From 1fd7e2c654f48215fbc49f1540e18bea5c077a94 Mon Sep 17 00:00:00 2001 From: Marius Oehler Date: Tue, 8 Sep 2020 11:33:43 +0200 Subject: [PATCH] Added explicit dependency for LDAP --- Makefile | 12 +++++++++ README.md | 64 ++++++++++++++++++++++++++++++++++---------- requirements.dev.txt | 2 ++ requirements.txt | 5 ++-- run.py | 4 +-- setup.py | 5 ++-- 6 files changed, 71 insertions(+), 21 deletions(-) create mode 100644 requirements.dev.txt diff --git a/Makefile b/Makefile index 997cfaa..51741fc 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,17 @@ init: pip install -r requirements.txt +bundle: + rm grafana-ldap-sync-script.zip + zip grafana-ldap-sync-script.zip \ + LICENSE \ + README.md \ + run.py \ + requirements.txt \ + config.yml \ + example.csv \ + script/* \ + -x 'script/__pycache__**' + test: nosetests tests diff --git a/README.md b/README.md index 45396b7..8bb1be7 100644 --- a/README.md +++ b/README.md @@ -2,41 +2,77 @@ A script to get Grafana users, teams and their permissions from an LDAP server and keep it in sync. ## Installation -Install all dependencies +Install all dependencies. ```bash pip install -r requirements.txt ``` +or consider to install the dependencies only for the user which will be executing the script: + +```bash +$ pip install --user -r requirements.txt +``` + ## Running the Script -The script can be simply run with: + +*The script requires Python 3 to run!* + +It can be simply run with: ```bash -python run.py [-h] --config *path-to-config.yml* --bind *path-to-bind-csv* [--dry-run] +$ python run.py [-h] --config --bind [--dry-run] ``` ## Usage If you just want to test the script, there is an example.csv predefined. Just enter your grafana credentials in the config.yml. The used LDAP-Server can be found [here](https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/). -#### Config +### Config Before starting the script you need to enter your grafana & ldap credentials in the config.yml. You also need to add the path to your .csv file containing the bindings. -#### Binding +### Binding To bind LDAP-groups to grafana-teams and grant these teams access to folders you need to provide a .csv file. Please note that the first row of the csv is recognized as a header-row and is therefore being ignored. The file needs to contain the following information in this exact order: -
+* **LDAP-Group**: The LDAP group which will be used for mapping. +* **Grafana-Team Name**: The name of the Grafana team which will be created (if not exist) and where the group's users will be added to. +* **Grafana-Team ID**: The ID of the Grafana team (currently not used). +* **Grafana-Folder Name**: The Grafana folder which will be created (if not exist) and where the group's users will have the specified permission to. +* **Grafana-Folder UUID**: The UUID of the Grafana folder. +* **Grafana-Folder Permission**: The users' permission for the specified Grafana folder. (`View`, `Edit`, `Admin`) + +Missing folders, teams and users will be created by the script. +Teams and users which are not existing in the LDAP mapping will be removed. Note: the user used by the script will not be deleted! + +#### Example CSV ```CSV -LDAP-Group, Grafana-Team Name, Grafana-Team ID, Grafana-Folder ID, Grafana-Folder UUID, Grafana-Folder Permission +ZBV/LDAP-Gruppe,Grafana-Team-Name,Grafana-Team-ID,Grafana-Folder-Name,Grafana-Folder-UUID,Grafana-Folder-Permissions +mathematicians,mathematicians,0,Math,math_folder,Admin +mathematicians,smart_people,0,Common Dashboards,all_folder,View +scientists,scientists,0,Science,science_folder,Edit +scientists,smart_people,0,Common Dashboards,all_folder,View ``` -Missing folders, teams and users will be created by the script. -
-Possible Grafana-Folder permissions are: -- View -- Edit -- Admin + +Using this CSV mapping will result in the following operations: +* The Grafana teams `mathematicians`, `smart_people` and `scientists` will be created. +* The Grafana folders `Math`, `Common Dashboards` and `Science` will be created. +* All users in the `mathematicians` LDAP group will be member of the Grafana team `mathematicians` and `smart_people`. +* All users in the `scientists` LDAP group will be member of the Grafana team `scientists`. +* All users in the `mathematicians` LDAP group will get `Admin` access to the `Math` folder. +* All users in the `mathematicians` LDAP group will get `View` access to the `Common Dashboards` folder. +* All users in the `scientists` LDAP group will get `Edit` access to the `Science` folder. +* All users in the `scientists` LDAP group will get `View` access to the `Common Dashboards` folder. #### Removing Bindings When a binding is removed in your .csv-file, this binding is also removed by the script. So if there is a team in your grafana instance which is not defined by the current binding the team will be deleted. This also applies to users. **This does not apply to folders! -Folders need to be deleted manually if not needed anymore!** \ No newline at end of file +Folders need to be deleted manually if not needed anymore!** + + +## Bundle Scripts + +Using the Makefile, you can bundle all the scripts into a single zip-archive. + +``` +$ make bundle +``` \ No newline at end of file diff --git a/requirements.dev.txt b/requirements.dev.txt new file mode 100644 index 0000000..c685c0a --- /dev/null +++ b/requirements.dev.txt @@ -0,0 +1,2 @@ +mock~=4.0.2 +setuptools~=49.2.0 \ No newline at end of file diff --git a/requirements.txt b/requirements.txt index b4bd5ab..74eb558 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,5 @@ requests~=2.24.0 grafana_api~=1.0.2 -ldap3~=2.7 -mock~=4.0.2 +ldap3~=2.6 PyYAML~=5.3.1 -setuptools~=49.2.0 +pyasn1>=0.4.6 \ No newline at end of file diff --git a/run.py b/run.py index 03f817f..c5928b2 100644 --- a/run.py +++ b/run.py @@ -15,11 +15,11 @@ def setup_logger(): """ Setting up the used logger. The 'mutate' logger will print whether dry-run is used and changes are being applied. """ - log_format = '%(asctime)s - %(levelname)s - %(module)7s - %(message)s' + log_format = '%(asctime)s - %(levelname)5s - %(module)7s - %(message)s' log_format_mut = log_format if args.dry_run: - log_format_mut = '%(asctime)s - %(levelname)s - %(module)7s - [SKIPPED] %(message)s' + log_format_mut = '%(asctime)s - %(levelname)5s - %(module)7s - [SKIPPED] %(message)s' else: log_format_mut = log_format diff --git a/setup.py b/setup.py index 3180476..ffd93cd 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='grafana-ldap-sync-script', - version='0.1.0', + version='1.1.0', description='Script for syncing LDAP Users & Groups with Grafana Users & Teams', packages=find_packages(exclude=('tests', 'docs')), package_data={'grafana-ldap-syn-script': ['run.py']}, @@ -13,6 +13,7 @@ "ldap3>=2.7", "mock>=4.0.2", "PyYAML>=5.3.1", - "setuptools>=9.2.0"] + "setuptools>=9.2.0", + "pyasn1>=0.4.6"] )