feat: add ldap auth to grafana
- add ldap_cfg section - add ldap_bind_pass to eyaml
This commit is contained in:
@@ -1,5 +1,6 @@
|
||||
# profiles::metrics::grafana
|
||||
class profiles::metrics::grafana (
|
||||
String $ldap_bind_pass,
|
||||
Stdlib::Port $http_port = 8080,
|
||||
String $app_mode = 'production',
|
||||
Boolean $allow_sign_up = false,
|
||||
@@ -65,11 +66,48 @@ class profiles::metrics::grafana (
|
||||
users => {
|
||||
allow_sign_up => $allow_sign_up,
|
||||
},
|
||||
'auth.ldap' => {
|
||||
enabled => 'true',
|
||||
config_file => '/etc/grafana/ldap.toml',
|
||||
},
|
||||
}
|
||||
|
||||
# build the ldap config hash
|
||||
$ldap_cfg = Sensitive({
|
||||
servers => [
|
||||
{ host => 'ldap.service.consul',
|
||||
port => 389,
|
||||
use_ssl => false,
|
||||
search_filter => '(uid=%s)',
|
||||
search_base_dns => [ 'dc=main,dc=unkin,dc=net' ],
|
||||
bind_dn => 'cn=svc_grafana,ou=services,ou=users,dc=main,dc=unkin,dc=net',
|
||||
bind_password => $ldap_bind_pass,
|
||||
},
|
||||
],
|
||||
'servers.attributes' => {
|
||||
name => 'givenName',
|
||||
surname => 'sn',
|
||||
username => 'uid',
|
||||
member_of => 'memberOf',
|
||||
email => 'mail',
|
||||
},
|
||||
'servers.group_mappings' => [
|
||||
{
|
||||
group_dn => 'ou=grafana_admin,ou=groups,dc=main,dc=unkin,dc=net',
|
||||
org_role => 'Admin',
|
||||
grafana_admin => true,
|
||||
},
|
||||
{
|
||||
group_dn => 'ou=grafana_user,ou=groups,dc=main,dc=unkin,dc=net',
|
||||
org_role => 'Viewer',
|
||||
}
|
||||
],
|
||||
})
|
||||
|
||||
# deploy grafana
|
||||
class { 'grafana':
|
||||
cfg => $cfg,
|
||||
cfg => $cfg,
|
||||
ldap_cfg => $ldap_cfg,
|
||||
}
|
||||
|
||||
# fix the package provided systemd service
|
||||
|
||||
Reference in New Issue
Block a user