(PE-39397) Adding LDAP endpoint for 2023.8

As rbac-api/v1/ds has been deprecated, and remove in 2023.8, we need to utilise the new endpoint. Adding case for installs of versions 23.8 and above to use rbac-api/v1/command/ldap/create.
puppetlabs · Oct 18, 2024 · ddb42a7 · ddb42a7
1 parent 315d4ea
commit ddb42a7
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 3 deletions.
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -70,6 +70,7 @@
 * [`get_peadm_config`](#get_peadm_config): Run on a PE primary node to return the currently configured PEAdm parameters
 * [`get_psql_version`](#get_psql_version): Run on a PE PSQL node to return the major version of the PSQL server currently installed
 * [`infrastatus`](#infrastatus): Runs puppet infra status and returns the output
+* [`ldapsettings`](#ldapsettings)
 * [`mkdir_p_file`](#mkdir_p_file): Create a file with the specified content at the specified location
 * [`mv`](#mv): Wrapper task for mv command
 * [`os_identification`](#os_identification): Return the operating system runnin gon the target as a string
@@ -1233,6 +1234,12 @@ Data type: `Enum[json,text]`
 
 The type of output to return
 
+### <a name="ldapsettings"></a>`ldapsettings`
+
+The ldapsettings task.
+
+**Supports noop?** false
+
 ### <a name="mkdir_p_file"></a>`mkdir_p_file`
 
 Create a file with the specified content at the specified location
@@ -1355,6 +1362,12 @@ Data type: `String`
 
 The PE Main server
 
+##### `pe_version`
+
+Data type: `String`
+
+The PE version
+
 ### <a name="pe_uninstall"></a>`pe_uninstall`
 
 Uninstall Puppet Enterprise

diff --git a/plans/subplans/configure.pp b/plans/subplans/configure.pp
@@ -124,10 +124,15 @@
   }
 
   if $ldap_config {
+    $pe_version = run_task('peadm::read_file', $primary_target,
+      path => '/opt/puppetlabs/server/pe_version',
+    )[0][content].chomp
+
     # Run the task to configure ldap
     $ldap_result = run_task('peadm::pe_ldap_config', $primary_target,
       pe_main         => $primary_target.peadm::certname(),
       ldap_config     => $ldap_config,
+      pe_version      => $pe_version,
       '_catch_errors' => true,
     )
 

diff --git a/tasks/pe_ldap_config.json b/tasks/pe_ldap_config.json
@@ -8,6 +8,10 @@
     "pe_main": {
       "type": "String",
       "description": "The PE Main server"
+    },
+    "pe_version": {
+      "type": "String",
+      "description": "The PE version"
     }
   },
   "input_method": "stdin",

diff --git a/tasks/pe_ldap_config.rb b/tasks/pe_ldap_config.rb
@@ -12,6 +12,7 @@ def main
   params = JSON.parse(STDIN.read)
   data = params['ldap_config']
   pe_main = params['pe_main']
+  pe_version = params['pe_version']
 
   caf = ['/opt/puppetlabs/bin/puppet', 'config', 'print', 'localcacert']
   cafout, cafstatus = Open3.capture2(*caf)
@@ -31,15 +32,23 @@ def main
     raise 'Could not get the Key file path.'
   end
 
-  uri = URI("https://#{pe_main}:4433/rbac-api/v1/ds")
-  https = Net::HTTP.new(uri.host, uri.port)
+  if Gem::Version.new(pe_version) < Gem::Version.new('2023.8.0')
+    ldap_path = URI('rbac-api/v1/ds')
+    uri = URI("https://#{pe_main}:4433/#{ldap_path}")
+    req = Net::HTTP::Put.new(uri, 'Content-type' => 'application/json')
+  else
+    ldap_path = URI('rbac-api/v1/command/ldap/create')
+    uri = URI("https://#{pe_main}:4433/#{ldap_path}")
+    req = Net::HTTP::Post.new(uri, 'Content-type' => 'application/json')
+  end
+
+  https = Net::HTTP.new(pe_main, '4433')
   https.use_ssl = true
   https.verify_mode = OpenSSL::SSL::VERIFY_PEER
   https.ca_file = cafout.strip
   https.cert = OpenSSL::X509::Certificate.new(File.read(certout.strip))
   https.key = OpenSSL::PKey::RSA.new(File.read(keyout.strip))
 
-  req = Net::HTTP::Put.new(uri, 'Content-type' => 'application/json')
   req.body = data.to_json
 
   resp = https.request(req)