From a701514069d574b8248f6958b909105640af9090 Mon Sep 17 00:00:00 2001 From: Guilhem Bonnefille Date: Wed, 26 Feb 2020 08:52:20 +0100 Subject: [PATCH 01/10] Use LDAP API --- tasks/setup_ldap_each.yml | 108 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) diff --git a/tasks/setup_ldap_each.yml b/tasks/setup_ldap_each.yml index ed19dc5e..bf67d539 100644 --- a/tasks/setup_ldap_each.yml +++ b/tasks/setup_ldap_each.yml @@ -28,3 +28,111 @@ group_member_format: "{{ item.ldap_group_member_format | default('uid=${username},ou=users,dc=yourcompany') }}" user_subtree: "{{ item.ldap_user_subtree | default(false) }}" group_subtree: "{{ item.ldap_group_subtree | default(false) }}" + when: nexus_version is version_compare('3.19.0', '<') + +- block: + when: nexus_version is version_compare('3.19.0', '>=') + + - name: Check existence LDAP connections + uri: + url: "{{ nexus_api_scheme }}://{{ nexus_api_hostname }}:{{ nexus_api_port }}\ + {{ nexus_api_context_path }}{{ nexus_rest_api_endpoint_base }}/beta/security/ldap/{{item.ldap_name|urlencode}}" + user: 'admin' + password: "{{ current_nexus_admin_password }}" + method: GET + force_basic_auth: yes + validate_certs: "{{ nexus_api_validate_certs }}" + status_code: 200,404 + return_content: yes + register: nexus_ldap_retrieved + check_mode: no + + - name: Creating LDAP connections + uri: + url: "{{ nexus_api_scheme }}://{{ nexus_api_hostname }}:{{ nexus_api_port }}\ + {{ nexus_api_context_path }}{{ nexus_rest_api_endpoint_base }}/beta/security/ldap" + user: 'admin' + password: "{{ current_nexus_admin_password }}" + headers: + Content-Type: "application/json" + method: POST + force_basic_auth: yes + validate_certs: "{{ nexus_api_validate_certs }}" + body: "{{ args | to_json }}" + status_code: 200,201,204 + vars: + args: + name: "{{ item.ldap_name }}" + protocol: "{{ item.ldap_protocol }}" + host: "{{ item.ldap_hostname }}" + port: "{{ item.ldap_port }}" + authScheme: "{{ item.ldap_auth | default('NONE') }}" + authUsername: "{{ item.ldap_auth_username | default('') }}" + authPassword: "{{ item.ldap_auth_password | default('') }}" + searchBase: "{{ item.ldap_search_base }}" + userBaseDn: "{{ item.ldap_user_base_dn | default('ou=users') }}" + userLdapFilter: "{{ item.ldap_user_filter | default('') }}" + userObjectClass: "{{ item.ldap_user_object_class }}" + userIdAttribute: "{{ item.ldap_user_id_attribute }}" + userRealNameAttribute: "{{ item.ldap_user_real_name_attribute }}" + userEmailAddressAttribute: "{{ item.ldap_user_email_attribute }}" + ldapGroupsAsRoles: "{{ item.ldap_map_groups_as_roles | default(false) }}" + groupType: "{{ item.ldap_map_groups_as_roles_type | default('static') }}" + userMemberOfAttribute: "{{ item.ldap_user_memberof_attribute | default('memberOf') }}" + groupBaseDn: "{{ item.ldap_group_base_dn | default('ou=groups') }}" + groupObjectClass: "{{ item.ldap_group_object_class | default('groupOfNames') }}" + groupIdAttribute: "{{ item.ldap_group_id_attribute | default('cn') }}" + groupMemberAttribute: "{{ item.ldap_group_member_attribute | default('member') }}" + groupMemberFormat: "{{ item.ldap_group_member_format | default('uid=${username},ou=users,dc=yourcompany') }}" + userSubtree: "{{ item.ldap_user_subtree | default(false) }}" + groupSubtree: "{{ item.ldap_group_subtree | default(false) }}" + connectionTimeoutSeconds: "{{ item.ldap_connection_timeout | default(1) }}" + connectionRetryDelaySeconds: "{{ item.ldap_connection_retry_delay | default(0) }}" + maxIncidentsCount: "{{ item.ldap_max_incidents_count | default(0) }}" + when: nexus_ldap_retrieved.status == 404 + + - name: Updating LDAP connections + uri: + url: "{{ nexus_api_scheme }}://{{ nexus_api_hostname }}:{{ nexus_api_port }}\ + {{ nexus_api_context_path }}{{ nexus_rest_api_endpoint_base }}/beta/security/ldap/{{item.ldap_name|urlencode}}" + user: 'admin' + password: "{{ current_nexus_admin_password }}" + headers: + Content-Type: "application/json" + method: PUT + force_basic_auth: yes + validate_certs: "{{ nexus_api_validate_certs }}" + body: "{{ args | to_json }}" + status_code: 200,201,204 + vars: + args: + name: "{{ item.ldap_name }}" + protocol: "{{ item.ldap_protocol }}" + host: "{{ item.ldap_hostname }}" + port: "{{ item.ldap_port }}" + authScheme: "{{ item.ldap_auth | default('NONE') }}" + authUsername: "{{ item.ldap_auth_username | default('') }}" + authPassword: "{{ item.ldap_auth_password | default('') }}" + searchBase: "{{ item.ldap_search_base }}" + userBaseDn: "{{ item.ldap_user_base_dn | default('ou=users') }}" + userLdapFilter: "{{ item.ldap_user_filter | default('') }}" + userObjectClass: "{{ item.ldap_user_object_class }}" + userIdAttribute: "{{ item.ldap_user_id_attribute }}" + userRealNameAttribute: "{{ item.ldap_user_real_name_attribute }}" + userEmailAddressAttribute: "{{ item.ldap_user_email_attribute }}" + ldapGroupsAsRoles: "{{ item.ldap_map_groups_as_roles | default(false) }}" + groupType: "{{ item.ldap_map_groups_as_roles_type | default('static') }}" + userMemberOfAttribute: "{{ item.ldap_user_memberof_attribute | default('memberOf') }}" + groupBaseDn: "{{ item.ldap_group_base_dn | default('ou=groups') }}" + groupObjectClass: "{{ item.ldap_group_object_class | default('groupOfNames') }}" + groupIdAttribute: "{{ item.ldap_group_id_attribute | default('cn') }}" + groupMemberAttribute: "{{ item.ldap_group_member_attribute | default('member') }}" + groupMemberFormat: "{{ item.ldap_group_member_format | default('uid=${username},ou=users,dc=yourcompany') }}" + userSubtree: "{{ item.ldap_user_subtree | default(false) }}" + groupSubtree: "{{ item.ldap_group_subtree | default(false) }}" + connectionTimeoutSeconds: "{{ item.ldap_connection_timeout | default(1) }}" + connectionRetryDelaySeconds: "{{ item.ldap_connection_retry_delay | default(0) }}" + maxIncidentsCount: "{{ item.ldap_max_incidents_count | default(0) }}" + # Id should be present and so collected + id: "{{(nexus_ldap_retrieved.content | from_json)['id']}}" + when: nexus_ldap_retrieved.status == 200 From bff1cc5ec999a768899956f7fa0365c3e4bc5bbc Mon Sep 17 00:00:00 2001 From: Guilhem Bonnefille Date: Wed, 26 Feb 2020 09:21:53 +0100 Subject: [PATCH 02/10] Fix typo --- tasks/setup_ldap_each.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tasks/setup_ldap_each.yml b/tasks/setup_ldap_each.yml index bf67d539..d900c60e 100644 --- a/tasks/setup_ldap_each.yml +++ b/tasks/setup_ldap_each.yml @@ -31,8 +31,6 @@ when: nexus_version is version_compare('3.19.0', '<') - block: - when: nexus_version is version_compare('3.19.0', '>=') - - name: Check existence LDAP connections uri: url: "{{ nexus_api_scheme }}://{{ nexus_api_hostname }}:{{ nexus_api_port }}\ @@ -136,3 +134,4 @@ # Id should be present and so collected id: "{{(nexus_ldap_retrieved.content | from_json)['id']}}" when: nexus_ldap_retrieved.status == 200 + when: nexus_version is version_compare('3.19.0', '>=') From cfdae76ffd6cb898d45d102915db7d55ff114dde Mon Sep 17 00:00:00 2001 From: Guilhem Bonnefille Date: Mon, 10 Aug 2020 10:31:33 +0200 Subject: [PATCH 03/10] Fix indentation reported by linter Signed-off-by: Guilhem Bonnefille --- tasks/setup_ldap_each.yml | 207 +++++++++++++++++++------------------- 1 file changed, 104 insertions(+), 103 deletions(-) diff --git a/tasks/setup_ldap_each.yml b/tasks/setup_ldap_each.yml index d900c60e..93469589 100644 --- a/tasks/setup_ldap_each.yml +++ b/tasks/setup_ldap_each.yml @@ -30,108 +30,109 @@ group_subtree: "{{ item.ldap_group_subtree | default(false) }}" when: nexus_version is version_compare('3.19.0', '<') -- block: - - name: Check existence LDAP connections - uri: - url: "{{ nexus_api_scheme }}://{{ nexus_api_hostname }}:{{ nexus_api_port }}\ - {{ nexus_api_context_path }}{{ nexus_rest_api_endpoint_base }}/beta/security/ldap/{{item.ldap_name|urlencode}}" - user: 'admin' - password: "{{ current_nexus_admin_password }}" - method: GET - force_basic_auth: yes - validate_certs: "{{ nexus_api_validate_certs }}" - status_code: 200,404 - return_content: yes - register: nexus_ldap_retrieved - check_mode: no +- when: nexus_version is version_compare('3.19.0', '>=') + block: - - name: Creating LDAP connections - uri: - url: "{{ nexus_api_scheme }}://{{ nexus_api_hostname }}:{{ nexus_api_port }}\ - {{ nexus_api_context_path }}{{ nexus_rest_api_endpoint_base }}/beta/security/ldap" - user: 'admin' - password: "{{ current_nexus_admin_password }}" - headers: - Content-Type: "application/json" - method: POST - force_basic_auth: yes - validate_certs: "{{ nexus_api_validate_certs }}" - body: "{{ args | to_json }}" - status_code: 200,201,204 - vars: - args: - name: "{{ item.ldap_name }}" - protocol: "{{ item.ldap_protocol }}" - host: "{{ item.ldap_hostname }}" - port: "{{ item.ldap_port }}" - authScheme: "{{ item.ldap_auth | default('NONE') }}" - authUsername: "{{ item.ldap_auth_username | default('') }}" - authPassword: "{{ item.ldap_auth_password | default('') }}" - searchBase: "{{ item.ldap_search_base }}" - userBaseDn: "{{ item.ldap_user_base_dn | default('ou=users') }}" - userLdapFilter: "{{ item.ldap_user_filter | default('') }}" - userObjectClass: "{{ item.ldap_user_object_class }}" - userIdAttribute: "{{ item.ldap_user_id_attribute }}" - userRealNameAttribute: "{{ item.ldap_user_real_name_attribute }}" - userEmailAddressAttribute: "{{ item.ldap_user_email_attribute }}" - ldapGroupsAsRoles: "{{ item.ldap_map_groups_as_roles | default(false) }}" - groupType: "{{ item.ldap_map_groups_as_roles_type | default('static') }}" - userMemberOfAttribute: "{{ item.ldap_user_memberof_attribute | default('memberOf') }}" - groupBaseDn: "{{ item.ldap_group_base_dn | default('ou=groups') }}" - groupObjectClass: "{{ item.ldap_group_object_class | default('groupOfNames') }}" - groupIdAttribute: "{{ item.ldap_group_id_attribute | default('cn') }}" - groupMemberAttribute: "{{ item.ldap_group_member_attribute | default('member') }}" - groupMemberFormat: "{{ item.ldap_group_member_format | default('uid=${username},ou=users,dc=yourcompany') }}" - userSubtree: "{{ item.ldap_user_subtree | default(false) }}" - groupSubtree: "{{ item.ldap_group_subtree | default(false) }}" - connectionTimeoutSeconds: "{{ item.ldap_connection_timeout | default(1) }}" - connectionRetryDelaySeconds: "{{ item.ldap_connection_retry_delay | default(0) }}" - maxIncidentsCount: "{{ item.ldap_max_incidents_count | default(0) }}" - when: nexus_ldap_retrieved.status == 404 + - name: Check existence LDAP connections + uri: + url: "{{ nexus_api_scheme }}://{{ nexus_api_hostname }}:{{ nexus_api_port }}\ + {{ nexus_api_context_path }}{{ nexus_rest_api_endpoint_base }}/beta/security/ldap/{{item.ldap_name|urlencode}}" + user: 'admin' + password: "{{ current_nexus_admin_password }}" + method: GET + force_basic_auth: yes + validate_certs: "{{ nexus_api_validate_certs }}" + status_code: 200,404 + return_content: yes + register: nexus_ldap_retrieved + check_mode: no - - name: Updating LDAP connections - uri: - url: "{{ nexus_api_scheme }}://{{ nexus_api_hostname }}:{{ nexus_api_port }}\ - {{ nexus_api_context_path }}{{ nexus_rest_api_endpoint_base }}/beta/security/ldap/{{item.ldap_name|urlencode}}" - user: 'admin' - password: "{{ current_nexus_admin_password }}" - headers: - Content-Type: "application/json" - method: PUT - force_basic_auth: yes - validate_certs: "{{ nexus_api_validate_certs }}" - body: "{{ args | to_json }}" - status_code: 200,201,204 - vars: - args: - name: "{{ item.ldap_name }}" - protocol: "{{ item.ldap_protocol }}" - host: "{{ item.ldap_hostname }}" - port: "{{ item.ldap_port }}" - authScheme: "{{ item.ldap_auth | default('NONE') }}" - authUsername: "{{ item.ldap_auth_username | default('') }}" - authPassword: "{{ item.ldap_auth_password | default('') }}" - searchBase: "{{ item.ldap_search_base }}" - userBaseDn: "{{ item.ldap_user_base_dn | default('ou=users') }}" - userLdapFilter: "{{ item.ldap_user_filter | default('') }}" - userObjectClass: "{{ item.ldap_user_object_class }}" - userIdAttribute: "{{ item.ldap_user_id_attribute }}" - userRealNameAttribute: "{{ item.ldap_user_real_name_attribute }}" - userEmailAddressAttribute: "{{ item.ldap_user_email_attribute }}" - ldapGroupsAsRoles: "{{ item.ldap_map_groups_as_roles | default(false) }}" - groupType: "{{ item.ldap_map_groups_as_roles_type | default('static') }}" - userMemberOfAttribute: "{{ item.ldap_user_memberof_attribute | default('memberOf') }}" - groupBaseDn: "{{ item.ldap_group_base_dn | default('ou=groups') }}" - groupObjectClass: "{{ item.ldap_group_object_class | default('groupOfNames') }}" - groupIdAttribute: "{{ item.ldap_group_id_attribute | default('cn') }}" - groupMemberAttribute: "{{ item.ldap_group_member_attribute | default('member') }}" - groupMemberFormat: "{{ item.ldap_group_member_format | default('uid=${username},ou=users,dc=yourcompany') }}" - userSubtree: "{{ item.ldap_user_subtree | default(false) }}" - groupSubtree: "{{ item.ldap_group_subtree | default(false) }}" - connectionTimeoutSeconds: "{{ item.ldap_connection_timeout | default(1) }}" - connectionRetryDelaySeconds: "{{ item.ldap_connection_retry_delay | default(0) }}" - maxIncidentsCount: "{{ item.ldap_max_incidents_count | default(0) }}" - # Id should be present and so collected - id: "{{(nexus_ldap_retrieved.content | from_json)['id']}}" - when: nexus_ldap_retrieved.status == 200 - when: nexus_version is version_compare('3.19.0', '>=') + - name: Creating LDAP connections + uri: + url: "{{ nexus_api_scheme }}://{{ nexus_api_hostname }}:{{ nexus_api_port }}\ + {{ nexus_api_context_path }}{{ nexus_rest_api_endpoint_base }}/beta/security/ldap" + user: 'admin' + password: "{{ current_nexus_admin_password }}" + headers: + Content-Type: "application/json" + method: POST + force_basic_auth: yes + validate_certs: "{{ nexus_api_validate_certs }}" + body: "{{ args | to_json }}" + status_code: 200,201,204 + vars: + args: + name: "{{ item.ldap_name }}" + protocol: "{{ item.ldap_protocol }}" + host: "{{ item.ldap_hostname }}" + port: "{{ item.ldap_port }}" + authScheme: "{{ item.ldap_auth | default('NONE') }}" + authUsername: "{{ item.ldap_auth_username | default('') }}" + authPassword: "{{ item.ldap_auth_password | default('') }}" + searchBase: "{{ item.ldap_search_base }}" + userBaseDn: "{{ item.ldap_user_base_dn | default('ou=users') }}" + userLdapFilter: "{{ item.ldap_user_filter | default('') }}" + userObjectClass: "{{ item.ldap_user_object_class }}" + userIdAttribute: "{{ item.ldap_user_id_attribute }}" + userRealNameAttribute: "{{ item.ldap_user_real_name_attribute }}" + userEmailAddressAttribute: "{{ item.ldap_user_email_attribute }}" + ldapGroupsAsRoles: "{{ item.ldap_map_groups_as_roles | default(false) }}" + groupType: "{{ item.ldap_map_groups_as_roles_type | default('static') }}" + userMemberOfAttribute: "{{ item.ldap_user_memberof_attribute | default('memberOf') }}" + groupBaseDn: "{{ item.ldap_group_base_dn | default('ou=groups') }}" + groupObjectClass: "{{ item.ldap_group_object_class | default('groupOfNames') }}" + groupIdAttribute: "{{ item.ldap_group_id_attribute | default('cn') }}" + groupMemberAttribute: "{{ item.ldap_group_member_attribute | default('member') }}" + groupMemberFormat: "{{ item.ldap_group_member_format | default('uid=${username},ou=users,dc=yourcompany') }}" + userSubtree: "{{ item.ldap_user_subtree | default(false) }}" + groupSubtree: "{{ item.ldap_group_subtree | default(false) }}" + connectionTimeoutSeconds: "{{ item.ldap_connection_timeout | default(1) }}" + connectionRetryDelaySeconds: "{{ item.ldap_connection_retry_delay | default(0) }}" + maxIncidentsCount: "{{ item.ldap_max_incidents_count | default(0) }}" + when: nexus_ldap_retrieved.status == 404 + + - name: Updating LDAP connections + uri: + url: "{{ nexus_api_scheme }}://{{ nexus_api_hostname }}:{{ nexus_api_port }}\ + {{ nexus_api_context_path }}{{ nexus_rest_api_endpoint_base }}/beta/security/ldap/{{item.ldap_name|urlencode}}" + user: 'admin' + password: "{{ current_nexus_admin_password }}" + headers: + Content-Type: "application/json" + method: PUT + force_basic_auth: yes + validate_certs: "{{ nexus_api_validate_certs }}" + body: "{{ args | to_json }}" + status_code: 200,201,204 + vars: + args: + name: "{{ item.ldap_name }}" + protocol: "{{ item.ldap_protocol }}" + host: "{{ item.ldap_hostname }}" + port: "{{ item.ldap_port }}" + authScheme: "{{ item.ldap_auth | default('NONE') }}" + authUsername: "{{ item.ldap_auth_username | default('') }}" + authPassword: "{{ item.ldap_auth_password | default('') }}" + searchBase: "{{ item.ldap_search_base }}" + userBaseDn: "{{ item.ldap_user_base_dn | default('ou=users') }}" + userLdapFilter: "{{ item.ldap_user_filter | default('') }}" + userObjectClass: "{{ item.ldap_user_object_class }}" + userIdAttribute: "{{ item.ldap_user_id_attribute }}" + userRealNameAttribute: "{{ item.ldap_user_real_name_attribute }}" + userEmailAddressAttribute: "{{ item.ldap_user_email_attribute }}" + ldapGroupsAsRoles: "{{ item.ldap_map_groups_as_roles | default(false) }}" + groupType: "{{ item.ldap_map_groups_as_roles_type | default('static') }}" + userMemberOfAttribute: "{{ item.ldap_user_memberof_attribute | default('memberOf') }}" + groupBaseDn: "{{ item.ldap_group_base_dn | default('ou=groups') }}" + groupObjectClass: "{{ item.ldap_group_object_class | default('groupOfNames') }}" + groupIdAttribute: "{{ item.ldap_group_id_attribute | default('cn') }}" + groupMemberAttribute: "{{ item.ldap_group_member_attribute | default('member') }}" + groupMemberFormat: "{{ item.ldap_group_member_format | default('uid=${username},ou=users,dc=yourcompany') }}" + userSubtree: "{{ item.ldap_user_subtree | default(false) }}" + groupSubtree: "{{ item.ldap_group_subtree | default(false) }}" + connectionTimeoutSeconds: "{{ item.ldap_connection_timeout | default(1) }}" + connectionRetryDelaySeconds: "{{ item.ldap_connection_retry_delay | default(0) }}" + maxIncidentsCount: "{{ item.ldap_max_incidents_count | default(0) }}" + # Id should be present and so collected + id: "{{(nexus_ldap_retrieved.content | from_json)['id']}}" + when: nexus_ldap_retrieved.status == 200 From 42310493d8a6c0dda5dee60a39efefecaa8234e7 Mon Sep 17 00:00:00 2001 From: Guilhem Bonnefille Date: Mon, 10 Aug 2020 10:50:05 +0200 Subject: [PATCH 04/10] Fix spaces reported by linter --- tasks/setup_ldap_each.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tasks/setup_ldap_each.yml b/tasks/setup_ldap_each.yml index 93469589..368e982b 100644 --- a/tasks/setup_ldap_each.yml +++ b/tasks/setup_ldap_each.yml @@ -36,7 +36,7 @@ - name: Check existence LDAP connections uri: url: "{{ nexus_api_scheme }}://{{ nexus_api_hostname }}:{{ nexus_api_port }}\ - {{ nexus_api_context_path }}{{ nexus_rest_api_endpoint_base }}/beta/security/ldap/{{item.ldap_name|urlencode}}" + {{ nexus_api_context_path }}{{ nexus_rest_api_endpoint_base }}/beta/security/ldap/{{ item.ldap_name | urlencode }}" user: 'admin' password: "{{ current_nexus_admin_password }}" method: GET @@ -94,7 +94,7 @@ - name: Updating LDAP connections uri: url: "{{ nexus_api_scheme }}://{{ nexus_api_hostname }}:{{ nexus_api_port }}\ - {{ nexus_api_context_path }}{{ nexus_rest_api_endpoint_base }}/beta/security/ldap/{{item.ldap_name|urlencode}}" + {{ nexus_api_context_path }}{{ nexus_rest_api_endpoint_base }}/beta/security/ldap/{{ item.ldap_name | urlencode }}" user: 'admin' password: "{{ current_nexus_admin_password }}" headers: @@ -134,5 +134,5 @@ connectionRetryDelaySeconds: "{{ item.ldap_connection_retry_delay | default(0) }}" maxIncidentsCount: "{{ item.ldap_max_incidents_count | default(0) }}" # Id should be present and so collected - id: "{{(nexus_ldap_retrieved.content | from_json)['id']}}" + id: "{{ (nexus_ldap_retrieved.content | from_json)['id'] }}" when: nexus_ldap_retrieved.status == 200 From b6c97bee6f0f550a27c30c08dee41ad1f77b8b43 Mon Sep 17 00:00:00 2001 From: Guilhem Bonnefille Date: Mon, 10 Aug 2020 14:31:05 +0200 Subject: [PATCH 05/10] Add default for REST API endpoint --- defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/defaults/main.yml b/defaults/main.yml index 51e38740..490a318f 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -77,6 +77,7 @@ nexus_api_scheme: http nexus_api_validate_certs: "{{ nexus_api_scheme == 'https' }}" nexus_api_context_path: "{{ nexus_default_context_path }}" nexus_api_port: "{{ nexus_default_port }}" +nexus_rest_api_endpoint_base: "service/rest" # security realms nexus_nuget_api_key_realm: false From 60597ef9fb7d6f453152a8595ff4c8a6dfd20731 Mon Sep 17 00:00:00 2001 From: Guilhem Bonnefille Date: Mon, 10 Aug 2020 16:09:27 +0200 Subject: [PATCH 06/10] Default groupType to none --- tasks/setup_ldap_each.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tasks/setup_ldap_each.yml b/tasks/setup_ldap_each.yml index 368e982b..6991afcf 100644 --- a/tasks/setup_ldap_each.yml +++ b/tasks/setup_ldap_each.yml @@ -77,7 +77,8 @@ userRealNameAttribute: "{{ item.ldap_user_real_name_attribute }}" userEmailAddressAttribute: "{{ item.ldap_user_email_attribute }}" ldapGroupsAsRoles: "{{ item.ldap_map_groups_as_roles | default(false) }}" - groupType: "{{ item.ldap_map_groups_as_roles_type | default('static') }}" + # 'static', 'dynamic' or none + groupType: "{{ item.ldap_map_groups_as_roles_type | default(none) }}" userMemberOfAttribute: "{{ item.ldap_user_memberof_attribute | default('memberOf') }}" groupBaseDn: "{{ item.ldap_group_base_dn | default('ou=groups') }}" groupObjectClass: "{{ item.ldap_group_object_class | default('groupOfNames') }}" From 4f556155c24cecba2343249b37a51602cedb7b56 Mon Sep 17 00:00:00 2001 From: Guilhem Bonnefille Date: Mon, 10 Aug 2020 16:34:48 +0200 Subject: [PATCH 07/10] Tests expect default groupType value to 'static' --- tasks/setup_ldap_each.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/setup_ldap_each.yml b/tasks/setup_ldap_each.yml index 6991afcf..9a585b6d 100644 --- a/tasks/setup_ldap_each.yml +++ b/tasks/setup_ldap_each.yml @@ -78,7 +78,7 @@ userEmailAddressAttribute: "{{ item.ldap_user_email_attribute }}" ldapGroupsAsRoles: "{{ item.ldap_map_groups_as_roles | default(false) }}" # 'static', 'dynamic' or none - groupType: "{{ item.ldap_map_groups_as_roles_type | default(none) }}" + groupType: "{{ item.ldap_map_groups_as_roles_type | default('static') }}" userMemberOfAttribute: "{{ item.ldap_user_memberof_attribute | default('memberOf') }}" groupBaseDn: "{{ item.ldap_group_base_dn | default('ou=groups') }}" groupObjectClass: "{{ item.ldap_group_object_class | default('groupOfNames') }}" From 1458e4c4b346b1febee8404050b7fbdb41700885 Mon Sep 17 00:00:00 2001 From: Guilhem Bonnefille Date: Mon, 10 Aug 2020 16:35:04 +0200 Subject: [PATCH 08/10] Only set expected arguments --- tasks/setup_ldap_each.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tasks/setup_ldap_each.yml b/tasks/setup_ldap_each.yml index 9a585b6d..80578ac4 100644 --- a/tasks/setup_ldap_each.yml +++ b/tasks/setup_ldap_each.yml @@ -79,12 +79,12 @@ ldapGroupsAsRoles: "{{ item.ldap_map_groups_as_roles | default(false) }}" # 'static', 'dynamic' or none groupType: "{{ item.ldap_map_groups_as_roles_type | default('static') }}" - userMemberOfAttribute: "{{ item.ldap_user_memberof_attribute | default('memberOf') }}" - groupBaseDn: "{{ item.ldap_group_base_dn | default('ou=groups') }}" - groupObjectClass: "{{ item.ldap_group_object_class | default('groupOfNames') }}" - groupIdAttribute: "{{ item.ldap_group_id_attribute | default('cn') }}" - groupMemberAttribute: "{{ item.ldap_group_member_attribute | default('member') }}" - groupMemberFormat: "{{ item.ldap_group_member_format | default('uid=${username},ou=users,dc=yourcompany') }}" + userMemberOfAttribute: "{% if item.ldap_map_groups_as_roles_type == 'dynamic' %}{{ item.ldap_user_memberof_attribute | default('memberOf') }}{% else %}{{ (omit) }}{% endif %}" + groupBaseDn: "{% if item.ldap_map_groups_as_roles_type == 'static' %}{{ item.ldap_group_base_dn | default('ou=groups') }}{% else %}{{ (omit) }}{% endif %}" + groupObjectClass: "{% if item.ldap_map_groups_as_roles_type == 'static' %}{{ item.ldap_group_object_class | default('groupOfNames') }}{% else %}{{ (omit) }}{% endif %}" + groupIdAttribute: "{% if item.ldap_map_groups_as_roles_type == 'static' %}{{ item.ldap_group_id_attribute | default('cn') }}{% else %}{{ (omit) }}{% endif %}" + groupMemberAttribute: "{% if item.ldap_map_groups_as_roles_type == 'static' %}{{ item.ldap_group_member_attribute | default('member') }}{% else %}{{ (omit) }}{% endif %}" + groupMemberFormat: "{% if item.ldap_map_groups_as_roles_type == 'static' %}{{ item.ldap_group_member_format | default('uid=${username},ou=users,dc=yourcompany') }}{% else %}{{ (omit) }}{% endif %}" userSubtree: "{{ item.ldap_user_subtree | default(false) }}" groupSubtree: "{{ item.ldap_group_subtree | default(false) }}" connectionTimeoutSeconds: "{{ item.ldap_connection_timeout | default(1) }}" From e9b40456712d89e705f87ac36805c44ed913dcaa Mon Sep 17 00:00:00 2001 From: Guilhem Bonnefille Date: Mon, 10 Aug 2020 17:01:57 +0200 Subject: [PATCH 09/10] Split long lines as requested by linter --- tasks/setup_ldap_each.yml | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/tasks/setup_ldap_each.yml b/tasks/setup_ldap_each.yml index 80578ac4..bf874d73 100644 --- a/tasks/setup_ldap_each.yml +++ b/tasks/setup_ldap_each.yml @@ -79,12 +79,36 @@ ldapGroupsAsRoles: "{{ item.ldap_map_groups_as_roles | default(false) }}" # 'static', 'dynamic' or none groupType: "{{ item.ldap_map_groups_as_roles_type | default('static') }}" - userMemberOfAttribute: "{% if item.ldap_map_groups_as_roles_type == 'dynamic' %}{{ item.ldap_user_memberof_attribute | default('memberOf') }}{% else %}{{ (omit) }}{% endif %}" - groupBaseDn: "{% if item.ldap_map_groups_as_roles_type == 'static' %}{{ item.ldap_group_base_dn | default('ou=groups') }}{% else %}{{ (omit) }}{% endif %}" - groupObjectClass: "{% if item.ldap_map_groups_as_roles_type == 'static' %}{{ item.ldap_group_object_class | default('groupOfNames') }}{% else %}{{ (omit) }}{% endif %}" - groupIdAttribute: "{% if item.ldap_map_groups_as_roles_type == 'static' %}{{ item.ldap_group_id_attribute | default('cn') }}{% else %}{{ (omit) }}{% endif %}" - groupMemberAttribute: "{% if item.ldap_map_groups_as_roles_type == 'static' %}{{ item.ldap_group_member_attribute | default('member') }}{% else %}{{ (omit) }}{% endif %}" - groupMemberFormat: "{% if item.ldap_map_groups_as_roles_type == 'static' %}{{ item.ldap_group_member_format | default('uid=${username},ou=users,dc=yourcompany') }}{% else %}{{ (omit) }}{% endif %}" + userMemberOfAttribute: "{% if item.ldap_map_groups_as_roles_type == 'dynamic' %}\ + {{ item.ldap_user_memberof_attribute | default('memberOf') }}\ + {% else %}\ + {{ (omit) }}\ + {% endif %}" + groupBaseDn: "{% if item.ldap_map_groups_as_roles_type == 'static' %}\ + {{ item.ldap_group_base_dn | default('ou=groups') }}\ + {% else %}\ + {{ (omit) }}\ + {% endif %}" + groupObjectClass: "{% if item.ldap_map_groups_as_roles_type == 'static' %}\ + {{ item.ldap_group_object_class | default('groupOfNames') }}\ + {% else %}\ + {{ (omit) }}\ + {% endif %}" + groupIdAttribute: "{% if item.ldap_map_groups_as_roles_type == 'static' %}\ + {{ item.ldap_group_id_attribute | default('cn') }}\ + {% else %}\ + {{ (omit) }}\ + {% endif %}" + groupMemberAttribute: "{% if item.ldap_map_groups_as_roles_type == 'static' %}\ + {{ item.ldap_group_member_attribute | default('member') }}\ + {% else %}\ + {{ (omit) }}\ + {% endif %}" + groupMemberFormat: "{% if item.ldap_map_groups_as_roles_type == 'static' %}\ + {{ item.ldap_group_member_format | default('uid=${username},ou=users,dc=yourcompany') }}\ + {% else %}\ + {{ (omit) }}\ + {% endif %}" userSubtree: "{{ item.ldap_user_subtree | default(false) }}" groupSubtree: "{{ item.ldap_group_subtree | default(false) }}" connectionTimeoutSeconds: "{{ item.ldap_connection_timeout | default(1) }}" From 9c057e6e408349323f19e6a4b85ce9c5d82173af Mon Sep 17 00:00:00 2001 From: Guilhem Bonnefille Date: Mon, 10 Aug 2020 17:26:18 +0200 Subject: [PATCH 10/10] Deal when ldap_map_groups_as_roles_type is absent --- tasks/setup_ldap_each.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tasks/setup_ldap_each.yml b/tasks/setup_ldap_each.yml index bf874d73..eb1c6683 100644 --- a/tasks/setup_ldap_each.yml +++ b/tasks/setup_ldap_each.yml @@ -79,32 +79,32 @@ ldapGroupsAsRoles: "{{ item.ldap_map_groups_as_roles | default(false) }}" # 'static', 'dynamic' or none groupType: "{{ item.ldap_map_groups_as_roles_type | default('static') }}" - userMemberOfAttribute: "{% if item.ldap_map_groups_as_roles_type == 'dynamic' %}\ + userMemberOfAttribute: "{% if item.ldap_map_groups_as_roles_type is defined and item.ldap_map_groups_as_roles_type == 'dynamic' %}\ {{ item.ldap_user_memberof_attribute | default('memberOf') }}\ {% else %}\ {{ (omit) }}\ {% endif %}" - groupBaseDn: "{% if item.ldap_map_groups_as_roles_type == 'static' %}\ + groupBaseDn: "{% if item.ldap_map_groups_as_roles_type is not defined or item.ldap_map_groups_as_roles_type == 'static' %}\ {{ item.ldap_group_base_dn | default('ou=groups') }}\ {% else %}\ {{ (omit) }}\ {% endif %}" - groupObjectClass: "{% if item.ldap_map_groups_as_roles_type == 'static' %}\ + groupObjectClass: "{% if item.ldap_map_groups_as_roles_type is not defined or item.ldap_map_groups_as_roles_type == 'static' %}\ {{ item.ldap_group_object_class | default('groupOfNames') }}\ {% else %}\ {{ (omit) }}\ {% endif %}" - groupIdAttribute: "{% if item.ldap_map_groups_as_roles_type == 'static' %}\ + groupIdAttribute: "{% if item.ldap_map_groups_as_roles_type is not defined or item.ldap_map_groups_as_roles_type == 'static' %}\ {{ item.ldap_group_id_attribute | default('cn') }}\ {% else %}\ {{ (omit) }}\ {% endif %}" - groupMemberAttribute: "{% if item.ldap_map_groups_as_roles_type == 'static' %}\ + groupMemberAttribute: "{% if item.ldap_map_groups_as_roles_type is not defined or item.ldap_map_groups_as_roles_type == 'static' %}\ {{ item.ldap_group_member_attribute | default('member') }}\ {% else %}\ {{ (omit) }}\ {% endif %}" - groupMemberFormat: "{% if item.ldap_map_groups_as_roles_type == 'static' %}\ + groupMemberFormat: "{% if item.ldap_map_groups_as_roles_type is not defined or item.ldap_map_groups_as_roles_type == 'static' %}\ {{ item.ldap_group_member_format | default('uid=${username},ou=users,dc=yourcompany') }}\ {% else %}\ {{ (omit) }}\