Bug 1883476

Summary: [downstream] Configure role-mapping on SSO to grafana
Product: Red Hat Enterprise Virtualization Manager Reporter: Juan Orti <jortialc>
Component: ovirt-engine-dwhAssignee: Yedidyah Bar David <didi>
Status: CLOSED DEFERRED QA Contact: Lucie Leistnerova <lleistne>
Severity: high Docs Contact:
Priority: medium    
Version: 4.4.1CC: bugs, didi, emarcus, lleistne, lsurette, mavital, mhicks, mkalinin, mperina, pelauter, sradco, srevivo
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1835163 Environment:
Last Closed: 2021-04-26 08:17:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Metrics RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1807323, 1835152, 1835163    
Bug Blocks:    

Description Juan Orti 2020-09-29 10:56:56 UTC 
+++ This bug was initially created as a clone of Bug #1835163 +++

Description of problem:

Allow engine admins automatically be grafana admins when logging in using SSO/OAuth2.

This requires grafana 6.5, see dependent bug.

A workaround:

1. Login to the engine web admin as admin
2. Login to grafana with SSO - "Sign in with oVirt Engine Auth"
3. Sign out
4. Login with the internal grafana admin
5. Go to Configuration -> Users
6. Find the new user. The default email for the engine's default admin, admin@internal, is 'root@localhost'.
7. Change its Role to Admin.
8. Now you can logout and login again with SSO, it should have admin rights

admin@internal's email address used to be empty until 4.3, and in 4.4 we change it (also on upgrades) for SSO with grafana, as it requires an email address.

--- Additional comment from Sandro Bonazzola on 2020-05-14 07:33:16 UTC ---

Tentatively targeting 4.4.1, working with platform to get grafana rebase backported to RHEL 8.2.1