TomAugspurger
commented
4 years ago Just to clarify, GitHub auth would just be needed for updating the charts? We'd still allow anonymous viewing?
Open salvis2 opened 4 years ago
TomAugspurger
commented
4 years ago Just to clarify, GitHub auth would just be needed for updating the charts? We'd still allow anonymous viewing?
salvis2
commented
4 years ago Just to clarify, GitHub auth would just be needed for updating the charts? We'd still allow anonymous viewing?
Do you mean the Helm charts for Grafana? Or the charts in Grafana ie any of the visualizations? No for the former, yes for the latter. We could also use GitHub auth for general login and remove anonymous viewing.
TomAugspurger
commented
4 years ago Yes, I meant grafana visualizations. Too many "charts" :)
salvis2
commented
4 years ago So you could automatically give access to edit Grafana charts via GitHub login. You could also have GitHub login for the basic access, disable anonymous access, and manually elevate people to Editors (I don't think that persists through new helm installs though). I think the nicest thing about allowing people in pangeo-data to edit Grafana charts is that they can test things before submitting PRs to the config so that things persist between helm installs. And just the ability to try it out.
TomAugspurger
commented
4 years ago Yep that all sounds good to me.
On Wed, Aug 26, 2020 at 4:23 PM Sebastian Alvis notifications@github.com wrote:
So you could automatically give access to edit Grafana charts via GitHub login. You could also have GitHub login for the basic access, disable anonymous access, and manually elevate people to Editors (I don't think that persists through new helm installs though). I think the nicest thing about allowing people in pangeo-data to edit Grafana charts is that they can test things before submitting PRs to the config so that things persist between helm installs. And just the ability to try it out.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/pangeo-data/pangeo-cloud-federation/issues/698#issuecomment-681131628, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKAOIQAMQJDVJRYBJMB243SCV4OHANCNFSM4QMHVSFQ .
salvis2
commented
4 years ago The one thing I need for that which I can't get right now is a GitHub OAuth app, which should require "Owner" status in pangeo-data. I'd either need to get elevated their or have someone else set up the app and contribute it to https://github.com/pangeo-data/pangeo-cloud-federation/pull/679.
Alternatively, Grafana does support Auth0: https://grafana.com/docs/grafana/latest/auth/generic-oauth/#set-up-oauth2-with-auth0
Should we enable GitHub auth for Grafana on any hub that will use it?
It could be separate for each hub but could easily live in
pangeo-deploy/values.yamland be consistent for all hubs where monitoring is enabled. I could make anyone in thepangeo-dataorganization an Editor in Grafana, since you can anonymously get in as a Viewer (at least by default on the GCP hub).