diff --git a/.rubocop.yml b/.rubocop.yml index c2ebc88..0703f3b 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,546 +1,550 @@ require: rubocop-rspec AllCops: # Puppet Server 5 defaults to jruby 1.7 so TargetRubyVersion must stay at 1.9 until we drop support for puppet 5 TargetRubyVersion: 1.9 Include: - ./**/*.rb Exclude: - files/**/* - vendor/**/* - .vendor/**/* - pkg/**/* - spec/fixtures/**/* - Gemfile - Rakefile - Guardfile - Vagrantfile Lint/ConditionPosition: Enabled: True Lint/ElseLayout: Enabled: True Lint/UnreachableCode: Enabled: True Lint/UselessComparison: Enabled: True Lint/EnsureReturn: Enabled: True Lint/HandleExceptions: Enabled: True Lint/LiteralInCondition: Enabled: True Lint/ShadowingOuterLocalVariable: Enabled: True Lint/LiteralInInterpolation: Enabled: True Style/HashSyntax: Enabled: True Style/RedundantReturn: Enabled: True Layout/EndOfLine: Enabled: False Lint/AmbiguousOperator: Enabled: True Lint/AssignmentInCondition: Enabled: True Layout/SpaceBeforeComment: Enabled: True Style/AndOr: Enabled: True Style/RedundantSelf: Enabled: True Metrics/BlockLength: Enabled: False # Method length is not necessarily an indicator of code quality Metrics/MethodLength: Enabled: False # Module length is not necessarily an indicator of code quality Metrics/ModuleLength: Enabled: False Style/WhileUntilModifier: Enabled: True Lint/AmbiguousRegexpLiteral: Enabled: True Security/Eval: Enabled: True Lint/BlockAlignment: Enabled: True Lint/DefEndAlignment: Enabled: True Lint/EndAlignment: Enabled: True Lint/DeprecatedClassMethods: Enabled: True Lint/Loop: Enabled: True Lint/ParenthesesAsGroupedExpression: Enabled: True Lint/RescueException: Enabled: True Lint/StringConversionInInterpolation: Enabled: True Lint/UnusedBlockArgument: Enabled: True Lint/UnusedMethodArgument: Enabled: True Lint/UselessAccessModifier: Enabled: True Lint/UselessAssignment: Enabled: True Lint/Void: Enabled: True Layout/AccessModifierIndentation: Enabled: True Style/AccessorMethodName: Enabled: True Style/Alias: Enabled: True Layout/AlignArray: Enabled: True Layout/AlignHash: Enabled: True Layout/AlignParameters: Enabled: True Metrics/BlockNesting: Enabled: True Style/AsciiComments: Enabled: True Style/Attr: Enabled: True Style/BracesAroundHashParameters: Enabled: True Style/CaseEquality: Enabled: True Layout/CaseIndentation: Enabled: True Style/CharacterLiteral: Enabled: True Style/ClassAndModuleCamelCase: Enabled: True Style/ClassAndModuleChildren: Enabled: False Style/ClassCheck: Enabled: True # Class length is not necessarily an indicator of code quality Metrics/ClassLength: Enabled: False Style/ClassMethods: Enabled: True Style/ClassVars: Enabled: True Style/WhenThen: Enabled: True Style/WordArray: Enabled: True Style/UnneededPercentQ: Enabled: True Layout/Tab: Enabled: True Layout/SpaceBeforeSemicolon: Enabled: True Layout/TrailingBlankLines: Enabled: True Layout/SpaceInsideBlockBraces: Enabled: True Layout/SpaceInsideBrackets: Enabled: True Layout/SpaceInsideHashLiteralBraces: Enabled: True Layout/SpaceInsideParens: Enabled: True Layout/LeadingCommentSpace: Enabled: True Layout/SpaceBeforeFirstArg: Enabled: True Layout/SpaceAfterColon: Enabled: True Layout/SpaceAfterComma: Enabled: True Layout/SpaceAfterMethodName: Enabled: True Layout/SpaceAfterNot: Enabled: True Layout/SpaceAfterSemicolon: Enabled: True Layout/SpaceAroundEqualsInParameterDefault: Enabled: True Layout/SpaceAroundOperators: Enabled: True Layout/SpaceBeforeBlockBraces: Enabled: True Layout/SpaceBeforeComma: Enabled: True Style/CollectionMethods: Enabled: True Layout/CommentIndentation: Enabled: True Style/ColonMethodCall: Enabled: True Style/CommentAnnotation: Enabled: True # 'Complexity' is very relative Metrics/CyclomaticComplexity: Enabled: False Style/ConstantName: Enabled: True Style/Documentation: Enabled: False Style/DefWithParentheses: Enabled: True Style/PreferredHashMethods: Enabled: True Layout/DotPosition: EnforcedStyle: trailing Style/DoubleNegation: Enabled: True Style/EachWithObject: Enabled: True Layout/EmptyLineBetweenDefs: Enabled: True Layout/IndentArray: Enabled: True Layout/IndentHash: Enabled: True Layout/IndentationConsistency: Enabled: True Layout/IndentationWidth: Enabled: True Layout/EmptyLines: Enabled: True Layout/EmptyLinesAroundAccessModifier: Enabled: True Style/EmptyLiteral: Enabled: True # Configuration parameters: AllowURI, URISchemes. Metrics/LineLength: Enabled: False Style/MethodCallWithoutArgsParentheses: Enabled: True Style/MethodDefParentheses: Enabled: True Style/LineEndConcatenation: Enabled: True Layout/TrailingWhitespace: Enabled: True Style/StringLiterals: Enabled: True Style/TrailingCommaInArguments: Enabled: True Style/TrailingCommaInLiteral: Enabled: True Style/GlobalVars: Enabled: True Style/GuardClause: Enabled: True Style/IfUnlessModifier: Enabled: True Style/MultilineIfThen: Enabled: True Style/NegatedIf: Enabled: True Style/NegatedWhile: Enabled: True Style/Next: Enabled: True Style/SingleLineBlockParams: Enabled: True Style/SingleLineMethods: Enabled: True Style/SpecialGlobalVars: Enabled: True Style/TrivialAccessors: Enabled: True Style/UnlessElse: Enabled: True Style/VariableInterpolation: Enabled: True Style/VariableName: Enabled: True Style/WhileUntilDo: Enabled: True Style/EvenOdd: Enabled: True Style/FileName: Enabled: True Style/For: Enabled: True Style/Lambda: Enabled: True Style/MethodName: Enabled: True Style/MultilineTernaryOperator: Enabled: True Style/NestedTernaryOperator: Enabled: True Style/NilComparison: Enabled: True Style/FormatString: Enabled: True Style/MultilineBlockChain: Enabled: True Style/Semicolon: Enabled: True Style/SignalException: Enabled: True Style/NonNilCheck: Enabled: True Style/Not: Enabled: True Style/NumericLiterals: Enabled: True Style/OneLineConditional: Enabled: True Style/OpMethod: Enabled: True Style/ParenthesesAroundCondition: Enabled: True Style/PercentLiteralDelimiters: Enabled: True Style/PerlBackrefs: Enabled: True Style/PredicateName: Enabled: True Style/RedundantException: Enabled: True Style/SelfAssignment: Enabled: True Style/Proc: Enabled: True Style/RaiseArgs: Enabled: True Style/RedundantBegin: Enabled: True Style/RescueModifier: Enabled: True # based on https://github.com/voxpupuli/modulesync_config/issues/168 Style/RegexpLiteral: EnforcedStyle: percent_r Enabled: True Lint/UnderscorePrefixedVariableName: Enabled: True Metrics/ParameterLists: Enabled: False Lint/RequireParentheses: Enabled: True Style/ModuleFunction: Enabled: True Lint/Debugger: Enabled: True Style/IfWithSemicolon: Enabled: True Style/Encoding: Enabled: True Style/BlockDelimiters: Enabled: True Layout/MultilineBlockLayout: Enabled: True # 'Complexity' is very relative Metrics/AbcSize: Enabled: False # 'Complexity' is very relative Metrics/PerceivedComplexity: Enabled: False Lint/UselessAssignment: Enabled: True Layout/ClosingParenthesisIndentation: Enabled: True # RSpec RSpec/BeforeAfterAll: Exclude: - spec/acceptance/**/* # We don't use rspec in this way RSpec/DescribeClass: Enabled: False # Example length is not necessarily an indicator of code quality RSpec/ExampleLength: Enabled: False RSpec/NamedSubject: Enabled: False # disabled for now since they cause a lot of issues # these issues aren't easy to fix RSpec/RepeatedDescription: Enabled: False RSpec/NestedGroups: Enabled: False # this is broken on ruby1.9 Layout/IndentHeredoc: Enabled: False # disable Yaml safe_load. This is needed to support ruby2.0.0 development envs Security/YAMLLoad: Enabled: false # This affects hiera interpolation, as well as some configs that we push. Style/FormatStringToken: Enabled: false # This is useful, but sometimes a little too picky about where unit tests files # are located. RSpec/FilePath: Enabled: false + +# silence it to support older jruby (<= v1.9) which can not handle e.g. %i[] +Style/WordArray: + Enabled: false diff --git a/README.md b/README.md index dd9af1e..d11d258 100644 --- a/README.md +++ b/README.md @@ -1,975 +1,1082 @@ # grafana [![Build Status](https://travis-ci.org/voxpupuli/puppet-grafana.png?branch=master)](https://travis-ci.org/voxpupuli/puppet-grafana) [![Code Coverage](https://coveralls.io/repos/github/voxpupuli/puppet-grafana/badge.svg?branch=master)](https://coveralls.io/github/voxpupuli/puppet-grafana) [![Puppet Forge](https://img.shields.io/puppetforge/v/puppet/grafana.svg)](https://forge.puppetlabs.com/puppet/grafana) [![Puppet Forge - downloads](https://img.shields.io/puppetforge/dt/puppet/grafana.svg)](https://forge.puppetlabs.com/puppet/grafana) [![Puppet Forge - endorsement](https://img.shields.io/puppetforge/e/puppet/grafana.svg)](https://forge.puppetlabs.com/puppet/grafana) [![Puppet Forge - scores](https://img.shields.io/puppetforge/f/puppet/grafana.svg)](https://forge.puppetlabs.com/puppet/grafana) #### Table of Contents 1. [Overview](#overview) 1. [Module Description](#module-description) 1. [Setup](#setup) * [Requirements](#requirements) * [Beginning with Grafana](#beginning-with-grafana) 1. [Usage](#usage) * [Classes and Defined Types](#classes-and-defined-types) * [Advanced usage](#advanced-usage) 1. [Tasks](#tasks) 1. [Limitations](#limitations) 1. [Copyright and License](#copyright-and-license) ## Overview This module installs Grafana, a dashboard and graph editor for Graphite, InfluxDB and OpenTSDB. ## Module Description Version 2.x of this module is designed to work with version 2.x of Grafana. If you would like to continue to use Grafana 1.x, please use version 1.x of this module. ## Setup This module will: * Install Grafana using your preferred method: package (default), Docker container, or tar archive * Allow you to override the version of Grafana to be installed, and / or the package source * Perform basic configuration of Grafana ### Requirements * If using an operating system of the Debian-based family, and the "repo" `install_method`, you will need to ensure that [puppetlabs-apt](https://forge.puppet.com/puppetlabs/apt) version 4.x is installed. * If using Docker, you will need the [garethr/docker](https://forge.puppet.com/garethr/docker) module version 5.x ### Beginning with Grafana To install Grafana with the default parameters: ```puppet class { 'grafana': } ``` This assumes that you want to install Grafana using the 'package' method. To establish customized parameters: ```puppet class { 'grafana': install_method => 'docker', } ``` ## Usage ### Classes and Defined Types #### Class: `grafana` The Grafana module's primary class, `grafana`, guides the basic setup of Grafana on your system. ```puppet class { 'grafana': } ``` **Parameters within `grafana`:** ##### `archive_source` The download location of a tarball to use with the 'archive' install method. Defaults to the URL of the latest version of Grafana available at the time of module release. ##### `cfg_location` Configures the location to which the Grafana configuration is written. The default location is '/etc/grafana/grafana.ini'. ##### `cfg` Manages the Grafana configuration file. Grafana comes with its own default settings in a different configuration file (/opt/grafana/current/conf/defaults.ini), therefore this module does not supply any defaults. This parameter only accepts a hash as its value. Keys with hashes as values will generate sections, any other values are just plain values. The example below will result in... ```puppet class { 'grafana': cfg => { app_mode => 'production', server => { http_port => 8080, }, database => { type => 'mysql', host => '127.0.0.1:3306', name => 'grafana', user => 'root', password => '', }, users => { allow_sign_up => false, }, }, } ``` ...the following Grafana configuration: ```ini # This file is managed by Puppet, any changes will be overwritten app_mode = production [server] http_port = 8080 [database] type = sqlite3 host = 127.0.0.1:3306 name = grafana user = root password = [users] allow_sign_up = false ``` Some minor notes: * If you want empty values, just use an empty string. * Keys that contains dots (like auth.google) need to be quoted. * The order of the keys in this hash is the same as they will be written to the configuration file. So settings that do not fall under a section will have to come before any sections in the hash. #### `ldap_cfg` ##### TOML note This option **requires** the [toml](https://github.com/toml-lang/toml) gem. Either install the gem using puppet's native gem provider, [puppetserver_gem](https://forge.puppetlabs.com/puppetlabs/puppetserver_gem), [pe_gem](https://forge.puppetlabs.com/puppetlabs/pe_gem), [pe_puppetserver_gem](https://forge.puppetlabs.com/puppetlabs/pe_puppetserver_gem), or manually using one of the following: ``` # apply or puppet-master gem install toml # PE apply /opt/puppet/bin/gem install toml # AIO or PE puppetserver /opt/puppet/bin/puppetserver gem install toml ``` ##### cfg note This option by itself is not sufficient to enable LDAP configuration as it must be enabled in the main configuration file. Enable it in cfg with: ``` 'auth.ldap' => { enabled => 'true', config_file => '/etc/grafana/ldap.toml', }, ``` #### Integer note Puppet may convert integers into strings while parsing the hash and converting into toml. This can be worked around by appending 0 to an integer. Example: ``` port => 636+0, ``` Manages the Grafana LDAP configuration file. This hash is directly translated into the corresponding TOML file, allowing for full flexibility in generating the configuration. See the [LDAP documentation](http://docs.grafana.org/v2.1/installation/ldap/) for more information. #### Example LDAP config ``` ldap_cfg => { servers => [ { host => 'ldapserver1.domain1.com', port => 636+0, use_ssl => true, search_filter => '(sAMAccountName=%s)', search_base_dns => [ 'dc=domain1,dc=com' ], bind_dn => 'user@domain1.com', bind_password => 'passwordhere', }, ], 'servers.attributes' => { name => 'givenName', surname => 'sn', username => 'sAMAccountName', member_of => 'memberOf', email => 'email', } }, ``` +If you want to connect to multiple LDAP servers using different configurations, +use an array to enwrap the configurations as shown below. + +``` +ldap_cfg => [ + { + servers => [ + { + host => 'ldapserver1.domain1.com', + port => 636+0, + use_ssl => true, + search_filter => '(sAMAccountName=%s)', + search_base_dns => [ 'dc=domain1,dc=com' ], + bind_dn => 'user@domain1.com', + bind_password => 'passwordhere', + }, + ], + 'servers.attributes' => { + name => 'givenName', + surname => 'sn', + username => 'sAMAccountName', + member_of => 'memberOf', + email => 'email', + }, + 'servers.group_mappings' => [ + { + group_dn => cn=grafana_viewers,ou=groups,dc=domain1,dc=com + org_role: Viewer + } + ], + }, + { + servers => [ + { + host => 'ldapserver2.domain2.com', + port => 389+0, + use_ssl => false, + start_tls => true, + search_filter => '(uid=%s)', + search_base_dns => [ 'dc=domain2,dc=com' ], + bind_dn => 'user@domain2.com', + bind_password => 'passwordhere', + }, + ], + 'servers.attributes' => { + name => 'givenName', + surname => 'sn', + username => 'uid', + member_of => 'memberOf', + email => 'mail', + } + 'servers.group_mappings' => [ + { + 'group_dn' => 'cn=grafana_admins,ou=groups,dc=domain2,dc=com', + 'org_role' => 'Admin', + 'grafana_admin' => true, + } + ], + }, +] + + +##### +# or in hiera-yaml style +grafana::ldap_cfg: + - servers: + - host: ldapserver1.domain1.com + port: 636 + use_ssl: true + search_filter: '(sAMAccountName=%s)' + search_base_dns: ['dc=domain1,dc=com'] + bind_dn: 'user@domain1.com' + bind_password: 'passwordhere' + servers.attributes: + name: givenName + surname: sn + username: sAMAccountName + member_of: memberOf + email: email + servers.group_mappings: + - group_dn: cn=grafana_viewers,ou=groups,dc=domain1,dc=com + org_role: Viewer + + - servers: + - host: ldapserver2.domain2.com + port: 389 + use_ssl: false + start_tls: true + search_filter: '(uid=%s)', + search_base_dns: ['dc=domain2,dc=com'] + bind_dn: 'user@domain2.com' + bind_password: 'passwordhere' + servers.attributes: + name: givenName + surname: sn + username: uid + member_of: memberOf + email: mail + servers.group_mappings: + - group_dn: cn=grafana_admins,ou=groups,dc=domain2,dc=com + org_role: Admin + grafana_admin: true + + +##### +``` + ##### `container_cfg` Boolean to control whether a configuration file should be generated when using the 'docker' install method. If 'true', use the 'cfg' and 'cfg_location' parameters to control creation of the file. Defaults to false. ##### `container_params` A hash of parameters to use when creating the Docker container. For use with the 'docker' install method. Refer to documentation of the 'docker::run' resource in the [garethr-docker](https://github.com/garethr/garethr-docker) module for details of available parameters. Defaults to: ```puppet container_params => { 'image' => 'grafana/grafana:latest', 'ports' => '3000:3000' } ``` ##### `data_dir` The directory Grafana will use for storing its data. Defaults to '/var/lib/grafana'. ##### `install_dir` The installation directory to be used with the 'archive' install method. Defaults to '/usr/share/grafana'. ##### `install_method` Controls which method to use for installing Grafana. Valid options are: 'archive', 'docker', 'repo' and 'package'. The default is 'package'. If you wish to use the 'docker' installation method, you will need to include the 'docker' class in your node's manifest / profile. If you wish to use the 'repo' installation method, you can control whether the official Grafana repositories will be used. See `manage_package_repo` below for details. ##### `manage_package_repo` Boolean. When using the 'repo' installation method, controls whether the official Grafana repositories are enabled on your host. If true, the official Grafana repositories will be enabled. If false, the module assumes you are managing your own package repository and will not set one up for you. Defaults to true. ##### `plugins` Hash. This is a passthrough to call `create_resources()` on the `grafana_plugin` resource type. ##### `package_name` The name of the package managed with the 'package' install method. Defaults to 'grafana'. ##### `package_source` The download location of a package to be used with the 'package' install method. Defaults to the URL of the latest version of Grafana available at the time of module release. ##### `provisioning_datasources` A Hash which is converted to YAML for grafana to provision data sources. See [provisioning grafana](http://docs.grafana.org/administration/provisioning/) for details and example config file. Requires grafana > v5.0.0. This is very useful with Hiera as you can provide a yaml hash/dictionary which will effectively 'passthrough' to grafana. See **Advanced Usage** for examples. ##### `provisioning_dashboards` A Hash which is converted to YAML for grafana to provision dashboards. See [provisioning grafana](http://docs.grafana.org/administration/provisioning/) for details and example config file. Requires grafana > v5.0.0. This is very useful with Hiera as you can provide a yaml hash/dictionary which will effectively 'passthrough' to grafana. See **Advanced Usage** for examples. N.B. A option named `puppetsource` may be given in the `options` hash which is not part of grafana's syntax. This option will be extracted from the hash, and used to "source" a directory of dashboards. See **Advanced Usage** for details. #### `provisioning_dashboards_file` A String that is used as the target file name for the dashabords provisioning file. This way the module can be used to generate placeholder files so password can be sepecified in a different iteration, avoiding them to be put in the module code. #### `provisioning_datasources_file` A String that is used as the target file name for the datasources provisioning file. This way the module can be used to generate placeholder files so password can be sepecified in a different iteration, avoiding them to be put in the module code. ##### `rpm_iteration` Used when installing Grafana from package ('package' or 'repo' install methods) on Red Hat based systems. Defaults to '1'. It should not be necessary to change this in most cases. ##### `service_name` The name of the service managed with the 'archive' and 'package' install methods. Defaults to 'grafana-server'. ##### `version` The version of Grafana to install and manage. Defaults to 'installed' ##### `sysconfig_location` The RPM and DEB packages bring with them the default environment files for the services. The default location of this file for Debian is /etc/default/grafana-server and for RedHat /etc/sysconfig/grafana-server. ##### `sysconfig` A hash of environment variables for the service. This only has an effect for installations with RPM and DEB packages (if install_method is set to 'package' or 'repo'). Example: ```puppet sysconfig => { 'http_proxy' => 'http://proxy.example.com', } ``` ### Advanced usage The archive install method will create the user and a "command line" service by default. There are no extra parameters to manage user/service for archive. However, both check to see if they are defined before defining. This way you can create your own user and service with your own specifications. (sort of overriding) The service can be a bit tricky, in this example below, the class sensu_install::grafana::service creates a startup script and a service{'grafana-server':} Example: ```puppet user { 'grafana': ensure => present, uid => '1234', } -> class { 'grafana': install_method => 'archive', } include sensu_install::grafana::service # run your service after install/config but before grafana::service Class[::grafana::install] -> Class[sensu_install::grafana::service] -> Class[::grafana::service] ``` #### Using a sub-path for Grafana API If you are using a sub-path for the Grafana API, you will need to set the `grafana_api_path` parameter for the following custom types: - `grafana_dashboard` - `grafana_datasource` - `grafana_organization` - `grafana_user` - `grafana_folder` For instance, if your sub-path is `/grafana`, the `grafana_api_path` must be set to `/grafana/api`. Do not add a trailing `/` (slash) at the end of the value. If you are not using sub-paths, you do not need to set this parameter. #### Custom Types and Providers The module includes several custom types: #### `grafana_organization` In order to use the organization resource, add the following to your manifest: ```puppet grafana_organization { 'example_org': grafana_url => 'http://localhost:3000', grafana_user => 'admin', grafana_password => '5ecretPassw0rd', } ``` `grafana_url`, `grafana_user`, and `grafana_password` are required to create organizations via the API. `name` is optional if the name will differ from example_org above. `address` is an optional parameter that requires a hash. Address settings are `{"address1":"","address2":"","city":"","zipCode":"","state":"","country":""}` #### `grafana_dashboard` In order to use the dashboard resource, add the following to your manifest: ```puppet grafana_dashboard { 'example_dashboard': grafana_url => 'http://localhost:3000', grafana_user => 'admin', grafana_password => '5ecretPassw0rd', grafana_api_path => '/grafana/api', folder => 'folder-name', organization => 'NewOrg', content => template('path/to/exported/file.json'), } ``` `content` must be valid JSON, and is parsed before imported. `grafana_user` and `grafana_password` are optional, and required when authentication is enabled in Grafana. `grafana_api_path` is optional, and only used when using sub-paths for the API. `organization` is optional, and used when creating a dashboard for a specific organization. `folder` is an optional parameter, but the folder resource must exist. Example: Make sure the `grafana-server` service is up and running before creating the `grafana_dashboard` definition. One option is to use the `http_conn_validator` from the [healthcheck](https://forge.puppet.com/puppet/healthcheck) module ```puppet http_conn_validator { 'grafana-conn-validator' : host => 'localhost', port => '3000', use_ssl => false, test_url => '/public/img/grafana_icon.svg', require => Class['grafana'], } -> grafana_dashboard { 'example_dashboard': grafana_url => 'http://localhost:3000', grafana_user => 'admin', grafana_password => '5ecretPassw0rd', content => template('path/to/exported/file.json'), } ``` ##### `grafana_datasource` In order to use the datasource resource, add the following to your manifest: ```puppet grafana_datasource { 'influxdb': grafana_url => 'http://localhost:3000', grafana_user => 'admin', grafana_password => '5ecretPassw0rd', grafana_api_path => '/grafana/api', type => 'influxdb', organization => 'NewOrg', url => 'http://localhost:8086', user => 'admin', password => '1nFlux5ecret', database => 'graphite', access_mode => 'proxy', is_default => true, json_data => template('path/to/additional/config.json'), secure_json_data => template('path/to/additional/secure/config.json') } ``` Available types are: influxdb, elasticsearch, graphite, cloudwatch, mysql, opentsdb, postgres and prometheus `organization` is used to set which organization a datasource will be created on. If this parameter is not set, it will default to organization ID 1 (Main Org. by default). If the default org is deleted, organizations will need to be specified. Access mode determines how Grafana connects to the datasource, either `direct` from the browser, or `proxy` to send requests via grafana. Setting `basic_auth` to `true` will allow use of the `basic_auth_user` and `basic_auth_password` params. Authentication is optional, as are `database` and `grafana_api_path`; additional `json_data` and `secure_json_data` can be provided to allow custom configuration options. Example: Make sure the `grafana-server` service is up and running before creating the `grafana_datasource` definition. One option is to use the `http_conn_validator` from the [healthcheck](https://forge.puppet.com/puppet/healthcheck) module ```puppet http_conn_validator { 'grafana-conn-validator' : host => 'localhost', port => '3000', use_ssl => false, test_url => '/public/img/grafana_icon.svg', require => Class['grafana'], } -> grafana_datasource { 'influxdb': grafana_url => 'http://localhost:3000', grafana_user => 'admin', grafana_password => '5ecretPassw0rd', type => 'influxdb', url => 'http://localhost:8086', user => 'admin', password => '1nFlux5ecret', database => 'graphite', access_mode => 'proxy', is_default => true, json_data => template('path/to/additional/config.json'), } ``` Note that the `database` is dynamic, setting things other than "database" for separate types. Ex: for Elasticsearch it will set the Index Name. **`jsonData` Settings** Note that there are separate options for json_data / secure_json_data based on the type of datasource you create. ##### **Elasticsearch** `esVersion` - Required, either 2 or 5, set as a bare number. `timeField` - Required. By default this is @timestamp, but without setting it in jsonData, the datasource won't work without refreshing it in the GUI. `timeInterval` - Optional. A lower limit for the auto group by time interval. Recommended to be set to write frequency, for example "1m" if your data is written every minute. Example: ```puppet json_data => {"esVersion":5,"timeField":"@timestamp","timeInterval":"1m"} ``` ##### **CloudWatch** `authType` - Required. Options are `Access & Secret Key`, `Credentials File`, or `ARN`. -"keys" = Access & Secret Key -"credentials" = Credentials File -"arn" = ARN *When setting authType to `credentials`, the `database` param will set the Credentials Profile Name.* *When setting authType to `arn`, another jsonData value of `assumeRoleARN` is available, which is not required for other authType settings* `customMetricsNamespaces` - Optional. Namespaces of Custom Metrics, separated by commas within double quotes. `defaultRegion` - Required. Options are "ap-northeast-(1 or 2)", "ap-southeast-(1 or 2)", "ap-south-1", "ca-central-1", "cn-north-1", "eu-central-1", "eu-west-(1 or 2)", "sa-east-(1 or 2)", "us-east-(1 or 2)", "us-gov-west-1", "us-west-(1 or 2)". `timeField` Example: ```puppet {"authType":"arn","assumeRoleARN":"arn:aws:iam:*","customMetricsNamespaces":"Namespace1,Namespace2","defaultRegion":"us-east-1","timeField":"@timestamp"} ``` ##### **Graphite** `graphiteVersion` - Required. Available versions are `0.9` or `1.0`. `tlsAuth` - Set to `true` or `false` `tlsAuthWithCACert` - Set to `true` or `false` Example: ```puppet {"graphiteVersion":"0.9","tlsAuth":true,"tlsAuthWithCACert":false} ``` ##### **OpenTSDB** `tsdbResolution` - Required. Options are `1` or `2`. `1` = second `2` = millisecond `tsdbVersion` - Required. Options are `1`, `2`, or `3`. `1`    =    <=2.1 `2`    =    ==2.2 `3`    =    ==2.3 Example: ```puppet {"tsdbResolution:1,"tsdbVersion":3} ``` ##### **InfluxDB** N/A ##### **MySQL** N/A ##### **Prometheus** N/A ##### `grafana_plugin` An example is provided for convenience; for more details, please view the puppet strings docs. ```puppet grafana_plugin { 'grafana-simple-json-datasource': ensure => present, } ``` It is possible to specify a custom plugin repository to install a plugin. This will use the --repo option for plugin installation with grafana_cli. ```puppet grafana_plugin { 'grafana-simple-json-datasource': ensure => present, repo => 'https://nexus.company.com/grafana/plugins', } ``` ##### `grafana_folder` Creates and manages Grafana folders via the API. The following example creates a folder named 'folder1': ```puppet grafana_folder { 'folder1': ensure => present, grafana_url => 'http://localhost:3000', grafana_api_path => '/grafana/api', grafana_user => 'admin', grafana_password => '5ecretPassw0rd', } ``` `grafana_api_path` is only required if using sub-paths for the API ##### `grafana::user` Creates and manages a global grafana user via the API. ```puppet grafana_user { 'username': grafana_url => 'http://localhost:3000', grafana_api_path => '/grafana/api', grafana_user => 'admin', grafana_password => '5ecretPassw0rd', full_name => 'John Doe', password => 'Us3r5ecret', email => 'john@example.com', } ``` `grafana_api_path` is only required if using sub-paths for the API ##### `grafana::notification` Creates and manages a global alert notification channel via the API. ```puppet grafana_notification { 'channelname': grafana_url => 'http://localhost:3000', grafana_api_path => '/grafana/api', grafana_user => 'admin', grafana_password => '5ecretPassw0rd', name => 'channelname', type => 'email', is_default => false, send_reminder => false, frequency => '20m', settings => { addresses => "alerts@example.com; it@example.com" } } ``` `grafana_api_path` is only required if using sub-paths for the API Notification types and related settingsi (cf doc Grafana : https://github.com/grafana/grafana/blob/master/docs/sources/alerting/notifications.md ) : - email: - addresses: "example.com" - hipchat: - apikey : "0a0a0a0a0a0a0a0a0a0a0a" - autoResolve : true - httpMethod : "POST" - uploadImage : true - url : "https://grafana.hipchat.com" - kafka: - autoResolve : true - httpMethod : "POST" - kafkaRestProxy: "http://localhost:8082" - kafkaTopic : "topic1" - uploadImage : true - LINE: - autoResolve: true - httpMethod : "POST" - token : "token" - uploadImage: true - teams (Microsoft Teams): - autoResolve : true - httpMethod : "POST" - uploadImage :true - url : "http://example.com" - pagerduty: - autoResolve : true - httpMethod : POST - integrationKey :"0a0a0a0a0a" - uploadImage : true - prometheus-alertmanager: - autoResolve : true - httpMethod : "POST" - uploadImage : true - url : "http://localhost:9093" - sensu: - autoResolve : true - handler : "default", - httpMethod : "POST" - uploadImage : true - url : "http://sensu-api.local:4567/results" - slack: - autoResolve : true - httpMethod : "POST" - uploadImage : true - url : "http://slack.com/" - token : "0a0a0a0a0a0a0a0a0a0a0a" - threema: - api_secret : "0a0a0a0a0a0a0a0a0a0a0a" - autoResolve : true - gateway_id : "*3MAGWID" - httpMethod : "POST" - recipient_id: "YOUR3MID" - uploadImage : true - discord: - autoResolve : true, - httpMethod : "POST" - uploadImage : true - url : "https://example.com" - webhook: - autoResolve : true - httpMethod : "POST" - uploadImage : false - url : "http://localhost:8080" - telegram: - autoResolve : true - bottoken : "0a0a0a0a0a0a" - chatid : "789789789" - httpMethod : "POST" - uploadImage : true #### Provisioning Grafana [Grafana documentation on provisioning](http://docs.grafana.org/administration/provisioning/). This module will provision grafana by placing yaml files into `/etc/grafana/provisioning/datasources` and `/etc/grafana/provisioning/dashboards` by default. ##### Example datasource A puppet hash example for Prometheus. The module will place the hash as a yaml file into `/etc/gafana/provisioning/datasources/puppetprovisioned.yaml`. ```puppet class { 'grafana': provisioning_datasources => { apiVersion => 1, datasources => [ { name => 'Prometheus', type => 'prometheus', access => 'proxy', url => 'http://localhost:9090/prometheus', isDefault => true, }, ], } } ``` Here is the same configuration example as a hiera hash. ```yaml grafana::provisioning_datasources: apiVersion: 1 datasources: - name: 'Prometheus' type: 'prometheus' access: 'proxy' url: 'http://localhost:9090/prometheus' isDefault: true ``` ##### Example dashboard An example puppet hash for provisioning dashboards. The module will place the hash as a yaml file into `/etc/grafana/provisioning/dashboards/puppetprovisioned.yaml` by default. More details follow the examples. ```puppet class { 'grafana': provisioning_dashboards => { apiVersion => 1, providers => [ { name => 'default', orgId => 1, folder => '', type => 'file', disableDeletion => true, options => { path => '/var/lib/grafana/dashboards', puppetsource => 'puppet:///modules/my_custom_module/dashboards', }, }, ], } } ``` Here is the same configuraiton example as a hiera hash. ```yaml grafana::provisioning_dashboards: apiVersion: 1 providers: - name: 'default' orgId: 1 folder: '' type: file disableDeletion: true options: path: '/var/lib/grafana/dashboards' puppetsource: 'puppet:///modules/my_custom_module/dashboards' ``` In both examples above a non-grafana option named `puppetsource` has been used. When this module finds that the provisioning_dashboards hash contains keys `path` and `puppetsource` in the `options` subhash, it will do the following. * It will create the path found in `options['path']`. Note: puppet will only create the final directory of the path unless the parameter `create_subdirs_provisioning` is set to true: this defaults to false. * It will use `puppetsource` as the file resource's 'source' for the directory. * It removes the `puppetsource` key from the `options` subhash, so the subsequent yaml file for gafana does not contain this key. (The `path` key will remain.) This feature allows you to define a custom module, and place any dashboards you want provisioned in the its `files/` directory. In the example above you would put dashboards into `my_custom_module/files/dashboards` and puppet-grafana will create `/var/lib/grafana/dashboards` and provision it with the contents of `my_custom_module/files/dashboards`. Puppet's file resource may also be given a `file://` URI which may point to a locally available directory on the filesystem, typically the filesystem of the puppetserver/master. Thus you may specify a local directory with grafana dashboards you wish to provision into grafana. ##### Provisioning with dashboards from grafana.com GrafanaLabs provides lots of [dashboards that may be reused](https://grafana.com/grafana/dashboards). Those ones are **not directly usable** for provisioning (this is a Grafana issue, not a Puppet one). In order to have a "provisionable" dashboard in JSON format, you have to prepare it before adding it in your Puppet code. Here are the steps to follow: 1. Use a Grafana instance 1. Import the desired dashboard 1. Define its datasource 1. From the dashboard view: * Click the "Share dashboard" icon (top left corner of screen) * Select the "Export" tab, * Activate "Export for sharing externally" * Click "Save to file" 1. In the JSON file: * Remove the keys `__imports` and `__requires` * Replace all `${DS_PROMETHEUS}` by your datasource name 1. Once saved, you may place this JSON file in your `puppet:///modules/my_custom_module/dashboards` directory **Note:** This procedure have been tested with Grafana 6.x. It may not work for any dashboard, depending on how it's been coded. Dashboards known to be "provisionable": * [Node Exporter Server Metric](https://grafana.com/dashboards/405) * [Prometheus Blackbox Exporter](https://grafana.com/dashboards/7587) Dashboards known not to be "provisionable": * [HTTP Services Status](https://grafana.com/dashboards/4859) ## Tasks ### `change_grafana_admin_password` `old_password`: the old admin password `new_password`: the password you want to use for the admin user `uri`: `http` or `https` `port`: the port Grafana runs on locally This task can be used to change the password for the admin user in grafana ## Limitations This module has been tested on Ubuntu 14.04, using each of the 'archive', 'docker' and 'package' installation methods. Other configurations should work with minimal, if any, additional effort. ## Development This module is a fork of [bfraser/grafana](https://github.com/bfraser/puppet-grafana) maintained by [Vox Pupuli](https://voxpupuli.org/). Vox Pupuli welcomes new contributions to this module, especially those that include documentation and rspec tests. We are happy to provide guidance if necessary. Please see [CONTRIBUTING](.github/CONTRIBUTING.md) for more details. ### Authors * Bill Fraser * Vox Pupuli Team ## Copyright and License Copyright (C) 2015 Bill Fraser Bill can be contacted at: fraser@pythian.com Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. diff --git a/data/common.yaml b/data/common.yaml index a8516de..28bb0ac 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1,27 +1,33 @@ --- grafana::archive_source: ~ grafana::cfg_location: '/etc/grafana/grafana.ini' grafana::cfg: {} grafana::ldap_cfg: ~ grafana::container_cfg: false grafana::container_params: {} grafana::docker_image: 'grafana/grafana' grafana::docker_ports: '3000:3000' grafana::data_dir: '/var/lib/grafana' grafana::install_dir: '/usr/share/grafana' grafana::install_method: 'package' grafana::manage_package_repo: true grafana::package_name: 'grafana' grafana::package_source: ~ grafana::repo_name: 'stable' grafana::rpm_iteration: '1' grafana::service_name: 'grafana-server' grafana::version: 'installed' grafana::plugins: {} grafana::provisioning_dashboards: {} grafana::provisioning_datasources: {} grafana::provisioning_dashboards_file: '/etc/grafana/provisioning/dashboards/puppetprovisioned.yaml' grafana::provisioning_datasources_file: '/etc/grafana/provisioning/datasources/puppetprovisioned.yaml' grafana::create_subdirs_provisioning: false grafana::sysconfig_location: ~ grafana::sysconfig: ~ +grafana::ldap_servers: {} +grafana::ldap_group_mappings: {} +grafana::toml_manage_package: true +grafana::toml_package_name: ruby-toml +grafana::toml_package_ensure: present +grafana::toml_package_provider: ~ diff --git a/lib/puppet/type/grafana_ldap_config.rb b/lib/puppet/type/grafana_ldap_config.rb new file mode 100644 index 0000000..f007d32 --- /dev/null +++ b/lib/puppet/type/grafana_ldap_config.rb @@ -0,0 +1,184 @@ +require 'toml' + +Puppet::Type.newtype(:grafana_ldap_config) do + @doc = 'Manage Grafana LDAP configuration' + @toml_header = <<-EOF +# +# Grafana LDAP configuration +# +# generated by Puppet module puppet-grafana +# https://github.com/voxpupuli/puppet-grafana +# +# *** Edit at your own peril *** +# +# ############################################# # +EOF + + # currently not ensurable as we are not parsing the LDAP toml config. + # ensurable + + newparam(:title, namevar: true) do + desc 'Path to ldap.toml' + + validate do |value| + raise ArgumentError, _('name/title must be a String') unless value.is_a?(String) + end + end + + newparam(:owner) do + desc 'Owner of the LDAP configuration-file either as String or Integer (default: root)' + defaultto 'root' + + validate do |value| + raise ArgumentError, _('owner must be a String or Integer') unless value.is_a?(String) || value.is_a?(Integer) + end + end + + newparam(:group) do + desc 'Group of the LDAP configuration file either as String or Integer (default: grafana)' + defaultto 'grafana' + + validate do |value| + raise ArgumentError, _('group must be a String or Integer') unless value.is_a?(String) || value.is_a?(Integer) + end + end + + newparam(:mode) do + desc 'File-permissions mode of the LDAP configuration file as String' + defaultto '0440' + + validate do |value| + raise ArgumentError, _('file-permissions must be a String') unless value.is_a?(String) + raise ArgumentError, _('file-permissions must be a String') if value.empty? + # regex-pattern stolen from here - all credis to them! + # https://github.com/puppetlabs/puppetlabs-stdlib/blob/master/types/filemode.pp + # currently disabled, as it fails when implicitly called. + # + # raise ArgumentError, _('file-permissions is not valid') unless value.to_s.match(%r{/\A(([0-7]{1,4})|(([ugoa]*([-+=]([rwxXst]*|[ugo]))+|[-+=][0-7]+)(,([ugoa]*([-+=]([rwxXst]*|[ugo]))+|[-+=][0-7]+))*))\z/}) + end + end + + newparam(:replace, boolean: true, parent: Puppet::Parameter::Boolean) do + desc 'Replace existing files' + defaultto true + end + + newparam(:backup, boolean: true, parent: Puppet::Parameter::Boolean) do + desc 'Backup existing files before replacing them into the file-bucket' + defaultto false + end + + newparam(:validate_cmd) do + desc 'A command to validate the new Grafana LDAP configuration before actually replacing it' + + validate do |value| + raise ArgumentError, _('validate_cmd must be a String or undef') unless value.nil? || value.is_a?(String) + end + end + + def ldap_servers + catalog.resources.each_with_object({}) do |resource, memo| + next unless resource.is_a?(Puppet::Type.type(:grafana_ldap_server)) + next unless resource[:name].is_a?(String) + + memo[resource[:name]] = resource + memo + end + end + + def should_content + return @generated_config if @generated_config + + @generated_config = {} + + ldap_servers.each do |server_k, server_v| + # convert symbols to strings + server_params = Hash[server_v.original_parameters.map { |k, v| [k.to_s, v] }] + + server_attributes = server_params['attributes'] + server_params.delete('attributes') + + # grafana-syntax for multiple hosts is a space-separate list. + server_params['host'] = server_params['hosts'].join(' ') + server_params.delete('hosts') + + server_group_mappings = server_v.group_mappings + + server_block = { + 'servers' => [server_params], + 'servers.attributes' => server_attributes, + 'servers.group_mappings' => server_group_mappings + }.compact + + @generated_config[server_k] = server_block + end + + @generated_config.compact + end + + def generate + file_opts = {} + # currently not ensurable + # file_opts = { + # ensure: (self[:ensure] == :absent) ? :absent : :file, + # } + + [:name, + :owner, + :group, + :mode, + :replace, + :backup, + # this we have currently not implemented + # :selinux_ignore_defaults, + # :selrange, + # :selrole, + # :seltype, + # :seluser, + # :show_diff, + :validate_cmd].each do |param| + file_opts[param] = self[param] unless self[param].nil? + end + + metaparams = Puppet::Type.metaparams + excluded_metaparams = ['before', 'notify', 'require', 'subscribe', 'tag'] + + metaparams.reject! { |param| excluded_metaparams.include? param } + + metaparams.each do |metaparam| + file_opts[metaparam] = self[metaparam] unless self[metaparam].nil? + end + + [Puppet::Type.type(:file).new(file_opts)] + end + + def eval_generate + ldap_servers = should_content + + if !ldap_servers.nil? && !ldap_servers.empty? + + toml_contents = [] + toml_contents << @toml_header + + toml_contents << ldap_servers.map do |k, v| + str = [] + str << "\n\n" + str << <<-EOF +# +# #{k} +# +EOF + str << TOML::Generator.new(v).body + str.join + end + + catalog.resource("File[#{self[:name]}]")[:content] = toml_contents.join + end + + [catalog.resource("File[#{self[:name]}]")] + end + + autonotify(:class) do + 'grafana::service' + end +end diff --git a/lib/puppet/type/grafana_ldap_group_mapping.rb b/lib/puppet/type/grafana_ldap_group_mapping.rb new file mode 100644 index 0000000..7897d2f --- /dev/null +++ b/lib/puppet/type/grafana_ldap_group_mapping.rb @@ -0,0 +1,49 @@ +Puppet::Type.newtype(:grafana_ldap_group_mapping) do + @doc = 'Map an LDAP group to a Grafana role.' + + def initialize(*args) + @org_roles = %w[Admin Editor Viewer] + super + end + + validate do + raise(_('grafana_ldap_group_mapping: title needs to be a non-empty string')) if self[:name].nil? || self[:name].empty? + raise(_('grafana_ldap_group_mapping: ldap_server_name needs to be a non-empty string')) if self[:ldap_server_name].nil? || self[:ldap_server_name].empty? + raise(_('grafana_ldap_group_mapping: group_dn needs to be a non-empty string')) if self[:group_dn].nil? || self[:group_dn].empty? + raise(_("grafana_ldap_group_mapping: org_role needs to be a string of: #{@org_roles.join(', ')})")) if self[:org_role].nil? || self[:org_role].empty? + end + + newparam(:title, namevar: true) do + desc 'A unique identifier of the resource' + + validate do |value| + raise ArgumentError, _('name/title must be a String') unless value.is_a?(String) + end + end + + newparam(:ldap_server_name) do + desc 'The LDAP server config to apply the group-mappings on' + + validate do |value| + raise ArgumentError, _('ldap_server_name must be a String') unless value.is_a?(String) + end + end + + newparam(:group_dn) do + desc 'The LDAP distinguished-name of the group' + + validate do |value| + raise ArgumentError, _('group_dn must be a String') unless value.is_a?(String) + end + end + + newparam(:org_role) do + desc 'The Grafana role the shall be assigned to this group' + newvalues(:Admin, :Editor, :Viewer) + end + + newparam(:grafana_admin, boolean: true, parent: Puppet::Parameter::Boolean) do + desc 'Additonal flag for Grafana > v5.3 to signal admin-role to Grafana' + defaultto false + end +end diff --git a/lib/puppet/type/grafana_ldap_server.rb b/lib/puppet/type/grafana_ldap_server.rb new file mode 100644 index 0000000..679717e --- /dev/null +++ b/lib/puppet/type/grafana_ldap_server.rb @@ -0,0 +1,175 @@ +Puppet::Type.newtype(:grafana_ldap_server) do + @doc = 'Manage Grafana LDAP servers for LDAP authentication.' + + validate do + raise(_('grafana_ldap_server: name must not be empty')) if self[:name].nil? || self[:name].empty? + raise(_('grafana_ldap_server: hosts must not be empty')) if self[:hosts].nil? || self[:hosts].empty? + raise(_('grafana_ldap_server: port must not be empty')) if self[:port].nil? + + raise(_('grafana_ldap_server: root_ca_cert must be set when SSL/TLS is enabled')) \ + if !self[:ssl_skip_verify] && (self[:use_ssl] || self[:start_tls]) && self[:root_ca_cert].empty? + + raise(_('grafana_ldap_server: search_base_dns needs to contain at least one LDAP base-dn')) \ + if self[:search_base_dns].empty? + + raise(_('grafana_ldap_server: group_search_base_dns needs to contain at least one LDAP base-dn')) \ + if !self[:group_search_base_dns].nil? && self[:group_search_base_dns].empty? + end + + newparam(:title, namevar: true) do + desc 'A unique identified for this LDAP server.' + + validate do |value| + raise ArgumentError, _('name/title must be a String') unless value.is_a?(String) + end + end + + newparam(:hosts) do + desc 'The servers to perform LDAP authentication at' + + validate do |value| + raise ArgumentError, _('hosts must be an Array') unless value.is_a?(Array) + end + end + + newparam(:port) do + desc 'The port to connect at the LDAP servers (389 for TLS/plaintext, 636 for SSL [ldaps], optional)' + defaultto 389 + + validate do |value| + raise ArgumentError, _('port must be an Integer within the range 1-65535') unless value.is_a?(Integer) && value.between?(1, 65_535) # rubocop wants to have this weirdness + end + end + + newparam(:use_ssl, boolean: true, parent: Puppet::Parameter::Boolean) do + desc 'Set to true if you want to perform LDAP via a SSL-connection (not meant to be for TLS, optional)' + defaultto false + end + + newparam(:start_tls, boolean: true, parent: Puppet::Parameter::Boolean) do + desc 'Set to true if you want to perform LDAP via a TLS-connection (not meant to be for SSL, optional)' + defaultto true + end + + newparam(:ssl_skip_verify, boolean: true, parent: Puppet::Parameter::Boolean) do + desc "Set to true to disable verification of the LDAP server's SSL certificate (for TLS and SSL, optional)" + defaultto false + end + + newparam(:root_ca_cert) do + desc "The root ca-certificate to verify the LDAP server's SSL certificate against (for TLS and SSL, optional)" + defaultto '/etc/ssl/certs/ca-certificates.crt' + + validate do |value| + raise ArgumentError, _('root_ca_cert must be a String') unless value.is_a?