infamousjoeg · March 28, 2023 14:45
diff --git a/1-install_module.sh b/1-install_module.sh
 puppet module install dwerder-hiera_set
diff --git a/2-store_and_retrieve_password.pp b/2-store_and_retrieve_password.pp
 class store_and_retrieve_password (
  String $cyberark_app_id,
  String $cyberark_safe,
  String $cyberark_folder,
  String $cyberark_object,
  String $cyberark_credential_provider_url,
  String $temp_file_path = '/tmp/cyberark_password.txt',
  String $hiera_key = 'cyberark::password',
 ) {
  # Ensure curl and jq are installed
  package { ['curl', 'jq']:
    ensure => installed,
  }

  # Retrieve the secret using curl and CyberArk's REST API, and store it in a temporary file
  exec { 'retrieve_secret':
    command     => "/usr/bin/curl -s -k -H 'Content-Type: application/json' '${cyberark_credential_provider_url}/AIMWebService/api/Accounts?AppId=${cyberark_app_id}&Safe=${cyberark_safe}&Folder=${cyberark_folder}&Object=${cyberark_object}' | jq -r '.Content' > ${temp_file_path}",
    path        => ['/usr/bin', '/usr/sbin'],
    creates     => $temp_file_path,
    require     => Package['curl', 'jq'],
  }

  # Read the password from the temporary file
  $password = Deferred('file', [$temp_file_path])

  # Store the password in Hiera
  hiera::set_key_value { $hiera_key:
    value => $password,
  }

  # Retrieve the password from Hiera
  $retrieved_password = lookup($hiera_key)

  # Echo the password to stdout
  notify { 'Display the password':
    message => "Password: ${retrieved_password}",
  }

  # Delete the password from Hiera
  hiera::delete_key { $hiera_key: }

  # Remove the temporary file
  file { $temp_file_path:
    ensure => absent,
  }
 }

 include store_and_retrieve_password
diff --git a/3-requirements.md b/3-requirements.md
	class store_and_retrieve_password (
	String $cyberark_app_id,
	String $cyberark_safe,
	String $cyberark_folder,
	String $cyberark_object,
	String $cyberark_credential_provider_url,
	String $temp_file_path = '/tmp/cyberark_password.txt',
	String $hiera_key = 'cyberark::password',
	) {
	# Ensure curl and jq are installed
	package { ['curl', 'jq']:
	ensure => installed,
	}

	# Retrieve the secret using curl and CyberArk's REST API, and store it in a temporary file
	exec { 'retrieve_secret':
	command => "/usr/bin/curl -s -k -H 'Content-Type: application/json' '${cyberark_credential_provider_url}/AIMWebService/api/Accounts?AppId=${cyberark_app_id}&Safe=${cyberark_safe}&Folder=${cyberark_folder}&Object=${cyberark_object}' \| jq -r '.Content' > ${temp_file_path}",
	path => ['/usr/bin', '/usr/sbin'],
	creates => $temp_file_path,
	require => Package['curl', 'jq'],
	}

	# Read the password from the temporary file
	$password = Deferred('file', [$temp_file_path])

	# Store the password in Hiera
	hiera::set_key_value { $hiera_key:
	value => $password,
	}

	# Retrieve the password from Hiera
	$retrieved_password = lookup($hiera_key)

	# Echo the password to stdout
	notify { 'Display the password':
	message => "Password: ${retrieved_password}",
	}

	# Delete the password from Hiera
	hiera::delete_key { $hiera_key: }

	# Remove the temporary file
	file { $temp_file_path:
	ensure => absent,
	}
	}

	include store_and_retrieve_password