grafana: move Aurore specific variables out of the role

grafana.yml

@@ -15,5 +15,10 @@
         host: "re2o-ldap.adm.auro.re ldap-replica-ovh.adm.auro.re 10.128.0.21 10.128.0.149"
         bind_dn: cn=grafana,ou=service-users,dc=auro,dc=re
         bind_password: "{{ vault_ldap_grafana_password }}"
+        search_base_dns: "cn=Utilisateurs,dc=auro,dc=re"
+        group_search_base_dns: "ou=posix,ou=groups,dc=auro,dc=re"
+        editors_group_dn:
+          - cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re
+          - cn=technicien,ou=posix,ou=groups,dc=auro,dc=re
   roles:
     - grafana

roles/grafana/templates/ldap.toml.j2

@@ -30,12 +30,12 @@ bind_password = '{{ grafana.ldap.bind_password }}'
 search_filter = "(cn=%s)"
 
 # An array of base dns to search through
-search_base_dns = ["cn=Utilisateurs,dc=auro,dc=re"]
+search_base_dns = ["{{ grafana.ldap.search_base_dns }}"]
 
 ## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
 ## Please check grafana LDAP docs for examples
 group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
-group_search_base_dns = ["ou=posix,ou=groups,dc=auro,dc=re"]
+group_search_base_dns = ["{{ grafana.ldap.group_search_base_dns }}"]
 group_search_filter_user_attribute = "cn"
 
 # Specify names of the ldap attributes your ldap uses
@@ -46,14 +46,12 @@ username = "cn"
 member_of = "dn"
 email =  "mail"
 
-# Editors (RT and technicien)
+# Editors
+{% for group_dn in grafana.ldap.editors_group_dn %}
 [[servers.group_mappings]]
-group_dn = "cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re"
-org_role = "Editor"
-
-[[servers.group_mappings]]
-group_dn = "cn=technicien,ou=posix,ou=groups,dc=auro,dc=re"
+group_dn = "{{ group_dn }}"
 org_role = "Editor"
+{% endfor %}
 
 # Viewers
 [[servers.group_mappings]]