From: Frank Brehm Date: Fri, 3 Jan 2025 16:20:22 +0000 (+0100) Subject: Using evaluated configuration in roles/389ds-config-plugins/tasks/account-policy... X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=5a564639117cc7f9343b7cf401f1da31e946c9c7;p=pixelpark%2Fpp-admin-tools.git Using evaluated configuration in roles/389ds-config-plugins/tasks/account-policy.yaml --- diff --git a/roles/389ds-config-plugins/tasks/account-policy.yaml b/roles/389ds-config-plugins/tasks/account-policy.yaml index 6049793..ab3edbc 100644 --- a/roles/389ds-config-plugins/tasks/account-policy.yaml +++ b/roles/389ds-config-plugins/tasks/account-policy.yaml @@ -1,57 +1,5 @@ --- -- name: 'Get the current configuration of the account-policy Plugin.' - ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin account-policy show | \ - grep -P -i '^(nsslapd-pluginEnabled|nsslapd-pluginarg0)' | \ - sed -e 's/nsslapd-plugin//i' -e 's/Enabled/enabled/i' | sort || true" - register: get_plugin_account_policy - changed_when: false - check_mode: false - -- name: 'Show raw account-policy attribute config.' - debug: - var: get_plugin_account_policy - verbosity: 2 - -- name: "Set variable plugin_account_policy_config" - set_fact: - plugin_account_policy_config: "{{ get_plugin_account_policy.stdout_lines | cfg_389ds_to_dict }}" - -- name: "Set variable acc_plugin_entry." - set_fact: - acc_plugin_entry: "{{ plugin_account_policy_config['arg0'] }}" - -- name: "The account-policy Plugin entry:" - debug: - var: acc_plugin_entry - verbosity: 1 - -- name: 'Get the current configuration entry of the account-policy Plugin.' - ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin account-policy config-entry show \ - {{ plugin_account_policy_config['arg0'] | quote }} | \ - grep -P -v -i '^([cd]n|objectClass):' | grep -v -P '^\\s*$' | sort -i || true" - register: get_plugin_account_policy_entry - changed_when: false - check_mode: false - -- name: 'Show raw account-policy attribute config entry.' - debug: - var: get_plugin_account_policy_entry - verbosity: 2 - -- name: "Set variable plugin_account_policy_config_entry" - set_fact: - plugin_account_policy_config_entry: "{{ get_plugin_account_policy_entry.stdout_lines | cfg_389ds_to_dict }}" - -- name: "Set variable acc_plugin_cfg" - set_fact: - acc_plugin_cfg: "{{ plugin_account_policy_config | ansible.builtin.combine(plugin_account_policy_config_entry, list_merge='append_rp', recursive=true) }}" - -- name: "The current account-policy Plugin configuration:" - debug: - var: acc_plugin_cfg - verbosity: 0 - - name: 'Predefine variables' set_fact: exec_set: false @@ -60,91 +8,92 @@ - name: 'Check for alwaysrecordlogin' set_fact: exec_set: true - when: "('alwaysrecordlogin' not in acc_plugin_cfg) or (acc_plugin_cfg['alwaysrecordlogin'] != ds389_plugin_account_policy_always_record_login)" + when: "('always_record_login' not in ds389_plugin_config.account_policy) or \ + (ds389_plugin_config.account_policy['always_record_login'] != ( ds389_plugin_account_policy_always_record_login | bool ) )" - name: 'Check for alt-state-attr for vanishing' set_fact: attrs_remove: "{{ alt-state-attr + ['altstateattrname']" - when: "('altstateattrname' in acc_plugin_cfg) and ds389_plugin_account_policy_alt_state_attr is empty" + when: "('alt_state_attr' in ds389_plugin_config.account_policy) and ds389_plugin_account_policy_alt_state_attr is empty" - name: 'Check for alt-state-attr' set_fact: exec_set: true when: "ds389_plugin_account_policy_alt_state_attr is not empty \ - and ('altstateattrname' not in acc_plugin_cfg \ - or ((acc_plugin_cfg['altstateattrname'] | lower) != (ds389_plugin_account_policy_alt_state_attr | string | lower)))" + and ('alt_state_attr' not in ds389_plugin_config.account_policy \ + or ((ds389_plugin_config.account_policy['alt_state_attr'] | lower) != (ds389_plugin_account_policy_alt_state_attr | string | lower)))" - name: 'Check for always-record-login-attr for vanishing' set_fact: attrs_remove: "{{ attrs_remove + ['alwaysrecordloginattr']" - when: "('alwaysrecordloginattr' in acc_plugin_cfg) and ds389_plugin_account_policy_always-record-login-attr is empty" + when: "('always_record_login_attr' in ds389_plugin_config.account_policy) and ds389_plugin_account_policy_always_record_login_attr is empty" - name: 'Check for always-record-login-attr' set_fact: exec_set: true when: "ds389_plugin_account_policy_always_record_login_attr is not empty \ - and ('alwaysrecordloginattr' not in acc_plugin_cfg \ - or (acc_plugin_cfg['alwaysrecordloginattr'] != ds389_plugin_account_policy_always_record_login_attr))" + and ('always_record_login_attr' not in ds389_plugin_config.account_policy \ + or (ds389_plugin_config.account_policy['always_record_login_attr'] != ds389_plugin_account_policy_always_record_login_attr))" - name: 'Check limit-attr for vanishing' set_fact: attrs_remove: "{{ attrs_remove + ['limitattrname'] }}" - when: "('limitattrname' in acc_plugin_cfg) and ds389_plugin_account_policy_limit_attr is empty" + when: "('limit_attr' in ds389_plugin_config.account_policy) and ds389_plugin_account_policy_limit_attr is empty" - name: 'Check limit-attr' set_fact: exec_set: true when: "ds389_plugin_account_policy_limit_attr is not empty \ - and ('limitattrname' not in acc_plugin_cfg \ - or ((acc_plugin_cfg['limitattrname'] | lower) != (ds389_plugin_account_policy_limit_attr | lower)))" + and ('limit_attr' not in ds389_plugin_config.account_policy \ + or ((ds389_plugin_config.account_policy['limit_attr'] | lower) != (ds389_plugin_account_policy_limit_attr | lower)))" - name: 'Check spec-attr for vanishing' set_fact: attrs_remove: "{{ attrs_remove + ['specattrname'] }}" - when: "('specattrname' in acc_plugin_cfg) and ds389_plugin_account_policy_spec_attr is empty" + when: "('spec_attr' in ds389_plugin_config.account_policy) and ds389_plugin_account_policy_spec_attr is empty" - name: 'Check spec-attr' set_fact: exec_set: true when: "ds389_plugin_account_policy_spec_attr is not empty \ - and ('specattrname' not in acc_plugin_cfg \ - or ((acc_plugin_cfg['specattrname'] | lower) != (ds389_plugin_account_policy_spec_attr | lower)))" + and ('spec_attr' not in ds389_plugin_config.account_policy \ + or ((ds389_plugin_config.account_policy['spec_attr'] | lower) != (ds389_plugin_account_policy_spec_attr | lower)))" - name: 'Check state-attr for vanishing' set_fact: attrs_remove: "{{ attrs_remove + ['stateattrname'] }}" - when: "('stateattrname' in acc_plugin_cfg) and ds389_plugin_account_policy_state_attr is empty" + when: "('state_attr' in ds389_plugin_config.account_policy) and ds389_plugin_account_policy_state_attr is empty" - name: 'Check state-attr' set_fact: exec_set: true when: "ds389_plugin_account_policy_state_attr is not empty \ - and ('stateattrname' not in acc_plugin_cfg \ - or ((acc_plugin_cfg['stateattrname'] | lower) != (ds389_plugin_account_policy_state_attr | lower)))" + and ('state_attr' not in