RubyGems - hiera-ldapprovider - Versions diffs - 1.0.1 - Mend

hiera-ldapprovider 1.0.1

Files changed (9) hide show

checksums.yaml +7 -0
data/.gitignore +1 -0
data/LICENSE +15 -0
data/README.md +88 -0
data/Rakefile +2 -0
data/hiera-ldap.gemspec +22 -0
data/lib/hiera/backend/ldap.rb +7 -0
data/lib/hiera/backend/ldap_backend.rb +129 -0
metadata +79 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: e5d271b46f30bae9ed197672dbc51020b1a49621
+  data.tar.gz: ad294bda6f73cd555202dd5197e461353aa354a4
+SHA512:
+  metadata.gz: 0925bfc814d814b0d565c52e42838d5f92adbf5674bf4932b5cbf87bb9b3159467e050cf7b71e6e4d76b3b20c56f19620b89d67e0fc1f2ef7e6c19222c0fbd50
+  data.tar.gz: b923cfa345c33756b4e72f8d89784cb0c555e9fce767ba7d4af34421f3c4a2bd470b5b82a4dcd07eefeee80541ad25392e1c72008b05cf3b7f8570653e3c6dce

data/.gitignore ADDED Viewed

	@@ -0,0 +1 @@
1	+ *.gem

data/LICENSE ADDED Viewed

@@ -0,0 +1,15 @@
+Copyright (C) 2012 Computer Action Team
+The Computer Action Team can be contacted at: support@cat.pdx.edu
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/README.md ADDED Viewed

@@ -0,0 +1,88 @@
+# hiera-ldap backend
+This module allows hiera to look up entries in LDAP. It will return an array of every matching entry, with that entry represented as a hash of attribute => value. For multivalued attributes, they exist as multiattribute => [attrib1, attrib2, attrib3].
+# Installation
+This module can be placed in your puppet module path and will be pluginsync'd to the master.
+# Use
+## Ldap example:
+    dn: uid=nibz,ou=People,dc=catnip
+    loginShell: /usr/bin/zsh
+    objectClass: top
+    objectClass: account
+    objectClass: posixAccount
+    objectClass: shadowAccount
+    objectClass: person
+    objectClass: organizationalPerson
+    objectClass: inetOrgPerson
+    objectClass: podPerson
+    uid: nibz
+    uidNumber: 1861
+    gidNumber: 300
+    homeDirectory: /u/nibz
+    gecos: Spencer O Krum
+    cn: Spencer O Krum
+    sn: Krum
+    givenName: Spencer
+    mail: nibz@cecs.pdx.edu
+## Configuration example
+<pre>
+:ldap:
+  :base: ou=People,dc=cat,dc=pdx,dc=edu
+  :host: ldap.cat.pdx.edu
+  :port: 636
+  :encryption: :simple_tls
+  :auth:
+    :method: :simple
+    :username: uid=network,ou=Netgroup,dc=cat,dc=pdx,dc=edu
+    :password: PASSWORD
+</pre>
+## Puppet example
+    # get info from ldap and put into a hash
+    $rooter_info = hiera("uid=${username}")
+    if $rooter_info == undef {
+      fail ("Hiera/LDAP look up on ${username} failed. Aborting.")
+    }
+    # use the hashdata to fill out user paramaters
+    # as of now, the ldap/hiera backend downcases ldap attributes
+    user { $username:
+      ensure     => present,
+      gid        => 'root',
+      uid        => $rooter_info['uidnumber'],
+      home       => $rooter_info['homedirectory'],
+      managehome => true,
+      shell      => $rooter_info['loginshell'],
+      comment    => $rooter_info['gecos'],
+    }
+# Details
+- It wraps the pramaters to Net::LDAP.new so anything you can do there you can do here
+# Advanced
+The key being looked up is actually processsed just like rfc4515 so you can use advanced ldap searches:
+    hiera('(|(uid=nibz)(uidNumber=1861))')
+# Authors
+  - Hunter Haugen    http://github.com/hunner
+  - Spencer Krum     http://github.com/nibalizer
+  - Sage Imel        http://github.com/nightfly
+  - Fabio Rauber     http://github.com/fabiorauber

data/Rakefile ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ require 'bundler/gem_tasks'
2	+

data/hiera-ldap.gemspec ADDED Viewed

@@ -0,0 +1,22 @@
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'hiera/backend/ldap_backend'
+Gem::Specification.new do |gem|
+  gem.name          = "hiera-ldapprovider"
+  gem.version       = Hiera::Backend::LDAP::VERSION
+  gem.description   = "Hiera backend for ldap properties"
+  gem.summary       = "LDAP Backend for Hiera"
+  gem.author        = "Florian Kasper"
+  gem.license       = "MIT"
+  gem.email         = "florian.kasper@corscience.de"
+  gem.homepage      = "http://github.com/Corscience/hiera-ldap"
+  gem.files         = `git ls-files`.split($/).reject { |file| file =~ /^features.*$/ }
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+  gem.add_runtime_dependency('ruby-ldap', '~> 0.9')
+  gem.add_runtime_dependency('net-ldap', '~> 0.6')
+end

