Merge pull request #43 from covermymeds/ldap_config

add support for ldap configuration file
bfraser · Aug 7, 2015 · 4871d90 · 4871d90
2 parents 6f9d357 + 9b46f65
commit 4871d90
Show file tree

Hide file tree

Showing 6 changed files with 109 additions and 4 deletions.
diff --git a/Gemfile b/Gemfile
@@ -7,6 +7,7 @@ group :test do
   gem "rspec-puppet", :git => 'https://github.com/rodjek/rspec-puppet.git'
   gem "puppet-syntax"
   gem "puppetlabs_spec_helper"
+  gem "toml"
 end
 
 group :development do

diff --git a/README.md b/README.md
@@ -121,6 +121,57 @@ Some minor notes:
  - Keys that contains dots (like auth.google) need to be quoted.
  - The order of the keys in this hash is the same as they will be written to the configuration file. So settings that do not fall under a section will have to come before any sections in the hash.
 
+####`ldap_cfg`
+
+#####TOML note
+This option **requires** the [toml](https://github.com/toml-lang/toml) gem. Either install the gem using puppet's native gem provider, [puppetserver_gem](https://forge.puppetlabs.com/puppetlabs/puppetserver_gem), [pe_gem](https://forge.puppetlabs.com/puppetlabs/pe_gem), [pe_puppetserver_gem](https://forge.puppetlabs.com/puppetlabs/pe_puppetserver_gem), or manually using one of the following:
+```
+  # apply or puppet-master
+  gem install toml
+  # PE apply
+  /opt/puppet/bin/gem install toml
+  # AIO or PE puppetserver
+  /opt/puppet/bin/puppetserver gem install toml
+```
+
+#####cfg note
+This option by itself is not sufficient to enable LDAP configuration as it must be enabled in the main configuration file. Enable it in cfg with:
+
+```
+'auth.ldap' => {
+  enabled     => 'true',
+  config_file => '/etc/grafana/ldap.toml',
+},
+```
+
+Manages the Grafana LDAP configuration file. This hash is directly translated into the corresponding TOML file, allowing for full flexibility in generating the configuration.
+
+See the [LDAP documentation](http://docs.grafana.org/v2.1/installation/ldap/) for more information.
+
+Example:
+
+```
+ldap_cfg => {
+  servers => [
+    { host            => 'ldapserver1.domain1.com',
+      use_ssl         => true,
+      search_filter   => '(sAMAccountName=%s)',
+      search_base_dns => [ 'dc=domain1,dc=com' ],
+      bind_dn         => 'user@domain1.com',
+      bind_password   => 'passwordhere',
+    },
+  ],
+  'servers.attributes' => {
+    name      => 'givenName',
+    surname   => 'sn',
+    username  => 'sAMAccountName',
+    member_of => 'memberOf',
+    email     => 'email',
+  }
+},
+```
+
+
 #####`container_cfg`
 
 Boolean to control whether a configuration file should be generated when using the 'docker' install method. If 'true', use the 'cfg' and 'cfg_location' parameters to control creation of the file. Defaults to false.
@@ -170,7 +221,7 @@ The version of Grafana to install and manage. Defaults to the latest version of
 
 ##Advanced usage:
 
-The archive install method will create the user and a "command line" service by default. 
+The archive install method will create the user and a "command line" service by default.
 There are no extra parameters to manage user/service for archive. However, both check to see if they are defined before defining. This way you can creat your own user and service with your own specifications. (sort of overriding)
 The service can be a bit tricky, in this example below, the class sensu_install::grafana::service creates a startup script and a service{'grafana-server':}
 
@@ -184,16 +235,16 @@ Example:
     class { 'grafana':
       install_method  => 'archive',
     }
-    
+
     include sensu_install::grafana::service
-    
+
     # run your service after install/config but before grafana::service
     Class[::grafana::install]
     ->
     Class[sensu_install::grafana::service]
     ->
     Class[::grafana::service]
-    
+
 ```
 
 ##Limitations

diff --git a/manifests/config.pp b/manifests/config.pp
@@ -34,4 +34,12 @@
       fail("Installation method ${::grafana::install_method} not supported")
     }
   }
+
+  if $::grafana::ldap_cfg {
+    $ldap_cfg = $::grafana::ldap_cfg
+    file { '/etc/grafana/ldap.toml':
+      ensure  => present,
+      content => inline_template("<%= require 'toml'; TOML::Generator.new(@ldap_cfg).body %>\n"),
+    }
+  }
 }
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -66,6 +66,7 @@
   $archive_source      = $::grafana::params::archive_source,
   $cfg_location        = $::grafana::params::cfg_location,
   $cfg                 = $::grafana::params::cfg,
+  $ldap_cfg            = $::grafana::params::ldap_cfg,
   $container_cfg       = $::grafana::params::container_cfg,
   $container_params    = $::grafana::params::container_params,
   $data_dir            = $::grafana::params::data_dir,

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -6,6 +6,7 @@
 class grafana::params {
   $cfg_location        = '/etc/grafana/grafana.ini'
   $cfg                 = {}
+  $ldap_cfg            = false
   $container_cfg       = false
   $container_params    = {}
   $data_dir            = '/var/lib/grafana'

diff --git a/spec/classes/grafana_spec.rb b/spec/classes/grafana_spec.rb
@@ -249,6 +249,27 @@
             'empty' => '',
           },
         },
+        :ldap_cfg => {
+          'servers' => [
+            { 'host' => 'server1',
+              'use_ssl' => true,
+              'search_filter' => '(sAMAccountName=%s)',
+              'search_base_dns' => [ 'dc=domain1,dc=com' ],
+            },
+            { 'host' => 'server2',
+              'use_ssl' => true,
+              'search_filter' => '(sAMAccountName=%s)',
+              'search_base_dns' => [ 'dc=domain2,dc=com' ],
+            },
+          ],
+          'servers.attributes' => {
+            'name' => 'givenName',
+            'surname' => 'sn',
+            'username' => 'sAMAccountName',
+            'member_of' => 'memberOf',
+            'email' => 'email',
+          }
+        },
       }}
 
       expected = "# This file is managed by Puppet, any changes will be overwritten\n\n"\
@@ -260,6 +281,28 @@
                  "empty = \n"
 
       it { should contain_file('/etc/grafana/grafana.ini').with_content(expected) }
+
+      ldap_expected = "\n[[servers]]\n"\
+                       "host = \"server1\"\n"\
+                       "search_base_dns = [\"dc=domain1,dc=com\"]\n"\
+                       "search_filter = \"(sAMAccountName=%s)\"\n"\
+                       "use_ssl = true\n"\
+                       "\n"\
+                      "[[servers]]\n"\
+                       "host = \"server2\"\n"\
+                       "search_base_dns = [\"dc=domain2,dc=com\"]\n"\
+                       "search_filter = \"(sAMAccountName=%s)\"\n"\
+                       "use_ssl = true\n"\
+                       "\n"\
+                       "[servers.attributes]\n"\
+                       "email = \"email\"\n"\
+                       "member_of = \"memberOf\"\n"\
+                       "name = \"givenName\"\n"\
+                       "surname = \"sn\"\n"\
+                       "username = \"sAMAccountName\"\n"\
+                       "\n"
+
+      it { should contain_file('/etc/grafana/ldap.toml').with_content(ldap_expected) }
     end
   end
 end