Add a new config part to configure KeyCloak based auth (#191)

Co-authored-by: Ishan Jain <51803183+ishanjainn@users.noreply.github.com>
grafana · May 13, 2024 · 6442f7a · 6442f7a
1 parent 70211a0
commit 6442f7a
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/roles/grafana/defaults/main.yml b/roles/grafana/defaults/main.yml
@@ -145,6 +145,21 @@ grafana_ldap: {}
 #        - group_dn: "cn=alternative_admins,ou=groups,dc=grafana,dc=org"
 #          org_role: Admin
 
+# Grafana KeyCloak auth
+grafana_auth_generic_oauth: {}
+#  enabled: true
+#  name: "Keycloak-OAuth"
+#  allow_sign_up: true
+#  client_id: YOUR_APP_CLIENT_ID
+#  client_secret: YOUR_APP_CLIENT_SECRET
+#  scopes: "openid email profile offline_access roles"
+#  email_attribute_path: email
+#  login_attribute_path: username
+#  name_attribute_path: full_name
+#  auth_url: "https://<PROVIDER_DOMAIN>/realms/<REALM_NAME>/protocol/openid-connect/auth"
+#  token_url: "https://<PROVIDER_DOMAIN>/realms/<REALM_NAME>/protocol/openid-connect/token"
+#  api_url: "https://<PROVIDER_DOMAIN>/realms/<REALM_NAME>/protocol/openid-connect/userinfo"
+
 grafana_session: {}
 #  provider: file
 #  provider_config: "sessions"

diff --git a/roles/grafana/templates/grafana.ini.j2 b/roles/grafana/templates/grafana.ini.j2
@@ -212,3 +212,11 @@ provider = {{ grafana_image_storage.provider }}
 {{ k }} = {{ v }}
 {%   endfor %}
 {% endif %}
+
+# Oauth_Keycloack
+{% if grafana_auth_generic_oauth != {} %}
+[auth.generic_oauth]
+{%   for k,v in grafana_auth_generic_oauth.items() %}
+{{ k }} = {{ v }}
+{%   endfor %}
+{% endif %}