├── .ansible-lint
├── .flake8
├── .gitignore
├── .gitlab-ci.yml
├── .pre-commit-config.yaml
├── .releaserc
├── .yamllint
├── CHANGELOG.md
├── LICENSE
├── README.md
├── docs
├── univention_app.md
├── univention_config_registry.md
└── univention_directory_manager.md
├── galaxy.yml
├── meta
└── runtime.yml
├── plugins
└── modules
│ ├── univention_app.py
│ ├── univention_config_registry.py
│ └── univention_directory_manager.py
└── tests
└── integration
├── Dockerfile
└── targets
├── univention_app
└── tasks
│ └── main.yaml
├── univention_config_registry
└── tasks
│ └── main.yml
└── univention_directory_manager
└── tasks
└── main.yml
/.ansible-lint:
--------------------------------------------------------------------------------
1 | ---
2 | # .ansible-lint
3 | exclude_paths:
4 | - "tests/integration/targets/dev*"
5 | # parseable: true
6 | # quiet: true
7 | # verbosity: 1
8 |
9 | # Mock modules or roles in order to pass ansible-playbook --syntax-check
10 | mock_modules: []
11 | mock_roles: []
12 |
13 | # Enable checking of loop variable prefixes in roles
14 | loop_var_prefix: "{role}_"
15 |
16 | # Enforce variable names to follow pattern below, in addition to Ansible own
17 | # requirements, like avoiding python identifiers. To disable add `var-naming`
18 | # to skip_list.
19 | # var_naming_pattern: "^[a-z_][a-z0-9_]*$"
20 |
21 | use_default_rules: true
22 | # Load custom rules from this specific folder
23 | # rulesdir:
24 | # - ./rule/directory/
25 |
26 | # This makes linter to fully ignore rules/tags listed below
27 | skip_list: []
28 |
29 | # Any rule that has the 'opt-in' tag will not be loaded unless its 'id' is
30 | # mentioned in the enable_list:
31 | enable_list:
32 | - "fqcn-builtins" # opt-in
33 | - "no-log-password" # opt-in
34 | - "no-same-owner" # opt-in
35 | # add yaml here if you want to avoid ignoring yaml checks when yamllint
36 | # library is missing. Normally its absence just skips using that rule.
37 | # - yaml
38 | # Report only a subset of tags and fully ignore any others
39 | # tags:
40 | # - var-spacing
41 |
42 | # This makes the linter display but not fail for rules/tags listed below:
43 | warn_list:
44 | - "no-tabs"
45 |
46 | # Offline mode disables installation of requirements.yml
47 | offline: false
48 |
49 | # Define required Ansible's variables to satisfy syntax check
50 | extra_vars: {}
51 |
52 | # Uncomment to enforce action validation with tasks, usually is not
53 | # needed as Ansible syntax check also covers it.
54 | # skip_action_validation: false
55 |
56 | # List of additional kind:pattern to be added at the top of the default
57 | # match list, first match determines the file kind.
58 | kinds: []
59 |
--------------------------------------------------------------------------------
/.flake8:
--------------------------------------------------------------------------------
1 | [flake8]
2 | max-line-length = 120
3 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .cache/
2 | .vagrant
3 | *.log
4 | *.vault*
5 |
6 | Python
7 | __pycache__/
8 |
--------------------------------------------------------------------------------
/.gitlab-ci.yml:
--------------------------------------------------------------------------------
1 | stages:
2 | - .pre
3 | - prepare
4 | - release
5 | - publish
6 |
7 | .publish-common:
8 | artifacts:
9 | paths:
10 | - univention-ucs_modules-*
11 | expire_in: 14 days
12 | before_script:
13 | # Check if release has to be build
14 | - if [ -z "$RELEASE_VERSION" ]; then exit 0; fi
15 | # Set new semantic-release version
16 | - if [[ ${CI_COMMIT_BRANCH} != "main" ]];
17 | then
18 | VERSION=${RELEASE_VERSION}-dev${CI_PIPELINE_IID};
19 | else
20 | VERSION=${RELEASE_VERSION};
21 | fi
22 | - sed -i "/version. \"[0-9]\.[0-9]\.[0-9]\"/s/[0-9]\.[0-9]\.[0-9]/$VERSION/" galaxy.yml
23 | image: artifacts.knut.univention.de/upx/container-tooling/automation-ansible:main
24 | script:
25 | - ansible-galaxy collection build
26 | - ansible-galaxy collection publish --api-key ${ANSIBLE_GALAXY_API_KEY} univention-ucs_modules-${VERSION}.tar.gz
27 | stage: publish
28 | variables:
29 | GIT_DEPTH: "1"
30 |
31 | .common-semantic-release:
32 | except:
33 | - triggers
34 | - tags
35 | image: artifacts.knut.univention.de/upx/container-tooling/automation-semantic-release:main
36 | stage: prepare
37 | variables:
38 | GIT_STRATEGY: clone
39 | NODE_EXTRA_CA_CERTS: "/usr/local/share/ca-certificates/ucs-root-ca.crt"
40 |
41 | prepare:
42 | artifacts:
43 | reports:
44 | dotenv: ${CI_PROJECT_DIR}/deploy.env
45 | extends: .common-semantic-release
46 | script:
47 | - echo RELEASE_VERSION=$(semantic-release --dry-run --branches $CI_COMMIT_REF_NAME --plugins "@semantic-release/gitlab" | grep -oP "Published release [0-9]+\.[0-9]+\.[0-9]+ on" | grep -oP "[0-9]+\.[0-9]+\.[0-9]+") > ${CI_PROJECT_DIR}/deploy.env
48 | - cat ${CI_PROJECT_DIR}/deploy.env
49 | stage: prepare
50 |
51 | lint:
52 | before_script:
53 | - rm -rf ${CI_BUILDS_DIR}/ci-tooling
54 | - git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}/univention/customers/dataport/dps/helper/ci-tooling.git ${CI_BUILDS_DIR}/ci-tooling
55 | image: artifacts.knut.univention.de/upx/container-tooling/automation-linting:main
56 | except:
57 | refs:
58 | - triggers
59 | - tags
60 | variables:
61 | - $DISABLE_LINT =~ "true"
62 | script:
63 | - |
64 | if ! test -z ${VAULT_PASSWORD}
65 | then
66 | ln -s ${VAULT_PASSWORD} ${VAULT_PASSWORD_PATH}
67 | fi
68 | - pre-commit run --all-files --config .pre-commit-config.yaml --verbose
69 | stage: prepare
70 |
71 | release:
72 | artifacts:
73 | paths:
74 | - CHANGELOG.md
75 | extends: .common-semantic-release
76 | only:
77 | - main
78 | script:
79 | - |
80 | if test -f "${CI_PROJECT_DIR}/.releaserc"
81 | then
82 | PLUGINS=
83 | else
84 | PLUGINS="--plugins @semantic-release/gitlab,@semantic-release/release-notes-generator,@semantic-release/changelog"
85 | fi
86 | - semantic-release --branches $CI_COMMIT_REF_NAME $PLUGINS
87 | stage: release
88 |
89 | publish-main:
90 | extends: .publish-common
91 | only:
92 | - main
93 |
94 | publish-mr:
95 | except:
96 | - main
97 | - tags
98 | extends: .publish-common
99 | when: manual
100 |
--------------------------------------------------------------------------------
/.pre-commit-config.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # reference: https://pre-commit.com
3 |
4 | repos:
5 | - repo: "https://github.com/pre-commit/pre-commit-hooks"
6 | rev: "v4.4.0"
7 | hooks:
8 | - id: "check-added-large-files"
9 | - id: "check-case-conflict"
10 | - id: "check-docstring-first"
11 | - id: "check-executables-have-shebangs"
12 | - id: "check-json"
13 | - id: "check-symlinks"
14 | - id: "detect-private-key"
15 | - id: "end-of-file-fixer"
16 | - id: "trailing-whitespace"
17 |
18 | - repo: "https://github.com/adrienverge/yamllint"
19 | rev: "v1.30.0"
20 | hooks:
21 | - id: "yamllint"
22 | args:
23 | - "-c=.yamllint"
24 |
25 | - repo: "https://github.com/ansible/ansible-lint"
26 | rev: "v6.14.3"
27 | hooks:
28 | - id: "ansible-lint"
29 |
30 | - repo: "https://github.com/pycqa/flake8"
31 | rev: "6.0.0"
32 | hooks:
33 | - id: "flake8"
34 |
--------------------------------------------------------------------------------
/.releaserc:
--------------------------------------------------------------------------------
1 | {
2 | "plugins": [
3 | "@semantic-release/commit-analyzer",
4 | "@semantic-release/release-notes-generator",
5 | "@semantic-release/gitlab"
6 | ]
7 | }
8 |
--------------------------------------------------------------------------------
/.yamllint:
--------------------------------------------------------------------------------
1 | ---
2 | # reference: https://yamllint.readthedocs.io/
3 |
4 | extends: "default"
5 |
6 | ignore: |
7 | .gitlab-ci.yml
8 |
9 | rules:
10 | braces:
11 | max-spaces-inside: 1
12 | level: "error"
13 |
14 | brackets:
15 | max-spaces-inside: 1
16 | level: "error"
17 |
18 | line-length:
19 | max: 120
20 | level: "warning"
21 |
22 | new-line-at-end-of-file:
23 | level: "warning"
24 |
25 | quoted-strings:
26 | quote-type: "double"
27 | required: true
28 |
29 | truthy:
30 | level: "error"
31 |
--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/univention/ansible-modules/2bcc58e54b2e23ccb406c0e84669bdbb350c11e9/CHANGELOG.md
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | GNU GENERAL PUBLIC LICENSE
2 | Version 3, 29 June 2007
3 |
4 | Copyright (C) 2007 Free Software Foundation, Inc.
5 | Everyone is permitted to copy and distribute verbatim copies
6 | of this license document, but changing it is not allowed.
7 |
8 | Preamble
9 |
10 | The GNU General Public License is a free, copyleft license for
11 | software and other kinds of works.
12 |
13 | The licenses for most software and other practical works are designed
14 | to take away your freedom to share and change the works. By contrast,
15 | the GNU General Public License is intended to guarantee your freedom to
16 | share and change all versions of a program--to make sure it remains free
17 | software for all its users. We, the Free Software Foundation, use the
18 | GNU General Public License for most of our software; it applies also to
19 | any other work released this way by its authors. You can apply it to
20 | your programs, too.
21 |
22 | When we speak of free software, we are referring to freedom, not
23 | price. Our General Public Licenses are designed to make sure that you
24 | have the freedom to distribute copies of free software (and charge for
25 | them if you wish), that you receive source code or can get it if you
26 | want it, that you can change the software or use pieces of it in new
27 | free programs, and that you know you can do these things.
28 |
29 | To protect your rights, we need to prevent others from denying you
30 | these rights or asking you to surrender the rights. Therefore, you have
31 | certain responsibilities if you distribute copies of the software, or if
32 | you modify it: responsibilities to respect the freedom of others.
33 |
34 | For example, if you distribute copies of such a program, whether
35 | gratis or for a fee, you must pass on to the recipients the same
36 | freedoms that you received. You must make sure that they, too, receive
37 | or can get the source code. And you must show them these terms so they
38 | know their rights.
39 |
40 | Developers that use the GNU GPL protect your rights with two steps:
41 | (1) assert copyright on the software, and (2) offer you this License
42 | giving you legal permission to copy, distribute and/or modify it.
43 |
44 | For the developers' and authors' protection, the GPL clearly explains
45 | that there is no warranty for this free software. For both users' and
46 | authors' sake, the GPL requires that modified versions be marked as
47 | changed, so that their problems will not be attributed erroneously to
48 | authors of previous versions.
49 |
50 | Some devices are designed to deny users access to install or run
51 | modified versions of the software inside them, although the manufacturer
52 | can do so. This is fundamentally incompatible with the aim of
53 | protecting users' freedom to change the software. The systematic
54 | pattern of such abuse occurs in the area of products for individuals to
55 | use, which is precisely where it is most unacceptable. Therefore, we
56 | have designed this version of the GPL to prohibit the practice for those
57 | products. If such problems arise substantially in other domains, we
58 | stand ready to extend this provision to those domains in future versions
59 | of the GPL, as needed to protect the freedom of users.
60 |
61 | Finally, every program is threatened constantly by software patents.
62 | States should not allow patents to restrict development and use of
63 | software on general-purpose computers, but in those that do, we wish to
64 | avoid the special danger that patents applied to a free program could
65 | make it effectively proprietary. To prevent this, the GPL assures that
66 | patents cannot be used to render the program non-free.
67 |
68 | The precise terms and conditions for copying, distribution and
69 | modification follow.
70 |
71 | TERMS AND CONDITIONS
72 |
73 | 0. Definitions.
74 |
75 | "This License" refers to version 3 of the GNU General Public License.
76 |
77 | "Copyright" also means copyright-like laws that apply to other kinds of
78 | works, such as semiconductor masks.
79 |
80 | "The Program" refers to any copyrightable work licensed under this
81 | License. Each licensee is addressed as "you". "Licensees" and
82 | "recipients" may be individuals or organizations.
83 |
84 | To "modify" a work means to copy from or adapt all or part of the work
85 | in a fashion requiring copyright permission, other than the making of an
86 | exact copy. The resulting work is called a "modified version" of the
87 | earlier work or a work "based on" the earlier work.
88 |
89 | A "covered work" means either the unmodified Program or a work based
90 | on the Program.
91 |
92 | To "propagate" a work means to do anything with it that, without
93 | permission, would make you directly or secondarily liable for
94 | infringement under applicable copyright law, except executing it on a
95 | computer or modifying a private copy. Propagation includes copying,
96 | distribution (with or without modification), making available to the
97 | public, and in some countries other activities as well.
98 |
99 | To "convey" a work means any kind of propagation that enables other
100 | parties to make or receive copies. Mere interaction with a user through
101 | a computer network, with no transfer of a copy, is not conveying.
102 |
103 | An interactive user interface displays "Appropriate Legal Notices"
104 | to the extent that it includes a convenient and prominently visible
105 | feature that (1) displays an appropriate copyright notice, and (2)
106 | tells the user that there is no warranty for the work (except to the
107 | extent that warranties are provided), that licensees may convey the
108 | work under this License, and how to view a copy of this License. If
109 | the interface presents a list of user commands or options, such as a
110 | menu, a prominent item in the list meets this criterion.
111 |
112 | 1. Source Code.
113 |
114 | The "source code" for a work means the preferred form of the work
115 | for making modifications to it. "Object code" means any non-source
116 | form of a work.
117 |
118 | A "Standard Interface" means an interface that either is an official
119 | standard defined by a recognized standards body, or, in the case of
120 | interfaces specified for a particular programming language, one that
121 | is widely used among developers working in that language.
122 |
123 | The "System Libraries" of an executable work include anything, other
124 | than the work as a whole, that (a) is included in the normal form of
125 | packaging a Major Component, but which is not part of that Major
126 | Component, and (b) serves only to enable use of the work with that
127 | Major Component, or to implement a Standard Interface for which an
128 | implementation is available to the public in source code form. A
129 | "Major Component", in this context, means a major essential component
130 | (kernel, window system, and so on) of the specific operating system
131 | (if any) on which the executable work runs, or a compiler used to
132 | produce the work, or an object code interpreter used to run it.
133 |
134 | The "Corresponding Source" for a work in object code form means all
135 | the source code needed to generate, install, and (for an executable
136 | work) run the object code and to modify the work, including scripts to
137 | control those activities. However, it does not include the work's
138 | System Libraries, or general-purpose tools or generally available free
139 | programs which are used unmodified in performing those activities but
140 | which are not part of the work. For example, Corresponding Source
141 | includes interface definition files associated with source files for
142 | the work, and the source code for shared libraries and dynamically
143 | linked subprograms that the work is specifically designed to require,
144 | such as by intimate data communication or control flow between those
145 | subprograms and other parts of the work.
146 |
147 | The Corresponding Source need not include anything that users
148 | can regenerate automatically from other parts of the Corresponding
149 | Source.
150 |
151 | The Corresponding Source for a work in source code form is that
152 | same work.
153 |
154 | 2. Basic Permissions.
155 |
156 | All rights granted under this License are granted for the term of
157 | copyright on the Program, and are irrevocable provided the stated
158 | conditions are met. This License explicitly affirms your unlimited
159 | permission to run the unmodified Program. The output from running a
160 | covered work is covered by this License only if the output, given its
161 | content, constitutes a covered work. This License acknowledges your
162 | rights of fair use or other equivalent, as provided by copyright law.
163 |
164 | You may make, run and propagate covered works that you do not
165 | convey, without conditions so long as your license otherwise remains
166 | in force. You may convey covered works to others for the sole purpose
167 | of having them make modifications exclusively for you, or provide you
168 | with facilities for running those works, provided that you comply with
169 | the terms of this License in conveying all material for which you do
170 | not control copyright. Those thus making or running the covered works
171 | for you must do so exclusively on your behalf, under your direction
172 | and control, on terms that prohibit them from making any copies of
173 | your copyrighted material outside their relationship with you.
174 |
175 | Conveying under any other circumstances is permitted solely under
176 | the conditions stated below. Sublicensing is not allowed; section 10
177 | makes it unnecessary.
178 |
179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
180 |
181 | No covered work shall be deemed part of an effective technological
182 | measure under any applicable law fulfilling obligations under article
183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
184 | similar laws prohibiting or restricting circumvention of such
185 | measures.
186 |
187 | When you convey a covered work, you waive any legal power to forbid
188 | circumvention of technological measures to the extent such circumvention
189 | is effected by exercising rights under this License with respect to
190 | the covered work, and you disclaim any intention to limit operation or
191 | modification of the work as a means of enforcing, against the work's
192 | users, your or third parties' legal rights to forbid circumvention of
193 | technological measures.
194 |
195 | 4. Conveying Verbatim Copies.
196 |
197 | You may convey verbatim copies of the Program's source code as you
198 | receive it, in any medium, provided that you conspicuously and
199 | appropriately publish on each copy an appropriate copyright notice;
200 | keep intact all notices stating that this License and any
201 | non-permissive terms added in accord with section 7 apply to the code;
202 | keep intact all notices of the absence of any warranty; and give all
203 | recipients a copy of this License along with the Program.
204 |
205 | You may charge any price or no price for each copy that you convey,
206 | and you may offer support or warranty protection for a fee.
207 |
208 | 5. Conveying Modified Source Versions.
209 |
210 | You may convey a work based on the Program, or the modifications to
211 | produce it from the Program, in the form of source code under the
212 | terms of section 4, provided that you also meet all of these conditions:
213 |
214 | a) The work must carry prominent notices stating that you modified
215 | it, and giving a relevant date.
216 |
217 | b) The work must carry prominent notices stating that it is
218 | released under this License and any conditions added under section
219 | 7. This requirement modifies the requirement in section 4 to
220 | "keep intact all notices".
221 |
222 | c) You must license the entire work, as a whole, under this
223 | License to anyone who comes into possession of a copy. This
224 | License will therefore apply, along with any applicable section 7
225 | additional terms, to the whole of the work, and all its parts,
226 | regardless of how they are packaged. This License gives no
227 | permission to license the work in any other way, but it does not
228 | invalidate such permission if you have separately received it.
229 |
230 | d) If the work has interactive user interfaces, each must display
231 | Appropriate Legal Notices; however, if the Program has interactive
232 | interfaces that do not display Appropriate Legal Notices, your
233 | work need not make them do so.
234 |
235 | A compilation of a covered work with other separate and independent
236 | works, which are not by their nature extensions of the covered work,
237 | and which are not combined with it such as to form a larger program,
238 | in or on a volume of a storage or distribution medium, is called an
239 | "aggregate" if the compilation and its resulting copyright are not
240 | used to limit the access or legal rights of the compilation's users
241 | beyond what the individual works permit. Inclusion of a covered work
242 | in an aggregate does not cause this License to apply to the other
243 | parts of the aggregate.
244 |
245 | 6. Conveying Non-Source Forms.
246 |
247 | You may convey a covered work in object code form under the terms
248 | of sections 4 and 5, provided that you also convey the
249 | machine-readable Corresponding Source under the terms of this License,
250 | in one of these ways:
251 |
252 | a) Convey the object code in, or embodied in, a physical product
253 | (including a physical distribution medium), accompanied by the
254 | Corresponding Source fixed on a durable physical medium
255 | customarily used for software interchange.
256 |
257 | b) Convey the object code in, or embodied in, a physical product
258 | (including a physical distribution medium), accompanied by a
259 | written offer, valid for at least three years and valid for as
260 | long as you offer spare parts or customer support for that product
261 | model, to give anyone who possesses the object code either (1) a
262 | copy of the Corresponding Source for all the software in the
263 | product that is covered by this License, on a durable physical
264 | medium customarily used for software interchange, for a price no
265 | more than your reasonable cost of physically performing this
266 | conveying of source, or (2) access to copy the
267 | Corresponding Source from a network server at no charge.
268 |
269 | c) Convey individual copies of the object code with a copy of the
270 | written offer to provide the Corresponding Source. This
271 | alternative is allowed only occasionally and noncommercially, and
272 | only if you received the object code with such an offer, in accord
273 | with subsection 6b.
274 |
275 | d) Convey the object code by offering access from a designated
276 | place (gratis or for a charge), and offer equivalent access to the
277 | Corresponding Source in the same way through the same place at no
278 | further charge. You need not require recipients to copy the
279 | Corresponding Source along with the object code. If the place to
280 | copy the object code is a network server, the Corresponding Source
281 | may be on a different server (operated by you or a third party)
282 | that supports equivalent copying facilities, provided you maintain
283 | clear directions next to the object code saying where to find the
284 | Corresponding Source. Regardless of what server hosts the
285 | Corresponding Source, you remain obligated to ensure that it is
286 | available for as long as needed to satisfy these requirements.
287 |
288 | e) Convey the object code using peer-to-peer transmission, provided
289 | you inform other peers where the object code and Corresponding
290 | Source of the work are being offered to the general public at no
291 | charge under subsection 6d.
292 |
293 | A separable portion of the object code, whose source code is excluded
294 | from the Corresponding Source as a System Library, need not be
295 | included in conveying the object code work.
296 |
297 | A "User Product" is either (1) a "consumer product", which means any
298 | tangible personal property which is normally used for personal, family,
299 | or household purposes, or (2) anything designed or sold for incorporation
300 | into a dwelling. In determining whether a product is a consumer product,
301 | doubtful cases shall be resolved in favor of coverage. For a particular
302 | product received by a particular user, "normally used" refers to a
303 | typical or common use of that class of product, regardless of the status
304 | of the particular user or of the way in which the particular user
305 | actually uses, or expects or is expected to use, the product. A product
306 | is a consumer product regardless of whether the product has substantial
307 | commercial, industrial or non-consumer uses, unless such uses represent
308 | the only significant mode of use of the product.
309 |
310 | "Installation Information" for a User Product means any methods,
311 | procedures, authorization keys, or other information required to install
312 | and execute modified versions of a covered work in that User Product from
313 | a modified version of its Corresponding Source. The information must
314 | suffice to ensure that the continued functioning of the modified object
315 | code is in no case prevented or interfered with solely because
316 | modification has been made.
317 |
318 | If you convey an object code work under this section in, or with, or
319 | specifically for use in, a User Product, and the conveying occurs as
320 | part of a transaction in which the right of possession and use of the
321 | User Product is transferred to the recipient in perpetuity or for a
322 | fixed term (regardless of how the transaction is characterized), the
323 | Corresponding Source conveyed under this section must be accompanied
324 | by the Installation Information. But this requirement does not apply
325 | if neither you nor any third party retains the ability to install
326 | modified object code on the User Product (for example, the work has
327 | been installed in ROM).
328 |
329 | The requirement to provide Installation Information does not include a
330 | requirement to continue to provide support service, warranty, or updates
331 | for a work that has been modified or installed by the recipient, or for
332 | the User Product in which it has been modified or installed. Access to a
333 | network may be denied when the modification itself materially and
334 | adversely affects the operation of the network or violates the rules and
335 | protocols for communication across the network.
336 |
337 | Corresponding Source conveyed, and Installation Information provided,
338 | in accord with this section must be in a format that is publicly
339 | documented (and with an implementation available to the public in
340 | source code form), and must require no special password or key for
341 | unpacking, reading or copying.
342 |
343 | 7. Additional Terms.
344 |
345 | "Additional permissions" are terms that supplement the terms of this
346 | License by making exceptions from one or more of its conditions.
347 | Additional permissions that are applicable to the entire Program shall
348 | be treated as though they were included in this License, to the extent
349 | that they are valid under applicable law. If additional permissions
350 | apply only to part of the Program, that part may be used separately
351 | under those permissions, but the entire Program remains governed by
352 | this License without regard to the additional permissions.
353 |
354 | When you convey a copy of a covered work, you may at your option
355 | remove any additional permissions from that copy, or from any part of
356 | it. (Additional permissions may be written to require their own
357 | removal in certain cases when you modify the work.) You may place
358 | additional permissions on material, added by you to a covered work,
359 | for which you have or can give appropriate copyright permission.
360 |
361 | Notwithstanding any other provision of this License, for material you
362 | add to a covered work, you may (if authorized by the copyright holders of
363 | that material) supplement the terms of this License with terms:
364 |
365 | a) Disclaiming warranty or limiting liability differently from the
366 | terms of sections 15 and 16 of this License; or
367 |
368 | b) Requiring preservation of specified reasonable legal notices or
369 | author attributions in that material or in the Appropriate Legal
370 | Notices displayed by works containing it; or
371 |
372 | c) Prohibiting misrepresentation of the origin of that material, or
373 | requiring that modified versions of such material be marked in
374 | reasonable ways as different from the original version; or
375 |
376 | d) Limiting the use for publicity purposes of names of licensors or
377 | authors of the material; or
378 |
379 | e) Declining to grant rights under trademark law for use of some
380 | trade names, trademarks, or service marks; or
381 |
382 | f) Requiring indemnification of licensors and authors of that
383 | material by anyone who conveys the material (or modified versions of
384 | it) with contractual assumptions of liability to the recipient, for
385 | any liability that these contractual assumptions directly impose on
386 | those licensors and authors.
387 |
388 | All other non-permissive additional terms are considered "further
389 | restrictions" within the meaning of section 10. If the Program as you
390 | received it, or any part of it, contains a notice stating that it is
391 | governed by this License along with a term that is a further
392 | restriction, you may remove that term. If a license document contains
393 | a further restriction but permits relicensing or conveying under this
394 | License, you may add to a covered work material governed by the terms
395 | of that license document, provided that the further restriction does
396 | not survive such relicensing or conveying.
397 |
398 | If you add terms to a covered work in accord with this section, you
399 | must place, in the relevant source files, a statement of the
400 | additional terms that apply to those files, or a notice indicating
401 | where to find the applicable terms.
402 |
403 | Additional terms, permissive or non-permissive, may be stated in the
404 | form of a separately written license, or stated as exceptions;
405 | the above requirements apply either way.
406 |
407 | 8. Termination.
408 |
409 | You may not propagate or modify a covered work except as expressly
410 | provided under this License. Any attempt otherwise to propagate or
411 | modify it is void, and will automatically terminate your rights under
412 | this License (including any patent licenses granted under the third
413 | paragraph of section 11).
414 |
415 | However, if you cease all violation of this License, then your
416 | license from a particular copyright holder is reinstated (a)
417 | provisionally, unless and until the copyright holder explicitly and
418 | finally terminates your license, and (b) permanently, if the copyright
419 | holder fails to notify you of the violation by some reasonable means
420 | prior to 60 days after the cessation.
421 |
422 | Moreover, your license from a particular copyright holder is
423 | reinstated permanently if the copyright holder notifies you of the
424 | violation by some reasonable means, this is the first time you have
425 | received notice of violation of this License (for any work) from that
426 | copyright holder, and you cure the violation prior to 30 days after
427 | your receipt of the notice.
428 |
429 | Termination of your rights under this section does not terminate the
430 | licenses of parties who have received copies or rights from you under
431 | this License. If your rights have been terminated and not permanently
432 | reinstated, you do not qualify to receive new licenses for the same
433 | material under section 10.
434 |
435 | 9. Acceptance Not Required for Having Copies.
436 |
437 | You are not required to accept this License in order to receive or
438 | run a copy of the Program. Ancillary propagation of a covered work
439 | occurring solely as a consequence of using peer-to-peer transmission
440 | to receive a copy likewise does not require acceptance. However,
441 | nothing other than this License grants you permission to propagate or
442 | modify any covered work. These actions infringe copyright if you do
443 | not accept this License. Therefore, by modifying or propagating a
444 | covered work, you indicate your acceptance of this License to do so.
445 |
446 | 10. Automatic Licensing of Downstream Recipients.
447 |
448 | Each time you convey a covered work, the recipient automatically
449 | receives a license from the original licensors, to run, modify and
450 | propagate that work, subject to this License. You are not responsible
451 | for enforcing compliance by third parties with this License.
452 |
453 | An "entity transaction" is a transaction transferring control of an
454 | organization, or substantially all assets of one, or subdividing an
455 | organization, or merging organizations. If propagation of a covered
456 | work results from an entity transaction, each party to that
457 | transaction who receives a copy of the work also receives whatever
458 | licenses to the work the party's predecessor in interest had or could
459 | give under the previous paragraph, plus a right to possession of the
460 | Corresponding Source of the work from the predecessor in interest, if
461 | the predecessor has it or can get it with reasonable efforts.
462 |
463 | You may not impose any further restrictions on the exercise of the
464 | rights granted or affirmed under this License. For example, you may
465 | not impose a license fee, royalty, or other charge for exercise of
466 | rights granted under this License, and you may not initiate litigation
467 | (including a cross-claim or counterclaim in a lawsuit) alleging that
468 | any patent claim is infringed by making, using, selling, offering for
469 | sale, or importing the Program or any portion of it.
470 |
471 | 11. Patents.
472 |
473 | A "contributor" is a copyright holder who authorizes use under this
474 | License of the Program or a work on which the Program is based. The
475 | work thus licensed is called the contributor's "contributor version".
476 |
477 | A contributor's "essential patent claims" are all patent claims
478 | owned or controlled by the contributor, whether already acquired or
479 | hereafter acquired, that would be infringed by some manner, permitted
480 | by this License, of making, using, or selling its contributor version,
481 | but do not include claims that would be infringed only as a
482 | consequence of further modification of the contributor version. For
483 | purposes of this definition, "control" includes the right to grant
484 | patent sublicenses in a manner consistent with the requirements of
485 | this License.
486 |
487 | Each contributor grants you a non-exclusive, worldwide, royalty-free
488 | patent license under the contributor's essential patent claims, to
489 | make, use, sell, offer for sale, import and otherwise run, modify and
490 | propagate the contents of its contributor version.
491 |
492 | In the following three paragraphs, a "patent license" is any express
493 | agreement or commitment, however denominated, not to enforce a patent
494 | (such as an express permission to practice a patent or covenant not to
495 | sue for patent infringement). To "grant" such a patent license to a
496 | party means to make such an agreement or commitment not to enforce a
497 | patent against the party.
498 |
499 | If you convey a covered work, knowingly relying on a patent license,
500 | and the Corresponding Source of the work is not available for anyone
501 | to copy, free of charge and under the terms of this License, through a
502 | publicly available network server or other readily accessible means,
503 | then you must either (1) cause the Corresponding Source to be so
504 | available, or (2) arrange to deprive yourself of the benefit of the
505 | patent license for this particular work, or (3) arrange, in a manner
506 | consistent with the requirements of this License, to extend the patent
507 | license to downstream recipients. "Knowingly relying" means you have
508 | actual knowledge that, but for the patent license, your conveying the
509 | covered work in a country, or your recipient's use of the covered work
510 | in a country, would infringe one or more identifiable patents in that
511 | country that you have reason to believe are valid.
512 |
513 | If, pursuant to or in connection with a single transaction or
514 | arrangement, you convey, or propagate by procuring conveyance of, a
515 | covered work, and grant a patent license to some of the parties
516 | receiving the covered work authorizing them to use, propagate, modify
517 | or convey a specific copy of the covered work, then the patent license
518 | you grant is automatically extended to all recipients of the covered
519 | work and works based on it.
520 |
521 | A patent license is "discriminatory" if it does not include within
522 | the scope of its coverage, prohibits the exercise of, or is
523 | conditioned on the non-exercise of one or more of the rights that are
524 | specifically granted under this License. You may not convey a covered
525 | work if you are a party to an arrangement with a third party that is
526 | in the business of distributing software, under which you make payment
527 | to the third party based on the extent of your activity of conveying
528 | the work, and under which the third party grants, to any of the
529 | parties who would receive the covered work from you, a discriminatory
530 | patent license (a) in connection with copies of the covered work
531 | conveyed by you (or copies made from those copies), or (b) primarily
532 | for and in connection with specific products or compilations that
533 | contain the covered work, unless you entered into that arrangement,
534 | or that patent license was granted, prior to 28 March 2007.
535 |
536 | Nothing in this License shall be construed as excluding or limiting
537 | any implied license or other defenses to infringement that may
538 | otherwise be available to you under applicable patent law.
539 |
540 | 12. No Surrender of Others' Freedom.
541 |
542 | If conditions are imposed on you (whether by court order, agreement or
543 | otherwise) that contradict the conditions of this License, they do not
544 | excuse you from the conditions of this License. If you cannot convey a
545 | covered work so as to satisfy simultaneously your obligations under this
546 | License and any other pertinent obligations, then as a consequence you may
547 | not convey it at all. For example, if you agree to terms that obligate you
548 | to collect a royalty for further conveying from those to whom you convey
549 | the Program, the only way you could satisfy both those terms and this
550 | License would be to refrain entirely from conveying the Program.
551 |
552 | 13. Use with the GNU Affero General Public License.
553 |
554 | Notwithstanding any other provision of this License, you have
555 | permission to link or combine any covered work with a work licensed
556 | under version 3 of the GNU Affero General Public License into a single
557 | combined work, and to convey the resulting work. The terms of this
558 | License will continue to apply to the part which is the covered work,
559 | but the special requirements of the GNU Affero General Public License,
560 | section 13, concerning interaction through a network will apply to the
561 | combination as such.
562 |
563 | 14. Revised Versions of this License.
564 |
565 | The Free Software Foundation may publish revised and/or new versions of
566 | the GNU General Public License from time to time. Such new versions will
567 | be similar in spirit to the present version, but may differ in detail to
568 | address new problems or concerns.
569 |
570 | Each version is given a distinguishing version number. If the
571 | Program specifies that a certain numbered version of the GNU General
572 | Public License "or any later version" applies to it, you have the
573 | option of following the terms and conditions either of that numbered
574 | version or of any later version published by the Free Software
575 | Foundation. If the Program does not specify a version number of the
576 | GNU General Public License, you may choose any version ever published
577 | by the Free Software Foundation.
578 |
579 | If the Program specifies that a proxy can decide which future
580 | versions of the GNU General Public License can be used, that proxy's
581 | public statement of acceptance of a version permanently authorizes you
582 | to choose that version for the Program.
583 |
584 | Later license versions may give you additional or different
585 | permissions. However, no additional obligations are imposed on any
586 | author or copyright holder as a result of your choosing to follow a
587 | later version.
588 |
589 | 15. Disclaimer of Warranty.
590 |
591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
599 |
600 | 16. Limitation of Liability.
601 |
602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
610 | SUCH DAMAGES.
611 |
612 | 17. Interpretation of Sections 15 and 16.
613 |
614 | If the disclaimer of warranty and limitation of liability provided
615 | above cannot be given local legal effect according to their terms,
616 | reviewing courts shall apply local law that most closely approximates
617 | an absolute waiver of all civil liability in connection with the
618 | Program, unless a warranty or assumption of liability accompanies a
619 | copy of the Program in return for a fee.
620 |
621 | END OF TERMS AND CONDITIONS
622 |
623 | How to Apply These Terms to Your New Programs
624 |
625 | If you develop a new program, and you want it to be of the greatest
626 | possible use to the public, the best way to achieve this is to make it
627 | free software which everyone can redistribute and change under these terms.
628 |
629 | To do so, attach the following notices to the program. It is safest
630 | to attach them to the start of each source file to most effectively
631 | state the exclusion of warranty; and each file should have at least
632 | the "copyright" line and a pointer to where the full notice is found.
633 |
634 |
635 | Copyright (C)
636 |
637 | This program is free software: you can redistribute it and/or modify
638 | it under the terms of the GNU General Public License as published by
639 | the Free Software Foundation, either version 3 of the License, or
640 | (at your option) any later version.
641 |
642 | This program is distributed in the hope that it will be useful,
643 | but WITHOUT ANY WARRANTY; without even the implied warranty of
644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
645 | GNU General Public License for more details.
646 |
647 | You should have received a copy of the GNU General Public License
648 | along with this program. If not, see .
649 |
650 | Also add information on how to contact you by electronic and paper mail.
651 |
652 | If the program does terminal interaction, make it output a short
653 | notice like this when it starts in an interactive mode:
654 |
655 | Copyright (C)
656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
657 | This is free software, and you are welcome to redistribute it
658 | under certain conditions; type `show c' for details.
659 |
660 | The hypothetical commands `show w' and `show c' should show the appropriate
661 | parts of the General Public License. Of course, your program's commands
662 | might be different; for a GUI interface, you would use an "about box".
663 |
664 | You should also get your employer (if you work as a programmer) or school,
665 | if any, to sign a "copyright disclaimer" for the program, if necessary.
666 | For more information on this, and how to apply and follow the GNU GPL, see
667 | .
668 |
669 | The GNU General Public License does not permit incorporating your program
670 | into proprietary programs. If your program is a subroutine library, you
671 | may consider it more useful to permit linking proprietary applications with
672 | the library. If this is what you want to do, use the GNU Lesser General
673 | Public License instead of this License. But first, please read
674 | .
675 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Univention Corporate Server Modules
2 |
3 | The Ansible Univention Corporate Server Modules Collections contains a variety of Ansible modules to help automate the
4 | management of Univention Corporate Server instances.
5 |
6 | ## Compatibilities
7 |
8 | ### Univention version compatibility
9 |
10 | This collection has been tested against following UCS versions: < 4.2
11 |
12 | Since UCS 5.0 `ansible_python_interpreter=/usr/bin/python3` is required.
13 |
14 | ### Ansible version compatibility
15 |
16 | This collection has been tested against following Ansible versions: >= 2.11
17 |
18 | Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain
19 | metadata that identifies these versions.
20 |
21 | ### Python version compatibility
22 |
23 | This collection has been tested against following Python versions: >= 2.7 or >= 3.9
24 |
25 | ## Included content
26 |
27 | ### Modules
28 | Name | Description
29 | --- | ---
30 | [univention.ucs_modules.univention_config_registry](./docs/univention_config_registry.md)|Manage Univention Config Registry (UCR) variables
31 | [univention.ucs_modules.univention_directory_manager](./docs/univention_directory_manager.md)|Manage objects via Univention Directory Manager (UDM)
32 | [univention.ucs_modules.univention_app](./docs/univention_app.md)|Manage univention apps on UCS
33 |
34 | ## Installing this collection
35 |
36 | You can install the Univention Corporate Server Modules collection with the Ansible Galaxy CLI:
37 |
38 | ```shell
39 | ansible-galaxy collection install univention.ucs_modules
40 | ```
41 |
42 | You can also include it in a `requirements.yml` file and install it with `ansible-galaxy collection install -r requirements.yml`, using the format:
43 |
44 | ```yaml
45 | ---
46 | collections:
47 | - name: "univention.ucs_modules"
48 | source: "https://galaxy.ansible.com"
49 | ```
50 |
51 | A specific version of the collection can be installed by using the version keyword in the `requirements.yml` file:
52 |
53 | ```yaml
54 | ---
55 | collections:
56 | - name: "univention.ucs_modules"
57 | source: "https://galaxy.ansible.com"
58 | version: "1.0.0"
59 | ```
60 |
61 | ## Licensing
62 |
63 | GNU General Public License v3.0 or later.
64 |
65 | See [LICENSE](https://www.gnu.org/licenses/gpl-3.0.txt) to see the full text.
66 |
--------------------------------------------------------------------------------
/docs/univention_app.md:
--------------------------------------------------------------------------------
1 | # univention.ucs_modules.univention_app
2 |
3 | **Manage Apps on UCS.**
4 |
5 | Version added: 1.1.0
6 |
7 | ## Synopsis
8 |
9 | - Install & Upgrade Apps
10 | - Configure Apps
11 | - Delete Apps
12 |
13 | ## Requirements
14 |
15 | The below requirements are needed on the host that executes this module.
16 |
17 | - Python `>= 2.7` or `>= 3.9`
18 |
19 | ## Parameters
20 |
21 | | Parameter | Defaults | Comments |
22 | | ----------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------ |
23 | | name (string) | | The name of the App that is managed. |
24 | | state (string) | "present" | The desired state of the App (present/absent/started/stopped). |
25 | | version (string) | "current" | The desired version of the app (cannot be lower than currently installed) or latest (If App not installed, "current" behaves like latest). |
26 | | auth_username (string) | | The Administrator Username on the UCS system. |
27 | | auth_password (string) | | The Admin Password for the system. |
28 | | config (dict) | | A dict of configuration properties for the selceted Application (case-insentitive). |
29 | | stall (str) | | Whether App should be stalled or unstalled ("stalled", "unstalled"). |
30 | | update_app_lists (bool) | True | Updates the list of apps and their versions - Only runs when app is installed or updated |
31 |
32 | ## Notes
33 |
34 | ## Examples
35 |
36 | ```yaml
37 | # Install with specific version and config parameter
38 | - name: install & configure ox-connector
39 | univention_app:
40 | name: ox-connector
41 | state: present
42 | version: 2.1.0
43 | auth_username: Administrator
44 | auth_password: univention
45 | config:
46 | ox_SOAP_SERVER: "Test"
47 |
48 | # Upgrade to specific version
49 | - name: upgrade ox-connector
50 | univention_app:
51 | name: ox-connector
52 | state: present
53 | version: 2.1.3
54 | auth_username: Administrator
55 | auth_password: univention
56 |
57 | # change config Params
58 | - name: configure ox-connector
59 | univention_app:
60 | name: ox-connector
61 | state: present
62 | auth_username: Administrator
63 | auth_password: univention
64 | config:
65 | ox_SOAP_SERVER: "TestTest"
66 |
67 | # No changes when Config Params are identical
68 | - name: configure ox-connector no changes
69 | univention_app:
70 | name: ox-connector
71 | state: present
72 | auth_username: Administrator
73 | auth_password: univention
74 | config:
75 | ox_SOAP_SERVER: "TestTest"
76 |
77 | # Stop App
78 | - name: stop ox-connector
79 | univention_app:
80 | name: ox-connector
81 | state: stopped
82 | auth_username: Administrator
83 | auth_password: univention
84 |
85 | # Stall App
86 | - name: stall ox-connector
87 | univention_app:
88 | name: ox-connector
89 | state: present
90 | auth_username: Administrator
91 | auth_password: univention
92 | stall: "stalled"
93 |
94 | # unstall App
95 | - name: stall ox-connector
96 | univention_app:
97 | name: ox-connector
98 | state: present
99 | auth_username: Administrator
100 | auth_password: univention
101 | stall: "unstalled"
102 |
103 | # Deinstall App
104 | - name: uninstall ox-connector
105 | univention_app:
106 | name: ox-connector
107 | state: absent
108 | auth_username: Administrator
109 | auth_password: univention
110 | ```
111 |
112 | ## Return Values
113 |
114 | | Key | Returned | Description |
115 | | ----------------- | -------- | ------------------------------------------------------------------------------------------------------------ |
116 | | `changed`(list) | always | Whether any changed were made. |
117 | | `message`(string) | always | A human-readable information about which App was changed with information such as state, version and config. |
118 |
--------------------------------------------------------------------------------
/docs/univention_config_registry.md:
--------------------------------------------------------------------------------
1 | # univention.ucs_modules.univention_config_registry
2 |
3 | **Manage Univention Config Registry (UCR) variables.**
4 |
5 | Version added: 0.0.1
6 |
7 | ## Synopsis
8 |
9 | - Create new variables in UCR.
10 | - Modify existing variables in UCR.
11 | - Delete exisiting variables in UCR.
12 | - `commit` UCR templates to files.
13 |
14 | ## Requirements
15 |
16 | The below requirements are needed on the host that executes this module.
17 |
18 | - Python `>= 2.7` or `>= 3.9`
19 |
20 | ## Parameters
21 |
22 | Parameter | Defaults | Comments
23 | --- | --- | ---
24 | keys (dictionary) | | A dict of keys to set or unset. In case of unsetting, the values are ignored. Either this, 'kvlist' or 'commit' must be given. |
25 | kvlist (list) | | You pass in a list of dicts with this parameter instead of using a dict via 'keys'. Each of the dicts passed via 'kvlist' must contain the keys 'key' and 'value'. This allows the use of Jinja in the UCR keys to set/unset. Either this, 'keys' or 'commit' must be given. |
26 | force (bool) | false | Can set an ucr variable as forced 'ucr set --force key=value'. A variable set with force is always preferred.
27 | commit (list) | | A list of destination filenames as strings to be commited. Either this, 'keys' or 'kvlist' must be given."
28 | state (string) | "present" | Either 'present' for setting the key/value pairs given with 'keys' or 'absent' for unsetting the keys from the 'keys' dict. |
29 |
30 | ## Notes
31 |
32 | ## Examples
33 |
34 | ```yaml
35 | # Use kvlist to use variable in key
36 | - name: "Allow user to log in (UCR)"
37 | vars:
38 | add_local_user_user:
39 | name: "testuser"
40 | state: "present"
41 | univention.ucs_modules.univention_config_registry:
42 | kvlist:
43 | - key: "auth/sshd/user/{{ add_local_user_user['name'] }}"
44 | value: "yes"
45 | state: "{{ add_local_user_user['state']|default('present') }}"
46 | tags:
47 | - "add_local_user"
48 |
49 | # Use keys method
50 | - name: "Disable HTTP"
51 | univention.ucs_modules.univention_config_registry:
52 | keys:
53 | apache2/force_https: "yes"
54 | tags:
55 | - "hardening_disable_http"
56 | - "hardening"
57 |
58 | # Use commit method
59 | - name: "Commit resolv.conf and aliases"
60 | univention.ucs_modules.univention_config_registry:
61 | commit:
62 | - "/etc/resolv.conf"
63 | - "/etc/aliases"
64 | ```
65 |
66 | ## Return Values
67 | Key | Returned | Description
68 | --- | --- | ---
69 | `meta['changed_keys']`(list) | always | A list of all key names that were changed. |
70 | `meta['commited_templates']`(list) | always | A list of all templates that were changed. |
71 | `message`(string) | always | A human-readable information about which keys where changed. |
72 |
--------------------------------------------------------------------------------
/docs/univention_directory_manager.md:
--------------------------------------------------------------------------------
1 | # univention.ucs_modules.univention_directory_manager
2 |
3 | **Manage objects via Univention Directory Manager (UDM).**
4 |
5 | Version added: 1.2.0
6 |
7 | ## Synopsis
8 |
9 | - Create nonexistent objects
10 | - Modify properties of given objects
11 | - Delete objects
12 |
13 | ## Requirements
14 |
15 | The below requirements are needed on the host that executes this module.
16 |
17 | - Python `>= 2.7` or `>= 3.9`
18 |
19 | ## Parameters
20 |
21 | Parameter | Defaults | Comments
22 | --- | --- | ---
23 | module (string) | | The udm module for which objects are to be modified.
24 | position (string) | | The position within the LDAP-tree.
25 | dn (string) | | The distinguished name of the LDAP object.
26 | filter (string) | | A LDAP search filter to select objects.
27 | state (string) | "present" | Either 'present' for creating of modifying the objects given or 'absent' for deleting the objects.
28 | +superordinate (string) | None | When creating a new object, set its superordinate to this DN. Only affects newly created LDAP objects, this option is ingored for modifications and removals of existing entries.
29 | set_properties (list) | | A list of dictionaries with the keys property and value. Properties of the objects are to be set to the given values.
30 | unset_properties (list) | | A list of dictionaries with the key property. The listed properties of the objects are to be unset.
31 | policies (list) | | A list of policies to apply to the given object. You have to define all policies you expect at the users object.
32 |
33 | ## Notes
34 |
35 | ## Examples
36 |
37 | ```yaml
38 | # create a new user object
39 | - name: create a user
40 | univention_directory_manager:
41 | module: 'users/user'
42 | state: 'present'
43 | set_properties:
44 | - property: 'username'
45 | value: 'testuser1'
46 | - property: 'lastname'
47 | value: 'testuser1'
48 | - property: 'password'
49 | value: 'univention'
50 |
51 | # create an extended attribute
52 | - name: "create an extended attribute with superordinary param and complex attributes"
53 | univention_directory_manager:
54 | module: "settings/extended_attribute"
55 | superordinate: "cn=custom attributes,cn=univention,dc=example,dc=org"
56 | state: "present"
57 | set_properties:
58 | - property: "name"
59 | value: "testAttribute"
60 | - property: "shortDescription"
61 | value: "This is a test attribute"
62 | - property: "module"
63 | # Multivalued properties must be provided as a list
64 | value: ["users/user", "groups/group"]
65 | - property: "translationShortDescription"
66 | # Complex types must be provided in their parsed tuple form, always nested inside a list
67 | value: [["de_DE", "Dies ist ein Test-Attribut"]]
68 | - property: "objectClass"
69 | value: "customAttributeGroups"
70 | - property: "ldapMapping"
71 | value: "customAttributeTestAttribute"
72 |
73 | # delete one or more objects
74 | - name: delete a user with a search filter
75 | univention_directory_manager:
76 | module: 'users/user'
77 | state: 'absent'
78 | filter: '(uid=testuser1)'
79 |
80 | # use position to place the object in the directory tree
81 | - name: create a user with position
82 | univention_directory_manager:
83 | module: 'users/user'
84 | state: 'present'
85 | position: 'cn=users,ou=DEMOSCHOOL,dc=t1,dc=intranet'
86 | set_properties:
87 | - property: 'username'
88 | value: 'testuser2'
89 | - property: 'lastname'
90 | value: 'testuser2'
91 | - property: 'password'
92 | value: 'univention'
93 |
94 | # remove specific properties
95 | - name: modify testuser3 - remove property
96 | univention_directory_manager:
97 | module: 'users/user'
98 | state: 'present'
99 | filter: '(uid=testuser3)'
100 | unset_properties:
101 | - property: 'firstname'
102 | value: 'does not matter'
103 |
104 | # assign a policy
105 | - name: modify testuser3 - assign policy
106 | univention_directory_manager:
107 | module: 'users/user'
108 | state: 'present'
109 | filter: '(uid=testuser3)'
110 | policies:
111 | - "cn=udm-license,cn=operations,cn=UMC,cn=univention,dc=example,dc=org"
112 | - "cn=anotherone,cn=operations,cn=UMC,cn=univention,dc=example,dc=org"
113 | -
114 | ```
115 |
116 | ## Return Values
117 | Key | Returned | Description
118 | --- | --- | ---
119 | `meta['changed_objects']`(list) | always | A list of all objects that were changed. |
120 | `message`(string) | always | A human-readable information about which objects were changed. |
121 |
--------------------------------------------------------------------------------
/galaxy.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ### REQUIRED
3 |
4 | # The namespace of the collection. This can be a company/brand/organization or product namespace under which all
5 | # content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with
6 | # underscores or numbers and cannot contain consecutive underscores
7 | namespace: "univention"
8 |
9 | # The name of the collection. Has the same character restrictions as 'namespace'
10 | name: "ucs_modules"
11 |
12 | # The version of the collection. Must be compatible with semantic versioning
13 | version: "2.0.0"
14 |
15 | # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
16 | readme: "README.md"
17 |
18 | # A list of the collection's content authors. Can be just the name or in the format 'Full Name (url)
19 | # @nicks:irc/im.site#channel'
20 | authors:
21 | - "Univention GmbH"
22 |
23 |
24 | ### OPTIONAL but strongly recommended
25 |
26 | # A short summary description of the collection
27 | description: "Ansible modules for Univention UCS"
28 |
29 | # Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only
30 | # accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file'
31 | license:
32 | - "GPL-3.0-or-later"
33 |
34 | # A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
35 | # requirements as 'namespace' and 'name'
36 | tags:
37 | - "application"
38 | - "tools"
39 | - "univention"
40 | - "ucs"
41 |
42 | # Collections that this collection requires to be installed for it to be usable. The key of the dict is the
43 | # collection label 'namespace.name'. The value is a version range
44 | # L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version
45 | # range specifiers can be set and are separated by ','
46 | dependencies: {}
47 |
48 | # The URL of the originating SCM repository
49 | repository: "https://github.com/univention/ansible-modules"
50 |
51 | # The URL to any online docs
52 | documentation: "https://github.com/univention/ansible-modules"
53 |
54 | # The URL to the homepage of the collection/project
55 | homepage: "https://www.univention.com"
56 |
57 | # The URL to the collection issue tracker
58 | issues: "https://forge.univention.org"
59 |
60 | # Ignore irrelevant files
61 | build_ignore:
62 | - ".ansible-lint"
63 | - ".cache/"
64 | - ".flake8"
65 | - ".gitkeep"
66 | - ".gitignore"
67 | - ".gitlab-ci.yml"
68 | - ".pre-commit-config.yaml"
69 | - ".releaserc"
70 | - ".yamllint"
71 | - "*.tar.gz"
72 |
--------------------------------------------------------------------------------
/meta/runtime.yml:
--------------------------------------------------------------------------------
1 | ---
2 | requires_ansible: ">=2.11.0"
3 |
--------------------------------------------------------------------------------
/plugins/modules/univention_app.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 | # -*- coding: utf-8 -*-
3 |
4 | # Copyright: (c) 2020-2023, Univention GmbH
5 | # Written by Lukas Zumvorde ,
6 | # Jan-Luca Kiok , Melf Clausen ,
7 | # Tim Breidenbach
8 | # Based on univention_apps module written by Alexander Ulpts
9 |
10 | # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
11 |
12 | import re
13 | import os
14 | import json
15 | import tempfile
16 | from ansible.module_utils.basic import AnsibleModule
17 | from distutils.version import LooseVersion
18 |
19 | DOCUMENTATION = '''
20 | ---
21 | module: univention_app
22 | version_added: "0.1.3"
23 | short_description: "Installs and removes apps on Univention Corporate Server"
24 | extends_documentation_fragment: ''
25 | description:
26 | - Allows ansible to control installation, removal, update and configuration of ucs-apps
27 | notes:
28 | - none
29 | requirements: [ ]
30 | author: Stefan Ahrens, Melf Clausen
31 | options:
32 | name:
33 | description:
34 | - 'The name of the app'
35 | required: true
36 | state:
37 | description:
38 | - 'The desired state of the app / present, absent, started, stopped'
39 | required: true
40 | version:
41 | description:
42 | - 'The desired version of the app / number or "latest" if not specified,
43 | current version is preserved if app present, latest installed if app absent / downgrade will throw error'
44 | auth_username:
45 | description:
46 | - 'The name of the user with witch to install apps (usually domain-admin)'
47 | required: true
48 | auth_password:
49 | description:
50 | - 'The password needed to install apps (usually domain-admin)'
51 | required: true
52 | config:
53 | - 'The given configuration the App should have'
54 | required: false
55 | stall:
56 | - 'Whether an App should be stalled or unstalled'
57 | required: false
58 | update_app_lists:
59 | description:
60 | - 'Updates the list of apps and their versions - Only runs when app is installed or updated'
61 | required: false
62 | default: True
63 |
64 | '''
65 |
66 | EXAMPLES = '''
67 | - name: Install ox-connector
68 | univention_app:
69 | name: ox-connector
70 | state: present
71 | auth_username: Administrator
72 | auth_password: secret
73 |
74 | - name: remove ox-connector
75 | univention_app:
76 | name: ox-connector
77 | state: absent
78 | auth_username: Administrator
79 | auth_password: secret
80 |
81 | - name: stop ox-connector
82 | univention_app:
83 | name: ox-connector
84 | state: stopped
85 | auth_username: Administrator
86 | auth_password: secret
87 |
88 | - name: upgrade ox-connector or install in specified version
89 | univention_app:
90 | name: ox-connector
91 | state: present
92 | version: 2.1.1
93 | auth_username: Administrator
94 | auth_password: secret
95 |
96 | - name: configure ox-connector
97 | univention_app:
98 | name: ox-connector
99 | state: present
100 | auth_username: Administrator
101 | auth_password: univention
102 | config:
103 | EXAMPLE_PARAMETER: 'ExampleValue'
104 |
105 | - name: stall ox-connector
106 | univention_app:
107 | name: ox-connector
108 | state: present
109 | auth_username: Administrator
110 | auth_password: univention
111 | stall: "stalled"
112 | '''
113 |
114 | RETURN = '''
115 | msg:
116 | description: a return message
117 | returned: success, failure
118 | type: str
119 | sample: Non-UCS-system detected. Nothing to do here.
120 | changed:
121 | description: if any changes were performed
122 | returned: success
123 | type: bool
124 | sample: True
125 | '''
126 |
127 |
128 | def check_ucs():
129 | ''' Check if system is actually UCS, return bool '''
130 | return os.system("dpkg -s univention-appcenter") == 0
131 |
132 |
133 | def ansible_exec(action, appname=None, keyfile=None, username=None,
134 | desired_update=None, configuration=None):
135 | ''' runs ansible's run_command(), choose from actions install, remove, upgrade '''
136 | univention_app_cmd = {
137 | 'list': "univention-app list --ids-only",
138 | 'update_app_lists': "univention-app update",
139 | 'list-app': "univention-app list {}".format(appname),
140 | 'info': "univention-app info --as-json",
141 | 'install': ("univention-app {} --noninteractive --username {} --pwdfile {} {}='{}' {}"
142 | .format(action, username, keyfile, appname, desired_update, configuration)),
143 | 'remove': ("univention-app {} --noninteractive --username {} --pwdfile {} {}"
144 | .format(action, username, keyfile, appname)),
145 | 'upgrade': ("univention-app {} --noninteractive --username {} --pwdfile {} {}='{}'"
146 | .format(action, username, keyfile, appname, desired_update)),
147 | 'status': ("univention-app {} {}"
148 | .format(action, appname)),
149 | 'start': ("univention-app start {}"
150 | .format(appname)),
151 | 'stop': ("univention-app stop {}"
152 | .format(appname)),
153 | 'get_configuration': "univention-app configure {} --list".format(appname),
154 | 'configure': "univention-app {} {} {}".format(action, appname, configuration),
155 | 'stall': "univention-app {} {}".format(action, appname),
156 | 'undo_stall': "univention-app stall {} --undo".format(appname),
157 | }
158 | return module.run_command(univention_app_cmd[action])
159 |
160 |
161 | def get_apps_status():
162 | ''' Get the status of available, installed and upgradable apps and return lists'''
163 | def get_app_list():
164 | ''' exec to get list of all available apps on this system '''
165 | return ansible_exec(action='list')[1]
166 |
167 | def get_app_info():
168 | ''' exec to get lists of installed and upgradable apps on this system '''
169 | app_info = ansible_exec(action='info')
170 | try:
171 | app_infos = json.loads(app_info[1])
172 | except Exception as e:
173 | module.fail_json(msg="unable to parse json: {}".format(e))
174 | return app_infos['installed'], app_infos['upgradable']
175 |
176 | global AVAILABLE_APPS_LIST
177 | global INSTALLED_APPS_LIST
178 | global UPGRADABLE_APPS_LIST
179 | AVAILABLE_APPS_LIST = get_app_list()
180 | INSTALLED_APPS_LIST, UPGRADABLE_APPS_LIST = get_app_info()
181 |
182 |
183 | def get_app_info():
184 | ''' exec to get lists of installed and upgradable apps on this system '''
185 | app_info = ansible_exec(action='info')
186 | try:
187 | app_infos = json.loads(app_info[1])
188 | except Exception as e:
189 | module.fail_json(msg="unable to parse json: {}".format(e))
190 | return app_infos['installed'], app_infos['upgradable']
191 |
192 |
193 | # checks what version of app is currently installed
194 | def check_app_version(_appname):
195 | app_version = None
196 | installed_apps_version, _ = get_app_info()
197 | for app_info in installed_apps_version:
198 | if _appname in app_info:
199 | app_version = app_info.split('=')[-1]
200 | break
201 | return app_version
202 |
203 |
204 | def get_and_sort_versions(_appname):
205 | get_versions = ansible_exec(action='list-app', appname=_appname)[1]
206 | available_app_versions = re.findall(
207 | r'\b(\d+\.\d+(?:\.\d+)*(?:-\d+)?(?:-\D+\d+)?(?:\s*v\d+)?)\b', get_versions)
208 |
209 | available_app_versions.sort(
210 | key=lambda s: list(map(int, re.split(r'\D+', s))))
211 | return available_app_versions
212 |
213 |
214 | def check_target_app_version(_appname, _version):
215 | if _version == 'current':
216 | if check_app_present(_appname):
217 | return check_app_version(_appname)
218 | elif check_app_absent(_appname):
219 | _version = 'latest'
220 |
221 | if _version == 'latest':
222 | available_app_versions = get_and_sort_versions(_appname)
223 | latest_version = available_app_versions[-1]
224 | return latest_version
225 | return _version
226 |
227 |
228 | # check if app status is started or stopped
229 | def check_app_status(_appname):
230 | app_status = ansible_exec(action='status', appname=_appname)[1]
231 | if 'Active: active' in app_status:
232 | return 'started'
233 | elif 'Active: inactive' in app_status:
234 | return 'stopped'
235 | else:
236 | return 'unknown'
237 |
238 |
239 | def parse_current_configuration(_config):
240 | config_lines = _config.split('\n')
241 | config_dict = {}
242 | for line in config_lines:
243 | key_value_pair = line.split(": ", 1)
244 | if len(key_value_pair) == 2:
245 | key, value = key_value_pair
246 | config_dict[key] = value.split(' ')[0].strip("'")
247 | return config_dict
248 |
249 |
250 | def format_new_conf(_configuration):
251 | _conf_str = ""
252 | if len(_configuration) > 0:
253 | _conf_str = "--set "
254 | for setting, value in _configuration.items():
255 | if value == "" or ' ' in value:
256 | _conf_str += '{}="{}" '.format(setting, value)
257 | else:
258 | _conf_str += '{}={} '.format(setting, value)
259 | return _conf_str
260 |
261 |
262 | def check_app_present(_appname):
263 | ''' check if a given app is in INSTALLED_APPS_LIST, return bool '''
264 | return _appname in AVAILABLE_APPS_LIST and list(filter(lambda x: _appname in x, INSTALLED_APPS_LIST))
265 |
266 |
267 | def check_app_absent(_appname):
268 | ''' check if a given app is NOT in INSTALLED_APPS_LIST, return bool '''
269 | return _appname in AVAILABLE_APPS_LIST and not list(filter(lambda x: _appname in x, INSTALLED_APPS_LIST))
270 |
271 |
272 | def check_app_upgradeable(_appname):
273 | ''' check if a given app is in UPGRADABLE_APPS_LIST, return bool '''
274 | return _appname in AVAILABLE_APPS_LIST and bool(filter(lambda x: _appname in x, UPGRADABLE_APPS_LIST))
275 |
276 |
277 | def generate_tmp_auth_file(_data):
278 | ''' generate a temporary auth-file and return path, MUST BE DELETED '''
279 | fileTemp = tempfile.NamedTemporaryFile(delete=False, mode='w')
280 | fileTemp.write(_data)
281 | fileTemp.close()
282 | return fileTemp.name
283 |
284 |
285 | def update_app_lists():
286 | return ansible_exec(action='update_app_lists')
287 |
288 |
289 | def start_app(_appname):
290 | ansible_exec(action='start', appname=_appname)
291 |
292 |
293 | def stop_app(_appname):
294 | ansible_exec(action='stop', appname=_appname)
295 |
296 |
297 | def install_app(_appname, _authfile, _desired_version, _auth_username, _configuration):
298 | ''' installs an app with given name and path to auth-file, uses ansible_exec()
299 | and returns tuple of exit-code and stdout '''
300 | return ansible_exec(action='install', appname=_appname, keyfile=_authfile, username=_auth_username,
301 | desired_update=_desired_version, configuration=format_new_conf(_configuration))
302 |
303 |
304 | def remove_app(_appname, _authfile, _auth_username):
305 | ''' removes an app with given name and path to auth-file, uses ansible_exec()
306 | and returns tuple of exit-code and stdout'''
307 | return ansible_exec(action='remove', appname=_appname, keyfile=_authfile, username=_auth_username)
308 |
309 |
310 | def upgrade_app(_appname, _authfile, _desired_version, _auth_username):
311 | ''' upgrades an app with given name and path to auth-file, uses ansible_exec()
312 | and returns tuple of exit-code and stdout'''
313 | return ansible_exec(action='upgrade', appname=_appname, keyfile=_authfile,
314 | username=_auth_username, desired_update=_desired_version)
315 |
316 |
317 | def stall_app(_appname, _authfile):
318 | ''' stalls an app with given name and path to auth-file, uses ansible_exec()
319 | and return tuple of exit-code and stdout. '''
320 | return ansible_exec(action='stall', appname=_appname, keyfile=_authfile)
321 |
322 |
323 | def undo_stall_app(_appname, _authfile):
324 | ''' undos the stalling of an app with given name and path to auth-file, uses ansible_exec()
325 | and return tuple of exit-code and stdout. '''
326 | return ansible_exec(action='undo_stall', appname=_appname, keyfile=_authfile)
327 |
328 |
329 | def get_app_configuration(_appname):
330 | ''' get current app configuration, uses ansible_exec()
331 | and return a dictionary with configuration parameters. '''
332 | config_output = ansible_exec(
333 | action='get_configuration', appname=_appname)[1]
334 | current_app_configuration = parse_current_configuration(config_output)
335 | return current_app_configuration
336 |
337 |
338 | def check_config_and_return_differences(_current_config, _app_target_config):
339 | # Create case-insensitive versions of both configs
340 | current_config_lower = {k.lower(): v for k, v in _current_config.items()}
341 | target_config_lower = {k.lower(): v for k, v in _app_target_config.items()}
342 | # Check if input parameters exist in the app and if params changed
343 | new_params = {}
344 | for param in _app_target_config:
345 | lower_param = param.lower()
346 | if lower_param not in current_config_lower:
347 | raise ValueError(
348 | "The parameter {} does not exist in the app".format(param))
349 | if current_config_lower[lower_param] != target_config_lower[lower_param]:
350 | # Get the original key from the current_config
351 | original_key = [
352 | key for key in _current_config if key.lower() == lower_param][0]
353 | new_params[original_key] = _app_target_config[param]
354 |
355 | return new_params
356 |
357 |
358 | def configure_app(_appname, _configuration):
359 | ''' set app configuration, uses ansible_exec()
360 | and return tuple of exit-code and stdout. '''
361 | return ansible_exec(action='configure', appname=_appname, configuration=format_new_conf(_configuration))
362 |
363 |
364 | def main():
365 | ''' main() is an entry-point for ansible which checks app-status and installs,
366 | upgrades, or removes the app based on ansible state and name-parameters '''
367 | global module # declare ansible-module and parameters globally
368 | module = AnsibleModule(
369 | argument_spec=dict(
370 | name=dict(
371 | type='str',
372 | required=True,
373 | aliases=['app']
374 | ),
375 | state=dict(
376 | type='str',
377 | default='present',
378 | choices=['present', 'absent', 'started', 'stopped']
379 | ),
380 | stall=dict(
381 | type='str',
382 | required=False,
383 | choices=["stalled", "unstalled"]
384 | ),
385 | auth_password=dict(
386 | type="str",
387 | required=True,
388 | no_log=True
389 | ),
390 | auth_username=dict(
391 | type="str",
392 | required=True
393 | ),
394 | version=dict(
395 | type='str',
396 | required=False,
397 | default='current'
398 | ),
399 | config=dict(
400 | type='dict',
401 | required=False
402 | ),
403 | update_app_lists=dict(
404 | type='bool',
405 | default=True,
406 | required=False
407 | )
408 | ),
409 | # mutually_exclusive=[[]],
410 | # required_one_of=[[]],
411 | supports_check_mode=False, # this has to be changed. Use -dry-run were necessary
412 | )
413 |
414 | # This module should only run on UCS-systems
415 | if not check_ucs():
416 | return module.exit_json(
417 | changed=True,
418 | msg='Non-UCS-system detected. Nothing to do here.'
419 | )
420 |
421 | # update app lists
422 | def update_lists():
423 | if module.params.get('update_app_lists'):
424 | _update_lists = update_app_lists()
425 | if _update_lists[0] != 0:
426 | return module.fail_json(
427 | msg='''
428 | An Error occured running univention-app update.
429 | To disable updating app lists set "update_app_lists" to False
430 | '''
431 | )
432 | # gather infos and vars
433 | get_apps_status()
434 | app_status_target = module.params.get('state') # desired state of the app
435 | app_name = module.params.get('name') # name of the app
436 | auth_password = module.params.get(
437 | 'auth_password') # password for domain-admin
438 | auth_username = module.params.get(
439 | 'auth_username')
440 | app_present = check_app_present(app_name)
441 | app_absent = check_app_absent(app_name)
442 | app_stall_target = module.params.get('stall')
443 | app_target_version = check_target_app_version(
444 | app_name, module.params.get('version'))
445 | app_status = check_app_status(app_name)
446 | app_target_config = module.params.get('config')
447 | module_changed = False
448 | config_changed = False
449 | # User info if config settings are changed
450 | new_config_msg = None
451 |
452 | # some basic logic-checks
453 | if not app_absent and not app_present: # this means the app does not exist
454 | module.fail_json(msg=("app {} does not exist. Please choose from following options:\n{}"
455 | .format(app_name, str(AVAILABLE_APPS_LIST))))
456 | if app_absent and app_present: # schroedinger's app-status
457 | module.fail_json(
458 | msg="an error occured while getting the status of {}".format(app_name))
459 |
460 | if app_status_target != 'absent' and not app_present:
461 | auth_file = generate_tmp_auth_file(auth_password)
462 | update_lists()
463 | config = {}
464 | if app_target_config:
465 | default_config = get_app_configuration(app_name)
466 | try:
467 | config = check_config_and_return_differences(
468 | default_config, app_target_config)
469 | except ValueError as e:
470 | module.fail_json(
471 | module_changed=True, msg="The parameter '{}' does not exist on app {}".format(e, app_name))
472 |
473 | try:
474 | _install_app = install_app(
475 | app_name, auth_file, app_target_version, auth_username, config)
476 | if _install_app[0] == 0:
477 | module_changed = True
478 | if len(config) > 0:
479 | new_config_msg = '. The following configuration options were changed: {}'.format(
480 | config)
481 | config_changed = True
482 | else:
483 | module.fail_json(
484 | msg="an error occured while installing {}".format(app_target_version))
485 | finally:
486 | os.remove(auth_file)
487 |
488 | elif app_status_target == 'absent' and app_present:
489 | auth_file = generate_tmp_auth_file(auth_password)
490 | try:
491 | _remove_app = remove_app(app_name, auth_file, auth_username)
492 | if _remove_app[0] == 0:
493 | module.exit_json(
494 | changed=True, msg="App {} was successfully deinstalled.".format(app_name))
495 | else:
496 | module.fail_json(
497 | msg="an error occured while uninstalling {}".format(app_name))
498 | finally:
499 | os.remove(auth_file)
500 |
501 | elif app_status_target == 'absent' and app_absent:
502 | module.exit_json(
503 | changed=False, msg="App {} not installed. No change.".format(app_name))
504 | app_version = check_app_version(app_name) # check App version
505 | if app_status_target != 'absent' and LooseVersion(app_target_version) > LooseVersion(app_version):
506 | auth_file = generate_tmp_auth_file(auth_password)
507 | update_lists()
508 | try:
509 | available_app_versions = get_and_sort_versions(app_name)
510 | # check how many versions between current and target
511 | versions_to_update = available_app_versions[available_app_versions.index(
512 | app_version)+1:available_app_versions.index(app_target_version)+1]
513 | for version in versions_to_update:
514 | # Update App & check if Update successfull
515 | _upgrade_app = upgrade_app(
516 | app_name, auth_file, version, auth_username)
517 | if _upgrade_app[0] == 0:
518 | continue
519 | else:
520 | module.fail_json(
521 | msg="an error occured while upgrading {}".format(app_name))
522 | module_changed = True
523 | finally:
524 | os.remove(auth_file)
525 |
526 | if app_status_target != 'absent' and not config_changed and app_target_config:
527 | current_config = get_app_configuration(app_name)
528 | # check if keys exist and params changed
529 | try:
530 | new_params = check_config_and_return_differences(
531 | current_config, app_target_config)
532 | except ValueError as e:
533 | module.fail_json(
534 | module_changed=True, msg="The parameter '{}' does not exist on app {}".format(e, app_name))
535 | if len(new_params) > 0:
536 | _configure_app = configure_app(app_name, new_params)
537 | if not _configure_app[0] == 0:
538 | module.fail_json(msg="An error occured while configuring {} with configuration:{}".format(
539 | app_name, new_params))
540 | else:
541 | module_changed = True
542 | new_config_msg = '. The following configuration options were changed: {}'.format(
543 | new_params)
544 |
545 | elif app_status_target != 'absent' and LooseVersion(app_target_version) < LooseVersion(app_version):
546 | module.fail_json(
547 | msg="""The current version of {} is higher than the desired version.
548 | The version currently installed is: {}""".format(app_name, app_version))
549 |
550 | if app_status_target in ['started', 'stopped']:
551 | if app_status_target == 'started' and app_status != 'started':
552 | start_app(app_name)
553 | module_changed = True
554 | elif app_status_target == 'stopped' and app_status != 'stopped':
555 | stop_app(app_name)
556 | module_changed = True
557 |
558 | if app_present and app_stall_target == 'stalled':
559 | # stall_app(app_name)
560 | auth_file = generate_tmp_auth_file(auth_password)
561 | try:
562 | _stall_app = stall_app(app_name, auth_file)
563 | if _stall_app[0] == 0:
564 | module_changed = True
565 | else:
566 | module.fail_json(
567 | msg="an error occurred while stalling {}".format(app_name))
568 | finally:
569 | os.remove(auth_file)
570 | elif app_present and app_stall_target == 'unstalled':
571 | # undo_stall_app(app_name)
572 | auth_file = generate_tmp_auth_file(auth_password)
573 | try:
574 | _undo_stall_app = undo_stall_app(app_name, auth_file)
575 | if _undo_stall_app[0] == 0:
576 | module_changed = True
577 | else:
578 | module.fail_json(
579 | msg="an error occurred while undoing the stall {}".format(app_name))
580 | finally:
581 | os.remove(auth_file)
582 |
583 | if module_changed:
584 | module.exit_json(changed=module_changed, msg="{} is {} in version {} {}".format(
585 | app_name, app_status_target, check_app_version(app_name), new_config_msg))
586 | else:
587 | module.exit_json(changed=module_changed, msg="No changes for {}".format(
588 | app_name))
589 |
590 |
591 | if __name__ == '__main__':
592 | main()
593 |
--------------------------------------------------------------------------------
/plugins/modules/univention_config_registry.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 | # -*- coding: utf-8 -*-
3 | import datetime
4 | from ansible.module_utils.basic import AnsibleModule
5 |
6 | ANSIBLE_METADATA = {
7 | 'metadata_version': '1.1',
8 | 'status': ['preview'],
9 | 'supported_by': 'community'
10 | }
11 |
12 | DOCUMENTATION = r'''
13 | ---
14 | module: univention_config_registry
15 |
16 | short_description: Accessing the Univention Config Registry
17 |
18 | description:
19 | - "You can set and unset keys in the Univention Config Registry."
20 |
21 | options:
22 | keys:
23 | description:
24 | - A dict of keys to set or unset. In case of unsetting, the values
25 | are ignored.
26 | - Either this, 'kvlist' or 'commit' must be given.
27 | type: str
28 | required: false
29 | kvlist:
30 | description:
31 | - You pass in a list of dicts with this parameter instead of using
32 | a dict via 'keys'. Each of the dicts passed via 'kvlist' must
33 | contain the keys 'key' and 'value'. This allows the use of Jinja
34 | in the UCR keys to set/unset.
35 | - Either this, 'keys' or 'commit' must be given.
36 | required: false
37 | state:
38 | description:
39 | - Either 'present' for setting the key/value pairs given with
40 | 'keys' or 'absent' for unsetting the keys from the 'keys'
41 | dict. Default is 'present'.
42 | type: str
43 | choices: [ absent, present ]
44 | default: present
45 | force:
46 | description:
47 | - Set a variable as forced, like `ucr set --force`
48 | - When the force option is used in setting a local variable, settings
49 | adopted from the directory service and variables from the schedule level
50 | are overruled and the given value for the local system fixed instead.
51 | type: bool
52 | default: false
53 | required: false
54 | commit:
55 | description:
56 | - A list of destination filenames as strings to be commited.
57 | - Either this, 'keys' or 'kvlist' must be given.
58 | type: list
59 | required: false
60 |
61 | author:
62 | - Moritz Bunkus (@MoritzBunkus)
63 | - Jan-Luca Kiok (@jlkDE)
64 | '''
65 |
66 | EXAMPLES = '''
67 | # Set various keys
68 | - name: Set proxy configuration
69 | univention_config_registry:
70 | keys:
71 | proxy/http: http://myproxy.mydomain:3128
72 | proxy/https: http://myproxy.mydomain:3128
73 |
74 | # Alternative syntax with use of Jinja.
75 | - name: Set /etc/hosts entries
76 | univention_config_registry:
77 | kvlist:
78 | - key: "hosts/static/{{ item }}"
79 | value: myhost.fqdn
80 | loop: [ '192.168.0.1', '192.168.1.1' ]
81 |
82 | # Overwrite ucrv with force
83 | - name: Overwrite set /etc/hosts entry
84 | univention_config_registry:
85 | kvlist:
86 | - key: "hosts/static/192.168.0.1"
87 | value: "my.lan"
88 | state: present
89 | force: true
90 |
91 | # Clear proxy configuration
92 | - name: Do not use a proxy
93 | univention_config_registry:
94 | keys:
95 | proxy/http:
96 | proxy/https:
97 | state: absent
98 |
99 | # Commit templates
100 | - name: Commit resolv.conf and aliases
101 | univention_config_registry:
102 | commit:
103 | - /etc/resolv.conf
104 | - /etc/aliases
105 | '''
106 |
107 | RETURN = '''
108 | meta['changed_keys']:
109 | description: A list of all key names that were changed
110 | type: array
111 | meta['commited_templates']:
112 | description: A list of all templates that were changed
113 | type: array
114 | message:
115 | description: A human-readable information about which keys where changed
116 | '''
117 |
118 | try:
119 | from univention.config_registry.backend import ConfigRegistry
120 | from univention.config_registry import configHandlers
121 |
122 | have_config_registry = True
123 | except ImportError:
124 | have_config_registry = False
125 |
126 |
127 | def _commit_files(files, result, module):
128 | result['changed'] = len(files) > 0
129 |
130 | if not result['changed']:
131 | result['message'] = "No files need to be unset"
132 |
133 | if module.check_mode:
134 | if len(files) > 0:
135 | result['message'] = "These files will be commited: {}".format(" ".join(files))
136 | return
137 |
138 | if not result['changed']:
139 | return
140 |
141 | startd = datetime.datetime.now()
142 |
143 | ucr = ConfigRegistry()
144 | ucr.load()
145 |
146 | ucr_handlers = configHandlers()
147 | ucr_handlers.load()
148 | ucr_handlers.update()
149 |
150 | ucr_handlers.commit(ucr, files)
151 |
152 | endd = datetime.datetime.now()
153 | result['start'] = str(startd)
154 | result['end'] = str(endd)
155 | result['delta'] = str(endd - startd)
156 | result['meta']['commited_templates'] = files
157 | result['message'] = "These files were be commited: {}".format(" ".join(files))
158 | result['failed'] = 0
159 |
160 | # FIXME: Currently the function cannot fail
161 | # if error != 0:
162 | # module.fail_json(msg='non-zero return code', **result)
163 |
164 |
165 | def _set_keys(keys, result, module):
166 | ucr = ConfigRegistry()
167 | ucr.load()
168 |
169 | def needs_change(key):
170 | if key not in ucr:
171 | return True
172 | if isinstance(keys[key], bool):
173 | if keys[key] and not ucr.is_true(key):
174 | return True
175 | elif not keys[key] and not ucr.is_false(key):
176 | return True
177 | elif ucr[key] != keys[key]:
178 | return True
179 | return False
180 |
181 | to_set = list(filter(needs_change, keys))
182 |
183 | result['changed'] = len(to_set) > 0
184 | if not result['changed']:
185 | result['message'] = "No keys need to be set"
186 |
187 | if module.check_mode:
188 | if len(to_set) > 0:
189 | result['message'] = "These keys need to be set: {}".format(" ".join(to_set))
190 | return
191 |
192 | if not result['changed']:
193 | return
194 |
195 | args = ["/usr/sbin/univention-config-registry", "set"] + ["{0}={1}".format(key, keys[key]) for key in to_set]
196 | if module.params["force"]:
197 | args.insert(2, "--force")
198 | startd = datetime.datetime.now()
199 |
200 | rc, out, err = module.run_command(args)
201 |
202 | endd = datetime.datetime.now()
203 | result['start'] = str(startd)
204 | result['end'] = str(endd)
205 | result['delta'] = str(endd - startd)
206 | result['out'] = out.rstrip("\r\n")
207 | result['err'] = err.rstrip("\r\n")
208 | result['rc'] = rc
209 | result['message'] = "These keys were set: {}".format(" ".join(to_set))
210 | result['meta']['changed_keys'] = to_set
211 | result['failed'] = rc != 0 or len(err) > 0
212 |
213 | if rc != 0:
214 | module.fail_json(msg='non-zero return code', **result)
215 |
216 |
217 | def _unset_keys(keys, result, module):
218 | ucr = ConfigRegistry()
219 | ucr.load()
220 |
221 | to_unset = [key for key in keys if key in ucr]
222 | result['changed'] = len(to_unset) > 0
223 |
224 | if not result['changed']:
225 | result['message'] = "No keys need to be unset"
226 |
227 | if module.check_mode:
228 | if len(to_unset) > 0:
229 | result['message'] = "These keys need to be unset: {}".format(" ".join(to_unset))
230 | return
231 |
232 | if not result['changed']:
233 | return
234 |
235 | args = ["/usr/sbin/univention-config-registry", "unset"] + to_unset
236 | if module.params["force"]:
237 | args.insert(2, "--force")
238 | startd = datetime.datetime.now()
239 |
240 | rc, out, err = module.run_command(args)
241 |
242 | endd = datetime.datetime.now()
243 | result['start'] = str(startd)
244 | result['end'] = str(endd)
245 | result['delta'] = str(endd - startd)
246 | result['out'] = out.rstrip("\r\n")
247 | result['err'] = err.rstrip("\r\n")
248 | result['rc'] = rc
249 | result['message'] = "These keys were unset: {}".format(" ".join(to_unset))
250 | result['meta']['changed_keys'] = to_unset
251 | result['failed'] = rc != 0
252 |
253 | if rc != 0:
254 | module.fail_json(msg='non-zero return code', **result)
255 |
256 |
257 | def run_module():
258 | # define available arguments/parameters a user can pass to the module
259 | module_args = dict(
260 | keys=dict(type='dict', aliases=['name', 'key']),
261 | kvlist=dict(type='list'),
262 | state=dict(type='str', default='present', choices=['present', 'absent']),
263 | commit=dict(type='list'),
264 | force=dict(type='bool', default=False),
265 | )
266 |
267 | module = AnsibleModule(
268 | argument_spec=module_args,
269 | supports_check_mode=True
270 | )
271 |
272 | result = dict(
273 | changed=False,
274 | meta=dict(changed_keys=[], commited_templates=[]),
275 | message=''
276 | )
277 |
278 | if not have_config_registry:
279 | module.fail_json(msg='The Python "univention.config_registry.backend" is not available', **result)
280 |
281 | if not (('keys' in module.params and module.params['keys'])
282 | or ('kvlist' in module.params and module.params['kvlist'])
283 | or ('commit' in module.params and module.params['commit'])):
284 | module.fail_json(msg='Either "keys", "kvlist" or "commit" is required.', **result)
285 |
286 | state = module.params['state']
287 | keys = module.params['keys'] if 'keys' in module.params and module.params['keys'] else dict()
288 | commit = module.params['commit'] if 'commit' in module.params and module.params['commit'] else list()
289 |
290 | if 'kvlist' in module.params and module.params['kvlist']:
291 | for entry in module.params['kvlist']:
292 | keys[entry['key']] = entry['value']
293 |
294 | if (state != 'present') and (state != 'absent'):
295 | module.fail_json(msg='The state "{0}" is invalid'.format(state), **result)
296 |
297 | if len(keys) != 0:
298 | if state == 'present':
299 | _set_keys(keys, result, module)
300 | else:
301 | _unset_keys(keys, result, module)
302 | elif len(commit) != 0:
303 | _commit_files(commit, result, module)
304 | else:
305 | module.fail_json(msg='Missing keys or files', **result)
306 |
307 | module.exit_json(**result)
308 |
309 |
310 | if __name__ == '__main__':
311 | run_module()
312 |
313 | # Local Variables:
314 | # indent-tabs-mode: nil
315 | # End:
316 |
--------------------------------------------------------------------------------
/plugins/modules/univention_directory_manager.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 | # -*- coding: utf-8 -*-
3 |
4 | # Copyright: (c) 2020-2021, Univention GmbH
5 | # Written by Lukas Zumvorde , Jan-Luca Kiok
6 | # Based on univention_apps module written by Alexander Ulpts
7 |
8 | # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
9 | from __future__ import (absolute_import, division, print_function)
10 | __metaclass__ = type
11 |
12 | ANSIBLE_METADATA = {
13 | 'metadata_version': '1.2',
14 | 'status': ['preview'],
15 | 'supported_by': 'comunity'
16 | }
17 |
18 | DOCUMENTATION = r'''
19 | ---
20 | module: univention_directory_manager
21 |
22 | short_description: Accessing the Univention Directory Manager
23 |
24 | description:
25 | - "You can create and modify Objects in the LDAP with Univention Directory Manager."
26 |
27 | options:
28 | module:
29 | description:
30 | - The udm module for which objects are to be modified
31 | type: str
32 | required: True
33 | position:
34 | description:
35 | - The position in the tree
36 | type: str
37 | required: False
38 | dn:
39 | description:
40 | - The distinguished name of the LDAP object.
41 | type: str
42 | required: false
43 | filter:
44 | description:
45 | - A LDAP search filter to select objects.
46 | type: str
47 | required: false
48 | state:
49 | description:
50 | - Either 'present' for creating or modifying the objects given with
51 | 'dn' and 'filter' or 'absent' for deleting the objects from the LDAP.
52 | Default is 'present'.
53 | type: str
54 | choices: [ absent, present ]
55 | default: present
56 | superordinate:
57 | description:
58 | - When creating a new object, set its superordinate to this DN.
59 | - Only affects newly created LDAP objects, this option is ignored for
60 | modifications and removals of existing entries.
61 | type: str
62 | required: False
63 | set_properties:
64 | description:
65 | - A list of dictionaries with the keys property and value.
66 | - Properties of the objects are to be set to the given values.
67 | type: list
68 | required: False
69 | unset_properties:
70 | description:
71 | - A list of dictionaries with the key property.
72 | - The listed properties of the objects are to be unset.
73 | type: list
74 | required: False
75 |
76 | author:
77 | - Lukas Zumvorde
78 | - Jan-Luca Kiok
79 | '''
80 |
81 | EXAMPLES = r'''
82 | # create a new user object
83 | - name: create a user
84 | univention_directory_manager:
85 | module: 'users/user'
86 | state: 'present'
87 | set_properties:
88 | - property: 'username'
89 | value: 'testuser1'
90 | - property: 'lastname'
91 | value: 'testuser1'
92 | - property: 'password'
93 | value: 'mypassword'
94 |
95 | # delete one or more objects
96 | - name: delete a user with a search filter
97 | univention_directory_manager:
98 | module: 'users/user'
99 | state: 'absent'
100 | filter: '(uid=testuser1)'
101 |
102 | # create an extended attribute
103 | - name: "create an extended attribute with superordinary param and complex attributes"
104 | univention_directory_manager:
105 | module: "settings/extended_attribute"
106 | state: "present"
107 | superordinate: "cn=custom attributes,cn=univention,dc=example,dc=org"
108 | set_properties:
109 | - property: "name"
110 | value: "testAttribute"
111 | - property: "shortDescription"
112 | value: "This is a test attribute"
113 | - property: "module"
114 | # Multivalued properties must be provided as a list
115 | value: ["users/user", "groups/group"]
116 | - property: "translationShortDescription"
117 | # Complex types must be provided in their parsed tuple form, always nested inside a list
118 | value: [["de_DE", "Dies ist ein Test-Attribut"]]
119 | - property: "objectClass"
120 | value: "customAttributeGroups"
121 | - property: "ldapMapping"
122 | value: "customAttributeTestAttribute"
123 |
124 | # use position to place the object in the directory tree
125 | - name: create a user with position
126 | univention_directory_manager:
127 | module: 'users/user'
128 | state: 'present'
129 | position: 'cn=users,ou=DEMOSCHOOL,dc=t1,dc=intranet'
130 | set_properties:
131 | - property: 'username'
132 | value: 'testuser2'
133 | - property: 'lastname'
134 | value: 'testuser2'
135 | - property: 'password'
136 | value: 'mypassword'
137 |
138 | # delete on very specific object
139 | - name: delete the user with position
140 | univention_directory_manager:
141 | module: 'users/user'
142 | state: 'absent'
143 | dn: 'uid=testuser2,cn=users,ou=DEMOSCHOOL,dc=t1,dc=intranet'
144 |
145 | # add or change specific properties
146 | - name: modify testuser3 - add or change a property
147 | univention_directory_manager:
148 | module: 'users/user'
149 | state: 'present'
150 | filter: '(uid=testuser3)'
151 | set_properties:
152 | - property: 'firstname'
153 | value: 'max'
154 |
155 | # remove specific properties
156 | - name: modify testuser3 - remove property
157 | univention_directory_manager:
158 | module: 'users/user'
159 | state: 'present'
160 | filter: '(uid=testuser3)'
161 | unset_properties:
162 | - property: 'firstname'
163 | value: 'does not matter'
164 | '''
165 |
166 | RETURN = r'''
167 | meta['changed_objects']:
168 | description: A list of all objects that were changed.
169 | meta['created']:
170 | description: The created object and his attributes.
171 | meta['removed']:
172 | description: The removed object and his attributes.
173 | meta['modified']:
174 | description: The modified object and his changed attributes.
175 | msg:
176 | description: A human-readable information about which objects were changed.
177 | '''
178 |
179 | import traceback # noqa F401
180 |
181 | from ansible.module_utils.basic import AnsibleModule # noqa F401
182 | from ansible.module_utils.common.text.converters import to_native # noqa F401
183 |
184 | UDM_IMP_ERR = None
185 | try:
186 | import univention.udm
187 |
188 | HAS_UDM = True
189 | except ModuleNotFoundError:
190 | HAS_UDM = False
191 | UDM_IMP_ERR = traceback.format_exc()
192 |
193 |
194 | class UDMAnsibleModule():
195 | '''UDMAnsibleModule
196 | '''
197 |
198 | udm_api_version = 2
199 | udm_module = None
200 |
201 | _changes = dict(
202 | new={},
203 | old={},
204 | )
205 | changed_objects = []
206 | result = dict(
207 | changed=False,
208 | meta=dict(
209 | changed_objects=changed_objects,
210 | created={},
211 | removed={},
212 | modified={},
213 | ),
214 | msg='',
215 | )
216 |
217 | def __init__(self, module):
218 | # Class
219 | self.ansible_module = module
220 | self.ansible_params = module.params
221 |
222 | def _try_function(self, func, *args, **kwargs):
223 | """Execute the given function and handle exceptions"""
224 | try:
225 | func(*args, **kwargs)
226 | except Exception as e:
227 | self.result['msg'] = to_native(e)
228 | self.result['exception'] = traceback.format_exc()
229 | self.ansible_module.fail_json(**self.result)
230 |
231 | def _check_univention_import_errors(self):
232 | if not HAS_UDM:
233 | self.result['msg'] = "The python module 'univention.udm' is not available."
234 | self.result['exception'] = UDM_IMP_ERR
235 | self.ansible_module.fail_json(**self.result)
236 |
237 | def _get_udm_connection(self):
238 | try:
239 | udm_con = univention.udm.UDM.admin().version(self.udm_api_version)
240 | except univention.udm.exceptions.ConnectionError:
241 | self.result['msg'] = "Does your user have access to '/etc/ldap.secret'?"
242 | self.result['exception'] = traceback.format_exc()
243 | self.ansible_module.fail_json(**self.result)
244 | return udm_con
245 |
246 | def _get_udm_module(self, udm_con, udm_module):
247 | try:
248 | _udm_module = udm_con.get(udm_module)
249 | except univention.udm.exceptions.UnknownModuleType:
250 | self.result['msg'] = "UDM not up to date? Module '{}' not found.".format(udm_module)
251 | self.result['exception'] = traceback.format_exc()
252 | self.ansible_module.fail_json(**self.result)
253 | return _udm_module
254 |
255 | def _extract_properties_from_dn(self):
256 | if not self.ansible_params['dn']:
257 | return None
258 | try:
259 | name, position = self.ansible_params['dn'].split(',', 1)
260 | name = name.split('=', 1)[1]
261 | if not self.ansible_params['set_properties']:
262 | self.ansible_params['set_properties'] = []
263 | self.ansible_params['set_properties'].append(
264 | {'property': self.udm_module.meta.identifying_property, 'value': name}
265 | )
266 | self.ansible_params['position'] = position
267 | except IndexError:
268 | self.result['msg'] = 'Invalid parameter dn'
269 | self.ansible_module.fail_json(**self.result)
270 |
271 | def _get_object_by_property(self):
272 | try:
273 | for prop in self.ansible_params['set_properties']:
274 | if prop['property'] == self.udm_module.meta.identifying_property:
275 | return self.udm_module.get_by_id(prop['value'])
276 | else:
277 | return None
278 | except univention.udm.exceptions.NoObject:
279 | return None
280 | except univention.udm.exceptions.MultipleObjects:
281 | return None
282 | except TypeError:
283 | return None
284 |
285 | def _get_udm_obj_by_property(self):
286 | obj_by_property = []
287 | obj = self._get_object_by_property()
288 | if obj:
289 | obj_by_property.append(obj)
290 | return obj_by_property
291 |
292 | def _get_udm_obj_by_filter(self):
293 | obj_by_filter = []
294 | if self.ansible_params['filter']:
295 | for obj in self.udm_module.search(self.ansible_params['filter']):
296 | obj_by_filter.append(obj)
297 | return obj_by_filter
298 |
299 | def _encoder(self, obj, prop):
300 | """
301 | :params: obj : udm_obj
302 | :params: prop : str
303 | :returns: The _encoder class for the given prop
304 | """
305 | return obj.props._encoders.get(prop)(
306 | property_name=prop,
307 | connection=self.udm_module.connection,
308 | api_version=self.udm_api_version,
309 | )
310 |
311 | def _decode_value(self, obj, prop, value):
312 | """
313 | :returns: the decoded value
314 | """
315 | if prop in obj.props._encoders:
316 | value = self._encoder(obj, prop).decode(value)
317 | return value
318 |
319 | def _encode_value(self, obj, prop, value):
320 | """
321 | :returns: the encoded value
322 | """
323 | if prop in obj.props._encoders:
324 | value = self._encoder(obj, prop).encode(value)
325 | return value
326 |
327 | def _set_property(self, obj, prop, value):
328 | self._try_function(
329 | setattr,
330 | obj.props, prop, self._decode_value(obj, prop, value)
331 | )
332 |
333 | def _get_obj_properties_list(self, obj):
334 | return [prop for prop in dir(obj.props) if not prop.startswith(('__', '_'))]
335 |
336 | def _get_obj_properties_as_dict(self, obj):
337 | """
338 | :params: obj
339 | :returns: dict
340 | """
341 | properties_dict = {}
342 | for prop in self._get_obj_properties_list(obj):
343 | properties_dict[prop] = self._encode_value(obj, prop, getattr(obj.props, prop))
344 | return properties_dict
345 |
346 | def _set_changes(self, obj, dn, state):
347 | """
348 | :params: obj
349 | :params: dn
350 | :params: state ['new', 'old']
351 | """
352 | self._changes[state][dn] = {}
353 | self._changes[state][dn]['properties'] = self._get_obj_properties_as_dict(obj)
354 | self._changes[state][dn]['options'] = obj.options
355 | self._changes[state][dn]['policies'] = obj.policies
356 |
357 | def _apply_policies(self, obj):
358 | if self.ansible_params['policies']:
359 | obj.policies = self.ansible_params['policies']
360 |
361 | def _apply_options(self, obj):
362 | if self.ansible_params['options']:
363 | obj.options = self.ansible_params['options']
364 |
365 | def _create_object(self):
366 | obj = self.udm_module.new(
367 | superordinate=self.ansible_params.get('superordinate')
368 | )
369 | if self.ansible_params['position']:
370 | obj.position = self.ansible_params['position']
371 | self._apply_options(obj)
372 | self._apply_policies(obj)
373 | if self.ansible_params['set_properties']:
374 | for attr in self.ansible_params['set_properties']:
375 | prop_name = attr['property']
376 | prop_value = attr['value']
377 | self._set_property(obj, prop_name, prop_value)
378 | if not self.ansible_module.check_mode:
379 | self._try_function(
380 | obj.save
381 | )
382 | self.changed_objects.append(obj.dn)
383 | self._set_changes(obj, obj.dn, 'new')
384 |
385 | def _modify_object(self, obj):
386 | self._set_changes(obj, obj.dn, 'old')
387 | self._apply_options(obj)
388 | self._apply_policies(obj)
389 | if self.ansible_params['unset_properties']:
390 | for attr in self.ansible_params['unset_properties']:
391 | prop_name = attr['property']
392 | self._set_property(obj, prop_name, None)
393 | if self.ansible_params['set_properties']:
394 | for attr in self.ansible_params['set_properties']:
395 | prop_name = attr['property']
396 | prop_value = attr['value']
397 | self._set_property(obj, prop_name, prop_value)
398 | if prop_name == "password":
399 | self._set_property(obj, "overridePWHistory", "1")
400 | if not self.ansible_module.check_mode:
401 | self._try_function(
402 | obj.save
403 | )
404 | self.changed_objects.append(obj.dn)
405 | self._set_changes(obj, obj.dn, 'new')
406 |
407 | def _remove_objects(self, obj):
408 | self._set_changes(obj, obj.dn, 'old')
409 | if not self.ansible_module.check_mode:
410 | self._try_function(
411 | obj.delete
412 | )
413 | self.changed_objects.append(obj.dn)
414 |
415 | def _detect_changes(self):
416 | _old = self._changes['old']
417 | _new = self._changes['new']
418 | _diff = {}
419 | if _new and not _old:
420 | # obj created
421 | self.result['meta']['created'] = _new
422 | self.result['msg'] = "created objects: {}".format(' '.join(self.changed_objects))
423 | self.result['changed'] = True
424 | elif _old and not _new:
425 | # obj removed
426 | self.result['meta']['removed'] = _old
427 | self.result['msg'] = "removed objects: {}".format(' '.join(self.changed_objects))
428 | self.result['changed'] = True
429 | elif _new and _old:
430 | # obj modified
431 | for _obj in _new:
432 | _diff[_obj] = {}
433 | changed = False
434 | # options
435 | if _old[_obj]['options'] != _new[_obj]['options'] and _new[_obj]['options'] != ['default']:
436 | _diff[_obj]['options'] = _new[_obj]['options']
437 | changed = True
438 | # policies
439 | if _old[_obj]['policies'] != _new[_obj]['policies']:
440 | _diff[_obj]['policies'] = _new[_obj]['policies']
441 | changed = True
442 | # properties
443 | if _old[_obj]['properties'] != _new[_obj]['properties']:
444 | _diff[_obj]['properties'] = {}
445 | for prop in _new[_obj]['properties']:
446 | if _old[_obj]['properties'][prop] != _new[_obj]['properties'][prop]:
447 | _diff[_obj]['properties'][prop] = _new[_obj]['properties'][prop]
448 | changed = True
449 | if changed:
450 | self.result['meta']['modified'] = _diff
451 | self.result['msg'] = "modified objects: {}".format(' '.join(self.changed_objects))
452 | self.result['changed'] = True
453 | if not self.result['changed']:
454 | self.result['msg'] = "nothing changed"
455 |
456 | def run(self):
457 | # univention module
458 | self._check_univention_import_errors()
459 | udm_con = self._get_udm_connection()
460 | self.udm_module = self._get_udm_module(udm_con, self.ansible_params['module'])
461 | self._extract_properties_from_dn()
462 | # get udm_objects
463 | udm_objects = self._get_udm_obj_by_filter()
464 | udm_objects += self._get_udm_obj_by_property()
465 | # State present
466 | if self.ansible_params['state'] == 'present':
467 | for obj in udm_objects:
468 | self._modify_object(obj)
469 | if not udm_objects:
470 | self._create_object()
471 | # State absent
472 | elif self.ansible_params['state'] == 'absent':
473 | for obj in udm_objects:
474 | self._remove_objects(obj)
475 | if not self.ansible_module.check_mode:
476 | self._detect_changes()
477 | self.ansible_module.exit_json(**self.result)
478 |
479 |
480 | def run_module():
481 | module_args = dict(
482 | module=dict(
483 | type='str',
484 | required=True
485 | ),
486 | position=dict(
487 | type='str',
488 | required=False
489 | ),
490 | set_properties=dict(
491 | type='list',
492 | required=False
493 | ),
494 | unset_properties=dict(
495 | type='list',
496 | required=False
497 | ),
498 | dn=dict(
499 | type='str',
500 | required=False
501 | ),
502 | filter=dict(
503 | type='str',
504 | required=False
505 | ),
506 | state=dict(
507 | type='str',
508 | default='present',
509 | choices=['present', 'absent'],
510 | required=False
511 | ),
512 | options=dict(
513 | type='list',
514 | required=False
515 | ),
516 | policies=dict(
517 | type='list',
518 | required=False
519 | ),
520 | superordinate=dict(
521 | type='str',
522 | default=None,
523 | required=False
524 | ),
525 | )
526 |
527 | module = AnsibleModule(
528 | argument_spec=module_args,
529 | supports_check_mode=True
530 | )
531 |
532 | udm_ansible_module = UDMAnsibleModule(module)
533 | udm_ansible_module.run()
534 |
535 |
536 | if __name__ == '__main__':
537 | run_module()
538 |
--------------------------------------------------------------------------------
/tests/integration/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM univention/univention-corporate-server
2 |
3 | ENV DEBIAN_FRONTEND=noninteractive
4 | RUN apt update && \
5 | apt install -y locales python-pip python-cairo-dev python3-pip python3-cairo-dev && \
6 | apt autoremove -y && \
7 | rm -rf /var/lib/apt/lists/*
8 |
9 | RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
10 | dpkg-reconfigure --frontend=noninteractive locales && \
11 | update-locale LANG=en_US.UTF-8
12 | ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8
13 |
--------------------------------------------------------------------------------
/tests/integration/targets/univention_app/tasks/main.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # Install with specific version and config parameter
3 | - name: "Install & configure ox-connector"
4 | univention_app:
5 | name: "ox-connector"
6 | state: "present"
7 | version: "2.1.0"
8 | auth_username: "Administrator"
9 | auth_password: "univention"
10 | config:
11 | ox_SOAP_SERVER: "Test"
12 |
13 | # Upgrade to specific version
14 | - name: "Upgrade ox-connector"
15 | univention_app:
16 | name: "ox-connector"
17 | state: "present"
18 | version: "2.1.3"
19 | auth_username: "Administrator"
20 | auth_password: "univention"
21 |
22 | # change config Params
23 | - name: "Configure ox-connector"
24 | univention_app:
25 | name: "ox-connector"
26 | state: "present"
27 | auth_username: "Administrator"
28 | auth_password: "univention"
29 | config:
30 | ox_SOAP_SERVER: "TestTest"
31 |
32 | # No changes when Config Params are identical
33 | - name: "Configure ox-connector no changes"
34 | univention_app:
35 | name: "ox-connector"
36 | state: "present"
37 | auth_username: "Administrator"
38 | auth_password: "univention"
39 | config:
40 | ox_SOAP_SERVER: "TestTest"
41 |
42 | # Stop App
43 | - name: "Stop ox-connector"
44 | univention_app:
45 | name: "ox-connector"
46 | state: "stopped"
47 | auth_username: "Administrator"
48 | auth_password: "univention"
49 |
50 | # Stall App
51 | - name: "Stall ox-connector"
52 | univention_app:
53 | name: "ox-connector"
54 | state: "present"
55 | auth_username: "Administrator"
56 | auth_password: "univention"
57 | stall: "stalled"
58 |
59 | # unstall App
60 | - name: "Unstall ox-connector"
61 | univention_app:
62 | name: "ox-connector"
63 | state: "present"
64 | auth_username: "Administrator"
65 | auth_password: "univention"
66 | stall: "unstalled"
67 |
68 | # Deinstall App
69 | - name: "Uninstall ox-connector"
70 | univention_app:
71 | name: "ox-connector"
72 | state: "absent"
73 | auth_username: "Administrator"
74 | auth_password: "univention"
75 |
--------------------------------------------------------------------------------
/tests/integration/targets/univention_config_registry/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: "Set keys"
4 | univention_config_registry:
5 | keys:
6 | system/stats/cron: "1 2 3 4 5"
