From 7c654031f0f29d196f0f262f86a6721c8ad974fd Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Wed, 10 Aug 2022 21:24:29 -0500
Subject: [PATCH] r/grafana: Allow configuring LDAP CA cert

The `grafana_ldap_root_ca_cert` can be used to set the path to the root
CA certificate (bundle) Grafana uses to validate the certificate
presented by the configured LDAP server.  By default, Grafana uses the
system root CA trust store, but this variable can be used in situations
where this is not suitable.
---
 roles/grafana/templates/ldap.toml.j2 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/grafana/templates/ldap.toml.j2 b/roles/grafana/templates/ldap.toml.j2
index b1c3fa3..5ce84f8 100644
--- a/roles/grafana/templates/ldap.toml.j2
+++ b/roles/grafana/templates/ldap.toml.j2
@@ -14,7 +14,11 @@ start_tls = {{ grafana_ldap_start_tls|bool|string|lower }}
 # set to true if you want to skip ssl cert validation
 ssl_skip_verify = false
 # set to the path to your root CA certificate or leave unset to use system defaults
+{% if grafana_ldap_root_ca_cert|d %}
+root_ca_cert = "{{ grafana_ldap_root_ca_cert }}"
+{% else %}
 # root_ca_cert = "/path/to/certificate.crt"
+{% endif %}
 # Authentication against LDAP servers requiring client certificates
 # client_cert = "/path/to/client.crt"
 # client_key = "/path/to/client.key"