Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Give access to central Grafana to @colliand #1445

Closed
2 of 4 tasks
GeorgianaElena opened this issue Jun 22, 2022 · 14 comments
Closed
2 of 4 tasks

Give access to central Grafana to @colliand #1445

GeorgianaElena opened this issue Jun 22, 2022 · 14 comments
Assignees
@GeorgianaElena

Comments

@GeorgianaElena
Copy link
Member

GeorgianaElena commented Jun 22, 2022
edited by damianavila
Loading

Context

In #1438 (comment), @colliand asked for access to the central grafana.

Proposal

We should do this.

Updates and actions

Steps to be taken by @2i2c-org/tech-team:

  • give access to GCP two-eye-two-see project
  • confirm with @colliand that colliand@2i2c.org the correct address to use for access to the project above

Steps to be taken by @colliand

Update

#1437 was merged, and we can now login into the central grafana using GitHub. Access is granted based on the membership in 2i2c-org GitHub org.
@GeorgianaElena GeorgianaElena mentioned this issue Jun 22, 2022
Closed
@sgibson91
Copy link
Member

I have sent an invite to colliand@2i2c.org to gain access to two-eye-two-see

@damianavila
Copy link
Contributor

Even when I know @colliand can handle all the technical steps, maybe it makes sense to give him the pass through another tool (ie. Bitwarden)? Otherwise, I feel it is a lot of toil for him...

@damianavila damianavila moved this to Needs Shaping / Refinement in DEPRECATED Engineering and Product Backlog Jun 22, 2022
@choldgraf
Copy link
Member

I agree with @damianavila - I don't think that we should require all team members to understand sops and gcloud just to get access to a grafana dashboard. If we think that a service will be useful to people who aren't on the engineering team, we shouldn't require engineering practices to use them. (I'm also imagining future hires that may have much less engineering-specific experience than any of us have already)

In my opinion it would be fine to use something like Bitwarden's send feature to send the password.

@sgibson91
Copy link
Member

sgibson91 commented Jun 22, 2022
edited
Loading

While I don't disagree, with the password manager approach we then run into a source of truth issue. We store the grafana admin password in the repo because it is automatically read by our deployment infrastructure when we deploy the support chart. If we change that password for whatever reason, we then have a monumental task on our hands updating everyone's password managers.

I think an actual solution would be something more like GitHub Auth with Teams and let e.g. tech-team have access. So an individual's access is not dependent on the state of the default password we use in deployments.

@GeorgianaElena
Copy link
Member Author

GeorgianaElena commented Jun 22, 2022
edited
Loading

I'm working on #1437, that should allow logging in with GitHub and we won't have to get through this steps. Shouldn't take long, but yeah, please feel free to send the password to @colliand anyway you feel is more appropriate in the meantime

@sgibson91
Copy link
Member

sgibson91 commented Jun 22, 2022
edited
Loading

So I think a good plan is:

  • Short term access for Jim right now: Send password via a password manager
  • Medium to long term access for future hires with fewer engineering-specific skills: The GitHub Auth integration Georgiana is working on

@GeorgianaElena
Copy link
Member Author

GeorgianaElena commented Jun 23, 2022
edited
Loading

#1437 was merged, and we can now login into the central grafana using GitHub. "Viewer" access is granted based on the membership in 2i2c-org GitHub org.

@colliand, can you please try it out? Click on the Sign in with GitHub button at the bottom of the page at https://grafana.pilot.2i2c.cloud

@choldgraf
Copy link
Member

Just a note that I agree w/ @sgibson91 and @GeorgianaElena's assessment above. My suggestion of sending via Bitwarden was just as a one-off, but I think that our long term focus should be on the guiding principle of:

If we think that a service will be useful to people who aren't on the engineering team, we shouldn't require engineering practices to use them.

I think the GitHub Auth login approach is great 👍

However I just tried to log in via this method, and after authorizing the github app, got:

image

@sgibson91
Copy link
Member

However I just tried to log in via this method, and after authorizing the github app, got:

image

Same for me

@GeorgianaElena
Copy link
Member Author

Yep, this issue should be fixed by #1460.

@sgibson91, @choldgraf, can you please try again now? 🙏🏼

@sgibson91
Copy link
Member

Screenshot 2022-06-23 at 13 14 54

Yay!! 🚀

@choldgraf
Copy link
Member

it works for me too!

@colliand
Copy link
Contributor

Yay! It works for me too. Now I need to learn how to use it!

@damianavila damianavila moved this from Needs Shaping / Refinement to In progress in DEPRECATED Engineering and Product Backlog Jun 23, 2022
@damianavila
Copy link
Contributor

Since @colliand confirmed access we can call this one done. Awesome work @GeorgianaElena!

Repository owner moved this from In progress to Complete in DEPRECATED Engineering and Product Backlog Jun 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@GeorgianaElena GeorgianaElena

Labels
None yet
Projects
No open projects
DEPRECATED Engineering and Product Backlog
Archived in project
Milestone
No milestone
Development

No branches or pull requests
5 participants
@damianavila @choldgraf @colliand @GeorgianaElena @sgibson91