Commit fb7460e4 authored by Hamza Dely's avatar Hamza Dely
Browse files

nagios a besoin d'accéder à l'annuaire LDAP en RO pour Icinga

parent e6b6c87e
......@@ -154,7 +154,7 @@ class SequenceLoader(list):
return loader(name)
except SecretNotFound as exc:
notfound_error = notfound_error or exc
raise notfound_error
class ACLChecker(object):
......@@ -175,17 +175,17 @@ class ACLChecker(object):
def check(self, name):
"""Teste si ``name`` a le droit d'être lu"""
user = os.getenv('SUDO_USER')
# TODO Trigger et sa clé SSH !
if user == 'root':
return True
# radius a besoin des mdp clients (pour dynamic_clients),
# du ldap et du dhcp pour inscrire des gens
if user == 'freerad' and in_group('freeradius') and \
name.split('_', 1)[0] in ['radius', 'dhcp', 'ldap']:
return True
if user == 'www-data' and in_group('intranet2-service'):
logger.debug('ici: %s' % name.split('_', 1)[0])
if name.split('_', 1)[0] in [ 'comnpay', 'dhcp', 'digicode', 'intranet',
......@@ -202,6 +202,12 @@ class ACLChecker(object):
if user == 'gammu' and in_group('service-sms') and name == "rabbitmq_sms":
return True
# nagios a besoin de faire des recherches dans la base LDAP
if (user == 'nagios' and
in_group('icinga2-master') and
name in ['ldap_readonly_auth_dn', 'ldap_readonly_password']):
return True
# Rempli loader avec la variable qu'on veut
loader = SequenceLoader([python_loader, single_file_loader, json_loader])
......@@ -223,7 +229,7 @@ def get(name):
""" Récupère un secret. """
prog = os.path.basename(getattr(sys, 'argv', ['undefined'])[0])
logger.debug('%s (in %s) asked for %s' % (getpass.getuser(), prog, name))
try:
return loader(name)
except SecretNotFound:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment