From ea9030d4141919e8673fdc4616f879425d34d36a Mon Sep 17 00:00:00 2001
From: Sean Condon <sean@opennetworking.org>
Date: Thu, 24 Jun 2021 16:19:04 +0100
Subject: [PATCH] aether-roc-umbrella: adding LDAP auth for Grafana

---
 aether-roc-umbrella/Chart.yaml  |  2 +-
 aether-roc-umbrella/values.yaml | 43 +++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/aether-roc-umbrella/Chart.yaml b/aether-roc-umbrella/Chart.yaml
index 67ba267e..642552b6 100644
--- a/aether-roc-umbrella/Chart.yaml
+++ b/aether-roc-umbrella/Chart.yaml
@@ -7,7 +7,7 @@ name: aether-roc-umbrella
 description: Aether ROC Umbrella chart to deploy all Aether ROC
 kubeVersion: ">=1.18.0"
 type: application
-version: 1.2.14
+version: 1.2.15
 appVersion: v0.0.0
 keywords:
   - aether
diff --git a/aether-roc-umbrella/values.yaml b/aether-roc-umbrella/values.yaml
index 05296db7..4b1bc999 100644
--- a/aether-roc-umbrella/values.yaml
+++ b/aether-roc-umbrella/values.yaml
@@ -123,6 +123,9 @@ grafana:
       org_name: Main Org.
       org_role: Viewer
       hide_version: true
+    auth.ldap:
+      enabled: true
+      config_file: /etc/grafana/ldap.toml
   datasources:
     datasources.yaml:
       apiVersion: 1
@@ -146,6 +149,46 @@ grafana:
           path: /var/lib/grafana/dashboards/default
   dashboardsConfigMaps:
     default: aether-roc-umbrella-dashboards
+  ldap:
+    enabled: true
+    config: |-
+      verbose_logging = true
+      [[servers]]
+      host = "dex-ldap-umbrella-openldap"
+      port = 389
+      use_ssl = false
+      start_tls = false
+      ssl_skip_verify = false
+      bind_dn = "cn=admin,dc=opennetworking,dc=org"
+      bind_password = 'password'
+      search_filter = "(uid=%s)"
+      search_base_dns = ["cn=users,dc=opennetworking,dc=org"]
+
+      group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
+      group_search_base_dns = ["cn=groups,dc=opennetworking,dc=org"]
+      group_search_filter_user_attribute = "uid"
+
+      [servers.attributes]
+      member_of = "memberOf"
+      email = "mail"
+      first_name = "sn"
+      surname = "givenName"
+      username = "cn"
+
+      [[servers.group_mappings]]
+      group_dn = "cn=AetherROCAdmin,cn=groups,dc=opennetworking,dc=org"
+      org_role = "Admin"
+      org_id = 1
+
+      [[servers.group_mappings]]
+      group_dn = "cn=acme,cn=groups,dc=opennetworking,dc=org"
+      org_role = "Viewer"
+      org_id = 2
+
+      [[servers.group_mappings]]
+      group_dn = "cn=starbucks,cn=groups,dc=opennetworking,dc=org"
+      org_role = "Viewer"
+      org_id = 3
 
 prometheus:
   pushgateway: