Menu
I have CF UAA and try to use it with Grafana 4.0.2 through generic_oauth. I was able to configure login etc. and it works fine. What I'm missing is how to differentiate admin user between others. Also, I would like to differentiate users into separate organizations in Grafana.
Is it doable? If so, how? I was looking at https://docs.cloudfoundry.org/api/uaa/#user-info /userinfo endpoint (it is used in my Grafana generic_oauth setup) and it looks like it doesn't have enough information. Maybe this can be done somehow through scopes?
483
Orgs is the short version of the organization by default. There is one org which is called the “main org” and you cannot delete, and you cannot change it. Step2: click on NEW Org button to create organization.
The generic oauth plugin doesn't provide a way to automatically add the user to a particular org or to designate their level of access.
Once the user has successfully authenticated to Grafana you can edit their user account and set their permission level etc.
It would be possible to extend the BasicUserInfo struct returned by the oauth modules to be able to hold a list of orgs the user should be a member of, and to update login_oauth.go to manage the user's org memberships if that element was returned by the oauth plugin. At that point it looks like the simplest approach would be to create an oauth_cloudfoundry plugin that could use the cloudfoundry group memberships to map to grafana org memberships.
62
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
