From 1d8fd0a106a92c938cb6e5131c32236edd9e74c0 Mon Sep 17 00:00:00 2001 From: Marcin <56080223+mszumski-pcx@users.noreply.github.com> Date: Mon, 18 Oct 2021 18:21:06 +1000 Subject: [PATCH] Add user invite max lifetime duration parameter (#43) * Add option to configure domain and root_url in grafana config * Add external_image_storage S3 in grafana config * Revert external_image_storage settings * Update ldap.toml to work with salt 2018.3 See https://github.com/terminalmage/salt/blob/8393560642eb732f8768a9daafe42c1c592cbf82/doc/topics/releases/2018.3.0.rst * Add recurse option when creating grafana dirs. Should not hurt if they are empty and can avoid issues when moving data between servers * Make compatible with Salt 2019.2.0 * Change to items for py3 compat Signed-off-by: Felipe Zipitria * Add user_invite_max_lifetime_duration configuration parameter Co-authored-by: abednarik Co-authored-by: Felipe Zipitria Co-authored-by: Nicolas Fernandez --- _states/grafana3_dashboard.py | 2 +- grafana/files/grafana.ini | 8 ++++++-- grafana/files/ldap.toml | 2 +- grafana/map.jinja | 3 +++ grafana/server.sls | 6 ++++++ 5 files changed, 17 insertions(+), 4 deletions(-) diff --git a/_states/grafana3_dashboard.py b/_states/grafana3_dashboard.py index edd5359..e33cd11 100644 --- a/_states/grafana3_dashboard.py +++ b/_states/grafana3_dashboard.py @@ -579,7 +579,7 @@ def _dashboard_diff(_new_dashboard, _old_dashboard): def _stripped(d): '''Strip falsey entries.''' ret = {} - for k, v in six.iteritems(d): + for k, v in six.items(d): if v: ret[k] = v return ret diff --git a/grafana/files/grafana.ini b/grafana/files/grafana.ini index 6866229..2a6b8ce 100644 --- a/grafana/files/grafana.ini +++ b/grafana/files/grafana.ini @@ -29,14 +29,16 @@ http_addr = {{ server.bind.address }} http_port = {{ server.bind.port }} # The public facing domain name used to access grafana from a browser -domain = {{ server.domain }} + +domain = {{ server.server.domain }} # Redirect to correct domain if host header does not match domain # Prevents DNS rebinding attacks ;enforce_domain = false # The full public facing url -root_url = {{ server.root_url }} + +root_url = {{ server.server.root_url }} # Log web requests ;router_logging = false @@ -142,6 +144,8 @@ allow_org_create = {{ server.allow_org_create|lower }} ;auto_assign_org_role = Viewer auto_assign_org_role = {{ server.auto_assign_role }} +user_invite_max_lifetime_duration = 5d + #################################### Anonymous Auth ########################## [auth.anonymous] {%- if server.auth.engine == 'anonymous' or server.auth.get('anonymous', {}).get('enabled', False) %} diff --git a/grafana/files/ldap.toml b/grafana/files/ldap.toml index 0190ea2..f1bd80a 100644 --- a/grafana/files/ldap.toml +++ b/grafana/files/ldap.toml @@ -27,7 +27,7 @@ bind_password = "{{ ldap_params.bind_password }}" search_filter = "{{ ldap_params.user_search_filter }}" # An array of base dns to search through -search_base_dns = {{ ldap_params.user_search_base_dns }} +search_base_dns = {{ ldap_params.user_search_base_dns | yaml }} # In POSIX LDAP schemas, without memberOf attribute a secondary query must be made for groups. # This is done by enabling group_search_filter below. You must also set member_of= "cn" diff --git a/grafana/map.jinja b/grafana/map.jinja index c1b1478..c5d966e 100644 --- a/grafana/map.jinja +++ b/grafana/map.jinja @@ -14,6 +14,9 @@ Debian: data: /var/lib/grafana logs: /var/log/grafana pid_file_dir: /var/run/grafana + server: + domain: localhost + root_url: "%(protocol)s://%(domain)s:%(http_port)s/" bind: address: 0.0.0.0 port: 3000 diff --git a/grafana/server.sls b/grafana/server.sls index b13e1b4..72cac74 100644 --- a/grafana/server.sls +++ b/grafana/server.sls @@ -83,6 +83,9 @@ grafana_{{ theme_name }}_css_override: - mode: 755 - user: {{ server.user }} - group: {{ server.group }} + - recurse: + - user + - group {{server.path.logs}}: file.directory: @@ -90,6 +93,9 @@ grafana_{{ theme_name }}_css_override: - mode: 755 - user: {{ server.user }} - group: {{ server.group }} + - recurse: + - user + - group grafana_service: service.running: