df6bb69d29
# What this PR does Disable accessControlOnCall for Grafana 11.3 <!-- *Note*: If you want the issue to be auto-closed once the PR is merged, change "Related to" to "Closes" in the line above. If you have more than one GitHub issue that this PR closes, be sure to preface each issue link with a [closing keyword](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/using-keywords-in-issues-and-pull-requests#linking-a-pull-request-to-an-issue). This ensures that the issue(s) are auto-closed once the PR has been merged. --> ## Checklist - [ ] Unit, integration, and e2e (if applicable) tests updated - [x] Documentation added (or `pr:no public docs` PR label added if not required) - [x] Added the relevant release notes label (see labels prefixed w/ `release:`). These labels dictate how your PR will show up in the autogenerated release notes.
178 lines
6.1 KiB
Text
178 lines
6.1 KiB
Text
load('ext://uibutton', 'cmd_button', 'location', 'text_input', 'bool_input')
|
|
load("ext://configmap", "configmap_create")
|
|
|
|
grafana_url = os.getenv("GRAFANA_URL", "http://grafana:3000")
|
|
running_under_parent_tiltfile = os.getenv("TILT_PARENT", "false") == "true"
|
|
twilio_values=[
|
|
"oncall.twilio.accountSid=" + os.getenv("TWILIO_ACCOUNT_SID", ""),
|
|
"oncall.twilio.authToken=" + os.getenv("TWILIO_AUTH_TOKEN", ""),
|
|
"oncall.twilio.phoneNumber=" + os.getenv("TWILIO_PHONE_NUMBER", ""),
|
|
"oncall.twilio.verifySid=" + os.getenv("TWILIO_VERIFY_SID", ""),
|
|
]
|
|
is_ci=config.tilt_subcommand == "ci"
|
|
# HELM_PREFIX must be "oncall-dev" as it is hardcoded in dev/helm-local.yml
|
|
HELM_PREFIX = "oncall-dev"
|
|
# Use docker registery generated by ctlptl (dev/kind-config.yaml)
|
|
DOCKER_REGISTRY = "localhost:63628/"
|
|
|
|
load("ext://docker_build_sub", "docker_build_sub")
|
|
|
|
grafana_deps = ["grafana-oncall-app-provisioning-configmap", "build-ui", "build-oncall-plugin-backend"]
|
|
|
|
def get_profiles():
|
|
profiles = os.getenv('ONCALL_PROFILES', 'grafana,plugin,backend,tests')
|
|
return profiles.split(',')
|
|
profiles = get_profiles()
|
|
|
|
# Tell ops-devenv/Tiltifle where our plugin.json file lives
|
|
plugin_file = os.path.abspath("grafana-plugin/src/plugin.json")
|
|
|
|
def plugin_json():
|
|
if 'plugin' in profiles:
|
|
return plugin_file
|
|
return 'NOT_A_PLUGIN'
|
|
|
|
def extra_grafana_ini():
|
|
return {
|
|
'feature_toggles': {
|
|
'accessControlOnCall': 'false'
|
|
}
|
|
}
|
|
|
|
def extra_env():
|
|
return {
|
|
"GF_APP_URL": grafana_url,
|
|
"GF_SERVER_ROOT_URL": grafana_url,
|
|
"GF_FEATURE_TOGGLES_ENABLE": "externalServiceAccounts",
|
|
"ONCALL_API_URL": "http://oncall-dev-engine:8080",
|
|
|
|
# Enables managed service accounts for plugin authentication in Grafana >= 11.3
|
|
# https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#managed_service_accounts_enabled
|
|
"GF_AUTH_MANAGED_SERVICE_ACCOUNTS_ENABLED": "true",
|
|
}
|
|
|
|
def extra_deps():
|
|
return grafana_deps
|
|
|
|
|
|
allow_k8s_contexts(["kind-kind"])
|
|
|
|
# Build the image including frontend folder for pytest
|
|
docker_build_sub(
|
|
"localhost:63628/oncall/engine:dev",
|
|
context="./engine",
|
|
cache_from=["grafana/oncall:latest", "grafana/oncall:dev"],
|
|
ignore=["./test-results/", "./grafana-plugin/dist/", "./grafana-plugin/e2e-tests/", "./grafana-plugin/node_modules/"],
|
|
child_context=".",
|
|
target="dev",
|
|
extra_cmds=["ADD ./grafana-plugin/src/plugin.json /etc/grafana-plugin/src/plugin.json"],
|
|
live_update=[
|
|
sync("./engine/", "/etc/app"),
|
|
run(
|
|
"cd /etc/app && pip install pip-tools && pip-sync",
|
|
trigger="./engine/requirements.txt",
|
|
),
|
|
],
|
|
)
|
|
|
|
|
|
def load_oncall_helm():
|
|
helm_oncall_values_files = ["./dev/helm-local.yml"]
|
|
local_dev_helm_values_file = "./dev/helm-local.dev.yml"
|
|
|
|
if is_ci:
|
|
helm_oncall_values_files.append("./.github/helm-ci.yml")
|
|
elif os.path.exists(local_dev_helm_values_file):
|
|
helm_oncall_values_files.append(local_dev_helm_values_file)
|
|
|
|
yaml = helm(
|
|
"helm/oncall",
|
|
name=HELM_PREFIX,
|
|
values=helm_oncall_values_files,
|
|
set=twilio_values,
|
|
namespace="default",
|
|
)
|
|
k8s_yaml(yaml)
|
|
|
|
# --- GRAFANA START ----
|
|
|
|
if not running_under_parent_tiltfile:
|
|
# Load the custom Grafana extensions
|
|
v1alpha1.extension_repo(
|
|
name="grafana-tilt-extensions",
|
|
ref="v1.4.2",
|
|
url="https://github.com/grafana/tilt-extensions",
|
|
)
|
|
v1alpha1.extension(
|
|
name="grafana", repo_name="grafana-tilt-extensions", repo_path="grafana"
|
|
)
|
|
load("ext://grafana", "grafana")
|
|
|
|
def load_grafana():
|
|
# The user/pass that you will login to Grafana with
|
|
grafana_admin_user_pass = os.getenv("GRAFANA_ADMIN_USER_PASS", "oncall")
|
|
grafana_version = os.getenv("GRAFANA_VERSION", "latest")
|
|
|
|
if 'plugin' in profiles:
|
|
# Generate and load the grafana deploy yaml
|
|
configmap_create(
|
|
"grafana-oncall-app-provisioning",
|
|
namespace="default",
|
|
from_file="dev/grafana/provisioning/plugins/grafana-oncall-app-provisioning.yaml",
|
|
)
|
|
|
|
k8s_resource(
|
|
objects=["grafana-oncall-app-provisioning:configmap"],
|
|
new_name="grafana-oncall-app-provisioning-configmap",
|
|
resource_deps=["build-ui"],
|
|
labels=["Grafana"],
|
|
)
|
|
|
|
# Use separate grafana helm chart
|
|
if not running_under_parent_tiltfile:
|
|
grafana(
|
|
grafana_version=grafana_version,
|
|
context="grafana-plugin",
|
|
plugin_files=["grafana-plugin/src/plugin.json"],
|
|
namespace="default",
|
|
deps=grafana_deps,
|
|
extra_env={
|
|
"GF_SECURITY_ADMIN_PASSWORD": "oncall",
|
|
"GF_SECURITY_ADMIN_USER": "oncall",
|
|
"GF_AUTH_ANONYMOUS_ENABLED": "false",
|
|
"GF_APP_URL": grafana_url, # older versions of grafana need this
|
|
"GF_SERVER_ROOT_URL": grafana_url,
|
|
"GF_FEATURE_TOGGLES_ENABLE": "externalServiceAccounts",
|
|
"ONCALL_API_URL": "http://oncall-dev-engine:8080",
|
|
|
|
# Enables managed service accounts for plugin authentication in Grafana >= 11.3
|
|
# https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#managed_service_accounts_enabled
|
|
"GF_AUTH_MANAGED_SERVICE_ACCOUNTS_ENABLED": "true",
|
|
},
|
|
extra_grafana_ini={
|
|
"feature_toggles": {
|
|
"accessControlOnCall": "false"
|
|
}
|
|
},
|
|
)
|
|
# --- GRAFANA END ----
|
|
|
|
if 'grafana' in profiles:
|
|
load_grafana()
|
|
if 'plugin' in profiles:
|
|
include(".tilt/plugin/Tiltfile")
|
|
if 'backend' in profiles:
|
|
load_oncall_helm()
|
|
include(".tilt/backend/Tiltfile")
|
|
include(".tilt/deps/Tiltfile")
|
|
if 'tests' in profiles:
|
|
include(".tilt/tests/Tiltfile")
|
|
|
|
# name all tilt resources after the k8s object namespace + name
|
|
def resource_name(id):
|
|
# Remove variable date from job name
|
|
if id.name.startswith(HELM_PREFIX + "-engine-migrate"):
|
|
return "engine-migrate"
|
|
return id.name.replace(HELM_PREFIX + "-", "")
|
|
|
|
workload_to_resource_function(resource_name)
|