feat: add option for keycloak scopes, fix docs

rolehippie · Jul 5, 2023 · 32123f3 · 32123f3
1 parent adfcff5
commit 32123f3
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 29 deletions.
diff --git a/README.md b/README.md
@@ -49,6 +49,7 @@ Building and improving this Ansible role have been sponsored by my current and p
   - [grafana_instance](#grafana_instance)
   - [grafana_keycloak_client](#grafana_keycloak_client)
   - [grafana_keycloak_roles](#grafana_keycloak_roles)
+  - [grafana_keycloak_scopes](#grafana_keycloak_scopes)
   - [grafana_keycloak_secret](#grafana_keycloak_secret)
   - [grafana_keycloak_url](#grafana_keycloak_url)
   - [grafana_keyring](#grafana_keyring)
@@ -486,6 +487,16 @@ grafana_keycloak_client:
 grafana_keycloak_roles:
 ```
 
+### grafana_keycloak_scopes
+
+Scope used by Keycloak authentication
+
+#### Default value
+
+```YAML
+grafana_keycloak_scopes: openid profile email
+```
+
 ### grafana_keycloak_secret
 
 Client secret for Keycloak authentication
@@ -528,7 +539,7 @@ grafana_network:
 
 ### grafana_oauth2_allow_signup
 
-
+Allow signup via OAuth2 authentication
 
 #### Default value
 
@@ -538,7 +549,7 @@ grafana_oauth2_allow_signup: true
 
 ### grafana_oauth2_api_url
 
-
+API URL for OAuth2 authentication
 
 #### Default value
 
@@ -548,7 +559,7 @@ grafana_oauth2_api_url:
 
 ### grafana_oauth2_auth_url
 
-
+Auth URL for OAuth2 authentication
 
 #### Default value
 
@@ -558,7 +569,7 @@ grafana_oauth2_auth_url:
 
 ### grafana_oauth2_client
 
-
+Client for OAuth2 authentication
 
 #### Default value
 
@@ -568,7 +579,7 @@ grafana_oauth2_client:
 
 ### grafana_oauth2_email_attribute
 
-
+Email attribute for OAuth2 authentication
 
 #### Default value
 
@@ -578,7 +589,7 @@ grafana_oauth2_email_attribute: email
 
 ### grafana_oauth2_enable
 
-
+Enable generic OAuth2 authentication
 
 #### Default value
 
@@ -588,7 +599,7 @@ grafana_oauth2_enable: false
 
 ### grafana_oauth2_login_attribute
 
-
+Login attribute for OAuth2 authentication
 
 #### Default value
 
@@ -598,7 +609,7 @@ grafana_oauth2_login_attribute: preferred_username
 
 ### grafana_oauth2_name
 
-
+Name for OAuth2 authentication
 
 #### Default value
 
@@ -608,7 +619,7 @@ grafana_oauth2_name:
 
 ### grafana_oauth2_name_attribute
 
-
+Name attribute for OAuth2 authentication
 
 #### Default value
 
@@ -618,7 +629,7 @@ grafana_oauth2_name_attribute: name
 
 ### grafana_oauth2_redirect_url
 
-
+Redirect URL for OAuth2 authentication
 
 #### Default value
 
@@ -628,7 +639,7 @@ grafana_oauth2_redirect_url:
 
 ### grafana_oauth2_roles
 
-Roles mapping for Keycloak authentication
+Roles mapping for OAuth2 authentication
 
 #### Default value
 
@@ -638,7 +649,7 @@ grafana_oauth2_roles:
 
 ### grafana_oauth2_scopes
 
-
+Scopes used by OAuth2 authentication
 
 #### Default value
 
@@ -648,7 +659,7 @@ grafana_oauth2_scopes: openid profile email
 
 ### grafana_oauth2_secret
 
-
+Secret for OAuth2 authentication
 
 #### Default value
 
@@ -658,7 +669,7 @@ grafana_oauth2_secret:
 
 ### grafana_oauth2_token_url
 
-
+Token URL for OAuth2 authentication
 
 #### Default value
 

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -217,46 +217,49 @@ grafana_keycloak_secret:
 # @var grafana_admin_disable:description: Roles mapping for Keycloak authentication
 grafana_keycloak_roles:
 
-# @var grafana_oauth2_enable:description:
+# @var grafana_keycloak_scopes:description: Scope used by Keycloak authentication
+grafana_keycloak_scopes: openid profile email
+
+# @var grafana_oauth2_enable:description: Enable generic OAuth2 authentication
 grafana_oauth2_enable: False
 
-# @var grafana_oauth2_name:description:
+# @var grafana_oauth2_name:description: Name for OAuth2 authentication
 grafana_oauth2_name:
 
-# @var grafana_oauth2_allow_signup:description:
+# @var grafana_oauth2_allow_signup:description:Allow signup via OAuth2 authentication
 grafana_oauth2_allow_signup: True
 
-# @var grafana_oauth2_client:description:
+# @var grafana_oauth2_client:description: Client for OAuth2 authentication
 grafana_oauth2_client:
 
-# @var grafana_oauth2_secret:description:
+# @var grafana_oauth2_secret:description: Secret for OAuth2 authentication
 grafana_oauth2_secret:
 
-# @var grafana_oauth2_scopes:description:
+# @var grafana_oauth2_scopes:description: Scopes used by OAuth2 authentication
 grafana_oauth2_scopes: openid profile email
 
-# @var grafana_oauth2_auth_url:description:
+# @var grafana_oauth2_auth_url:description: Auth URL for OAuth2 authentication
 grafana_oauth2_auth_url:
 
-# @var grafana_oauth2_token_url:description:
+# @var grafana_oauth2_token_url:description: Token URL for OAuth2 authentication
 grafana_oauth2_token_url:
 
-# @var grafana_oauth2_api_url:description:
+# @var grafana_oauth2_api_url:description: API URL for OAuth2 authentication
 grafana_oauth2_api_url:
 
-# @var grafana_oauth2_redirect_url:description:
+# @var grafana_oauth2_redirect_url:description: Redirect URL for OAuth2 authentication
 grafana_oauth2_redirect_url:
 
-# @var grafana_oauth2_email_attribute:description:
+# @var grafana_oauth2_email_attribute:description: Email attribute for OAuth2 authentication
 grafana_oauth2_email_attribute: email
 
-# @var grafana_oauth2_login_attribute:description:
+# @var grafana_oauth2_login_attribute:description: Login attribute for OAuth2 authentication
 grafana_oauth2_login_attribute: preferred_username
 
-# @var grafana_oauth2_name_attribute:description:
+# @var grafana_oauth2_name_attribute:description: Name attribute for OAuth2 authentication
 grafana_oauth2_name_attribute: name
 
-# @var grafana_oauth2_roles:description: Roles mapping for Keycloak authentication
+# @var grafana_oauth2_roles:description: Roles mapping for OAuth2 authentication
 grafana_oauth2_roles:
 
 # @var grafana_keyring:description: Path for the repository keyring

diff --git a/templates/default.j2 b/templates/default.j2
@@ -92,7 +92,7 @@ GF_AUTH_GENERIC_OAUTH_NAME=Keycloak
 GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true
 GF_AUTH_GENERIC_OAUTH_CLIENT_ID={{ grafana_keycloak_client }}
 GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET={{ grafana_keycloak_secret }}
-GF_AUTH_GENERIC_OAUTH_SCOPES=profile
+GF_AUTH_GENERIC_OAUTH_SCOPES={{ grafana_keycloak_scopes }}
 GF_AUTH_GENERIC_OAUTH_AUTH_URL={{ grafana_keycloak_url }}/protocol/openid-connect/auth
 GF_AUTH_GENERIC_OAUTH_TOKEN_URL={{ grafana_keycloak_url }}/protocol/openid-connect/token
 GF_AUTH_GENERIC_OAUTH_API_URL={{ grafana_keycloak_url }}/protocol/openid-connect/userinfo