Enable OAuth2 auth in Grafana

artefactual-sdps · Oct 14, 2024 · f9bc127 · f9bc127
1 parent c32b4c5
commit f9bc127
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 2 deletions.
diff --git a/docs/src/dev-manual/devel.md b/docs/src/dev-manual/devel.md
@@ -104,6 +104,7 @@ Keycloack:
 | Dashboard     | <http://localhost:8080> | `admin`     | `admin123`     |
 | MinIO console | <http://localhost:7460> | `admin`     | `admin123`     |
 | Temporal UI   | <http://localhost:7440> | `admin`     | `admin123`     |
+| Grafana       | <http://localhost:7490> | `admin`     | `admin123`     |
 | Keycloak      | <http://localhost:7470> | `keycloak`  | `keycloak123`  |
 
 ## Live updates

diff --git a/hack/kube/components/dev/grafana.yaml b/hack/kube/components/dev/grafana.yaml
@@ -46,12 +46,27 @@ data:
     provisioning = /etc/grafana/provisioning
     [server]
     domain = ''
-    [auth.anonymous]
-    enabled = true
+    root_url = http://localhost:7490
     [users]
     default_theme = system
     [dashboards]
     default_home_dashboard_path = /var/lib/grafana/dashboards/home.json
+    [auth.generic_oauth]
+    enabled = true
+    name = Keycloak
+    allow_sign_up = true
+    client_id = grafana
+    client_secret = wi8sSTRwP5lA2NuogV5bL6GmIyzVF2HP
+    scopes = openid email profile
+    email_attribute_path = email
+    login_attribute_path = username
+    name_attribute_path = full_name
+    auth_url = http://keycloak:7470/realms/artefactual/protocol/openid-connect/auth
+    token_url = http://keycloak:7470/realms/artefactual/protocol/openid-connect/token
+    api_url = http://keycloak:7470/realms/artefactual/protocol/openid-connect/userinfo
+    signout_redirect_url = http://keycloak:7470/realms/artefactual/protocol/openid-connect/logout?post_logout_redirect_uri=http%3A%2F%2Flocalhost:7490%2Flogin/generic_oauth
+    role_attribute_path = "'Admin'"
+    skip_org_role_sync = false
   datasources.yaml: |
     apiVersion: 1
     datasources:

diff --git a/hack/kube/components/dev/keycloak.yaml b/hack/kube/components/dev/keycloak.yaml
@@ -202,6 +202,16 @@ data:
           "secret": "K5do3lZeHEzR3ajzCEudH4OGe7KWUmfe",
           "redirectUris": ["http://localhost:7460/oauth_callback"],
           "protocol": "openid-connect"
+        },
+        {
+          "id": "42c7a9e6-d81c-4b3f-aaeb-32de8dea0bf2",
+          "clientId": "grafana",
+          "name": "Grafana",
+          "enabled": true,
+          "secret": "wi8sSTRwP5lA2NuogV5bL6GmIyzVF2HP",
+          "redirectUris": ["http://localhost:7490/login/generic_oauth"],
+          "protocol": "openid-connect",
+          "directAccessGrantsEnabled": true
         }
       ],
       "clientScopes": [