ds389_plugin_config.account_policy \ + or ((ds389_plugin_config.account_policy['state_attr'] | lower) != (ds389_plugin_account_policy_state_attr | lower)))" - name: 'Check login-history-size for vanishing' set_fact: attrs_remove: "{{ attrs_remove + ['lastloginhistsize'] }}" - when: "('lastloginhistsize' in acc_plugin_cfg) and ds389_plugin_account_policy_login_history_size is empty" + when: "('login_history_size' in ds389_plugin_config.account_policy) and ds389_plugin_account_policy_login_history_size is empty" - name: 'Check login-history-size' set_fact: exec_set: true when: "ds389_plugin_account_policy_login_history_size is not empty \ - and ('lastloginhistsize' not in acc_plugin_cfg \ - or (acc_plugin_cfg['lastloginhistsize'] != ds389_plugin_account_policy_login_history_size ))" + and ('login_history_size' not in ds389_plugin_config.account_policy \ + or (ds389_plugin_config.account_policy['login_history_size'] != ds389_plugin_account_policy_login_history_size ))" - name: 'Check check-all-state-attrs for vanishing' set_fact: attrs_remove: "{{ attrs_remove + ['checkallstateattrs'] }}" - when: "('checkallstateattrs' in acc_plugin_cfg) and ds389_plugin_account_policy_check_all_state_attrs is empty" + when: "('check_all_state_attrs' in ds389_plugin_config.account_policy) and ds389_plugin_account_policy_check_all_state_attrs is empty" - name: 'Check check-all-state-attrs' set_fact: exec_set: true when: "ds389_plugin_account_policy_check_all_state_attrs is not empty \ - and (('checkallstateattrs' not in acc_plugin_cfg) \ - or (acc_plugin_cfg['checkallstateattrs'] | bool) != (ds389_plugin_account_policy_check_all_state_attrs | bool))" + and (('check_all_state_attrs' not in ds389_plugin_config.account_policy) \ + or (ds389_plugin_config.account_policy['check_all_state_attrs'] | bool) != (ds389_plugin_account_policy_check_all_state_attrs | bool))" - name: "Task block for removing pointless config entries." when: attrs_remove | length > 0 @@ -233,7 +182,7 @@ ansible.builtin.shell: "{{ plugin_acc_policy_cmd }}" - name: "Check for enabling the account policy plugin." - when: "acc_plugin_cfg['enabled'] == false and ds389_plugin_account_policy_enable == true" + when: "ds389_plugin_config.account_policy['enabled'] == false and ds389_plugin_account_policy_enable == true" block: - name: "Init + set var plugin_acc_policy_cmd for enabling + restart_389ds." @@ -245,7 +194,7 @@ ansible.builtin.shell: "{{ plugin_acc_policy_cmd }}" - name: "Check for disabling the account policy plugin." - when: "acc_plugin_cfg['enabled'] == true and ds389_plugin_account_policy_enable == false" + when: "ds389_plugin_config.account_policy['enabled'] == true and ds389_plugin_account_policy_enable == false" block: - name: "Init + set var plugin_acc_policy_cmd for enabling + restart_389ds." diff --git a/roles/389ds-config-plugins/tasks/main.yaml b/roles/389ds-config-plugins/tasks/main.yaml index 1701ace..3e0b52f 100644 --- a/roles/389ds-config-plugins/tasks/main.yaml +++ b/roles/389ds-config-plugins/tasks/main.yaml @@ -50,8 +50,8 @@ ds389_plugin_account_policy_config: true when: ds389_plugin_account_policy_config is undefined -# - name: "Configuring the 389ds account-policy-Plugin." -# include_tasks: 'account-policy.yaml' -# when: (ds389_plugin_account_policy_config | bool) == true +- name: "Configuring the 389ds account-policy-Plugin." + include_tasks: 'account-policy.yaml' + when: (ds389_plugin_account_policy_config | bool) == true # vim: filetype=yaml