed files with 125 additions and 0 deletions
--- a/roles/grafana/meta/argument_specs.yml
+++ b/roles/grafana/meta/argument_specs.yml
@@ -0,0 +1,72 @@
+---
+argument_specs:
+  main:
+    description: Installs and configures grafana
+    options:
+      grafana_domain:
+        description: The domain grafana should be available on
+        type: str
+        required: true
+
+      grafana_oauth_name:
+        description: >-
+          Name that refers to the generic OAuth2 authentication from the Grafana
+          user interface. Required to enable OAuth authentication.
+        type: str
+        required: false
+        default: ""
+      grafana_oauth_client_id:
+        description: >-
+          Client ID provided by your OAuth2 app. Required if OAuth is enabled.
+        type: str
+        required: false
+        default: ""
+      grafana_oauth_auth_url:
+        description: Authorization endpoint of your OAuth2 provider. Required if OAuth is enabled.
+        type: str
+        required: false
+        default: ""
+      grafana_oauth_token_url:
+        description: Endpoint used to obtain the OAuth2 access token.
+        type: str
+        required: false
+        default: ""
+      grafana_oauth_api_url:
+        description: Endpoint used to obtain user information compatible with OpenID UserInfo.
+        type: str
+        required: false
+        default: ""
+      grafana_oauth_scopes:
+        description: List of OAuth2 scopes.
+        type: list
+        required: false
+        elements: str
+        default:
+          - openid
+          - profile
+          - email
+      grafana_oauth_role_attribute_path:
+        description: >-
+          JMESPath expression to use for Grafana role lookup. Grafana will first
+          evaluate the expression using the OAuth2 ID token. If no role is found,
+          the expression will be evaluated using the user information obtained
+          from the UserInfo endpoint. The result of the evaluation should be
+          a valid Grafana role (Viewer, Editor, Admin or GrafanaAdmin).
+        type: str
+        required: false
+        default: ""
+      grafana_oauth_allow_sign_up:
+        description: >-
+          Controls Grafana user creation through the generic OAuth2 login. Only
+          existing Grafana users can log in with generic OAuth if set to false.
+        type: bool
+        required: false
+        default: true
+      grafana_oauth_auto_login:
+        description: >-
+          Whether to enable users to bypass the login screen and automatically
+          log in. This setting is ignored if you configure multiple auth
+          providers to use auto-login.
+        type: bool
+        required: false
+        default: true