62 lines
2.3 KiB
YAML
62 lines
2.3 KiB
YAML
# services/monitoring/grafana-user-dedupe-job.yaml
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: grafana-user-dedupe-api
|
|
namespace: monitoring
|
|
annotations:
|
|
vault.hashicorp.com/agent-inject: "true"
|
|
vault.hashicorp.com/role: "monitoring"
|
|
vault.hashicorp.com/agent-inject-secret-grafana-env.sh: "kv/data/atlas/monitoring/grafana-admin"
|
|
vault.hashicorp.com/agent-inject-template-grafana-env.sh: |
|
|
{{ with secret "kv/data/atlas/monitoring/grafana-admin" }}
|
|
export GRAFANA_USER="{{ index .Data.data "admin-user" }}"
|
|
export GRAFANA_PASSWORD="{{ index .Data.data "admin-password" }}"
|
|
{{ end }}
|
|
spec:
|
|
backoffLimit: 1
|
|
template:
|
|
spec:
|
|
restartPolicy: Never
|
|
containers:
|
|
- name: dedupe
|
|
image: alpine:3.20
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
args:
|
|
- |
|
|
set -euo pipefail
|
|
apk add --no-cache curl jq
|
|
. /vault/secrets/grafana-env.sh
|
|
grafana_url="${GRAFANA_URL}"
|
|
if [ -z "${grafana_url}" ]; then
|
|
echo "GRAFANA_URL is required"
|
|
exit 1
|
|
fi
|
|
if [ -z "${GRAFANA_USER}" ] || [ -z "${GRAFANA_PASSWORD}" ]; then
|
|
echo "Grafana admin credentials missing"
|
|
exit 1
|
|
fi
|
|
if [ -z "${GRAFANA_DEDUPE_EMAILS}" ]; then
|
|
echo "GRAFANA_DEDUPE_EMAILS is required"
|
|
exit 1
|
|
fi
|
|
for email in $(echo "${GRAFANA_DEDUPE_EMAILS}" | tr ',' ' '); do
|
|
user_id="$(curl -sf -u "${GRAFANA_USER}:${GRAFANA_PASSWORD}" \
|
|
"${grafana_url}/api/users/lookup?loginOrEmail=${email}" | jq -r '.id // empty')"
|
|
if [ -z "$user_id" ]; then
|
|
echo "no grafana user found for ${email}"
|
|
continue
|
|
fi
|
|
echo "deleting grafana user ${user_id} (${email})"
|
|
curl -sf -X DELETE -u "${GRAFANA_USER}:${GRAFANA_PASSWORD}" \
|
|
"${grafana_url}/api/admin/users/${user_id}"
|
|
done
|
|
echo "done"
|
|
env:
|
|
- name: GRAFANA_URL
|
|
value: http://grafana
|
|
- name: GRAFANA_DEDUPE_EMAILS
|
|
value: brad.stein@gmail.com,brad@bstein.dev
|