From 6378d956686b936c4332026adcc6a4d57330e97a Mon Sep 17 00:00:00 2001
From: Amnon Heiman <amnon@scylladb.com>
Date: Mon, 3 Aug 2020 17:58:11 +0300
Subject: [PATCH] Add LDAP grafana support

Grafana supports LDAP for use authentication.
You can read more about grafana support here:
https://grafana.com/docs/grafana/latest/auth/ldap/

This patch adds a command line option `-P` to pass an ldap configuration
file to Grafana.

Note that to access your LDAP from Grafana you'll need to login as
admin.

Fixes #912

Signed-off-by: Amnon Heiman <amnon@scylladb.com>
---
 start-all.sh     |  7 +++++--
 start-grafana.sh | 12 ++++++++++--
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/start-all.sh b/start-all.sh
index 16fb6c4b47..d055d03866 100755
--- a/start-all.sh
+++ b/start-all.sh
@@ -50,8 +50,9 @@ BIND_ADDRESS=""
 BIND_ADDRESS_CONFIG=""
 GRAFNA_ANONYMOUS_ROLE=""
 SPECIFIC_SOLUTION=""
+LDAP_FILE=""
 
-while getopts ':hled:g:p:v:s:n:a:c:j:b:m:r:R:M:G:D:L:N:C:Q:A:S:' option; do
+while getopts ':hled:g:p:v:s:n:a:c:j:b:m:r:R:M:G:D:L:N:C:Q:A:P:S:' option; do
   case "$option" in
     h) echo "$usage"
        exit
@@ -87,6 +88,8 @@ while getopts ':hled:g:p:v:s:n:a:c:j:b:m:r:R:M:G:D:L:N:C:Q:A:S:' option; do
        ;;
     L) CONSUL_ADDRESS="$OPTARG"
        ;;
+    P) LDAP_FILE="-P $OPTARG"
+       ;;
     a) GRAFANA_ADMIN_PASSWORD="-a $OPTARG"
        ;;
     j) GRAFANA_DASHBOARD_ARRAY+=("$OPTARG")
@@ -288,4 +291,4 @@ for val in "${GRAFANA_DASHBOARD_ARRAY[@]}"; do
         GRAFANA_DASHBOARD_COMMAND="$GRAFANA_DASHBOARD_COMMAND -j $val"
 done
 
-./start-grafana.sh $BIND_ADDRESS_CONFIG $SPECIFIC_SOLUTION -p $DB_ADDRESS $GRAFNA_ANONYMOUS_ROLE -D "$DOCKER_PARAM" $GRAFANA_PORT $EXTERNAL_VOLUME -m $AM_ADDRESS -M $MANAGER_VERSION -v $VERSIONS $GRAFANA_ENV_COMMAND $GRAFANA_DASHBOARD_COMMAND $GRAFANA_ADMIN_PASSWORD
+./start-grafana.sh $LDAP_FILE $BIND_ADDRESS_CONFIG $SPECIFIC_SOLUTION -p $DB_ADDRESS $GRAFNA_ANONYMOUS_ROLE -D "$DOCKER_PARAM" $GRAFANA_PORT $EXTERNAL_VOLUME -m $AM_ADDRESS -M $MANAGER_VERSION -v $VERSIONS $GRAFANA_ENV_COMMAND $GRAFANA_DASHBOARD_COMMAND $GRAFANA_ADMIN_PASSWORD
diff --git a/start-grafana.sh b/start-grafana.sh
index e7dc0c6da0..c3937f6892 100755
--- a/start-grafana.sh
+++ b/start-grafana.sh
@@ -19,10 +19,11 @@ EXTERNAL_VOLUME=""
 BIND_ADDRESS=""
 ANONYMOUS_ROLE="Admin"
 SPECIFIC_SOLUTION=""
+LDAP_FILE=""
 
-usage="$(basename "$0") [-h] [-v comma separated versions ] [-g grafana port ] [-G path to external dir] [-n grafana container name ] [-p ip:port address of prometheus ] [-j additional dashboard to load to Grafana, multiple params are supported] [-c grafana enviroment variable, multiple params are supported] [-x http_proxy_host:port] [-m alert_manager address] [-a admin password] [ -M scylla-manager version ] [-D encapsulate docker param] [-Q Grafana anonymous role (Admin/Editor/Viewer)] [-S start with a system specific dashboard set] -- loads the prometheus datasource and the Scylla dashboards into an existing grafana installation"
+usage="$(basename "$0") [-h] [-v comma separated versions ] [-g grafana port ] [-G path to external dir] [-n grafana container name ] [-p ip:port address of prometheus ] [-j additional dashboard to load to Grafana, multiple params are supported] [-c grafana enviroment variable, multiple params are supported] [-x http_proxy_host:port] [-m alert_manager address] [-a admin password] [ -M scylla-manager version ] [-D encapsulate docker param] [-Q Grafana anonymous role (Admin/Editor/Viewer)] [-S start with a system specific dashboard set] [-P ldap_config_file] -- loads the prometheus datasource and the Scylla dashboards into an existing grafana installation"
 
-while getopts ':hlg:n:p:v:a:x:c:j:m:G:M:D:A:S:Q:' option; do
+while getopts ':hlg:n:p:v:a:x:c:j:m:G:M:D:A:S:P:Q:' option; do
   case "$option" in
     h) echo "$usage"
        exit
@@ -44,6 +45,12 @@ while getopts ':hlg:n:p:v:a:x:c:j:m:G:M:D:A:S:Q:' option; do
        ;;
     l) DOCKER_PARAM="$DOCKER_PARAM --net=host"
        ;;
+    P) LDAP_FILE="$OPTARG"
+       GRAFANA_ENV_ARRAY+=("GF_AUTH_LDAP_ENABLED=true" "GF_AUTH_LDAP_CONFIG_FILE=/etc/grafana/ldap.toml" "GF_AUTH_LDAP_ALLOW_SIGN_UP=true")
+       LDAP_FILE="-v "`readlink -m $OPTARG`":/etc/grafana/ldap.toml"
+       GRAFANA_AUTH=true
+       GRAFANA_AUTH_ANONYMOUS=false
+       ;;
     D) DOCKER_PARAM="$DOCKER_PARAM $OPTARG"
        ;;
     Q) ANONYMOUS_ROLE=$OPTARG
@@ -133,6 +140,7 @@ docker run -d $DOCKER_PARAM -i $USER_PERMISSIONS $PORT_MAPPING \
      -e "GF_AUTH_ANONYMOUS_ENABLED=$GRAFANA_AUTH_ANONYMOUS" \
      -e "GF_AUTH_ANONYMOUS_ORG_ROLE=$ANONYMOUS_ROLE" \
      -e "GF_PANELS_DISABLE_SANITIZE_HTML=true" \
+     $LDAP_FILE \
      "${group_args[@]}" \
      -v $PWD/grafana/build:/var/lib/grafana/dashboards:z \
      -v $PWD/grafana/plugins:/var/lib/grafana/plugins:z \