From: Ismaël Bouya <ismael.bouya@normalesup.org>
Date: Mon, 19 Mar 2018 15:21:45 +0000 (+0100)
Subject: Merge branch 'ldap_lookup' into dev
X-Git-Url: https://git.immae.eu/?a=commitdiff_plain;h=f4c9ed4c0a32082d8f7b60cee1eb33cb05c85a1c;hp=433e9279d165bf225c597834b5a7c7ae64c11a27;p=perso%2FImmae%2FProjets%2FPuppet.git

Merge branch 'ldap_lookup' into dev
---

diff --git a/environments/global/common.yaml b/environments/global/common.yaml
index 4536b83..5911194 100644
--- a/environments/global/common.yaml
+++ b/environments/global/common.yaml
@@ -27,15 +27,8 @@ base_installation::puppet_pass_seed: "/etc/puppetlabs/puppet/password_seed"
 base_installation::puppet_ssl_path: "/etc/puppetlabs/ssl"
 base_installation::system_locales: ["fr_FR.UTF-8", "en_US.UTF-8"]
 base_installation::system_timezone: "Europe/Paris"
-base_installation::system_users:
-  - userid: 1000
-    username: "immae"
-    groups: ["wheel"]
-    keys:
-      - host: "immae.eu"
-        key: "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v"
-        key_type: "ssh-rsa"
-profile::xmr_stak::mining_pool: "pool.minexmr.com:7777"
-profile::xmr_stak::wallet: "44CA8TxTFYbQqN2kLyk8AnB6Ghz4mcbGpYC2EyXW7A8H9QspvWnTjDn39XUZDPrFwPa5JNwt4TmAxcooPWv4SaJqL87Bcdo"
-letsencrypt::email: "sites+letsencrypt@mail.immae.eu"
+base_installation::system_users: [] # Fetched via ldap
+profile::xmr_stak::mining_pool: "" # Fetched via ldap
+profile::xmr_stak::wallet: "" # Fetched via ldap
+letsencrypt::email: ~ # Fetched via ldap
 letsencrypt::try_for_real_hostname: true
diff --git a/environments/hiera.yaml b/environments/hiera.yaml
index 5a9a6d6..eda5eb3 100644
--- a/environments/hiera.yaml
+++ b/environments/hiera.yaml
@@ -9,6 +9,9 @@ hierarchy:
   - name: "Initialization variables"
     path: "/root/puppet_variables.json"
 
+  - name: "Puppet ldap variables"
+    data_hash: ldap_data
+
   - name: "Per-role environment data"
     mapped_paths: [ldapvar.self.vars.roles, role, "roles/%{role}.yaml"]
 
diff --git a/modules/base_installation/lib/facter/ldapvar.rb b/modules/base_installation/lib/facter/ldapvar.rb
index 3ee6623..08d58e4 100644
--- a/modules/base_installation/lib/facter/ldapvar.rb
+++ b/modules/base_installation/lib/facter/ldapvar.rb
@@ -27,16 +27,18 @@ begin
 
         connection.search(base, scope, filter) do |entry|
           data_ = entry.to_hash
-          data_['vars'] = (data_[Puppet[:ldapstackedattrs]] || [])
-            .map { |var| var.split("=", 2) }
-            .group_by { |(key, value)| key }
-            .map { |key, value| [key, value.map(&:last)] }
-            .to_h
+          if data_["objectClass"].any? { |class_| class_ == "puppetClient" }
+            data_['vars'] = (data_[Puppet[:ldapstackedattrs]] || [])
+              .map { |var| var.split("=", 2) }
+              .group_by { |(key, value)| key }
+              .map { |key, value| [key, value.map(&:last)] }
+              .to_h
 
-          data[:other] << data_
+            data[:other] << data_
 
-          if data_["cn"].any? { |cn| cn == host }
-            data[:self] = data_
+            if data_["cn"].any? { |cn| cn == host }
+              data[:self] = data_
+            end
           end
         end
 
diff --git a/modules/base_installation/lib/puppet/functions/ldap_data.rb b/modules/base_installation/lib/puppet/functions/ldap_data.rb
new file mode 100644
index 0000000..ff8d779
--- /dev/null
+++ b/modules/base_installation/lib/puppet/functions/ldap_data.rb
@@ -0,0 +1,46 @@
+require 'json'
+
+Puppet::Functions.create_function(:ldap_data) do
+  dispatch :ldap_data do
+    param 'Hash', :options
+    param 'Puppet::LookupContext', :context
+  end
+
+  def ldap_data(options, context)
+    begin
+      require 'ldap'
+      require 'puppet/util/ldap/connection'
+    rescue
+      context.not_found
+      return
+    end
+
+    if !context.cache_has_key("ldap_lookup")
+      begin
+        conn = Puppet::Util::Ldap::Connection.instance
+        conn.start
+        connection = conn.connection
+      rescue ::LDAP::ResultError => e
+        raise Puppet::ParseError, ("ldapquery(): LDAP ResultError - #{e.message}")
+      end
+
+      host = Facter.value('ec2_metadata')["hostname"]
+      base = Puppet[:ldapbase]
+      scope  = ::LDAP::LDAP_SCOPE_SUBTREE
+      filter = "(objectclass=*)"
+
+      data = {}
+      connection.search(base, scope, filter) do |entry|
+        data_ = entry.to_hash
+        jsons = data_["immaePuppetJson"] || []
+        jsons.each do |json|
+          data.merge!(JSON.parse(json))
+        end
+      end
+
+      context.cache("ldap_lookup", data)
+    end
+
+    context.cached_value("ldap_lookup")
+  end
+end