(String) + end + end + + newparam(:client_cert) do + desc "If the LDAP server requires certificate-based authentication, specify the client's certificate (for TLS and SSL, optional)" + + validate do |value| + raise ArgumentError, _('client_cert must be a String') unless value.is_a?(String) + end + end + + newparam(:client_key) do + desc "If the LDAP server requires certificate-based authentication, specify the client's certificate (for TLS and SSL, optional)" + + validate do |value| + raise ArgumentError, _('client_key must be a String') unless value.is_a?(String) + end + end + + newparam(:bind_dn) do + desc 'If the LDAP server requires authentication (i.e. non-anonymous), provide the distinguished-name (dn) here (optional)' + + validate do |value| + raise ArgumentError, _('bind_dn must be a String') unless value.is_a?(String) + end + end + + newparam(:bind_password) do + desc 'If the LDAP server requires authentication (i.e. non-anonymous), provide the password (optional)' + + validate do |value| + raise ArgumentError, _('bind_password must be a String') unless value.is_a?(String) + end + end + + newparam(:search_filter) do + desc 'A search-filter to be used when querying LDAP for user-accounts (optional)' + + validate do |value| + raise ArgumentError, _('search_filter must be a String') unless value.is_a?(String) + end + end + + newparam(:search_base_dns) do + desc 'The one or more base-dn to be used when querying LDAP for user-accounts (optional)' + defaultto [] + + validate do |value| + raise ArgumentError, _('search_base_dns must be an Array') unless value.is_a?(Array) + + value.each { |base_dn| raise ArgumentError, _('search_base_dns elements must be a String') unless base_dn.is_a?(String) } + end + end + + newparam(:group_search_filter) do + desc 'A search-filter to be used when querying LDAP for group-accounts (optional)' + + validate do |value| + raise ArgumentError, _('group_search_filter must be a String') unless value.is_a?(String) + end + end + + newparam(:group_search_filter_user_attribute) do + desc 'The attribute to be used to locate matching user-accounts in the group (optional)' + + validate do |value| + raise ArgumentError, _('group_search_filter_user_attribute must be a String') unless value.is_a?(String) + end + end + + newparam(:group_search_base_dns) do + desc 'The base-dn to be used when querying LDAP for group-accounts (optional)' + + validate do |value| + raise ArgumentError, _('search_base_dns must be an Array') unless value.is_a?(Array) + + value.each { |base_dn| raise ArgumentError, _('search_base_dns elements must be a String') unless base_dn.is_a?(String) } + end + end + + newparam(:attributes) do + desc 'Mapping LDAP attributes to their Grafana user-account-properties (optional)' + + validate do |value| + valid_attributes = %w[name surname username member_of email] + + raise ArgumentError, _('attributes must be a Hash') unless value.is_a?(Hash) + + value.each { |k, v| raise ArgumentError, _('attributes hash keys and values must be Strings') unless k.is_a?(String) && v.is_a?(String) } + + raise ArgumentError, _("attributes contains an unknown key, allowed: #{valid_attributes.join(', ')}") if value.keys.reject { |key| valid_attributes.include?(key) }.count > 0 + end + end + + def set_sensitive_parameters(sensitive_parameters) # rubocop:disable Style/AccessorMethodName + parameter(:bind_password).sensitive = true if parameter(:bind_password) + super(sensitive_parameters) + end + + def group_mappings + catalog.resources.map do |resource| + next unless resource.is_a?(Puppet::Type.type(:grafana_ldap_group_mapping)) + next unless resource[:ldap_server_name] == self[:name] + + group_mapping = Hash[resource.original_parameters.map { |k, v| [k.to_s, v] }] + group_mapping.delete('ldap_server_name') + + group_mapping + end.compact + end +end diff --git a/manifests/config.pp b/manifests/config.pp index 0fdc9ae..c146000 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,151 +1,164 @@ # == Class grafana::config # # This class is called from grafana # class grafana::config { case $grafana::install_method { 'docker': { if $grafana::container_cfg { $cfg = $grafana::cfg $myprovision = false file { 'grafana.ini': ensure => file, path => $grafana::cfg_location, content => template('grafana/config.ini.erb'), owner => 'grafana', group => 'grafana', notify => Class['grafana::service'], } } } 'package','repo': { $cfg = $grafana::cfg $myprovision = true file { 'grafana.ini': ensure => file, path => $grafana::cfg_location, content => template('grafana/config.ini.erb'), owner => 'grafana', group => 'grafana', notify => Class['grafana::service'], } $sysconfig = $grafana::sysconfig $sysconfig_location = $grafana::sysconfig_location if $sysconfig_location and $sysconfig { $changes = $sysconfig.map |$key, $value| { "set ${key} ${value}" } augeas{'sysconfig/grafana-server': context => "/files${$sysconfig_location}", changes => $changes, notify => Class['grafana::service'], } } file { "${grafana::data_dir}/plugins": ensure => directory, owner => 'grafana', group => 'grafana', mode => '0750', } } 'archive': { $cfg = $grafana::cfg $myprovision = true file { "${grafana::install_dir}/conf/custom.ini": ensure => file, content => template('grafana/config.ini.erb'), owner => 'grafana', group => 'grafana', notify => Class['grafana::service'], } file { [$grafana::data_dir, "${grafana::data_dir}/plugins"]: ensure => directory, owner => 'grafana', group => 'grafana', mode => '0750', } } default: { fail("Installation method ${grafana::install_method} not supported") } } if $grafana::ldap_cfg { - $ldap_cfg = $grafana::ldap_cfg + if $grafana::ldap_cfg =~ Array { + $ldap_cfg_ary = $grafana::ldap_cfg + } else { + $ldap_cfg_ary = [$grafana::ldap_cfg] + } + + $template_body = [ + "<% scope['ldap_cfg_ary'].each do |v| %>", + "<%= require 'toml'; TOML::Generator.new(v).body %>\n", + '<% end %>', + ] + + $ldap_cfg_toml = inline_template($template_body.join('')) + file { '/etc/grafana/ldap.toml': ensure => file, - content => inline_template("<%= require 'toml'; TOML::Generator.new(@ldap_cfg).body %>\n"), + content => $ldap_cfg_toml, owner => 'grafana', group => 'grafana', notify => Class['grafana::service'], } } # If grafana version is > 5.0.0, and the install method is package, # repo, or archive, then use the provisioning feature. Dashboards # and datasources are placed in # /etc/grafana/provisioning/[dashboards|datasources] by default. # --dashboards-- if ((versioncmp($grafana::version, '5.0.0') >= 0) and ($myprovision)) { $pdashboards = $grafana::provisioning_dashboards if (length($pdashboards) >= 1 ) { $dashboardpaths = flatten(grafana::deep_find_and_remove('options', $pdashboards)) # template uses: # - pdashboards file { $grafana::provisioning_dashboards_file: ensure => file, owner => 'grafana', group => 'grafana', mode => '0640', content => epp('grafana/pdashboards.yaml.epp'), notify => Class['grafana::service'], } # Loop over all providers, extract the paths and create # directories for each path of dashboards. $dashboardpaths.each | Integer $index, Hash $options | { if ('path' in $options) { # get sub paths of 'path' and create subdirs if necessary $subpaths = grafana::get_sub_paths($options['path']) if ($grafana::create_subdirs_provisioning and (length($subpaths) >= 1)) { file { $subpaths : ensure => directory, before => File[$options['path']], } } file { $options['path'] : ensure => directory, owner => 'grafana', group => 'grafana', mode => '0750', recurse => true, purge => true, source => $options['puppetsource'], } } } } # --datasources-- $pdatasources = $grafana::provisioning_datasources if (length($pdatasources) >= 1) { # template uses: # - pdatasources file { $grafana::provisioning_datasources_file: ensure => file, owner => 'grafana', group => 'grafana', mode => '0640', content => epp('grafana/pdatasources.yaml.epp'), notify => Class['grafana::service'], } } } } diff --git a/manifests/init.pp b/manifests/init.pp index c05eea4..5e361f6 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,150 +1,186 @@ # == Class: grafana # # Installs and configures Grafana. # # === Parameters # [*archive_source*] # Download location of tarball to be used with the 'archive' install method. # Defaults to the URL of the latest version of Grafana available at the time of module release. # # [*container_cfg*] # Boolean. Determines whether a configuration file should be generated when using the 'docker' install method. # If true, use the `cfg` and `cfg_location` parameters to control creation of the file. # Defaults to false. # # [*container_params*] # Hash of parameters to use when creating the Docker container. For use with the 'docker' install method. # Refer to documentation of the `docker::run` resource in the `garethr-docker` module for details of available parameters. # Defaults to: # # container_params => { # 'image' => 'grafana/grafana:latest', # 'ports' => '3000' # } # # [*data_dir*] # The directory Grafana will use for storing its data. # Defaults to '/var/lib/grafana'. # # [*install_dir*] # Installation directory to be used with the 'archive' install method. # Defaults to '/usr/share/grafana'. # # [*install_method*] # Set to 'archive' to install Grafana using the tar archive. # Set to 'docker' to install Grafana using the official Docker container. # Set to 'package' to install Grafana using .deb or .rpm packages. # Set to 'repo' to install Grafana using an apt or yum repository. # Defaults to 'package'. # # [*manage_package_repo*] # If true this will setup the official grafana repositories on your host. Defaults to true. # # [*package_name*] # The name of the package managed with the 'package' install method. # Defaults to 'grafana'. # # [*package_source*] # Download location of package to be used with the 'package' install method. # Defaults to the URL of the latest version of Grafana available at the time of module release. # # [*service_name*] # The name of the service managed with the 'archive' and 'package' install methods. # Defaults to 'grafana-server'. # # [*version*] # The version of Grafana to install and manage. # Defaults to 'installed' # # [*repo_name*] # When using 'repo' install_method, the repo to look for packages in. # Set to 'stable' to install only stable versions # Set to 'beta' to install beta versions # Defaults to stable. # # [*plugins*] # A hash of plugins to be passed to `create_resources`, wraps around the # `grafana_plugin` resource. # # [*provisioning_dashboards*] # Hash of dashboards to provision into grafana. grafana > v5.0.0 # required. Hash will be converted into YAML and used by grafana to # provision dashboards. # # [*provisioning_datasources*] # Hash of datasources to provision into grafana, grafana > v5.0.0 # required. Hash will be converted into YAML and used by granfana to # configure datasources. # # [*provisioning_dashboards_file*] # String with the fully qualified path to place the provisioning file # for dashboards, only used if provisioning_dashboards is specified. # Defaults to '/etc/grafana/provisioning/dashboards/puppetprovisioned.yaml' # # [*provisioning_datasources_file*] # String with the fully qualified path to place the provisioning file # for datasources, only used if provisioning_datasources is specified. # Default to '/etc/grafana/provisioning/datasources/puppetprovisioned.yaml' # # [*create_subdirs_provisioning*] # Boolean, defaults to false. If true puppet will create any # subdirectories in the given path when provisioning dashboards. # # [*sysconfig_location*] # Location of the sysconfig file for the environment of the grafana-server service. # This is only used when the install_method is 'package' or 'repo'. # # [*sysconfig*] # A hash of environment variables for the grafana-server service # # Example: # sysconfig => { 'http_proxy' => 'http://proxy.example.com/' } # +# [*ldap_servers*] +# A hash of ldap_servers to be passed to `create_resources`, wraps around the +# `grafana_ldap_server` resource. +# +# [*ldap_group_mappings*] +# A hash of ldap_servers to be passed to `create_resources`, wraps around the +# `grafana_ldap_group_mapping` resource. +# +# [*toml_manage_package*] +# ruby-toml is required to generate the TOML-based LDAP config for Grafana. +# Defaults to true. Set to false if you manage package- or gem-install +# somewhere else. +# +# [*toml_package_name*] +# Name of the software-package providing the TOML parser library. +# Defaults to