LDAP Module

.github/workflows/ans-int-test-ldap.yaml

@@ -0,0 +1,96 @@
+# README:
+# - When changing the module name, it needs to be changed in 'env:MODULE_NAME' and in 'on:pull_requests:path'!
+#
+# Resources:
+# - Template for this file: https://github.com/ansible-collections/collection_template/blob/main/.github/workflows/ansible-test.yml
+# - About Ansible integration tests: https://docs.ansible.com/ansible/latest/dev_guide/testing_integration.html
+
+env:
+  NAMESPACE: checkmk
+  COLLECTION_NAME: general
+  MODULE_NAME: ldap
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+name: Ansible Integration Tests for LDAP Module
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * 0'
+  pull_request:
+    branches:
+      - main
+      - devel
+    paths:
+      - 'plugins/modules/ldap.py'
+  push:
+    paths:
+      - '.github/workflows/ans-int-test-ldap.yaml'
+      - 'plugins/lookup/ldap_connection.py'
+      - 'plugins/lookup/ldap_connections.py'
+      - 'plugins/module_utils/ldap.py'
+      - 'plugins/modules/ldap.py'
+      - 'tests/integration/files/includes/'
+      - 'tests/integration/targets/ldap/'
+
+jobs:
+
+  integration:
+    runs-on: ubuntu-24.04
+    name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }}
+    strategy:
+      fail-fast: false
+      matrix:
+        ansible:
+          - stable-2.16
+          - stable-2.17
+          - stable-2.18
+          - devel
+        python:
+          - '3.10'
+          - '3.11'
+          - '3.12'
+        exclude:
+          # Exclude unsupported sets.
+          - ansible: stable-2.18
+            python: '3.10'
+          - ansible: devel
+            python: '3.10'
+          - ansible: devel
+            python: '3.11'
+
+    services:
+      stable_cre:
+        image: checkmk/check-mk-raw:2.4.0p9
+        ports:
+          - 5024:5000
+        env:
+          CMK_SITE_ID: "stable_cre"
+          CMK_PASSWORD: "Sup3rSec4et!"
+      stable_cme:
+        image: checkmk/check-mk-managed:2.4.0p9
+        ports:
+          - 5324:5000
+        env:
+          CMK_SITE_ID: "stable_cme"
+          CMK_PASSWORD: "Sup3rSec4et!"
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v5
+        with:
+          path: ansible_collections/${{env.NAMESPACE}}/${{env.COLLECTION_NAME}}
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python }}
+
+      - name: Install ansible-base (${{ matrix.ansible }})
+        run: pip install https://github.com/ansible/ansible/archive/${{ matrix.ansible }}.tar.gz --disable-pip-version-check
+
+      - name: Run integration test
+        run: ansible-test integration ${{env.MODULE_NAME}} -v --color --continue-on-error --diff --python ${{ matrix.python }}
+        working-directory: ./ansible_collections/${{env.NAMESPACE}}/${{env.COLLECTION_NAME}}

changelogs/fragments/ldap.yml

@@ -0,0 +1,5 @@
+major_changes:
+  - LDAP module - Add module for LDAP connections.
+    Refer to the module documentation for further details.
+  - LDAP Connection lookup module - Add module to lookup details of a single LDAP connection.
+  - LDAP Connections lookup module - Add module to lookup all LDAP connections and their details.

plugins/doc_fragments/common.py

@@ -22,6 +22,19 @@ class ModuleDocFragment(object):
             description: The secret to authenticate your automation user.
             required: true
             type: str
+        api_auth_type:
+            description: Type of authentication to use.
+            required: false
+            type: str
+            choices:
+                - bearer
+                - basic
+                - cookie
+            default: bearer
+        api_auth_cookie:
+            description: Authentication cookie for the Checkmk session.
+            required: false
+            type: str
         validate_certs:
             description: Whether to validate the SSL certificate of the Checkmk server.
             default: true

