-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable GitHub auth for m2lines grafana #1830
Conversation
root_url: https://grafana.m2lines.2i2c.cloud | ||
auth.github: | ||
enabled: true | ||
allow_sign_up: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The docs said to set this to false
but I noticed it was set to true
for the leap
hub. Also, if we use false
we would probably need to ask the comm. rep. to set up something like a GitHub team so that not just anyone can sign in and view the boards. This would add back-and-forth to the setup though, unless we do this explicitly as a part of #1806
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tbf, this would ultimately be fixed if we instead authenticate against JupyterHub and allow hub admins to see the dashboards... Which could be a part of #535? I'm not sure...
@sgibson91 does this allow anyone to sign up? |
@yuvipanda ok, I'm not sure. I believe so. This is the same config as is on the leap hubs and Ryan confirmed access there, but he is also a member of the 2i2c org, right? We might need someone not a member to test... |
@yuvipanda The alternative is to create a team in the m2lines org and add the people who want to access these boards and then add that team to this config. |
@sgibson91 What we can do is:
How does that sound? |
@yuvipanda So I changed Clicking on "New User" above takes me to the below screen |
A few thoughts from me: 1.
|
But if "successfully authenticated via GitHub" means "anyone with a GitHub account", then I don't think it's ok to set this to true. I think we need to figure out if Ryan successfully got access to LEAP's grafana because he is a member of the 2i2c GitHub org, and therefore this config wouldn't work for other community reps that aren't also 2i2c members (we would need them to setup a specific team). Maybe the UW Hackweeks hub will be a good testbed for this? |
@sgibson91, I just tested this using a test GitHub user and also checked the grafana pod logs. We should be safe, and only have 2i2c org be allowed |
|
I'm going to deploy/merge this one as-is for now so we can at least respond on the support ticket, and have opened this issue for more discussion: |
🎉🎉🎉🎉 Monitor the deployment of the hubs here 👉 https://github.com/2i2c-org/infrastructure/actions/runs/3376833996 |
fixes #1803
This is deployed and works!