Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable GitHub Auth for Grafana #698

Open
salvis2 opened this issue Aug 26, 2020 · 6 comments
Open

Enable GitHub Auth for Grafana #698

salvis2 opened this issue Aug 26, 2020 · 6 comments

Comments

@salvis2
Copy link
Member

salvis2 commented Aug 26, 2020

Should we enable GitHub auth for Grafana on any hub that will use it?

It could be separate for each hub but could easily live in pangeo-deploy/values.yaml and be consistent for all hubs where monitoring is enabled. I could make anyone in the pangeo-data organization an Editor in Grafana, since you can anonymously get in as a Viewer (at least by default on the GCP hub).

@TomAugspurger
Copy link
Member

Just to clarify, GitHub auth would just be needed for updating the charts? We'd still allow anonymous viewing?

@salvis2
Copy link
Member Author

salvis2 commented Aug 26, 2020

Just to clarify, GitHub auth would just be needed for updating the charts? We'd still allow anonymous viewing?

Do you mean the Helm charts for Grafana? Or the charts in Grafana ie any of the visualizations? No for the former, yes for the latter. We could also use GitHub auth for general login and remove anonymous viewing.

@TomAugspurger
Copy link
Member

Yes, I meant grafana visualizations. Too many "charts" :)

@salvis2
Copy link
Member Author

salvis2 commented Aug 26, 2020

So you could automatically give access to edit Grafana charts via GitHub login. You could also have GitHub login for the basic access, disable anonymous access, and manually elevate people to Editors (I don't think that persists through new helm installs though). I think the nicest thing about allowing people in pangeo-data to edit Grafana charts is that they can test things before submitting PRs to the config so that things persist between helm installs. And just the ability to try it out.

@TomAugspurger
Copy link
Member

TomAugspurger commented Aug 26, 2020 via email

@salvis2
Copy link
Member Author

salvis2 commented Aug 26, 2020

The one thing I need for that which I can't get right now is a GitHub OAuth app, which should require "Owner" status in pangeo-data. I'd either need to get elevated their or have someone else set up the app and contribute it to #679.

Alternatively, Grafana does support Auth0: https://grafana.com/docs/grafana/latest/auth/generic-oauth/#set-up-oauth2-with-auth0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants