Trying to generate dashboard links between [n] copies of related dashboards

Grafana Dashboards
,
1

Hi,

I’m working in a multi-tenanted Grafana installation. Each tenant has their own organization to keep things securely divided up within the installation. However, each tenant also has access to several basic dashboards.

In order to accomplish this, i’m using provisioner files for each organization but all of the files refer back to the same template files in my grafana install.

So far so good!

However, I need to create dynamic links from dashboard 1 to dashboard 2 and activate that for each tenant in my org. (dashboard 1 produces a list of deep links into dashboard 2) Since I don’t know the uid of the dashboards ahead of time and they will change for each organization to prevent database conflicts, I need to figure out how to find the correct uids

So far the best solution I have found involved using a json-api data source plugin, and wrapping it back to the grafana search api, so that I can search for dashboards in a variable query and locate the uid of the dashboard I need to link to. A workable, but awkward solution.

In order for this to work, however, it seems like I need to programmatically generate service accounts in each tenant organization. This is where things get super dicey.

I found the directions for generating service accounts and tokens in the developer docs, however one key step is giving me pause … switching the context of the admin user. This would clearly work just fine if I didn’t need to have multiple threads doing this at the same time. But as it is, if i put this sequence in a multi-threaded environment I would risk race conditions that might potentially mix up which service account belongs to which org. That would be a huge security risk for me.

One possible work around that I thought of would involve just doing a raw sql query on the grafana user table to fix the org_id column, but I would really like to avoid going so radically deep into grafana’s db as it would be subject to change that I would probably not anticipate.

Is there a better way to do this? I’m sure their probably is, and would welcome ideas.

~David

2

You can have own dashboard UID, just specify UID when you are creating dashboard (Grafana will create random UID, only when you don’t specify UID).

So you can have predicted dashboard uids across all orgs. E.g. (simplified UID for ilustration):
Org1:

  • 1cpu
  • 1mem
  • 1net

Org 2:

  • 2cpu
  • 2mem
  • 2mem

3

Ok, that might get somewhat closer to my goal. Would this require that each org have its own set of templates though? I would prefer to have only one copy of the template file for each dashboard so as not to multiply out of hand… or is it possible to specify uids in the provisioner files?

If it were possible to specify the uid in the provisioner I would still need a way to reference the org id or some other unique marker within the dashboard. Is there a dashboard var that keeps track of the org_id?

4

There is ${__org.id}: Grafana

For other question: I don’t know, because you are using terms, which only you now their meanings (template, provisioner files). It looks like you have some undisclosed automation around, so only you will know anwsers.

5

My apologies, I’m a little new to the terminology.
I’m using the provisioning instructions here: Provision Grafana | Grafana documentation where I create a yaml for each org that points to the common JSON definition files(which I was calling templates).

eg

/etc/grafana/provisioning/dashboards contains

org1-dash1.yaml
org2-dash1.yaml
org1-dash2.yaml
org2-dash2.yaml
...

Using the standard format, but truncated to only show what’s changed

apiVersion: 1

providers:
  - name: (a unique name with the org id prefixed)
    orgId: (the org id)
    type: file
    disableDeletion: false
    options:
      path: (path to dash1 or dash2)
      foldersFromFilesStructure: true