authentik group mapping

2026-03-29 17:10:26 +00:00
parent d864a6c2ec
commit 25930cba97
1 changed files with 2 additions and 5 deletions
--- a/grafana/grafana.yaml
+++ b/grafana/grafana.yaml
@@ -1,5 +1,3 @@
-
---
 apiVersion: grafana.integreatly.org/v1beta1
 kind: Grafana
 metadata:
@@ -8,8 +6,6 @@ metadata:
  labels:
    dashboards: "grafana"
 spec:
-  #disableDefaultAdminSecret: true
-
  config:
    log:
      mode: "console"
@@ -24,13 +20,14 @@ spec:
      allow_sign_up: "true"
      client_id: "${AUTH_CLIENT_ID}"
      client_secret: "${AUTH_CLIENT_SECRET}"
-      scopes: "openid profile email"
+      scopes: "openid profile email groups"
      auth_url: "https://auth.apps.undercloud.dev/application/o/authorize/"
      token_url: "https://auth.apps.undercloud.dev/application/o/token/"
      api_url: "https://auth.apps.undercloud.dev/application/o/userinfo/"
      email_attribute_path: "email"
      login_attribute_path: "preferred_username"
      name_attribute_path: "name"
+      role_attribute_path: "contains(groups[*], 'undercloud-administrators') && 'Admin' || 'Viewer'"

  persistentVolumeClaim:
    spec: