]> Frank Brehm's Git Trees - pixelpark/pp-admin-tools.git/commitdiff
projects / pixelpark / pp-admin-tools.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a00bab4)
Using evaluated configuration in roles/389ds-config-plugins/tasks/account-policy... develop
authorFrank Brehm <frank.brehm@pixelpark.com>
Fri, 3 Jan 2025 16:20:22 +0000 (17:20 +0100)
committerFrank Brehm <frank.brehm@pixelpark.com>
Fri, 3 Jan 2025 16:20:22 +0000 (17:20 +0100)
roles/389ds-config-plugins/tasks/account-policy.yaml patch | blob | history
roles/389ds-config-plugins/tasks/main.yaml patch | blob | history

diff --git a/roles/389ds-config-plugins/tasks/account-policy.yaml b/roles/389ds-config-plugins/tasks/account-policy.yaml
index 60497939459b1c04b1ee82fcf86d16fae8056f19..ab3edbc87bf16fb1aa9d81bbe2af85236dce0cc6 100644 (file)
--- a/roles/389ds-config-plugins/tasks/account-policy.yaml
+++ b/roles/389ds-config-plugins/tasks/account-policy.yaml
@@ -1,57 +1,5 @@
 ---
 
-- name: 'Get the current configuration of the account-policy Plugin.'
-  ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin account-policy show | \
-    grep -P -i '^(nsslapd-pluginEnabled|nsslapd-pluginarg0)' | \
-    sed -e 's/nsslapd-plugin//i' -e 's/Enabled/enabled/i' | sort || true"
-  register: get_plugin_account_policy
-  changed_when: false
-  check_mode: false
-
-- name: 'Show raw account-policy attribute config.'
-  debug:
-    var: get_plugin_account_policy
-    verbosity: 2
-
-- name: "Set variable plugin_account_policy_config"
-  set_fact:
-    plugin_account_policy_config: "{{ get_plugin_account_policy.stdout_lines | cfg_389ds_to_dict }}"
-
-- name: "Set variable acc_plugin_entry."
-  set_fact:
-    acc_plugin_entry: "{{ plugin_account_policy_config['arg0'] }}"
-
-- name: "The account-policy Plugin entry:"
-  debug:
-    var: acc_plugin_entry
-    verbosity: 1
-
-- name: 'Get the current configuration entry of the account-policy Plugin.'
-  ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin account-policy config-entry show \
-    {{ plugin_account_policy_config['arg0'] | quote }} | \
-    grep -P -v -i '^([cd]n|objectClass):' | grep -v -P '^\\s*$' | sort -i || true"
-  register: get_plugin_account_policy_entry
-  changed_when: false
-  check_mode: false
-
-- name: 'Show raw account-policy attribute config entry.'
-  debug:
-    var: get_plugin_account_policy_entry
-    verbosity: 2
-
-- name: "Set variable plugin_account_policy_config_entry"
-  set_fact:
-    plugin_account_policy_config_entry: "{{ get_plugin_account_policy_entry.stdout_lines | cfg_389ds_to_dict }}"
-
-- name: "Set variable acc_plugin_cfg"
-  set_fact:
-    acc_plugin_cfg: "{{ plugin_account_policy_config | ansible.builtin.combine(plugin_account_policy_config_entry, list_merge='append_rp', recursive=true) }}"
-
-- name: "The current account-policy Plugin configuration:"
-  debug:
-    var: acc_plugin_cfg
-    verbosity: 0
-
 - name: 'Predefine variables'
   set_fact:
     exec_set: false
@@ -60,91 +8,92 @@
 - name: 'Check for alwaysrecordlogin'
   set_fact:
     exec_set: true
-  when: "('alwaysrecordlogin' not in acc_plugin_cfg) or (acc_plugin_cfg['alwaysrecordlogin'] != ds389_plugin_account_policy_always_record_login)"
+  when: "('always_record_login' not in ds389_plugin_config.account_policy) or \
+         (ds389_plugin_config.account_policy['always_record_login'] != ( ds389_plugin_account_policy_always_record_login | bool ) )"
 
 - name: 'Check for alt-state-attr for vanishing'
   set_fact:
     attrs_remove: "{{ alt-state-attr + ['altstateattrname']"
-  when: "('altstateattrname' in acc_plugin_cfg) and ds389_plugin_account_policy_alt_state_attr is empty"
+  when: "('alt_state_attr' in ds389_plugin_config.account_policy) and ds389_plugin_account_policy_alt_state_attr is empty"
 
