Add new properties to the oauth configuration.

2023-06-20 14:43:50 +02:00 · 2023-06-20 14:43:50 +02:00 · 4dff76ea87
parent 13e4ee8540
commit 4dff76ea87
2 changed files with 28 additions and 7 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -87,6 +87,22 @@ grafana_conf:
    option: empty_scopes
    value: "{{ grafana_oauth_empty_scopes | lower }}"
    state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"
+  - section: auth.generic_oauth
+    option: email_attribute_name
+    value: "{{ grafana_oauth_email_attribute_name | lower }}"
+    state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"
+  - section: auth.generic_oauth
+    option: email_attribute_path
+    value: "{{ grafana_oauth_email_attribute_path | lower }}"
+    state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"
+  - section: auth.generic_oauth
+    option: login_attribute_path
+    value: "{{ grafana_oauth_login_attribute_path | lower }}"
+    state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"
+  - section: auth.generic_oauth
+    option: name_attribute_path
+    value: "{{ grafana_oauth_name_attribute_path | lower }}"
+    state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"
  - section: auth.generic_oauth
    option: tls_skip_verify_insecure
    value: "{{ grafana_tls_skip_verify_insecure | lower }}"
@ -244,8 +260,12 @@ grafana_oauth_auth_url: ""
 grafana_oauth_token_url: ""
 grafana_oauth_api_url: ""
 grafana_oauth_name: Oauth
-grafana_oauth_scopes: openid email profile
+grafana_oauth_scopes: openid email profile roles offline_access
 grafana_oauth_empty_scopes: false
+grafana_oauth_email_attribute_name: "email:primary"
+grafana_oauth_email_attribute_path: email
+grafana_oauth_login_attribute_path: preferred_username
+grafana_oauth_name_attribute_path: full_name
 grafana_tls_skip_verify_insecure: false
 grafana_oauth_allow_signup: false
 grafana_oauth_auto_login: false
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,5 +1,8 @@
 ---
- block:
+- name: Remove grafana
+  when: not grafana_enabled
+  tags: [grafana]
+  block:
    - name: Ensure that grafana is stopped and disabled
      service: name=grafana-server state=stopped enabled=no

@ -9,9 +12,10 @@
    - name: Install the grafana deb repository
      apt_repository: repo='{{ grafana_repo }}' state=absent update_cache=yes

-  when: not grafana_enabled
+- name: Install grafana
+  when: grafana_enabled
  tags: [grafana]
- block:
+  block:
    - name: Install the grafana repo key
      get_url:
        url: "{{ grafana_repo_key }}"
@ -79,6 +83,3 @@
      tags: [grafana, grafana_plugins]
    - name: Ensure that grafana is enabled and running
      service: name=grafana-server state=started enabled=yes
-
-  when: grafana_enabled
-  tags: [grafana]