mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(whitby): Point grafana at new auth provider

Browse source 
Grafana was still pointing at the (now non-existent) CAS setup. This
changes the endpoints to use Keycloak instead and updates the client
secret.

Change-Id: Ib25d38330aba2ef6d894e8c33d86852c884ab5be
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4706
Tested-by: BuildkiteCI
Autosubmit: tazjin <mail@tazj.in>
Reviewed-by: grfn <grfn@gws.fyi>
This commit is contained in:
Vincent Ambo 2021-12-27 16:56:54 +03:00 committed by clbot
parent 7154507e78
commit 906d6553c6
2 changed files with 18 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
ops/machines/whitby/default.nix
View file

@ -500,15 +500,15 @@ in {
auth = { auth = {
generic_oauth = { generic_oauth = {
enabled = true; enabled = true;
client_id = "OAUTH-TVL-grafana-f1A1EmHLDT"; client_id = "grafana";
scopes = "openid profile email"; scopes = "openid profile email";
name = "TVL"; name = "TVL";
email_attribute_path = "mail"; email_attribute_path = "mail";
login_attribute_path = "sub"; login_attribute_path = "sub";
name_attribute_path = "displayName"; name_attribute_path = "displayName";
auth_url = "https://login.tvl.fyi/oidc/authorize"; auth_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/auth";
token_url = "https://login.tvl.fyi/oidc/accessToken"; token_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/token";
api_url = "https://login.tvl.fyi/oidc/profile"; api_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/userinfo";
# Give lukegb, grfn, tazjin "Admin" rights. # Give lukegb, grfn, tazjin "Admin" rights.
role_attribute_path = "((sub == 'lukegb' || sub == 'grfn' || sub == 'tazjin') && 'Admin') || 'Editor'"; role_attribute_path = "((sub == 'lukegb' || sub == 'grfn' || sub == 'tazjin') && 'Admin') || 'Editor'";
@ -516,11 +516,13 @@ in {
# Allow creating new Grafana accounts from OAuth accounts. # Allow creating new Grafana accounts from OAuth accounts.
allow_sign_up = true; allow_sign_up = true;
}; };
anonymous = { anonymous = {
enabled = true; enabled = true;
org_name = "The Virus Lounge"; org_name = "The Virus Lounge";
org_role = "Viewer"; org_role = "Viewer";
}; };
basic.enabled = false; basic.enabled = false;
oauth_auto_login = true; oauth_auto_login = true;
disable_login_form = true; disable_login_form = true;

26
ops/secrets/grafana.age
View file

@ -1,15 +1,13 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 dcsaLw TjDj+2FT4468X7jin78UPetVsZRmDtwU7HfwAk79Omc -> ssh-ed25519 dcsaLw CrJGrkztUpn+XkED1hn4Clr/oBNrer9J+/fdqDhgx18
WLxXI+jaYFuvynK06GaHFs7D3XeYzSjHl6mteiks3uc VWENh02k4HTkhDS2F219vrCUVuxXFOCPsCW+8eeZHs4
-> ssh-ed25519 CpJBgQ Z3y+8U5H0ZTQdIaBgOtLGFst925kTspwJ1z+W/op8wo -> ssh-ed25519 CpJBgQ 8Lm14o93CEh/aerPtMiStKYtqF/HdgJD05uRRegLgUs
jHuIydmqN1ypCsyPZVbJYuuW6aJiTOe3SoSD7Ju2tMY b0H5XBOe4nepmGzl646Ar0XAazzHAJeTLCCGUVaZyW0
-> ssh-ed25519 aXKGcg KttaHGM/1zYMFCfdYFKmWyUpco0mPmKxeX2LpUndm0c -> ssh-ed25519 aXKGcg SKWLHNM0WeFJoGlOPbI6v7CebdSK3qAmQ6kMW5YbIz4
vLULuYNRGDdvuWf1M9o+Vq9cnk3G/DzYVAcxdZfvcvg kQD7Oh9mQeCXyXzOc1kVI8ShE0J89TzuZBOboaQn7sE
-> ssh-ed25519 OkGqLg Obwnq0537RDZHFT7I+vucuYFk/fKTZYUzccSM/HfNnY -> ssh-ed25519 OkGqLg ablfqKN1GYY3GWGCHGtciRFJwO4e0kbcS75Kaj+elUA
tSqtWbgt/PebTDK9Od0EWj4mf3gXomtONcj0XBFYQDs PQPeRVzV/Yi0lxI7U+lNbCpeatymazj7GjQLhmL4YI8
-> [eCG-grease CV -> gse~-grease
j5A3qikgyfxFMAcqeheGI8CMNDfhBh399JddXXvziPYB7QBkbeznUdMCX+2wOg/U I9X7cHnmfbsnu/4AeVVtTRlbguJDylrAlCOqTOt11Gtg/Ft2fnZZTOmsKo8
U2rBgA1G84Rlr+2BJXlQ6iLL9xs7/us9vANaiTPiB0Ir4u377HBuCWoDLg --- 3xk3ls7SR7s394FtfqLwxgUDjTPMjnhLz79ClvIm4pE
--- ucJ+JohxZBSFnDzNw/pFvlYOZIFWvBxrn+CP9bcEsD0 ¼yFôz¼¸ÄHñØ©ÙÁ·ã*M¾È\«26I`ko΃¸&baÒW<C392>ŸvM™£Ý.´®ÕÝjãþ£ÁFÈ;ZíÅNÖÿ*ëP² •_JŠóc…_ü‰(ÝSªjæd¹ï8Fá
rB]Ü0U©¤jfuabd¨6
pWyëHÌ\°§Ö¯8·rC¼zßuß_䌡èºclw­,ŒÈ"áeù¤wSµvh˜%8§þÆà°×eê{ˆ7dC'ª¹€_n