summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xroleproxy.py53
-rw-r--r--roleproxy.service24
-rw-r--r--roleproxy.sysconfig8
3 files changed, 85 insertions, 0 deletions
diff --git a/roleproxy.py b/roleproxy.py
new file mode 100755
index 0000000..17ffec3
--- /dev/null
+++ b/roleproxy.py
@@ -0,0 +1,53 @@
+#!/usr/bin/python3
+# This serves a custom "salt_roles" field in NetBox via a HTTP API consumable in Salt top files.
+# Georg Pfuetzenreuter <georg@lysergic.dev>
+
+import flask
+import logging
+import os
+import pynetbox
+from waitress import serve
+
+if not 'NB_HOST' in os.environ or not 'NB_TOKEN' in os.environ:
+ print('Pass NB_HOST and NB_TOKEN as environment variables.')
+ import sys
+ sys.exit(1)
+
+host = os.environ['NB_HOST']
+token = os.environ['NB_TOKEN']
+
+app = flask.Flask(__name__)
+
+def connect(host, token):
+ netbox = pynetbox.api(host, token)
+ return(netbox)
+
+def get_roles(netbox, name):
+ vm = netbox.virtualization.virtual_machines.filter(name=name)
+ vmroles = {}
+ if len(vm) > 0:
+ vmroles = vm[0].custom_fields['salt_roles']
+ if vmroles is None:
+ vmroles = {}
+ return(200, vmroles)
+ if len(vm) == 0:
+ return(404, None)
+
+@app.route('/roles')
+def query():
+ name = flask.request.args.get('machine')
+ query = get_roles(connect(host, token), name)
+ response = query[0]
+ logger.info(' %s requested roles for %s and received %i', flask.request.remote_addr, name, response)
+ if response == 404:
+ flask.abort(404)
+ elif response == 200:
+ roledict = {'roles': query[1]}
+ return(flask.jsonify(roledict))
+
+if __name__ == '__main__':
+ #app.run(debug=False)
+ logger = logging.getLogger('roleproxy')
+ logger.setLevel(logging.INFO)
+ logger.info('Booting ...')
+ serve(app, host='*', port=4580)
diff --git a/roleproxy.service b/roleproxy.service
new file mode 100644
index 0000000..2c53b28
--- /dev/null
+++ b/roleproxy.service
@@ -0,0 +1,24 @@
+# This file is shipped as part of the salt-netbox-roleproxy package.
+# Author: Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
+
+[Unit]
+Description=Salt NetBox Role Proxy
+
+[Service]
+User=roleproxy
+EnvironmentFile=/etc/sysconfig/roleproxy
+ExecStart=/usr/local/bin/roleproxy.py
+ProtectSystem=strict
+ProtectHome=yes
+PrivateDevices=yes
+PrivateTmp=yes
+PrivateUsers=yes
+ProtectKernelTunables=yes
+ProtectKernelLogs=yes
+ProtectControlGroups=yes
+RestrictAddressFamilies=AF_INET6 AF_INET
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roleproxy.sysconfig b/roleproxy.sysconfig
new file mode 100644
index 0000000..3805db3
--- /dev/null
+++ b/roleproxy.sysconfig
@@ -0,0 +1,8 @@
+# Configuration for the Salt NetBox role proxy
+# Author: Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
+
+# URL in the format https://netbox.example.com:8080
+NB_HOST=
+
+# Token with privileges to read virtual machine objects and their salt_roles custom field
+NB_TOKEN=