Pmm static send authorize/?client_id=some_id

Description:

pmm not send value GF_AUTH_GENERIC_OAUTH_CLIENT_ID
sends a static value “some_id”

Steps to Reproduce:

add idc helm values
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: ‘cG1t’
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: ‘*’

complete authentication PMM

Version:

pmm3, chart pmm@1.4.1

Logs:

https://domain.ru/application/o/authorize/?client_id=some_id&redirect_uri=https%3A%2F%2Fpmm.ru%2Fgraph%2Flogin%2Fgeneric_oauth&response_type=code&scope=openid+profile+email+offline_access+groups&state=7LhSBgy5

Expected Result:

authorize/?client_id=pmm

Actual Result:

authorize/?client_id=some_id

Hi,
Can you check if secret.create set to true in values.yml?
Can you try to set this value in pmmEnv?

hi, i added secret.create: true and redeploy pod, but nothing has changed.

secret:
  create: true
  name: pmm-secret
  pmm_password: "test"

  GF_AUTH_GENERIC_OAUTH_CLIENT_ID: 'cG1t'
  GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: '*'

if look at secrets, it creates, but values no passed grafana
I can only change the value in UI grafana, then it works

image1576×196 6.31 KB

image621×524 27.4 KB

The logic in the helm chart seems broken (or “is more secure”, whichever ;)).

and

The secret with the client ID and Secret is only loaded into the environment if create_secret is false. If create secret is true, then only the random generated password field is loaded from the secret; the rest of the secret is ignored.

if secret.create is true, probably it rewrites your secret.

Well, it’d try to rewrite, and then k8s would say “whoa, there’s already a resource with that name” and the helm install would fail. But that’s pretty reasonable if someone says “create a secret” when they actually already have a secret.

if secret.create is false. Deploy not work, error: Error: secret “pmm-secret” not found

You should create secret with name pmm-secret first and then run helm install

Thanks guys, it’s working.