Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Duplicated] Feature idea - help customers get read access to their relevant grafana dashboards #2050

Closed
consideRatio opened this issue Jan 13, 2023 · 2 comments
Closed

[Duplicated] Feature idea - help customers get read access to their relevant grafana dashboards #2050

consideRatio opened this issue Jan 13, 2023 · 2 comments
Assignees
@consideRatio

Comments

@consideRatio
Copy link
Member

@scottyhq asked in a support ticket about providing access to a grafana:

Is it easy to give hub admins access to grafana https://grafana.uwhackweeks.2i2c.cloud/login ?

Thinking about this in the most general case where we can have different ways for users to authenticate themselves, I see some options.

For customers with dedicated clusters:

  1. We configure one additional user besides the admin user and the user created to update the grafana dashboards, and let that user have just read access to the instance. Then, we share those credentials with the community representatives to handle as they please.
  2. We let Grafana work against the production JupyterHub as an identity provider

For customers with shared clusters:
0. First of all, I'm really not sure here because we have a shared grafana instance accessing several different data sources and providing a bit more dashboards etc.

  1. I think maybe its reasonable to configure one additional user per hub, and a set of permissions for that user to have readonly access to the relevant prometheus data source.
  2. I don't think its reasonable to setup auth against all of the jupyterhub's and even if we do, the permissions granted should depend on what hub you authed against etc.

Investigative work needed

  1. Can we via REST API and/or configuration add a user to Grafana? I think yes, because I think @GeorgianaElena has done that already.
  2. Can we via REST API and/or configuration make a user be granted permissions to a specific data source, so that a dropdown list will only include the datasources that the user has permissions to? Below is an example of a dropdownlist.
    image
@sgibson91
Copy link
Member

I think there are a few related, possibly duplicate?, issues:

@damianavila damianavila changed the title Feature idea - help customers get read access to their relevant grafana dashboards [Duplicated] Feature idea - help customers get read access to their relevant grafana dashboards Jan 16, 2023
@damianavila
Copy link
Contributor

Yes, I think this conversation is already captured in other issues, so let's close this one. Feel free to reopen if you disagree.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@consideRatio consideRatio

Labels
None yet
Projects
DEPRECATED Engineering and Product Backlog
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@damianavila @consideRatio @sgibson91