Solved other refactoring bugs and optimized docker role template

roles/docker-ldap/filter_plugins/build_ldap_role_entries.py

@@ -17,7 +17,7 @@ def build_ldap_role_entries(applications, users, ldap):
 
         group_id = application_config.get("group_id")
         user_dn_base = ldap["dn"]["ou"]["users"]
-        ldap_user_attr = ldap["attributes"]["user_id"]
+        ldap_user_attr = ldap["user"]["attributes"]["id"]
         role_dn_base = ldap["dn"]["ou"]["roles"]
         flavors = ldap.get("rbac", {}).get("flavors", [])
 

roles/docker-sphinx/tasks/main.yml

@@ -1,9 +1,5 @@
 ---
 # Docker Routines
-- name: "include docker-compose role"
-  include_role: 
-    name: docker-compose
-
 - name: "pkgmgr install"
   include_role:
     name: pkgmgr-install
@@ -15,6 +11,10 @@
   command: pkgmgr path cymais-sphinx
   register: path_cymais_sphinx_output
 
+- name: "include docker-compose role"
+  include_role: 
+    name: docker-compose
+
 - name: "include role nginx-domain-setup for {{application_id}}"
   include_role:
     name: nginx-domain-setup

roles/roles/docker-pretix/Readme.md

@@ -0,0 +1,2 @@
+# Pretix (Draft)
+See https://github.com/pretix/pretix

templates/docker_role/meta/main.yml.j2

@@ -21,3 +21,8 @@ galaxy_info:
   documentation: "https://github.com/kevinveenbirkenbach/cymais/roles/{{application_id}}"
   logo:
     class: "{{ logo_classes }}"
+  run_after:
+    - docker-matomo
+    - docker-keycloak
+    - docker-mailu
+dependencies: []

templates/docker_role/tasks/main.yml.j2

@@ -1,6 +1,6 @@
 ---
 
-{% if database | bool %}
+{% if database_type | bool %}
 
 {% raw %}
 - name: "include docker-central-database"
@@ -8,13 +8,6 @@
     name: docker-central-database
   when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined
 
-- name: "include role nginx-domain-setup for {{application_id}}"
-  include_role:
-    name: nginx-domain-setup
-  vars:
-    domain:   "{{ domains | get_domain(application_id) }}"
-    http_port:   "{{ ports.localhost.http[application_id] }}"
-  when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined
 {% endraw %}
 
 {% else %}
@@ -29,6 +22,15 @@
 {% endif %}
 
 {% raw %}
+
+- name: "include role nginx-domain-setup for {{application_id}}"
+  include_role:
+    name: nginx-domain-setup
+  vars:
+    domain:   "{{ domains | get_domain(application_id) }}"
+    http_port:   "{{ ports.localhost.http[application_id] }}"
+  when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined
+
 - name: run the {% raw %}portfolio{% endraw %} tasks once
   set_fact:
     run_once_docker_portfolio: true

templates/docker_role/templates/docker-compose.yml.j2.j2

@@ -0,0 +1,19 @@
+services:
+  portfolio:
+    build:
+      context: {{docker_repository_path}}
+      dockerfile: Dockerfile
+    image: application-portfolio
+    container_name: portfolio
+    ports:
+      - 127.0.0.1:{{ports.localhost.http[application_id]}}:5000
+    volumes:
+      - {{docker_repository_path}}app:/app
+    restart: unless-stopped
+{% include 'templates/docker/container/networks.yml.j2' %}
+    healthcheck:
+      test: ["CMD", "bash", "-c", "exec 3<>/dev/tcp/localhost/5000 && echo -e 'GET / HTTP/1.1\\r\\nHost: localhost\\r\\nConnection: close\\r\\n\\r\\n' >&3 && cat <&3 | grep -q 'HTTP/1.1'"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+{% include 'templates/docker/compose/networks.yml.j2' %}

templates/docker_role/vars/configuration.yml.j2

@@ -0,0 +1,29 @@
+features:
+  matomo:           true
+  css:              true
+  portfolio_iframe: false
+csp:
+  whitelist:
+    script-src-elem:
+      - https://cdn.jsdelivr.net
+      - https://kit.fontawesome.com
+    style-src:
+      - https://cdn.jsdelivr.net
+    font-src:
+      - https://ka-f.fontawesome.com
+      - https://cdn.jsdelivr.net
+    connect-src:
+      - https://ka-f.fontawesome.com
+    frame-src:
+      - "{{ web_protocol }}://*.{{primary_domain}}"
+  flags:
+    style-src:
+      unsafe-inline: true
+    script-src:
+      unsafe-inline: true
+    script-src-elem:
+      unsafe-inline: true
+domains:
+  canonical:
+    - "{{ primary_domain }}"
+

tests/unit/roles/docker-ldap/test_build_ldap_role_entries.py

@@ -48,8 +48,10 @@ class TestBuildLdapRoleEntries(unittest.TestCase):
                     "roles": "ou=roles,dc=example,dc=org"
                 }
             },
+            "user":{
                 "attributes": {
-                "user_id": "uid"
+                    "id": "uid"
+                }
             },
             "rbac": {
                 "flavors": ["posixGroup", "groupOfNames"]