(PE-39397) Adding LDAP endpoint for 2023.8

ragingra · davidmalloncares · commit 22833fa4edd3 · 2025-03-05T14:22:08.000Z
As rbac-api/v1/ds has been deprecated, and remove in 2023.8, we need to utilise the new endpoint.
Adding case for installs of versions 23.8 and above to use rbac-api/v1/command/ldap/create.
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -1384,6 +1384,12 @@ Data type: `String`
 
 The PE Main server
 
+##### `pe_version`
+
+Data type: `String`
+
+The PE version
+
 ### <a name="pe_uninstall"></a>`pe_uninstall`
 
 Uninstall Puppet Enterprise
diff --git a/plans/subplans/configure.pp b/plans/subplans/configure.pp
@@ -124,10 +124,15 @@
   }
 
   if $ldap_config {
+    $pe_version = run_task('peadm::read_file', $primary_target,
+      path => '/opt/puppetlabs/server/pe_version',
+    )[0][content].chomp
+
     # Run the task to configure ldap
     $ldap_result = run_task('peadm::pe_ldap_config', $primary_target,
       pe_main         => $primary_target.peadm::certname(),
       ldap_config     => $ldap_config,
+      pe_version      => $pe_version,
       '_catch_errors' => true,
     )
 
diff --git a/tasks/pe_ldap_config.json b/tasks/pe_ldap_config.json
@@ -8,6 +8,10 @@
     "pe_main": {
       "type": "String",
       "description": "The PE Main server"
+    },
+    "pe_version": {
+      "type": "String",
+      "description": "The PE version"
     }
   },
   "input_method": "stdin",
diff --git a/tasks/pe_ldap_config.rb b/tasks/pe_ldap_config.rb
@@ -12,6 +12,7 @@ def main
   params = JSON.parse(STDIN.read)
   data = params['ldap_config']
   pe_main = params['pe_main']
+  pe_version = params['pe_version']
 
   caf = ['/opt/puppetlabs/bin/puppet', 'config', 'print', 'localcacert']
   cafout, cafstatus = Open3.capture2(*caf)
@@ -31,15 +32,23 @@ def main
     raise 'Could not get the Key file path.'
   end
 
-  uri = URI("https://#{pe_main}:4433/rbac-api/v1/ds")
-  https = Net::HTTP.new(uri.host, uri.port)
+  if Gem::Version.new(pe_version) < Gem::Version.new('2023.8.0')
+    ldap_path = URI('rbac-api/v1/ds')
+    uri = URI("https://#{pe_main}:4433/#{ldap_path}")
+    req = Net::HTTP::Put.new(uri, 'Content-type' => 'application/json')
+  else
+    ldap_path = URI('rbac-api/v1/command/ldap/create')
+    uri = URI("https://#{pe_main}:4433/#{ldap_path}")
+    req = Net::HTTP::Post.new(uri, 'Content-type' => 'application/json')
+  end
+
+  https = Net::HTTP.new(pe_main, '4433')
   https.use_ssl = true
   https.verify_mode = OpenSSL::SSL::VERIFY_PEER
   https.ca_file = cafout.strip
   https.cert = OpenSSL::X509::Certificate.new(File.read(certout.strip))
   https.key = OpenSSL::PKey::RSA.new(File.read(keyout.strip))
 
-  req = Net::HTTP::Put.new(uri, 'Content-type' => 'application/json')
   req.body = data.to_json
 
   resp = https.request(req)

Original file line number	Diff line number	Diff line change
`@@ -124,10 +124,15 @@`
`124`	`124`	`}`
`125`	`125`
`126`	`126`	`if $ldap_config {`
	`127`	`+ $pe_version = run_task('peadm::read_file', $primary_target,`
	`128`	`+ path => '/opt/puppetlabs/server/pe_version',`
	`129`	`+ )[0][content].chomp`
	`130`	`+`
`127`	`131`	`# Run the task to configure ldap`
`128`	`132`	`$ldap_result = run_task('peadm::pe_ldap_config', $primary_target,`
`129`	`133`	`pe_main => $primary_target.peadm::certname(),`
`130`	`134`	`ldap_config => $ldap_config,`
	`135`	`+ pe_version => $pe_version,`
`131`	`136`	`'_catch_errors' => true,`
`132`	`137`	`)`
`133`	`138`