第三方系統透過iframe巢狀整合grafana

chenhuxy發表於2024-04-18

具體步驟:

  1. 開啟允許整合巢狀配置,預設不允許
    [security] allow_embedding = true
  2. 生成簽名驗證檔案(官網提供三種方式,具體參考官網)
    線上生成JWK:https://mkjwk.org/

    複製生成的shared key set 到檔案jwks.json中
    cat jwks.json
    { "keys": [ { "kty": "oct", "use": "sig", "kid": "FCGNjZstuoQZwCXYgCjSwCsHpo1hs9TTfESoOfZYU-M", "k": "ncUW_G8A_kbkF47L6WP6OmUgjiq4cHyRhvg_9KyYbBUPYXaMvaYR29dxky-NiY0uQsP45Y7LfVgyrDfDpV860GgdJgsVPVT5M1ANgVkACucZMF1JDjaFIlWECWgtSkx1BTHYQiOavFI4rIIm09KUoLLBZ9XxmU_ilPFdtV5EUb-dn1QCzJn_Lo7R-0voBfFFYCOnL8tRk07lzaaBMnEtnc1s9EC6qGLHxY2Ivppbihls-GMZCGTbn2C9iYMY4k1EvIjvBn3FcqYlCDj7Zbt3hwMCy9XXZ0hEDKF25maDIA2cTbbC1dPsHcfGl7Jr7K2v3C9VZK45lEj1Wd9Huo7KaQ", "alg": "HS256" } ] }
  3. 生成jwt
    token加密解密站點:https://jwt.io/

具體引數配置如下,可根據需要修改,注意:"your-256-bit-secret"是jwks.json中的“k”的值,不修改使用下面已生成jwt即可
`HEADER

{
"alg": "HS256",
"typ": "JWT",
"kid": "FCGNjZstuoQZwCXYgCjSwCsHpo1hs9TTfESoOfZYU-M"
}

PAYLOAD

{
"sub": "hy-dev-user",
"name": "hy-dev-user",
"iat": 1713418413,
"exp": 4869092013,
"iss": "https://my-token-issuer",
"org": "hy",
"role": "Viewer"
}
cat grafana-jwt.txteyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkZDR05qWnN0dW9RWndDWFlnQ2pTd0NzSHBvMWhzOVRUZkVTb09mWllVLU0ifQ.eyJzdWIiOiJoeS1kZXYtdXNlciIsIm5hbWUiOiJoeS1kZXYtdXNlciIsImlhdCI6MTcxMzQxODQxMywiZXhwIjo0ODY5MDkyMDEzLCJpc3MiOiJodHRwczovL215LXRva2VuLWlzc3VlciIsIm9yZyI6Imh5Iiwicm9sZSI6IlZpZXdlciJ9.8NL2dpKjpUp_MzLzyit-388mCMAo0SzCHLLcFJZ1nrY4. 修改相關配置 cat grafana.ini[auth.jwt]
enabled = true
header_name = X-JWT-Assertion
role_attribute_path = contains(info.roles[], 'admin') && 'Admin' || contains(info.roles[], 'editor') && 'Editor' || 'Viewer'
jwk_set_file =conf/jwks.json (定義簽名驗證檔案)
expect_claims = {"iss": "https://my-token-issuer", "org": "hy"}
allow_assign_grafana_admin = false
skip_org_role_sync = true
username_claim = sub
email_claim = email
auto_sign_up = true
url_login = true`

  1. 在現有系統中整合配置

                         <div class="card-body">
                             <iframe src="https://xxx.com/grafana/d/aka/be9e3f56-70f9-509c-9efd-be6e2c0b5292?orgId=1&auth_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkZDR05qWnN0dW9RWndDWFlnQ2pTd0NzSHBvMWhzOVRUZkVTb09mWllVLU0ifQ.eyJzdWIiOiJoeS1kZXYtdXNlciIsIm5hbWUiOiJoeS1kZXYtdXNlciIsImlhdCI6MTcxMzQxODQxMywiZXhwIjo0ODY5MDkyMDEzLCJpc3MiOiJodHRwczovL215LXRva2VuLWlzc3VlciIsIm9yZyI6Imh5Iiwicm9sZSI6IlZpZXdlciJ9.8NL2dpKjpUp_MzLzyit-388mCMAo0SzCHLLcFJZ1nrY" width="100%" scrolling="No" height="730px" frameborder="0">
    
                             </iframe>
                         </div>
    

相關文章