grafana-datasource-oauth-proxy

This project aims to restrict access to grafana datasource for users with "Viewer" role.

Use case: you have a critical datasource (f.e. logs) in same grafana organisation with common datasources (prometheus, graphite, etc..). You would like to allow sharing dashboards to unprivileged or even anonymous users, but prevent critical data leaking

Alternative: Data source permissions available in Grafana Enterprise and Grafana Cloud.

Requirements:

Grafana OSS server
Google OAuth2 Provider configured
Grafana Server Administrator credentials
"Forward OAuth Identity" enabled in datasource settings (.jsonData.oauthPassThru == true)

Environment variables:

GRAFANA_BASE_URL - grafana oss server base url (like https://grafana.example.com or https://infra.example.com/grafana)
GRAFANA_AUTH - server administrator basic auth string in format Basic $(base64($user:$password)
PROXY_ORIGIN_SERVER - grafana datasource url (like http://127.0.0.1:7682, http://loki.logging.svc.cluster.local, https://ds.example.com or any other http(s) resource)

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
.github/workflows		.github/workflows
.gitignore		.gitignore
Dockerfile		Dockerfile
LICENSE		LICENSE
README.md		README.md
go.mod		go.mod
go.sum		go.sum
google-jwt.go		google-jwt.go
grafana.go		grafana.go
main.go		main.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

grafana-datasource-oauth-proxy

About

Releases

Packages

Languages

License

p2p-org/grafana-datasource-oauth-proxy

Folders and files

Latest commit

History

Repository files navigation

grafana-datasource-oauth-proxy

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages