From ffbf6b3e87a288b5995de5b8607bd6b8b6c01c6e Mon Sep 17 00:00:00 2001 From: Neil Anderson Date: Fri, 18 Oct 2024 11:36:53 +0100 Subject: [PATCH] (PE-39397) Adding LDAP endpoint for 2023.8 As rbac-api/v1/ds has been deprecated, and remove in 2023.8, we need to utilise the new endpoint. Adding case for installs of versions 23.8 and above to use rbac-api/v1/command/ldap/create. --- REFERENCE.md | 13 +++++++++++++ plans/subplans/configure.pp | 5 +++++ tasks/pe_ldap_config.json | 4 ++++ tasks/pe_ldap_config.rb | 15 ++++++++++++--- 4 files changed, 34 insertions(+), 3 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 5f04a2a56..aef064417 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -70,6 +70,7 @@ * [`get_peadm_config`](#get_peadm_config): Run on a PE primary node to return the currently configured PEAdm parameters * [`get_psql_version`](#get_psql_version): Run on a PE PSQL node to return the major version of the PSQL server currently installed * [`infrastatus`](#infrastatus): Runs puppet infra status and returns the output +* [`ldapsettings`](#ldapsettings) * [`mkdir_p_file`](#mkdir_p_file): Create a file with the specified content at the specified location * [`mv`](#mv): Wrapper task for mv command * [`os_identification`](#os_identification): Return the operating system runnin gon the target as a string @@ -1233,6 +1234,12 @@ Data type: `Enum[json,text]` The type of output to return +### `ldapsettings` + +The ldapsettings task. + +**Supports noop?** false + ### `mkdir_p_file` Create a file with the specified content at the specified location @@ -1355,6 +1362,12 @@ Data type: `String` The PE Main server +##### `pe_version` + +Data type: `String` + +The PE version + ### `pe_uninstall` Uninstall Puppet Enterprise diff --git a/plans/subplans/configure.pp b/plans/subplans/configure.pp index 2afa00846..f2ebada6c 100644 --- a/plans/subplans/configure.pp +++ b/plans/subplans/configure.pp @@ -124,10 +124,15 @@ } if $ldap_config { + $pe_version = run_task('peadm::read_file', $primary_target, + path => '/opt/puppetlabs/server/pe_version', + )[0][content].chomp + # Run the task to configure ldap $ldap_result = run_task('peadm::pe_ldap_config', $primary_target, pe_main => $primary_target.peadm::certname(), ldap_config => $ldap_config, + pe_version => $pe_version, '_catch_errors' => true, ) diff --git a/tasks/pe_ldap_config.json b/tasks/pe_ldap_config.json index fe388dd9f..de360620a 100644 --- a/tasks/pe_ldap_config.json +++ b/tasks/pe_ldap_config.json @@ -8,6 +8,10 @@ "pe_main": { "type": "String", "description": "The PE Main server" + }, + "pe_version": { + "type": "String", + "description": "The PE version" } }, "input_method": "stdin", diff --git a/tasks/pe_ldap_config.rb b/tasks/pe_ldap_config.rb index ab00dd155..70953c487 100755 --- a/tasks/pe_ldap_config.rb +++ b/tasks/pe_ldap_config.rb @@ -12,6 +12,7 @@ def main params = JSON.parse(STDIN.read) data = params['ldap_config'] pe_main = params['pe_main'] + pe_version = params['pe_version'] caf = ['/opt/puppetlabs/bin/puppet', 'config', 'print', 'localcacert'] cafout, cafstatus = Open3.capture2(*caf) @@ -31,15 +32,23 @@ def main raise 'Could not get the Key file path.' end - uri = URI("https://#{pe_main}:4433/rbac-api/v1/ds") - https = Net::HTTP.new(uri.host, uri.port) + if Gem::Version.new(pe_version) < Gem::Version.new('2023.8.0') + ldap_path = URI('rbac-api/v1/ds') + uri = URI("https://#{pe_main}:4433/#{ldap_path}") + req = Net::HTTP::Put.new(uri, 'Content-type' => 'application/json') + else + ldap_path = URI('rbac-api/v1/command/ldap/create') + uri = URI("https://#{pe_main}:4433/#{ldap_path}") + req = Net::HTTP::Post.new(uri, 'Content-type' => 'application/json') + end + + https = Net::HTTP.new(pe_main, '4433') https.use_ssl = true https.verify_mode = OpenSSL::SSL::VERIFY_PEER https.ca_file = cafout.strip https.cert = OpenSSL::X509::Certificate.new(File.read(certout.strip)) https.key = OpenSSL::PKey::RSA.new(File.read(keyout.strip)) - req = Net::HTTP::Put.new(uri, 'Content-type' => 'application/json') req.body = data.to_json resp = https.request(req)