hiera-ldapprovider 1.0.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: e5d271b46f30bae9ed197672dbc51020b1a49621
4
+ data.tar.gz: ad294bda6f73cd555202dd5197e461353aa354a4
5
+ SHA512:
6
+ metadata.gz: 0925bfc814d814b0d565c52e42838d5f92adbf5674bf4932b5cbf87bb9b3159467e050cf7b71e6e4d76b3b20c56f19620b89d67e0fc1f2ef7e6c19222c0fbd50
7
+ data.tar.gz: b923cfa345c33756b4e72f8d89784cb0c555e9fce767ba7d4af34421f3c4a2bd470b5b82a4dcd07eefeee80541ad25392e1c72008b05cf3b7f8570653e3c6dce
data/.gitignore ADDED
@@ -0,0 +1 @@
1
+ *.gem
data/LICENSE ADDED
@@ -0,0 +1,15 @@
1
+ Copyright (C) 2012 Computer Action Team
2
+
3
+ The Computer Action Team can be contacted at: support@cat.pdx.edu
4
+
5
+ Licensed under the Apache License, Version 2.0 (the "License");
6
+ you may not use this file except in compliance with the License.
7
+ You may obtain a copy of the License at
8
+
9
+ http://www.apache.org/licenses/LICENSE-2.0
10
+
11
+ Unless required by applicable law or agreed to in writing, software
12
+ distributed under the License is distributed on an "AS IS" BASIS,
13
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ See the License for the specific language governing permissions and
15
+ limitations under the License.
data/README.md ADDED
@@ -0,0 +1,88 @@
1
+ # hiera-ldap backend
2
+
3
+ This module allows hiera to look up entries in LDAP. It will return an array of every matching entry, with that entry represented as a hash of attribute => value. For multivalued attributes, they exist as multiattribute => [attrib1, attrib2, attrib3].
4
+
5
+ # Installation
6
+
7
+ This module can be placed in your puppet module path and will be pluginsync'd to the master.
8
+
9
+ # Use
10
+
11
+ ## Ldap example:
12
+
13
+ dn: uid=nibz,ou=People,dc=catnip
14
+ loginShell: /usr/bin/zsh
15
+ objectClass: top
16
+ objectClass: account
17
+ objectClass: posixAccount
18
+ objectClass: shadowAccount
19
+ objectClass: person
20
+ objectClass: organizationalPerson
21
+ objectClass: inetOrgPerson
22
+ objectClass: podPerson
23
+ uid: nibz
24
+ uidNumber: 1861
25
+ gidNumber: 300
26
+ homeDirectory: /u/nibz
27
+ gecos: Spencer O Krum
28
+ cn: Spencer O Krum
29
+ sn: Krum
30
+ givenName: Spencer
31
+ mail: nibz@cecs.pdx.edu
32
+
33
+
34
+ ## Configuration example
35
+ <pre>
36
+
37
+ :ldap:
38
+ :base: ou=People,dc=cat,dc=pdx,dc=edu
39
+ :host: ldap.cat.pdx.edu
40
+ :port: 636
41
+ :encryption: :simple_tls
42
+ :auth:
43
+ :method: :simple
44
+ :username: uid=network,ou=Netgroup,dc=cat,dc=pdx,dc=edu
45
+ :password: PASSWORD
46
+
47
+ </pre>
48
+
49
+ ## Puppet example
50
+
51
+
52
+ # get info from ldap and put into a hash
53
+
54
+ $rooter_info = hiera("uid=${username}")
55
+ if $rooter_info == undef {
56
+ fail ("Hiera/LDAP look up on ${username} failed. Aborting.")
57
+ }
58
+
59
+ # use the hashdata to fill out user paramaters
60
+ # as of now, the ldap/hiera backend downcases ldap attributes
61
+
62
+ user { $username:
63
+ ensure => present,
64
+ gid => 'root',
65
+ uid => $rooter_info['uidnumber'],
66
+ home => $rooter_info['homedirectory'],
67
+ managehome => true,
68
+ shell => $rooter_info['loginshell'],
69
+ comment => $rooter_info['gecos'],
70
+ }
71
+
72
+ # Details
73
+
74
+ - It wraps the pramaters to Net::LDAP.new so anything you can do there you can do here
75
+
76
+
77
+ # Advanced
78
+
79
+ The key being looked up is actually processsed just like rfc4515 so you can use advanced ldap searches:
80
+
81
+ hiera('(|(uid=nibz)(uidNumber=1861))')
82
+
83
+ # Authors
84
+
85
+ - Hunter Haugen http://github.com/hunner
86
+ - Spencer Krum http://github.com/nibalizer
87
+ - Sage Imel http://github.com/nightfly
88
+ - Fabio Rauber http://github.com/fabiorauber
data/Rakefile ADDED
@@ -0,0 +1,2 @@
1
+ require 'bundler/gem_tasks'
2
+
@@ -0,0 +1,22 @@
1
+ lib = File.expand_path('../lib', __FILE__)
2
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
3
+ require 'hiera/backend/ldap_backend'
4
+
5
+ Gem::Specification.new do |gem|
6
+ gem.name = "hiera-ldapprovider"
7
+ gem.version = Hiera::Backend::LDAP::VERSION
8
+ gem.description = "Hiera backend for ldap properties"
9
+ gem.summary = "LDAP Backend for Hiera"
10
+ gem.author = "Florian Kasper"
11
+ gem.license = "MIT"
12
+ gem.email = "florian.kasper@corscience.de"
13
+
14
+ gem.homepage = "http://github.com/Corscience/hiera-ldap"
15
+ gem.files = `git ls-files`.split($/).reject { |file| file =~ /^features.*$/ }
16
+ gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
17
+ gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
18
+ gem.require_paths = ["lib"]
19
+
20
+ gem.add_runtime_dependency('ruby-ldap', '~> 0.9')
21
+ gem.add_runtime_dependency('net-ldap', '~> 0.6')
22
+ end
@@ -0,0 +1,7 @@
1
+ class Hiera
2
+ module Backend
3
+ module LDAP
4
+ VERSION="1.0.1"
5
+ end
6
+ end
7
+ end
@@ -0,0 +1,129 @@
1
+ require 'rubygems'
2
+ require 'net/ldap'
3
+ require 'hiera/backend/ldap'
4
+
5
+ # Monkey patch Net::LDAP::Connection to ensure SSL certs aren't verified
6
+ class Net::LDAP::Connection
7
+ def self.wrap_with_ssl(io)
8
+ raise Net::LDAP::LdapError, "OpenSSL is unavailable" unless Net::LDAP::HasOpenSSL
9
+ ctx = OpenSSL::SSL::SSLContext.new
10
+ ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
11
+ conn = OpenSSL::SSL::SSLSocket.new(io, ctx)
12
+ conn.connect
13
+ conn.sync_close = true
14
+
15
+ conn.extend(GetbyteForSSLSocket) unless conn.respond_to?(:getbyte)
16
+
17
+ conn
18
+ end
19
+ end
20
+
21
+ class String
22
+ def valid_json?
23
+ require 'json'
24
+ JSON.parse(self)
25
+ true
26
+ rescue JSON::ParserError
27
+ false
28
+ end
29
+
30
+ def valid_yaml?
31
+ YAML.load(self)
32
+ true
33
+ rescue Psych::SyntaxError
34
+ false
35
+ rescue Exception
36
+ false
37
+ end
38
+
39
+ end
40
+ class Hiera
41
+ module Backend
42
+ class Ldap_backend
43
+ def initialize
44
+ @attr = get_config_value(:attribute, "cn")
45
+
46
+ Hiera.debug("Hiera LDAP backend starting")
47
+
48
+ @connection = Net::LDAP.new(
49
+ :host => conf[:host],
50
+ :port => get_config_value(:port, "389"),
51
+ :auth => conf[:auth],
52
+ :base => conf[:base],
53
+ :encryption => conf[:encryption])
54
+ end
55
+
56
+ def conf
57
+ @conf ||= Config[:ldap]
58
+ end
59
+
60
+ def get_config_value(label, default)
61
+ if conf && conf.include?(label)
62
+ return conf[label]
63
+ end
64
+ default
65
+ end
66
+
67
+ def lookup(key, scope, order_override, resolution_type)
68
+ answer = nil
69
+
70
+ Hiera.debug("Looking up #{key} in LDAP backend")
71
+
72
+ Backend.datasources(scope, order_override) do |source|
73
+ Hiera.debug("Looking for data source #{source}")
74
+ base = @conf[:base]
75
+
76
+ Hiera.debug("Searching on base: #{base}")
77
+
78
+
79
+ filter = Net::LDAP::Filter.eq(@attr, source)
80
+ Hiera.debug("Searching with filter: %s" % filter.to_s)
81
+ searchresult = @connection.search(:filter => filter, :return_result => true)
82
+ result = []
83
+ alt_key = key.downcase.to_sym
84
+
85
+ begin
86
+ searchresult.each do |entry|
87
+ if entry.attribute_names.include?(alt_key)
88
+ result += entry.send(key.to_sym)
89
+ else
90
+ Hiera.warn("Tried to access non-existing attribute: %s" % key)
91
+ Hiera.warn("Attributes: %s" % entry.attribute_names.inspect)
92
+ end
93
+ end
94
+ rescue Exception => e
95
+ return nil
96
+ end
97
+ case resolution_type
98
+ when :array
99
+ raise Exception, "Hiera type missmatch: Exptected Array got #{result.class}" unless result.kind_of? Array
100
+ answer ||= []
101
+ answer << result
102
+ answer.flatten!
103
+ when :hash
104
+ answer ||= {}
105
+ result.each do |res|
106
+ res = res.to_s
107
+ if res.valid_json?
108
+ res = JSON.parse(res)
109
+ elsif res.valid_yaml?
110
+ res = YAML.load(res)
111
+ end
112
+ answer = Backend.merge_answer(res,answer)
113
+ end
114
+ else
115
+ if result.length == 1
116
+ answer ||= result.first.to_s
117
+ else
118
+ answer = result
119
+ end
120
+ break
121
+ end
122
+ Hiera.debug("Answer: #{answer}")
123
+
124
+ end
125
+ return answer
126
+ end
127
+ end
128
+ end
129
+ end
metadata ADDED
@@ -0,0 +1,79 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: hiera-ldapprovider
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Florian Kasper
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2014-05-27 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: ruby-ldap
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '0.9'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '0.9'
27
+ - !ruby/object:Gem::Dependency
28
+ name: net-ldap
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '0.6'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '0.6'
41
+ description: Hiera backend for ldap properties
42
+ email: florian.kasper@corscience.de
43
+ executables: []
44
+ extensions: []
45
+ extra_rdoc_files: []
46
+ files:
47
+ - ".gitignore"
48
+ - LICENSE
49
+ - README.md
50
+ - Rakefile
51
+ - hiera-ldap.gemspec
52
+ - lib/hiera/backend/ldap.rb
53
+ - lib/hiera/backend/ldap_backend.rb
54
+ homepage: http://github.com/Corscience/hiera-ldap
55
+ licenses:
56
+ - MIT
57
+ metadata: {}
58
+ post_install_message:
59
+ rdoc_options: []
60
+ require_paths:
61
+ - lib
62
+ required_ruby_version: !ruby/object:Gem::Requirement
63
+ requirements:
64
+ - - ">="
65
+ - !ruby/object:Gem::Version
66
+ version: '0'
67
+ required_rubygems_version: !ruby/object:Gem::Requirement
68
+ requirements:
69
+ - - ">="
70
+ - !ruby/object:Gem::Version
71
+ version: '0'
72
+ requirements: []
73
+ rubyforge_project:
74
+ rubygems_version: 2.2.2
75
+ signing_key:
76
+ specification_version: 4
77
+ summary: LDAP Backend for Hiera
78
+ test_files: []
79
+ has_rdoc: