Monitoring: allow access to magpie members of group monitoring (#374)

## Overview To allow accessing the various monitoring WebUI without having full blown magpie admin priviledge to add and remove users. Add existing users to this new `monitoring` group to allow them access to the various monitoring WebUI. This way, we do not need to share the `admin` user account and do not have to add them to the `administrators` group. ## Changes **Non-breaking changes** - Adds new magpie `monitoring` group when `monitoring` component is enabled
bird-house · Aug 24, 2023 · d871b62 · d871b62
2 parents 93ed91b + 9e5cbea
commit d871b62
Show file tree

Hide file tree

Showing 9 changed files with 62 additions and 19 deletions.
diff --git a/.bumpversion.cfg b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.29.1
+current_version = 1.29.2
 commit = True
 tag = False
 tag_name = {new_version}
@@ -30,11 +30,11 @@ search = {current_version}
 replace = {new_version}
 
 [bumpversion:file:RELEASE.txt]
-search = {current_version} 2023-08-15T17:18:59Z
+search = {current_version} 2023-08-24T15:56:45Z
 replace = {new_version} {utcnow:%Y-%m-%dT%H:%M:%SZ}
 
 [bumpversion:part:releaseTime]
-values = 2023-08-15T17:18:59Z
+values = 2023-08-24T15:56:45Z
 
 [bumpversion:file(version):birdhouse/config/canarie-api/docker_configuration.py.template]
 search = 'version': '{current_version}'

diff --git a/CHANGES.md b/CHANGES.md
@@ -17,6 +17,21 @@
 
 [//]: # (list changes here, using '-' for each new entry, remove this when items are added)
 
+[1.29.2](https://github.com/bird-house/birdhouse-deploy/tree/1.29.2) (2023-08-24)
+------------------------------------------------------------------------------------------------------------------
+
+## Changes
+
+- Monitoring: allow access to magpie members of group `monitoring`
+
+  To allow accessing the various monitoring WebUI without having full blown
+  magpie admin priviledge to add and remove users.
+
+  Add existing users to this new `monitoring` group to allow them access to the
+  various monitoring WebUI.  This way, we do not need to share the `admin` user
+  account and do not have to add them to the `administrators` group.
+
+
 [1.29.1](https://github.com/bird-house/birdhouse-deploy/tree/1.29.1) (2023-08-15)
 ------------------------------------------------------------------------------------------------------------------
 

diff --git a/Makefile b/Makefile
@@ -1,7 +1,7 @@
 # Generic variables
 override SHELL       := bash
 override APP_NAME    := birdhouse-deploy
-override APP_VERSION := 1.29.1
+override APP_VERSION := 1.29.2
 
 # utility to remove comments after value of an option variable
 override clean_opt = $(shell echo "$(1)" | $(_SED) -r -e "s/[ '$'\t'']+$$//g")

diff --git a/README.rst b/README.rst
@@ -14,13 +14,13 @@ for a full-fledged production platform.
     * - releases
       - | |latest-version| |commits-since|
 
-.. |commits-since| image:: https://img.shields.io/github/commits-since/bird-house/birdhouse-deploy/1.29.1.svg
+.. |commits-since| image:: https://img.shields.io/github/commits-since/bird-house/birdhouse-deploy/1.29.2.svg
     :alt: Commits since latest release
-    :target: https://github.com/bird-house/birdhouse-deploy/compare/1.29.1...master
+    :target: https://github.com/bird-house/birdhouse-deploy/compare/1.29.2...master
 
-.. |latest-version| image:: https://img.shields.io/badge/tag-1.29.1-blue.svg?style=flat
+.. |latest-version| image:: https://img.shields.io/badge/tag-1.29.2-blue.svg?style=flat
     :alt: Latest Tag
-    :target: https://github.com/bird-house/birdhouse-deploy/tree/1.29.1
+    :target: https://github.com/bird-house/birdhouse-deploy/tree/1.29.2
 
 .. |readthedocs| image:: https://readthedocs.org/projects/birdhouse-deploy/badge/?version=latest
     :alt: ReadTheDocs Build Status (latest version)

diff --git a/RELEASE.txt b/RELEASE.txt
@@ -1 +1 @@
-1.29.1 2023-08-15T17:18:59Z
+1.29.2 2023-08-24T15:56:45Z
diff --git a/birdhouse/components/README.rst b/birdhouse/components/README.rst
@@ -298,10 +298,14 @@ Usage
 - Prometheus alert rules: https://PAVICS_FQDN/prometheus/rules
 - AlertManager to manage alerts: https://PAVICS_FQDN/alertmanager
 
-The paths above are by default only accessible to a user logged in to magpie as an administrator.
-These routes provide sensitive information about the birdhouse-deploy software stack and the machine
-that it is running on. It is highly discouraged to make these routes available to anyone who is not
-an administrator.
+The paths above are by default only accessible to a user logged in to magpie as an administrator or
+as a member of group ``monitoring``.  These routes provide sensitive information about the
+birdhouse-deploy software stack and the machine that it is running on. It is highly discouraged to
+make these routes available to anyone who does not have proper access permissions.
+
+Add existing users to the ``monitoring`` group to allow them access to the various monitoring WebUI.
+This way, we do not need to share the ``admin`` user account and do not have to add them to the
+``administrators`` group, which would give them too much permissions.
 
 
 How to Enable the Component

diff --git a/birdhouse/components/monitoring/config/magpie/config.yml.template b/birdhouse/components/monitoring/config/magpie/config.yml.template
@@ -52,3 +52,27 @@ permissions:
     permission: write
     group: administrators
     action: create
+  - service: grafana
+    permission: read
+    group: monitoring
+    action: create
+  - service: grafana
+    permission: write
+    group: monitoring
+    action: create
+  - service: prometheus
+    permission: read
+    group: monitoring
+    action: create
+  - service: prometheus
+    permission: write
+    group: monitoring
+    action: create
+  - service: alertmanager
+    permission: read
+    group: monitoring
+    action: create
+  - service: alertmanager
+    permission: write
+    group: monitoring
+    action: create
diff --git a/birdhouse/config/canarie-api/docker_configuration.py.template b/birdhouse/config/canarie-api/docker_configuration.py.template
@@ -109,8 +109,8 @@ SERVICES = {
             # NOTE:
             #   Below version and release time auto-managed by 'make VERSION=x.y.z bump'.
             #   Do NOT modify it manually. See 'Tagging policy' in 'birdhouse/README.rst'.
-            'version': '1.29.1',
-            'releaseTime': '2023-08-15T17:18:59Z',
+            'version': '1.29.2',
+            'releaseTime': '2023-08-24T15:56:45Z',
             'institution': 'Ouranos',
             'researchSubject': 'Climatology',
             'supportEmail': '${SUPPORT_EMAIL}',
@@ -142,8 +142,8 @@ PLATFORMS = {
             # NOTE:
             #   Below version and release time auto-managed by 'make VERSION=x.y.z bump'.
             #   Do NOT modify it manually. See 'Tagging policy' in 'birdhouse/README.rst'.
-            'version': '1.29.1',
-            'releaseTime': '2023-08-15T17:18:59Z',
+            'version': '1.29.2',
+            'releaseTime': '2023-08-24T15:56:45Z',
             'institution': 'Ouranos',
             'researchSubject': 'Climatology',
             'supportEmail': '${SUPPORT_EMAIL}',

diff --git a/docs/source/conf.py b/docs/source/conf.py
@@ -69,9 +69,9 @@
 # built documents.
 #
 # The short X.Y version.
-version = '1.29.1'
+version = '1.29.2'
 # The full version, including alpha/beta/rc tags.
-release = '1.29.1'
+release = '1.29.2'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		1.29.1 2023-08-15T17:18:59Z
		1.29.2 2023-08-24T15:56:45Z