Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: disable accessControlOnCall for Grafana 11.3 #5245

Merged
merged 4 commits into from
Nov 12, 2024
Merged

fix: disable accessControlOnCall for Grafana 11.3 #5245

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0b36567
disable accessControlOnCall
brojd Nov 8, 2024
2eec55a
run e2e on PRs against latest Grafana
brojd Nov 8, 2024
7f64dd4
update helm values
brojd Nov 12, 2024
4a4fe91
Merge branch 'dev' into brojd/adjust-to-Grafana-11.3
brojd Nov 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/linting-and-tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,7 @@ jobs:
grafana_version:
- 10.3.0
- 11.2.0
- latest
fail-fast: false
with:
grafana_version: ${{ matrix.grafana_version }}
Expand Down
24 changes: 22 additions & 2 deletions Tiltfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,12 +32,23 @@ def plugin_json():
return plugin_file
return 'NOT_A_PLUGIN'

def extra_grafana_ini():
return {
'feature_toggles': {
'accessControlOnCall': 'false'
}
}

def extra_env():
return {
"GF_APP_URL": grafana_url,
"GF_SERVER_ROOT_URL": grafana_url,
"GF_FEATURE_TOGGLES_ENABLE": "externalServiceAccounts",
"ONCALL_API_URL": "http://oncall-dev-engine:8080"
"ONCALL_API_URL": "http://oncall-dev-engine:8080",

# Enables managed service accounts for plugin authentication in Grafana >= 11.3
# https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#managed_service_accounts_enabled
"GF_AUTH_MANAGED_SERVICE_ACCOUNTS_ENABLED": "true",
}

def extra_deps():
Expand Down Expand Up @@ -132,7 +143,16 @@ def load_grafana():
"GF_APP_URL": grafana_url, # older versions of grafana need this
"GF_SERVER_ROOT_URL": grafana_url,
"GF_FEATURE_TOGGLES_ENABLE": "externalServiceAccounts",
"ONCALL_API_URL": "http://oncall-dev-engine:8080"
"ONCALL_API_URL": "http://oncall-dev-engine:8080",

# Enables managed service accounts for plugin authentication in Grafana >= 11.3
# https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#managed_service_accounts_enabled
"GF_AUTH_MANAGED_SERVICE_ACCOUNTS_ENABLED": "true",
},
extra_grafana_ini={
"feature_toggles": {
"accessControlOnCall": "false"
}
},
)
# --- GRAFANA END ----
Expand Down
3 changes: 3 additions & 0 deletions dev/helm-local.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,8 @@ externalGrafana:
grafana:
enabled: false
grafana.ini:
feature_toggles:
accessControlOnCall: false
server:
domain: localhost:3000
root_url: "%(protocol)s://%(domain)s"
Expand All @@ -71,6 +73,7 @@ grafana:
value: oncallpassword
env:
GF_FEATURE_TOGGLES_ENABLE: externalServiceAccounts
GF_AUTH_MANAGED_SERVICE_ACCOUNTS_ENABLED: true
GF_SECURITY_ADMIN_PASSWORD: oncall
GF_SECURITY_ADMIN_USER: oncall
GF_PLUGINS_ALLOW_LOADING_UNSIGNED_PLUGINS: grafana-oncall-app
Expand Down
3 changes: 3 additions & 0 deletions helm/oncall/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -639,6 +639,9 @@ grafana:
serve_from_sub_path: true
feature_toggles:
enable: externalServiceAccounts
accessControlOnCall: false
env:
GF_AUTH_MANAGED_SERVICE_ACCOUNTS_ENABLED: true
persistence:
enabled: true
# Disable psp as PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
Expand Down
Loading