plugins/lookup/ldap_connection.py

@@ -0,0 +1,184 @@
+# Copyright: (c) 2023, Lars Getwan <[email protected]>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+DOCUMENTATION = """
+    name: ldap_connection
+    author: Lars Getwan (@lgetwan)
+    version_added: "5.3.0"
+
+    short_description: Show the configuration of an ldap connection
+
+    description:
+      - Returns the configuration of an ldap connection
+
+    options:
+
+      _terms:
+        description: ldap connection ID
+        required: True
+
+      server_url:
+        description: URL of the Checkmk server.
+        required: True
+        vars:
+          - name: checkmk_var_server_url
+          - name: ansible_lookup_checkmk_server_url
+        env:
+          - name: CHECKMK_VAR_SERVER_URL
+          - name: ANSIBLE_LOOKUP_CHECKMK_SERVER_URL
+        ini:
+          - section: checkmk_lookup
+            key: server_url
+
+      site:
+        description: Site name.
+        required: True
+        vars:
+          - name: checkmk_var_site
+          - name: ansible_lookup_checkmk_site
+        env:
+          - name: CHECKMK_VAR_SITE
+          - name: ANSIBLE_LOOKUP_CHECKMK_SITE
+        ini:
+          - section: checkmk_lookup
+            key: site
+
+      automation_user:
+        description: Automation user for the REST API access.
+        required: True
+        vars:
+          - name: checkmk_var_automation_user
+          - name: ansible_lookup_checkmk_automation_user
+        env:
+          - name: CHECKMK_VAR_AUTOMATION_USER
+          - name: ANSIBLE_LOOKUP_CHECKMK_AUTOMATION_USER
+        ini:
+          - section: checkmk_lookup
+            key: automation_user
+
+      automation_secret:
+        description: Automation secret for the REST API access.
+        required: True
+        vars:
+          - name: checkmk_var_automation_secret
+          - name: ansible_lookup_checkmk_automation_secret
+        env:
+          - name: CHECKMK_VAR_AUTOMATION_SECRET
+          - name: ANSIBLE_LOOKUP_CHECKMK_AUTOMATION_SECRET
+        ini:
+          - section: checkmk_lookup
+            key: automation_secret
+
+      validate_certs:
+        description: Whether or not to validate TLS certificates.
+        type: boolean
+        required: False
+        default: True
+        vars:
+          - name: checkmk_var_validate_certs
+          - name: ansible_lookup_checkmk_validate_certs
+        env:
+          - name: CHECKMK_VAR_VALIDATE_CERTS
+          - name: ANSIBLE_LOOKUP_CHECKMK_VALIDATE_CERTS
+        ini:
+          - section: checkmk_lookup
+            key: validate_certs
+
+    notes:
+      - Like all lookups, this runs on the Ansible controller and is unaffected by other keywords such as 'become'.
+        If you need to use different permissions, you must change the command or run Ansible as another user.
+      - Alternatively, you can use a shell/command task that runs against localhost and registers the result.
+      - The directory of the play is used as the current working directory.
+      - It is B(NOT) possible to assign other variables to the variables mentioned in the C(vars) section!
+        This is a limitation of Ansible itself.
+"""
+
+EXAMPLES = """
+- name: Get a site with a particular ldap connection id
+  ansible.builtin.debug:
+    msg: "ldap connection: {{ extensions }}"
+  vars:
+    extensions: "{{
+      lookup('checkmk.general.ldap_connection',
+        'my_ldap_connection',
+        server_url=server_url,
+        site=site,
+        automation_user=automation_user,
+        automation_secret=automation_secret,
+        validate_certs=False
+      )
+    }}"
+
+- name: "Use variables from inventory."
+  ansible.builtin.debug:
+    msg: "ldap connection: {{ extensions }}"
+  vars:
+    checkmk_var_server_url: "http://myserver/"
+    checkmk_var_site: "mysite"
+    checkmk_var_automation_user: "myuser"
+    checkmk_var_automation_secret: "mysecret"
+    checkmk_var_validate_certs: false
+    attributes: "{{ lookup('checkmk.general.ldap_connection', 'my_ldap_connection') }}"
+"""
+
+RETURN = """
+  _list:
+    description:
+      - The details of a particular ldap connection
+    type: list
+    elements: str
+"""
+
+import json
+
+from ansible.errors import AnsibleError
+from ansible.plugins.lookup import LookupBase
+from ansible_collections.checkmk.general.plugins.module_utils.ldap import (
+    compress_recursive,
+)
+from ansible_collections.checkmk.general.plugins.module_utils.lookup_api import (
+    CheckMKLookupAPI,
+)
+
+
+class LookupModule(LookupBase):
+    def run(self, terms, variables, **kwargs):
+        self.set_options(var_options=variables, direct=kwargs)
+        server_url = self.get_option("server_url")
+        site = self.get_option("site")
+        user = self.get_option("automation_user")
+        secret = self.get_option("automation_secret")
+        validate_certs = self.get_option("validate_certs")
+
+        site_url = server_url + "/" + site
+
+        api = CheckMKLookupAPI(
+            site_url=site_url,
+            user=user,
+            secret=secret,
+            validate_certs=validate_certs,
+        )
+
+        ret = []
+
+        for term in terms:
+            response = json.loads(api.get("/objects/ldap_connection/" + term))
+
+            if "code" in response:
+                raise AnsibleError(
+                    "Received error for %s - %s: %s"
+                    % (
+                        response.get("url", ""),
+                        response.get("code", ""),
+                        response.get("msg", ""),
+                    )
+                )
+
+            ret.append(compress_recursive(response.get("extensions", {})))
+
+        # return log
+        return ret