Is grafana ready to be exposed to internet if login enabled with Google OAuth?
It’s a good question, but very complicated to answer
It depends very much on your mileage
For instance, what datasources you’re exposing, and how those are protected
Let me take an example: let’s say you are using only one elasticsearch datasource, and using openid to secure both grafana login and the datasource itself
Le’ts further say that elasticsearch is configured to use openidc with very fine grained permissions
Then I’d say you’re pretty safe : even if there’s a bug in grafana, and someone is leveraging it to access someone else’s privilege, they could only ever send commands to the datasource using the user’s privileges
What I’d really avoid doing is create some user for the datasouce that has too many privileges, and give that to grafana.ini
You could have a look at these https://www.cvedetails.com/product/47055/Grafana-Grafana.html?vendor_id=18548
It also depends on how often you upgrade your server’s software