Skip to content

Reverse merge main to dev #219

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dogshapedangel merged 7 commits into from
Apr 14, 2026
Merged

Reverse merge main to dev #219

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
c1b4211
Bump urllib3 from 2.5.0 to 2.6.3 in /code/services/DHIdentity
dependabot[bot] Mar 22, 2026
7a0cb3d
add basic dashboards for auto-deploy
dogshapedangel Mar 25, 2026
ce08599
configuration for grafana-okta sso
dogshapedangel Mar 25, 2026
6d3f610
Merge pull request #204 from pumpingstationone/sky/grafana-updates
tachoknight Mar 25, 2026
40900f1
Merge pull request #195 from pumpingstationone/dependabot/uv/code/ser…
tachoknight Mar 25, 2026
2d4b3f0
okta: add refresh token and JWT validation
dogshapedangel Mar 26, 2026
f133e47
Merge pull request #206 from pumpingstationone/sky/grafana-updates
tachoknight Mar 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 42 additions & 0 deletions .env.grafana.okta.example
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# Grafana server URL
GF_SERVER_ROOT_URL=http://localhost:3000

# Optional local admin override
GF_SECURITY_ADMIN_USER=admin
GF_SECURITY_ADMIN_PASSWORD=change-me-PLEASE

# Enable Okta auth
GF_AUTH_OKTA_ENABLED=true
GF_AUTH_OKTA_NAME=Okta
GF_AUTH_OKTA_ALLOW_SIGN_UP=true
GF_AUTH_OKTA_AUTO_LOGIN=false

# Okta OIDC app values
GF_AUTH_OKTA_CLIENT_ID=your-okta-client-id
GF_AUTH_OKTA_CLIENT_SECRET=your-okta-client-secret
GF_AUTH_OKTA_SCOPES=openid profile email groups offline_access
GF_AUTH_OKTA_AUTH_URL=https://YOUR_OKTA_DOMAIN/oauth2/v1/authorize
GF_AUTH_OKTA_TOKEN_URL=https://YOUR_OKTA_DOMAIN/oauth2/v1/token
GF_AUTH_OKTA_API_URL=https://YOUR_OKTA_DOMAIN/oauth2/v1/userinfo

# Enable refresh token flow
GF_AUTH_OKTA_USE_REFRESH_TOKEN=true

# Enable JWT ID token signature validation
GF_AUTH_OKTA_VALIDATE_ID_TOKEN=true
GF_AUTH_OKTA_JWK_SET_URL=https://YOUR_OKTA_DOMAIN/oauth2/v1/keys

# Optional restrictions
# comma separated lists
GF_AUTH_OKTA_ALLOWED_DOMAINS=
GF_AUTH_OKTA_ALLOWED_GROUPS=

# Claim/attribute mapping
GF_AUTH_OKTA_LOGIN_ATTRIBUTE_PATH=preferred_username
GF_AUTH_OKTA_NAME_ATTRIBUTE_PATH=name
GF_AUTH_OKTA_EMAIL_ATTRIBUTE_PATH=email
GF_AUTH_OKTA_GROUPS_ATTRIBUTE_PATH=groups

# Role mapping
GF_AUTH_OKTA_ROLE_ATTRIBUTE_PATH=contains(groups[*], 'GrafanaAdmins') && 'Admin' || contains(groups[*], 'GrafanaEditors') && 'Editor' || 'Viewer'
GF_AUTH_OKTA_SKIP_ORG_ROLE_SYNC=false
7 changes: 6 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,9 @@ flask_session/
.claude
*.code-workspace
pg/db-init/02-seed_data.sql
pg/sql/seed_data.local.sql
pg/sql/seed_data.local.sql
.env.local*
.env.production*
.env.staging*
.env.development*
.env.*.production
6 changes: 3 additions & 3 deletions code/services/DHIdentity/uv.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions docker-compose.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -421,14 +421,14 @@ services:
restart: unless-stopped
ports:
- "3000:3000"
env_file:
- .env.grafana.okta.production
volumes:
- ./tools/grafana/provisioning/datasources:/etc/grafana/provisioning/datasources
- ./tools/grafana/provisioning/dashboards/main.yaml:/etc/grafana/provisioning/dashboards/main.yaml
- ./tools/grafana/provisioning/dashboards:/var/lib/grafana/dashboards
environment:
TZ: "America/Chicago"
GF_SECURITY_ADMIN_USER: admin
GF_SECURITY_ADMIN_PASSWORD: admin
depends_on:
db:
condition: service_healthy
Expand Down
Loading
Loading