Added explicit dependency for LDAP

Author: mariusoe

Makefile

@@ -1,5 +1,17 @@
 init:
 	pip install -r requirements.txt
 
+bundle:
+	rm grafana-ldap-sync-script.zip
+	zip grafana-ldap-sync-script.zip \
+		LICENSE \
+		README.md \
+		run.py \
+		requirements.txt \
+		config.yml \
+		example.csv \
+		script/* \
+		-x 'script/__pycache__**'
+
 test:
 	nosetests tests

README.md

@@ -2,41 +2,77 @@
 A script to get Grafana users, teams and their permissions from an LDAP server and keep it in sync.
 
 ## Installation
-Install all dependencies
+Install all dependencies.
 ```bash
 pip install -r requirements.txt
 ```
 
+or consider to install the dependencies only for the user which will be executing the script:
+
+```bash
+$ pip install --user -r requirements.txt
+```
+
 ## Running the Script
-The script can be simply run with:
+
+*The script requires Python 3 to run!*
+
+It can be simply run with:
 ```bash
-python run.py [-h] --config *path-to-config.yml* --bind *path-to-bind-csv* [--dry-run]
+$ python run.py [-h] --config <path-to-config.yml> --bind <path-to-bind-csv> [--dry-run]
 ```
 
 ## Usage
 If you just want to test the script, there is an example.csv predefined. Just enter your grafana credentials in the config.yml.
 The used LDAP-Server can be found [here](https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/).
 
-#### Config
+### Config
 Before starting the script you need to enter your grafana & ldap credentials in the config.yml. You also need to add the
 path to your .csv file containing the bindings.
 
-#### Binding
+### Binding
 To bind LDAP-groups to grafana-teams and grant these teams access to folders you need to provide a .csv file. Please note 
 that the first row of the csv is recognized as a header-row and is therefore being ignored. 
 The file needs to contain the following information in this exact order: 
-<br> 
+* **LDAP-Group**: The LDAP group which will be used for mapping.
+* **Grafana-Team Name**: The name of the Grafana team which will be created (if not exist) and where the group's users will be added to.
+* **Grafana-Team ID**: The ID of the Grafana team (currently not used).
+* **Grafana-Folder Name**: The Grafana folder which will be created (if not exist) and where the group's users will have the specified permission to.
+* **Grafana-Folder UUID**: The UUID of the Grafana folder.
+* **Grafana-Folder Permission**: The users' permission for the specified Grafana folder. (`View`, `Edit`, `Admin`)
+
+Missing folders, teams and users will be created by the script.
+Teams and users which are not existing in the LDAP mapping will be removed. Note: the user used by the script will not be deleted!
+
+#### Example CSV
 ```CSV
-LDAP-Group, Grafana-Team Name, Grafana-Team ID, Grafana-Folder ID, Grafana-Folder UUID, Grafana-Folder Permission
+ZBV/LDAP-Gruppe,Grafana-Team-Name,Grafana-Team-ID,Grafana-Folder-Name,Grafana-Folder-UUID,Grafana-Folder-Permissions
+mathematicians,mathematicians,0,Math,math_folder,Admin
+mathematicians,smart_people,0,Common Dashboards,all_folder,View
+scientists,scientists,0,Science,science_folder,Edit
+scientists,smart_people,0,Common Dashboards,all_folder,View
 ```
-Missing folders, teams and users will be created by the script.
-<br>
-Possible Grafana-Folder permissions are:
-- View
-- Edit 
-- Admin
+
+Using this CSV mapping will result in the following operations:
+* The Grafana teams `mathematicians`, `smart_people` and `scientists` will be created.
+* The Grafana folders `Math`, `Common Dashboards` and `Science` will be created.
+* All users in the `mathematicians` LDAP group will be member of the Grafana team `mathematicians` and `smart_people`.
+* All users in the `scientists` LDAP group will be member of the Grafana team `scientists`.
+* All users in the `mathematicians` LDAP group will get `Admin` access to the `Math` folder.
+* All users in the `mathematicians` LDAP group will get `View` access to the `Common Dashboards` folder.
+* All users in the `scientists` LDAP group will get `Edit` access to the `Science` folder.
+* All users in the `scientists` LDAP group will get `View` access to the `Common Dashboards` folder.
 
 #### Removing Bindings
 When a binding is removed in your .csv-file, this binding is also removed by the script. So if there is a team in your grafana instance which
 is not defined by the current binding the team will be deleted. This also applies to users. **This does not apply to folders! 
-Folders need to be deleted manually if not needed anymore!**
+Folders need to be deleted manually if not needed anymore!**
+
+
+## Bundle Scripts
+
+Using the Makefile, you can bundle all the scripts into a single zip-archive.
+
+```
+$ make bundle
+```

requirements.dev.txt

@@ -0,0 +1,2 @@
+mock~=4.0.2
+setuptools~=49.2.0

requirements.txt

@@ -1,6 +1,5 @@
 requests~=2.24.0
 grafana_api~=1.0.2
-ldap3~=2.7
-mock~=4.0.2
+ldap3~=2.6
 PyYAML~=5.3.1
-setuptools~=49.2.0
+pyasn1>=0.4.6

run.py

@@ -15,11 +15,11 @@ def setup_logger():
     """
     Setting up the used logger. The 'mutate' logger will print whether dry-run is used and changes are being applied.
     """
-    log_format = '%(asctime)s - %(levelname)s - %(module)7s - %(message)s'
+    log_format = '%(asctime)s - %(levelname)5s - %(module)7s - %(message)s'
     log_format_mut = log_format
 
     if args.dry_run:
-        log_format_mut = '%(asctime)s - %(levelname)s - %(module)7s - [SKIPPED] %(message)s'
+        log_format_mut = '%(asctime)s - %(levelname)5s - %(module)7s - [SKIPPED] %(message)s'
     else:
         log_format_mut = log_format
 

setup.py

@@ -2,7 +2,7 @@
 
 setup(
     name='grafana-ldap-sync-script',
-    version='0.1.0',
+    version='1.1.0',
     description='Script for syncing LDAP Users & Groups with Grafana Users & Teams',
     packages=find_packages(exclude=('tests', 'docs')),
     package_data={'grafana-ldap-syn-script': ['run.py']},
@@ -13,6 +13,7 @@
         "ldap3>=2.7",
         "mock>=4.0.2",
         "PyYAML>=5.3.1",
-        "setuptools>=9.2.0"]
+        "setuptools>=9.2.0",
+        "pyasn1>=0.4.6"]
 )