From 0c03a87af9931fdc03600150712a6f947df33631 Mon Sep 17 00:00:00 2001 From: Chris Lovering Date: Wed, 6 Dec 2023 09:59:30 +0000 Subject: [PATCH] Add grafana role attribute path setting This maps github teams to roles on grafana, now that manually updating roles for users from external auth providers isn't possible --- kubernetes/namespaces/default/grafana/configmap.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kubernetes/namespaces/default/grafana/configmap.yaml b/kubernetes/namespaces/default/grafana/configmap.yaml index 87eeba95..0e719c81 100644 --- a/kubernetes/namespaces/default/grafana/configmap.yaml +++ b/kubernetes/namespaces/default/grafana/configmap.yaml @@ -13,7 +13,8 @@ data: GF_AUTH_GITHUB_ENABLED: "true" GF_AUTH_GITHUB_SCOPES: "user:email,read:org" # IDs can be retrieved via `gh api orgs/python-discord/teams`. - GF_AUTH_GITHUB_TEAM_IDS: "2638565,3854739,3114246" + GF_AUTH_GITHUB_TEAM_IDS: "2638565,3854739,3114246,7361120,9120709" + GF_AUTH_GITHUB_ROLE_ATTRIBUTE_PATH: "contains(groups[*], ['@python-discord/directors', '@python-discord/sudo-devops']) && 'Admin' || contains(groups[*], '@python-discord/admins') && 'Editor' || 'Viewer'" GF_AUTH_GITHUB_AUTH_URL: "https://github.com/login/oauth/authorize" GF_AUTH_GITHUB_TOKEN_URL: "https://github.com/login/oauth/access_token" GF_AUTH_GITHUB_API_URL: "https://api.github.com/user"