...
Internally, simpkv constructs a plugin object for each unique backend, and uses the plugin object to interface with it corresponding backend. When a simpkv::* function is called, an internal adapter calls the plugin’s corresponding API method with normalized arguments to affect the operation. The adapter then (de)normalizes the results of the operation and reports them back to the calling simpkv::* function.
For example, for a simpkv::put operation using a LDAP plugin, the sequence of operations is notionally as follows:
...
Then, for a simpkv::get operation using a LDAP plugin, the sequence of operations is notionally as follows:
...
Value normalization
One of the normalizations done by the simpkv adapter involves the value and optional, user-provided metadata associated with a key. In a simpkv::put operation, the simpkv adapter serializes a key’s value and optional metadata into a single JSON string and then sends that to the plugin for storage in the backend. Then, after a key’s information has been retrieved by a plugin during a simpkv::get or simpkv::list operation, the simpkv adapter deserializes each JSON string back into the key’s value and metadata objects before serving the results back to the calling function. This encoding of a key’s value an metadata into a single string with a known, parsable format is intended to simplify backend operations.
...
It yields a DIT that is simple to understand and navigate.
An API change is not unexpected for simp/simpkv, since it is still experimental (version < 1.0.0) and not used enabled by default.
SIMP can help users with the transition to lowercase key names for any existing simpkv key paths or
simplib::passgenpassword names (whether using legacy mode or simpkv mode).Any SIMP-provided modules module that uses
simplib::passgencan be modified to ensure the password names are downcased.The
simplib::passgenfunction that uses simpkv can be modified to downcase existing password names that have any uppercase letters and then to emit a warning.In the The script SIMP will provide to import any existing simpkv key entries or
simplib::passgenpasswords into an a simpkv LDAP simpkv backend , there can be a check for uppercase letters in the destination key paths . The script can and either skip the import of the problematic entries, or convert to lowercase and warn the user of the conversion. Then, it would be up to the user to make any adjustments to their the corresponding manifests.
OID Subtree Design and Custom LDAP Schema
...
Below is the proposed SIMP OID subtree showing the parent OIDs for attributes and class objects needed for the SIMP DIT.
...
LDAP Custom Schema
simpkv DIT Option 1
...
simpkvKeyis a case-invariant string for the key . (excluding path)This is used as the final RDN of the DN for a key/value node.
simpkvJsonValueis a case-sensitive string for the JSON-formatted value.In the future, we could write a custom syntax validator for this attribute.
...
The proposed custom schema for the simpkv DIT option 2 is shown below. It has two custom object classes and three custom attributes.
Classes:
simpkvFolderis an object class for a node representing a backend identifier or folder.simpkvEntryis an object class for a key/value node.
Attributes:
simpkvHexIdis an attribute that is a case-invariant, hex-encoded string for the backend identifier, folder or key
(excluding path)
This is used as the final RDN of the DN for a node.
In the future, we could write a custom syntax validator for this attribute.
simpkvIdis an attribute that is the raw, case-sensitive string for a backend identifier, folder or key
(excluding path)
simpkvJsonValueis an attribute that is a case-sensitive string for a JSON-formatted value in a key/value node.In the future, we could write a custom syntax validator for this attribute.
| Code Block |
|---|
################################################################################ # dn: cn=schema # ################################################################################ # attributeTypes: ( 1.3.6.1.4.1.47012.1.1.1.1.1.1 NAME 'simpkvHexId' DESC 'hex-encoded backend instance, folder, or key name' SUP name SINGLE-VALUE X-ORIGIN 'SIMP simpkv' ) # ################################################################################ # attributeTypes: ( 1.3.6.1.4.1.47012.1.1.1.1.1.2 NAME 'simpkvId' DESC 'backend instance, key or folder name' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'SIMP simpkv' ) # ################################################################################ # attributeTypes: ( 1.3.6.1.4.1.47012.1.1.1.1.1.3 NAME 'simpkvJsonValue' DESC 'JSON-formatted value' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'SIMP simpkv' ) # ################################################################################ # objectClasses: ( 1.3.6.1.4.1.47012.1.1.1.1.2.1 NAME 'simpkvEntry' DESC 'simpkv entry' SUP top STRUCTURAL MUST ( simpkvHexId $ simpkvId $ simpkvJsonValue ) X-ORIGIN 'SIMP simpkv' ) # ################################################################################ # objectClasses: ( 1.3.6.1.4.1.47012.1.1.1.1.2.2 NAME 'simpkvFolder' DESC 'simpkv folder in which simpKvHexId represents the relative folder name in hex in the DN' SUP top STRUCTURAL MUST ( simpkvHexId $ simpkvId ) X-ORIGIN 'SIMP simpkv' ) |
...
Plugins are written in Ruby and implement the simpkv plugin API.
Plugins must be multi-thread safe.
Plugins must be written to provide Puppet-environment isolation when executed on the puppetserver.
Manifests that use
simpkv::*functions must be able to be compiled withpuppet agent,puppet applyor Bolt commands. This means the plugin code will run in JRuby in the puppetserver, run in the Ruby installed with puppet-agent, or run using the Bolt user’s Ruby into which the puppet gem is installed.
...