Skip to content

Commit 5989d68

Browse files
BaarsgaardBaarsgaard
committed
test(E2E/Grafana): Move JWT config, disable admin secret for JWT instance
1 parent d75972e commit 5989d68

File tree

2 files changed

+13
-12
lines changed

2 files changed

+13
-12
lines changed

tests/e2e/example-test/00-create-grafana-external.yaml

Lines changed: 0 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -7,23 +7,11 @@ metadata:
77
spec:
88
client:
99
preferIngress: false
10-
useKubeAuth: true
1110
config:
1211
log:
1312
mode: "console"
1413
auth:
1514
disable_login_form: "false"
16-
auth.jwt:
17-
enabled: "true"
18-
header_name: Authorization
19-
username_claim: sub
20-
email_claim: sub
21-
auto_sign_up: "true"
22-
role_attribute_path: "contains(\"kubernetes.io\".namespace, 'grafana') && 'GrafanaAdmin' || 'None'" # Assigns normal Admin unless allow_assign_grafana_admin is enabled
23-
role_attribute_strict: "true" # Disables auto_assign_org_role
24-
jwk_set_url: https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}/openid/v1/jwks
25-
jwk_set_bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
26-
tls_client_ca: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
2715
deployment:
2816
spec:
2917
template:

tests/e2e/example-test/00-create-grafana.yaml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,9 @@ metadata:
55
labels:
66
dashboards: "grafana"
77
spec:
8+
disableDefaultAdminSecret: true # Ensure config is valid without admin secret
89
client:
10+
useKubeAuth: true
911
preferIngress: false
1012
config:
1113
log:
@@ -21,6 +23,17 @@ spec:
2123
recording_rules:
2224
enabled: "true"
2325
url: http://prometheus:9090/api/prom/push
26+
auth.jwt:
27+
enabled: "true"
28+
header_name: Authorization
29+
username_claim: sub
30+
email_claim: sub
31+
auto_sign_up: "true"
32+
role_attribute_path: "contains(sub, 'system:serviceaccount:default:grafana-operator-controller-manager') && 'GrafanaAdmin' || 'None'" # Assigns normal Admin unless allow_assign_grafana_admin is enabled
33+
role_attribute_strict: "true" # Disables auto_assign_org_role
34+
jwk_set_url: https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}/openid/v1/jwks
35+
jwk_set_bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
36+
tls_client_ca: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
2437
deployment:
2538
spec:
2639
template:

0 commit comments

Comments
 (0)