From 617ed2a7c270241c02a2790984970f7e57e47722 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Wed, 9 Dec 2020 14:06:54 -0500
Subject: [PATCH] add a place to place files referenced in the config
 https://github.com/Security-Onion-Solutions/securityonion/issues/1175

---
 salt/grafana/defaults.yaml | 20 +++++++++++++++++++-
 salt/grafana/init.sls      | 12 +++++++++++-
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml
index 0fde48a24..ebdd6cb67 100644
--- a/salt/grafana/defaults.yaml
+++ b/salt/grafana/defaults.yaml
@@ -5,4 +5,22 @@ grafana:
     auth.anonymous:
       enabled: true
       org_name: Main Org.
-      org_role: Viewer
\ No newline at end of file
+      org_role: Viewer
+    smtp:
+      enabled: false
+      host: localhost:25
+      user: myuser
+      # If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;"""
+      password: mypassword
+      cert_file: /etc/grafana/config/files/smtp_cert_file.crt
+      key_file: /etc/grafana/config/files/smtp_key_file.key
+      skip_verify: false
+      from_address: admin@grafana.localhost
+      from_name: Grafana
+      ehlo_identity: dashboard.example.com
+#    auth.ldap:
+#      enabled: false
+#      config_file: /etc/grafana/config/files/ldap.toml
+#      allow_sign_up: true
+#    enterprise:
+#      license_path: /opt/so/conf/grafana/etc/files/license.jwt
\ No newline at end of file
diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls
index fd07fdaf1..ec4e02e7e 100644
--- a/salt/grafana/init.sls
+++ b/salt/grafana/init.sls
@@ -10,7 +10,7 @@
 {% set ADMINPASS = salt['pillar.get']('secrets:grafana_admin') %}
 
 {% import_yaml 'grafana/defaults.yaml' as default_settings %}
-{% set GRAFANA_SETTINGS = salt['pillar.get']('grafana', default=default_settings, merge=True) %}
+{% set GRAFANA_SETTINGS = salt['grains.filter_by'](default_settings, default='grafana', merge=salt['pillar.get']('grafana', {})) %}
 
 
 {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %}
@@ -104,6 +104,15 @@ grafana-config:
     - source: salt://grafana/etc/grafana.ini.jinja
     - context:
         config: {{ GRAFANA_SETTINGS.config|json }}
+
+# these are the files that are referenced inside the config such as smtp:cert_file, smtp:cert_key, auth.ldap:config_file, enterprise:license_path
+grafana-config-files:
+  file.recurse:
+    - name: /opt/so/conf/grafana/etc/files
+    - user: 939
+    - group: 939
+    - source: salt://grafana/etc/files
+    - makedirs: True
     
 
 {% if salt['pillar.get']('managertab', False) %}
@@ -252,6 +261,7 @@ so-grafana:
       - /opt/so/conf/grafana/etc/datasources:/etc/grafana/provisioning/datasources:rw
       - /opt/so/conf/grafana/etc/dashboards:/etc/grafana/provisioning/dashboards:rw
       - /opt/so/conf/grafana/grafana_dashboards:/etc/grafana/grafana_dashboards:rw
+      - /opt/so/conf/grafana/etc/files:/etc/grafana/config/files:ro
     - environment:
       - GF_SECURITY_ADMIN_PASSWORD={{ ADMINPASS }}
     - port_bindings: