feat(ldap-user-backend): add role for managing ldap user backend in nextcloud

feat(apps): allow checking app integrity
2021-11-21 10:23:32 +01:00 · 2021-11-21 08:29:12 +01:00
7 changed files with 84 additions and 17 deletions
--- a/galaxy.yml
+++ b/galaxy.yml
@ -5,6 +5,8 @@ readme: README.md
 authors:
 - Johanna Dorothea Reichmann <transcaffeine@finallycoffee.eu>
 description: Installing and configuring nextcloud (and related apps/services) using docker
 dependencies:
  "community.docker": "^1.10.0"
 license:
 - CNPLv7+
 build_ignore:
--- a/roles/apps/defaults/main.yml
+++ b/roles/apps/defaults/main.yml
@ -3,3 +3,5 @@
 nextcloud_container_name: nextcloud
 nextcloud_apps: []
 nextcloud_run_user: nextcloud
 nextcloud_apps_check_integrity: false
--- a/roles/apps/tasks/main.yml
+++ b/roles/apps/tasks/main.yml
@ -48,3 +48,12 @@
  loop: "{{ nextcloud_apps }}"
  notify:
    - restart-nextcloud
 - name: Ensure app integrity
  community.docker.docker_container_exec:
    container: "{{ nextcloud_container_name }}"
    command: "php occ integrity:check-app {{ item.name }}"
    user: "{{ nextcloud_run_user }}"
    tty: yes
  when: nextcloud_apps_check_integrity and item.state|default('present') in ['latest', 'present']
  loop: "{{ nextcloud_apps }}"
--- a/roles/ldap-user-backend/defaults/main.yml
+++ b/roles/ldap-user-backend/defaults/main.yml
@ -22,4 +22,45 @@ nc_ldap_config_base_dn_groups:
 nc_ldap_config_agent_name:
 nc_ldap_config_agent_password:
 nc_ldap_config_override_main_server: ~
 nc_ldap_config_tls: ~
 nc_ldap_config_turn_off_cert_check: ~
 nc_ldap_config_user_displayname: ~
 nc_ldap_config_user_displayname2: ~
 nc_ldap_config_user_avatar_rule: ~
 nc_ldap_config_gid_number: ~
 nc_ldap_config_user_filter_objectclass: ~
 nc_ldap_config_user_filter_groups: ~
 nc_ldap_config_user_filter: ~
 nc_ldap_config_user_filter_mode: ~
 nc_ldap_config_attributes_for_user_search: ~
 nc_ldap_config_group_filter: ~
 nc_ldap_config_group_filter_mode: ~
 nc_ldap_config_group_filter_objectclass: ~
 nc_ldap_config_group_filter_groups: ~
 nc_ldap_config_group_member_assoc_attr: ~
 nc_ldap_config_group_displayname: ~
 nc_ldap_config_attributes_for_group_search: ~
 nc_ldap_config_login_filter: ~
 nc_ldap_config_login_filter_mode: ~
 nc_ldap_config_login_filter_email: ~
 nc_ldap_config_login_filter_username: ~
 nc_ldap_config_login_filter_attributes: ~
 nc_ldap_config_quota_attribute: ~
 nc_ldap_config_quota_default: ~
 nc_ldap_config_email_attribute: ~
 nc_ldap_config_cache_ttl: ~
 nc_ldap_config_configuration_active: ~
 nc_ldap_config_experienced_admin: ~
 nc_ldap_config_home_folder_naming_rule: ~
 nc_ldap_config_use_memberOf_to_detect_membership: ~
 nc_ldap_config_expert_username_attr: ~
 nc_ldap_config_expert_uuid_user_attr: ~
 nc_ldap_config_expert_uuid_group_attr: ~
 nc_ldap_config_nested_groups: ~
 nc_ldap_config_paging_size: ~
 nc_ldap_config_turn_on_password_change: ~
 nc_ldap_config_dynamic_group_member_url: ~
 nc_ldap_config_default_ppolicy_dn: ~
 nc_ldap_meta_http_agent: "ansible-httpget/finallycoffee.nextcloud.ldap-user-backend"
--- a/roles/ldap-user-backend/meta/main.yml
+++ b/roles/ldap-user-backend/meta/main.yml
@ -0,0 +1,4 @@
 ---
 collections:
  - community.docker
--- a/roles/ldap-user-backend/tasks/main.yml
+++ b/roles/ldap-user-backend/tasks/main.yml
@ -11,64 +11,71 @@
    force: yes
  when: nc_ldap_api_method == 'http'
- name: Check if configuration with given config ID already exists
+- name: Check if configuration with given config ID already exists (occ)
  docker_container_exec:
    container: "{{ nc_ldap_container }}"
-    command: "{{ nc_ldap_occ_command }} ldap:show-config --output json {{ nc_ldap_config_id }}"
+    command: "{{ nc_ldap_occ_command }} ldap:show-config --output json {{ '--show-password' if nc_ldap_config_agent_password else '' }} {{ nc_ldap_config_id }}"
    user: "{{ nc_ldap_occ_user }}"
    tty: yes
  when: nc_ldap_api_method == 'occ'
-  register: nc_ldap_existing_config
+  changed_when: false
  check_mode: false
  register: nc_ldap_existing_config_occ
- name: Check if configuration with given config ID already exists
+- name: Check if configuration with given config ID already exists (http)
  uri:
    <<: *api_defaults
    url: "{{ nc_ldap_api_path }}/{{ nc_ldap_config_id }}{{ query_params }}"
    method: GET
  vars:
-    query_params: "?showPassword=1&format={{nc_ldap_api_parameter_format }}"
+    query_params: "?showPassword={{ '1' if nc_ldap_config_agent_password else '0' }}&format={{nc_ldap_api_parameter_format }}"
  when: nc_ldap_api_method == 'http'
-  register: nc_ldap_existing_config
+  register: nc_ldap_existing_config_api
 # TODO: Can we force an ID on POST?
- name: Create ldap configuration with id={{ nc_ldap_config_id }}
+- name: Create ldap configuration with id={{ nc_ldap_config_id }} (http)
  uri:
    <<: *api_defaults
    url: "{{ nc_ldap_api_path }}"
    method: POST
-  when: nc_ldap_api_method == 'http' and nc_ldap_existing_config.status != 200
+  when: nc_ldap_api_method == 'http' and nc_ldap_existing_config_api.status != 200
- name: Create ldap configuration with id={{ nc_ldap_config_id }}
+- name: Create ldap configuration with id={{ nc_ldap_config_id }} (occ)
  docker_container_exec:
    container: "{{ nc_ldap_container }}"
    command: "{{ nc_ldap_occ_command }} ldap:create-empty-config --output json {{ nc_ldap_config_id }}"
    user: "{{ nc_ldap_occ_user }}"
    tty: yes
-  # research conditions?
+  when: nc_ldap_api_method == 'occ' and nc_ldap_existing_config_occ.rc != 0 and nc_ldap_config_id not in (nc_ldap_existing_config_occ.stdout | from_json).keys()
-  when: nc_ldap_api_method == 'occ' and nc_ldap_existing_config.exitCode = 0
+
 - name: Parse output of query command to dict
  set_fact:
    nc_ldap_existing_config: "{{ nc_ldap_existing_config_occ.stdout | from_json }}"
  changed_when: false
 - name: Create changeset
  set_fact:
    nc_ldap_config_changeset: "{{ nc_ldap_config_changeset | combine(changed_entry) }}"
  vars:
    changed_entry: "{{ { item : nc_ldap_config_keys[item] } }}"
-  loops: "{{ nc_ldap_config_keys.keys() }}"
+  loop: "{{ nc_ldap_config_keys.keys() }}"
-  when: "{{ nc_ldap_config_keys[item] is defined and nc_ldap_config_keys[item] is not None }}"
+  when: nc_ldap_config_keys[item] is defined and nc_ldap_config_keys[item] and nc_ldap_config_keys[item] != nc_ldap_existing_config[nc_ldap_config_id][item]
- name: Ensure ldap configuration is in sync
+- name: Ensure ldap configuration is in sync (http)
  uri:
    <<: *api_defaults
    url:
    method: PUT
    body:
    body_format: "form-urlencoded"
  loop: "{{ nc_ldap_config_changeset | dict2items }}"
  when: nc_ldap_api_method == 'http'
- name: Ensure ldap configuration is in sync
+- name: Ensure ldap configuration is in sync (occ)
  docker_container_exec:
    container: "{{ nc_ldap_container }}"
-    command: "{{ nc_ldap_occ_command }} ldap:set-config #args"
+    command: "{{ nc_ldap_occ_command }} ldap:set-config \"{{ nc_ldap_config_id }}\" \"{{ item.key }}\" \"{{ item.value }}\""
    user: "{{ nc_ldap_occ_user }}"
    tty: yes
  loop: "{{ nc_ldap_config_changeset | dict2items }}"
  when: nc_ldap_api_method == 'occ'
--- a/roles/ldap-user-backend/vars/main.yml
+++ b/roles/ldap-user-backend/vars/main.yml
@ -56,3 +56,5 @@ nc_ldap_config_keys:
  turnOnPasswordChange: "{{ nc_ldap_config_turn_on_password_change }}"
  ldapDynamicGroupMemberURL: "{{ nc_ldap_config_dynamic_group_member_url }}"
  ldapDefaultPPolicyDN: "{{ nc_ldap_config_default_ppolicy_dn }}"
 nc_ldap_config_changeset: {}
Author	SHA1	Message	Date
transcaffeine	e9b5475a39	feat(ldap-user-backend): add role for managing ldap user backend in nextcloud	2021-11-21 10:23:32 +01:00
Johanna Dorothea Reichmann	ea33ee5ea7	feat(apps): allow checking app integrity	2021-11-21 08:29:12 +01:00