Devenv: Add an oauth block (#51514)

* Devenv: Add an oauth block

* Adding profile to responses

Co-authored-by: Jguer <joao.guerreiro@grafana.com>

Co-authored-by: Jguer <joao.guerreiro@grafana.com>

devenv/docker/blocks/oauth/docker-build-keycloak-m1-image.sh

@@ -0,0 +1,9 @@
+#/bin/sh
+
+VERSION=12.0.1 # set version here
+
+cd /tmp
+git clone git@github.com:keycloak/keycloak-containers.git
+cd keycloak-containers/server
+git checkout $VERSION
+docker build -t "quay.io/keycloak/keycloak:${VERSION}" .

devenv/docker/blocks/oauth/docker-compose.yaml

@@ -0,0 +1,30 @@
+  oauthkeycloakdb:
+    image: postgres:12.2
+    container_name: oauthkeycloakdb
+    environment:
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: password
+    volumes:
+      - ./docker/blocks/oauth/cloak.sql:/docker-entrypoint-initdb.d/cloak.sql
+    restart: unless-stopped
+  
+  oauthkeycloak:
+    image: quay.io/keycloak/keycloak:12.0.1
+    container_name: oauthkeycloak
+    environment:
+      DB_VENDOR: POSTGRES
+      DB_ADDR: oauthkeycloakdb
+      DB_DATABASE: keycloak
+      DB_USER: keycloak
+      DB_PASSWORD: password
+      KEYCLOAK_USER: admin
+      KEYCLOAK_PASSWORD: admin
+      PROXY_ADDRESS_FORWARDING: "true"
+    ports:
+      - 8087:8080
+    depends_on:
+      - oauthkeycloakdb
+    links:
+      - "oauthkeycloakdb:oauthkeycloakdb"
+    restart: unless-stopped

devenv/docker/blocks/oauth/readme.md

@@ -0,0 +1,65 @@
+# OAUTH BLOCK
+
+## Devenv setup
+
+To launch the block, use the oauth source. Ex:
+```bash
+make devenv sources="oauth"
+```
+
+Here is the conf you need to add to your configuration file (conf/custom.ini):
+
+```ini
+[auth]
+signout_redirect_url = http://localhost:8087/auth/realms/grafana/protocol/openid-connect/logout?redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Flogin
+
+[auth.generic_oauth]
+enabled = true
+name = Keycloak-OAuth
+allow_sign_up = true
+client_id = grafana-oauth
+client_secret = d17b9ea9-bcb1-43d2-b132-d339e55872a8
+empty_scopes = true
+email_attribute_path = email
+login_attribute_path = login
+name_attribute_path = name
+auth_url = http://localhost:8087/auth/realms/grafana/protocol/openid-connect/auth
+token_url = http://localhost:8087/auth/realms/grafana/protocol/openid-connect/token
+api_url = http://localhost:8087/auth/realms/grafana/protocol/openid-connect/userinfo
+role_attribute_path = contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'
+```
+
+## Backing up keycloak DB
+
+In case you want to make changes to the devenv setup, you can dump keycloack's DB:
+
+```bash
+cd devenv;
+docker-compose exec -T oauthkeycloakdb bash -c "pg_dump -U keycloak keycloak" > docker/blocks/oauth/cloak.sql
+```
+
+## Connecting to keycloack:
+
+- keycloak admin:                     http://localhost:8087
+- keycloak admin login:               admin:admin
+- grafana oauth viewer login:          oauth-viewer:grafana
+- grafana oauth editor login:          oauth-editor:grafana
+- grafana oauth admin login:           oauth-admin:grafana
+
+# Troubleshooting
+
+## Mac M1 Users
+
+The new arm64 architecture does not build for the latest docker image of keycloack. Refer to https://github.com/docker/for-mac/issues/5310 for the issue to see if it resolved.
+Until then you need to build the docker image locally and then run `devenv`.
+
+1. Remove any lingering keycloack image
+```sh
+$ docker rmi $(docker images | grep 'keycloack')
+```
+1. Build keycloack image locally
+```sh
+$ ./docker-build-keycloack-m1-image.sh
+```
+1. Start from beginning of this readme
+