From 4923b43fed1aa3fa8a696cd44b12d0a3ec554f6c Mon Sep 17 00:00:00 2001
From: Georg Pfuetzenreuter
Date: Sun, 29 Jan 2023 19:20:36 +0100
Subject: Init

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
---
 roleproxy.py        | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 roleproxy.service   | 24 ++++++++++++++++++++++++
 roleproxy.sysconfig |  8 ++++++++
 3 files changed, 85 insertions(+)
 create mode 100755 roleproxy.py
 create mode 100644 roleproxy.service
 create mode 100644 roleproxy.sysconfig

diff --git a/roleproxy.py b/roleproxy.py
new file mode 100755
index 0000000..17ffec3
--- /dev/null
+++ b/roleproxy.py
@@ -0,0 +1,53 @@
+#!/usr/bin/python3
+# This serves a custom "salt_roles" field in NetBox via a HTTP API consumable in Salt top files.
+# Georg Pfuetzenreuter <georg@lysergic.dev>
+
+import flask
+import logging
+import os
+import pynetbox
+from waitress import serve
+
+if not 'NB_HOST' in os.environ or not 'NB_TOKEN' in os.environ:
+    print('Pass NB_HOST and NB_TOKEN as environment variables.')
+    import sys
+    sys.exit(1)
+
+host = os.environ['NB_HOST']
+token = os.environ['NB_TOKEN']
+
+app = flask.Flask(__name__)
+
+def connect(host, token):
+    netbox = pynetbox.api(host, token)
+    return(netbox)
+
+def get_roles(netbox, name):
+    vm = netbox.virtualization.virtual_machines.filter(name=name)
+    vmroles = {}
+    if len(vm) > 0:
+        vmroles = vm[0].custom_fields['salt_roles']
+        if vmroles is None:
+            vmroles = {}
+        return(200, vmroles)
+    if len(vm) == 0:
+        return(404, None)
+
+@app.route('/roles')
+def query():
+    name = flask.request.args.get('machine')
+    query = get_roles(connect(host, token), name)
+    response = query[0]
+    logger.info(' %s requested roles for %s and received %i', flask.request.remote_addr, name, response)
+    if response == 404:
+        flask.abort(404)
+    elif response == 200:
+        roledict = {'roles': query[1]}
+    return(flask.jsonify(roledict))
+
+if __name__ == '__main__':
+    #app.run(debug=False)
+    logger = logging.getLogger('roleproxy')
+    logger.setLevel(logging.INFO)
+    logger.info('Booting ...')
+    serve(app, host='*', port=4580)
diff --git a/roleproxy.service b/roleproxy.service
new file mode 100644
index 0000000..2c53b28
--- /dev/null
+++ b/roleproxy.service
@@ -0,0 +1,24 @@
+# This file is shipped as part of the salt-netbox-roleproxy package.
+# Author: Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
+
+[Unit]
+Description=Salt NetBox Role Proxy
+
+[Service]
+User=roleproxy
+EnvironmentFile=/etc/sysconfig/roleproxy
+ExecStart=/usr/local/bin/roleproxy.py
+ProtectSystem=strict
+ProtectHome=yes
+PrivateDevices=yes
+PrivateTmp=yes
+PrivateUsers=yes
+ProtectKernelTunables=yes
+ProtectKernelLogs=yes
+ProtectControlGroups=yes
+RestrictAddressFamilies=AF_INET6 AF_INET
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roleproxy.sysconfig b/roleproxy.sysconfig
new file mode 100644
index 0000000..3805db3
--- /dev/null
+++ b/roleproxy.sysconfig
@@ -0,0 +1,8 @@
+# Configuration for the Salt NetBox role proxy
+# Author: Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
+
+# URL in the format https://netbox.example.com:8080
+NB_HOST=
+
+# Token with privileges to read virtual machine objects and their salt_roles custom field
+NB_TOKEN=
-- 
cgit v1.2.3