You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Plugin is not connected Unauthorized/Forbidden while accessing OnCall engine: /api/internal/v1/plugin/v2/status, status code: 403, check token
We use multiple organisations in Grafana OSS, and we want to connect org_id=2 with the engine, we managed to configure it for default org_id=1 but if we specify other organisation it breaks with permissions issues, the service account is created only in org_id=1.
Service account id sa-1-extsvc-grafana-oncall-app is created only in org_id=1 and not in the specified organization, for example org_id=2, so it works only for org_id=1
Tried to find any documentation or info how to configure the oncall plugin to work with other organisation other than the default and did not find any information
grafanaToken and onCallApiToken are not generated in the table public.plugin_setting for org_id!=1
What did you expect to happen:
I would expect plugin service account sa-2-extsvc-grafana-oncall-app to be generated for org_id=2 and authentication to work with the engine, or at least provide a way to create that manually.
I would expect to have Documentation:
a ReadMe or some info on how to setup OnCall plugin and Engine for organisation with org_id!=1 for Grafana OSS. It would be nice to include all the relevant info regarding this topic, such as current status and feature plans, env variables to configure, manual API calls that we need to trigger, if we need multiple Engines , DB, Redis, RabbitMQ, or one, how to do separation between organization data?
I would expect to have also some documentation or readme to explain the authentication flow between grafana <-> plugin <-> engine, for example if we need to create grafana token manually and configure them on the engine so it can access the API, and how to specify the org_id
dinfdsooff
changed the title
v1.9.30 Permission issues when using multiple Organisations in Grafana OSS
v1.9.30 Permission issues when using org_id!=1 in Grafana OSS
Sep 30, 2024
Hello @joeyorlando does not support even when using different engines and databases per org? Here there is a comment that it works #598 (comment) however not for us.
Unfortunately, we can use only Grafana Self Hosted in our company so this is a major blocker for us, probably will find a paid solution.
What went wrong?
What happened:
Plugin is not connected Unauthorized/Forbidden while accessing OnCall engine: /api/internal/v1/plugin/v2/status, status code: 403, check token
We use multiple organisations in Grafana OSS, and we want to connect
org_id=2
with the engine, we managed to configure it for defaultorg_id=1
but if we specify other organisation it breaks with permissions issues, the service account is created only inorg_id=1
.Service account id
sa-1-extsvc-grafana-oncall-app
is created only inorg_id=1
and not in the specified organization, for exampleorg_id=2
, so it works only fororg_id=1
Tried to find any documentation or info how to configure the oncall plugin to work with other organisation other than the default and did not find any information
grafanaToken
andonCallApiToken
are not generated in the tablepublic.plugin_setting
fororg_id!=1
What did you expect to happen:
I would expect plugin service account
sa-2-extsvc-grafana-oncall-app
to be generated fororg_id=2
and authentication to work with the engine, or at least provide a way to create that manually.I would expect to have Documentation:
org_id!=1
for Grafana OSS. It would be nice to include all the relevant info regarding this topic, such as current status and feature plans, env variables to configure, manual API calls that we need to trigger, if we need multiple Engines , DB, Redis, RabbitMQ, or one, how to do separation between organization data?org_id
How do we reproduce it?
curl -X POST -H "X-Grafana-Org-Id: 1" "https://grafana.xxxx.xxx/api/plugins/grafana-oncall-app/settings" \ -H "Content-Type: application/json" -H "Authorization: Basic xxxxxxxx" \ -d '{ "enabled": true, "jsonData": { "stackId": 5, "orgId": 100, "license":"OpenSource", "onCallApiUrl": "http://oncall-engine:8080/", "grafanaUrl": "http://grafana:80/" } }'
curl -X POST -H "X-Grafana-Org-Id: 2" "https://grafana.xxxx.xxx/api/plugins/grafana-oncall-app/settings" \ -H "Content-Type: application/json" -H "Authorization: Basic xxxxxxxx" \ -d '{ "enabled": true, "jsonData": { "stackId": 5, "orgId": 2, "license":"OpenSource", "onCallApiUrl": "http://oncall-engine-second:8080/", "grafanaUrl": "http://grafana:80/" } }'
curl -X POST -H "X-Grafana-Org-Id: 1" -H "Authorization: Basic xxxxxxx" 'https://grafana.xxxx.xxxx/api/plugins/grafana-oncall-app/resources/plugin/install'
curl -X POST -H "X-Grafana-Org-Id: 2" -H "Authorization: Basic xxxxxxx" 'https://grafana.xxxx.xxxx/api/plugins/grafana-oncall-app/resources/plugin/install'
org_id=1
Grafana OnCall Version
v1.9.30
Product Area
Auth, API
Grafana OnCall Platform?
Kubernetes
User's Browser?
No response
Anything else to add?
Grafana version
11.2.0
The text was updated successfully, but these errors were encountered: