ptman/lookup_plugins:ldap_sshkeys.py

## lookup_plugins:ldap_sshkeys.py
# vim: set si ai et sw=4 sts=4 ts=4 ft=python:
# coding: utf-8
# Copyright (c) 2013, ZenRobotics Ltd.
# Author: Paul Tötterman <paul.totterman@zenrobotics.com>
"""Ansible lookup plugin for looking up user data in an LDAP directory."""

from ansible import utils, errors
import ldap


def get_ldap_base(conn, persist={}):
    """Find out LDAP base."""
    # pylint: disable-msg=W0102
    if 'base' in persist:
        return persist['base']

    base = None

    entries = conn.search_s('', ldap.SCOPE_BASE, 'objectClass=*', ('+',))
    attrs = entries[0][1]
    if len(attrs['namingContexts']) == 1:
        base = attrs['namingContexts'][0]

    persist['base'] = base
    return base


class LookupModule(object):
    """Implement the Ansible lookup module interface."""
    # pylint: disable-msg=R0903
    def __init__(self, basedir=None, **_):
        """Class initializer.

        Discards all arguments except basedir."""
        self.basedir = basedir
        self.ldapconn = ldap.initialize(ldap.get_option(ldap.OPT_URI))
        self.ldapbase = get_ldap_base(self.ldapconn)

    def run(self, terms, inject=None, **_):
        """Process a ldap_user lookup."""
        terms = utils.listify_lookup_plugin_terms(terms, self.basedir, inject)

        if isinstance(terms, basestring):
            terms = [ terms ]

        result = []

        for term in terms:
            login = term
            entries = self.ldapconn.search_s(self.ldapbase, ldap.SCOPE_SUBTREE,
                                             '(uid=%s)' % login,
                                             ('sshPublicKey',))
            if not len(entries) == 1:
                raise errors.AnsibleError('uid=%s not found in LDAP', login)

            attrs = entries[0][1]

            if 'sshPublicKey' not in attrs:
                continue

            for pubkey in attrs['sshPublicKey']:
                result.append({'login': login,
                               'pubkey': pubkey})

        return result

## lookup_plugins:ldap_users.py
# vim: set si ai et sw=4 sts=4 ts=4 ft=python:
# coding: utf-8
# Copyright (c) 2013, ZenRobotics Ltd.
# Author: Paul Tötterman <paul.totterman@zenrobotics.com>
"""Ansible lookup plugin for looking up user data in an LDAP directory."""

from ansible import utils, errors
import ldap


def get_ldap_base(conn, persist={}):
    """Find out LDAP base."""
    # pylint: disable-msg=W0102
    if 'base' in persist:
        return persist['base']

    base = None

    entries = conn.search_s('', ldap.SCOPE_BASE, 'objectClass=*', ('+',))
    attrs = entries[0][1]
    if len(attrs['namingContexts']) == 1:
        base = attrs['namingContexts'][0]

    persist['base'] = base
    return base


class LookupModule(object):
    """Implement the Ansible lookup module interface."""
    # pylint: disable-msg=R0903
    def __init__(self, basedir=None, **_):
        """Class initializer.

        Discards all arguments except basedir."""
        self.basedir = basedir
        self.ldapconn = ldap.initialize(ldap.get_option(ldap.OPT_URI))
        self.ldapbase = get_ldap_base(self.ldapconn)

    def run(self, terms, inject=None, **_):
        """Process a ldap_user lookup."""
        terms = utils.listify_lookup_plugin_terms(terms, self.basedir, inject)

        if isinstance(terms, basestring):
            terms = [ terms ]

        result = []

        for term in terms:
            login = term
            entries = self.ldapconn.search_s(self.ldapbase, ldap.SCOPE_SUBTREE,
                                             '(uid=%s)' % login)
            if not len(entries) == 1:
                raise errors.AnsibleError('uid=%s not found in LDAP', login)

            attrs = entries[0][1]

            info = {'login': login,
                    'uid': int(attrs['uidNumber'][0]),
                    'gid': int(attrs['gidNumber'][0]),
                    'home': attrs['homeDirectory'][0]}

            if 'loginShell' in attrs:
                info['shell'] = attrs['loginShell'][0]

            if 'gecos' in attrs:
                info['gecos'] = attrs['gecos'][0]

            result.append(info)

        return result

## test.yml
# vim: set si ai et ts=2 sts=2 sw=2 ft=yaml:
---
- hosts: all
  sudo: yes
  vars:
    users: foobar
  tasks:
  - name: 'Add users'
    user: name='{{item.login}}'
          uid='{{item.uid}}'
          #group='{{item.gid}}' # does ansible really want symbolic group name or will gid do?
          group=users
          groups=sudo
          comment='{{item.gecos}}'
    with_ldap_users: users
  - name: 'SSH pubkeys'
    authorized_key: user='{{item.login}}' key='{{item.pubkey}}'
    with_ldap_sshkeys: users
	# vim: set si ai et sw=4 sts=4 ts=4 ft=python:
	# coding: utf-8
	# Copyright (c) 2013, ZenRobotics Ltd.
	# Author: Paul Tötterman <paul.totterman@zenrobotics.com>
	"""Ansible lookup plugin for looking up user data in an LDAP directory."""

	from ansible import utils, errors
	import ldap


	def get_ldap_base(conn, persist={}):
	"""Find out LDAP base."""
	# pylint: disable-msg=W0102
	if 'base' in persist:
	return persist['base']

	base = None

	entries = conn.search_s('', ldap.SCOPE_BASE, 'objectClass=*', ('+',))
	attrs = entries[0][1]
	if len(attrs['namingContexts']) == 1:
	base = attrs['namingContexts'][0]

	persist['base'] = base
	return base


	class LookupModule(object):
	"""Implement the Ansible lookup module interface."""
	# pylint: disable-msg=R0903
	def __init__(self, basedir=None, **_):
	"""Class initializer.

	Discards all arguments except basedir."""
	self.basedir = basedir
	self.ldapconn = ldap.initialize(ldap.get_option(ldap.OPT_URI))
	self.ldapbase = get_ldap_base(self.ldapconn)

	def run(self, terms, inject=None, **_):
	"""Process a ldap_user lookup."""
	terms = utils.listify_lookup_plugin_terms(terms, self.basedir, inject)

	if isinstance(terms, basestring):
	terms = [ terms ]

	result = []

	for term in terms:
	login = term
	entries = self.ldapconn.search_s(self.ldapbase, ldap.SCOPE_SUBTREE,
	'(uid=%s)' % login,
	('sshPublicKey',))
	if not len(entries) == 1:
	raise errors.AnsibleError('uid=%s not found in LDAP', login)

	attrs = entries[0][1]

	if 'sshPublicKey' not in attrs:
	continue

	for pubkey in attrs['sshPublicKey']:
	result.append({'login': login,
	'pubkey': pubkey})

	return result
	# vim: set si ai et ts=2 sts=2 sw=2 ft=yaml:
	---
	- hosts: all
	sudo: yes
	vars:
	users: foobar
	tasks:
	- name: 'Add users'
	user: name='{{item.login}}'
	uid='{{item.uid}}'
	#group='{{item.gid}}' # does ansible really want symbolic group name or will gid do?
	group=users
	groups=sudo
	comment='{{item.gecos}}'
	with_ldap_users: users
	- name: 'SSH pubkeys'
	authorized_key: user='{{item.login}}' key='{{item.pubkey}}'
	with_ldap_sshkeys: users