grafana · wbrowne · Mar 7, 2025 · Mar 10, 2025 · Mar 12, 2025
@@ -1,7 +1,7 @@
 services:
   grafana:
     user: root
-    container_name: 'grafana-appwithrbac-app'
+    container_name: 'myorg-appwithrbac-app'
 
     build:
       context: .
@@ -19,13 +19,13 @@ services:
     cap_add:
       - SYS_PTRACE
     volumes:
-      - ../dist:/var/lib/grafana/plugins/grafana-appwithrbac-app
+      - ../dist:/var/lib/grafana/plugins/myorg-appwithrbac-app
       - ../provisioning:/etc/grafana/provisioning
-      - ..:/root/grafana-appwithrbac-app
+      - ..:/root/myorg-appwithrbac-app
 
     environment:
       NODE_ENV: development
-      GF_LOG_FILTERS: plugin.grafana-appwithrbac-app:debug
+      GF_LOG_FILTERS: plugin.myorg-appwithrbac-app:debug
       GF_LOG_LEVEL: debug
       GF_DATAPROXY_LOGGING: 1
-      GF_PLUGINS_ALLOW_LOADING_UNSIGNED_PLUGINS: grafana-appwithrbac-app
+      GF_PLUGINS_ALLOW_LOADING_UNSIGNED_PLUGINS: myorg-appwithrbac-app
@@ -5,7 +5,7 @@ user=root
 [program:grafana]
 user=root
 directory=/var/lib/grafana
-command=bash -c 'while [ ! -f /root/grafana-appwithrbac-app/dist/gpx_grafana_appwithrbac_app* ]; do sleep 1; done; /run.sh'
+command=bash -c 'while [ ! -f /root/myorg-appwithrbac-app/dist/gpx_grafana_appwithrbac_app* ]; do sleep 1; done; /run.sh'
 stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0
 redirect_stderr=true
@@ -26,7 +26,7 @@ autorestart=true
 
 [program:build-watcher]
 user=root
-command=/bin/bash -c 'while inotifywait -e modify,create,delete -r /var/lib/grafana/plugins/grafana-appwithrbac-app; do echo "Change detected, restarting delve...";supervisorctl restart delve; done'
+command=/bin/bash -c 'while inotifywait -e modify,create,delete -r /var/lib/grafana/plugins/myorg-appwithrbac-app; do echo "Change detected, restarting delve...";supervisorctl restart delve; done'
 stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0
 redirect_stderr=true
@@ -37,8 +37,8 @@ autostart=true
 [program:mage-watcher]
 user=root
 environment=PATH="/usr/local/go/bin:/root/go/bin:%(ENV_PATH)s"
-directory=/root/grafana-appwithrbac-app
-command=/bin/bash -c 'git config --global --add safe.directory /root/grafana-appwithrbac-app && mage -v watch'
+directory=/root/myorg-appwithrbac-app
+command=/bin/bash -c 'git config --global --add safe.directory /root/myorg-appwithrbac-app && mage -v watch'
 stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0
 redirect_stderr=true

@@ -30,7 +30,7 @@ To define roles, add a `roles` section to the `plugin.json` file. Here is an exa
       "name": "Patents Reader",
       "description": "Read patents",
       "permissions": [
-        {"action": "grafana-appwithrbac-app.patents:read"}
+        {"action": "myorg-appwithrbac-app.patents:read"}
       ]
     },
     "grants": ["Admin"]
@@ -40,7 +40,7 @@ To define roles, add a `roles` section to the `plugin.json` file. Here is an exa
       "name": "Research papers Reader",
       "description": "Read research papers",
       "permissions": [
-        {"action": "grafana-appwithrbac-app.papers:read"}
+        {"action": "myorg-appwithrbac-app.papers:read"}
       ]
     },
     "grants": ["Viewer"]
@@ -58,15 +58,15 @@ To protect your frontend pages behind an action check, add `action` to the inclu
     "type": "page",
     "name": "Research documents",
     "path": "/a/%PLUGIN_ID%/research-docs",
-    "action": "grafana-appwithrbac-app.papers:read",
+    "action": "myorg-appwithrbac-app.papers:read",
     "addToNav": true,
     "defaultNav": false
   },
   {
     "type": "page",
     "name": "Patents",
     "path": "/a/%PLUGIN_ID%/patents",
-    "action": "grafana-appwithrbac-app.patents:read",
+    "action": "myorg-appwithrbac-app.patents:read",
     "addToNav": true,
     "defaultNav": false
   }
@@ -82,7 +82,7 @@ If you want to protect your proxied routes behind an action check, add `reqActio
   {
     "path": "api/external/patents",
     "method": "*",
-    "reqAction": "grafana-appwithrbac-app.patents:read",
+    "reqAction": "myorg-appwithrbac-app.patents:read",
     "url": "{{ .JsonData.backendUrl }}/api/external/patents",
     "headers": [
       {
@@ -167,8 +167,8 @@ func (a *App) GetAuthZClient(req *http.Request) (authz.EnforcementClient, error)
 		// Grafana is signing the JWTs on local setups
 		JWKsURL: strings.TrimRight(grafanaURL, "/") + "/api/signing-keys/keys",
 	},
-		// Fetch all the user permission prefixed with grafana-appwithrbac-app
-		authz.WithSearchByPrefix("grafana-appwithrbac-app"),
+		// Fetch all the user permission prefixed with myorg-appwithrbac-app
+		authz.WithSearchByPrefix("myorg-appwithrbac-app"),
 		// Use a cache with a lower expiry time
 		authz.WithCache(cache.NewLocalCache(cache.Config{
 			Expiry:          10 * time.Second,
@@ -215,7 +215,7 @@ func (a *App) HasAccess(req *http.Request, action string) (bool, error) {
 ```
 
 ```go
-if hasAccess, err := a.HasAccess(req, "grafana-appwithrbac-app.patents:read"); err != nil || !hasAccess {
+if hasAccess, err := a.HasAccess(req, "myorg-appwithrbac-app.patents:read"); err != nil || !hasAccess {
   if err != nil {
     log.DefaultLogger.FromContext(req.Context()).Error("Error checking access", "error", err)
   }
@@ -238,7 +238,7 @@ import { contextSrv } from 'grafana/app/core/core';
 Then checks can be performed as follow:
 
 ```ts
-if (contextSrv.hasPermission('grafana-appwithrbac-app.papers:read')) {
+if (contextSrv.hasPermission('myorg-appwithrbac-app.papers:read')) {
   // Example: register route, display link etc...
 }
 ```

@@ -2,7 +2,7 @@ version: '3.0'
 
 services:
   grafana:
-    container_name: 'grafana-appwithrbac-app'
+    container_name: 'myorg-appwithrbac-app'
     platform: 'linux/amd64'
     build:
       context: ./.config
@@ -14,5 +14,5 @@ services:
     ports:
       - 3000:3000/tcp
     volumes:
-      - ./dist:/var/lib/grafana/plugins/grafana-appwithrbac-app
+      - ./dist:/var/lib/grafana/plugins/myorg-appwithrbac-app
       - ./provisioning:/etc/grafana/provisioning
@@ -1,5 +1,5 @@
 {
-  "name": "grafana-appwithrbac-app",
+  "name": "myorg-appwithrbac-app",
   "version": "1.0.0",
   "description": "A basic grafana app plugin defining its own permissions",
   "scripts": {

@@ -16,7 +16,7 @@ func main() {
 	// argument. This factory will be automatically called on incoming request
 	// from Grafana to create different instances of `App` (per plugin
 	// ID).
-	if err := app.Manage("grafana-appwithrbac-app", plugin.NewApp, app.ManageOpts{}); err != nil {
+	if err := app.Manage("myorg-appwithrbac-app", plugin.NewApp, app.ManageOpts{}); err != nil {
 		log.DefaultLogger.Error(err.Error())
 		os.Exit(1)
 	}

@@ -101,8 +101,8 @@ func (a *App) GetAuthZClient(req *http.Request) (authz.EnforcementClient, error)
 		// Grafana is signing the JWTs on local setups
 		JWKsURL: strings.TrimRight(grafanaURL, "/") + "/api/signing-keys/keys",
 	},
-		// Fetch all the user permission prefixed with grafana-appwithrbac-app
-		authz.WithSearchByPrefix("grafana-appwithrbac-app"),
+		// Fetch all the user permission prefixed with myorg-appwithrbac-app
+		authz.WithSearchByPrefix("myorg-appwithrbac-app"),
 		// Use a cache with a lower expiry time
 		authz.WithCache(cache.NewLocalCache(cache.Config{
 			Expiry:          10 * time.Second,

@@ -50,7 +50,7 @@ func (a *App) handlePapers(w http.ResponseWriter, req *http.Request) {
 		return
 	}
 
-	if hasAccess, err := a.HasAccess(req, "grafana-appwithrbac-app.papers:read"); err != nil || !hasAccess {
+	if hasAccess, err := a.HasAccess(req, "myorg-appwithrbac-app.papers:read"); err != nil || !hasAccess {
 		DenyAccess(w, ctxLogger, err)
 		return
 	}
@@ -111,7 +111,7 @@ func (a *App) handlePatents(w http.ResponseWriter, req *http.Request) {
 		return
 	}
 
-	if hasAccess, err := a.HasAccess(req, "grafana-appwithrbac-app.patents:read"); err != nil || !hasAccess {
+	if hasAccess, err := a.HasAccess(req, "myorg-appwithrbac-app.patents:read"); err != nil || !hasAccess {
 		DenyAccess(w, ctxLogger, err)
 		return
 	}

@@ -82,7 +82,7 @@ func TestCallResource(t *testing.T) {
 			method: http.MethodGet,
 			path:   "papers",
 			init: func(t *testing.T, m *mockAuthZClient) {
-				m.On("HasAccess", mock.Anything, "FakeId", "grafana-appwithrbac-app.papers:read", mock.Anything).Return(true, nil)
+				m.On("HasAccess", mock.Anything, "FakeId", "myorg-appwithrbac-app.papers:read", mock.Anything).Return(true, nil)
 			},
 			expStatus: http.StatusOK,
 		},
@@ -91,7 +91,7 @@ func TestCallResource(t *testing.T) {
 			method: http.MethodGet,
 			path:   "patents",
 			init: func(t *testing.T, m *mockAuthZClient) {
-				m.On("HasAccess", mock.Anything, "FakeId", "grafana-appwithrbac-app.patents:read", mock.Anything).Return(true, nil)
+				m.On("HasAccess", mock.Anything, "FakeId", "myorg-appwithrbac-app.patents:read", mock.Anything).Return(true, nil)
 			},
 			expStatus: http.StatusOK,
 		},
@@ -113,7 +113,7 @@ func TestCallResource(t *testing.T) {
 			method: http.MethodGet,
 			path:   "papers",
 			init: func(t *testing.T, m *mockAuthZClient) {
-				m.On("HasAccess", mock.Anything, "FakeId", "grafana-appwithrbac-app.papers:read", mock.Anything).Return(false, nil)
+				m.On("HasAccess", mock.Anything, "FakeId", "myorg-appwithrbac-app.papers:read", mock.Anything).Return(false, nil)
 			},
 			expStatus: http.StatusForbidden,
 		},
@@ -122,7 +122,7 @@ func TestCallResource(t *testing.T) {
 			method: http.MethodGet,
 			path:   "patents",
 			init: func(t *testing.T, m *mockAuthZClient) {
-				m.On("HasAccess", mock.Anything, "FakeId", "grafana-appwithrbac-app.patents:read", mock.Anything).Return(false, nil)
+				m.On("HasAccess", mock.Anything, "FakeId", "myorg-appwithrbac-app.patents:read", mock.Anything).Return(false, nil)
 			},
 			expStatus: http.StatusForbidden,
 		},

@@ -1,7 +1,7 @@
 apiVersion: 1
 
 apps:
-  - type: 'grafana-appwithrbac-app'
+  - type: 'myorg-appwithrbac-app'
     org_id: 1
     org_name: 'grafana'
     disabled: false
@@ -8,10 +8,10 @@ import { contextSrv } from 'grafana/app/core/core';
 
 export function App() {
   let routes = [<Route exact path={prefixRoute(ROUTES.Hello)} component={Hello} key="hello" />];
-  if (contextSrv.hasPermission('grafana-appwithrbac-app.papers:read')) {
+  if (contextSrv.hasPermission('myorg-appwithrbac-app.papers:read')) {
     routes.push(<Route exact path={prefixRoute(ROUTES.ResearchDocs)} component={ResearchDocs} key="documents" />);
   }
-  if (contextSrv.hasPermission('grafana-appwithrbac-app.patents:read')) {
+  if (contextSrv.hasPermission('myorg-appwithrbac-app.patents:read')) {
     routes.push(<Route exact path={prefixRoute(ROUTES.Patents)} component={Patents} key="patents" />);
   }
 

@@ -18,12 +18,12 @@ export function Hello() {
           <ul className={s.list}>
             <li>
               &#128196; Research Documents: Accessible to individuals with the{' '}
-              <span className={s.orange}>grafana-appwithrbac-app.papers:read</span> permission, which is granted by
+              <span className={s.orange}>myorg-appwithrbac-app.papers:read</span> permission, which is granted by
               default to <span className={s.orange}>Viewers</span>.
             </li>
             <li>
               &#x1F512; Patents: Accessible to individuals with the{' '}
-              <span className={s.orange}>grafana-appwithrbac-app.patents:read</span> permission, which is granted by
+              <span className={s.orange}>myorg-appwithrbac-app.patents:read</span> permission, which is granted by
               default to <span className={s.orange}>Administrators</span> only.
             </li>
           </ul>

@@ -36,7 +36,7 @@ export function Patents() {
       setIsLoading(true);
       setError(null);
       try {
-        const response = await fetch('/api/plugins/grafana-appwithrbac-app/resources/patents', { method: 'GET' });
+        const response = await fetch('/api/plugins/myorg-appwithrbac-app/resources/patents', { method: 'GET' });
 
         if (!response.ok) {
           throw new Error('Request failed. Status ' + response.statusText);
@@ -71,7 +71,7 @@ export function Patents() {
       <div data-testid={testIds.patents.container}>
         <div className={s.large}>
           &#x1F512; Normally restricted to <span className={s.orange}>Administrators</span> (requires{' '}
-          <span className={s.orange}>grafana-appwithrbac-app.patents:read</span>).
+          <span className={s.orange}>myorg-appwithrbac-app.patents:read</span>).
         </div>
         {content}
       </div>

@@ -36,7 +36,7 @@ export function ResearchDocs() {
       setIsLoading(true);
       setError(null);
       try {
-        const response = await fetch('/api/plugins/grafana-appwithrbac-app/resources/papers', { method: 'GET' });
+        const response = await fetch('/api/plugins/myorg-appwithrbac-app/resources/papers', { method: 'GET' });
 
         if (!response.ok) {
           throw new Error('Request failed. Status ' + response.statusText);
@@ -71,7 +71,7 @@ export function ResearchDocs() {
       <div data-testid={testIds.researchDocs.container}>
         <div className={s.large}>
           &#x1F512; Normally accessible to <span className={s.orange}>anyone</span> (requires{' '}
-          <span className={s.orange}>grafana-appwithrbac-app.papers:read</span>).
+          <span className={s.orange}>myorg-appwithrbac-app.papers:read</span>).
         </div>
         {content}
       </div>

@@ -1,10 +1,10 @@
 {
   "$schema": "https://raw.githubusercontent.com/grafana/grafana/main/docs/sources/developers/plugins/plugin.schema.json",
   "type": "app",
-  "name": "Grafana app with RBAC",
-  "id": "grafana-appwithrbac-app",
+  "name": "App with RBAC",
+  "id": "myorg-appwithrbac-app",
   "backend": true,
-  "executable": "gpx_grafana_appwithrbac_app",
+  "executable": "gpx_myorg_appwithrbac_app",
   "info": {
     "keywords": [
       "app",
@@ -42,15 +42,15 @@
       "type": "page",
       "name": "Research documents",
       "path": "/a/%PLUGIN_ID%/research-docs",
-      "action": "grafana-appwithrbac-app.papers:read",
+      "action": "myorg-appwithrbac-app.papers:read",
       "addToNav": true,
       "defaultNav": false
     },
     {
       "type": "page",
       "name": "Patents",
       "path": "/a/%PLUGIN_ID%/patents",
-      "action": "grafana-appwithrbac-app.patents:read",
+      "action": "myorg-appwithrbac-app.patents:read",
       "addToNav": true,
       "defaultNav": false
     }
@@ -62,7 +62,7 @@
         "description": "Read patents",
         "permissions": [
           {
-            "action": "grafana-appwithrbac-app.patents:read"
+            "action": "myorg-appwithrbac-app.patents:read"
           }
         ]
       },
@@ -76,7 +76,7 @@
         "description": "Read research papers",
         "permissions": [
           {
-            "action": "grafana-appwithrbac-app.papers:read"
+            "action": "myorg-appwithrbac-app.papers:read"
           }
         ]
       },

@@ -1,7 +1,7 @@
 services:
   grafana:
     user: root
-    container_name: 'grafana-appwithserviceaccount-app'
+    container_name: 'myorg-appwithserviceaccount-app'
 
     build:
       context: .
@@ -19,13 +19,13 @@ services:
     cap_add:
       - SYS_PTRACE
     volumes:
-      - ../dist:/var/lib/grafana/plugins/grafana-appwithserviceaccount-app
+      - ../dist:/var/lib/grafana/plugins/myorg-appwithserviceaccount-app
       - ../provisioning:/etc/grafana/provisioning
-      - ..:/root/grafana-appwithserviceaccount-app
+      - ..:/root/myorg-appwithserviceaccount-app
 
     environment:
       NODE_ENV: development
-      GF_LOG_FILTERS: plugin.grafana-appwithserviceaccount-app:debug
+      GF_LOG_FILTERS: plugin.myorg-appwithserviceaccount-app:debug
       GF_LOG_LEVEL: debug
       GF_DATAPROXY_LOGGING: 1
-      GF_PLUGINS_ALLOW_LOADING_UNSIGNED_PLUGINS: grafana-appwithserviceaccount-app
+      GF_PLUGINS_ALLOW_LOADING_UNSIGNED_PLUGINS: myorg-appwithserviceaccount-app