grafana: move Aurore specific variables out of the role

This commit is contained in:
Alexandre Iooss 2021-11-27 18:29:05 +01:00
parent fdfed1a05a
commit a791cda652
2 changed files with 11 additions and 8 deletions

View file

@ -15,5 +15,10 @@
host: "re2o-ldap.adm.auro.re ldap-replica-ovh.adm.auro.re 10.128.0.21 10.128.0.149" host: "re2o-ldap.adm.auro.re ldap-replica-ovh.adm.auro.re 10.128.0.21 10.128.0.149"
bind_dn: cn=grafana,ou=service-users,dc=auro,dc=re bind_dn: cn=grafana,ou=service-users,dc=auro,dc=re
bind_password: "{{ vault_ldap_grafana_password }}" bind_password: "{{ vault_ldap_grafana_password }}"
search_base_dns: "cn=Utilisateurs,dc=auro,dc=re"
group_search_base_dns: "ou=posix,ou=groups,dc=auro,dc=re"
editors_group_dn:
- cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re
- cn=technicien,ou=posix,ou=groups,dc=auro,dc=re
roles: roles:
- grafana - grafana

View file

@ -30,12 +30,12 @@ bind_password = '{{ grafana.ldap.bind_password }}'
search_filter = "(cn=%s)" search_filter = "(cn=%s)"
# An array of base dns to search through # An array of base dns to search through
search_base_dns = ["cn=Utilisateurs,dc=auro,dc=re"] search_base_dns = ["{{ grafana.ldap.search_base_dns }}"]
## For Posix or LDAP setups that does not support member_of attribute you can define the below settings ## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
## Please check grafana LDAP docs for examples ## Please check grafana LDAP docs for examples
group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))" group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
group_search_base_dns = ["ou=posix,ou=groups,dc=auro,dc=re"] group_search_base_dns = ["{{ grafana.ldap.group_search_base_dns }}"]
group_search_filter_user_attribute = "cn" group_search_filter_user_attribute = "cn"
# Specify names of the ldap attributes your ldap uses # Specify names of the ldap attributes your ldap uses
@ -46,14 +46,12 @@ username = "cn"
member_of = "dn" member_of = "dn"
email = "mail" email = "mail"
# Editors (RT and technicien) # Editors
{% for group_dn in grafana.ldap.editors_group_dn %}
[[servers.group_mappings]] [[servers.group_mappings]]
group_dn = "cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re" group_dn = "{{ group_dn }}"
org_role = "Editor"
[[servers.group_mappings]]
group_dn = "cn=technicien,ou=posix,ou=groups,dc=auro,dc=re"
org_role = "Editor" org_role = "Editor"
{% endfor %}
# Viewers # Viewers
[[servers.group_mappings]] [[servers.group_mappings]]