Categorygithub.com/MadEngineX/grafana-teams-sync
module
0.0.0-20240612212941-fedca606fb0c
Repository: https://github.com/madenginex/grafana-teams-sync.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
0
Dependents
0
Files
0

# README

grafana-teams-sync

Synchronize users from Keycloak Roles to Grafana Teams.

Description

grafana-teams-sync - tracks Keycloak roles based on a specified regular expression. The service collects users in roles and concurrently monitors the state of Grafana.

From Grafana, grafana-teams-sync gathers information about Users, Teams, Permissions, and Folders. Additionally, service synchronize Keycloak state to Grafana.

How synchronization works:

  1. For each Keycloak role satisfying the regex, grafana-teams-sync creates Grafana Folder.
  2. For each such role, grafana-teams-sync creates Grafana Team.
  3. Permission is granted to the Grafana Folder for the Team.
  4. Existing (*) Grafana Users are added to the Grafana Team.

(*) Due to API limitations, for an OIDC user to receive their permissions in Grafana, they need to log in and wait for the synchronization procedure.

Thanks to @rashaev for inspiration.

Docker images

Docker images are published on Dockerhub: ksxack/grafana-teams-sync

Configuration

Environment variables:

NameTypeDescription
GRAFANA_URLurl.URLURL of the Grafana instance
KEYCLOAK_URLurl.URLURL of the Keycloak instance
LOG_LEVELstringLogging level (e.g., info, debug)
ROLES_REGEX_ROstringReadOnly Keycloak roles regex (e.g. "-ro")
ROLES_REGEX_RWstringReadWrite Keycloak roles regex (e.g. "-rw")
KEYCLOAK_MONITOR_INTERVALtime.DurationHow often should the Keycloak state in memory be updated, default:"5m"
GRAFANA_MONITOR_INTERVALtime.DurationHow often should the Grafana state in memory be updated, default:"5m"
SYNC_INTERVALtime.DurationHow often should sync process be launched, default:"5m"
GRAFANA_USERstringAdmin user (not OIDC)
GRAFANA_PASSWORDstringAdmin password
KEYCLOAK_REALMstringKeycloak Realm with Grafana client
KEYCLOAK_CLIENT_NAMEstringGrafana client name in Keycloak
KEYCLOAK_CLIENT_SECRETstringGrafana client secret in Keycloak
KEYCLOAK_MASTER_CLIENT_NAMEstringStub client name in Keycloak Master Realm (to obtain token)
KEYCLOAK_MASTER_CLIENT_SECRETstringStub client secret
KEYCLOAK_USERstringKeycloak admin user
KEYCLOAK_PASSWORDstringKeycloak admin password

ToDo

  1. Now grafana-teams-sync is able only to add Users permissions and don't able to delete
  2. Algorithm of synchronization process is now very weak and could be improved

# Packages

No description provided by the author
No description provided by the author