From 8f1f6e9276e3fc40f7a9ef5d6f9502a287ab9794 Mon Sep 17 00:00:00 2001 From: Adam Stephens Date: Wed, 5 Aug 2015 12:25:59 -0400 Subject: [PATCH 1/2] add support for ldap configuration file --- Gemfile | 1 + README.md | 57 +++++++++++++++++++++++++++++++++--- manifests/config.pp | 8 +++++ manifests/init.pp | 1 + manifests/params.pp | 1 + spec/classes/grafana_spec.rb | 43 +++++++++++++++++++++++++++ 6 files changed, 107 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index 0cb6ddde5..5a33cdef0 100644 --- a/Gemfile +++ b/Gemfile @@ -7,6 +7,7 @@ group :test do gem "rspec-puppet", :git => 'https://github.com/rodjek/rspec-puppet.git' gem "puppet-syntax" gem "puppetlabs_spec_helper" + gem "toml" end group :development do diff --git a/README.md b/README.md index b998c9210..4448f173b 100644 --- a/README.md +++ b/README.md @@ -121,6 +121,55 @@ Some minor notes: - Keys that contains dots (like auth.google) need to be quoted. - The order of the keys in this hash is the same as they will be written to the configuration file. So settings that do not fall under a section will have to come before any sections in the hash. +####`ldap_cfg` + +#####TOML note +This option **requires** the [toml](https://github.com/toml-lang/toml) gem. Either install the gem using puppet's native gem provider, [puppetserver_gem](https://forge.puppetlabs.com/puppetlabs/puppetserver_gem), [pe_gem](https://forge.puppetlabs.com/puppetlabs/pe_gem), [pe_puppetserver_gem](https://forge.puppetlabs.com/puppetlabs/pe_puppetserver_gem), or manually using one of the following: +``` + # apply or puppet-master + gem install toml + # PE apply + /opt/puppet/bin/gem install toml + # AIO or PE puppetserver + /opt/puppet/bin/puppetserver gem install toml +``` + +#####cfg note +This option by itself is not sufficient to enable LDAP configuration as it must be enabled in the main configuration file. Enable it in cfg with: + +``` +'auth.ldap' => { + enabled => 'true', + config_file => '/etc/grafana/ldap.toml', +}, +``` + +Manages the Grafana LDAP configuration file. This hash is directly translated into the corresponding TOML file, allowing for full flexibility in generating the configuration. + +See the [LDAP documentation](http://docs.grafana.org/v2.1/installation/ldap/) for more information. + +Example: + +``` +ldap_cfg => { + servers => [ + { host => 'ldapserver1.domain1.com', + use_ssl => true, + search_filter => '(sAMAccountName=%s)', + search_base_dns => [ 'dc=domain1,dc=com' ], + }, + ], + 'servers.attributes' => { + name => 'givenName', + surname => 'sn', + username => 'sAMAccountName', + member_of => 'memberOf', + email => 'email', + } +}, +``` + + #####`container_cfg` Boolean to control whether a configuration file should be generated when using the 'docker' install method. If 'true', use the 'cfg' and 'cfg_location' parameters to control creation of the file. Defaults to false. @@ -170,7 +219,7 @@ The version of Grafana to install and manage. Defaults to the latest version of ##Advanced usage: -The archive install method will create the user and a "command line" service by default. +The archive install method will create the user and a "command line" service by default. There are no extra parameters to manage user/service for archive. However, both check to see if they are defined before defining. This way you can creat your own user and service with your own specifications. (sort of overriding) The service can be a bit tricky, in this example below, the class sensu_install::grafana::service creates a startup script and a service{'grafana-server':} @@ -184,16 +233,16 @@ Example: class { 'grafana': install_method => 'archive', } - + include sensu_install::grafana::service - + # run your service after install/config but before grafana::service Class[::grafana::install] -> Class[sensu_install::grafana::service] -> Class[::grafana::service] - + ``` ##Limitations diff --git a/manifests/config.pp b/manifests/config.pp index e1e755063..6974bb5c4 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -34,4 +34,12 @@ fail("Installation method ${::grafana::install_method} not supported") } } + + if $::grafana::ldap_cfg { + $ldap_cfg = $::grafana::ldap_cfg + file { '/etc/grafana/ldap.toml': + ensure => present, + content => inline_template("<%= require 'toml'; TOML::Generator.new(@ldap_cfg).body %>\n"), + } + } } diff --git a/manifests/init.pp b/manifests/init.pp index ca56f71c5..a56e47acc 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -66,6 +66,7 @@ $archive_source = "https://grafanarel.s3.amazonaws.com/builds/grafana-${version}.linux-x64.tar.gz", $cfg_location = $::grafana::params::cfg_location, $cfg = $::grafana::params::cfg, + $ldap_cfg = $::grafana::params::ldap_cfg, $container_cfg = $::grafana::params::container_cfg, $container_params = $::grafana::params::container_params, $data_dir = $::grafana::params::data_dir, diff --git a/manifests/params.pp b/manifests/params.pp index 3ba4bc049..b1915c2b6 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -6,6 +6,7 @@ class grafana::params { $cfg_location = '/etc/grafana/grafana.ini' $cfg = {} + $ldap_cfg = false $container_cfg = false $container_params = {} $data_dir = '/var/lib/grafana' diff --git a/spec/classes/grafana_spec.rb b/spec/classes/grafana_spec.rb index 4983663bf..6083cafbd 100644 --- a/spec/classes/grafana_spec.rb +++ b/spec/classes/grafana_spec.rb @@ -224,6 +224,27 @@ 'empty' => '', }, }, + :ldap_cfg => { + 'servers' => [ + { 'host' => 'server1', + 'use_ssl' => true, + 'search_filter' => '(sAMAccountName=%s)', + 'search_base_dns' => [ 'dc=domain1,dc=com' ], + }, + { 'host' => 'server2', + 'use_ssl' => true, + 'search_filter' => '(sAMAccountName=%s)', + 'search_base_dns' => [ 'dc=domain2,dc=com' ], + }, + ], + 'servers.attributes' => { + 'name' => 'givenName', + 'surname' => 'sn', + 'username' => 'sAMAccountName', + 'member_of' => 'memberOf', + 'email' => 'email', + } + }, }} expected = "# This file is managed by Puppet, any changes will be overwritten\n\n"\ @@ -235,6 +256,28 @@ "empty = \n" it { should contain_file('/etc/grafana/grafana.ini').with_content(expected) } + + ldap_expected = "\n[[servers]]\n"\ + "host = \"server1\"\n"\ + "search_base_dns = [\"dc=domain1,dc=com\"]\n"\ + "search_filter = \"(sAMAccountName=%s)\"\n"\ + "use_ssl = true\n"\ + "\n"\ + "[[servers]]\n"\ + "host = \"server2\"\n"\ + "search_base_dns = [\"dc=domain2,dc=com\"]\n"\ + "search_filter = \"(sAMAccountName=%s)\"\n"\ + "use_ssl = true\n"\ + "\n"\ + "[servers.attributes]\n"\ + "email = \"email\"\n"\ + "member_of = \"memberOf\"\n"\ + "name = \"givenName\"\n"\ + "surname = \"sn\"\n"\ + "username = \"sAMAccountName\"\n"\ + "\n" + + it { should contain_file('/etc/grafana/ldap.toml').with_content(ldap_expected) } end end end From 9b46f6500b94fccc6241d9d4c3c3c0107f861789 Mon Sep 17 00:00:00 2001 From: Adam Stephens Date: Fri, 7 Aug 2015 11:42:10 -0400 Subject: [PATCH 2/2] update ldap_cfg documentation --- README.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 4448f173b..8ef94fe0d 100644 --- a/README.md +++ b/README.md @@ -153,18 +153,20 @@ Example: ``` ldap_cfg => { servers => [ - { host => 'ldapserver1.domain1.com', - use_ssl => true, - search_filter => '(sAMAccountName=%s)', + { host => 'ldapserver1.domain1.com', + use_ssl => true, + search_filter => '(sAMAccountName=%s)', search_base_dns => [ 'dc=domain1,dc=com' ], + bind_dn => 'user@domain1.com', + bind_password => 'passwordhere', }, ], 'servers.attributes' => { - name => 'givenName', - surname => 'sn', - username => 'sAMAccountName', + name => 'givenName', + surname => 'sn', + username => 'sAMAccountName', member_of => 'memberOf', - email => 'email', + email => 'email', } }, ```