Enable LDAP authentication for Grafana

[coreymbe]

Created ldap_auth.pp to enable LDAP authentication to the dashboard.
Modified profile::master::install to install toml gem.
Created ldap.toml.epp template for LDAP config.

[puppet-community-rangefinder]

puppet_metrics_dashboard::profile::ldap_auth is a class

that may have no external impact to Forge modules.

puppet_metrics_dashboard::profile::master::install is a class

that may have no external impact to Forge modules.

This module is declared in 0 of 575 indexed public Puppetfiles.

---

These results were generated with Rangefinder, a tool that helps predict the downstream impact of breaking changes to elements used in Puppet modules. You can run this on the command line to get a full report.

Exact matches are those that we can positively identify via namespace and the declaring modules' metadata. Non-namespaced items, such as Puppet 3.x functions, will always be reported as near matches only.

[coreymbe]

I have an LDAP server already set up. So I can create a new LDAP user for the reviewer, to make things a bit easier.

[cwebster61083]

I get a duplicate class declaration error when applying this. I have included the error and the contents of my site.pp for reference.

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: Class[Puppet_metrics_dashboard] is already declared at (file: /etc/puppetlabs/code/environments/production/manifests/site.pp, line: 64); cannot redeclare (file: /etc/puppetlabs/code/environments/production/modules/puppet_metrics_dashboard/manifests/profile/ldap_auth.pp, line: 85) (file: /etc/puppetlabs/code/environments/production/modules/puppet_metrics_dashboard/manifests/profile/ldap_auth.pp, line: 85, column: 3) on node dashboard.puppetdebug.vlan

  class { 'puppet_metrics_dashboard':
    grafana_version        => '7.2.0',
    add_dashboard_examples => true,
    overwrite_dashboards   => false,
    configure_telegraf     => false,
    enable_telegraf        => false,
    influxdb_database_name => ['telegraf', 'graphite', 'puppet_metrics'],
  }

  class { 'puppet_metrics_dashboard::profile::ldap_auth':
    ldap_host          => 'windowsdc',
    ldap_bind_dn       => 'cn=queryuser,cn=Users,dc=webster,dc=prv',
    ldap_bind_password => '*******',
    ldap_search_filter => '(sAMAccountName=%s)',
    ldap_search_base   => 'dc=webster,dc=prv',
    ldap_group_dn      => 'CN=PuppetAdmins,OU=Groups,DC=webster,DC=prv',
  }

[suckatrash]

We can't add an if here, because the else below it is already part of the first if statement above. I'd suggest approaching this by setting a new variable $ldap_config with the keys / values you need and then doing an additional merge below (see line 48) so that everything ends up in the $_grafana_cfg var.

You'll also need to update spec tests in spec/classes/grafana_spec.rb because we don't currently expect ldap config to be there.

[coreymbe]

Just pushed some updates to address this.