Add user invite max lifetime duration parameter (#43)

* Add option to configure domain and root_url in grafana config

* Add external_image_storage S3 in grafana config

* Revert external_image_storage settings

* Update ldap.toml to work with salt 2018.3

See 8393560642/doc/topics/releases/2018.3.0.rst

* Add recurse option when creating grafana dirs.

Should not hurt if they are empty and can avoid issues when moving data between servers

* Make compatible with Salt 2019.2.0

* Change to items for py3 compat

Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com>

* Add user_invite_max_lifetime_duration configuration parameter

Co-authored-by: abednarik <alejandro.bednarik@gmail.com>
Co-authored-by: Felipe Zipitria <fzipitria@perceptyx.com>
Co-authored-by: Nicolas Fernandez <nookynet@gmail.com>

_states/grafana3_dashboard.py

@@ -579,7 +579,7 @@ def _dashboard_diff(_new_dashboard, _old_dashboard):
 def _stripped(d):
     '''Strip falsey entries.'''
     ret = {}
-    for k, v in six.iteritems(d):
+    for k, v in six.items(d):
         if v:
             ret[k] = v
     return ret

grafana/files/grafana.ini

@@ -29,14 +29,16 @@ http_addr = {{ server.bind.address }}
 http_port = {{ server.bind.port }}
 
 # The public facing domain name used to access grafana from a browser
-domain = {{ server.domain }}
+
+domain = {{ server.server.domain }}
 
 # Redirect to correct domain if host header does not match domain
 # Prevents DNS rebinding attacks
 ;enforce_domain = false
 
 # The full public facing url
-root_url = {{ server.root_url }}
+
+root_url = {{ server.server.root_url }}
 
 # Log web requests
 ;router_logging = false
@@ -142,6 +144,8 @@ allow_org_create = {{ server.allow_org_create|lower }}
 ;auto_assign_org_role = Viewer
 auto_assign_org_role = {{ server.auto_assign_role }}
 
+user_invite_max_lifetime_duration = 5d
+
 #################################### Anonymous Auth ##########################
 [auth.anonymous]
 {%- if server.auth.engine == 'anonymous' or server.auth.get('anonymous', {}).get('enabled', False) %}

grafana/files/ldap.toml

@@ -27,7 +27,7 @@ bind_password = "{{ ldap_params.bind_password }}"
 search_filter = "{{ ldap_params.user_search_filter }}"
 
 # An array of base dns to search through
-search_base_dns = {{ ldap_params.user_search_base_dns }}
+search_base_dns = {{ ldap_params.user_search_base_dns | yaml }}
 
 # In POSIX LDAP schemas, without memberOf attribute a secondary query must be made for groups.
 # This is done by enabling group_search_filter below. You must also set member_of= "cn"

grafana/map.jinja

@@ -14,6 +14,9 @@ Debian:
     data: /var/lib/grafana
     logs: /var/log/grafana
     pid_file_dir: /var/run/grafana
+  server:
+    domain: localhost
+    root_url: "%(protocol)s://%(domain)s:%(http_port)s/"
   bind:
     address: 0.0.0.0
     port: 3000

grafana/server.sls

@@ -83,6 +83,9 @@ grafana_{{ theme_name }}_css_override:
     - mode: 755
     - user: {{ server.user }}
     - group: {{ server.group }}
+    - recurse:
+      - user
+      - group
 
 {{server.path.logs}}:
   file.directory:
@@ -90,6 +93,9 @@ grafana_{{ theme_name }}_css_override:
     - mode: 755
     - user: {{ server.user }}
     - group: {{ server.group }}
+    - recurse:
+      - user
+      - group
 
 grafana_service:
   service.running: