diff --git a/lib/puppet/type/grafana_datasource.rb b/lib/puppet/type/grafana_datasource.rb index 4f4ec8e..6a76b33 100644 --- a/lib/puppet/type/grafana_datasource.rb +++ b/lib/puppet/type/grafana_datasource.rb @@ -1,130 +1,130 @@ # frozen_string_literal: true # Copyright 2015 Mirantis, Inc. # Puppet::Type.newtype(:grafana_datasource) do @doc = 'Manage datasources in Grafana' ensurable newparam(:name, namevar: true) do desc 'The name of the datasource.' end newparam(:grafana_api_path) do desc 'The absolute path to the API endpoint' defaultto '/api' validate do |value| raise ArgumentError, format('%s is not a valid API path', value) unless value =~ %r{^/.*/?api$} end end newparam(:grafana_url) do desc 'The URL of the Grafana server' defaultto '' validate do |value| raise ArgumentError, format('%s is not a valid URL', value) unless value =~ %r{^https?://} end end newparam(:grafana_user) do desc 'The username for the Grafana server' end newparam(:grafana_password) do desc 'The password for the Grafana server' end newproperty(:url) do desc 'The URL/Endpoint of the datasource' end newproperty(:type) do desc 'The datasource type' end newparam(:organization) do desc 'The organization name to create the datasource on' defaultto 1 end newproperty(:user) do desc 'The username for the datasource (optional)' end newproperty(:password) do desc 'The password for the datasource (optional)' sensitive true end newproperty(:database) do desc 'The name of the database (optional)' end newproperty(:access_mode) do desc 'Whether the datasource is accessed directly or not by the clients' newvalues(:direct, :proxy) defaultto :direct end newproperty(:is_default) do desc 'Whether the datasource is the default one' newvalues(true, false) defaultto false end newproperty(:basic_auth) do desc 'Whether basic auth is enabled or not' newvalues(true, false) defaultto false end newproperty(:basic_auth_user) do desc 'The username for basic auth if enabled' defaultto '' end newproperty(:basic_auth_password) do desc 'The password for basic auth if enabled' defaultto '' end newproperty(:with_credentials) do desc 'Whether credentials such as cookies or auth headers should be sent with cross-site requests' newvalues(true, false) defaultto false end newproperty(:json_data) do desc 'Additional JSON data to configure the datasource (optional)' validate do |value| raise ArgumentError, 'json_data should be a Hash!' unless value.nil? || value.is_a?(Hash) end end newproperty(:secure_json_data) do desc 'Additional secure JSON data to configure the datasource (optional)' sensitive true validate do |value| raise ArgumentError, 'secure_json_data should be a Hash!' unless value.nil? || value.is_a?(Hash) end end - def set_sensitive_parameters(sensitive_parameters) # rubocop:disable Style/AccessorMethodName + def set_sensitive_parameters(sensitive_parameters) # rubocop:disable Naming/AccessorMethodName parameter(:password).sensitive = true if parameter(:password) parameter(:basic_auth_password).sensitive = true if parameter(:basic_auth_password) super(sensitive_parameters) end autorequire(:service) do 'grafana-server' end autorequire(:grafana_conn_validator) do 'grafana' end end diff --git a/lib/puppet/type/grafana_ldap_server.rb b/lib/puppet/type/grafana_ldap_server.rb index 39a68e9..8bd1168 100644 --- a/lib/puppet/type/grafana_ldap_server.rb +++ b/lib/puppet/type/grafana_ldap_server.rb @@ -1,179 +1,179 @@ # frozen_string_literal: true require 'puppet/parameter/boolean' Puppet::Type.newtype(:grafana_ldap_server) do @doc = 'Manage Grafana LDAP servers for LDAP authentication.' validate do raise(_('grafana_ldap_server: name must not be empty')) if self[:name].nil? || self[:name].empty? raise(_('grafana_ldap_server: hosts must not be empty')) if self[:hosts].nil? || self[:hosts].empty? raise(_('grafana_ldap_server: port must not be empty')) if self[:port].nil? raise(_('grafana_ldap_server: root_ca_cert must be set when SSL/TLS is enabled')) \ if !self[:ssl_skip_verify] && (self[:use_ssl] || self[:start_tls]) && self[:root_ca_cert].empty? raise(_('grafana_ldap_server: search_base_dns needs to contain at least one LDAP base-dn')) \ if self[:search_base_dns].empty? raise(_('grafana_ldap_server: group_search_base_dns needs to contain at least one LDAP base-dn')) \ if !self[:group_search_base_dns].nil? && self[:group_search_base_dns].empty? end newparam(:title, namevar: true) do desc 'A unique identified for this LDAP server.' validate do |value| raise ArgumentError, _('name/title must be a String') unless value.is_a?(String) end end newparam(:hosts) do desc 'The servers to perform LDAP authentication at' validate do |value| raise ArgumentError, _('hosts must be an Array') unless value.is_a?(Array) end end newparam(:port) do desc 'The port to connect at the LDAP servers (389 for TLS/plaintext, 636 for SSL [ldaps], optional)' defaultto 389 validate do |value| raise ArgumentError, _('port must be an Integer within the range 1-65535') unless value.is_a?(Integer) && value.between?(1, 65_535) # rubocop wants to have this weirdness end end newparam(:use_ssl, boolean: true, parent: Puppet::Parameter::Boolean) do desc 'Set to true if you want to perform LDAP via a SSL-connection (not meant to be for TLS, optional)' defaultto false end newparam(:start_tls, boolean: true, parent: Puppet::Parameter::Boolean) do desc 'Set to true if you want to perform LDAP via a TLS-connection (not meant to be for SSL, optional)' defaultto true end newparam(:ssl_skip_verify, boolean: true, parent: Puppet::Parameter::Boolean) do desc "Set to true to disable verification of the LDAP server's SSL certificate (for TLS and SSL, optional)" defaultto false end newparam(:root_ca_cert) do desc "The root ca-certificate to verify the LDAP server's SSL certificate against (for TLS and SSL, optional)" defaultto '/etc/ssl/certs/ca-certificates.crt' validate do |value| raise ArgumentError, _('root_ca_cert must be a String') unless value.is_a?(String) end end newparam(:client_cert) do desc "If the LDAP server requires certificate-based authentication, specify the client's certificate (for TLS and SSL, optional)" validate do |value| raise ArgumentError, _('client_cert must be a String') unless value.is_a?(String) end end newparam(:client_key) do desc "If the LDAP server requires certificate-based authentication, specify the client's certificate (for TLS and SSL, optional)" validate do |value| raise ArgumentError, _('client_key must be a String') unless value.is_a?(String) end end newparam(:bind_dn) do desc 'If the LDAP server requires authentication (i.e. non-anonymous), provide the distinguished-name (dn) here (optional)' validate do |value| raise ArgumentError, _('bind_dn must be a String') unless value.is_a?(String) end end newparam(:bind_password) do desc 'If the LDAP server requires authentication (i.e. non-anonymous), provide the password (optional)' validate do |value| raise ArgumentError, _('bind_password must be a String') unless value.is_a?(String) end end newparam(:search_filter) do desc 'A search-filter to be used when querying LDAP for user-accounts (optional)' validate do |value| raise ArgumentError, _('search_filter must be a String') unless value.is_a?(String) end end newparam(:search_base_dns) do desc 'The one or more base-dn to be used when querying LDAP for user-accounts (optional)' defaultto [] validate do |value| raise ArgumentError, _('search_base_dns must be an Array') unless value.is_a?(Array) value.each { |base_dn| raise ArgumentError, _('search_base_dns elements must be a String') unless base_dn.is_a?(String) } end end newparam(:group_search_filter) do desc 'A search-filter to be used when querying LDAP for group-accounts (optional)' validate do |value| raise ArgumentError, _('group_search_filter must be a String') unless value.is_a?(String) end end newparam(:group_search_filter_user_attribute) do desc 'The attribute to be used to locate matching user-accounts in the group (optional)' validate do |value| raise ArgumentError, _('group_search_filter_user_attribute must be a String') unless value.is_a?(String) end end newparam(:group_search_base_dns) do desc 'The base-dn to be used when querying LDAP for group-accounts (optional)' validate do |value| raise ArgumentError, _('search_base_dns must be an Array') unless value.is_a?(Array) value.each { |base_dn| raise ArgumentError, _('search_base_dns elements must be a String') unless base_dn.is_a?(String) } end end newparam(:attributes) do desc 'Mapping LDAP attributes to their Grafana user-account-properties (optional)' validate do |value| valid_attributes = %w[name surname username member_of email] raise ArgumentError, _('attributes must be a Hash') unless value.is_a?(Hash) value.each { |k, v| raise ArgumentError, _('attributes hash keys and values must be Strings') unless k.is_a?(String) && v.is_a?(String) } raise ArgumentError, _("attributes contains an unknown key, allowed: #{valid_attributes.join(', ')}") if value.keys.reject { |key| valid_attributes.include?(key) }.count.positive? end end - def set_sensitive_parameters(sensitive_parameters) # rubocop:disable Style/AccessorMethodName + def set_sensitive_parameters(sensitive_parameters) # rubocop:disable Naming/AccessorMethodName parameter(:bind_password).sensitive = true if parameter(:bind_password) super(sensitive_parameters) end def group_mappings catalog.resources.map do |resource| next unless resource.is_a?(Puppet::Type.type(:grafana_ldap_group_mapping)) next unless resource[:ldap_server_name] == self[:name] group_mapping = resource.original_parameters.transform_keys(&:to_s) group_mapping.delete('ldap_server_name') group_mapping end.compact end end