diff --git a/README.md b/README.md index d11d258..bade725 100644 --- a/README.md +++ b/README.md @@ -1,1082 +1,1191 @@ # grafana [![Build Status](https://travis-ci.org/voxpupuli/puppet-grafana.png?branch=master)](https://travis-ci.org/voxpupuli/puppet-grafana) [![Code Coverage](https://coveralls.io/repos/github/voxpupuli/puppet-grafana/badge.svg?branch=master)](https://coveralls.io/github/voxpupuli/puppet-grafana) [![Puppet Forge](https://img.shields.io/puppetforge/v/puppet/grafana.svg)](https://forge.puppetlabs.com/puppet/grafana) [![Puppet Forge - downloads](https://img.shields.io/puppetforge/dt/puppet/grafana.svg)](https://forge.puppetlabs.com/puppet/grafana) [![Puppet Forge - endorsement](https://img.shields.io/puppetforge/e/puppet/grafana.svg)](https://forge.puppetlabs.com/puppet/grafana) [![Puppet Forge - scores](https://img.shields.io/puppetforge/f/puppet/grafana.svg)](https://forge.puppetlabs.com/puppet/grafana) #### Table of Contents 1. [Overview](#overview) 1. [Module Description](#module-description) 1. [Setup](#setup) * [Requirements](#requirements) * [Beginning with Grafana](#beginning-with-grafana) 1. [Usage](#usage) * [Classes and Defined Types](#classes-and-defined-types) * [Advanced usage](#advanced-usage) 1. [Tasks](#tasks) 1. [Limitations](#limitations) 1. [Copyright and License](#copyright-and-license) ## Overview This module installs Grafana, a dashboard and graph editor for Graphite, InfluxDB and OpenTSDB. ## Module Description Version 2.x of this module is designed to work with version 2.x of Grafana. If you would like to continue to use Grafana 1.x, please use version 1.x of this module. ## Setup This module will: * Install Grafana using your preferred method: package (default), Docker container, or tar archive * Allow you to override the version of Grafana to be installed, and / or the package source * Perform basic configuration of Grafana ### Requirements * If using an operating system of the Debian-based family, and the "repo" `install_method`, you will need to ensure that [puppetlabs-apt](https://forge.puppet.com/puppetlabs/apt) version 4.x is installed. * If using Docker, you will need the [garethr/docker](https://forge.puppet.com/garethr/docker) module version 5.x ### Beginning with Grafana To install Grafana with the default parameters: ```puppet class { 'grafana': } ``` This assumes that you want to install Grafana using the 'package' method. To establish customized parameters: ```puppet class { 'grafana': install_method => 'docker', } ``` ## Usage ### Classes and Defined Types #### Class: `grafana` The Grafana module's primary class, `grafana`, guides the basic setup of Grafana on your system. ```puppet class { 'grafana': } ``` **Parameters within `grafana`:** ##### `archive_source` The download location of a tarball to use with the 'archive' install method. Defaults to the URL of the latest version of Grafana available at the time of module release. ##### `cfg_location` Configures the location to which the Grafana configuration is written. The default location is '/etc/grafana/grafana.ini'. ##### `cfg` Manages the Grafana configuration file. Grafana comes with its own default settings in a different configuration file (/opt/grafana/current/conf/defaults.ini), therefore this module does not supply any defaults. This parameter only accepts a hash as its value. Keys with hashes as values will generate sections, any other values are just plain values. The example below will result in... ```puppet class { 'grafana': cfg => { app_mode => 'production', server => { http_port => 8080, }, database => { type => 'mysql', host => '127.0.0.1:3306', name => 'grafana', user => 'root', password => '', }, users => { allow_sign_up => false, }, }, } ``` ...the following Grafana configuration: ```ini # This file is managed by Puppet, any changes will be overwritten app_mode = production [server] http_port = 8080 [database] type = sqlite3 host = 127.0.0.1:3306 name = grafana user = root password = [users] allow_sign_up = false ``` Some minor notes: * If you want empty values, just use an empty string. * Keys that contains dots (like auth.google) need to be quoted. * The order of the keys in this hash is the same as they will be written to the configuration file. So settings that do not fall under a section will have to come before any sections in the hash. #### `ldap_cfg` ##### TOML note This option **requires** the [toml](https://github.com/toml-lang/toml) gem. Either install the gem using puppet's native gem provider, [puppetserver_gem](https://forge.puppetlabs.com/puppetlabs/puppetserver_gem), [pe_gem](https://forge.puppetlabs.com/puppetlabs/pe_gem), [pe_puppetserver_gem](https://forge.puppetlabs.com/puppetlabs/pe_puppetserver_gem), or manually using one of the following: ``` # apply or puppet-master gem install toml # PE apply /opt/puppet/bin/gem install toml # AIO or PE puppetserver /opt/puppet/bin/puppetserver gem install toml ``` ##### cfg note This option by itself is not sufficient to enable LDAP configuration as it must be enabled in the main configuration file. Enable it in cfg with: ``` 'auth.ldap' => { enabled => 'true', config_file => '/etc/grafana/ldap.toml', }, ``` #### Integer note Puppet may convert integers into strings while parsing the hash and converting into toml. This can be worked around by appending 0 to an integer. Example: ``` port => 636+0, ``` Manages the Grafana LDAP configuration file. This hash is directly translated into the corresponding TOML file, allowing for full flexibility in generating the configuration. See the [LDAP documentation](http://docs.grafana.org/v2.1/installation/ldap/) for more information. #### Example LDAP config ``` ldap_cfg => { servers => [ { host => 'ldapserver1.domain1.com', port => 636+0, use_ssl => true, search_filter => '(sAMAccountName=%s)', search_base_dns => [ 'dc=domain1,dc=com' ], bind_dn => 'user@domain1.com', bind_password => 'passwordhere', }, ], 'servers.attributes' => { name => 'givenName', surname => 'sn', username => 'sAMAccountName', member_of => 'memberOf', email => 'email', } }, ``` If you want to connect to multiple LDAP servers using different configurations, use an array to enwrap the configurations as shown below. ``` ldap_cfg => [ { servers => [ { host => 'ldapserver1.domain1.com', port => 636+0, use_ssl => true, search_filter => '(sAMAccountName=%s)', search_base_dns => [ 'dc=domain1,dc=com' ], bind_dn => 'user@domain1.com', bind_password => 'passwordhere', }, ], 'servers.attributes' => { name => 'givenName', surname => 'sn', username => 'sAMAccountName', member_of => 'memberOf', email => 'email', }, 'servers.group_mappings' => [ { group_dn => cn=grafana_viewers,ou=groups,dc=domain1,dc=com org_role: Viewer } ], }, { servers => [ { host => 'ldapserver2.domain2.com', port => 389+0, use_ssl => false, start_tls => true, search_filter => '(uid=%s)', search_base_dns => [ 'dc=domain2,dc=com' ], bind_dn => 'user@domain2.com', bind_password => 'passwordhere', }, ], 'servers.attributes' => { name => 'givenName', surname => 'sn', username => 'uid', member_of => 'memberOf', email => 'mail', } 'servers.group_mappings' => [ { 'group_dn' => 'cn=grafana_admins,ou=groups,dc=domain2,dc=com', 'org_role' => 'Admin', 'grafana_admin' => true, } ], }, ] ##### # or in hiera-yaml style grafana::ldap_cfg: - servers: - host: ldapserver1.domain1.com port: 636 use_ssl: true search_filter: '(sAMAccountName=%s)' search_base_dns: ['dc=domain1,dc=com'] bind_dn: 'user@domain1.com' bind_password: 'passwordhere' servers.attributes: name: givenName surname: sn username: sAMAccountName member_of: memberOf email: email servers.group_mappings: - group_dn: cn=grafana_viewers,ou=groups,dc=domain1,dc=com org_role: Viewer - servers: - host: ldapserver2.domain2.com port: 389 use_ssl: false start_tls: true search_filter: '(uid=%s)', search_base_dns: ['dc=domain2,dc=com'] bind_dn: 'user@domain2.com' bind_password: 'passwordhere' servers.attributes: name: givenName surname: sn username: uid member_of: memberOf email: mail servers.group_mappings: - group_dn: cn=grafana_admins,ou=groups,dc=domain2,dc=com org_role: Admin grafana_admin: true ##### ``` ##### `container_cfg` Boolean to control whether a configuration file should be generated when using the 'docker' install method. If 'true', use the 'cfg' and 'cfg_location' parameters to control creation of the file. Defaults to false. ##### `container_params` A hash of parameters to use when creating the Docker container. For use with the 'docker' install method. Refer to documentation of the 'docker::run' resource in the [garethr-docker](https://github.com/garethr/garethr-docker) module for details of available parameters. Defaults to: ```puppet container_params => { 'image' => 'grafana/grafana:latest', 'ports' => '3000:3000' } ``` ##### `data_dir` The directory Grafana will use for storing its data. Defaults to '/var/lib/grafana'. ##### `install_dir` The installation directory to be used with the 'archive' install method. Defaults to '/usr/share/grafana'. ##### `install_method` Controls which method to use for installing Grafana. Valid options are: 'archive', 'docker', 'repo' and 'package'. The default is 'package'. If you wish to use the 'docker' installation method, you will need to include the 'docker' class in your node's manifest / profile. If you wish to use the 'repo' installation method, you can control whether the official Grafana repositories will be used. See `manage_package_repo` below for details. ##### `manage_package_repo` Boolean. When using the 'repo' installation method, controls whether the official Grafana repositories are enabled on your host. If true, the official Grafana repositories will be enabled. If false, the module assumes you are managing your own package repository and will not set one up for you. Defaults to true. ##### `plugins` Hash. This is a passthrough to call `create_resources()` on the `grafana_plugin` resource type. ##### `package_name` The name of the package managed with the 'package' install method. Defaults to 'grafana'. ##### `package_source` The download location of a package to be used with the 'package' install method. Defaults to the URL of the latest version of Grafana available at the time of module release. ##### `provisioning_datasources` A Hash which is converted to YAML for grafana to provision data sources. See [provisioning grafana](http://docs.grafana.org/administration/provisioning/) for details and example config file. Requires grafana > v5.0.0. This is very useful with Hiera as you can provide a yaml hash/dictionary which will effectively 'passthrough' to grafana. See **Advanced Usage** for examples. ##### `provisioning_dashboards` A Hash which is converted to YAML for grafana to provision dashboards. See [provisioning grafana](http://docs.grafana.org/administration/provisioning/) for details and example config file. Requires grafana > v5.0.0. This is very useful with Hiera as you can provide a yaml hash/dictionary which will effectively 'passthrough' to grafana. See **Advanced Usage** for examples. N.B. A option named `puppetsource` may be given in the `options` hash which is not part of grafana's syntax. This option will be extracted from the hash, and used to "source" a directory of dashboards. See **Advanced Usage** for details. #### `provisioning_dashboards_file` A String that is used as the target file name for the dashabords provisioning file. This way the module can be used to generate placeholder files so password can be sepecified in a different iteration, avoiding them to be put in the module code. #### `provisioning_datasources_file` A String that is used as the target file name for the datasources provisioning file. This way the module can be used to generate placeholder files so password can be sepecified in a different iteration, avoiding them to be put in the module code. ##### `rpm_iteration` Used when installing Grafana from package ('package' or 'repo' install methods) on Red Hat based systems. Defaults to '1'. It should not be necessary to change this in most cases. ##### `service_name` The name of the service managed with the 'archive' and 'package' install methods. Defaults to 'grafana-server'. ##### `version` The version of Grafana to install and manage. Defaults to 'installed' ##### `sysconfig_location` The RPM and DEB packages bring with them the default environment files for the services. The default location of this file for Debian is /etc/default/grafana-server and for RedHat /etc/sysconfig/grafana-server. ##### `sysconfig` A hash of environment variables for the service. This only has an effect for installations with RPM and DEB packages (if install_method is set to 'package' or 'repo'). Example: ```puppet sysconfig => { 'http_proxy' => 'http://proxy.example.com', } ``` ### Advanced usage The archive install method will create the user and a "command line" service by default. There are no extra parameters to manage user/service for archive. However, both check to see if they are defined before defining. This way you can create your own user and service with your own specifications. (sort of overriding) The service can be a bit tricky, in this example below, the class sensu_install::grafana::service creates a startup script and a service{'grafana-server':} Example: ```puppet user { 'grafana': ensure => present, uid => '1234', } -> class { 'grafana': install_method => 'archive', } include sensu_install::grafana::service # run your service after install/config but before grafana::service Class[::grafana::install] -> Class[sensu_install::grafana::service] -> Class[::grafana::service] ``` #### Using a sub-path for Grafana API If you are using a sub-path for the Grafana API, you will need to set the `grafana_api_path` parameter for the following custom types: - `grafana_dashboard` - `grafana_datasource` - `grafana_organization` - `grafana_user` - `grafana_folder` +- `grafana_team` +- `grafana_membership` For instance, if your sub-path is `/grafana`, the `grafana_api_path` must be set to `/grafana/api`. Do not add a trailing `/` (slash) at the end of the value. If you are not using sub-paths, you do not need to set this parameter. #### Custom Types and Providers The module includes several custom types: #### `grafana_organization` In order to use the organization resource, add the following to your manifest: ```puppet grafana_organization { 'example_org': grafana_url => 'http://localhost:3000', grafana_user => 'admin', grafana_password => '5ecretPassw0rd', } ``` `grafana_url`, `grafana_user`, and `grafana_password` are required to create organizations via the API. `name` is optional if the name will differ from example_org above. `address` is an optional parameter that requires a hash. Address settings are `{"address1":"","address2":"","city":"","zipCode":"","state":"","country":""}` +#### `grafana_team` + +In order to use the team resource, add the following to your manifest: + +```puppet +grafana_team { 'example_team': + grafana_url => 'http://localhost:3000', + grafana_user => 'admin', + grafana_password => '5ecretPassw0rd', + home_dashboard => 'example_dashboard', + organization => 'example_org', +} +``` + +Organziation must exist if specified. + +`grafana_url`, `grafana_user`, and `grafana_password` are required to create teams via the API. + +`name` is optional if the name will differ from example_team above. + +`home_dashboard` is optional. Sets the home dashboard for team. Dashboard must exist. + +`organization` is optional. Defaults to `Main org.` + +`ensure` is optional. If the resource should be `present` or `absent` + +#### `grafana_dashboard_permission` + +In order to use the dashboard permission resource, add one the following to your manifest: + +add permissions for user: + +```puppet +grafana_dashboard_permission { 'example_user_permission': + grafana_url => 'http://localhost:3000', + grafana_user => 'admin', + grafana_password => '5ecretPassw0rd', + dashboard => 'example_dashboard', + user => 'example_user', + organization => 'example_org', +} +``` + +add permissions for team: + +```puppet +grafana_dashboard_permission { 'example_team_permission': + grafana_url => 'http://localhost:3000', + grafana_user => 'admin', + grafana_password => '5ecretPassw0rd', + dashboard => 'example_dashboard', + team => 'example_team', + organization => 'example_org', +} +``` + +Organziation, team, user and dashboard must exist if specified. + +`grafana_url`, `grafana_user`, and `grafana_password` are required to create teams via the API. + +`dashboard` is required. The dashboard to set permissions for. + +`user` is required if `team` not set. The user to add permissions for. + +`team` is required if `user` not set. the team to add permissions for. + +`name` is optional if the name will differ from example_team above. + +`organization` is optional. Defaults to `Main org.` + +`ensure` is optional. If the resource should be `present` or `absent` + +#### `grafana_membership` + +In order to use the membership resource, add the following to your manifest: + +```puppet +grafana_membership { 'example_membership': + grafana_url => 'http://localhost:3000', + grafana_user => 'admin', + grafana_password => '5ecretPassw0rd', + membership_type => 'team', + organization => 'example_org', + target_name => 'example_team', + user_name => 'example_user', + role => 'Viewer' + } +} +``` +A membership is the concept of a user belonging to a target - either a `team` or an `organization` + +The user and target must both exist for a membership to be created + +`grafana_url`, `grafana_user`, and `grafana_password` are required to create memberships via the API. + +`membership_type` is required. Either `team` or `organization` + +`target_name` is required. Specifies the target of the membership. + +`user_name` is required. Specifies the user that is the focus of the membership. + +`role` is required. Specifies what rights to grant the user. Either `Viewer`, `Editor` or `Admin` + +`organization` is optional when using the `membership_type` of `team`. Defaults to `Main org.