fix

2024-01-24 16:24:54 +01:00
parent c490eac799
commit a06c8a4608
3 changed files with 32 additions and 24 deletions
--- a/monitor/grafana/config.tf
+++ b/monitor/grafana/config.tf
@@ -20,19 +20,26 @@ provisioning = /etc/grafana/provisioning
 [server]
 domain = ''
 root_url = 'https://${local.dns-name}/'
+[users]
+auto_assign_org = true
+auto_assign_org_id = 0
 [auth]
 oauth_allow_insecure_email_lookup = true
+signout_redirect_url = '${module.oauth2.sso_signout_url}'
 [auth.anonymous]
 enabled = true
 org_name = Main Org.
 org_role = Viewer
 [auth.generic_oauth]
 enabled = true
-scopes = openid email nickname
+name = vynil
+scopes = openid profile email
 client_id = '${module.oauth2.client_id}'
 client_secret = '${module.oauth2.client_secret}'
-auth_url = '${module.oauth2.sso_authorize}'
-api_url	= '${module.oauth2.sso_userinfo}'
+auth_url = '${module.oauth2.sso_authorize_url}'
+api_url	= '${module.oauth2.sso_userinfo_url}'
+token_url = '${module.oauth2.sso_token_url}'
+role_attribute_path = contains(groups, '${module.application.main_group}-admin') && 'Admin' || contains(groups, '${module.application.main_group}') && 'Editor' || 'Viewer'
  EOF
  }
 }
--- a/monitor/grafana/index.yaml
+++ b/monitor/grafana/index.yaml
@@ -6,16 +6,21 @@ metadata:
  name: grafana
  description: null
 options:
-  sub-domain:
-    default: grafana
-    examples:
-    - grafana
-    type: string
  ingress-class:
    default: traefik
    examples:
    - traefik
    type: string
+  app-group:
+    default: monitor
+    examples:
+    - monitor
+    type: string
+  sub-domain:
+    default: grafana
+    examples:
+    - grafana
+    type: string
  images:
    default:
      busybox:
@@ -118,10 +123,15 @@ options:
    examples:
    - grafana_admin
    type: string
-  domain-name:
-    default: your_company.com
+  domain:
+    default: your-company
    examples:
-    - your_company.com
+    - your-company
+    type: string
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
    type: string
  volume:
    default:
@@ -142,20 +152,10 @@ options:
        default: 10Gi
        type: string
    type: object
-  issuer:
-    default: letsencrypt-prod
+  domain-name:
+    default: your_company.com
    examples:
-    - letsencrypt-prod
-    type: string
-  domain:
-    default: your-company
-    examples:
-    - your-company
-    type: string
-  app-group:
-    default: monitor
-    examples:
-    - monitor
+    - your_company.com
    type: string
 dependencies: []
 providers:
--- a/monitor/grafana/presentation.tf
+++ b/monitor/grafana/presentation.tf
@@ -38,6 +38,7 @@ module "ingress" {
  app_group         = var.app-group
  dns_name          = local.dns-name
  icon              = local.icon
+  sub_groups        = ["admin"]
  protocol_provider = module.oauth2.provider-id
  providers = {
    authentik = authentik