ruby-toml. +# +# [*toml_package_ensure*] +# Ensure the package-resource - e.g. installed, absent, etc. +# https://puppet.com/docs/puppet/latest/types/package.html#package-attribute-ensure +# Defaults to present +# +# [*toml_package_provider*] +# The package-provider used to install the TOML parser library. +# Defaults to undef, to let Puppet decide. See +# https://puppet.com/docs/puppet/latest/types/package.html#package-attribute-provider +# # === Examples # # class { '::grafana': # install_method => 'docker', # } # class grafana ( Optional[String] $archive_source, String $cfg_location, Hash $cfg, - Optional[Hash] $ldap_cfg, + Optional[Variant[Hash,Array]] $ldap_cfg, Boolean $container_cfg, Hash $container_params, String $docker_image, String $docker_ports, String $data_dir, String $install_dir, String $install_method, Boolean $manage_package_repo, String $package_name, Optional[String] $package_source, Enum['stable', 'beta'] $repo_name, String $rpm_iteration, String $service_name, String $version, Hash $plugins, Hash $provisioning_dashboards, Hash $provisioning_datasources, String $provisioning_dashboards_file, String $provisioning_datasources_file, Boolean $create_subdirs_provisioning, Optional[String] $sysconfig_location, Optional[Hash] $sysconfig, + Hash[String[1], Hash] $ldap_servers, + Hash[String[1], Hash] $ldap_group_mappings, + Boolean $toml_manage_package, + String[1] $toml_package_name, + String[1] $toml_package_ensure, + Optional[String[1]] $toml_package_provider, ) { contain grafana::install contain grafana::config contain grafana::service Class['grafana::install'] -> Class['grafana::config'] -> Class['grafana::service'] create_resources(grafana_plugin, $plugins) # Dependency added for Grafana_plugins to ensure it runs at the # correct time. Class['grafana::config'] -> Grafana_Plugin <| |> ~> Class['grafana::service'] + + create_resources('grafana_ldap_server', $ldap_servers) + create_resources('grafana_ldap_group_mapping', $ldap_group_mappings) } diff --git a/manifests/install.pp b/manifests/install.pp index 71ff13e..0cd3cd9 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -1,198 +1,208 @@ # == Class grafana::install # class grafana::install { $base_url = 'https://dl.grafana.com/oss/release' if $grafana::archive_source != undef { $real_archive_source = $grafana::archive_source } else { $real_archive_source = "${base_url}/grafana-${grafana::version}.linux-amd64.tar.gz" } if $grafana::package_source != undef { $real_package_source = $grafana::package_source } else { $real_package_source = $facts['os']['family'] ? { /(RedHat|Amazon)/ => "${base_url}/grafana-${grafana::version}-${grafana::rpm_iteration}.x86_64.rpm", 'Debian' => "${base_url}/grafana_${grafana::version}_amd64.deb", default => $real_archive_source, } } case $grafana::install_method { 'docker': { docker::image { 'grafana/grafana': image_tag => $grafana::version, require => Class['docker'], } } 'package': { case $facts['os']['family'] { 'Debian': { package { 'libfontconfig1': ensure => present, } archive { '/tmp/grafana.deb': source => $real_package_source, } package { 'grafana': ensure => present, name => $grafana::package_name, provider => 'dpkg', source => '/tmp/grafana.deb', require => [Archive['/tmp/grafana.deb'],Package['libfontconfig1']], } } 'RedHat': { package { 'fontconfig': ensure => present, } package { 'grafana': ensure => present, name => $grafana::package_name, provider => 'rpm', source => $real_package_source, require => Package['fontconfig'], } } 'FreeBSD': { package { 'grafana': ensure => present, name => $grafana::package_name, provider => 'pkgng', } } default: { fail("${facts['os']['family']} not supported") } } } 'repo': { case $facts['os']['family'] { 'Debian': { package { 'libfontconfig1': ensure => present, } if ( $grafana::manage_package_repo ){ if !defined( Class['apt'] ) { include apt } apt::source { 'grafana': location => 'https://packages.grafana.com/oss/deb', release => $grafana::repo_name, architecture => 'amd64,arm64,armhf', repos => 'main', key => { 'id' => '4E40DDF6D76E284A4A6780E48C8C34C524098CB6', 'source' => 'https://packages.grafana.com/gpg.key', }, before => Package['grafana'], } Class['apt::update'] -> Package['grafana'] } package { 'grafana': ensure => $grafana::version, name => $grafana::package_name, require => Package['libfontconfig1'], } } 'RedHat': { package { 'fontconfig': ensure => present, } if ( $grafana::manage_package_repo ){ # http://docs.grafana.org/installation/rpm/#install-via-yum-repository $baseurl = $grafana::repo_name ? { 'stable' => 'https://packages.grafana.com/oss/rpm', 'beta' => 'https://packages.grafana.com/oss/rpm-beta', } yumrepo { 'grafana': ensure => 'absent', before => Package['grafana'], } yumrepo { "grafana-${grafana::repo_name}": descr => "grafana-${grafana::repo_name} repo", baseurl => $baseurl, gpgcheck => 1, gpgkey => 'https://packages.grafana.com/gpg.key', enabled => 1, before => Package['grafana'], } } if $grafana::version =~ /(installed|latest|present)/ { $real_version = $grafana::version } else { $real_version = "${grafana::version}-${grafana::rpm_iteration}" } package { 'grafana': ensure => $real_version, name => $grafana::package_name, require => Package['fontconfig'], } } 'Archlinux': { if $grafana::manage_package_repo { fail('manage_package_repo is not supported on Archlinux') } package { 'grafana': ensure => 'present', # pacman provider doesn't have feature versionable name => $grafana::package_name, } } 'FreeBSD': { package { 'grafana': ensure => 'present', # pkgng provider doesn't have feature versionable name => $grafana::package_name, } } default: { fail("${facts['os']['name']} not supported") } } } 'archive': { # create log directory /var/log/grafana (or parameterize) if !defined(User['grafana']){ user { 'grafana': ensure => present, home => $grafana::install_dir, } } file { $grafana::install_dir: ensure => directory, group => 'grafana', owner => 'grafana', require => User['grafana'], } archive { '/tmp/grafana.tar.gz': ensure => present, extract => true, extract_command => 'tar xfz %s --strip-components=1', extract_path => $grafana::install_dir, source => $real_archive_source, user => 'grafana', group => 'grafana', cleanup => true, require => File[$grafana::install_dir], } } default: { fail("Installation method ${grafana::install_method} not supported") } } + + if $grafana::toml_manage_package and !empty($grafana::ldap_servers) { + ensure_packages(['toml-pkg'], { + ensure => $grafana::toml_package_ensure, + name => $grafana::toml_package_name, + provider => $grafana::toml_package_provider, + }) + + Package['toml-pkg'] -> Grafana_ldap_config <||> + } } diff --git a/spec/classes/grafana_spec.rb b/spec/classes/grafana_spec.rb index b05e955..2b53905 100644 --- a/spec/classes/grafana_spec.rb +++ b/spec/classes/grafana_spec.rb @@ -1,343 +1,404 @@ require 'spec_helper' describe 'grafana' do on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do facts end context 'with default values' do it { is_expected.to compile.with_all_deps } it { is_expected.to contain_class('grafana') } it { is_expected.to contain_class('grafana::install').that_comes_before('Class[grafana::config]') } it { is_expected.to contain_class('grafana::config').that_notifies('Class[grafana::service]') } it { is_expected.to contain_class('grafana::service') } end context 'with parameter install_method is set to package' do let(:params) do { install_method: 'package', version: '5.4.2' } end case facts[:osfamily] when 'Debian' download_location = '/tmp/grafana.deb' describe 'use archive to fetch the package to a temporary location' do it do is_expected.to contain_archive('/tmp/grafana.deb').with_source( 'https://dl.grafana.com/oss/release/grafana_5.4.2_amd64.deb' ) end it { is_expected.to contain_archive('/tmp/grafana.deb').that_comes_before('Package[grafana]') } end describe 'install dependencies first' do it { is_expected.to contain_package('libfontconfig1').with_ensure('present').that_comes_before('Package[grafana]') } end describe 'install the package' do it { is_expected.to contain_package('grafana').with_provider('dpkg') } it { is_expected.to contain_package('grafana').with_source(download_location) } end when 'RedHat' describe 'install dependencies first' do it { is_expected.to contain_package('fontconfig').with_ensure('present').that_comes_before('Package[grafana]') } end describe 'install the package' do it { is_expected.to contain_package('grafana').with_provider('rpm') } end end end context 'with some plugins passed in' do let(:params) do { plugins: { 'grafana-wizzle' => { 'ensure' => 'present' }, 'grafana-woozle' => { 'ensure' => 'absent' }, 'grafana-plugin' => { 'ensure' => 'present', 'repo' => 'https://nexus.company.com/grafana/plugins' } } } end it { is_expected.to contain_grafana_plugin('grafana-wizzle').with(ensure: 'present') } it { is_expected.to contain_grafana_plugin('grafana-woozle').with(ensure: 'absent').that_notifies('Class[grafana::service]') } describe 'install plugin with pluginurl' do it { is_expected.to contain_grafana_plugin('grafana-plugin').with(ensure: 'present', repo: 'https://nexus.company.com/grafana/plugins') } end end context 'with parameter install_method is set to repo' do let(:params) do { install_method: 'repo' } end case facts[:osfamily] when 'Debian' describe 'install apt repo dependencies first' do it { is_expected.to contain_class('apt') } it { is_expected.to contain_apt__source('grafana').with(release: 'stable', repos: 'main', location: 'https://packages.grafana.com/oss/deb') } it { is_expected.to contain_apt__source('grafana').that_comes_before('Package[grafana]') } end describe 'install dependencies first' do it { is_expected.to contain_package('libfontconfig1').with_ensure('present').that_comes_before('Package[grafana]') } end describe 'install the package' do it { is_expected.to contain_package('grafana').with_ensure('installed') } end when 'RedHat' describe 'yum repo dependencies first' do it { is_expected.to contain_yumrepo('grafana-stable').with(baseurl: 'https://packages.grafana.com/oss/rpm', gpgkey: 'https://packages.grafana.com/gpg.key', enabled: 1) } it { is_expected.to contain_yumrepo('grafana-stable').that_comes_before('Package[grafana]') } end describe 'install dependencies first' do it { is_expected.to contain_package('fontconfig').with_ensure('present').that_comes_before('Package[grafana]') } end describe 'install the package' do it { is_expected.to contain_package('grafana').with_ensure('installed') } end end end context 'with parameter install_method is set to repo and manage_package_repo is set to false' do let(:params) do { install_method: 'repo', manage_package_repo: false, version: 'present' } end case facts[:osfamily] when 'Debian' describe 'install dependencies first' do it { is_expected.to contain_package('libfontconfig1').with_ensure('present').that_comes_before('Package[grafana]') } end describe 'install the package' do it { is_expected.to contain_package('grafana').with_ensure('present') } end when 'RedHat' describe 'install dependencies first' do it { is_expected.to contain_package('fontconfig').with_ensure('present').that_comes_before('Package[grafana]') } end describe 'install the package' do it { is_expected.to contain_package('grafana').with_ensure('present') } end when 'Archlinux' describe 'install the package' do it { is_expected.to contain_package('grafana').with_ensure('present') } end end end context 'with parameter install_method is set to archive' do let(:params) do { install_method: 'archive', version: '5.4.2' } end install_dir = '/usr/share/grafana' service_config = '/usr/share/grafana/conf/custom.ini' archive_source = 'https://dl.grafana.com/oss/release/grafana-5.4.2.linux-amd64.tar.gz' describe 'extract archive to install_dir' do it { is_expected.to contain_archive('/tmp/grafana.tar.gz').with_ensure('present') } it { is_expected.to contain_archive('/tmp/grafana.tar.gz').with_source(archive_source) } it { is_expected.to contain_archive('/tmp/grafana.tar.gz').with_extract_path(install_dir) } end describe 'create grafana user' do it { is_expected.to contain_user('grafana').with_ensure('present').with_home(install_dir) } it { is_expected.to contain_user('grafana').that_comes_before('File[/usr/share/grafana]') } end case facts[:osfamily] when 'Archlinux' describe 