Optimized OpenProject and CSP rules

2025-11-02 03:08:05 +00:00 · 2025-09-25 14:47:28 +02:00
parent 73bcdcaf45
commit 5186eb5714
4 changed files with 54 additions and 53 deletions
--- a/roles/web-app-openproject/tasks/01_ldap.yml
+++ b/roles/web-app-openproject/tasks/01_ldap.yml
@@ -9,7 +9,7 @@
    login_password: "{{ database_password }}"
    login_host: "127.0.0.1"
    login_port: "{{ database_port }}"
-    query: "SELECT id FROM ldap_auth_sources WHERE name = '{{ openproject_ldap.name }}' LIMIT 1;"
+    query: "SELECT id FROM ldap_auth_sources WHERE name = '{{ OPENPROJECT_LDAP.name }}' LIMIT 1;"
  register: ldap_check

 - name: Update existing LDAP auth source
@@ -21,23 +21,23 @@
    login_port: "{{ database_port }}"
    query: >
      UPDATE ldap_auth_sources SET
-        host = '{{ openproject_ldap.host }}',
-        port = {{ openproject_ldap.port }},
-        account = '{{ openproject_ldap.account }}',
-        account_password = '{{ openproject_ldap.account_password }}',
-        base_dn = '{{ openproject_ldap.base_dn }}',
-        attr_login = '{{ openproject_ldap.attr_login }}',
-        attr_firstname = '{{ openproject_ldap.attr_firstname }}',
-        attr_lastname = '{{ openproject_ldap.attr_lastname }}',
-        attr_mail = '{{ openproject_ldap.attr_mail }}',
-        onthefly_register = {{ openproject_ldap.onthefly_register }},
-        attr_admin = '{{ openproject_ldap.attr_admin }}',
+        host = '{{ OPENPROJECT_LDAP.host }}',
+        port = {{ OPENPROJECT_LDAP.port }},
+        account = '{{ OPENPROJECT_LDAP.account }}',
+        account_password = '{{ OPENPROJECT_LDAP.account_password }}',
+        base_dn = '{{ OPENPROJECT_LDAP.base_dn }}',
+        attr_login = '{{ OPENPROJECT_LDAP.attr_login }}',
+        attr_firstname = '{{ OPENPROJECT_LDAP.attr_firstname }}',
+        attr_lastname = '{{ OPENPROJECT_LDAP.attr_lastname }}',
+        attr_mail = '{{ OPENPROJECT_LDAP.attr_mail }}',
+        onthefly_register = {{ OPENPROJECT_LDAP.onthefly_register }},
+        attr_admin = '{{ OPENPROJECT_LDAP.attr_admin }}',
        updated_at = NOW(),
-        tls_mode = {{ openproject_ldap.tls_mode }},
-        filter_string = '{{ openproject_ldap.filter_string }}',
-        verify_peer = {{ openproject_ldap.verify_peer }},
-        tls_certificate_string = '{{ openproject_ldap.tls_certificate_string }}'
-      WHERE name = '{{ openproject_ldap.name }}';
+        tls_mode = {{ OPENPROJECT_LDAP.tls_mode }},
+        filter_string = '{{ OPENPROJECT_LDAP.filter_string }}',
+        verify_peer = {{ OPENPROJECT_LDAP.verify_peer }},
+        tls_certificate_string = '{{ OPENPROJECT_LDAP.tls_certificate_string }}'
+      WHERE name = '{{ OPENPROJECT_LDAP.name }}';
  when: ldap_check.query_result | length > 0
  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
@@ -55,24 +55,24 @@
       attr_firstname, attr_lastname, attr_mail, onthefly_register, attr_admin,
       created_at, updated_at, tls_mode, filter_string, verify_peer, tls_certificate_string)
      VALUES (
-        '{{ openproject_ldap.name }}',
-        '{{ openproject_ldap.host }}',
-        {{ openproject_ldap.port }},
-        '{{ openproject_ldap.account }}',
-        '{{ openproject_ldap.account_password }}',
-        '{{ openproject_ldap.base_dn }}',
-        '{{ openproject_ldap.attr_login }}',
-        '{{ openproject_ldap.attr_firstname }}',
-        '{{ openproject_ldap.attr_lastname }}',
-        '{{ openproject_ldap.attr_mail }}',
-        {{ openproject_ldap.onthefly_register }},
-        '{{ openproject_ldap.attr_admin }}',
+        '{{ OPENPROJECT_LDAP.name }}',
+        '{{ OPENPROJECT_LDAP.host }}',
+        {{ OPENPROJECT_LDAP.port }},
+        '{{ OPENPROJECT_LDAP.account }}',
+        '{{ OPENPROJECT_LDAP.account_password }}',
+        '{{ OPENPROJECT_LDAP.base_dn }}',
+        '{{ OPENPROJECT_LDAP.attr_login }}',
+        '{{ OPENPROJECT_LDAP.attr_firstname }}',
+        '{{ OPENPROJECT_LDAP.attr_lastname }}',
+        '{{ OPENPROJECT_LDAP.attr_mail }}',
+        {{ OPENPROJECT_LDAP.onthefly_register }},
+        '{{ OPENPROJECT_LDAP.attr_admin }}',
        NOW(),
        NOW(),
-        {{ openproject_ldap.tls_mode }},
-        '{{ openproject_ldap.filter_string }}',
-        {{ openproject_ldap.verify_peer }},
-        '{{ openproject_ldap.tls_certificate_string }}'
+        {{ OPENPROJECT_LDAP.tls_mode }},
+        '{{ OPENPROJECT_LDAP.filter_string }}',
+        {{ OPENPROJECT_LDAP.verify_peer }},
+        '{{ OPENPROJECT_LDAP.tls_certificate_string }}'
      );
  when: ldap_check.query_result | length == 0
  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"