` + +`ensure` is optional. If the resource should be `present` or `absent` + #### `grafana_dashboard` In order to use the dashboard resource, add the following to your manifest: ```puppet grafana_dashboard { 'example_dashboard': grafana_url => 'http://localhost:3000', grafana_user => 'admin', grafana_password => '5ecretPassw0rd', grafana_api_path => '/grafana/api', folder => 'folder-name', organization => 'NewOrg', content => template('path/to/exported/file.json'), } ``` `content` must be valid JSON, and is parsed before imported. `grafana_user` and `grafana_password` are optional, and required when authentication is enabled in Grafana. `grafana_api_path` is optional, and only used when using sub-paths for the API. `organization` is optional, and used when creating a dashboard for a specific organization. `folder` is an optional parameter, but the folder resource must exist. Example: Make sure the `grafana-server` service is up and running before creating the `grafana_dashboard` definition. One option is to use the `http_conn_validator` from the [healthcheck](https://forge.puppet.com/puppet/healthcheck) module ```puppet http_conn_validator { 'grafana-conn-validator' : host => 'localhost', port => '3000', use_ssl => false, test_url => '/public/img/grafana_icon.svg', require => Class['grafana'], } -> grafana_dashboard { 'example_dashboard': grafana_url => 'http://localhost:3000', grafana_user => 'admin', grafana_password => '5ecretPassw0rd', content => template('path/to/exported/file.json'), } ``` ##### `grafana_datasource` In order to use the datasource resource, add the following to your manifest: ```puppet grafana_datasource { 'influxdb': grafana_url => 'http://localhost:3000', grafana_user => 'admin', grafana_password => '5ecretPassw0rd', grafana_api_path => '/grafana/api', type => 'influxdb', organization => 'NewOrg', url => 'http://localhost:8086', user => 'admin', password => '1nFlux5ecret', database => 'graphite', access_mode => 'proxy', is_default => true, json_data => template('path/to/additional/config.json'), secure_json_data => template('path/to/additional/secure/config.json') } ``` Available types are: influxdb, elasticsearch, graphite, cloudwatch, mysql, opentsdb, postgres and prometheus `organization` is used to set which organization a datasource will be created on. If this parameter is not set, it will default to organization ID 1 (Main Org. by default). If the default org is deleted, organizations will need to be specified. Access mode determines how Grafana connects to the datasource, either `direct` from the browser, or `proxy` to send requests via grafana. Setting `basic_auth` to `true` will allow use of the `basic_auth_user` and `basic_auth_password` params. Authentication is optional, as are `database` and `grafana_api_path`; additional `json_data` and `secure_json_data` can be provided to allow custom configuration options. Example: Make sure the `grafana-server` service is up and running before creating the `grafana_datasource` definition. One option is to use the `http_conn_validator` from the [healthcheck](https://forge.puppet.com/puppet/healthcheck) module ```puppet http_conn_validator { 'grafana-conn-validator' : host => 'localhost', port => '3000', use_ssl => false, test_url => '/public/img/grafana_icon.svg', require => Class['grafana'], } -> grafana_datasource { 'influxdb': grafana_url => 'http://localhost:3000', grafana_user => 'admin', grafana_password => '5ecretPassw0rd', type => 'influxdb', url => 'http://localhost:8086', user => 'admin', password => '1nFlux5ecret', database => 'graphite', access_mode => 'proxy', is_default => true, json_data => template('path/to/additional/config.json'), } ``` Note that the `database` is dynamic, setting things other than "database" for separate types. Ex: for Elasticsearch it will set the Index Name. **`jsonData` Settings** Note that there are separate options for json_data / secure_json_data based on the type of datasource you create. ##### **Elasticsearch** `esVersion` - Required, either 2 or 5, set as a bare number. `timeField` - Required. By default this is @timestamp, but without setting it in jsonData, the datasource won't work without refreshing it in the GUI. `timeInterval` - Optional. A lower limit for the auto group by time interval. Recommended to be set to write frequency, for example "1m" if your data is written every minute. Example: ```puppet json_data => {"esVersion":5,"timeField":"@timestamp","timeInterval":"1m"} ``` ##### **CloudWatch** `authType` - Required. Options are `Access & Secret Key`, `Credentials File`, or `ARN`. -"keys" = Access & Secret Key -"credentials" = Credentials File -"arn" = ARN *When setting authType to `credentials`, the `database` param will set the Credentials Profile Name.* *When setting authType to `arn`, another jsonData value of `assumeRoleARN` is available, which is not required for other authType settings* `customMetricsNamespaces` - Optional. Namespaces of Custom Metrics, separated by commas within double quotes. `defaultRegion` - Required. Options are "ap-northeast-(1 or 2)", "ap-southeast-(1 or 2)", "ap-south-1", "ca-central-1", "cn-north-1", "eu-central-1", "eu-west-(1 or 2)", "sa-east-(1 or 2)", "us-east-(1 or 2)", "us-gov-west-1", "us-west-(1 or 2)". `timeField` Example: ```puppet {"authType":"arn","assumeRoleARN":"arn:aws:iam:*","customMetricsNamespaces":"Namespace1,Namespace2","defaultRegion":"us-east-1","timeField":"@timestamp"} ``` ##### **Graphite** `graphiteVersion` - Required. Available versions are `0.9` or `1.0`. `tlsAuth` - Set to `true` or `false` `tlsAuthWithCACert` - Set to `true` or `false` Example: ```puppet {"graphiteVersion":"0.9","tlsAuth":true,"tlsAuthWithCACert":false} ``` ##### **OpenTSDB** `tsdbResolution` - Required. Options are `1` or `2`. `1` = second `2` = millisecond `tsdbVersion` - Required. Options are `1`, `2`, or `3`. `1`    =    <=2.1 `2`    =    ==2.2 `3`    =    ==2.3 Example: ```puppet {"tsdbResolution:1,"tsdbVersion":3} ``` ##### **InfluxDB** N/A ##### **MySQL** N/A ##### **Prometheus** N/A ##### `grafana_plugin` An example is provided for convenience; for more details, please view the puppet strings docs. ```puppet grafana_plugin { 'grafana-simple-json-datasource': ensure => present, } ``` It is possible to specify a custom plugin repository to install a plugin. This will use the --repo option for plugin installation with grafana_cli. ```puppet grafana_plugin { 'grafana-simple-json-datasource': ensure => present, repo => 'https://nexus.company.com/grafana/plugins', } ``` ##### `grafana_folder` Creates and manages Grafana folders via the API. The following example creates a folder named 'folder1': ```puppet grafana_folder { 'folder1': ensure => present, grafana_url => 'http://localhost:3000', grafana_api_path => '/grafana/api', grafana_user => 'admin', grafana_password => '5ecretPassw0rd', } ``` `grafana_api_path` is only required if using sub-paths for the API ##### `grafana::user` Creates and manages a global grafana user via the API. ```puppet grafana_user { 'username': grafana_url => 'http://localhost:3000', grafana_api_path => '/grafana/api', grafana_user => 'admin', grafana_password => '5ecretPassw0rd', full_name => 'John Doe', password => 'Us3r5ecret', email => 'john@example.com', } ``` `grafana_api_path` is only required if using sub-paths for the API ##### `grafana::notification` Creates and manages a global alert notification channel via the API. ```puppet grafana_notification { 'channelname': grafana_url => 'http://localhost:3000', grafana_api_path => '/grafana/api', grafana_user => 'admin', grafana_password => '5ecretPassw0rd', name => 'channelname', type => 'email', is_default => false, send_reminder => false, frequency => '20m', settings => { addresses => "alerts@example.com; it@example.com" } } ``` `grafana_api_path` is only required if using sub-paths for the API Notification types and related settingsi (cf doc Grafana : https://github.com/grafana/grafana/blob/master/docs/sources/alerting/notifications.md ) : - email: - addresses: "example.com" - hipchat: - apikey : "0a0a0a0a0a0a0a0a0a0a0a" - autoResolve : true - httpMethod : "POST" - uploadImage : true - url : "https://grafana.hipchat.com" - kafka: - autoResolve : true - httpMethod : "POST" - kafkaRestProxy: "http://localhost:8082" - kafkaTopic : "topic1" - uploadImage : true - LINE: - autoResolve: true - httpMethod : "POST" - token : "token" - uploadImage: true - teams (Microsoft Teams): - autoResolve : true - httpMethod : "POST" - uploadImage :true - url : "http://example.com" - pagerduty: - autoResolve : true - httpMethod : POST - integrationKey :"0a0a0a0a0a" - uploadImage : true - prometheus-alertmanager: - autoResolve : true - httpMethod : "POST" - uploadImage : true - url : "http://localhost:9093" - sensu: - autoResolve : true - handler : "default", - httpMethod : "POST" - uploadImage : true - url : "http://sensu-api.local:4567/results" - slack: - autoResolve : true - httpMethod : "POST" - uploadImage : true - url : "http://slack.com/" - token : "0a0a0a0a0a0a0a0a0a0a0a" - threema: - api_secret : "0a0a0a0a0a0a0a0a0a0a0a" - autoResolve : true - gateway_id : "*3MAGWID" - httpMethod : "POST" - recipient_id: "YOUR3MID" - uploadImage : true - discord: - autoResolve : true, - httpMethod : "POST" - uploadImage : true - url : "https://example.com" - webhook: - autoResolve : true - httpMethod : "POST" - uploadImage : false - url : "http://localhost:8080" - telegram: - autoResolve : true - bottoken : "0a0a0a0a0a0a" - chatid : "789789789" - httpMethod : "POST" - uploadImage : true #### Provisioning Grafana [Grafana documentation on provisioning](http://docs.grafana.org/administration/provisioning/). This module will provision grafana by placing yaml files into `/etc/grafana/provisioning/datasources` and `/etc/grafana/provisioning/dashboards` by default. ##### Example datasource A puppet hash example for Prometheus. The module will place the hash as a yaml file into `/etc/gafana/provisioning/datasources/puppetprovisioned.yaml`. ```puppet class { 'grafana': provisioning_datasources => { apiVersion => 1, datasources => [ { name => 'Prometheus', type => 'prometheus', access => 'proxy', url => 'http://localhost:9090/prometheus', isDefault => true, }, ], } } ``` Here is the same configuration example as a hiera hash. ```yaml grafana::provisioning_datasources: apiVersion: 1 datasources: - name: 'Prometheus' type: 'prometheus' access: 'proxy' url: 'http://localhost:9090/prometheus' isDefault: true ``` ##### Example dashboard An example puppet hash for provisioning dashboards. The module will place the hash as a yaml file into `/etc/grafana/provisioning/dashboards/puppetprovisioned.yaml` by default. More details follow the examples. ```puppet class { 'grafana': provisioning_dashboards => { apiVersion => 1, providers => [ { name => 'default', orgId => 1, folder => '', type => 'file', disableDeletion => true, options => { path => '/var/lib/grafana/dashboards', puppetsource => 'puppet:///modules/my_custom_module/dashboards', }, }, ], } } ``` Here is the same configuraiton example as a hiera hash. ```yaml grafana::provisioning_dashboards: apiVersion: 1 providers: - name: 'default' orgId: 1 folder: '' type: file disableDeletion: true options: path: '/var/lib/grafana/dashboards' puppetsource: 'puppet:///modules/my_custom_module/dashboards' ``` In both examples above a non-grafana option named `puppetsource` has been used. When this module finds that the provisioning_dashboards hash contains keys `path` and `puppetsource` in the `options` subhash, it will do the following. * It will create the path found in `options['path']`. Note: puppet will only create the final directory of the path unless the parameter `create_subdirs_provisioning` is set to true: this defaults to false. * It will use `puppetsource` as the file resource's 'source' for the directory. * It removes the `puppetsource` key from the `options` subhash, so the subsequent yaml file for gafana does not contain this key. (The `path` key will remain.) This feature allows you to define a custom module, and place any dashboards you want provisioned in the its `files/` directory. In the example above you would put dashboards into `my_custom_module/files/dashboards` and puppet-grafana will create `/var/lib/grafana/dashboards` and provision it with the contents of `my_custom_module/files/dashboards`. Puppet's file resource may also be given a `file://` URI which may point to a locally available directory on the filesystem, typically the filesystem of the puppetserver/master. Thus you may specify a local directory with grafana dashboards you wish to provision into grafana. ##### Provisioning with dashboards from grafana.com GrafanaLabs provides lots of [dashboards that may be reused](https://grafana.com/grafana/dashboards). Those ones are **not directly usable** for provisioning (this is a Grafana issue, not a Puppet one). In order to have a "provisionable" dashboard in JSON format, you have to prepare it before adding it in your Puppet code. Here are the steps to follow: 1. Use a Grafana instance 1. Import the desired dashboard 1. Define its datasource 1. From the dashboard view: * Click the "Share dashboard" icon (top left corner of screen) * Select the "Export" tab, * Activate "Export for sharing externally" * Click "Save to file" 1. In the JSON file: * Remove the keys `__imports` and `__requires` * Replace all `${DS_PROMETHEUS}` by your datasource name 1. Once saved, you may place this JSON file in your `puppet:///modules/my_custom_module/dashboards` directory **Note:** This procedure have been tested with Grafana 6.x. It may not work for any dashboard, depending on how it's been coded. Dashboards known to be "provisionable": * [Node Exporter Server Metric](https://grafana.com/dashboards/405) * [Prometheus Blackbox Exporter](https://grafana.com/dashboards/7587) Dashboards known not to be "provisionable": * [HTTP Services Status](https://grafana.com/dashboards/4859) ## Tasks ### `change_grafana_admin_password` `old_password`: the old admin password `new_password`: the password you want to use for the admin user `uri`: `http` or `https` `port`: the port Grafana runs on locally This task can be used to change the password for the admin user in grafana ## Limitations This module has been tested on Ubuntu 14.04, using each of the 'archive', 'docker' and 'package' installation methods. Other configurations should work with minimal, if any, additional effort. ## Development This module is a fork of [bfraser/grafana](https://github.com/bfraser/puppet-grafana) maintained by [Vox Pupuli](https://voxpupuli.org/). Vox Pupuli welcomes new contributions to this module, especially those that include documentation and rspec tests. We are happy to provide guidance if necessary. Please see [CONTRIBUTING](.github/CONTRIBUTING.md) for more details. ### Authors * Bill Fraser * Vox Pupuli Team ## Copyright and License Copyright (C) 2015 Bill Fraser Bill can be contacted at: fraser@pythian.com Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. diff --git a/lib/puppet/provider/grafana_dashboard_permission/grafana.rb b/lib/puppet/provider/grafana_dashboard_permission/grafana.rb new file mode 100644 index 0000000..0e1be74 --- /dev/null +++ b/lib/puppet/provider/grafana_dashboard_permission/grafana.rb @@ -0,0 +1,249 @@ +# frozen_string_literal: true + +require 'json' + +require File.expand_path(File.join(File.dirname(__FILE__), '..', 'grafana')) + +Puppet::Type.type(:grafana_dashboard_permission).provide(:grafana, parent: Puppet::Provider::Grafana) do + desc 'Support for Grafana dashboard permissions' + + defaultfor kernel: 'Linux' + + def grafana_api_path + resource[:grafana_api_path] + end + + def set_current_organization + response = send_request 'POST', format('%s/user/using/%s', grafana_api_path, organization[:id]) + return if response.code == '200' + + raise format('Failed to switch to org %s (HTTP response: %s/%s)', organization[:id], response.code, response.body) + end + + def raise_on_error(code, message) + raise message if code != '200' + end + + def parse_response(data) + JSON.parse(data) + rescue JSON::ParserError + raise format('Fail to parse response: %s', response.body) + end + + def map_organizations(ids) + ids.map do |id| + response = send_request 'GET', format('%s/orgs/%s', grafana_api_path, id) + raise_on_error(response.code, format('Failed to retrieve organization %d (HTTP response: %s/%s)', id, response.code, response.body)) + + organization = parse_response(response.body) + { + id: organization['id'], + name: organization['name'] + } + end + end + + def organizations + response = send_request('GET', format('%s/orgs', grafana_api_path)) + raise_on_error(response.code, format('Fail to retrieve organizations (HTTP response: %s/%s)', response.code, response.body)) + organizations = JSON.parse(response.body) + map_organizations(organizations.map { |x| x['id'] }) + end + + def organization + return @organization if @organization + + org = resource[:organization] + key = org.is_a?