From 92cc7ae47803de1937303f4777138f544859d9d1 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Mon, 5 Apr 2021 11:24:04 -0400
Subject: [PATCH] move ldap-get-attribute to its own module

---
 CHANGELOG.md                                  |  1 +
 ldap-get-attribute/README.md                  | 82 -------------------
 ldap-get-attribute/bin/external_ldapsearch.sh | 54 ------------
 ldap-get-attribute/main.tf                    | 67 ---------------
 ldap-get-attribute/outputs.tf                 | 11 ---
 ldap-get-attribute/variables.tf               | 34 --------
 ldap-get-attribute/version.tf                 |  1 -
 7 files changed, 1 insertion(+), 249 deletions(-)
 delete mode 100644 ldap-get-attribute/README.md
 delete mode 100755 ldap-get-attribute/bin/external_ldapsearch.sh
 delete mode 100644 ldap-get-attribute/main.tf
 delete mode 100644 ldap-get-attribute/outputs.tf
 delete mode 100644 ldap-get-attribute/variables.tf
 delete mode 120000 ldap-get-attribute/version.tf

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 85e5bb3..92c5560 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -75,5 +75,6 @@
 * v1.9.0 -- 20210405
   - ldap-get-attribute
     - add new submodule to retrieve an attribute value from a search
+    - move it out to its own module
 
 
diff --git a/ldap-get-attribute/README.md b/ldap-get-attribute/README.md
deleted file mode 100644
index 55c1c6e..0000000
--- a/ldap-get-attribute/README.md
+++ /dev/null
@@ -1,82 +0,0 @@
-# aws-inf-setup :: ldap-get-attribute
-
-This allows for a simple LDAP search filter against, by default eDirectory ldap.tco.census.gov.
-It returns an object with count, status, the attribute, the dn(s) and the attribute value(s).
-DN and values are returned in a list.  This is intended to search for only a single attribute,
-which may be multi-value.  It also returns the DN and CN.
-
-For a query that returns multiple entries, where those entries do all not possess the same
-attribute, the DN to attribute value will not match.  That is, it returns only a list of
-the attributes for the objects which have them in no particular order.
-
-# Usage
-Here is a simple example to get the email address of user `badra001`.
-
-```hcl
-module "user_badra001" {
-  source    = "git@github.e.it.census.gov:terraform-modules/aws-inf-setup.git//ldap-get-attribute"
-
-  filter    = "cn=badra001"
-  attribute = "mail"
-  # optional
-  # ldap_uri     = "ldaps://ldap.tco.census.gov"
-  # ldap_base_dn = "o=U.S. Census Bureau,c=US"
-
-  # TBD
-  # ldap_user  =
-  # ldap_pass  =
-}
-```
-
-# Sample Output
-```hcl
-search_results = {
-  "attribute" = "mail"
-  "attribute_value" = [
-    "donald.e.badrak.ii@census.gov",
-  ]
-  "count" = "1"
-  "dn" = [
-    "cn=badra001,ou=People,o=U.S. Census Bureau,c=US",
-  ]
-  "cn" = [
-    "badra001"
-   ]
-  "status" = "0"
-}
-```
-
-## Requirements
-
-No requirements.
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_external"></a> [external](#provider\_external) | n/a |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [external_external.search](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_attribute"></a> [attribute](#input\_attribute) | LDAP attribute to return | `string` | `"dn"` | no |
-| <a name="input_filter"></a> [filter](#input\_filter) | LDAP search filter | `string` | n/a | yes |
-| <a name="input_ldap_base_dn"></a> [ldap\_base\_dn](#input\_ldap\_base\_dn) | LDAP base DN for search | `string` | `"o=U.S. Census Bureau,c=US"` | no |
-| <a name="input_ldap_uri"></a> [ldap\_uri](#input\_ldap\_uri) | LDAP URI {scheme}://{hostname}:{port} | `string` | `"ldaps://ldap.tco.census.gov"` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_search_result"></a> [search\_result](#output\_search\_result) | Object from ldap search result showing count, status, cn, dn, attribute and attribute\_value |
diff --git a/ldap-get-attribute/bin/external_ldapsearch.sh b/ldap-get-attribute/bin/external_ldapsearch.sh
deleted file mode 100755
index e8dbc15..0000000
--- a/ldap-get-attribute/bin/external_ldapsearch.sh
+++ /dev/null
@@ -1,54 +0,0 @@
-#!/bin/bash
-
-cleanup()
-{
-   local rstatus=$?
-   if [ ! -z $LDIF]
-   then
-      test -e $LDIF && rm $LDIF
-   fi
-   exit $rstatus
-}
-
-trap cleanup EXIT
-
-#set -e
-eval "$(jq -r '@sh "LDAP_BASE_DN=\(.ldap_base_dn) FILTER=\(.filter) ATTRIBUTE=\(.attribute) LDAP_URL=\(.ldap_url)"')"
-
-if [[ -z $LDAP_BASE_DN ]] || [[ "$LDAP_BASE_DN" == "null" ]]
-then
-  LDAP_BASE_DN="o=U.S. Census Bureau,c=US"
-fi
-
-if [[ -z $LDAP_URL ]] || [[ "$LDAP_URL" == "null" ]]
-then
-  LDAP_URL="ldaps://ldap.tco.census.gov"
-fi
-
-if [[ -z "$FILTER" ]] || [[ "$FILTER" == "null" ]]
-then
-  FILTER=""
-fi
-
-if [[ -z "$ATTRIBUTE" ]] || [[ "$ATTRIBUTE" == "null" ]]
-then
-  ATTRIBUTE="dn"
-fi
-
-if [ -z "$FILTER" ]
-then
-  echo "* no filter provided"
-  exit 1
-fi
-
-LDIF=$(mktemp)
-ldapsearch -x -LLL -o ldif-wrap=no -H "$LDAP_URL" -b "$LDAP_BASE_DN" "$FILTER" "cn $ATTRIBUTE" > $LDIF
-status=$?
-
-DN=$(grep "^dn:" $LDIF | sed -e 's/^dn: //')
-CN=$(grep "^cn:" $LDIF | sed -e 's/^cn: //')
-VALUE=$(grep -i "^$ATTRIBUTE:" $LDIF | sed -e "s/^$ATTRIBUTE: //")
-COUNT=$(grep -c "^dn:" $LDIF)
-
-jq -n --arg dn "$DN" --arg cn "$CN" --arg attribute "$ATTRIBUTE" --arg value "$VALUE" --arg status "$status" --arg count "$COUNT" \
-  '{"dn":$dn,"attribute":$attribute,"attribute_value":$value,"status":$status,"count":$count}'
diff --git a/ldap-get-attribute/main.tf b/ldap-get-attribute/main.tf
deleted file mode 100644
index 9a3b8fc..0000000
--- a/ldap-get-attribute/main.tf
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
-* # aws-inf-setup :: ldap-get-attribute
-* 
-* This allows for a simple LDAP search filter against, by default eDirectory ldap.tco.census.gov.
-* It returns an object with count, status, the attribute, the dn(s) and the attribute value(s).
-* DN and values are returned in a list.  This is intended to search for only a single attribute,
-* which may be multi-value.  It also returns the DN and CN.
-*
-* For a query that returns multiple entries, where those entries do all not possess the same
-* attribute, the DN to attribute value will not match.  That is, it returns only a list of
-* the attributes for the objects which have them in no particular order.
-* 
-* # Usage
-* Here is a simple example to get the email address of user `badra001`.
-*
-* ```hcl
-* module "user_badra001" {
-*   source    = "git@github.e.it.census.gov:terraform-modules/aws-inf-setup.git//ldap-get-attribute"
-*
-*   filter    = "cn=badra001"
-*   attribute = "mail"
-*   # optional
-*   # ldap_uri     = "ldaps://ldap.tco.census.gov"
-*   # ldap_base_dn = "o=U.S. Census Bureau,c=US"
-*
-*   # TBD
-*   # ldap_user  =
-*   # ldap_pass  =
-* }
-* ```
-*
-* # Sample Output
-* ```hcl
-* search_results = {
-*   "attribute" = "mail"
-*   "attribute_value" = [
-*     "donald.e.badrak.ii@census.gov",
-*   ]
-*   "count" = "1"
-*   "dn" = [
-*     "cn=badra001,ou=People,o=U.S. Census Bureau,c=US",
-*   ]
-*   "cn" = [
-*     "badra001"
-*    ]
-*   "status" = "0"
-* }
-* ```
-*/
-
-locals {
-  base_tags = {
-    "boc:tf_module_version" = local._module_version
-    "boc:created_by"        = "terraform"
-  }
-}
-
-data "external" "search" {
-  program = ["bash", "${path.module}/bin/external_ldapsearch.sh"]
-  # output {object}.result.{status,count,dn,attribute,attribute_value}
-  query = {
-    "ldap_uri"     = var.ldap_uri
-    "ldap_base_dn" = var.ldap_base_dn
-    "filter"       = var.filter
-    "attribute"    = var.attribute
-  }
-}
diff --git a/ldap-get-attribute/outputs.tf b/ldap-get-attribute/outputs.tf
deleted file mode 100644
index efaed0b..0000000
--- a/ldap-get-attribute/outputs.tf
+++ /dev/null
@@ -1,11 +0,0 @@
-output "search_result" {
-  description = "Object from ldap search result showing count, status, cn, dn, attribute and attribute_value"
-  value = {
-    "count"           = data.external.ldap_user.result.count
-    "status"          = data.external.ldap_user.result.status
-    "attribute"       = data.external.ldap_user.result.attribute
-    "cn"              = split("\n", data.external.ldap_user.result.cn)
-    "dn"              = split("\n", data.external.ldap_user.result.dn)
-    "attribute_value" = split("\n", data.external.ldap_user.result.attribute_value)
-  }
-}
diff --git a/ldap-get-attribute/variables.tf b/ldap-get-attribute/variables.tf
deleted file mode 100644
index ec67586..0000000
--- a/ldap-get-attribute/variables.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-variable "filter" {
-  description = "LDAP search filter"
-  type        = string
-}
-
-variable "attribute" {
-  description = "LDAP attribute to return"
-  type        = string
-  default     = "dn"
-}
-
-variable "ldap_uri" {
-  description = "LDAP URI {scheme}://{hostname}:{port}"
-  type        = string
-  default     = "ldaps://ldap.tco.census.gov"
-}
-
-variable "ldap_base_dn" {
-  description = "LDAP base DN for search"
-  type        = string
-  default     = "o=U.S. Census Bureau,c=US"
-}
-
-# variable "ldap_user" {
-#   description = "LDAP bind username"
-#   type = string
-#   default = ""
-# }
-# 
-# variable "ldap_password" {
-#   description = "LDAP bind password"
-#   type = string
-#   default = ""
-# }
diff --git a/ldap-get-attribute/version.tf b/ldap-get-attribute/version.tf
deleted file mode 120000
index b83c5b7..0000000
--- a/ldap-get-attribute/version.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/version.tf
\ No newline at end of file