Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add in support for auth.okta to grafana.ini parser. #382

Merged
merged 1 commit into from
Mar 31, 2021
Merged

Add in support for auth.okta to grafana.ini parser. #382

merged 1 commit into from
Mar 31, 2021

Conversation

joshpaul-okta
Copy link
Contributor

@joshpaul-okta joshpaul-okta commented Mar 30, 2021
edited
Loading

Description

Enables support fot the auth.okta section of the grafana.ini parser.

Relevant issues/tickets

#378

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist

  • This change requires a documentation update
  • I have added tests that prove my fix is effective or that my feature works
  • I have added a test case that will be used to verify my changes
  • Verified independently on a cluster by reviewer

Verification steps

Use a CRD with with the auth.okta enabled and validate it is rendered in the grafana.ini configmap.

apiVersion: integreatly.org/v1alpha1
kind: Grafana
metadata:
  name: grafana
  namespace: grafana
spec:
  deployment:
    nodeSelector:
      nodegroup: kube-addons
  ingress:
    enabled: true
    ingressClassName: nginx-private
    hostname: grafana.foo.net
    path: /
    annotations:
      kubernetes.io/ingress.class: nginx-private
      cert-manager.io/cluster-issuer: vault
      external-dns/private-record: 'true'
    tlsEnabled: true
    tlsSecretName: grafana-tls
    termination: edge
  config:
    alerting:
      enabled: false
    analytics:
      check_for_updates: false
      reporting_enabled: false
    auth.okta:
      enabled: true
      allow_sign_up: true
      client_id: $__file{/etc/grafana-secrets/auth_okta/client_id}
      client_secret: $__file{/etc/grafana-secrets/auth_okta/client_secret}
      scopes: openid profile email groups
      auth_url: https://foo.com/oauth2/v1/authorize
      token_url: https://foo.com/oauth2/v1/token
      api_url: https://foo.com/oauth2/v1/userinfo
      allowed_domains: foo.com
      allowed_groups: k8s-eng-svcs k8s-eng-svcs-admins
      role_attribute_path: contains(groups[*], 'k8s-eng-svcs-admins') && 'Admin' ||
        contains(groups[*], 'k8s-eng-svcs-admins') && 'Editor' || 'Viewer'
    log:
      level: warn
      mode: console
    security:
      disable_gravatar: true
    server:
      root_url: https://grafana.foo.net
  secrets:
  - auth-okta-secret

@openshift-ci-robot
Copy link

Hi @joshpaul-okta. Thanks for your PR.

I'm waiting for a integr8ly member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

HVBE
HVBE approved these changes Mar 31, 2021
View reviewed changes
Copy link
Collaborator

@HVBE HVBE left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

/approve

Looks good, auth.okta fields are propagated to the conifg, thanks for contributing @joshpaul-okta 👍

@openshift-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: HubertStefanski

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci
Copy link

openshift-ci bot commented Mar 31, 2021

@joshpaul-okta: The following tests failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
ci/prow/e2e 3087382 link /test e2e
ci/prow/format 3087382 link /test format
ci/prow/images 3087382 link /test images
ci/prow/unit 3087382 link /test unit

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@HVBE
Copy link
Collaborator

HVBE commented Mar 31, 2021

CI failing on unrelated issues, merging manually

@HVBE HVBE merged commit fa44ff3 into grafana:master Mar 31, 2021
@HVBE HVBE linked an issue Mar 31, 2021 that may be closed by this pull request
Add support to the grafana.ini parser for auth.okta #378
Closed
@HVBE HVBE mentioned this pull request Mar 31, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HVBE HVBE HVBE approved these changes

Assignees

@HVBE HVBE

Labels
approved lgtm needs-ok-to-test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support to the grafana.ini parser for auth.okta
3 participants
@joshpaul-okta @openshift-ci-robot @HVBE