RubyGems - hiera-ldapprovider - Versions diffs - 1.0.1 - Mend

hiera-ldapprovider 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +7 -0
data/.gitignore +1 -0
data/LICENSE +15 -0
data/README.md +88 -0
data/Rakefile +2 -0
data/hiera-ldap.gemspec +22 -0
data/lib/hiera/backend/ldap.rb +7 -0
data/lib/hiera/backend/ldap_backend.rb +129 -0
metadata +79 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: e5d271b46f30bae9ed197672dbc51020b1a49621
+  data.tar.gz: ad294bda6f73cd555202dd5197e461353aa354a4
+SHA512:
+  metadata.gz: 0925bfc814d814b0d565c52e42838d5f92adbf5674bf4932b5cbf87bb9b3159467e050cf7b71e6e4d76b3b20c56f19620b89d67e0fc1f2ef7e6c19222c0fbd50
+  data.tar.gz: b923cfa345c33756b4e72f8d89784cb0c555e9fce767ba7d4af34421f3c4a2bd470b5b82a4dcd07eefeee80541ad25392e1c72008b05cf3b7f8570653e3c6dce

data/.gitignore ADDED Viewed

	@@ -0,0 +1 @@
1	+ *.gem

data/LICENSE ADDED Viewed

@@ -0,0 +1,15 @@
+Copyright (C) 2012 Computer Action Team
+The Computer Action Team can be contacted at: support@cat.pdx.edu
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/README.md ADDED Viewed

@@ -0,0 +1,88 @@
+# hiera-ldap backend
+This module allows hiera to look up entries in LDAP. It will return an array of every matching entry, with that entry represented as a hash of attribute => value. For multivalued attributes, they exist as multiattribute => [attrib1, attrib2, attrib3].
+# Installation
+This module can be placed in your puppet module path and will be pluginsync'd to the master.
+# Use
+## Ldap example:
+    dn: uid=nibz,ou=People,dc=catnip
+    loginShell: /usr/bin/zsh
+    objectClass: top
+    objectClass: account
+    objectClass: posixAccount
+    objectClass: shadowAccount
+    objectClass: person
+    objectClass: organizationalPerson
+    objectClass: inetOrgPerson
+    objectClass: podPerson
+    uid: nibz
+    uidNumber: 1861
+    gidNumber: 300
+    homeDirectory: /u/nibz
+    gecos: Spencer O Krum
+    cn: Spencer O Krum
+    sn: Krum
+    givenName: Spencer
+    mail: nibz@cecs.pdx.edu
+## Configuration example
+<pre>
+:ldap:
+  :base: ou=People,dc=cat,dc=pdx,dc=edu
+  :host: ldap.cat.pdx.edu
+  :port: 636
+  :encryption: :simple_tls
+  :auth:
+    :method: :simple
+    :username: uid=network,ou=Netgroup,dc=cat,dc=pdx,dc=edu
+    :password: PASSWORD
+</pre>
+## Puppet example
+    # get info from ldap and put into a hash
+    $rooter_info = hiera("uid=${username}")
+    if $rooter_info == undef {
+      fail ("Hiera/LDAP look up on ${username} failed. Aborting.")
+    }
+    # use the hashdata to fill out user paramaters
+    # as of now, the ldap/hiera backend downcases ldap attributes
+    user { $username:
+      ensure     => present,
+      gid        => 'root',
+      uid        => $rooter_info['uidnumber'],
+      home       => $rooter_info['homedirectory'],
+      managehome => true,
+      shell      => $rooter_info['loginshell'],
+      comment    => $rooter_info['gecos'],
+    }
+# Details
+- It wraps the pramaters to Net::LDAP.new so anything you can do there you can do here
+# Advanced
+The key being looked up is actually processsed just like rfc4515 so you can use advanced ldap searches:
+    hiera('(|(uid=nibz)(uidNumber=1861))')
+# Authors
+  - Hunter Haugen    http://github.com/hunner
+  - Spencer Krum     http://github.com/nibalizer
+  - Sage Imel        http://github.com/nightfly
+  - Fabio Rauber     http://github.com/fabiorauber

data/Rakefile ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ require 'bundler/gem_tasks'
2	+

data/hiera-ldap.gemspec ADDED Viewed

@@ -0,0 +1,22 @@
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'hiera/backend/ldap_backend'
+Gem::Specification.new do |gem|
+  gem.name          = "hiera-ldapprovider"
+  gem.version       = Hiera::Backend::LDAP::VERSION
+  gem.description   = "Hiera backend for ldap properties"
+  gem.summary       = "LDAP Backend for Hiera"
+  gem.author        = "Florian Kasper"
+  gem.license       = "MIT"
+  gem.email         = "florian.kasper@corscience.de"
+  gem.homepage      = "http://github.com/Corscience/hiera-ldap"
+  gem.files         = `git ls-files`.split($/).reject { |file| file =~ /^features.*$/ }
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+  gem.add_runtime_dependency('ruby-ldap', '~> 0.9')
+  gem.add_runtime_dependency('net-ldap', '~> 0.6')
+end

