feat: add ldap auth to grafana

- add ldap_cfg section
- add ldap_bind_pass to eyaml
This commit is contained in:
2025-06-30 19:12:58 +10:00
parent d6ccb8aafe
commit 9529d74863
2 changed files with 40 additions and 1 deletions
+39 -1
View File
@@ -1,5 +1,6 @@
# profiles::metrics::grafana
class profiles::metrics::grafana (
String $ldap_bind_pass,
Stdlib::Port $http_port = 8080,
String $app_mode = 'production',
Boolean $allow_sign_up = false,
@@ -65,11 +66,48 @@ class profiles::metrics::grafana (
users => {
allow_sign_up => $allow_sign_up,
},
'auth.ldap' => {
enabled => 'true',
config_file => '/etc/grafana/ldap.toml',
},
}
# build the ldap config hash
$ldap_cfg = Sensitive({
servers => [
{ host => 'ldap.service.consul',
port => 389,
use_ssl => false,
search_filter => '(uid=%s)',
search_base_dns => [ 'dc=main,dc=unkin,dc=net' ],
bind_dn => 'cn=svc_grafana,ou=services,ou=users,dc=main,dc=unkin,dc=net',
bind_password => $ldap_bind_pass,
},
],
'servers.attributes' => {
name => 'givenName',
surname => 'sn',
username => 'uid',
member_of => 'memberOf',
email => 'mail',
},
'servers.group_mappings' => [
{
group_dn => 'ou=grafana_admin,ou=groups,dc=main,dc=unkin,dc=net',
org_role => 'Admin',
grafana_admin => true,
},
{
group_dn => 'ou=grafana_user,ou=groups,dc=main,dc=unkin,dc=net',
org_role => 'Viewer',
}
],
})
# deploy grafana
class { 'grafana':
cfg => $cfg,
cfg => $cfg,
ldap_cfg => $ldap_cfg,
}
# fix the package provided systemd service