From: Frank Brehm Date: Fri, 3 Jan 2025 15:51:20 +0000 (+0100) Subject: Using evaluated configuration in roles/389ds-config-plugins/tasks/attr-uniq*.yaml X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=a00bab4bcf4a216a680dd61f4d2a3a60b95061b1;p=pixelpark%2Fpp-admin-tools.git Using evaluated configuration in roles/389ds-config-plugins/tasks/attr-uniq*.yaml --- diff --git a/lib/ansible/ds389_plugins_info.py b/lib/ansible/ds389_plugins_info.py index ad970d0..05cb261 100644 --- a/lib/ansible/ds389_plugins_info.py +++ b/lib/ansible/ds389_plugins_info.py @@ -94,7 +94,7 @@ class Ds389PluginsInfo(object): re_au_subtree_entries_oc = re.compile(r'^uniqueness-subtree-entries-oc:\s+(.*)', re.IGNORECASE) am_key = 'automember' - au_key = 'attr_iniq' + au_key = 'attr_uniq' # -------------------------------------------------------------------------- def __init__(self): @@ -473,9 +473,9 @@ class Ds389PluginsInfo(object): m = self.re_au_subtree.match(line) if m: - if 'subtree' not in self.result[self.au_key][entry_name]: - self.result[self.au_key][entry_name]['subtree'] = [] - self.result[self.au_key][entry_name]['subtree'].append(m.group(1)) + if 'subtrees' not in self.result[self.au_key][entry_name]: + self.result[self.au_key][entry_name]['subtrees'] = [] + self.result[self.au_key][entry_name]['subtrees'].append(m.group(1)) continue m = self.re_au_across_all_subtrees.match(line) diff --git a/roles/389ds-config-plugins/tasks/attr-uniq-entry-add.yaml b/roles/389ds-config-plugins/tasks/attr-uniq-entry-add.yaml index 53d5ac4..6df24ab 100644 --- a/roles/389ds-config-plugins/tasks/attr-uniq-entry-add.yaml +++ b/roles/389ds-config-plugins/tasks/attr-uniq-entry-add.yaml @@ -11,7 +11,7 @@ - name: "Add enabled to entry_add_cmd." set_fact: - entry_add_cmd: "{{ entry_add_cmd }} --enabled {{ entry_data['enabled'] | bool | default(true) | bool_to_on_off }}" + entry_add_cmd: "{{ entry_add_cmd }} --enabled {{ exp_entry_data['enabled'] | bool | default(true) | bool_to_on_off }}" - name: "Adding attribute name to entry_add_cmd." set_fact: @@ -19,22 +19,22 @@ - name: "Adding subtrees to entry_add_cmd." set_fact: - entry_add_cmd: "{{ entry_add_cmd }} --subtree {{ entry_data['subtrees'] | map('quote') | join(' ') }}" - when: "'subtrees' in entry_data and entry_data['subtrees'] is not empty" + entry_add_cmd: "{{ entry_add_cmd }} --subtree {{ exp_entry_data['subtrees'] | map('quote') | join(' ') }}" + when: "'subtrees' in exp_entry_data and exp_entry_data['subtrees'] is not empty" - name: "Adding across_all_subtrees to entry_add_cmd." set_fact: - entry_add_cmd: "{{ entry_add_cmd }} --across-all-subtrees {{ entry_data['across_all_subtrees'] | default(true) | bool_to_on_off }}" + entry_add_cmd: "{{ entry_add_cmd }} --across-all-subtrees {{ exp_entry_data['across_all_subtrees'] | default(true) | bool_to_on_off }}" - name: "Adding top_entry_oc to entry_add_cmd." set_fact: - entry_add_cmd: "{{ entry_add_cmd }} --top-entry-oc {{ entry_data['top_entry_oc'] | quote }}" - when: "'top_entry_oc' in entry_data and entry_data['top_entry_oc'] is not empty" + entry_add_cmd: "{{ entry_add_cmd }} --top-entry-oc {{ exp_entry_data['top_entry_oc'] | quote }}" + when: "'top_entry_oc' in exp_entry_data and exp_entry_data['top_entry_oc'] is not empty" - name: "Adding subtree_entries_oc to entry_add_cmd." set_fact: - entry_add_cmd: "{{ entry_add_cmd }} --subtree-entries-oc {{ entry_data['subtree_entries_oc'] | quote }}" - when: "'subtree_entries_oc' in entry_data and entry_data['subtree_entries_oc'] is not empty" + entry_add_cmd: "{{ entry_add_cmd }} --subtree-entries-oc {{ exp_entry_data['subtree_entries_oc'] | quote }}" + when: "'subtree_entries_oc' in exp_entry_data and exp_entry_data['subtree_entries_oc'] is not empty" - name: "Adding entry name to entry_add_cmd." set_fact: @@ -43,7 +43,7 @@ - name: "Show command for adding an attr-uniq entry." debug: var: entry_add_cmd - verbosity: 0 + verbosity: 1 - name: "Finally adding attr-uniq entry." ansible.builtin.shell: "{{ entry_add_cmd }}" diff --git a/roles/389ds-config-plugins/tasks/attr-uniq-entry-modify.yaml b/roles/389ds-config-plugins/tasks/attr-uniq-entry-modify.yaml index 52ccb24..a8a446f 100644 --- a/roles/389ds-config-plugins/tasks/attr-uniq-entry-modify.yaml +++ b/roles/389ds-config-plugins/tasks/attr-uniq-entry-modify.yaml @@ -5,28 +5,23 @@ var: entry_name verbosity: 0 -- name: 'Get the current configuration of the attr-uniq entry.' - ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin attr-uniq show {{ entry_name | quote }} | \ - grep -P -i '^(uniqueness-|nsslapd-pluginEnabled)' | \ - sed -e 's/^uniqueness-//i' -e 's/nsslapd-pluginE/e/i' | \ - sort -i || true" - register: get_plugin_attr_uniq - changed_when: false - check_mode: false - -- name: 'Show raw attr-uniq entry config.' - debug: - var: get_plugin_attr_uniq - verbosity: 3 - -- name: "Set variable attr_uniq_config" +- name: "Set default config." set_fact: - attr_uniq_config: "{{ get_plugin_attr_uniq.stdout_lines | cfg_389ds_to_dict }}" - -- name: "Show config hash:" + cur_attr_uniq_config: {} + +- name: "Get the current configuration of the attr-uniq entry." + ansible.builtin.set_fact: + cur_attr_uniq_config: "{{ ds389_plugin_config.attr_uniq[cur_entry_name] }}" + when: '( cur_entry_name | lower ) == entry_name_lc' + ignore_errors: true + loop: "{{ ds389_plugin_config.attr_uniq.keys() | list }}" + loop_control: + loop_var: cur_entry_name + +- name: "Show config hash of the attr-uniq entry:" debug: - var: attr_uniq_config - verbosity: 0 + var: cur_attr_uniq_config + verbosity: 2 - name: 'Predefine variables exec_set, remove_attr_uniq_entry_before and exp_entry_enabled' set_fact: @@ -36,72 +31,92 @@ - name: "Set exp_entry_enabled by config." set_fact: - exp_entry_enabled: "{{ entry_data['enabled'] | bool }}" - when: "'enabled' in entry_data" + exp_entry_enabled: "{{ exp_entry_data['enabled'] | bool }}" + when: "'enabled' in exp_entry_data" - name: "Check attr-uniq entry for enabled." set_fact: exec_set: true - when: "attr_uniq_config['enabled'] != exp_entry_enabled" + when: "cur_attr_uniq_config['enabled'] != exp_entry_enabled" - name: "Set remove_attr_uniq_entry_before to true in case of no subtrees expected." set_fact: remove_attr_uniq_entry_before: true - when: "'subtrees' in attr_uniq_config and ('subtrees' not in entry_data or entry_data['subtrees'] is empty)" + when: "'subtrees' in cur_attr_uniq_config and ('subtrees' not in exp_entry_data or exp_entry_data['subtrees'] is empty)" - name: "Set cur_subtrees to an empty list, if none were found" set_fact: cur_subtrees: "{{ [] }}" - when: "'subtrees' not in attr_uniq_config" + when: "'subtrees' not in cur_attr_uniq_config" - name: "Set cur_subtrees, if some were found." set_fact: - cur_subtrees: "{{ attr_uniq_config['subtrees'] }}" - when: "'subtrees' in attr_uniq_config" + cur_subtrees: "{{ cur_attr_uniq_config['subtrees'] }}" + when: "'subtrees' in cur_attr_uniq_config" + +- name: "Expected subtrees:" + debug: + var: exp_entry_data['subtrees'] + verbosity: 2 + +- name: "Current subtrees:" + debug: + var: cur_subtrees + verbosity: 2 - name: "Check subtrees" set_fact: exec_set: true - when: "('subtrees' in entry_data and entry_data['subtrees'] is not empty ) and (cur_subtrees | compare_lc_list(entry_data['subtrees']) == false)" + when: "('subtrees' in exp_entry_data and exp_entry_data['subtrees'] is not empty ) and (cur_subtrees | compare_lc_list(exp_entry_data['subtrees']) == false)" + +- name: "Expected attribute_name_list:" + debug: + var: attr_name_list + verbosity: 2 + +- name: "Current attribute_name_list:" + debug: + var: cur_attr_uniq_config['attribute_name'] + verbosity: 2 - name: "Check attribute name" set_fact: exec_set: true - when: "(attr_uniq_config['attribute-name'] | lower) != ( attr_name | lower )" + when: "cur_attr_uniq_config['attribute_name'] is empty or ( cur_attr_uniq_config['attribute_name'] | compare_lc_list(attr_name_list) ) == false" -- name: "Check across-all-subtrees for should be vanished." +- name: "Check across_all_subtrees for should be vanished." set_fact: remove_attr_uniq_entry_before: true - when: "('across-all-subtrees' in attr_uniq_config) and ('across_all_subtrees' not in entry_data)" + when: "('across_all_subtrees' in cur_attr_uniq_config) and ('across_all_subtrees' not in exp_entry_data)" -- name: "Check across-all-subtrees" +- name: "Check across_all_subtrees" set_fact: exec_set: true - when: "'across_all_subtrees' in entry_data and entry_data['across_all_subtrees'] is not empty \ - and ('across-all-subtrees' not in attr_uniq_config or entry_data['across_all_subtrees'] != attr_uniq_config['across-all-subtrees'])" + when: "'across_all_subtrees' in exp_entry_data and exp_entry_data['across_all_subtrees'] is not empty \ + and ('across_all_subtrees' not in cur_attr_uniq_config or exp_entry_data['across_all_subtrees'] != cur_attr_uniq_config['across_all_subtrees'])" -- name: "Check top-entry-oc for should be vanished." +- name: "Check top_entry_oc for should be vanished." set_fact: remove_attr_uniq_entry_before: true - when: "('top-entry-oc' in attr_uniq_config) and ('top_entry_oc' not in entry_data or entry_data['top_entry_oc'] is empty)" + when: "('top_entry_oc' in cur_attr_uniq_config) and ('top_entry_oc' not in exp_entry_data or exp_entry_data['top_entry_oc'] is empty)" -- name: 'Check top-entry-oc' +- name: 'Check top_entry_oc' set_fact: exec_set: true - when: "('top_entry_oc' in entry_data) and (entry_data['top_entry_oc'] is not empty) and \ - (('top-entry-oc' not in attr_uniq_config) or ((attr_uniq_config['top-entry-oc'] | lower) != (entry_data['top_entry_oc'] | lower)) )" + when: "('top_entry_oc' in exp_entry_data) and (exp_entry_data['top_entry_oc'] is not empty) and \ + (('top_entry_oc' not in cur_attr_uniq_config) or ((cur_attr_uniq_config['top_entry_oc'] | lower) != (exp_entry_data['top_entry_oc'] | lower)) )" -- name: "Check subtree-entries-oc for should be vanished." +- name: "Check subtree_entries_oc for should be vanished." set_fact: remove_attr_uniq_entry_before: true - when: "('subtree-entries-oc' in attr_uniq_config) and ('subtree_entries_oc' not in entry_data or entry_data['subtree_entries_oc'] is empty)" + when: "('subtree_entries_oc' in cur_attr_uniq_config) and ('subtree_entries_oc' not in exp_entry_data or exp_entry_data['subtree_entries_oc'] is empty)" -- name: 'Check subtree-entries-oc' +- name: 'Check subtree_entries_oc' set_fact: exec_set: true - when: "('subtree_entries_oc' in entry_data) and (entry_data['subtree_entries_oc'] is not empty) and \ - (('subtree-entries-oc' not in attr_uniq_config) or \ - ((attr_uniq_config['subtree-entries-oc'] | lower) != (entry_data['subtree_entries_oc'] | lower)) )" + when: "('subtree_entries_oc' in exp_entry_data) and (exp_entry_data['subtree_entries_oc'] is not empty) and \ + (('subtree_entries_oc' not in cur_attr_uniq_config) or \ + ((cur_attr_uniq_config['subtree_entries_oc'] | lower) != (exp_entry_data['subtree_entries_oc'] | lower)) )" - name: 'Actions for removing attr-uniq entry.' when: remove_attr_uniq_entry_before == true @@ -116,8 +131,17 @@ set_fact: exec_set: true + - name: 'Define command for removing attr-uniq entry.' + set_fact: + cmd_del_attr_uniq_entry: "dsconf {{ slapd_instance | quote }} plugin attr-uniq delete {{ entry_name | quote }}" + + - name: "Command for removing attr-uniq entry:" + debug: + var: cmd_del_attr_uniq_entry + verbosity: 1 + - name: 'Remove attr-uniq entry.' - ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin attr-uniq delete {{ entry_name | quote }}" + ansible.builtin.shell: "{{ cmd_del_attr_uniq_entry }}" - name: "Setting restart_389ds." set_fact: @@ -139,7 +163,7 @@ - name: "Add enabled to entry_set_cmd." set_fact: - entry_set_cmd: "{{ entry_set_cmd }} --enabled {{ entry_data['enabled'] | bool | default(true) | bool_to_on_off }}" + entry_set_cmd: "{{ entry_set_cmd }} --enabled {{ exp_entry_data['enabled'] | bool | default(true) | bool_to_on_off }}" - name: "Adding attribute name to entry_set_cmd." set_fact: @@ -147,22 +171,22 @@ - name: "Adding subtrees to entry_set_cmd." set_fact: - entry_set_cmd: "{{ entry_set_cmd }} --subtree {{ entry_data['subtrees'] | map('quote') | join(' ') }}" - when: "'subtrees' in entry_data and entry_data['subtrees'] | length > 0" + entry_set_cmd: "{{ entry_set_cmd }} --subtree {{ exp_entry_data['subtrees'] | map('quote') | join(' ') }}" + when: "'subtrees' in exp_entry_data and exp_entry_data['subtrees'] | length > 0" - name: "Adding across_all_subtrees to entry_set_cmd." set_fact: - entry_set_cmd: "{{ entry_set_cmd }} --across-all-subtrees {{ entry_data['across_all_subtrees'] | default(true) | bool_to_on_off }}" + entry_set_cmd: "{{ entry_set_cmd }} --across-all-subtrees {{ exp_entry_data['across_all_subtrees'] | default(true) | bool_to_on_off }}" - name: "Adding top_entry_oc to entry_set_cmd." set_fact: - entry_set_cmd: "{{ entry_set_cmd }} --top-entry-oc {{ entry_data['top_entry_oc'] | quote }}" - when: "'top_entry_oc' in entry_data and entry_data['top_entry_oc'] is not empty" + entry_set_cmd: "{{ entry_set_cmd }} --top-entry-oc {{ exp_entry_data['top_entry_oc'] | quote }}" + when: "'top_entry_oc' in exp_entry_data and exp_entry_data['top_entry_oc'] is not empty" - name: "Adding subtree_entries_oc to entry_set_cmd." set_fact: - entry_set_cmd: "{{ entry_set_cmd }} --subtree-entries-oc {{ entry_data['subtree_entries_oc'] | quote }}" - when: "'subtree_entries_oc' in entry_data and entry_data['subtree_entries_oc'] is defined and entry_data['subtree_entries_oc'] is not empty" + entry_set_cmd: "{{ entry_set_cmd }} --subtree-entries-oc {{ exp_entry_data['subtree_entries_oc'] | quote }}" + when: "'subtree_entries_oc' in exp_entry_data and exp_entry_data['subtree_entries_oc'] is defined and exp_entry_data['subtree_entries_oc'] is not empty" - name: "Adding entry name to entry_set_cmd." set_fact: @@ -171,7 +195,7 @@ - name: "Show command for adding/modifying an attr-uniq entry." debug: var: entry_set_cmd - verbosity: 0 + verbosity: 1 - name: "Finally adding attr-uniq entry." ansible.builtin.shell: "{{ entry_set_cmd }}" diff --git a/roles/389ds-config-plugins/tasks/attr-uniq-entry-remove.yaml b/roles/389ds-config-plugins/tasks/attr-uniq-entry-remove.yaml index ec7e177..0483aba 100644 --- a/roles/389ds-config-plugins/tasks/attr-uniq-entry-remove.yaml +++ b/roles/389ds-config-plugins/tasks/attr-uniq-entry-remove.yaml @@ -5,8 +5,17 @@ msg: "Removing attr-uniq entry {{ entry_name | quote }}." verbosity: 0 +- name: "Defining remove command for attr-uniq entry." + set_fact: + cmd_del_attr_uniq_entry: "dsconf {{ slapd_instance | quote }} plugin attr-uniq delete {{ entry_name | quote }}" + +- name: "Command for removing attr-uniq entry:" + debug: + var: cmd_del_attr_uniq_entry + verbosity: 1 + - name: "Finally remove attr-uniq entry." - ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin attr-uniq delete {{ entry_name | quote }}" + ansible.builtin.shell: "{{ cmd_del_attr_uniq_entry }}" - name: "Setting restart_389ds." set_fact: diff --git a/roles/389ds-config-plugins/tasks/attr-uniq-entry.yaml b/roles/389ds-config-plugins/tasks/attr-uniq-entry.yaml index c8723f6..62e2c36 100644 --- a/roles/389ds-config-plugins/tasks/attr-uniq-entry.yaml +++ b/roles/389ds-config-plugins/tasks/attr-uniq-entry.yaml @@ -8,44 +8,44 @@ - name: "Configure particular attr-uniq entry." debug: var: entry_name - verbosity: 0 + verbosity: 1 - name: 'Define presence or absence of attr-uniq entry.' set_fact: entry_should_exists: true - when: "'ensure' not in entry_data" + when: "'ensure' not in exp_entry_data" - name: 'Define presence or absence of attr-uniq entry.' - when: "'ensure' in entry_data" + when: "'ensure' in exp_entry_data" block: - name: 'Define presence or absence of attr-uniq entry by ensure == "present".' set_fact: entry_should_exists: true - when: "(entry_data['ensure'] | lower ) == 'present'" + when: "(exp_entry_data['ensure'] | lower ) == 'present'" - name: 'Define presence or absence of attr-uniq entry by ensure == "absent".' set_fact: entry_should_exists: false - when: "(entry_data['ensure'] | lower ) == 'absent'" + when: "(exp_entry_data['ensure'] | lower ) == 'absent'" - name: 'Define presence or absence of attr-uniq entry by ensure.' - when: "(entry_data['ensure'] | lower ) != 'present' and ( entry_data['ensure'] | lower ) != 'absent'" + when: "(exp_entry_data['ensure'] | lower ) != 'present' and ( exp_entry_data['ensure'] | lower ) != 'absent'" block: - name: 'Define presence or absence of attr-uniq entry by ensure to bool (true).' set_fact: entry_should_exists: true - when: "entry_data['ensure'] | bool == true" + when: "exp_entry_data['ensure'] | bool == true" - name: 'Define presence or absence of attr-uniq entry by ensure to bool (false).' set_fact: entry_should_exists: false - when: "entry_data['ensure'] | bool == false" + when: "exp_entry_data['ensure'] | bool == false" - debug: msg: "Entry {{ entry_name | quote }} should exists: {{ entry_should_exists }}" - verbosity: 0 + verbosity: 2 - name: 'Ensure absence of attr-uniq entry.' when: "entry_should_exists == false" diff --git a/roles/389ds-config-plugins/tasks/attr-uniq.yaml b/roles/389ds-config-plugins/tasks/attr-uniq.yaml index 33667ec..201ae2e 100644 --- a/roles/389ds-config-plugins/tasks/attr-uniq.yaml +++ b/roles/389ds-config-plugins/tasks/attr-uniq.yaml @@ -2,27 +2,16 @@ - name: "Merge attributes configuration" set_fact: - uniq_attributes: "{{ ds389_plugin_attr_uniq_attributes_default | ansible.builtin.combine(ds389_plugin_attr_uniq_attributes, list_merge='append_rp', recursive=true) }}" + merged_uniq_attributes: "{{ ds389_plugin_attr_uniq_attributes_default | ansible.builtin.combine(ds389_plugin_attr_uniq_attributes, list_merge='append_rp', recursive=true) }}" -- name: 'Show merged uniq_attributes' +- name: 'Show merged_uniq_attributes' debug: - var: uniq_attributes + var: merged_uniq_attributes verbosity: 2 -- name: 'Get the list of all attr-uniq entries.' - ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin attr-uniq list" - register: get_all_attr_uniq_entries - changed_when: false - check_mode: false - -- name: 'Show get_all_attr_uniq_entries.' - debug: - var: get_all_attr_uniq_entries - verbosity: 3 - - name: "Set cur_attr_uniq_entries." set_fact: - cur_attr_uniq_entries: "{{ get_all_attr_uniq_entries.stdout_lines | map('regex_replace', '\\s*$', '') }}" + cur_attr_uniq_entries: "{{ ds389_plugin_config.attr_uniq.keys() | list }}" - name: "Set cur_attr_uniq_entries_lc." set_fact: @@ -45,12 +34,12 @@ - name: 'Fill exp_attr_uniq_entries_lc.' set_fact: exp_attr_uniq_entries_lc: "{{ exp_attr_uniq_entries_lc + [ (item.key | lower) + ' attribute uniqueness' ] }}" - loop: "{{ uniq_attributes | dict2items | list }}" + loop: "{{ merged_uniq_attributes | dict2items | list }}" - name: 'Show exp_attr_uniq_entries_lc.' debug: var: exp_attr_uniq_entries_lc - verbosity: 0 + verbosity: 3 - name: "Predefine attr_uniq_entries_for_remove." set_fact: @@ -67,6 +56,7 @@ - name: "All attr_uniq_entries_for_remove." debug: var: attr_uniq_entries_for_remove + verbosity: 1 - name: 'Purge attr-uniq entries.' when: (ds389_plugin_attr_uniq_purge | bool) == true @@ -84,8 +74,9 @@ include_tasks: 'attr-uniq-entry.yaml' vars: attr_name: "{{ attrdict.key }}" - entry_data: "{{ attrdict.value }}" - loop: "{{ uniq_attributes | dict2items }}" + attr_name_list: "{{ [attrdict.key] }}" + exp_entry_data: "{{ attrdict.value }}" + loop: "{{ merged_uniq_attributes | dict2items }}" loop_control: loop_var: attrdict diff --git a/roles/389ds-config-plugins/tasks/main.yaml b/roles/389ds-config-plugins/tasks/main.yaml index 3a9fac6..1701ace 100644 --- a/roles/389ds-config-plugins/tasks/main.yaml +++ b/roles/389ds-config-plugins/tasks/main.yaml @@ -41,9 +41,9 @@ ds389_plugin_attr_uniq_config: true when: ds389_plugin_attr_uniq_config is undefined -# - name: "Configuring the 389ds attr-uniq-Plugin." -# include_tasks: 'attr-uniq.yaml' -# when: (ds389_plugin_attr_uniq_config | bool) == true +- name: "Configuring the 389ds attr-uniq-Plugin." + include_tasks: 'attr-uniq.yaml' + when: (ds389_plugin_attr_uniq_config | bool) == true - name: "Set default for ds389_plugin_account_policy_config." set_fact: