From 334f4e141c8176df09d1820a1396d434e87781ae Mon Sep 17 00:00:00 2001 From: Aashish Sharma Date: Thu, 5 May 2022 13:52:33 +0530 Subject: [PATCH] mgr/cephadm: Disable external snapshots in grafana This PR intends to disable the external snapshots in grafana to reduce security threats Signed-off-by: Aashish Sharma --- .../mgr/cephadm/templates/services/grafana/grafana.ini.j2 | 2 ++ src/pybind/mgr/cephadm/tests/test_services.py | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/src/pybind/mgr/cephadm/templates/services/grafana/grafana.ini.j2 b/src/pybind/mgr/cephadm/templates/services/grafana/grafana.ini.j2 index cf23802d71b7..e7e81d89a4b6 100644 --- a/src/pybind/mgr/cephadm/templates/services/grafana/grafana.ini.j2 +++ b/src/pybind/mgr/cephadm/templates/services/grafana/grafana.ini.j2 @@ -12,6 +12,8 @@ cert_key = /etc/grafana/certs/cert_key http_port = {{ http_port }} http_addr = {{ http_addr }} +[snapshots] + external_enabled = false [security] {% if not initial_admin_password %} disable_initial_admin_creation = true diff --git a/src/pybind/mgr/cephadm/tests/test_services.py b/src/pybind/mgr/cephadm/tests/test_services.py index e401c5b93d02..e59e95c7bad2 100644 --- a/src/pybind/mgr/cephadm/tests/test_services.py +++ b/src/pybind/mgr/cephadm/tests/test_services.py @@ -453,6 +453,8 @@ class TestMonitoring: cert_key = /etc/grafana/certs/cert_key http_port = 3000 http_addr = + [snapshots] + external_enabled = false [security] disable_initial_admin_creation = true cookie_secure = true @@ -531,6 +533,8 @@ class TestMonitoring: ' cert_key = /etc/grafana/certs/cert_key\n' ' http_port = 3000\n' ' http_addr = \n' + '[snapshots]\n' + ' external_enabled = false\n' '[security]\n' ' admin_user = admin\n' ' admin_password = secure\n' -- 2.47.3