diff --git a/src/charm.py b/src/charm.py index e4534197..2b1f7993 100755 --- a/src/charm.py +++ b/src/charm.py @@ -304,16 +304,14 @@ def _on_config_changed(self, event: ConfigChangedEvent) -> None: Args: event: a :class:`ConfigChangedEvent` to signal that something happened """ - if self.model.relations[OAUTH]: - self.oauth.update_client_config(client_config=self._oauth_client_config) + self.oauth.update_client_config(client_config=self._oauth_client_config) self._configure() self._configure_replication() def _on_ingress_ready(self, _) -> None: """Once Traefik tells us our external URL, make sure we reconfigure Grafana.""" - if self.model.relations[OAUTH]: - self.oauth.update_client_config(client_config=self._oauth_client_config) + self.oauth.update_client_config(client_config=self._oauth_client_config) self._configure() @@ -734,10 +732,16 @@ def _generate_grafana_config(self) -> str: For now, this only creates database information, since everything else can be set in ENV variables, but leave for expansion later so we can hide auth secrets + + The feature toggle accessTokenExpirationCheck is also set here. It's needed + for the oauth relation to provide refresh tokens. """ configs = [] if self.has_db: configs.append(self._generate_database_config()) + + if self.model.relations[OAUTH]: + configs.append(self._generate_oauth_refresh_config()) return "\n".join(configs) @@ -949,7 +953,6 @@ def _build_layer(self) -> Layer: "GF_AUTH_GENERIC_OAUTH_TOKEN_URL": oauth_provider_info.token_endpoint, "GF_AUTH_GENERIC_OAUTH_API_URL": oauth_provider_info.userinfo_endpoint, "GF_AUTH_GENERIC_OAUTH_USE_REFRESH_TOKEN": "True", - "GF_FEATURE_TOGGLES_ACCESS_TOKEN_EXPIRATION_CHECK": "True", } ) @@ -1432,14 +1435,23 @@ def _on_oauth_info_changed(self, event: OAuthInfoChangedEvent) -> None: """Event handler for the oauth_info_changed event.""" logger.info(f"Received oauth provider info: {self.oauth.get_provider_info()}") - self.restart_grafana() + self._configure() def _on_oauth_info_removed(self, event: OAuthInfoRemovedEvent) -> None: """Event handler for the oauth_info_removed event.""" logger.info("Oauth relation is broken, removing related settings") # Reset generic_oauth settings - self.restart_grafana() + self._configure() + + def _generate_oauth_refresh_config(self) -> str: + """Generate a configuration for automatic refreshing of oauth authentication. + + Returns: + A string containing the required feature toggle information to be stubbed into the config file. + """ + + return "[feature_toggles]\naccessTokenExpirationCheck = true\n" if __name__ == "__main__":