feat(ldap-user-backend): add role for managing ldap user backend in nextcloud
This commit is contained in:
		
							
								
								
									
										49
									
								
								roles/ldap-user-backend/tasks/load_config_http.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										49
									
								
								roles/ldap-user-backend/tasks/load_config_http.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,49 @@ | ||||
| --- | ||||
|  | ||||
| - name: Set default api parameters for HTTP | ||||
|   meta: noop | ||||
|   vars: &api_defaults | ||||
|     http_agent: "{{ nc_ldap_meta_http_agent }}" | ||||
|     headers: "{{ nc_ldap_api_headers }}" | ||||
|     url_username: "{{ nc_ldap_api_basic_auth_user }}" | ||||
|     url_password: "{{ nc_ldap_api_basic_auth_password }}" | ||||
|     force_basic_auth: yes | ||||
|     force: yes | ||||
|  | ||||
| - name: Check if configuration with given config ID already exists | ||||
|   uri: | ||||
|     <<: *api_defaults | ||||
|     url: "{{ nc_ldap_api_path }}/{{ nc_ldap_config_id }}{{ query_params }}" | ||||
|     method: GET | ||||
|   vars: | ||||
|     query_params: "?showPassword={{ '1' if nc_ldap_config_agent_password else '0' }}&format={{nc_ldap_api_parameter_format }}" | ||||
|   register: nc_ldap_existing_config_api | ||||
|  | ||||
| # TODO: Can we force an ID on POST? | ||||
| - name: Create ldap configuration with id={{ nc_ldap_config_id }} | ||||
|   uri: | ||||
|     <<: *api_defaults | ||||
|     url: "{{ nc_ldap_api_path }}" | ||||
|     method: POST | ||||
|   when: nc_ldap_existing_config_api.status != 200 | ||||
|  | ||||
| - name: Parse output of query command to dict | ||||
|   set_fact: | ||||
|     nc_ldap_existing_config: "{{ nc_ldap_existing_config_api.stdout | from_json }}" | ||||
|   changed_when: false | ||||
|  | ||||
| - name: Create changeset | ||||
|   set_fact: | ||||
|     nc_ldap_config_changeset: "{{ nc_ldap_config_changeset | combine(changed_entry) }}" | ||||
|   vars: | ||||
|     changed_entry: "{{ { item : nc_ldap_config_keys[item] } }}" | ||||
|   loop: "{{ nc_ldap_config_keys.keys() }}" | ||||
|   when: nc_ldap_config_keys[item] is defined and nc_ldap_config_keys[item] and nc_ldap_config_keys[item] != nc_ldap_existing_config[nc_ldap_config_id][item] | ||||
|  | ||||
| - name: Ensure ldap configuration is in sync (http) | ||||
|   uri: | ||||
|     <<: *api_defaults | ||||
|     url: "{{ nc_lap_api_path }}/{{ nc_ldap_config_id }}" | ||||
|     method: PUT | ||||
|     body: "{{ { 'configData': nc_ldap_config_changeset } }}" | ||||
|     body_format: "form-urlencoded" | ||||
							
								
								
									
										49
									
								
								roles/ldap-user-backend/tasks/load_config_occ.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										49
									
								
								roles/ldap-user-backend/tasks/load_config_occ.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,49 @@ | ||||
| --- | ||||
|  | ||||
| - name: Check if configuration with given config ID already exists | ||||
|   docker_container_exec: | ||||
|     container: "{{ nc_ldap_container }}" | ||||
|     command: "{{ nc_ldap_occ_command }} ldap:show-config --output json {{ '--show-password' if nc_ldap_config_agent_password else '' }} {{ nc_ldap_config_id }}" | ||||
|     user: "{{ nc_ldap_occ_user }}" | ||||
|     tty: yes | ||||
|   changed_when: false | ||||
|   check_mode: false | ||||
|   register: nc_ldap_existing_config_occ | ||||
|  | ||||
| - name: Create ldap configuration with id={{ nc_ldap_config_id }} | ||||
|   docker_container_exec: | ||||
|     container: "{{ nc_ldap_container }}" | ||||
|     command: "{{ nc_ldap_occ_command }} ldap:create-empty-config --output json {{ nc_ldap_config_id }}" | ||||
|     user: "{{ nc_ldap_occ_user }}" | ||||
|     tty: yes | ||||
|   when: nc_ldap_existing_config_occ.rc != 0 and nc_ldap_config_id not in (nc_ldap_existing_config_occ.stdout | from_json).keys() | ||||
|  | ||||
| - name: Parse output of query command to dict | ||||
|   set_fact: | ||||
|     nc_ldap_existing_config: "{{ nc_ldap_existing_config_occ.stdout | from_json }}" | ||||
|   changed_when: false | ||||
|  | ||||
| - name: Create changeset | ||||
|   set_fact: | ||||
|     nc_ldap_config_changeset: "{{ nc_ldap_config_changeset | combine(changed_entry) }}" | ||||
|   vars: | ||||
|     changed_entry: "{{ { item : nc_ldap_config_keys[item] } }}" | ||||
|   loop: "{{ nc_ldap_config_keys.keys() }}" | ||||
|   when: nc_ldap_config_keys[item] is defined and nc_ldap_config_keys[item] and nc_ldap_config_keys[item] != nc_ldap_existing_config[nc_ldap_config_id][item] | ||||
|  | ||||
| - name: Ensure ldap configuration is in sync | ||||
|   docker_container_exec: | ||||
|     container: "{{ nc_ldap_container }}" | ||||
|     command: "{{ nc_ldap_occ_command }} ldap:set-config \"{{ nc_ldap_config_id }}\" \"{{ item.key }}\" \"{{ item.value }}\"" | ||||
|     user: "{{ nc_ldap_occ_user }}" | ||||
|     tty: yes | ||||
|   loop: "{{ nc_ldap_config_changeset | dict2items }}" | ||||
|  | ||||
| - name: Ensure ldap configuration is working | ||||
|   docker_container_exec: | ||||
|     container: "{{ nc_ldap_container }}" | ||||
|     command: "{{ nc_ldap_occ_command }} ldap:test-config {{ nc_ldap_config_id }}" | ||||
|     user: "{{ nc_ldap_occ_user }}" | ||||
|     tty: yes | ||||
|   changed_when: false | ||||
|   when: nc_ldap_test_configuration | ||||
							
								
								
									
										10
									
								
								roles/ldap-user-backend/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								roles/ldap-user-backend/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,10 @@ | ||||
| --- | ||||
|  | ||||
| - name: Load config {{ nc_ldap_config_id }} (and create if not exists) when running mode is http | ||||
|   include_tasks: load_config_http.yml | ||||
|   when: nc_ldap_api_method == 'http' | ||||
|  | ||||
| - name: Load config {{ nc_ldap_config_id }} (and create if not exists) when running mode is occ | ||||
|   include_tasks: load_config_occ.yml | ||||
|   when: nc_ldap_api_method == 'occ' | ||||
|  | ||||
		Reference in New Issue
	
	Block a user