finallycoffee/nextcloud
5
0
Fork 1
Code Issues 3 Pull Requests 1 Projects 1 Releases Wiki Activity

feat(oidc_user_backend): add ansible role

Browse Source
This commit is contained in:
transcaffeine
2024-09-29 12:52:45 +02:00
parent 4c8767cb7b
commit 23301a0a86
10 changed files with 287 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
roles/oidc_user_backend/tasks/execute-occ.yml Normal file
View File

@ -0,0 +1,41 @@
---
- name: Execute OCC command (host)
ansible.builtin.command:
cmd: "{{ oidc_user_backend_occ_command_to_exec }}"
become_user: "{{ oidc_user_backend_occ_user_to_become }}"
register: oidc_user_backend_occ_command_result_host
when: oidc_user_backend_deployment_method == 'host'
- name: Execute OCC command (docker)
community.docker.docker_container_exec:
container: >-2
{{ oidc_user_backend_deployment_method_docker_container_name }}
command: "{{ oidc_user_backend_occ_command_to_exec }}"
user: "{{ oidc_user_backend_occ_user_to_become | default(omit, true) }}"
register: oidc_user_backend_occ_command_result_docker
when: oidc_user_backend_deployment_method == 'docker'
- name: Execute OCC command (podman)
containers.podman.podman_container_exec:
name: >-2
{{ oidc_user_backend_deployment_method_podman_container_name }}
command: "{{ oidc_user_backend_occ_command_to_exec }}"
user: "{{ oidc_user_backend_occ_user_to_become | default(omit, true) }}"
register: oidc_user_backend_occ_command_result_podman
when: oidc_user_backend_deployment_method == 'podman'
- name: Register result into variable
ansible.builtin.set_fact: {
"{{ oidc_user_backend_occ_command_result_var }}" : "{{
oidc_user_backend_occ_command_result.stdout | string | from_json
}}"
}
vars:
oidc_user_backend_occ_result_map:
host: "{{ oidc_user_backend_occ_command_result_host }}"
docker: "{{ oidc_user_backend_occ_command_result_docker }}"
podman: "{{ oidc_user_backend_occ_command_result_podman }}"
oidc_user_backend_occ_command_result: >-2
{{ oidc_user_backend_occ_result_map[oidc_user_backend_deployment_method]
| default(false, true) }}
when: oidc_user_backend_occ_command_result_var | default(false, true)

52
roles/oidc_user_backend/tasks/main.yml Normal file
View File

@ -0,0 +1,52 @@
---
- name: Check if deployment method is supported
ansible.builtin.fail:
msg: >-2
Deployment method '{{ oidc_user_backend_deployment_method }}' is not supported!
Supported are: {{ oidc_user_backend_deployment_methods | join(', ') }}
when: oidc_user_backend_deployment_method not in oidc_user_backend_deployment_methods
- name: Lookup become user info
ansible.builtin.user:
name: "{{ oidc_user_backend_deployment_become_user }}"
state: present
check_mode: true
register: oidc_user_backend_deployment_become_user_info
when: oidc_user_backend_deployment_become_user | default(false, true)
- name: Retrieve configured providers
ansible.builtin.include_tasks:
file: execute-occ.yml
vars:
oidc_user_backend_occ_command_to_exec: >-
{{ oidc_user_backend_occ_user_oidc_provider_get_command }}
oidc_user_backend_occ_user_to_become: "{{ oidc_user_backend_deployment_become_user_info.uid }}"
oidc_user_backend_occ_command_result_var: "oidc_user_backend_occ_user_oidc_provider"
- name: Check if provider information should be updated
set_fact:
oidc_user_backend_backend_force_update: true
loop: "{{ lookup('ansible.utils.to_paths', oidc_user_backend_occ_user_oidc_provider) | dict2items }}"
loop_control:
label: "{{ item.key }}"
vars:
target_config: >-2
{{ lookup('ansible.utils.to_paths', oidc_user_backend_occ_user_oidc_config_provider_dict) }}
when:
- item.key not in oidc_user_backend_occ_user_oidc_provider_ignored_settings
- (item.value != None) and (target_config[item.key] != None)
- >-2
(target_config[item.key] != None) | ternary(
(item.value != target_config[item.key]),
(item.value | string | length > 0)
)
- name: Update configuration for provider '{{ oidc_user_backend_config_provider_identifier }}'
ansible.builtin.include_tasks:
file: execute-occ.yml
vars:
oidc_user_backend_occ_command_to_exec: >-
{{ oidc_user_backend_occ_user_oidc_provider_set_command }}
oidc_user_backend_occ_user_to_become: "{{ oidc_user_backend_deployment_become_user_info.uid }}"
oidc_user_backend_occ_command_result_var: ~
when: oidc_user_backend_backend_force_update | default(false, true)