Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bind Dex static admin user to a Grafana Admin role automatically #2743

Merged
merged 5 commits into from
Aug 17, 2020
Merged

Bind Dex static admin user to a Grafana Admin role automatically #2743

merged 5 commits into from
Aug 17, 2020

Conversation

Ebaneck
Copy link
Contributor

@Ebaneck Ebaneck commented Aug 17, 2020

Component:

'salt', 'prometheus-operator', 'charts', 'grafana'

Context:

See: #2653

Summary:

When logging into Grafana, with the default admin@metalk8s.invalid Dex static user, we should automatically get full access permissions in Grafana. This is possible since we now make use of the Grafana role attribute to map the Dex user to a Grafana Admin role.

Acceptance criteria:

  • We should be able to log in to Grafana with admin@metalk8s.invalid user possessing Admin role attributes in Grafana.

Closes: #2653

@bert-e
Copy link
Contributor

bert-e commented Aug 17, 2020

Hello ebaneck,

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Status report is not available.

@bert-e
Copy link
Contributor

bert-e commented Aug 17, 2020

Conflict

A conflict has been raised during the creation of
integration branch w/2.6/bugfix/2653-map-Dex-static-admin-user-as-Grafana-admin-automatically with contents from bugfix/2653-map-Dex-static-admin-user-as-Grafana-admin-automatically
and development/2.6.

I have not created the integration branch.

Here are the steps to resolve this conflict:

 $ git fetch
 $ git checkout -B w/2.6/bugfix/2653-map-Dex-static-admin-user-as-Grafana-admin-automatically origin/development/2.6
 $ git merge origin/bugfix/2653-map-Dex-static-admin-user-as-Grafana-admin-automatically
 $ # <intense conflict resolution>
 $ git commit
 $ git push -u origin w/2.6/bugfix/2653-map-Dex-static-admin-user-as-Grafana-admin-automatically

@alexandre-allard @Ebaneck
charts: add option to change path of CSC defaults
e22be54 
This is needed as we put Loki inside logging directory,
so the path is not metalk8s/addons/loki/config/loki.yaml
but metalk8s/addons/logging/loki/config/loki.yaml, so
we need to be able to set the path.

Refs: #2682
(cherry picked from commit daea4b2)
@Ebaneck Ebaneck force-pushed the bugfix/2653-map-Dex-static-admin-user-as-Grafana-admin-automatically branch from 590e2fd to 61ae66a Compare August 17, 2020 13:49
@Ebaneck
fix render.py script to include service configs from different name…
3612c44 
…spaces

In the Prometheus-operator charts, we need to map the OIDC user in
Dex to a Grafana admin user.
This fix ensures we can import and render  service configs while specifying
their corresponding namespaces using the following arguments.

`--service-config service_name service_configmap_name service_namespace`
@Ebaneck
Add role attribute to Grafana generic auth settings
bf6a445 
To map the OIDC default admin user `admin@metalk8s.invalid` to
a Grafana admin role, we need to make use of Grafana role attributes.

This commit attaches an OIDC admin user using role_attribute_path for generic oauth
to a Grafana admin role.
@Ebaneck
re-render prometheus-operator charts with Grafana role attribute
4b06ee5 
This chart is rendered using:
```
./charts/render.py prometheus-operator --namespace metalk8s-monitoring \
  charts/prometheus-operator.yaml charts/prometheus-operator/ \
  --service-config grafana metalk8s-grafana-config metalk8s/addons/prometheus-operator/config/grafana.yaml metalk8s-monitoring \
  --service-config prometheus metalk8s-prometheus-config metalk8s/addons/prometheus-operator/config/prometheus.yaml metalk8s-monitoring \
  --service-config alertmanager metalk8s-alertmanager-config metalk8s/addons/prometheus-operator/config/alertmanager.yaml metalk8s-monitoring \
  --service-config dex metalk8s-dex-config metalk8s/addons/dex/config/dex.yaml metalk8s-auth \
  > salt/metalk8s/addons/prometheus-operator/deployed/chart.sls
```

Closes: #2653
@Ebaneck
update CHANGELOG.md entry
787d692 
This commit updates the Changelog entry to include a fix for
mapping the OIDC static admin user to a Grafana Admin role.

This commit also fixes the PR number for bumping K8s version to
1.16.13 which was previously wrongly specified.
@Ebaneck Ebaneck force-pushed the bugfix/2653-map-Dex-static-admin-user-as-Grafana-admin-automatically branch from 61ae66a to 787d692 Compare August 17, 2020 13:54
TeddyAndrieux
TeddyAndrieux approved these changes Aug 17, 2020
View reviewed changes
Copy link
Collaborator

@TeddyAndrieux TeddyAndrieux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Ebaneck
Copy link
Contributor Author

Ebaneck commented Aug 17, 2020

/approve

@bert-e
Copy link
Contributor

bert-e commented Aug 17, 2020

Build failed

The build for commit did not succeed in branch w/2.6/bugfix/2653-map-Dex-static-admin-user-as-Grafana-admin-automatically.

The following options are set: approve

@bert-e
Copy link
Contributor

bert-e commented Aug 17, 2020

In the queue

The changeset has received all authorizations and has been added to the
relevant queue(s). The queue(s) will be merged in the target development
branch(es) as soon as builds have passed.

The changeset will be merged in:

  • ✔️ development/2.5

  • ✔️ development/2.6

The following branches will NOT be impacted:

  • development/1.0
  • development/1.1
  • development/1.2
  • development/1.3
  • development/2.0
  • development/2.1
  • development/2.2
  • development/2.3
  • development/2.4

There is no action required on your side. You will be notified here once
the changeset has been merged. In the unlikely event that the changeset
fails permanently on the queue, a member of the admin team will
contact you to help resolve the matter.

IMPORTANT

Please do not attempt to modify this pull request.

  • Any commit you add on the source branch will trigger a new cycle after the
    current queue is merged.
  • Any commit you add on one of the integration branches will be lost.

If you need this pull request to be removed from the queue, please contact a
member of the admin team now.

The following options are set: approve

@bert-e
Copy link
Contributor

bert-e commented Aug 17, 2020

I have successfully merged the changeset of this pull request
into targetted development branches:

  • ✔️ development/2.5

  • ✔️ development/2.6

The following branches have NOT changed:

  • development/1.0
  • development/1.1
  • development/1.2
  • development/1.3
  • development/2.0
  • development/2.1
  • development/2.2
  • development/2.3
  • development/2.4

Please check the status of the associated issue None.

Goodbye ebaneck.

@bert-e bert-e merged commit 787d692 into development/2.5 Aug 17, 2020
@bert-e bert-e deleted the bugfix/2653-map-Dex-static-admin-user-as-Grafana-admin-automatically branch August 17, 2020 17:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TeddyAndrieux TeddyAndrieux TeddyAndrieux approved these changes

@alexandre-allard alexandre-allard Awaiting requested review from alexandre-allard

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Ebaneck @bert-e @TeddyAndrieux @alexandre-allard