data/lib/hiera/backend/ldap.rb ADDED Viewed

@@ -0,0 +1,7 @@
+class Hiera
+  module Backend
+    module LDAP
+      VERSION="1.0.1"
+    end
+  end
+end

data/lib/hiera/backend/ldap_backend.rb ADDED Viewed

@@ -0,0 +1,129 @@
+require 'rubygems'
+require 'net/ldap'
+require 'hiera/backend/ldap'
+# Monkey patch Net::LDAP::Connection to ensure SSL certs aren't verified
+class Net::LDAP::Connection
+  def self.wrap_with_ssl(io)
+    raise Net::LDAP::LdapError, "OpenSSL is unavailable" unless Net::LDAP::HasOpenSSL
+    ctx = OpenSSL::SSL::SSLContext.new
+    ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
+    conn = OpenSSL::SSL::SSLSocket.new(io, ctx)
+    conn.connect
+    conn.sync_close = true
+    conn.extend(GetbyteForSSLSocket) unless conn.respond_to?(:getbyte)
+    conn
+  end
+end
+class String
+  def valid_json?
+    require 'json'
+    JSON.parse(self)
+    true
+  rescue JSON::ParserError
+    false
+  end
+  def valid_yaml?
+    YAML.load(self)
+    true
+  rescue Psych::SyntaxError
+    false
+  rescue Exception
+    false
+  end
+end
+class Hiera
+  module Backend
+    class Ldap_backend
+      def initialize
+        @attr = get_config_value(:attribute, "cn")
+        Hiera.debug("Hiera LDAP backend starting")
+        @connection = Net::LDAP.new(
+          :host       => conf[:host],
+          :port       => get_config_value(:port, "389"),
+          :auth       => conf[:auth],
+          :base       => conf[:base],
+          :encryption => conf[:encryption])
+      end
+      def conf
+        @conf ||= Config[:ldap]
+      end
+      def get_config_value(label, default)
+        if conf && conf.include?(label)
+          return conf[label]
+        end
+        default
+      end
+      def lookup(key, scope, order_override, resolution_type)
+        answer = nil
+        Hiera.debug("Looking up #{key} in LDAP backend")
+        Backend.datasources(scope, order_override) do |source|
+          Hiera.debug("Looking for data source #{source}")
+          base = @conf[:base]
+          Hiera.debug("Searching on base: #{base}")
+          filter = Net::LDAP::Filter.eq(@attr, source)
+          Hiera.debug("Searching with filter: %s" % filter.to_s)
+          searchresult = @connection.search(:filter => filter, :return_result => true)
+          result = []
+          alt_key = key.downcase.to_sym
+          begin
+            searchresult.each do |entry|
+              if entry.attribute_names.include?(alt_key)
+                result += entry.send(key.to_sym)
+              else
+                Hiera.warn("Tried to access non-existing attribute: %s" % key)
+                Hiera.warn("Attributes: %s" % entry.attribute_names.inspect)
+              end
+            end
+          rescue Exception => e
+            return nil
+          end
+          case resolution_type
+          when :array
+            raise Exception, "Hiera type missmatch: Exptected Array got #{result.class}" unless result.kind_of? Array
+            answer ||= []
+            answer << result
+            answer.flatten!
+          when :hash
+            answer ||= {}
+            result.each do |res|
+              res = res.to_s
+              if res.valid_json?
+                res = JSON.parse(res)
+              elsif res.valid_yaml?
+                res = YAML.load(res)
+              end
+              answer = Backend.merge_answer(res,answer)
+            end
+          else
+            if result.length == 1
+              answer ||= result.first.to_s
+            else
+              answer = result
+            end
+            break
+          end
+          Hiera.debug("Answer: #{answer}")
+        end
+        return answer
+      end
+    end
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,79 @@
+--- !ruby/object:Gem::Specification
+name: hiera-ldapprovider
+version: !ruby/object:Gem::Version
+  version: 1.0.1
+platform: ruby
+authors:
+- Florian Kasper
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2014-05-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: ruby-ldap
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: net-ldap
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+description: Hiera backend for ldap properties
+email: florian.kasper@corscience.de
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- LICENSE
+- README.md
+- Rakefile
+- hiera-ldap.gemspec
+- lib/hiera/backend/ldap.rb
+- lib/hiera/backend/ldap_backend.rb
+homepage: http://github.com/Corscience/hiera-ldap
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.2.2
+signing_key:
+specification_version: 4
+summary: LDAP Backend for Hiera
+test_files: []
+has_rdoc: