feat(ldap-user-backend): add role for managing ldap user backend in nextcloud

2021-10-16 15:01:14 +02:00
parent a907549dc9
commit 5e1c639bff
4 changed files with 184 additions and 0 deletions
--- a/roles/ldap-user-backend/tasks/main.yml
+++ b/roles/ldap-user-backend/tasks/main.yml
@@ -0,0 +1,74 @@
+---
+
+- name: Set default api parameters for HTTP
+  meta: noop
+  vars: &api_defaults
+    http_agent: "{{ nc_ldap_meta_http_agent }}"
+    headers: "{{ nc_ldap_api_headers }}"
+    url_username: "{{ nc_ldap_api_basic_auth_user }}"
+    url_password: "{{ nc_ldap_api_basic_auth_password }}"
+    force_basic_auth: yes
+    force: yes
+  when: nc_ldap_api_method == 'http'
+
+- name: Check if configuration with given config ID already exists
+  docker_container_exec:
+    container: "{{ nc_ldap_container }}"
+    command: "{{ nc_ldap_occ_command }} ldap:show-config --output json {{ nc_ldap_config_id }}"
+    user: "{{ nc_ldap_occ_user }}"
+    tty: yes
+  when: nc_ldap_api_method == 'occ'
+  register: nc_ldap_existing_config
+
+- name: Check if configuration with given config ID already exists
+  uri:
+    <<: *api_defaults
+    url: "{{ nc_ldap_api_path }}/{{ nc_ldap_config_id }}{{ query_params }}"
+    method: GET
+  vars:
+    query_params: "?showPassword=1&format={{nc_ldap_api_parameter_format }}"
+    
+  when: nc_ldap_api_method == 'http'
+  register: nc_ldap_existing_config
+
+# TODO: Can we force an ID on POST?
+- name: Create ldap configuration with id={{ nc_ldap_config_id }}
+  uri:
+    <<: *api_defaults
+    url: "{{ nc_ldap_api_path }}"
+    method: POST
+  when: nc_ldap_api_method == 'http' and nc_ldap_existing_config.status != 200
+
+- name: Create ldap configuration with id={{ nc_ldap_config_id }}
+  docker_container_exec:
+    container: "{{ nc_ldap_container }}"
+    command: "{{ nc_ldap_occ_command }} ldap:create-empty-config --output json {{ nc_ldap_config_id }}"
+    user: "{{ nc_ldap_occ_user }}"
+    tty: yes
+  # research conditions?
+  when: nc_ldap_api_method == 'occ' and nc_ldap_existing_config.exitCode = 0
+
+- name: Create changeset
+  set_fact:
+    nc_ldap_config_changeset: "{{ nc_ldap_config_changeset | combine(changed_entry) }}"
+  vars:
+    changed_entry: "{{ { item : nc_ldap_config_keys[item] } }}"
+  loops: "{{ nc_ldap_config_keys.keys() }}"
+  when: "{{ nc_ldap_config_keys[item] is defined and nc_ldap_config_keys[item] is not None }}"
+
+- name: Ensure ldap configuration is in sync
+  uri:
+    <<: *api_defaults
+    url:
+    method: PUT
+    body:
+    body_format: "form-urlencoded"
+  when: nc_ldap_api_method == 'http'
+
+- name: Ensure ldap configuration is in sync
+  docker_container_exec:
+    container: "{{ nc_ldap_container }}"
+    command: "{{ nc_ldap_occ_command }} ldap:set-config #args"
+    user: "{{ nc_ldap_occ_user }}"
+    tty: yes
+  when: nc_ldap_api_method == 'occ'