feat: disable admin and org management

README.md

@@ -56,6 +56,8 @@ Building and improving this Ansible role have been sponsored by my current and p
   - [grafana_keycloak_secret](#grafana_keycloak_secret)
   - [grafana_keycloak_url](#grafana_keycloak_url)
   - [grafana_keyring](#grafana_keyring)
+  - [grafana_manage_admins](#grafana_manage_admins)
+  - [grafana_manage_orgs](#grafana_manage_orgs)
   - [grafana_memory_limit](#grafana_memory_limit)
   - [grafana_memory_soft_limit](#grafana_memory_soft_limit)
   - [grafana_memory_swap](#grafana_memory_swap)
@@ -578,6 +580,26 @@ Path for the repository keyring
 grafana_keyring: /usr/share/keyrings/grafana-archive-keyring.gpg
 ```
 
+### grafana_manage_admins
+
+Enable management of admins
+
+#### Default value
+
+```YAML
+grafana_manage_admins: false
+```
+
+### grafana_manage_orgs
+
+Enable management of organizations
+
+#### Default value
+
+```YAML
+grafana_manage_orgs: false
+```
+
 ### grafana_memory_limit
 
 Memory limit with Docker deployment

defaults/main.yml

@@ -190,9 +190,15 @@ grafana_db_path:
 grafana_install_plugins:
   - grafana-piechart-panel
 
+# @var grafana_manage_admins:description: Enable management of admins
+grafana_manage_admins: False
+
 # @var grafana_admins:description: List of admin users
 grafana_admins: []
 
+# @var grafana_manage_orgs:description: Enable management of organizations
+grafana_manage_orgs: False
+
 # @var grafana_organizations:description: List of organizations
 # @var grafana_organizations:example: >
 # grafana_organizations:

tasks/main.yml

@@ -206,21 +206,24 @@
     - grafana
 
 - name: Configure grafana service
-  when: not ansible_check_mode
+  when:
+    - not ansible_check_mode
   block:
     - name: Wait for start
       register: result
       until: result.status == 200
       retries: 60
       delay: 5
       uri:
-        url: "{{ 'http://localhost:3000' if grafana_installation == 'native' else 'https://'+grafana_domain }}"
+        url: "{{ 'http://localhost:3000/healthz' if grafana_installation == 'native' else 'https://'+grafana_domain+'/healthz' }}"
         status_code: 200
       tags:
         - grafana
 
     - name: Check existing users
       register: grafana_existing_users
+      when:
+        - grafana_manage_admins
       uri:
         url: "{{ 'http://localhost:3000' if grafana_installation == 'native' else 'https://'+grafana_domain }}/api/users"
         user: "{{ grafana_username }}"
@@ -233,7 +236,10 @@
 
     - name: Revoke admin access
       loop: "{{ grafana_existing_users.json | map(attribute='login') | list }}"
-      when: item != grafana_username and item not in grafana_admins
+      when:
+        - grafana_manage_admins
+        - item != grafana_username
+        - item not in grafana_admins
       uri:
         url: "{{ 'http://localhost:3000' if grafana_installation == 'native' else 'https://'+grafana_domain }}/api/admin/users/{{ grafana_existing_users.json | selectattr('login', 'equalto', item) | map(attribute='id') | first }}/permissions"
         user: "{{ grafana_username }}"
@@ -247,7 +253,9 @@
 
     - name: Promote admin access
       loop: "{{ grafana_admins }}"
-      when: ((grafana_existing_users.json | selectattr('login', 'equalto', item)) | list) | length != 0
+      when:
+        - grafana_manage_admins
+        - ((grafana_existing_users.json | selectattr('login', 'equalto', item)) | list) | length != 0
       uri:
         url: "{{ 'http://localhost:3000' if grafana_installation == 'native' else 'https://'+grafana_domain }}/api/admin/users/{{ grafana_existing_users.json | selectattr('login', 'equalto', item) | map(attribute='id') | first }}/permissions"
         user: "{{ grafana_username }}"
@@ -261,6 +269,8 @@
 
     - name: Check existing orgs
       register: grafana_existing_orgs
+      when:
+        - grafana_manage_orgs
       uri:
         url: "{{ 'http://localhost:3000' if grafana_installation == 'native' else 'https://'+grafana_domain }}/api/orgs"
         user: "{{ grafana_username }}"
@@ -273,7 +283,9 @@
 
     - name: Create additional orgs
       loop: "{{ grafana_organizations }}"
-      when: ((grafana_existing_orgs.json | selectattr('name', 'equalto', item)) | list) | length == 0
+      when:
+        - grafana_manage_orgs
+        - ((grafana_existing_orgs.json | selectattr('name', 'equalto', item)) | list) | length == 0
       uri:
         url: "{{ 'http://localhost:3000' if grafana_installation == 'native' else 'https://'+grafana_domain }}/api/orgs"
         user: "{{ grafana_username }}"