'create data_dir' do it { is_expected.to contain_file('/var/lib/grafana').with_ensure('directory') } end when 'Debian' describe 'create data_dir' do it { is_expected.to contain_file('/var/lib/grafana').with_ensure('directory') } end when 'FreBSD' describe 'create data_dir' do it { is_expected.to contain_file('/var/db/grafana').with_ensure('directory') } end when 'RedHat' describe 'create data_dir' do it { is_expected.to contain_file('/var/lib/grafana').with_ensure('directory') } end end describe 'manage install_dir' do it { is_expected.to contain_file(install_dir).with_ensure('directory') } it { is_expected.to contain_file(install_dir).with_group('grafana').with_owner('grafana') } end describe 'configure grafana' do it { is_expected.to contain_file(service_config).with_ensure('file') } end describe 'run grafana as service' do it { is_expected.to contain_service('grafana').with_ensure('running').with_provider('base') } it { is_expected.to contain_service('grafana').with_hasrestart(false).with_hasstatus(false) } end context 'when user already defined' do let(:pre_condition) do 'user{"grafana": ensure => present, }' end describe 'do NOT create grafana user' do it { is_expected.not_to contain_user('grafana').with_ensure('present').with_home(install_dir) } end end context 'when service already defined' do let(:pre_condition) do 'service{"grafana": ensure => running, name => "grafana-server", hasrestart => true, hasstatus => true, }' end describe 'do NOT run service' do it { is_expected.not_to contain_service('grafana').with_hasrestart(false).with_hasstatus(false) } end end end context 'invalid parameters' do context 'cfg' do describe 'should not raise an error when cfg parameter is a hash' do let(:params) do { cfg: {} } end it { is_expected.to contain_package('grafana') } end end end context 'configuration file' do describe 'should not contain any configuration when cfg param is empty' do it { is_expected.to contain_file('grafana.ini').with_content("# This file is managed by Puppet, any changes will be overwritten\n\n") } end describe 'should correctly transform cfg param entries to Grafana configuration' do let(:params) do { cfg: { 'app_mode' => 'production', 'section' => { 'string' => 'production', 'number' => 8080, 'boolean' => false, 'empty' => '' } }, ldap_cfg: { 'servers' => [ { 'host' => 'server1', 'use_ssl' => true, 'search_filter' => '(sAMAccountName=%s)', - 'search_base_dns' => ['dc=domain1,dc=com'] }, - { 'host' => 'server2', - 'use_ssl' => true, - 'search_filter' => '(sAMAccountName=%s)', - 'search_base_dns' => ['dc=domain2,dc=com'] } + 'search_base_dns' => ['dc=domain1,dc=com'] } ], 'servers.attributes' => { 'name' => 'givenName', 'surname' => 'sn', 'username' => 'sAMAccountName', 'member_of' => 'memberOf', 'email' => 'email' } } } end expected = "# This file is managed by Puppet, any changes will be overwritten\n\n"\ "app_mode = production\n\n"\ "[section]\n"\ "boolean = false\n"\ "empty = \n"\ "number = 8080\n"\ "string = production\n" it { is_expected.to contain_file('grafana.ini').with_content(expected) } ldap_expected = "\n[[servers]]\n"\ "host = \"server1\"\n"\ "search_base_dns = [\"dc=domain1,dc=com\"]\n"\ "search_filter = \"(sAMAccountName=%s)\"\n"\ "use_ssl = true\n"\ "\n"\ - "[[servers]]\n"\ - "host = \"server2\"\n"\ + "[servers.attributes]\n"\ + "email = \"email\"\n"\ + "member_of = \"memberOf\"\n"\ + "name = \"givenName\"\n"\ + "surname = \"sn\"\n"\ + "username = \"sAMAccountName\"\n"\ + "\n" + + it { is_expected.to contain_file('/etc/grafana/ldap.toml').with_content(ldap_expected) } + end + end + + context 'multiple ldap configuration' do + describe 'should correctly transform ldap config param into Grafana ldap.toml' do + let(:params) do + { + cfg: {}, + ldap_cfg: [ + { + 'servers' => [ + { 'host' => 'server1a server1b', + 'use_ssl' => true, + 'search_filter' => '(sAMAccountName=%s)', + 'search_base_dns' => ['dc=domain1,dc=com'] } + ], + 'servers.attributes' => { + 'name' => 'givenName', + 'surname' => 'sn', + 'username' => 'sAMAccountName', + 'member_of' => 'memberOf', + 'email' => 'email' + } + }, + { + 'servers' => [ + { 'host' => 'server2a server2b', + 'use_ssl' => true, + 'search_filter' => '(sAMAccountName=%s)', + 'search_base_dns' => ['dc=domain2,dc=com'] } + ], + 'servers.attributes' => { + 'name' => 'givenName', + 'surname' => 'sn', + 'username' => 'sAMAccountName', + 'member_of' => 'memberOf', + 'email' => 'email' + } + } + ] + } + end + + ldap_expected = "\n[[servers]]\n"\ + "host = \"server1a server1b\"\n"\ + "search_base_dns = [\"dc=domain1,dc=com\"]\n"\ + "search_filter = \"(sAMAccountName=%s)\"\n"\ + "use_ssl = true\n"\ + "\n"\ + "[servers.attributes]\n"\ + "email = \"email\"\n"\ + "member_of = \"memberOf\"\n"\ + "name = \"givenName\"\n"\ + "surname = \"sn\"\n"\ + "username = \"sAMAccountName\"\n"\ + "\n"\ + "\n[[servers]]\n"\ + "host = \"server2a server2b\"\n"\ "search_base_dns = [\"dc=domain2,dc=com\"]\n"\ "search_filter = \"(sAMAccountName=%s)\"\n"\ "use_ssl = true\n"\ "\n"\ "[servers.attributes]\n"\ "email = \"email\"\n"\ "member_of = \"memberOf\"\n"\ "name = \"givenName\"\n"\ "surname = \"sn\"\n"\ "username = \"sAMAccountName\"\n"\ "\n" it { is_expected.to contain_file('/etc/grafana/ldap.toml').with_content(ldap_expected) } end end context 'sysconfig environment variables' do let(:params) do { install_method: 'repo', sysconfig: { http_proxy: 'http://proxy.example.com/' } } end case facts[:osfamily] when 'Debian' describe 'Add the environment variable to the config file' do it { is_expected.to contain_augeas('sysconfig/grafana-server').with_context('/files/etc/default/grafana-server') } it { is_expected.to contain_augeas('sysconfig/grafana-server').with_changes(['set http_proxy http://proxy.example.com/']) } end when 'RedHat' describe 'Add the environment variable to the config file' do it { is_expected.to contain_augeas('sysconfig/grafana-server').with_context('/files/etc/sysconfig/grafana-server') } it { is_expected.to contain_augeas('sysconfig/grafana-server').with_changes(['set http_proxy http://proxy.example.com/']) } end end end end end end diff --git a/spec/unit/puppet/type/grafana_ldap_config_spec.rb b/spec/unit/puppet/type/grafana_ldap_config_spec.rb new file mode 100644 index 0000000..e8a32ed --- /dev/null +++ b/spec/unit/puppet/type/grafana_ldap_config_spec.rb @@ -0,0 +1,164 @@ +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +require 'spec_helper' + +describe Puppet::Type.type(:grafana_ldap_config) do + # resource title + context 'validate resource title' do + it 'fails if title is not set' do + expect do + described_class.new name: nil + end.to raise_error(Puppet::Error, %r{Title or name must be provided}) + end + + it 'fails if title is not a string' do + expect do + described_class.new name: 123 + end.to raise_error(Puppet::ResourceError, %r{must be a String}) + end + end + + # owner + context 'validate owner' do + it 'fails if owner is wrong type' do + expect do + described_class.new name: 'foo_bar', owner: true + end.to raise_error(Puppet::ResourceError, %r{must be a String or Integer}) + end + + it 'succeeds if owner is string' do + expect do + described_class.new name: 'foo_bar', owner: 'foo' + end + end + + it 'succeeds if owner is numeric' do + expect do + described_class.new name: 'foo_bar', owner: 111 + end + end + end + + # group + context 'validate group' do + it 'fails if group is wrong type' do + expect do + described_class.new name: 'foo_bar', group: true + end.to raise_error(Puppet::ResourceError, %r{must be a String or Integer}) + end + + it 'succeeds if group is string' do + expect do + described_class.new name: 'foo_bar', group: 'foo' + end + end + + it 'succeeds if group is numeric' do + expect do + described_class.new name: 'foo_bar', owner: 111 + end + end + end + + # mode + context 'validate mode' do + it 'fails if mode is wrong type' do + expect do + described_class.new name: 'foo_bar', mode: 123 + end.to raise_error(Puppet::ResourceError, %r{must be a String}) + end + + it 'fails if mode is empty' do + expect do + described_class.new name: 'foo_bar', mode: '' + end.to raise_error(Puppet::ResourceError, %r{must be a String}) + end + + # currently disabled + # it 'fails if mode is invalid' do + # expect do + # described_class.new name: 'foo_bar', mode: 'abcd' + # end.to raise_error(Puppet::ResourceError, %r{is not valid}) + # end + + it 'succeeds if mode is string' do + expect do + described_class.new name: 'foo_bar', mode: '0755' + end + end + end + + # replace + context 'validate replace' do + it 'fails if replace is not a boolean' do + expect do + described_class.new name: 'foo_bar', replace: 'bla' + end.to raise_error(Puppet::ResourceError, %r{Valid values are}) + end + + it 'succeeds if replace' do + expect do + described_class.new name: 'foo_bar', replace: true + end + end + end + + # backup + context 'validate backup' do + it 'fails if backup is not a boolean' do + expect do + described_class.new name: 'foo_bar', backup: 'bla' + end.to raise_error(Puppet::ResourceError, %r{Valid values are}) + end + + it 'succeeds if backup' do + expect do + described_class.new name: 'foo_bar', backup: true + end + end + end + + # validate_cmd + context 'validate validate_cmd' do + it 'fails if validate_cmd is wrong type' do + expect do + described_class.new name: 'foo_bar', validate_cmd: 123 + end.to raise_error(Puppet::Error, %r{must be a String}) + end + + it 'succeeds if group is string' do + expect do + described_class.new name: 'foo_bar', validate_cmd: '0755' + end + end + end + + # ldap_servers + context 'validate ldap_servers' do + it 'correctly returns the declared LDAP servers' do + catalog = Puppet::Resource::Catalog.new + server = Puppet::Type.type(:grafana_ldap_server).new( + name: 'ldap.example.com', + hosts: ['ldap.example.com'], + search_base_dns: ['ou=auth'] + ) + config = Puppet::Type.type(:grafana_ldap_config).new name: 'ldap1' + + catalog.add_resource server + catalog.add_resource config + + expect(config.ldap_servers.keys).to include('ldap.example.com') + end + end +end diff --git a/spec/unit/puppet/type/grafana_ldap_group_mapping_spec.rb b/spec/unit/puppet/type/grafana_ldap_group_mapping_spec.rb new file mode 100644 index 0000000..410be52 --- /dev/null +++ b/spec/unit/puppet/type/grafana_ldap_group_mapping_spec.rb @@ -0,0 +1,151 @@ +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +require 'spec_helper' + +describe Puppet::Type.type(:grafana_ldap_group_mapping) do + # resource title + context 'validate resource title' do + it 'fails if title is not set' do + expect do + described_class.new name: nil + end.to raise_error(Puppet::Error, %r{Title or name must be provided}) + end + + it 'fails if title is empty' do + expect do + described_class.new name: '' + end.to raise_error(RuntimeError, %r{needs to be a non-empty string}) + end + + it 'fails if title is not a string' do + expect do + described_class.new name: 123 + end.to raise_error(Puppet::ResourceError, %r{must be a String}) + end + end + + # ldap_server_name + context 'validate ldap_server_name' do + it 'fails if ldap_server_name is not set' do + expect do + described_class.new name: 'foo_bar', ldap_server_name: nil, group_dn: 'bar' + end.to raise_error(Puppet::Error, %r{Got nil value for}) + end + + it 'fails if ldap_server_name is empty' do + expect do + described_class.new name: 'foo_bar', ldap_server_name: '', group_dn: 'bar' + end.to raise_error(RuntimeError, %r{needs to be a non-empty string}) + end + + it 'fails if ldap_server_name is not a string' do + expect do + described_class.new name: '123_bar', ldap_server_name: 123, group_dn: 'bar' + end.to raise_error(Puppet::ResourceError, %r{must be a String}) + end + end + + # group_dn + context 'validate group_dn' do + it 'fails if group_dn is not set' do + expect do + described_class.new name: 'foo_bar', ldap_server_name: 'foo', group_dn: nil + end.to raise_error(Puppet::Error, %r{Got nil value for}) + end + + it 'fails if group_dn is empty' do + expect do + described_class.new name: 'foo_bar', ldap_server_name: 'foo', group_dn: '' + end.to raise_error(RuntimeError, %r{needs to be a non-empty string}) + end + + it 'fails if group_dn is not a string' do + expect do + described_class.new name: 'foo_123', ldap_server_name: 'foo', group_dn: 123 + end.to