From 8972599c00fd4fa9d0d805ea86efd2ba5f907a0e Mon Sep 17 00:00:00 2001
From: Chris Lovering <chris.lovering.95@gmail.com>
Date: Tue, 5 Dec 2023 22:36:35 +0000
Subject: [PATCH] Add grafana role attribute path setting

This maps github teams to roles on grafana, now that manually updating roles for users from external auth providers isn't possible
---
 kubernetes/namespaces/default/grafana/configmap.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kubernetes/namespaces/default/grafana/configmap.yaml b/kubernetes/namespaces/default/grafana/configmap.yaml
index 87eeba95..2db75a12 100644
--- a/kubernetes/namespaces/default/grafana/configmap.yaml
+++ b/kubernetes/namespaces/default/grafana/configmap.yaml
@@ -13,7 +13,8 @@ data:
   GF_AUTH_GITHUB_ENABLED: "true"
   GF_AUTH_GITHUB_SCOPES: "user:email,read:org"
   # IDs can be retrieved via `gh api orgs/python-discord/teams`.
-  GF_AUTH_GITHUB_TEAM_IDS: "2638565,3854739,3114246"
+  GF_AUTH_GITHUB_TEAM_IDS: "2638565,3854739,3114246,7361120"
+  GF_AUTH_GITHUB_ROLE_ATTRIBUTE_PATH: "contains(groups[*], ['@python-discord/directors', '@python-discord/sudo-devops']) && 'Admin' || contains(groups[*], '@python-discord/admins') && 'Editor' || 'Viewer'"
   GF_AUTH_GITHUB_AUTH_URL: "https://github.com/login/oauth/authorize"
   GF_AUTH_GITHUB_TOKEN_URL: "https://github.com/login/oauth/access_token"
   GF_AUTH_GITHUB_API_URL: "https://api.github.com/user"