From a82d770043ed2a7601a9a233924cf07c5aeb08d8 Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Mon, 22 Feb 2021 09:45:13 +0100
Subject: [PATCH] [slapd] Filter ipv4s responsibly

---
 group_vars/{ldap_server.yml => slapd.yml} |  3 +--
 host_vars/daniel.adm.crans.org.yml        |  2 +-
 host_vars/jack.adm.crans.org.yml          |  2 +-
 host_vars/sam.adm.crans.org.yml           |  2 +-
 host_vars/sputnik.adm.crans.org           |  2 +-
 host_vars/tealc.adm.crans.org.yml         |  2 +-
 hosts                                     |  2 +-
 lookup_plugins/ldap.py                    | 17 -----------------
 plays/slapd.yml                           |  2 +-
 9 files changed, 8 insertions(+), 26 deletions(-)
 rename group_vars/{ldap_server.yml => slapd.yml} (81%)

diff --git a/group_vars/ldap_server.yml b/group_vars/slapd.yml
similarity index 81%
rename from group_vars/ldap_server.yml
rename to group_vars/slapd.yml
index 7a52a6ca..29aa1773 100644
--- a/group_vars/ldap_server.yml
+++ b/group_vars/slapd.yml
@@ -1,7 +1,6 @@
 ---
-
 glob_slapd:
-  master_ip: "{{ query('ldap', 'ipv4', 'tealc', 'adm') | first }}"
+  master_ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}"
   regex: "^(role:(dhcp|dns|dns-primary|dns-secondary|ftp|gitlab|miroir|ntp|pve|radius|backup)|ecdsa-sha2-nistp256:.*|ssh-(ed25519|dss|rsa):.*)$"
   replication_credentials: "{{ vault_ldap_replication_credentials }}"
   private_key: "{{ vault_ldap_private_key }}"
diff --git a/host_vars/daniel.adm.crans.org.yml b/host_vars/daniel.adm.crans.org.yml
index 6152f24c..6185fc51 100644
--- a/host_vars/daniel.adm.crans.org.yml
+++ b/host_vars/daniel.adm.crans.org.yml
@@ -1,5 +1,5 @@
 ---
 loc_slapd:
-  ip: "{{ query('ldap', 'ipv4', 'daniel', 'adm') | first }}"
+  ip: "{{ query('ldap', 'ip', 'daniel', 'adm') | ipv4 | first }}"
   replica: true
   replica_rid: 2
diff --git a/host_vars/jack.adm.crans.org.yml b/host_vars/jack.adm.crans.org.yml
index 896420ab..6688778f 100644
--- a/host_vars/jack.adm.crans.org.yml
+++ b/host_vars/jack.adm.crans.org.yml
@@ -1,5 +1,5 @@
 ---
 loc_slapd:
-  ip: "{{ query('ldap', 'ipv4', 'jack', 'adm') | first }}"
+  ip: "{{ query('ldap', 'ip', 'jack', 'adm') | ipv4 | first }}"
   replica: true
   replica_rid: 3
diff --git a/host_vars/sam.adm.crans.org.yml b/host_vars/sam.adm.crans.org.yml
index ce52d174..e612aa73 100644
--- a/host_vars/sam.adm.crans.org.yml
+++ b/host_vars/sam.adm.crans.org.yml
@@ -1,5 +1,5 @@
 ---
 loc_slapd:
-  ip: "{{ query('ldap', 'ipv4', 'sam', 'adm') | first }}"
+  ip: "{{ query('ldap', 'ip', 'sam', 'adm') | ipv4 | first }}"
   replica: true
   replica_rid: 1
diff --git a/host_vars/sputnik.adm.crans.org b/host_vars/sputnik.adm.crans.org
index 04c45b94..2878a578 100644
--- a/host_vars/sputnik.adm.crans.org
+++ b/host_vars/sputnik.adm.crans.org
@@ -1,5 +1,5 @@
 ---
 loc_slapd:
-  ip: "{{ query('ldap', 'ipv4', 'sputnik', 'adm') | first }}"
+  ip: "{{ query('ldap', 'ip', 'sputnik', 'adm') | ipv4 | first }}"
   replica: true
   replica_rid: 4
diff --git a/host_vars/tealc.adm.crans.org.yml b/host_vars/tealc.adm.crans.org.yml
index 8a6ac0ae..0b449f7c 100644
--- a/host_vars/tealc.adm.crans.org.yml
+++ b/host_vars/tealc.adm.crans.org.yml
@@ -2,5 +2,5 @@ loc_postgresql:
   version: 11
 
 loc_slapd:
-  ip: 172.16.10.1
+  ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}"
   replica: false
diff --git a/hosts b/hosts
index bc7e7eac..960f7c88 100644
--- a/hosts
+++ b/hosts
@@ -61,7 +61,7 @@ irc.adm.crans.org
 [keepalived:children]
 routeurs_vm
 
-[ldap_server]
+[slapd]
 tealc.adm.crans.org
 sam.adm.crans.org
 daniel.adm.crans.org
diff --git a/lookup_plugins/ldap.py b/lookup_plugins/ldap.py
index 838c67b4..3a77bfb3 100644
--- a/lookup_plugins/ldap.py
+++ b/lookup_plugins/ldap.py
@@ -60,21 +60,6 @@ class LookupModule(LookupBase):
         result = [res.decode('utf-8') for res in result['ipHostNumber']]
         return result
 
-    def ipv4(self, host, vlan):
-        if isinstance(vlan, int):
-            network_query_id = self.base.search(f"ou=networks,{self.base_dn}", ldap.SCOPE_ONELEVEL, f"description={vlan}")
-            network_result = self.base.result(network_query_id)
-            vlan = network_result[1][0][1]['cn'][0].decode('utf-8')
-        if vlan == 'srv':
-            query_id = self.base.search(f"cn={host}.crans.org,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
-        else:
-            query_id = self.base.search(f"cn={host}.{vlan}.crans.org,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
-        result = self.base.result(query_id)
-        result = result[1][0][1]
-        result = [res.decode('utf-8') for res in result['ipHostNumber']]
-        result = [ res for res in result if type(ipaddress.ip_address(res)) is ipaddress.IPv4Address ]
-        return result
-
     def all_ip(self, host):
         """
         Retrieve all IP addresses of a device
@@ -156,8 +141,6 @@ class LookupModule(LookupBase):
             result = self.query(*terms[1:])
         elif terms[0] == 'ip':
             result = self.ip(*terms[1:])
-        elif terms[0] == 'ipv4':
-            result = self.ipv4(*terms[1:])
         elif terms[0] == 'all_ip':
             result = self.all_ip(*terms[1:])
         elif terms[0] == 'cn':
diff --git a/plays/slapd.yml b/plays/slapd.yml
index 60b55e61..eb805c1a 100755
--- a/plays/slapd.yml
+++ b/plays/slapd.yml
@@ -1,6 +1,6 @@
 #!/usr/bin/env ansible-playbook
 ---
-- hosts: ldap_server
+- hosts: slapd
   vars:
     slapd: '{{ glob_slapd | default({}) | combine(loc_slapd | default({})) }}'
   roles:
-- 
GitLab