data/lib/hiera/backend/ldap.rb ADDED Viewed

@@ -0,0 +1,7 @@
+class Hiera
+  module Backend
+    module LDAP
+      VERSION="1.0.1"
+    end
+  end
+end

data/lib/hiera/backend/ldap_backend.rb ADDED Viewed

@@ -0,0 +1,129 @@
+require 'rubygems'
+require 'net/ldap'
+require 'hiera/backend/ldap'
+# Monkey patch Net::LDAP::Connection to ensure SSL certs aren't verified
+class Net::LDAP::Connection
+  def self.wrap_with_ssl(io)
+    raise Net::LDAP::LdapError, "OpenSSL is unavailable" unless Net::LDAP::HasOpenSSL
+    ctx = OpenSSL::SSL::SSLContext.new
+    ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
+    conn = OpenSSL::SSL::SSLSocket.new(io, ctx)
+    conn.connect
+    conn.sync_close = true
+    conn.extend(GetbyteForSSLSocket) unless conn.respond_to?(:getbyte)
+    conn
+  end
+end
+class String
+  def valid_json?
+    require 'json'
+    JSON.parse(self)
+    true
+  rescue JSON::ParserError
+    false
+  end
+  def valid_yaml?
+    YAML.load(self)
+    true
+  rescue Psych::SyntaxError
+    false
+  rescue Exception
+    false
+  end
+end
+class Hiera
+  module Backend
+    class Ldap_backend
+      def initialize
+        @attr = get_config_value(:attribute, "cn")
+        Hiera.debug("Hiera LDAP backend starting")
+        @connection = Net::LDAP.new(
+          :host       => conf[:host],
+          :port       => get_config_value(:port, "389"),
+          :auth       => conf[:auth],
+          :base       => conf[:base],
+          :encryption => conf[:encryption])
+      end
+      def conf
+        @conf ||= Config[:ldap]
+      end
+      def get_config_value(label, default)
+        if conf && conf.include?(label)
+          return conf[label]
+        end
+        default
+      end
+      def lookup(key, scope, order_override, resolution_type)
+        answer = nil
+        Hiera.debug("Looking up #{key} in LDAP backend")
+        Backend.datasources(scope, order_override) do |source|
+          Hiera.debug("Looking for data source #{source}")
+          base = @conf[:base]
+          Hiera.debug("Searching on base: #{base}")
+          filter = Net::LDAP::Filter.eq(@attr, source)
+          Hiera.debug("Searching with filter: %s" % filter.to_s)
+          searchresult = @connection.search(:filter => filter, :return_result => true)
+          result = []
+          alt_key = key.downcase.to_sym
+          begin
+            searchresult.each do |entry|
+              if entry.attribute_names.include?(alt_key)
+                result += entry.send(key.to_sym)
+              else
+                Hiera.warn("Tried to access non-existing attribute: %s" % key)
+                Hiera.warn("Attributes: %s" % entry.attribute_names.inspect)
+              end
+            end
+          rescue Exception => e
+            return nil
+          end
+          case resolution_type
+          when :array
+            raise Exception, "Hiera type missmatch: Exptected Array got #{result.class}" unless result.kind_of? Array
+            answer ||= []
+            answer << result
+            answer.flatten!
+          when :hash
+            answer ||= {}
+            result.each do |res|
+              res = res.to_s
+              if res.valid_json?
+                res = JSON.parse(res)
+              elsif res.valid_yaml?
+                res = YAML.load(res)
+              end
+              answer = Backend.merge_answer(res,answer)
+            end
+          else
+            if result.length == 1
+              answer ||= result.first.to_s
+            else
+              answer = result
+            end
+            break
+          end
+          Hiera.debug("Answer: #{answer}")
+        end
+        return answer
+      end
+    end
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,79 @@
+--- !ruby/object:Gem::Specification
+name: hiera-ldapprovider
+version: !ruby/object:Gem::Version
+  version: 1.0.1
+platform: ruby
+authors:
+- Florian Kasper
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2014-05-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: ruby-ldap
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: net-ldap
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+description: Hiera backend for ldap properties
+email: florian.kasper@corscience.de
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- LICENSE
+- README.md
+- Rakefile
+- hiera-ldap.gemspec
+- lib/hiera/backend/ldap.rb
+- lib/hiera/backend/ldap_backend.rb
+homepage: http://github.com/Corscience/hiera-ldap
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.2.2
+signing_key:
+specification_version: 4
+summary: LDAP Backend for Hiera
+test_files: []
+has_rdoc: