aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/namespaces
diff options
context:
space:
mode:
authorGravatar Chris Lovering <[email protected]>2023-12-06 11:34:54 +0000
committerGravatar Chris Lovering <[email protected]>2023-12-06 11:34:55 +0000
commit0b2ab88e80d4a3525c8ecc27e40b849c9e06221a (patch)
tree7f512f241752918dfabab4f5c92a1b7c0bef45c6 /kubernetes/namespaces
parentUpdate grafana admin password (diff)
Add grafana role attribute path setting
This maps github teams to roles on grafana, now that manually updating roles for users from external auth providers isn't possible
Diffstat (limited to 'kubernetes/namespaces')
-rw-r--r--kubernetes/namespaces/default/grafana/configmap.yaml3
1 files changed, 2 insertions, 1 deletions
diff --git a/kubernetes/namespaces/default/grafana/configmap.yaml b/kubernetes/namespaces/default/grafana/configmap.yaml
index 87eeba9..0e719c8 100644
--- a/kubernetes/namespaces/default/grafana/configmap.yaml
+++ b/kubernetes/namespaces/default/grafana/configmap.yaml
@@ -13,7 +13,8 @@ data:
GF_AUTH_GITHUB_ENABLED: "true"
GF_AUTH_GITHUB_SCOPES: "user:email,read:org"
# IDs can be retrieved via `gh api orgs/python-discord/teams`.
- GF_AUTH_GITHUB_TEAM_IDS: "2638565,3854739,3114246"
+ GF_AUTH_GITHUB_TEAM_IDS: "2638565,3854739,3114246,7361120,9120709"
+ GF_AUTH_GITHUB_ROLE_ATTRIBUTE_PATH: "contains(groups[*], ['@python-discord/directors', '@python-discord/sudo-devops']) && 'Admin' || contains(groups[*], '@python-discord/admins') && 'Editor' || 'Viewer'"
GF_AUTH_GITHUB_AUTH_URL: "https://github.com/login/oauth/authorize"
GF_AUTH_GITHUB_TOKEN_URL: "https://github.com/login/oauth/access_token"
GF_AUTH_GITHUB_API_URL: "https://api.github.com/user"
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-20 22:15:54 +0000