From e56120b82c19f7ee54c396aed4edac0f203793d4 Mon Sep 17 00:00:00 2001
From: Philipp Glaum <philipp.glaum@sinetcon.com>
Date: Fri, 14 Jul 2023 11:03:15 +0200
Subject: [PATCH] grafana azure oauth config

---
 docker-compose.yml |  5 +++++
 grafana.ini        | 20 ++++++++++++++++++++
 2 files changed, 25 insertions(+)
 create mode 100644 grafana.ini

diff --git a/docker-compose.yml b/docker-compose.yml
index 05411c9..7f758b4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -27,7 +27,12 @@ services:
   grafana:
     image: grafana/grafana-oss
     volumes:
+      - lgtm-config:/lgtm-config
       - grafana-data:/var/lib/grafana
+    environment:
+      GF_AUTH_AZUREAD_CLIENT_ID: ${GF_AUTH_AZUREAD_CLIENT_ID}
+      GF_AUTH_AZUREAD_CLIENT_SECRET: ${GF_AUTH_AZUREAD_CLIENT_SECRET}
+      GF_PATHS_CONFIG: "/lgtm-config/lgtm-stack/grafana.ini"
     restart: unless-stopped
     user: '0'
     networks:
diff --git a/grafana.ini b/grafana.ini
new file mode 100644
index 0000000..22dbfda
--- /dev/null
+++ b/grafana.ini
@@ -0,0 +1,20 @@
+[auth.azuread]
+name = Azure AD
+enabled = true
+allow_sign_up = true
+auto_login = false
+#client_id = APPLICATION_ID
+#client_secret = CLIENT_SECRET
+scopes = openid email profile offline_access
+auth_url = https://login.microsoftonline.com/0a651be1-a772-4af3-aab3-a1d57dae5965/oauth2/v2.0/authorize
+token_url = https://login.microsoftonline.com/0a651be1-a772-4af3-aab3-a1d57dae5965/oauth2/v2.0/token
+allowed_domains =
+allowed_groups =
+allowed_organizations = 0a651be1-a772-4af3-aab3-a1d57dae5965
+role_attribute_strict = false
+allow_assign_grafana_admin = false
+skip_org_role_sync = false
+use_pkce = true
+
+[server]
+root_url = https://dev-grafana.sinetcon.com