-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathdemoConfig.yaml
57 lines (52 loc) · 2.76 KB
/
demoConfig.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#
# This is an example config
#
grafana:
url: https://grafana.prd.EXAMPLE-EXAMPLE-EXAMPLE.com/ # where to reach grafana at
user: grafana-admin # name of the grafana user (must be an admin obviously)
# password for the grafana account is read from the 'GRAFANA_PASS' environment variable
google:
credentialsPath: ./google_admin_service_creds.json # service account
adminEmail: [email protected] # name of the admin account to use (needed to access the google admin API)
domain: EXAMPLE-EXAMPLE-EXAMPLE.com # domain for the google service
# You can blacklist some google groups. The tool will not try to resolve matching groups.
# This is useful if you have some groups in your organization that are managed externally.
# You can specify exact matches (just plain strings), or regex patterns (must be enclosed in // to mark them as regex!)
groupBlacklist: ["/.*@some-external-group\\.com/"]
settings:
# how often to fetch all groups from google
# you most likely want to keep this value as you'd hit the rate limit otherwise
groupsFetchInterval: 30m
# applyInterval means how often to apply the latest information to grafana.
# you most likely want to keep doing this very often, because checking the current roles of all
# grafana users is essentially free, and changes (updating users) are only made when needed.
# this ensures that a new user will get their permissions very quickly
# (assuming their account was already listed in the latest updated we fetched from googleGroups)
applyInterval: 20s
# if true, the syncer can
# (1) demote a user (change their role to one with less permissions e.g. from Admin to Viewer)
# (2) remove users from an organization entirely
canDemote: false
yamlVars: # yamlVars is not an actual setting, I just use it to group my yaml anchors (aka variables)
var1: &MyOrgs ["Main Grafana Org", "Testing"]
rules: [
# {
# groups: [ ], # List of Google Groups (specified by Email-Address)
# users: [ ], # List of users (specified by Email-Address)
# orgs: [ ], # List of Grafana organizations the role gets applied in
# role: Viewer, # The grafana role that gets applied; can be: Viewer, Editor, or Admin
# },
{
# Everyone in the technology group should be able to view the two grafana organizations
note: "some optional note entry that will be displayed as the 'reason' for a change",
groups: [[email protected]],
orgs: ["Main Grafana Org", "Testing", *MyOrgs], # This is valid because nested arrays will automatically be flattened (and duplicates removed)!
role: Viewer,
},
{
# Also assign the Admin role to certain users
users: [[email protected]],
orgs: ["Main Grafana Org", "Testing"],
role: Admin,
},
]