grafana: rebase grafana.ini to grafana 10.2.0-1

Also add script to make rebasing easier.

grafana: rebase grafana.ini to grafana 10.2.0-1
825a0c92 · Evangelos Foutras · 061b2da9 · 825a0c92 · 825a0c92
Verified Commit 825a0c92 authored 1 year ago by Evangelos Foutras
--- a/roles/grafana/scripts/rebase-grafana-ini.sh
+++ b/roles/grafana/scripts/rebase-grafana-ini.sh
+#!/bin/bash
+
+mon_grafana_ver=$(ssh root@monitoring.archlinux.org pacman -Q grafana | awk '{print $2}')
+git_grafana_ver=$(git log --oneline | grep -Pom1 'rebase grafana.ini to grafana \K\S+')
+
+if [[ -z $mon_grafana_ver ]]; then
+  echo >&2 'failed to detect current version on monitoring'
+  exit 1
+fi
+
+if [[ $(vercmp $git_grafana_ver $mon_grafana_ver) -ge 0 ]]; then
+  echo >&2 "already rebased to $git_grafana_ver (>= $mon_grafana_ver on monitoring)"
+  exit 1
+fi
+
+old_pkg=https://archive.archlinux.org/packages/g/grafana/grafana-$git_grafana_ver-x86_64.pkg.tar.zst
+new_pkg=https://archive.archlinux.org/packages/g/grafana/grafana-$mon_grafana_ver-x86_64.pkg.tar.zst
+
+diff -up \
+  <(curl -s "$old_pkg" | bsdtar -xOq etc/grafana.ini) \
+  <(curl -s "$new_pkg" | bsdtar -xOq etc/grafana.ini) \
+  | patch "$(dirname $0)/../templates/grafana.ini.j2"
+
+echo
+echo ':: fix any conflicts above, "git add" the changes and commit with:'
+echo ":: git commit -m 'grafana: rebase grafana.ini to grafana $mon_grafana_ver'"
--- a/roles/grafana/templates/grafana.ini.j2
+++ b/roles/grafana/templates/grafana.ini.j2
@@ -634,6 +634,10 @@ hide_version = true
 ;api_url = https://openidconnect.googleapis.com/v1/userinfo
 ;allowed_domains =
 ;hosted_domain =
+;allowed_groups =
+;role_attribute_path =
+;role_attribute_strict = false
+;allow_assign_grafana_admin = false
 ;skip_org_role_sync = false
 ;use_pkce = true

@@ -756,6 +760,8 @@ role_attribute_strict = true
 ;cache_ttl = 60m
 ;expect_claims = {"aud": ["foo", "bar"]}
 ;key_file = /path/to/key/file
+# Use in conjunction with key_file in case the JWT token's header specifies a key ID in "kid" field
+;key_id = some-key-id
 ;role_attribute_path =
 ;role_attribute_strict = false
 ;auto_sign_up = false
@@ -789,7 +795,7 @@ role_attribute_strict = true
 ; list_metrics_page_limit = 500

 # Experimental, for use in Grafana Cloud only. Please do not set.
-; external_id = 
+; external_id =

 #################################### Azure ###############################
 [azure]
@@ -807,6 +813,24 @@ role_attribute_strict = true
 # Should be set for user-assigned identity and should be empty for system-assigned identity
 ;managed_identity_client_id =

+# Specifies whether Azure AD Workload Identity authentication should be enabled in datasources that support it
+# For more documentation on Azure AD Workload Identity, review this documentation:
+# https://azure.github.io/azure-workload-identity/docs/
+# Disabled by default, needs to be explicitly enabled
+;workload_identity_enabled = false
+
+# Tenant ID of the Azure AD Workload Identity
+# Allows to override default tenant ID of the Azure AD identity associated with the Kubernetes service account
+;workload_identity_tenant_id =
+
+# Client ID of the Azure AD Workload Identity
+# Allows to override default client ID of the Azure AD identity associated with the Kubernetes service account
+;workload_identity_client_id =
+
+# Custom path to token file for the Azure AD Workload Identity
+# Allows to set a custom path to the projected service account token file
+;workload_identity_token_file =
+
 # Specifies whether user identity authentication (on behalf of currently signed-in user) should be enabled in datasources
 # that support it (requires AAD authentication)
 # Disabled by default, needs to be explicitly enabled
@@ -832,6 +856,9 @@ role_attribute_strict = true
 # Warning left to true, basic roles permissions will be reset on every boot
 #reset_basic_roles = false

+# Validate permissions' action and scope on role creation and update
+; permission_validation_enabled = true
+
 #################################### SMTP / Emailing ##########################
 [smtp]
 ;enabled = false
@@ -1277,6 +1304,18 @@ mode = syslog
 [tracing.opentelemetry]
 # attributes that will always be included in when creating new spans. ex (key1:value1,key2:value2)
 ;custom_attributes = key1:value1,key2:value2
+# Type specifies the type of the sampler: const, probabilistic, rateLimiting, or remote
+; sampler_type = remote
+# Sampler configuration parameter
+# for "const" sampler, 0 or 1 for always false/true respectively
+# for "probabilistic" sampler, a probability between 0.0 and 1.0
+# for "rateLimiting" sampler, the number of spans per second
+# for "remote" sampler, param is the same as for "probabilistic"
+#   and indicates the initial sampling rate before the actual one
+#   is received from the sampling server (set at sampling_server_url)
+; sampler_param = 0.5
+# specifies the URL of the sampling server when sampler_type is remote
+; sampling_server_url = http://localhost:5778/sampling

 [tracing.opentelemetry.jaeger]
 # jaeger destination (ex http://localhost:14268/api/traces)
@@ -1365,6 +1404,8 @@ mode = syslog
 # Force download of the public key for verifying plugin signature on startup. If disabled, the public key will be retrieved every 10 days.
 # Requires public_key_retrieval_disabled to be false to have any effect.
 ; public_key_retrieval_on_startup = false
+# Enter a comma-separated list of plugin identifiers to avoid loading (including core plugins). These plugins will be hidden in the catalog.
+; disable_plugins =

 #################################### Grafana Live ##########################################
 [live]
@@ -1387,6 +1428,9 @@ mode = syslog
 # This option is EXPERIMENTAL.
 ;ha_engine_address = "127.0.0.1:6379"

+# ha_engine_password allows setting an optional password to authenticate with the engine
+;ha_engine_password = ""
+
 #################################### Grafana Image Renderer Plugin ##########################
 [plugin.grafana-image-renderer]
 # Instruct headless browser instance to use a default timezone when not provided by Grafana, e.g. when rendering panel image of alert.
@@ -1532,5 +1576,14 @@ mode = syslog

 ################################## Feature Management ##############################################
 [feature_management]
-hidden_toggles =
-read_only_toggles =
+# Options to configure the experimental Feature Toggle Admin Page feature, which is behind the `featureToggleAdminPage` feature toggle. Use at your own risk.
+# Allow editing of feature toggles in the feature management page
+;allow_editing = false
+# Allow customization of URL for the controller that manages feature toggles
+;update_webhook =
+# Allow configuring an auth token for feature management update requests
+;update_webhook_token =
+# Hide specific feature toggles from the feature management page
+;hidden_toggles =
+# Disable updating specific feature toggles in the feature management page
+;read_only_toggles =