search

grafana / grafana-operator

An operator for Grafana that installs and manages Grafana instances, Dashboards and Datasources through Kubernetes/OpenShift CRs
https://grafana.github.io/grafana-operator/
Apache License 2.0
909 stars 397 forks source link

Management of Teams within Grafana "Main Org" Only #1297

Open xorima opened 1 year ago

xorima commented 1 year ago

Is your feature request related to a problem? Please describe. I need to be able to permission folders based on teams within Grafana. Today this operator solves the folder permissions but not the creation of teams.

This was previously discussed on #549 but I am looking for a refined scope of just Teams within the default org.

Describe the solution you'd like To be able to list the team I want and the usernames of the people within the team, optionally with a URL for team members with a well known format to have this handled by a dynamic external datasource if possible. (If not the consumer could write their own system to update the resources with the list of people/teams)

Additionally after this we should either be able to look up a team and get it's id via kubernetes resources, or where a team can be used today by id we should also accept a teamName, even if not fully in line with the grafana api, so that names and not ids that users do not have full control of can be used.

Describe alternatives you've considered The only other way I can see to handle this is either the terraform module, or a custom application & helm deployment, neither of which are great.

Existing solutions https://registry.terraform.io/providers/grafana/grafana/latest/docs/data-sources/team

notes

If this is accepted I am happy to contribute towards this but likely will need assistance as I have not worked in the operator space before

NissesSenap commented 11 months ago

@xorima i have spent lots and lots of time in this area. Yes the initial plan was org level support as well, but even managing teams, sa and users is a pain with CRDs. This is mostly due to how the grafana API is not built for CRDs (nothing strange with this).

I wrote a design PR on how this could look like and the more I learned about the API the less I thought it was double, in a easy to use CRD. https://github.com/grafana-operator/grafana-operator/pull/615 please take a look at the Ideas I had back then.

For this feature to ever be implemented, you or someone else from the community will need to be the driver and a new design proposal on how the CRD should look like needs to be created.

After that, the implementation should be relatively easy to fix.

xorima commented 11 months ago

@NissesSenap thank you will write up a full proposal.

I think this time it might be a little simpler as it's just creation of teams (which flows into folder permissions)

It might be worth leaving the population of the teams to another future issue as that is where a lot of complexity lives and honestly people will have different solutions there depending on their environment etc.

github-actions[bot] commented 10 months ago

This issue hasn't been updated for a while, marking as stale, please respond within the next 7 days to remove this label

xorima commented 10 months ago

Still creating a design for this will try to have it by early Jan

github-actions[bot] commented 9 months ago

This issue hasn't been updated for a while, marking as stale, please respond within the next 7 days to remove this label

xorima commented 9 months ago

Keeping open. The plan is still to do this.