7 | ansible/foo: "bar"
8 |
9 | - name: "Get ansible/foo"
10 | ansible.builtin.command: "univention-config-registry get ansible/foo"
11 | register: "ansible_foo"
12 | changed_when: "ansible_foo.stdout == ''"
13 | failed_when: "'bar' not in ansible_foo.stdout"
14 |
15 | - name: "Get stats cron"
16 | ansible.builtin.command: "tail -2 /etc/cron.d/univention-system-stats"
17 | register: "sys_cron"
18 | changed_when: "sys_cron.stdout == ''"
19 | failed_when: "'1 2 3 4 5' not in sys_cron.stdout"
20 |
21 | - name: "Set /etc/hosts entries"
22 | univention_config_registry:
23 | kvlist:
24 | - key: "hosts/static/{{ _hosts_item }}"
25 | value: "invalid.intranet"
26 | loop: [ "192.168.0.1", "192.168.1.1" ]
27 | loop_control:
28 | loop_var: "_hosts_item"
29 |
30 | - name: "Check /etc/hosts content"
31 | ansible.builtin.lineinfile:
32 | name: "/etc/hosts"
33 | line: "192.168.1.1\tinvalid.intranet"
34 | state: "present"
35 | check_mode: true
36 | register: "hosts"
37 | failed_when: "(hosts is changed) or (hosts is failed)"
38 | tags:
39 | - "skip_ansible_lint"
40 |
41 | - name: "Clear test key"
42 | univention_config_registry:
43 | keys:
44 | ansible/foo:
45 | state: "absent"
46 |
47 | - name: "Get ansible/foo"
48 | ansible.builtin.command: "univention-config-registry get ansible/foo"
49 | register: "ansible_foo"
50 | changed_when: "ansible_foo.stdout != ''"
51 | failed_when: "ansible_foo.stdout != ''"
52 |
53 | - name: "Check cleared key"
54 | ansible.builtin.assert:
55 | that:
56 | - "'bar' not in ansible_foo.stdout"
57 |
58 | - name: "Try ucr set --force"
59 | univention_config_registry:
60 | keys:
61 | ansible/foo: "force"
62 | ansible/foo2: "force"
63 | state: "present"
64 | force: true
65 |
66 | - name: "Check ucr set --force"
67 | ansible.builtin.lineinfile:
68 | name: "/etc/univention/base-forced.conf"
69 | line: "ansible/foo: force"
70 | state: "present"
71 | check_mode: true
72 | register: "forced_conf"
73 | failed_when: "(forced_conf is changed) or (forced_conf is failed)"
74 |
75 | - name: "Try ucr unset --force"
76 | univention_config_registry:
77 | keys:
78 | ansible/foo: "force"
79 | ansible/foo2: "force"
80 | state: "absent"
81 | force: true
82 |
83 | - name: "Check ucr unset --force"
84 | ansible.builtin.lineinfile:
85 | name: "/etc/univention/base-forced.conf"
86 | line: "ansible/foo: force"
87 | state: "absent"
88 | check_mode: true
89 | register: "forced_conf"
90 | failed_when: "(forced_conf is changed) or (forced_conf is failed)"
91 |
--------------------------------------------------------------------------------
/tests/integration/targets/univention_directory_manager/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: "Gather custom facts"
4 | ansible.builtin.command: "univention-config-registry get ldap/base"
5 | register: "base_dn"
6 | changed_when: "base_dn.stdout is search('dn=')"
7 |
8 | - name: "Create a user"
9 | univention_directory_manager:
10 | module: "users/user"
11 | state: "present"
12 | set_properties:
13 | - property: "username"
14 | value: "testuser1"
15 | - property: "lastname"
16 | value: "testuser1"
17 | - property: "password"
18 | value: "{{ lookup('ansible.builtin.password', '/dev/null') }}"
19 |
20 | - name: "Modify testuser1 - add or change a property"
21 | univention_directory_manager:
22 | module: "users/user"
23 | state: "present"
24 | filter: "(uid=testuser1)"
25 | set_properties:
26 | - property: "firstname"
27 | value: "max"
28 |
29 | - name: "Modify testuser1 - remove property"
30 | univention_directory_manager:
31 | module: "users/user"
32 | state: "present"
33 | filter: "(uid=testuser1)"
34 | unset_properties:
35 | - property: "firstname"
36 | value: "does not matter"
37 |
38 | - name: "Delete a user with a search filter"
39 | univention_directory_manager:
40 | module: "users/user"
41 | state: "absent"
42 | filter: "(uid=testuser1)"
43 |
44 | - name: "Create a custom OU"
45 | univention_directory_manager:
46 | module: "container/ou"
47 | state: "present"
48 | set_properties:
49 | - property: "name"
50 | value: "temp"
51 | - property: "userPath"
52 | value: "1"
53 |
54 | - name: "Create a user with position"
55 | univention_directory_manager:
56 | module: "users/user"
57 | state: "present"
58 | position: "ou=temp,{{ base_dn.stdout }}"
59 | set_properties:
60 | - property: "username"
61 | value: "testuser2"
62 | - property: "lastname"
63 | value: "testuser2"
64 | - property: "password"
65 | value: "{{ lookup('ansible.builtin.password', '/dev/null') }}"
66 |
67 | - name: "Delete the user with position"
68 | univention_directory_manager:
69 | module: "users/user"
70 | state: "absent"
71 | dn: "uid=testuser2,ou=temp,{{ base_dn.stdout }}"
72 |
73 | - name: "Check policy setting - Create group with policy"
74 | univention_directory_manager:
75 | module: "groups/group"
76 | state: "present"
77 | dn: "cn=Test Domain Group,cn=groups,{{ base_dn.stdout }}"
78 | policies:
79 | - "cn=default-umc-users,cn=UMC,cn=policies,{{ base_dn.stdout }}"
80 | set_properties:
81 | - property: "description"
82 | value: "Test Group"
83 | - property: "sambaGroupType"
84 | value: "2"
85 |
86 | - name: "Remove Check policy setting - Remove group with policy"
87 | univention_directory_manager:
88 | module: "groups/group"
89 | state: "absent"
90 | dn: "cn=Test Domain Group,cn=groups,{{ base_dn.stdout }}"
91 |
92 | - name: "Check existing Object don't return traceback and does not change"
93 | univention_directory_manager:
94 | module: "portals/category"
95 | state: "present"
96 | dn: "cn=domain-service,cn=category,cn=portals,cn=univention,{{ base_dn.stdout }}"
97 | set_properties:
98 | - property: "displayName"
99 | value:
100 | en_US: "Applications"
101 | de_DE: "Applikation"
102 | fr_FR: "Applications"
103 | - property: "entries"
104 | value:
105 | - "cn=login-ucs,cn=entry,cn=portals,cn=univention,{{ base_dn.stdout }}"
106 | - "cn=login-saml,cn=entry,cn=portals,cn=univention,{{ base_dn.stdout }}"
107 | register: "existing"
108 | failed_when:
109 | - "existing.changed"
110 |
111 | - name: "Python2 - Create a portal_entry with binary attr"
112 | vars:
113 | ansible_python_interpreter: "/usr/bin/python2"
114 | univention_directory_manager:
115 | module: "portals/entry"
116 | state: "present"
117 | position: "cn=entry,cn=portals,cn=univention,{{ base_dn.stdout }}"
118 | set_properties:
119 | - property: "name"
120 | value: "test-entry-py2"
121 | - property: "target"
122 | value: "foo"
123 | - property: "backgroundColor"
124 | value: "#FFCE36"
125 | - property: "displayName"
126 | value:
127 | - ["en_US", "TEST - DisplayName"]
128 | - property: "description"
129 | value:
130 | - ["en_US", "TEST - Description"]
131 | - property: "link"
132 | value:
133 | - ["en_US", "TEST - Link"]
134 | - property: "icon"
135 | value: |
136 | PHN2ZyBpZD0iRWJlbmVfMSIgZGF0YS1uYW1lPSJFYmVuZSAxIiB4bWxucz0iaHR0cDovL3d3dy53
137 | My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA4MCA2MyI+PGRlZnM+PHN0eWxlPi5jbHMtMXtm
138 | aWxsOiNlZWVmZjE7fS5jbHMtMntmaWxsOiM4YTkxOTk7fS5jbHMtM3tmaWxsOiMzYTQyNGI7fTwv
139 | c3R5bGU+PC9kZWZzPjxjaXJjbGUgY2xhc3M9ImNscy0xIiBjeD0iNDAiIGN5PSIzNi4wNCIgcj0i
140 | MjAuMSIvPjxwYXRoIGNsYXNzPSJjbHMtMiIgZD0iTTQ1LjMyLDQzLjI4Yy0xLjQ0LDEuNDQtMy42
141 | OCw0LTMuNzEsNGwuMjUtMy41M3MuNjMtLjUyLDItMS45M2MyLjMzLTIuMzMsMS43OC03LjA3LTEt
142 | OS44OS0yLjM4LTIuMzgtOS04LjYxLTE4LjE4LTE4QTQxLjU2LDQxLjU2LDAsMCwwLDM2LjUzLDM2
143 | Ljg0bC0xLjYyLDEuNzhhNDEuNDEsNDEuNDEsMCwwLDEtMTMtMzAuODVjMywzLjkxLDEzLDEyLjg2
144 | LDIyLjQzLDIyLjI4QzQ3LjA1LDMyLjc1LDQ5LjQyLDM5LjE4LDQ1LjMyLDQzLjI4WiIvPjxwYXRo
145 | IGNsYXNzPSJjbHMtMyIgZD0iTTQyLjgyLDM0LjM1YTcuNTUsNy41NSwwLDAsMSwuODUsMy4xOEMz
146 | OSw0Mi4xOCwzMS4yMyw1MC4xNSwzMS4yMyw1MC4xNVY0Ni4yNEMzMS42LDQ1Ljg2LDM4LjkzLDM4
147 | LjI1LDQyLjgyLDM0LjM1WiIvPjxwYXRoIGNsYXNzPSJjbHMtMyIgZD0iTTU1LjgzLDMybC0xLjU4
148 | LDIuMzlhNi45MSw2LjkxLDAsMCwwLTUuNi0xLDYuNTEsNi41MSwwLDAsMC0xLjcsMSwxMS41OCwx
149 | MS41OCwwLDAsMC0xLjI0LTIuNjQsOS42OCw5LjY4LDAsMCwxLDEuNy0uOTNBOS42OSw5LjY5LDAs
150 | MCwxLDU1LjgzLDMyWiIvPjxwYXRoIGNsYXNzPSJjbHMtMyIgZD0iTTM3Ljc0LDIwLjg4LDM1LDE0
151 | Ljc3Yy0uNDYsMS42NS0uNiwyLjM4LS42NiwyLjYxbC0yLTJhMzUuMTQsMzUuMTQsMCwwLDEsLjY1
152 | LTMuNzdjLjI2LTEuMTgsMS4zNS00Ljc2LDEuMzUtNC43Nmw5LjIxLDE5LjYxWiIvPjwvc3ZnPg==
153 | when:
154 | - "ansible_python_interpreter.endswith('python2')"
155 |
156 | - name: "Python3 - Create a portal_entry with binary attr"
157 | vars:
158 | ansible_python_interpreter: "/usr/bin/python3"
159 | univention_directory_manager:
160 | module: "portals/entry"
161 | state: "present"
162 | position: "cn=entry,cn=portals,cn=univention,{{ base_dn.stdout }}"
163 | set_properties:
164 | - property: "name"
165 | value: "test-entry-py3"
166 | - property: "target"
167 | value: "foo"
168 | - property: "backgroundColor"
169 | value: "#FFCE36"
170 | - property: "displayName"
171 | value:
172 | - ["en_US", "Test - displayname"]
173 | - ["de_DE", "Test - Anzeigename"]
174 | - property: "description"
175 | value:
176 | - ["en_US", "Test - description"]
177 | - ["de_DE", "Test - Beschreibung"]
178 | - property: "link"
179 | value:
180 | - [ "en_US", "TEST - Link" ]
181 | - [ "de_DE", "TEST - Link" ]
182 | - property: "icon"
183 | value: |
184 | PHN2ZyBpZD0iRWJlbmVfMSIgZGF0YS1uYW1lPSJFYmVuZSAxIiB4bWxucz0iaHR0cDovL3d3dy53
185 | My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA4MCA2MyI+PGRlZnM+PHN0eWxlPi5jbHMtMXtm
186 | aWxsOiNlZWVmZjE7fS5jbHMtMntmaWxsOiM4YTkxOTk7fS5jbHMtM3tmaWxsOiMzYTQyNGI7fTwv
187 | c3R5bGU+PC9kZWZzPjxjaXJjbGUgY2xhc3M9ImNscy0xIiBjeD0iNDAiIGN5PSIzNi4wNCIgcj0i
188 | MjAuMSIvPjxwYXRoIGNsYXNzPSJjbHMtMiIgZD0iTTQ1LjMyLDQzLjI4Yy0xLjQ0LDEuNDQtMy42
189 | OCw0LTMuNzEsNGwuMjUtMy41M3MuNjMtLjUyLDItMS45M2MyLjMzLTIuMzMsMS43OC03LjA3LTEt
190 | OS44OS0yLjM4LTIuMzgtOS04LjYxLTE4LjE4LTE4QTQxLjU2LDQxLjU2LDAsMCwwLDM2LjUzLDM2
191 | Ljg0bC0xLjYyLDEuNzhhNDEuNDEsNDEuNDEsMCwwLDEtMTMtMzAuODVjMywzLjkxLDEzLDEyLjg2
192 | LDIyLjQzLDIyLjI4QzQ3LjA1LDMyLjc1LDQ5LjQyLDM5LjE4LDQ1LjMyLDQzLjI4WiIvPjxwYXRo
193 | IGNsYXNzPSJjbHMtMyIgZD0iTTQyLjgyLDM0LjM1YTcuNTUsNy41NSwwLDAsMSwuODUsMy4xOEMz
194 | OSw0Mi4xOCwzMS4yMyw1MC4xNSwzMS4yMyw1MC4xNVY0Ni4yNEMzMS42LDQ1Ljg2LDM4LjkzLDM4
195 | LjI1LDQyLjgyLDM0LjM1WiIvPjxwYXRoIGNsYXNzPSJjbHMtMyIgZD0iTTU1LjgzLDMybC0xLjU4
196 | LDIuMzlhNi45MSw2LjkxLDAsMCwwLTUuNi0xLDYuNTEsNi41MSwwLDAsMC0xLjcsMSwxMS41OCwx
197 | MS41OCwwLDAsMC0xLjI0LTIuNjQsOS42OCw5LjY4LDAsMCwxLDEuNy0uOTNBOS42OSw5LjY5LDAs
198 | MCwxLDU1LjgzLDMyWiIvPjxwYXRoIGNsYXNzPSJjbHMtMyIgZD0iTTM3Ljc0LDIwLjg4LDM1LDE0
199 | Ljc3Yy0uNDYsMS42NS0uNiwyLjM4LS42NiwyLjYxbC0yLTJhMzUuMTQsMzUuMTQsMCwwLDEsLjY1
200 | LTMuNzdjLjI2LTEuMTgsMS4zNS00Ljc2LDEuMzUtNC43Nmw5LjIxLDE5LjYxWiIvPjwvc3ZnPg==
201 | when:
202 | - "ansible_python_interpreter.endswith('python3')"
203 |
204 | - name: "Remove a portal_entry with binary attr"
205 | univention_directory_manager:
206 | module: "portals/entry"
207 | state: "absent"
208 | filter: "(cn=test-entry*)"
209 |
210 | - name: "Test invalid dn"
211 | univention_directory_manager:
212 | module: "groups/group"
213 | state: "absent"
214 | dn: "tt:Test Domain Group,cn=groups,{{ base_dn.stdout }}"
215 | register: "test_invalid_dn"
216 | ignore_errors: true
217 |
218 | - name: "Check invalid dn"
219 | ansible.builtin.assert:
220 | that:
221 | - "test_invalid_dn.failed"
222 |
223 | - name: "Create an extended attribute with superordinary param and complex attributes"
224 | univention_directory_manager:
225 | module: "settings/extended_attribute"
226 | superordinate: "cn=custom attributes,cn=univention,{{ base_dn.stdout }}"
227 | state: "present"
228 | set_properties:
229 | - property: "name"
230 | value: "testAttribute"
231 | - property: "shortDescription"
232 | value: "This is a test attribute"
233 | - property: "translationShortDescription"
234 | value:
235 | - ["de_DE", "Dies ist ein Test-Attribut"]
236 | - property: "module"
237 | value: ["users/user", "groups/group"]
238 | - property: "objectClass"
239 | value: "customAttributeGroups"
240 | - property: "ldapMapping"
241 | value: "customAttributeTestAttribute"
242 | ignore_errors: "{{ ansible_check_mode }}"
243 |
244 | - name: "Remove an extended attribute"
245 | univention_directory_manager:
246 | module: "settings/extended_attribute"
247 | state: "absent"
248 | set_properties:
249 | - property: "name"
250 | value: "testAttribute"
251 |
252 | - name: "Create share with an option"
253 | univention_directory_manager:
254 | module: "shares/share"
255 | state: "present"
256 | options:
257 | - "samba"
258 | set_properties:
259 | - property: "name"
260 | value: "Test"
261 | - property: "path"
262 | value: "/home/test"
263 | - property: "host"
264 | value: "ansible.local"
265 |
266 | - name: "Remove share"
267 | univention_directory_manager:
268 | module: "shares/share"
269 | state: "absent"
270 | filter: "(cn=test)"
271 |
--------------------------------------------------------------------------------