(Numeric) || org.match(%r{/^[0-9]*$/}) ? :id : :name + @organization = organizations.find { |x| x[key] == org } + end + + def map_teams(teams) + teams['teams'].map do |team| + { + id: team['id'], + name: team['name'], + organization: team['orgId'], + membercount: team['membercount'], + permission: team['permission'], + email: team['email'] + } + end + end + + def teams + raise(format('Unknown Organization: %s', resource[:organization])) unless organization + + set_current_organization + response = send_request('GET', format('%s/teams/search', grafana_api_path)) + raise_on_error(response.code, format('Fail to retrieve teams (HTTP response: %s/%s)', response.code, response.body)) + teams = parse_response(response.body) + map_teams(teams) + end + + def team + @team ||= teams.find { |x| x[:name] == resource[:team] } + end + + def send_users_request + raise(format('Unknown Organization: %s', resource[:organization])) unless organization + + set_current_organization + response = send_request('GET', format('%s/org/users', grafana_api_path)) + raise_on_error(response.code, format('Fail to retrieve users (HTTP response: %s/%s)', response.code, response.body)) + response.body + end + + def users + users = parse_response(send_users_request) + users.map do |user| + { + id: user['userId'], + name: user['login'], + organization: user['orgId'], + role: user['role'] + } + end + end + + def user + @user ||= users.find { |x| x[:name] == resource[:user] } + end + + def dashboards + set_current_organization + search_path = { query: resource[:dashboard], type: 'dash-db' } + response = send_request('GET', format('%s/search', grafana_api_path), nil, search_path) + raise_on_error(response.code, format('Fail to retrieve dashboards (HTTP response: %s/%s)', response.code, response.body)) + dashboards = parse_response(response.body) + dashboards.map do |dashboard| + { + id: dashboard['id'], + name: dashboard['title'] + } + end + end + + def dashboard + @dashboard ||= dashboards.find { |x| x[:name] == resource[:dashboard] } + end + + def permissions + return @permissions if @permissions + raise(format('Unknown dashboard: %s', resource[:dashboard])) unless dashboard + + response = send_request('GET', format('%s/dashboards/id/%s/permissions', grafana_api_path, dashboard[:id])) + raise_on_error(response.code, format('Failed to retrieve permissions on dashboard (HTTP response: %s/%s)', response.code, response.body)) + permissions = parse_response(response.body) + @permissions = permissions.map do |permission| + { + dashboardId: permission['dashboardId'], + userId: permission['userId'], + user: permission['userLogin'], + teamId: permission['teamId'], + team: permission['team'], + permissionId: permission['permission'], + permission: permission['permissionName'], + dashboard: permission['title'], + isFolder: permission['isFolder'], + inherited: permission['inherited'] + } + end + end + + def team_permission + raise(format('Unknown team: %s for organaization: %s', resource[:team], resource[:organization])) unless team + + @team_permission ||= permissions.find { |x| x[:teamId] == team[:id] } + end + + def user_permission + raise(format('Unknown user: %s for organaization: %s', resource[:user], resource[:organization])) unless user + + @user_permission ||= permissions.find { |x| x[:userId] == user[:id] } + end + + def permission + resource[:user] ? user_permission[:permission] : team_permission[:permission] + end + + def permission=(value) + case value + when 'View' + resource[:permission] = 1 + when 'Edit' + resource[:permission] = 2 + when 'Admin' + resource[:permission] = 4 + end + save_permission + end + + def new_permission + key = resource[:user] ? :userId : :teamId + subject_id = resource[:user] ? user[:id] : team[:id] + permission = case resource[:permission] + when :View + 1 + when :Edit + 2 + when :Admin + 4 + end + raise(format('User or Team must exist')) unless subject_id + + { + key => subject_id, + 'permission' => permission + } + end + + def remove_unneeded_permissions(obj) + obj.delete_if { |k| k['dashboardId'] == -1 } + new_target = resource[:user] || resource[:team] + new_type = resource[:user] ? :user : :team + obj.delete_if { |k| k[new_type] == new_target } + obj.delete_if { |k| k[:teamId].zero? && k[:userId].zero? } + end + + def existing_permissions + perms = remove_unneeded_permissions(permissions) + perms.map do |perm| + target = perm[:userId].zero? ? perm[:teamId] : perm[:userId] + type = perm[:userId].zero? ? :teamId : :userId + { + type => target, + :permission => perm[:permissionId] + } + end + end + + def permission_data(destroy = false) + raise format('Unknown dashboard: %s', resource[:dashboard]) unless dashboard + + endpoint = format('%s/dashboards/id/%s/permissions', grafana_api_path, dashboard[:id]) + + final_permissions = destroy ? { items: existing_permissions } : { items: existing_permissions + [new_permission] } + ['POST', endpoint, final_permissions] + end + + def save_permission + response = send_request(*permission_data) + raise_on_error(response.code, format('Failed to update membership %s, (HTTP response: %s/%s)', resource, response.code, response.body)) + end + + def create + save_permission + end + + def destroy + response = send_request(*permission_data(true)) + raise_on_error(response.code, format('Failed to update membership %s, (HTTP response: %s/%s)', resource, response.code, response.body)) + end + + def exists? + raise('user or team parameter must be present') unless resource[:user] || resource[:team] + + resource[:user] ? user_permission : team_permission + end +end diff --git a/lib/puppet/provider/grafana_membership/grafana.rb b/lib/puppet/provider/grafana_membership/grafana.rb new file mode 100644 index 0000000..c76b71c --- /dev/null +++ b/lib/puppet/provider/grafana_membership/grafana.rb @@ -0,0 +1,241 @@ +# frozen_string_literal: true + +require 'json' + +require File.expand_path(File.join(File.dirname(__FILE__), '..', 'grafana')) + +Puppet::Type.type(:grafana_membership).provide(:grafana, parent: Puppet::Provider::Grafana) do + desc 'Support for Grafana memberships' + + defaultfor kernel: 'Linux' + + def map_organizations(ids) + ids.map do |id| + response = send_request 'GET', format('%s/orgs/%s', resource[:grafana_api_path], id) + raise_on_error(response.code, format('Failed to retrieve organization %d (HTTP response: %s/%s)', id, response.code, response.body)) + + organization = parse_response(response.body) + { + id: organization['id'], + name: organization['name'] + } + end + end + + def organizations + response = send_request('GET', format('%s/orgs', resource[:grafana_api_path])) + raise_on_error(response.code, format('Fail to retrieve organizations (HTTP response: %s/%s)', response.code, response.body)) + organizations = JSON.parse(response.body) + map_organizations(organizations.map { |x| x['id'] }) + end + + def organization + return @organization if @organization + + org = resource[:membership_type] == :organization ? resource[:target_name] : resource[:organization] + key = org.is_a?(Numeric) || org.match(%r{/^[0-9]*$/}) ? :id : :name + @organization = organizations.find { |x| x[key] == org } + end + + def map_teams(teams) + teams['teams'].map do |team| + { + id: team['id'], + name: team['name'], + organization: team['orgId'], + membercount: team['membercount'], + permission: team['permission'], + email: team['email'] + } + end + end + + def teams + return {} unless organization + + set_current_organization + response = send_request('GET', format('%s/teams/search', resource[:grafana_api_path])) + raise_on_error(response.code, format('Fail to retrieve teams (HTTP response: %s/%s)', response.code, response.body)) + teams = parse_response(response.body) + map_teams(teams) + end + + def team + @team ||= teams.find { |x| x[:name] == resource[:target_name] } + end + + def map_team_members(members) + members.map do |member| + { + id: member['userId'], + target_name: member['teamId'], + organization: member['orgId'] + } + end + end + + def team_members + response = send_request('GET', format('%s/teams/%s/members', resource[:grafana_api_path], @team[:id])) + raise_on_error(response.code, format('Fail to retrieve teams (HTTP response: %s/%s)', response.code, response.body)) + members = parse_response(response.body) + members ? map_team_members(members) : [] + end + + def team_member + @team_member ||= team_members.find { |x| x[:id] == @user[:id] } + end + + def raise_on_error(code, message) + raise message if code != '200' + end + + def grafana_api_path + resource[:grafana_api_path] + end + + def parse_response(data) + JSON.parse(data) + rescue JSON::ParserError + raise format('Fail to parse response: %s', response.body) + end + + def send_users_request + return '[]' unless organization + + set_current_organization + response = send_request('GET', format('%s/org/users', grafana_api_path)) + raise_on_error(response.code, format('Fail to retrieve users (HTTP response: %s/%s)', response.code, response.body)) + response.body + end + + def map_users(users) + users.map do |user| + { + id: user['userId'], + name: user['login'], + organization: user['orgId'], + role: user['role'] + } + end + end + + def users + users = parse_response(send_users_request) + map_users(users) + end + + def user + @user ||= users.find { |x| x[:name] == resource[:user_name] } + end + + def set_current_organization + response = send_request 'POST', format('%s/user/using/%s', resource[:grafana_api_path], organization[:id]) + return if response.code == '200' + + raise format('Failed to switch to org %s (HTTP response: %s/%s)', organization[:id], response.code, response.body) + end + + def role + user unless @user + return @user[:role] if @user + + nil + end + + def role=(value) + resource[:role] = value + save_membership + end + + def save_membership + send(format('save_membership_%s', resource[:membership_type])) + end + + def check_org_team_and_user_exist + raise(format('Unknown organization: %s', resource[:organization])) unless organization + + set_current_organization + raise('Unknown team or user') unless team && user + end + + def save_membership_team + check_org_team_and_user_exist + endpoint = format('%s/teams/%s/members', resource[:grafana_api_path], @team[:id]) + response = send_request('POST', endpoint, userId: @user[:id]) + raise_on_error(response.code, format('Failed to update membership %s, (HTTP response: %s/%s)', resource, response.code, response.body)) + end + + def setup_save_mem_org_data + verb = 'POST' + endpoint = format('%s/org/users', resource[:grafana_api_path]) + request_data = { + role: resource[:role], + loginOrEmail: resource[:user_name] + } + if exists? + verb = 'PATCH' + endpoint = format('%s/org/users/%s', resource[:grafana_api_path], @user[:id]) + end + [verb, endpoint, request_data] + end + + def save_membership_organization + set_current_organization + response = send_request(*setup_save_mem_org_data) + raise_on_error(response.code, format('Failed to update membership %s, (HTTP response: %s/%s)', resource, response.code, response.body)) + end + + def create + save_membership + end + + def setup_destroy_data + if resource[:membership_type] == :organization + endpoint = format('%s/org/users/%s', resource[:grafana_api_path], @user[:id]) + else # team + team unless @team + endpoint = format('%s/teams/%s/members/%s', resource[:grafana_api_path], @team[:id], @user[:id]) + end + ['DELETE', endpoint] + end + + def destroy_team_membership + return unless user && organization && team + + endpoint = format('%s/teams/%s/members/%s', resource[:grafana_api_path], @team[:id], @user[:id]) + response = send_request('DELETE', endpoint) + raise_on_error(response.code, format('Failed to delete team membership (HTTP response: %s/%s)', response.code, response.body)) + end + + def destroy_organization_membership + return unless user && organization + + endpoint = format('%s/org/users/%s', resource[:grafana_api_path], @user[:id]) + response = send_request('DELETE', endpoint) + raise_on_error(response.code, format('Failed to delete organization membership (HTTP response: %s/%s)', response.code, response.body)) + end + + def destroy + set_current_organization + resource[:membership_type] == :organization ? destroy_organization_membership : destroy_team_membership + end + + def user_in_organization? + organization + return true if @user && @organization && @user[:organization] == @organization[:id] + + false + end + + def user_in_team? + team_member if team + return true if @user && @team && @team_member + + false + end + + def exists? + user + resource[:membership_type] == :organization ? user_in_organization? : user_in_team? + end +end diff --git a/lib/puppet/provider/grafana_organization/grafana.rb b/lib/puppet/provider/grafana_organization/grafana.rb index c0fe8e9..9cf0239 100644 --- a/lib/puppet/provider/grafana_organization/grafana.rb +++ b/lib/puppet/provider/grafana_organization/grafana.rb @@ -1,102 +1,107 @@ require 'json' require File.expand_path(File.join(File.dirname(__FILE__), '..', 'grafana')) Puppet::Type.type(:grafana_organization).provide(:grafana, parent: Puppet::Provider::Grafana) do desc 'Support for Grafana organizations' defaultfor kernel: 'Linux' def organizations response = send_request('GET', format('%s/orgs', resource[:grafana_api_path])) if response.code != '200' raise format('Failed to retrieve organizations (HTTP response: %s/%s)', response.code, response.body) end begin organizations = JSON.parse(response.body) organizations.map { |x| x['id'] }.map do |id| response = send_request 'GET', format('%s/orgs/%s', resource[:grafana_api_path], id) if response.code != '200' raise format('Failed to retrieve organization %d (HTTP response: %s/%s)', id, response.code, response.body) end organization = JSON.parse(response.body) { id: organization['id'], name: organization['name'], address: organization['address'] } end rescue JSON::ParserError raise format('Failed to parse response: %s', response.body) end end def organization unless @organization @organization = organizations.find { |x| x[:name] == resource[:name] } end @organization end attr_writer :organization # rubocop:enable Style/PredicateName def id organization[:id] end def id=(value) resource[:id] = value save_organization end def address organization[:json_data] end def address=(value) resource[:address] = value save_organization end def save_organization data = { id: resource[:id], name: resource[:name], address: resource[:address] } response = send_request('POST', format('%s/orgs', resource[:grafana_api_path]), data) if organization.nil? if response.code != '200' raise format('Failed to create save %s (HTTP response: %s/%s)', resource[:name], response.code, response.body) end self.organization = nil end def delete_organization response = send_request 'DELETE', format('%s/orgs/%s', resource[:grafana_api_path], organization[:id]) if response.code != '200' raise format('Failed to delete organization %s (HTTP response: %s/%s)', resource[:name], response.code, response.body) end + # change back to default organization + response = send_request 'POST', format('%s/user/using/1', resource[:grafana_api_path]) + unless response.code == '200' + raise format('Failed to switch to org %s (HTTP response: %s/%s)', fetch_organization[:id], response.code, response.body) + end self.organization = nil end def create save_organization end def destroy delete_organization end def exists? organization end end diff --git a/lib/puppet/provider/grafana_team/grafana.rb b/lib/puppet/provider/grafana_team/grafana.rb new file mode 100644 index 0000000..3719347 --- /dev/null +++ b/lib/puppet/provider/grafana_team/grafana.rb @@ -0,0 +1,233 @@ +# frozen_string_literal: true + +require 'json' + +require File.expand_path(File.join(File.dirname(__FILE__), '..', 'grafana')) + +Puppet::Type.type(:grafana_team).provide(:grafana, parent: Puppet::Provider::Grafana) do + desc 'Support for Grafana permissions' + + defaultfor kernel: 'Linux' + + def raise_on_error(code, message) + raise message if code != '200' + end + + def parse_response(data) + JSON.parse(data) + rescue JSON::ParserError + raise format('Fail to parse response: %s', response.body) + end + + def map_organizations(ids) + ids.map do |id| + response = send_request 'GET', format('%s/orgs/%s', resource[:grafana_api_path], id) + raise_on_error(response.code, format('Failed to retrieve organization %d (HTTP response: %s/%s)', id, response.code, response.body)) + + organization = parse_response(response.body) + { + id: organization['id'], + name: organization['name'] + } + end + end + + def organizations + response = send_request('GET', format('%s/orgs', resource[:grafana_api_path])) + raise_on_error(response.code, format('Fail to retrieve organizations (HTTP response: %s/%s)', response.code, response.body)) + organizations = JSON.parse(response.body) + map_organizations(organizations.map { |x| x['id'] }) + end + + def organization + return @organization if @organization + + org = resource[:organization] || resource[:target_name] + key = org.is_a?(Numeric) || org.match(%r{/^[0-9]*$/}) ? :id : :name + @organization = organizations.find { |x| x[key] == org } + end + + def map_teams(teams) + teams['teams'].map do |team| + { + id: team['id'], + name: team['name'], + organization: team['orgId'], + membercount: team['membercount'], + permission: team['permission'], + email: team['email'] + } + end + end + + def teams + return [] unless organization + + set_current_organization + response = send_request('GET', format('%s/teams/search', resource[:grafana_api_path])) + raise_on_error(response.code, format('Fail to retrieve teams (HTTP response: %s/%s)', response.code, response.body)) + teams = parse_response(response.body) + map_teams(teams) + end + + def team + @team ||= teams.find { |x| x[:name] == resource[:name] } + end + + def map_preferences(preferences) + { + theme: preferences['theme'], + home_dashboard: preferences['homeDashboardId'], + timezone: preferences['timezone'] + } + end + + def preferences + team unless @team + return if @preferences + + response = send_request('GET', format('%s/teams/%s/preferences', resource[:grafana_api_path], @team[:id])) + raise_on_error(response.code, format('Fail to retrieve teams (HTTP response: %s/%s)', response.code, response.body)) + preferences = parse_response(response.body) + @preferences = map_preferences(preferences) + end + + def setup_save_preferences_data + endpoint = format('%s/teams/%s/preferences', resource[:grafana_api_path], @team[:id]) + dash = get_dashboard(resource[:home_dashboard]) + request_data = { + theme: resource[:theme], + homeDashboardId: dash[:id], + timezone: resource[:timezone] + } + ['PUT', endpoint, request_data] + end + + def save_preferences + team unless @team + set_current_organization + setup_save_preferences_data + response = send_request(*setup_save_preferences_data) + # TODO: Raise on error? + return if response.code == '200' || response.code == '412' + + raise format('Failed to update team %s, (HTTP response: %s/%s)', resource, response.code, response.body) + end + + def set_current_organization + response = send_request 'POST', format('%s/user/using/%s', resource[:grafana_api_path], organization[:id]) + return if response.code == '200' + + raise format('Failed to switch to org %s (HTTP response: %s/%s)', organization[:id], response.code, response.body) + end + + def home_dashboard + preferences unless @preferences + dash = get_dashboard(@preferences[:home_dashboard]) + return dash[:name] if dash + + nil + end + + def home_dashboard=(value) + resource[:home_dashboard] = value + save_preferences + end + + def setup_search_path(ident) + if ident.is_a?