From 83ca3880c63e09bd166b5cce5a1b50f53e64f1a1 Mon Sep 17 00:00:00 2001
From: Kalibh Halford <kalibh.halford@stfc.ac.uk>
Date: Wed, 29 Apr 2026 07:58:22 +0100
Subject: [PATCH] BUG: Change allowed groups for dev

We should not allow users access to the dev grafana. The config needs
this update to make a different config for dev and prod
---
 grafana_monitoring/roles/grafana/templates/grafana.ini.j2 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/grafana_monitoring/roles/grafana/templates/grafana.ini.j2 b/grafana_monitoring/roles/grafana/templates/grafana.ini.j2
index 3593a1b7..9b5a7679 100644
--- a/grafana_monitoring/roles/grafana/templates/grafana.ini.j2
+++ b/grafana_monitoring/roles/grafana/templates/grafana.ini.j2
@@ -17,7 +17,12 @@ auth_url = https://iris-iam.stfc.ac.uk/authorize
 token_url = https://iris-iam.stfc.ac.uk/token
 api_url = https://iris-iam.stfc.ac.uk/userinfo
 groups_attribute_path = groups[*]
+{% if inventory_hostname.startswith("grafana") %}
 allowed_groups = "stfc-cloud/team,stfc-cloud/admins,stfc-cloud/users"
+{% else %}
+allowed_groups = "stfc-cloud/team,stfc-cloud/admins"
+{% endif %}
+
 
 role_attribute_path=contains(groups[*], 'stfc-cloud/admins') && 'Admin' || contains(groups[*], 'stfc-cloud/team') && 'Editor' || 'Viewer'