Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Grafana datasource module : tls_ca_cert or tls_skip_verify options #36945

Merged
merged 5 commits into from
Apr 9, 2018
Merged

Grafana datasource module : tls_ca_cert or tls_skip_verify options #36945

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
46c714d
Allow to set tls_ca_cert or skip verify for grafana datasources
Mar 1, 2018
c8b8e15
version_added in documentation for new options tls_skip_verify
Mar 2, 2018
238fde3
Added default value for tls_skip_verify option in doc
Mar 20, 2018
9e34bc7
Fixed author git account
Apr 9, 2018
5bbe9a5
Updated author
dagwieers Apr 9, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
58 changes: 46 additions & 12 deletions lib/ansible/modules/monitoring/grafana_datasource.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-

# Copyright: (c) 2017, Thierry Sallé (@tsalle)
# Copyright: (c) 2017, Thierry Sallé (@seuf)
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

from __future__ import absolute_import, division, print_function
Expand All @@ -16,7 +16,7 @@
---
module: grafana_datasource
author:
- Thierry Sallé (@tsalle)
- Thierry Sallé (@seuf)
version_added: "2.5"
short_description: Manage Grafana datasources
description:
Expand Down Expand Up @@ -92,6 +92,12 @@
description:
- The TLS CA certificate for self signed certificates.
- Only used when C(tls_client_cert) and C(tls_client_key) are set.
tls_skip_verify:
Copy link
Contributor

@dagwieers dagwieers Mar 20, 2018
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The default parameter name for this used by other modules is validate_certs=no, and this defaults to yes.
(87 modules are supporting this).

Other modules also use client_cert and client_key, but there are others. It would be nice if this could be better consolidated like validate_certs.

See: http://docs.ansible.com/ansible/devel/modules/uri_module.html

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the tls_skip_verify is used for the grafana datasource certificate validation, not the grafana api certificate validation (which is configurable with the validate_certs option)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Understood. (I was only looking at the patch, so...)

description:
- Skip the TLS datasource certificate verification.
type: bool
default: False
version_added: 2.6
is_default:
description:
- Make this datasource the default one.
Expand Down Expand Up @@ -156,15 +162,35 @@
---
- name: Create elasticsearch datasource
grafana_datasource:
name: my_elastic
grafana_url: http://grafana.company.com
ds_type: elasticsearch
url: https://elasticsearch.company.com:9200
database: my-index_*
basic_auth_user: grafana
basic_auth_password: xxxxxxxx
json_data: '{"esVersion":5, "timeField": "@timestamp"}'
state: present
name: "datasource-elastic"
grafana_url: "https://grafana.company.com"
grafana_user: "admin"
grafana_password: "xxxxxx"
org_id: "1"
ds_type: "elasticisearch"
url: "https://elastic.company.com:9200"
database: "[logstash_]YYYY.MM.DD"
basic_auth_user: "grafana"
basic_auth_password: "******"
time_field: "@timestamp"
time_interval: "1m"
interval: "Daily"
es_version: 56
max_concurrent_shard_requests: 42
tls_ca_cert: "/etc/ssl/certs/ca.pem"

- name: Create influxdb datasource
grafana_datasource:
name: "datasource-influxdb"
grafana_url: "https://grafana.company.com"
grafana_user: "admin"
grafana_password: "xxxxxx"
org_id: "1"
ds_type: "influxdb"
url: "https://influx.company.com:8086"
database: "telegraf"
time_interval: ">10s"
tls_ca_cert: "/etc/ssl/certs/ca.pem"
'''

RETURN = '''
Expand Down Expand Up @@ -298,6 +324,13 @@ def grafana_create_datasource(module, data):
else:
json_data['tlsAuth'] = False
json_data['tlsAuthWithCACert'] = False
if data.get('tls_ca_cert'):
payload['secureJsonData'] = {
'tlsCACert': data['tls_ca_cert']
}

if data.get('tls_skip_verify'):
json_data['tlsSkipVerify'] = True

# datasource type related parameters
if data['ds_type'] == 'elasticsearch':
Expand Down Expand Up @@ -446,6 +479,7 @@ def main():
tls_client_cert=dict(type='str', no_log=True),
tls_client_key=dict(type='str', no_log=True),
tls_ca_cert=dict(type='str', no_log=True),
tls_skip_verify=dict(type='bool', default=False),
is_default=dict(default=False, type='bool'),
org_id=dict(default=1, type='int'),
es_version=dict(type='int', default=5, choices=[2, 5, 56]),
Expand All @@ -460,7 +494,7 @@ def main():
),
supports_check_mode=False,
required_together=[['grafana_user', 'grafana_password', 'org_id'], ['tls_client_cert', 'tls_client_key']],
mutually_exclusive=[['grafana_user', 'grafana_api_key']],
mutually_exclusive=[['grafana_user', 'grafana_api_key'], ['tls_ca_cert', 'tls_skip_verify']],
required_if=[
['ds_type', 'opentsdb', ['tsdb_version', 'tsdb_resolution']],
['ds_type', 'influxdb', ['database']],
Expand Down