Hi all,
Just wanted to share a few things I’ve been building in my free time for Grafana OSS.
The first is a Prometheus label based access control proxy that uses team membership and name to determine the label that a user can query. Turns out that Grafana sends a JWT to datasources that can be validated/verified using the public JWKS which I thought was nice.
Secondly, now that team membership is used to control labels, I needed a way to sync team members from LDAP/Active Directory, so I built a solution:
Both of these aren’t completely polished yet but work well enough for my MVP on Grafana OSS, and thought it might help others.
ps: these are features that are already available in the Enterprise/Cloud versions, which I would use if I had access to them!