Merge "Grafana: Update LDAP configuration, update volume mounts"

2018-06-26 16:30:01 +00:00 · 2018-06-26 16:30:01 +00:00 · 6adfc932d8
commit 6adfc932d8
parent 8cfe215514 497959371d
3 changed files with 39 additions and 38 deletions
--- a/grafana/templates/configmap-etc.yaml
+++ b/grafana/templates/configmap-etc.yaml
@ -28,7 +28,6 @@ limitations under the License.
 {{- $path := .Values.endpoints.oslo_db_session.path }}
 {{- $_ := printf "%s:%s%s(%s)%s" $user $pass "@tcp" $host_port $path | set .Values.conf.grafana.session "provider_config" }}
 {{- end -}}
-
 ---
 apiVersion: v1
 kind: ConfigMap
@ -42,8 +41,7 @@ data:
  grafana.ini: |
 {{ include "helm-toolkit.utils.to_ini" .Values.conf.grafana | indent 4 }}
 {{ if not (empty .Values.conf.ldap) }}
-  ldap.toml: |
-{{ .Values.conf.ldap | indent 4 }}
+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ldap.template "key" "ldap.toml") | indent 2 }}
 {{ end }}
 {{ range $key, $value := .Values.conf.dashboards }}
  {{$key}}.json: |
--- a/grafana/templates/deployment.yaml
+++ b/grafana/templates/deployment.yaml
@ -80,16 +80,16 @@ spec:
            - name: pod-etc-grafana
              mountPath: /etc/grafana
            - name: pod-provisioning-grafana
-              mountPath: /var/lib/grafana/provisioning
+              mountPath: {{ .Values.conf.grafana.paths.provisioning }}
            - name: grafana-bin
              mountPath: /tmp/grafana.sh
              subPath: grafana.sh
              readOnly: true
            - name: grafana-etc
-              mountPath: /var/lib/grafana/provisioning/dashboards/dashboards.yaml
+              mountPath: {{ .Values.conf.grafana.paths.provisioning }}/dashboards/dashboards.yaml
              subPath: dashboards.yaml
            - name: grafana-etc
-              mountPath: /var/lib/grafana/provisioning/datasources/datasources.yaml
+              mountPath: {{ .Values.conf.grafana.paths.provisioning }}/datasources/datasources.yaml
              subPath: datasources.yaml
            - name: grafana-etc
              mountPath: /etc/grafana/grafana.ini
--- a/grafana/values.yaml
+++ b/grafana/values.yaml
@ -207,11 +207,12 @@ endpoints:
      default: ldap
    auth:
      admin:
+        bind_dn: "cn=admin,dc=cluster,dc=local"
        password: password
    host_fqdn_override:
      default: null
    path:
-      default: "/ou=People,dc=cluster,dc=local"
+      default: "ou=People,dc=cluster,dc=local"
    scheme:
      default: ldap
    port:
@ -297,35 +298,39 @@ manifests:
  service_ingress: true

 conf:
-  ldap: |
-    verbose_logging = true
-
-    [[servers]]
-    host = "ldap.openstack.svc.cluster.local"
-    port = 389
-    use_ssl = false
-    start_tls = false
-    ssl_skip_verify = false
-    bind_dn = "cn=admin,dc=cluster,dc=local"
-    bind_password = 'password'
-    search_filter = "(uid=%s)"
-    search_base_dns = ["dc=cluster,dc=local"]
-    group_search_filter = "(&(objectclass=posixGroup)(memberUID=uid=%s,ou=People,dc=cluster,dc=local))"
-    group_search_base_dns = ["ou=Groups,dc=cluster,dc=local"]
-
-    [servers.attributes]
-    username = "uid"
-    surname = "sn"
-    member_of = "cn"
-    email = "mail"
-
-    [[servers.group_mappings]]
-    group_dn = "cn=admin,dc=cluster,dc=local"
-    org_role = "Admin"
-
-    [[servers.group_mappings]]
-    group_dn = "*"
-    org_role = "Editor"
+  ldap:
+    config:
+      base_dns:
+        search: "dc=cluster,dc=local"
+        group_search: "ou=Groups,dc=cluster,dc=local"
+      filters:
+        search: "(uid=%s)"
+        group_search: "(&(objectclass=posixGroup)(memberUID=uid=%s,ou=People,dc=cluster,dc=local))"
+    template: |
+      verbose_logging = false
+      [[servers]]
+      host = "{{ tuple "ldap" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}"
+      port = {{ tuple "ldap" "internal" "ldap" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+      use_ssl = false
+      start_tls = false
+      ssl_skip_verify = false
+      bind_dn = "{{ .Values.endpoints.ldap.auth.admin.bind_dn }}"
+      bind_password = "{{ .Values.endpoints.ldap.auth.admin.password }}"
+      search_filter = "{{ .Values.conf.ldap.config.filters.search }}"
+      search_base_dns = ["{{ .Values.conf.ldap.config.base_dns.search }}"]
+      group_search_filter = "{{ .Values.conf.ldap.config.filters.group_search }}"
+      group_search_base_dns = ["{{ .Values.conf.ldap.config.base_dns.group_search }}"]
+      [servers.attributes]
+      username = "uid"
+      surname = "sn"
+      member_of = "cn"
+      email = "mail"
+      [[servers.group_mappings]]
+      group_dn = "{{.Values.endpoints.ldap.auth.admin.bind_dn }}"
+      org_role = "Admin"
+      [[servers.group_mappings]]
+      group_dn = "*"
+      org_role = "Viewer"
  provisioning:
    dashboards:
      apiVersion: 1
@ -348,8 +353,6 @@ conf:
        editable: true
        url: 'http://prom-metrics.openstack.svc.cluster.local:9090'
  grafana:
-    auth.basic:
-      enabled: true
    auth.ldap:
      enabled: true
      config_file: /etc/grafana/ldap.toml