From 906d6553c65f5eac1f6f77f3984bfd04963cb13f Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Mon, 27 Dec 2021 16:56:54 +0300 Subject: [PATCH] fix(whitby): Point grafana at new auth provider Grafana was still pointing at the (now non-existent) CAS setup. This changes the endpoints to use Keycloak instead and updates the client secret. Change-Id: Ib25d38330aba2ef6d894e8c33d86852c884ab5be Reviewed-on: https://cl.tvl.fyi/c/depot/+/4706 Tested-by: BuildkiteCI Autosubmit: tazjin Reviewed-by: grfn --- ops/machines/whitby/default.nix | 10 ++++++---- ops/secrets/grafana.age | 26 ++++++++++++-------------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix index 727859542..e013c5619 100644 --- a/ops/machines/whitby/default.nix +++ b/ops/machines/whitby/default.nix @@ -500,15 +500,15 @@ in { auth = { generic_oauth = { enabled = true; - client_id = "OAUTH-TVL-grafana-f1A1EmHLDT"; + client_id = "grafana"; scopes = "openid profile email"; name = "TVL"; email_attribute_path = "mail"; login_attribute_path = "sub"; name_attribute_path = "displayName"; - auth_url = "https://login.tvl.fyi/oidc/authorize"; - token_url = "https://login.tvl.fyi/oidc/accessToken"; - api_url = "https://login.tvl.fyi/oidc/profile"; + auth_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/auth"; + token_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/token"; + api_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/userinfo"; # Give lukegb, grfn, tazjin "Admin" rights. role_attribute_path = "((sub == 'lukegb' || sub == 'grfn' || sub == 'tazjin') && 'Admin') || 'Editor'"; @@ -516,11 +516,13 @@ in { # Allow creating new Grafana accounts from OAuth accounts. allow_sign_up = true; }; + anonymous = { enabled = true; org_name = "The Virus Lounge"; org_role = "Viewer"; }; + basic.enabled = false; oauth_auto_login = true; disable_login_form = true; diff --git a/ops/secrets/grafana.age b/ops/secrets/grafana.age index 9c0939684..ad503dc32 100644 --- a/ops/secrets/grafana.age +++ b/ops/secrets/grafana.age @@ -1,15 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 dcsaLw TjDj+2FT4468X7jin78UPetVsZRmDtwU7HfwAk79Omc -WLxXI+jaYFuvynK06GaHFs7D3XeYzSjHl6mteiks3uc --> ssh-ed25519 CpJBgQ Z3y+8U5H0ZTQdIaBgOtLGFst925kTspwJ1z+W/op8wo -jHuIydmqN1ypCsyPZVbJYuuW6aJiTOe3SoSD7Ju2tMY --> ssh-ed25519 aXKGcg KttaHGM/1zYMFCfdYFKmWyUpco0mPmKxeX2LpUndm0c -vLULuYNRGDdvuWf1M9o+Vq9cnk3G/DzYVAcxdZfvcvg --> ssh-ed25519 OkGqLg Obwnq0537RDZHFT7I+vucuYFk/fKTZYUzccSM/HfNnY -tSqtWbgt/PebTDK9Od0EWj4mf3gXomtONcj0XBFYQDs --> [eCG-grease CV -j5A3qikgyfxFMAcqeheGI8CMNDfhBh399JddXXvziPYB7QBkbeznUdMCX+2wOg/U -U2rBgA1G84Rlr+2BJXlQ6iLL9xs7/us9vANaiTPiB0Ir4u377HBuCWoDLg ---- ucJ+JohxZBSFnDzNw/pFvlYOZIFWvBxrn+CP9bcEsD0 -rB]0Ujfuabd6 -pWyH\e֯8rCz)ӛu_䌡clw,"ewSvh%8e{7dC'_n \ No newline at end of file +-> ssh-ed25519 dcsaLw CrJGrkztUpn+XkED1hn4Clr/oBNrer9J+/fdqDhgx18 +VWENh02k4HTkhDS2F219vrCUVuxXFOCPsCW+8eeZHs4 +-> ssh-ed25519 CpJBgQ 8Lm14o93CEh/aerPtMiStKYtqF/HdgJD05uRRegLgUs +b0H5XBOe4nepmGzl646Ar0XAazzHAJeTLCCGUVaZyW0 +-> ssh-ed25519 aXKGcg SKWLHNM0WeFJoGlOPbI6v7CebdSK3qAmQ6kMW5YbIz4 +kQD7Oh9mQeCXyXzOc1kVI8ShE0J89TzuZBOboaQn7sE +-> ssh-ed25519 OkGqLg ablfqKN1GYY3GWGCHGtciRFJwO4e0kbcS75Kaj+elUA +PQPeRVzV/Yi0lxI7U+lNbCpeatymazj7GjQLhmL4YI8 +-> gse~-grease +I9X7cHnmfbsnu/4AeVVtTRlbguJDylrAlCOqTOt11Gtg/Ft2fnZZTOmsKo8 +--- 3xk3ls7SR7s394FtfqLwxgUDjTPMjnhLz79ClvIm4pE +yFzH*M\26I`ko΃&baWvM.jF;ZN*P _Jc_(Sjd8F \ No newline at end of file