Skip to content

Commit

Permalink
feat: added settings for enabling refresh tokens
Browse files Browse the repository at this point in the history
refactor: refactors made on comments on pr canonical#278
  • Loading branch information
bencekov committed Dec 5, 2023
1 parent 5d76e6e commit 2c24f25
Showing 1 changed file with 19 additions and 7 deletions.
26 changes: 19 additions & 7 deletions src/charm.py
Original file line number Diff line number Diff line change
Expand Up @@ -304,16 +304,14 @@ def _on_config_changed(self, event: ConfigChangedEvent) -> None:
Args:
event: a :class:`ConfigChangedEvent` to signal that something happened
"""
if self.model.relations[OAUTH]:
self.oauth.update_client_config(client_config=self._oauth_client_config)
self.oauth.update_client_config(client_config=self._oauth_client_config)

self._configure()
self._configure_replication()

def _on_ingress_ready(self, _) -> None:
"""Once Traefik tells us our external URL, make sure we reconfigure Grafana."""
if self.model.relations[OAUTH]:
self.oauth.update_client_config(client_config=self._oauth_client_config)
self.oauth.update_client_config(client_config=self._oauth_client_config)

self._configure()

Expand Down Expand Up @@ -734,10 +732,16 @@ def _generate_grafana_config(self) -> str:
For now, this only creates database information, since everything else
can be set in ENV variables, but leave for expansion later so we can
hide auth secrets
The feature toggle accessTokenExpirationCheck is also set here. It's needed
for the oauth relation to provide refresh tokens.
"""
configs = []
if self.has_db:
configs.append(self._generate_database_config())

if self.model.relations[OAUTH]:
configs.append(self._generate_oauth_refresh_config())

return "\n".join(configs)

Expand Down Expand Up @@ -949,7 +953,6 @@ def _build_layer(self) -> Layer:
"GF_AUTH_GENERIC_OAUTH_TOKEN_URL": oauth_provider_info.token_endpoint,
"GF_AUTH_GENERIC_OAUTH_API_URL": oauth_provider_info.userinfo_endpoint,
"GF_AUTH_GENERIC_OAUTH_USE_REFRESH_TOKEN": "True",
"GF_FEATURE_TOGGLES_ACCESS_TOKEN_EXPIRATION_CHECK": "True",
}
)

Expand Down Expand Up @@ -1432,14 +1435,23 @@ def _on_oauth_info_changed(self, event: OAuthInfoChangedEvent) -> None:
"""Event handler for the oauth_info_changed event."""
logger.info(f"Received oauth provider info: {self.oauth.get_provider_info()}")

self.restart_grafana()
self._configure()

def _on_oauth_info_removed(self, event: OAuthInfoRemovedEvent) -> None:
"""Event handler for the oauth_info_removed event."""
logger.info("Oauth relation is broken, removing related settings")

# Reset generic_oauth settings
self.restart_grafana()
self._configure()

def _generate_oauth_refresh_config(self) -> str:
"""Generate a configuration for automatic refreshing of oauth authentication.
Returns:
A string containing the required feature toggle information to be stubbed into the config file.
"""

return "[feature_toggles]\naccessTokenExpirationCheck = true\n"


if __name__ == "__main__":
Expand Down

0 comments on commit 2c24f25

Please sign in to comment.