From 4923b43fed1aa3fa8a696cd44b12d0a3ec554f6c Mon Sep 17 00:00:00 2001 From: Georg Pfuetzenreuter Date: Sun, 29 Jan 2023 19:20:36 +0100 Subject: Init Signed-off-by: Georg Pfuetzenreuter --- roleproxy.py | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ roleproxy.service | 24 ++++++++++++++++++++++++ roleproxy.sysconfig | 8 ++++++++ 3 files changed, 85 insertions(+) create mode 100755 roleproxy.py create mode 100644 roleproxy.service create mode 100644 roleproxy.sysconfig diff --git a/roleproxy.py b/roleproxy.py new file mode 100755 index 0000000..17ffec3 --- /dev/null +++ b/roleproxy.py @@ -0,0 +1,53 @@ +#!/usr/bin/python3 +# This serves a custom "salt_roles" field in NetBox via a HTTP API consumable in Salt top files. +# Georg Pfuetzenreuter + +import flask +import logging +import os +import pynetbox +from waitress import serve + +if not 'NB_HOST' in os.environ or not 'NB_TOKEN' in os.environ: + print('Pass NB_HOST and NB_TOKEN as environment variables.') + import sys + sys.exit(1) + +host = os.environ['NB_HOST'] +token = os.environ['NB_TOKEN'] + +app = flask.Flask(__name__) + +def connect(host, token): + netbox = pynetbox.api(host, token) + return(netbox) + +def get_roles(netbox, name): + vm = netbox.virtualization.virtual_machines.filter(name=name) + vmroles = {} + if len(vm) > 0: + vmroles = vm[0].custom_fields['salt_roles'] + if vmroles is None: + vmroles = {} + return(200, vmroles) + if len(vm) == 0: + return(404, None) + +@app.route('/roles') +def query(): + name = flask.request.args.get('machine') + query = get_roles(connect(host, token), name) + response = query[0] + logger.info(' %s requested roles for %s and received %i', flask.request.remote_addr, name, response) + if response == 404: + flask.abort(404) + elif response == 200: + roledict = {'roles': query[1]} + return(flask.jsonify(roledict)) + +if __name__ == '__main__': + #app.run(debug=False) + logger = logging.getLogger('roleproxy') + logger.setLevel(logging.INFO) + logger.info('Booting ...') + serve(app, host='*', port=4580) diff --git a/roleproxy.service b/roleproxy.service new file mode 100644 index 0000000..2c53b28 --- /dev/null +++ b/roleproxy.service @@ -0,0 +1,24 @@ +# This file is shipped as part of the salt-netbox-roleproxy package. +# Author: Georg Pfuetzenreuter + +[Unit] +Description=Salt NetBox Role Proxy + +[Service] +User=roleproxy +EnvironmentFile=/etc/sysconfig/roleproxy +ExecStart=/usr/local/bin/roleproxy.py +ProtectSystem=strict +ProtectHome=yes +PrivateDevices=yes +PrivateTmp=yes +PrivateUsers=yes +ProtectKernelTunables=yes +ProtectKernelLogs=yes +ProtectControlGroups=yes +RestrictAddressFamilies=AF_INET6 AF_INET +SystemCallArchitectures=native +SystemCallFilter=@system-service + +[Install] +WantedBy=multi-user.target diff --git a/roleproxy.sysconfig b/roleproxy.sysconfig new file mode 100644 index 0000000..3805db3 --- /dev/null +++ b/roleproxy.sysconfig @@ -0,0 +1,8 @@ +# Configuration for the Salt NetBox role proxy +# Author: Georg Pfuetzenreuter + +# URL in the format https://netbox.example.com:8080 +NB_HOST= + +# Token with privileges to read virtual machine objects and their salt_roles custom field +NB_TOKEN= -- cgit v1.2.3