Lovelace iframe or curl access to Grafana doesn't work reliably

[rccoleman]

Problem/Motivation

I'm breaking out one of the issues discussed in #55 and here so that it doesn't get buried.

I would like to display a Grafana graph in Lovelace either by grabbing a rendered image periodically with curl or embedding the Grafana link in a Lovelace iframe. I can open the Grafana "share" link in a Lovelace iframe or a separate tab in the browser where I've opened Grafana through the sidebar, but attempting to open that same URL anywhere else, another browser or via curl, results in a 401: Unauthorized error in the browser and WARNING (MainThread) [hassio.api.ingress] No valid ingress session None in the system log.

Expected behavior

I should be able to view or download a rendered graph image from anywhere where I can access my HA instance.

Actual behavior

I get a 401: Unauthorized reponse and WARNING (MainThread) [hassio.api.ingress] No valid ingress session None in the system log.

Steps to reproduce

I've created an API key in Grafana and added it in an authentication header like this:

curl -H "Authorization: Bearer " "http://192.168.1.159:8123/api/nxFDlLCmLm3kWapLd8bHEPR4Y_s6_2Z3LugpaYyTqkQ/render/d-solo/bWkFVQ0Wz/energy-usage?orgId=1&from=1573337107888&to=1573340707888&panelId=2&width=1000&height=500&tz=America%2FLos_Angeles"

I've also tried using the same command with my Home Assistant LLAT that works with other HA APIs, and with basic auth in the URL using a user/password that I created in Grafana.

If I open the URL from a browser where I've already opened the Grafana web UI from the addon page or sidebar, it works fine. It fails everywhere else.

Proposed changes

(If you have a proposed change, workaround or fix, describe the rationale behind it)

[addons-assistant[bot]]

:wave: Thanks for opening your first issue here! If you're reporting a :bug: bug, please make sure you include steps to reproduce it. Also, logs, error messages and information about your hardware might be usefull.

[dsasov88]

same for me

[tibzz42]

Same here :(

[didi767]

SAME HERE :( Tried to solve this issue for 6 hours yesterday, always the same result. the png file is empty and trying to access the url outside my local network gives 401 authorization error.

[lejban]

I have the same problem: 401: Unauthorized

[f00dagi]

Same problem for me.

[SweVictor]

Same here (works after accessing the full Grafana UI). I actually would prefer improvements suggested in various Grafana forums such as http://api_key:[key]@host:port/...., but anonymous access (read-only) is absolutely good enough and something that would make the Grafana add-on really helpful. Without access for other people in the household I suppose I would have to go back to "simpler" visualization tools. Seems I can't really solve this on my own.

/Victor

[PDXPill]

Same for me :(

[sinclairpaul]

Direct access is now available again in the latest release, closing.

[rccoleman]

While it's great that direct access has been enabled (thanks!), it doesn't directly address this issue. Other than via direct access, which isn't desirable if remote access is handled via Nabu Casa, I'm still unable to "tunnel" Grafana requests through Ingress in order to add a graph to lovelace. Somehow I think we need to be able to use an iframe URL that gets both through Nabu Casa Ingress and Grafana.

[sinclairpaul]

An Iframe is client driven though, what you are requesting is some form of generic authentication proxy for ingress. This would be outside the scope of the addon itself, and would need to be raised at the Hassio repo (if it would be possible).

[rccoleman]

I assumed that a LLAT would serve that purpose, as it does for normal API access, but I agree that that's the first step.

[rdariolemes]

@sinclairpaul Still doesn't work. U have to login into graffana first to be able to see the links on the iFrame. Also curl still gets Unauthorized.

[addons-assistant[bot]]

This thread has been automatically locked because it has not had recent activity. Please open a new issue for related bugs and link to relevant comments in this thread.