(Numeric) || ident.match(%r{/^[0-9]*$/}) + { + dashboardIds: ident, + type: 'dash-db' + } + else + { + query: ident, + type: 'dash-db' + } + end + end + + def get_dashboard(ident) + set_current_organization + return { id: 0, name: 'Default' } if ident == 0 # rubocop:disable Style/NumericPredicate + + search_path = setup_search_path(ident) + response = send_request('GET', format('%s/search', resource[:grafana_api_path]), nil, search_path) + raise_on_error(response.code, format('Fail to retrieve dashboars (HTTP response: %s/%s)', response.code, response.body)) + + dashboard = parse_response(response.body) + format_dashboard(dashboard) + end + + def format_dashboard(dashboard) + return { id: 0, name: 'Default' } unless dashboard.first + + { + id: dashboard.first['id'], + name: dashboard.first['title'] + } + end + + def theme + preferences unless @preferences + return @preferences[:theme] if @preferences + + nil + end + + def theme=(value) + resource[:theme] = value + save_preferences + end + + def timezone + preferences unless @preferences + return @preferences[:timezone] if @preferences + + nil + end + + def timezone=(value) + resource[:timezone] = value + save_preferences + end + + def setup_save_team_data + verb = 'POST' + endpoint = format('%s/teams', resource[:grafana_api_path]) + request_data = { name: resource[:name], email: resource[:email] } + if exists? + verb = 'PUT' + endpoint = format('%s/teams/%s', resource[:grafana_api_path], @team[:id]) + end + [verb, endpoint, request_data] + end + + def save_team + set_current_organization + response = send_request(*setup_save_team_data) + raise_on_error(response.code, format('Failed to update team %s, (HTTP response: %s/%s)', resource, response.code, response.body)) + end + + def create + save_team + save_preferences + end + + def destroy + return unless team + + response = send_request('DELETE', format('%s/teams/%s', resource[:grafana_api_path], @team[:id])) + return unless response.code != '200' + + raise Puppet::Error, format('Failed to delete team %s (HTTP response: %s/%s)', resource, response.code, response.body) + end + + def exists? + team + return true if @team && @team[:name] == resource[:name] + + false + end +end diff --git a/lib/puppet/type/grafana_dashboard_permission.rb b/lib/puppet/type/grafana_dashboard_permission.rb new file mode 100644 index 0000000..b626414 --- /dev/null +++ b/lib/puppet/type/grafana_dashboard_permission.rb @@ -0,0 +1,87 @@ +# frozen_string_literal: true + +Puppet::Type.newtype(:grafana_dashboard_permission) do + @doc = 'Manage dashboard permissions in Grafana' + + ensurable + + newparam(:name, namevar: true) do + desc 'The name of the permission.' + end + + newparam(:user) do + desc 'User to add the permission for' + + validate do |value| + raise ArgumentError, 'Only user or team can be set, not both' if value && @resource[:team] + end + end + + newparam(:team) do + desc 'Team to add the permission for' + + validate do |value| + raise ArgumentError, 'Only user or team can be set, not both' if value && @resource[:user] + end + end + + newparam(:dashboard) do + desc 'Dashboard to modify permissions for' + end + + newparam(:organization) do + desc 'The name of the organization to add permission for' + defaultto 'Main Org.' + end + + newparam(:grafana_api_path) do + desc 'The absolute path to the API endpoint' + defaultto '/api' + + validate do |value| + raise ArgumentError, format('%s is not a valid API path', value) unless value =~ %r{^/.*/?api$} + end + end + + newparam(:grafana_url) do + desc 'The URL of the Grafana server' + defaultto '' + + validate do |value| + raise ArgumentError, format('%s is not a valid URL', value) unless value =~ %r{^https?://} + end + end + + newparam(:grafana_user) do + desc 'The username for the Grafana server' + end + + newparam(:grafana_password) do + desc 'The password for the Grafana server' + end + + newproperty(:permission) do + desc 'The role to apply' + newvalues(:Admin, :Edit, :View) + end + + autorequire(:service) do + 'grafana-server' + end + + autorequire(:grafana_organization) do + catalog.resources.select { |r| r.is_a?(Puppet::Type.type(:grafana_organization)) } + end + + autorequire(:grafana_user) do + catalog.resources.select { |r| r.is_a?(Puppet::Type.type(:grafana_user)) } + end + + autorequire(:grafana_team) do + catalog.resources.select { |r| r.is_a?(Puppet::Type.type(:grafana_team)) } + end + + autorequire(:grafana_dashboard) do + catalog.resources.select { |r| r.is_a?(Puppet::Type.type(:grafana_dashboard)) } + end +end diff --git a/lib/puppet/type/grafana_membership.rb b/lib/puppet/type/grafana_membership.rb new file mode 100644 index 0000000..a49eecc --- /dev/null +++ b/lib/puppet/type/grafana_membership.rb @@ -0,0 +1,76 @@ +# frozen_string_literal: true + +Puppet::Type.newtype(:grafana_membership) do + @doc = 'Manage resource memberships in Grafana' + + ensurable + + newparam(:name, namevar: true) do + desc 'The name of the membership.' + end + + newparam(:user_name) do + desc 'The name of the user to add membership for' + end + + newparam(:target_name) do + desc 'The name of the target to add membership for' + end + + newparam(:organization) do + desc 'The name of the organization to add membership for (team only)' + defaultto 'Main Org.' + end + + newparam(:grafana_api_path) do + desc 'The absolute path to the API endpoint' + defaultto '/api' + + validate do |value| + raise ArgumentError, format('%s is not a valid API path', value) unless value =~ %r{^/.*/?api$} + end + end + + newparam(:grafana_url) do + desc 'The URL of the Grafana server' + defaultto '' + + validate do |value| + raise ArgumentError, format('%s is not a valid URL', value) unless value =~ %r{^https?://} + end + end + + newparam(:grafana_user) do + desc 'The username for the Grafana server' + end + + newparam(:grafana_password) do + desc 'The password for the Grafana server' + end + + newparam(:membership_type) do + desc 'The underlying type of the membership (organization, team)' + newvalues(:organization, :team) + end + + newproperty(:role) do + desc 'The role to apply to the membership (Admin, Editor, Viewer)' + newvalues(:Admin, :Editor, :Viewer) + end + + autorequire(:service) do + 'grafana-server' + end + + autorequire(:grafana_organization) do + catalog.resources.select { |r| r.is_a?(Puppet::Type.type(:grafana_organization)) } + end + + autorequire(:grafana_team) do + catalog.resources.select { |r| r.is_a?(Puppet::Type.type(:grafana_team)) } + end + + autorequire(:grafana_membership) do + catalog.resources.select { |r| r.is_a?(Puppet::Type.type(:grafana_membership)) && r['membership_type'] == :organization } if self[:membership_type] == :team + end +end diff --git a/lib/puppet/type/grafana_organization.rb b/lib/puppet/type/grafana_organization.rb index 42ac653..146a765 100644 --- a/lib/puppet/type/grafana_organization.rb +++ b/lib/puppet/type/grafana_organization.rb @@ -1,63 +1,64 @@ Puppet::Type.newtype(:grafana_organization) do @doc = 'Manage organizations in Grafana' - ensurable do - defaultvalues - defaultto :present - end + ensurable newparam(:name, namevar: true) do desc 'The name of the organization.' + + validate do |value| + raise ArgumentError, format('Unable to modify default organization') if value == 'Main Org.' + end end newparam(:grafana_api_path) do desc 'The absolute path to the API endpoint' defaultto '/api' validate do |value| unless value =~ %r{^/.*/?api$} raise ArgumentError, format('%s is not a valid API path', value) end end end newparam(:grafana_url) do desc 'The URL of the Grafana server' defaultto '' validate do |value| unless value =~ %r{^https?://} raise ArgumentError, format('%s is not a valid URL', value) end end end newparam(:grafana_user) do desc 'The username for the Grafana server' end newparam(:grafana_password) do desc 'The password for the Grafana server' end newproperty(:id) do desc 'The ID of the organization' end newproperty(:address) do desc 'Additional JSON data to configure the organization address (optional)' validate do |value| unless value.nil? || value.is_a?(Hash) raise ArgumentError, 'address should be a Hash!' end end end autorequire(:service) do 'grafana-server' end autorequire(:grafana_conn_validator) do 'grafana' end end diff --git a/lib/puppet/type/grafana_organization.rb b/lib/puppet/type/grafana_team.rb similarity index 50% copy from lib/puppet/type/grafana_organization.rb copy to lib/puppet/type/grafana_team.rb index 42ac653..e99c915 100644 --- a/lib/puppet/type/grafana_organization.rb +++ b/lib/puppet/type/grafana_team.rb @@ -1,63 +1,74 @@ -Puppet::Type.newtype(:grafana_organization) do - @doc = 'Manage organizations in Grafana' +# frozen_string_literal: true - ensurable do - defaultvalues - defaultto :present - end +Puppet::Type.newtype(:grafana_team) do + @doc = 'Manage teams in Grafana' + + ensurable newparam(:name, namevar: true) do - desc 'The name of the organization.' + desc 'The name of the team' end newparam(:grafana_api_path) do desc 'The absolute path to the API endpoint' defaultto '/api' validate do |value| unless value =~ %r{^/.*/?api$} raise ArgumentError, format('%s is not a valid API path', value) end end end newparam(:grafana_url) do desc 'The URL of the Grafana server' defaultto '' validate do |value| unless value =~ %r{^https?://} raise ArgumentError, format('%s is not a valid URL', value) end end end newparam(:grafana_user) do desc 'The username for the Grafana server' end newparam(:grafana_password) do desc 'The password for the Grafana server' end - newproperty(:id) do - desc 'The ID of the organization' + newparam(:organization) do + desc 'The organization the team belongs to' end - newproperty(:address) do - desc 'Additional JSON data to configure the organization address (optional)' + newparam(:email) do + desc 'The email for the team' + defaultto '' + end - validate do |value| - unless value.nil? || value.is_a?(Hash) - raise ArgumentError, 'address should be a Hash!' - end - end + newproperty(:home_dashboard) do + desc 'The id or name of the home dashboard' end + + newproperty(:theme) do + desc 'The theme to use for the team' + end + + newproperty(:timezone) do + desc 'The timezone to use for the team' + end + autorequire(:service) do 'grafana-server' end - autorequire(:grafana_conn_validator) do - 'grafana' + autorequire(:grafana_dashboard) do + catalog.resources.select { |r| r.is_a?(Puppet::Type.type(:grafana_dashboard)) } + end + + autorequire(:grafana_organization) do + catalog.resources.select { |r| r.is_a?(Puppet::Type.type(:grafana_organization)) } end end diff --git a/spec/grafana_dashboard_permission_type_spec.rb b/spec/grafana_dashboard_permission_type_spec.rb new file mode 100644 index 0000000..0341a88 --- /dev/null +++ b/spec/grafana_dashboard_permission_type_spec.rb @@ -0,0 +1,62 @@ +require 'spec_helper' + +describe Puppet::Type.type(:grafana_dashboard_permission) do + let(:gpermission) do + described_class.new( + title: 'foo_title', + grafana_url: 'http://example.com/', + grafana_api_path: '/api', + user: 'foo_user', + dashboard: 'foo_dashboard', + permission: 'View', + ensure: :present + ) + end + + context 'when setting parameters' do + it "fails if grafana_url isn't HTTP-based" do + expect do + described_class.new title: 'foo_title', name: 'foo', grafana_url: 'example.com', ensure: :present + end.to raise_error(Puppet::Error, %r{not a valid URL}) + end + + it "fails if grafana_api_path isn't properly formed" do + expect do + described_class.new title: 'foo_title', grafana_url: 'http://example.com', grafana_api_path: '/invalidpath', ensure: :present + end.to raise_error(Puppet::Error, %r{not a valid API path}) + end + + it 'fails if both user and team set' do + expect do + described_class.new title: 'foo title', user: 'foo_user', team: 'foo_team' + end.to raise_error(Puppet::Error, %r{Only user or team can be set, not both}) + end + + # rubocop:disable RSpec/MultipleExpectations + it 'accepts valid parameters' do + expect(gpermission[:user]).to eq('foo_user') + expect(gpermission[:grafana_api_path]).to eq('/api') + expect(gpermission[:grafana_url]).to eq('http://example.com/') + expect(gpermission[:dashboard]).to eq('foo_dashboard') + end + # rubocop:enable RSpec/MultipleExpectations + + it 'autorequires the grafana-server for proper ordering' do + catalog = Puppet::Resource::Catalog.new + service = Puppet::Type.type(:service).new(name: 'grafana-server') + catalog.add_resource service + catalog.add_resource gpermission + + relationship = gpermission.autorequire.find do |rel| + (rel.source.to_s == 'Service[grafana-server]') && (rel.target.to_s == gpermission.to_s) + end + expect(relationship).to be_a Puppet::Relationship + end + + it 'does not autorequire the service it is not managed' do + catalog = Puppet::Resource::Catalog.new + catalog.add_resource gpermission + expect(gpermission.autorequire).to be_empty + end + end +end diff --git a/spec/grafana_membership_type_spec.rb b/spec/grafana_membership_type_spec.rb new file mode 100644 index 0000000..31ded64 --- /dev/null +++ b/spec/grafana_membership_type_spec.rb @@ -0,0 +1,64 @@ +require 'spec_helper' + +describe Puppet::Type.type(:grafana_membership) do + let(:gmembership) do + described_class.new( + title: 'foo_title', + user_name: 'foo_user', + target_name: 'foo_target', + grafana_url: 'http://example.com/', + grafana_api_path: '/api', + membership_type: 'organization', + role: 'Viewer', + ensure: :present + ) + end + + context 'when setting parameters' do + it "fails if grafana_url isn't HTTP-based" do + expect do + described_class.new title: 'foo_title', name: 'foo', grafana_url: 'example.com', ensure: :present + end.to raise_error(Puppet::Error, %r{not a valid URL}) + end + + it "fails if grafana_api_path isn't properly formed" do + expect do + described_class.new title: 'foo_title', grafana_url: 'http://example.com', grafana_api_path: '/invalidpath', ensure: :present + end.to raise_error(Puppet::Error, %r{not a valid API path}) + end + + it 'fails if membership type not valid' do + expect do + described_class.new title: 'foo title', membership_type: 'foo' + end.to raise_error(Puppet::Error, %r{Invalid value "foo"}) + end + + # rubocop:disable RSpec/MultipleExpectations + it 'accepts valid parameters' do + expect(gmembership[:user_name]).to eq('foo_user') + expect(gmembership[:target_name]).to eq('foo_target') + expect(gmembership[:grafana_api_path]).to eq('/api') + expect(gmembership[:grafana_url]).to eq('http://example.com/') + expect(gmembership[:membership_type]).to eq(:organization) + end + # rubocop:enable RSpec/MultipleExpectations + + it 'autorequires the grafana-server for proper ordering' do + catalog = Puppet::Resource::Catalog.new + service = Puppet::Type.type(:service).new(name: 'grafana-server') + catalog.add_resource service + catalog.add_resource gmembership + + relationship = gmembership.autorequire.find do |rel| + (rel.source.to_s == 'Service[grafana-server]') && (rel.target.to_s == gmembership.to_s) + end + expect(relationship).to be_a Puppet::Relationship + end + + it 'does not autorequire the service it is not managed' do + catalog = Puppet::Resource::Catalog.new + catalog.add_resource gmembership + expect(gmembership.autorequire).to be_empty + end + end +end diff --git a/spec/unit/puppet/type/grafana_team_type_spec.rb b/spec/unit/puppet/type/grafana_team_type_spec.rb new file mode 100644 index 0000000..0f01c1b --- /dev/null +++ b/spec/unit/puppet/type/grafana_team_type_spec.rb @@ -0,0 +1,51 @@ +require 'spec_helper' + +describe Puppet::Type.type(:grafana_team) do + let(:gteam) do + described_class.new( + name: 'foo', + grafana_url: 'http://example.com', + grafana_user: 'admin', + grafana_password: 'admin', + home_dashboard: 'foo_dashboard', + organization: 'foo_organization' + ) + end + + context 'when setting parameters' do + it "fails if grafana_url isn't HTTP-based" do + expect do + described_class.new name: 'foo', grafana_url: 'example.com', content: '{}', ensure: :present + end.to raise_error(Puppet::Error, %r{not a valid URL}) + end + + # rubocop:disable RSpec/MultipleExpectations + it 'accepts valid parameters' do + expect(gteam[:name]).to eq('foo') + expect(gteam[:grafana_user]).to eq('admin') + expect(gteam[:grafana_password]).to eq('admin') + expect(gteam[:grafana_url]).to eq('http://example.com') + expect(gteam[:home_dashboard]).to eq('foo_dashboard') + expect(gteam[:organization]).to eq('foo_organization') + end + # rubocop:enable RSpec/MultipleExpectations + + it 'autorequires the grafana-server for proper ordering' do + catalog = Puppet::Resource::Catalog.new + service = Puppet::Type.type(:service).new(name: 'grafana-server') + catalog.add_resource service + catalog.add_resource gteam + + relationship = gteam.autorequire.find do |rel| + (rel.source.to_s == 'Service[grafana-server]') && (rel.target.to_s == gteam.to_s) + end + expect(relationship).to be_a Puppet::Relationship + end + + it 'does not autorequire the service it is not managed' do + catalog = Puppet::Resource::Catalog.new + catalog.add_resource gteam + expect(gteam.autorequire).to be_empty + end + end +end