raise_error(Puppet::ResourceError, %r{must be a String}) + end + end + + # org_role + context 'validate org_role' do + it 'fails if org_role is not set' do + expect do + described_class.new name: 'foo_bar', ldap_server_name: 'foo', group_dn: 'bar', org_role: nil + end.to raise_error(Puppet::Error, %r{Got nil value for}) + end + + it 'fails if org_role is not a string' do + expect do + described_class.new name: 'foo_bar', ldap_server_name: 'foo', group_dn: 'bar', org_role: 123 + end.to raise_error(Puppet::ResourceError, %r{Valid values are}) + end + + it 'fails if org_role is an unknown role' do + expect do + described_class.new name: 'foo_bar', ldap_server_name: 'foo', group_dn: 'bar', org_role: 'bla' + end.to raise_error(Puppet::Error, %r{Valid values are}) + end + + it 'succeeds if all is correct' do + expect do + described_class.new name: 'foo_bar', ldap_server_name: 'foo', group_dn: 'bar', org_role: 'Editor' + end + end + end + + # grafana_admin + context 'validate grafana_admin' do + it 'fails if org_role is not a boolean' do + expect do + described_class.new name: 'foo_bar', ldap_server_name: 'foo', group_dn: 'bar', org_role: 'Admin', grafana_admin: 'bla' + end.to raise_error(Puppet::ResourceError, %r{Valid values are}) + end + + it 'succeeds if grafana_admin' do + expect do + described_class.new name: 'foo_bar', ldap_server_name: 'foo', group_dn: 'bar', org_role: 'Admin', grafana_admin: true + end + end + end + + context 'valid viewer' do + let(:group_mapping) do + described_class.new name: 'foo_bar', ldap_server_name: 'foo', group_dn: 'bar', org_role: 'Viewer', grafana_admin: false + end + + it 'given all parameters' do + expect(group_mapping[:org_role]).to eq(:Viewer) + end + end + + context 'valid editor' do + let(:group_mapping) do + described_class.new name: 'foo_bar', ldap_server_name: 'foo', group_dn: 'bar', org_role: 'Editor', grafana_admin: false + end + + it 'given all parameters' do + expect(group_mapping[:org_role]).to eq(:Editor) + end + end + + context 'valid admin' do + let(:group_mapping) do + described_class.new name: 'foo_bar', ldap_server_name: 'foo', group_dn: 'bar', org_role: 'Admin', grafana_admin: true + end + + it 'given all parameters' do + expect(group_mapping[:org_role]).to eq(:Admin) + end + end +end diff --git a/spec/unit/puppet/type/grafana_ldap_server_spec.rb b/spec/unit/puppet/type/grafana_ldap_server_spec.rb new file mode 100644 index 0000000..0706c0d --- /dev/null +++ b/spec/unit/puppet/type/grafana_ldap_server_spec.rb @@ -0,0 +1,337 @@ +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +require 'spec_helper' + +describe Puppet::Type.type(:grafana_ldap_server) do + # resource title + context 'validate resource title' do + it 'fails if title is not set' do + expect do + described_class.new name: nil + end.to raise_error(Puppet::Error, %r{Title or name must be provided}) + end + + it 'fails if title is empty' do + expect do + described_class.new name: '' + end.to raise_error(RuntimeError, %r{must not be empty}) + end + + it 'fails if title is not a string' do + expect do + described_class.new name: 123 + end.to raise_error(Puppet::ResourceError, %r{must be a String}) + end + end + + # hosts + context 'validate hosts' do + it 'fails if hosts is not set' do + expect do + described_class.new name: 'server1', hosts: nil + end.to raise_error(Puppet::Error, %r{Got nil value for}) + end + + it 'fails if hosts is not an array' do + expect do + described_class.new name: 'server1', hosts: '' + end.to raise_error(RuntimeError, %r{must be an Array}) + end + + it 'fails if hosts is empty' do + expect do + described_class.new name: 'server1', hosts: [] + end.to raise_error(RuntimeError, %r{must not be empty}) + end + end + + # port + context 'validate port' do + it 'fails if port is empty' do + expect do + described_class.new name: 'server1', hosts: ['server1'], port: 0 + end.to raise_error(RuntimeError, %r{must be an Integer within}) + end + + it 'fails if port is a string' do + expect do + described_class.new name: 'server1', hosts: ['server1'], port: '123' + end.to raise_error(Puppet::ResourceError, %r{must be an Integer within}) + end + + it 'fails if port is greater than 65535' do + expect do + described_class.new name: 'server1', hosts: ['server1'], port: 123_456 + end.to raise_error(Puppet::ResourceError, %r{must be an Integer within}) + end + end + + # use_ssl + context 'validate use_ssl' do + it 'fails if use_ssl is not boolean' do + expect do + described_class.new name: 'server1', hosts: ['server1'], use_ssl: 'foobar' + end.to raise_error(Puppet::Error, %r{Valid values are true}) + end + + it 'succeeds if all is correct' do + expect do + described_class.new name: 'server1', hosts: ['server1'], use_ssl: true + end + end + end + + # start_tls + context 'validate start_tls' do + it 'fails if start_tls is not boolean' do + expect do + described_class.new name: 'server1', hosts: ['server1'], start_tls: 'foobar' + end.to raise_error(Puppet::Error, %r{Valid values are true}) + end + + it 'succeeds if all is correct' do + expect do + described_class.new name: 'server1', hosts: ['server1'], start_tls: true + end + end + end + + # ssl_skip_verify + context 'validate ssl_skip_verify' do + it 'fails if ssl_skip_verify is not boolean' do + expect do + described_class.new name: 'server1', hosts: ['server1'], ssl_skip_verify: 'foobar' + end.to raise_error(Puppet::Error, %r{Valid values are true}) + end + + it 'succeeds if all is correct' do + expect do + described_class.new name: 'server1', hosts: ['server1'], ssl_skip_verify: true + end + end + end + + # root_ca_cert + context 'validate root_ca_cert' do + it 'fails if root_ca_cert is empty' do + expect do + described_class.new name: 'server1', hosts: ['server1'], root_ca_cert: '' + end.to raise_error(RuntimeError, %r{must be set when SSL}) + end + + it 'fails if root_ca_cert is not a string' do + expect do + described_class.new name: 'server1', hosts: ['server1'], root_ca_cert: 12_345 + end.to raise_error(Puppet::Error, %r{must be a String}) + end + + it 'succeeds if all is correct' do + expect do + described_class.new name: 'server1', hosts: ['server1'], root_ca_cert: '/etc/ssl/certs/ca-certificate.crt' + end + end + end + + # client_cert + context 'validate client_cert' do + it 'fails if client_cert is not a string' do + expect do + described_class.new name: 'server1', hosts: ['server1'], client_cert: 12_345 + end.to raise_error(Puppet::Error, %r{must be a String}) + end + + it 'succeeds if all is correct' do + expect do + described_class.new name: 'server1', hosts: ['server1'], client_cert: '/etc/ssl/host.crt' + end + end + end + + # client_key + context 'validate client_key' do + it 'fails if client_key is not a string' do + expect do + described_class.new name: 'server1', hosts: ['server1'], client_key: 12_345 + end.to raise_error(Puppet::Error, %r{must be a String}) + end + + it 'succeeds if all is correct' do + expect do + described_class.new name: 'server1', hosts: ['server1'], client_key: '/etc/ssl/certs/ca-certificate.crt' + end + end + end + + # bind_dn + context 'validate bind_dn' do + it 'fails if bind_dn is not a string' do + expect do + described_class.new name: 'server1', hosts: ['server1'], bind_dn: 12_345 + end.to raise_error(Puppet::Error, %r{must be a String}) + end + + it 'succeeds if all is correct' do + expect do + described_class.new name: 'server1', hosts: ['server1'], bind_dn: 'cn=Admin', search_base_dns: ['ou=users'] + end + end + end + + # bind_password + context 'validate bind_password' do + it 'fails if bind_password is not a string' do + expect do + described_class.new name: 'server1', hosts: ['server1'], bind_password: 12_345 + end.to raise_error(Puppet::Error, %r{must be a String}) + end + + it 'succeeds if all is correct' do + expect do + described_class.new name: 'server1', hosts: ['server1'], bind_password: 'foobar', search_base_dns: ['ou=users'] + end + end + end + + # search_filter + context 'validate search_filter' do + it 'fails if search_filter is not a string' do + expect do + described_class.new name: 'server1', hosts: ['server1'], search_filter: 12_345 + end.to raise_error(Puppet::Error, %r{must be a String}) + end + + it 'succeeds if all is correct' do + expect do + described_class.new name: 'server1', hosts: ['server1'], search_filter: 'uid=%u', search_base_dns: ['ou=users'] + end + end + end + + # search_base_dns + context 'validate search_base_dns' do + it 'fails if search_base_dns is not an array' do + expect do + described_class.new name: 'server1', hosts: ['server1'], search_base_dns: 12_345 + end.to raise_error(Puppet::Error, %r{must be an Array}) + end + + it 'fails if search_base_dns array members are not strings' do + expect do + described_class.new name: 'server1', hosts: ['server1'], search_base_dns: [12_345] + end.to raise_error(Puppet::Error, %r{must be a String}) + end + + it 'fails if search_base_dns array is empty' do + expect do + described_class.new name: 'server1', hosts: ['server1'], search_base_dns: [] + end.to raise_error(RuntimeError, %r{needs to contain at least one LDAP base-dn}) + end + + it 'succeeds if all is correct' do + expect do + described_class.new name: 'server1', hosts: ['server1'], search_base_dns: ['ou=users'] + end + end + end + + # group_search_filter + context 'validate group_search_filter' do + it 'fails if group_search_filter is not a string' do + expect do + described_class.new name: 'server1', hosts: ['server1'], group_search_filter: 12_345 + end.to raise_error(Puppet::Error, %r{must be a String}) + end + + it 'succeeds if all is correct' do + expect do + described_class.new name: 'server1', hosts: ['server1'], group_search_filter: 'cn=adminsgroup', search_base_dns: ['ou=users'] + end + end + end + + # group_search_filter_user_attribute + context 'validate group_search_filter_user_attribute' do + it 'fails if group_search_filter_user_attribute is not a string' do + expect do + described_class.new name: 'server1', hosts: ['server1'], group_search_filter_user_attribute: 12_345 + end.to raise_error(Puppet::Error, %r{must be a String}) + end + + it 'succeeds if all is correct' do + expect do + described_class.new name: 'server1', hosts: ['server1'], group_search_filter_user_attribute: 'dn', search_base_dns: ['ou=users'] + end + end + end + + # group_search_base_dns + context 'validate group_search_base_dns' do + it 'fails if group_search_base_dns is not an array' do + expect do + described_class.new name: 'server1', hosts: ['server1'], group_search_base_dns: 12_345 + end.to raise_error(Puppet::Error, %r{must be an Array}) + end + + it 'fails if group_search_base_dns array members are not strings' do + expect do + described_class.new name: 'server1', hosts: ['server1'], group_search_base_dns: [12_345] + end.to raise_error(Puppet::Error, %r{must be a String}) + end + + it 'fails if group_search_base_dns array is empty' do + expect do + described_class.new name: 'server1', hosts: ['server1'], group_search_base_dns: [], search_base_dns: ['ou=auth'] + end.to raise_error(RuntimeError, %r{needs to contain at least one LDAP base-dn}) + end + + it 'succeeds if all is correct' do + expect do + described_class.new name: 'server1', hosts: ['server1'], group_search_base_dns: ['ou=users'] + end + end + end + + # attributes + context 'validate attributes' do + it 'fails if attributes is not a hash' do + expect do + described_class.new name: 'server1', hosts: ['server1'], attributes: [12_345] + end.to raise_error(Puppet::Error, %r{must be a Hash}) + end + + it 'fails if unknown attribute' do + expect do + described_class.new name: 'server1', hosts: ['server1'], attributes: { 'foo' => 'bar' } + end.to raise_error(Puppet::Error, %r{contains an unknown key}) + end + + it 'fails if wrong key type' do + expect do + described_class.new name: 'server1', hosts: ['server1'], attributes: { 12_345 => 'bar' } + end.to raise_error(Puppet::Error, %r{must be Strings}) + end + + it 'fails if wrong value type' do + expect do + described_class.new name: 'server1', hosts: ['server1'], attributes: { 'surname' => {} } + end.to raise_error(Puppet::Error, %r{must be Strings}) + end + + it 'succeeds if all is correct' do + expect do + described_class.new name: 'server1', hosts: ['server1'], attributes: { 'username' => 'uid' } + end + end + end +end