 - name: 'Check for alt-state-attr'
   set_fact:
     exec_set: true
   when: "ds389_plugin_account_policy_alt_state_attr is not empty \
-         and ('altstateattrname' not in acc_plugin_cfg \
-         or ((acc_plugin_cfg['altstateattrname'] | lower) != (ds389_plugin_account_policy_alt_state_attr | string | lower)))"
+         and ('alt_state_attr' not in ds389_plugin_config.account_policy \
+         or ((ds389_plugin_config.account_policy['alt_state_attr'] | lower) != (ds389_plugin_account_policy_alt_state_attr | string | lower)))"
 
 - name: 'Check for always-record-login-attr for vanishing'
   set_fact:
     attrs_remove: "{{ attrs_remove + ['alwaysrecordloginattr']"
-  when: "('alwaysrecordloginattr' in acc_plugin_cfg) and ds389_plugin_account_policy_always-record-login-attr is empty"
+  when: "('always_record_login_attr' in ds389_plugin_config.account_policy) and ds389_plugin_account_policy_always_record_login_attr is empty"
 
 - name: 'Check for always-record-login-attr'
   set_fact:
     exec_set: true
   when: "ds389_plugin_account_policy_always_record_login_attr is not empty \
-         and ('alwaysrecordloginattr' not in acc_plugin_cfg \
-         or (acc_plugin_cfg['alwaysrecordloginattr'] != ds389_plugin_account_policy_always_record_login_attr))"
+         and ('always_record_login_attr' not in ds389_plugin_config.account_policy \
+         or (ds389_plugin_config.account_policy['always_record_login_attr'] != ds389_plugin_account_policy_always_record_login_attr))"
 
 - name: 'Check limit-attr for vanishing'
   set_fact:
     attrs_remove: "{{ attrs_remove + ['limitattrname'] }}"
-  when: "('limitattrname' in acc_plugin_cfg) and ds389_plugin_account_policy_limit_attr is empty"
+  when: "('limit_attr' in ds389_plugin_config.account_policy) and ds389_plugin_account_policy_limit_attr is empty"
 
 - name: 'Check limit-attr'
   set_fact:
     exec_set: true
   when: "ds389_plugin_account_policy_limit_attr is not empty \
-         and ('limitattrname' not in acc_plugin_cfg \
-         or ((acc_plugin_cfg['limitattrname'] | lower) != (ds389_plugin_account_policy_limit_attr | lower)))"
+         and ('limit_attr' not in ds389_plugin_config.account_policy \
+         or ((ds389_plugin_config.account_policy['limit_attr'] | lower) != (ds389_plugin_account_policy_limit_attr | lower)))"
 
 - name: 'Check spec-attr for vanishing'
   set_fact:
     attrs_remove: "{{ attrs_remove + ['specattrname'] }}"
-  when: "('specattrname' in acc_plugin_cfg) and ds389_plugin_account_policy_spec_attr is empty"
+  when: "('spec_attr' in ds389_plugin_config.account_policy) and ds389_plugin_account_policy_spec_attr is empty"
 
 - name: 'Check spec-attr'
   set_fact:
     exec_set: true
   when: "ds389_plugin_account_policy_spec_attr is not empty \
-         and ('specattrname' not in acc_plugin_cfg \
-         or ((acc_plugin_cfg['specattrname'] | lower) != (ds389_plugin_account_policy_spec_attr | lower)))"
+         and ('spec_attr' not in ds389_plugin_config.account_policy \
+         or ((ds389_plugin_config.account_policy['spec_attr'] | lower) != (ds389_plugin_account_policy_spec_attr | lower)))"
 
 - name: 'Check state-attr for vanishing'
   set_fact:
     attrs_remove: "{{ attrs_remove + ['stateattrname'] }}"
-  when: "('stateattrname' in acc_plugin_cfg) and ds389_plugin_account_policy_state_attr is empty"
+  when: "('state_attr' in ds389_plugin_config.account_policy) and ds389_plugin_account_policy_state_attr is empty"
 
 - name: 'Check state-attr'
   set_fact:
     exec_set: true
   when: "ds389_plugin_account_policy_state_attr is not empty \
-         and ('stateattrname' not in acc_plugin_cfg \
-         or ((acc_plugin_cfg['stateattrname'] | lower) != (ds389_plugin_account_policy_state_attr | lower)))"
+         and ('state_attr' not in ds389_plugin_config.account_policy \
+         or ((ds389_plugin_config.account_policy['state_attr'] | lower) != (ds389_plugin_account_policy_state_attr | lower)))"
 
 - name: 'Check login-history-size for vanishing'
   set_fact:
     attrs_remove: "{{ attrs_remove + ['lastloginhistsize'] }}"
-  when: "('lastloginhistsize' in acc_plugin_cfg) and ds389_plugin_account_policy_login_history_size is empty"
+  when: "('login_history_size' in ds389_plugin_config.account_policy) and ds389_plugin_account_policy_login_history_size is empty"
 
 - name: 'Check login-history-size'
   set_fact:
     exec_set: true
   when: "ds389_plugin_account_policy_login_history_size is not empty \
-         and ('lastloginhistsize' not in acc_plugin_cfg \
-         or (acc_plugin_cfg['lastloginhistsize'] != ds389_plugin_account_policy_login_history_size ))"
+         and ('login_history_size' not in ds389_plugin_config.account_policy \
+         or (ds389_plugin_config.account_policy['login_history_size'] != ds389_plugin_account_policy_login_history_size ))"
 
 - name: 'Check check-all-state-attrs for vanishing'
   set_fact:
     attrs_remove: "{{ attrs_remove + ['checkallstateattrs'] }}"
-  when: "('checkallstateattrs' in acc_plugin_cfg) and ds389_plugin_account_policy_check_all_state_attrs is empty"
+  when: "('check_all_state_attrs' in ds389_plugin_config.account_policy) and ds389_plugin_account_policy_check_all_state_attrs is empty"
 
 - name: 'Check check-all-state-attrs'
   set_fact:
     exec_set: true
   when: "ds389_plugin_account_policy_check_all_state_attrs is not empty \
-         and (('checkallstateattrs' not in acc_plugin_cfg) \
-         or (acc_plugin_cfg['checkallstateattrs'] | bool) != (ds389_plugin_account_policy_check_all_state_attrs | bool))"
+         and (('check_all_state_attrs' not in ds389_plugin_config.account_policy) \
+         or (ds389_plugin_config.account_policy['check_all_state_attrs'] | bool) != (ds389_plugin_account_policy_check_all_state_attrs | bool))"
 
 - name: "Task block for removing pointless config entries."
   when: attrs_remove | length > 0
@@ -233,7 +182,7 @@
       ansible.builtin.shell: "{{ plugin_acc_policy_cmd }}"
 
 - name: "Check for enabling the account policy plugin."
-  when: "acc_plugin_cfg['enabled'] == false and ds389_plugin_account_policy_enable == true"
+  when: "ds389_plugin_config.account_policy['enabled'] == false and ds389_plugin_account_policy_enable == true"
   block:
 
     - name: "Init + set var plugin_acc_policy_cmd for enabling + restart_389ds."
@@ -245,7 +194,7 @@
       ansible.builtin.shell: "{{ plugin_acc_policy_cmd }}"
 
 - name: "Check for disabling the account policy plugin."
-  when: "acc_plugin_cfg['enabled'] == true and ds389_plugin_account_policy_enable == false"
+  when: "ds389_plugin_config.account_policy['enabled'] == true and ds389_plugin_account_policy_enable == false"
   block:
 
     - name: "Init + set var plugin_acc_policy_cmd for enabling + restart_389ds."
diff --git a/roles/389ds-config-plugins/tasks/main.yaml b/roles/389ds-config-plugins/tasks/main.yaml
index 1701acef493280cdac8b3d7e7c802890626ea5d5..3e0b52f3eea3d61334a89c35e34923a8b6eb7684 100644 (file)
--- a/roles/389ds-config-plugins/tasks/main.yaml
+++ b/roles/389ds-config-plugins/tasks/main.yaml
@@ -50,8 +50,8 @@
     ds389_plugin_account_policy_config: true
   when: ds389_plugin_account_policy_config is undefined
 
-- name: "Configuring the 389ds account-policy-Plugin."
-  include_tasks: 'account-policy.yaml'
-  when: (ds389_plugin_account_policy_config | bool) == true
+- name: "Configuring the 389ds account-policy-Plugin."
+  include_tasks: 'account-policy.yaml'
+  when: (ds389_plugin_account_policy_config | bool) == true
 
 # vim: filetype=yaml
Unnamed repository; edit this file 'description' to name the repository.