Solved other refactoring bugs and optimized docker role template

2025-07-07 17:15:15 +02:00 · 2025-07-06 19:54:51 +02:00 · 2025-07-06 19:54:51 +02:00 · 5919f49741
commit 5919f49741
parent ea9cc07112
10 changed files with 74 additions and 15 deletions
--- a/roles/docker-ldap/filter_plugins/build_ldap_role_entries.py
+++ b/roles/docker-ldap/filter_plugins/build_ldap_role_entries.py
@ -17,7 +17,7 @@ def build_ldap_role_entries(applications, users, ldap):
        group_id = application_config.get("group_id")
        user_dn_base = ldap["dn"]["ou"]["users"]
-        ldap_user_attr = ldap["attributes"]["user_id"]
+        ldap_user_attr = ldap["user"]["attributes"]["id"]
        role_dn_base = ldap["dn"]["ou"]["roles"]
        flavors = ldap.get("rbac", {}).get("flavors", [])
--- a/roles/docker-sphinx/tasks/main.yml
+++ b/roles/docker-sphinx/tasks/main.yml
@ -1,9 +1,5 @@
 ---
 # Docker Routines
 - name: "include docker-compose role"
  include_role: 
    name: docker-compose
 - name: "pkgmgr install"
  include_role:
    name: pkgmgr-install
@ -15,6 +11,10 @@
  command: pkgmgr path cymais-sphinx
  register: path_cymais_sphinx_output
 - name: "include docker-compose role"
  include_role: 
    name: docker-compose
 - name: "include role nginx-domain-setup for {{application_id}}"
  include_role:
    name: nginx-domain-setup
--- a/roles/roles/docker-pretix/Readme.md
+++ b/roles/roles/docker-pretix/Readme.md
@ -0,0 +1,2 @@
 # Pretix (Draft)
 See https://github.com/pretix/pretix
--- a/templates/docker_role/meta/main.yml.j2
+++ b/templates/docker_role/meta/main.yml.j2
@ -21,3 +21,8 @@ galaxy_info:
  documentation: "https://github.com/kevinveenbirkenbach/cymais/roles/{{application_id}}"
  logo:
    class: "{{ logo_classes }}"
  run_after:
    - docker-matomo
    - docker-keycloak
    - docker-mailu
 dependencies: []
--- a/templates/docker_role/tasks/main.yml.j2
+++ b/templates/docker_role/tasks/main.yml.j2
@ -1,6 +1,6 @@
 ---
-{% if database | bool %}
+{% if database_type | bool %}
 {% raw %}
 - name: "include docker-central-database"
@ -8,13 +8,6 @@
    name: docker-central-database
  when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined
 - name: "include role nginx-domain-setup for {{application_id}}"
  include_role:
    name: nginx-domain-setup
  vars:
    domain:   "{{ domains | get_domain(application_id) }}"
    http_port:   "{{ ports.localhost.http[application_id] }}"
  when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined
 {% endraw %}
 {% else %}
@ -29,6 +22,15 @@
 {% endif %}
 {% raw %}
 - name: "include role nginx-domain-setup for {{application_id}}"
  include_role:
    name: nginx-domain-setup
  vars:
    domain:   "{{ domains | get_domain(application_id) }}"
    http_port:   "{{ ports.localhost.http[application_id] }}"
  when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined
 - name: run the {% raw %}portfolio{% endraw %} tasks once
  set_fact:
    run_once_docker_portfolio: true
--- a/templates/docker_role/templates/Dockerfile.j2.j2
+++ b/templates/docker_role/templates/Dockerfile.j2.j2
--- a/templates/docker_role/templates/docker-compose.yml.j2.j2
+++ b/templates/docker_role/templates/docker-compose.yml.j2.j2
@ -0,0 +1,19 @@
 services:
  portfolio:
    build:
      context: {{docker_repository_path}}
      dockerfile: Dockerfile
    image: application-portfolio
    container_name: portfolio
    ports:
      - 127.0.0.1:{{ports.localhost.http[application_id]}}:5000
    volumes:
      - {{docker_repository_path}}app:/app
    restart: unless-stopped
 {% include 'templates/docker/container/networks.yml.j2' %}
    healthcheck:
      test: ["CMD", "bash", "-c", "exec 3<>/dev/tcp/localhost/5000 && echo -e 'GET / HTTP/1.1\\r\\nHost: localhost\\r\\nConnection: close\\r\\n\\r\\n' >&3 && cat <&3 | grep -q 'HTTP/1.1'"]
      interval: 30s
      timeout: 10s
      retries: 3
 {% include 'templates/docker/compose/networks.yml.j2' %}
--- a/templates/docker_role/templates/env.j2.j2
+++ b/templates/docker_role/templates/env.j2.j2
--- a/templates/docker_role/vars/configuration.yml.j2
+++ b/templates/docker_role/vars/configuration.yml.j2
@ -0,0 +1,29 @@
 features:
  matomo:           true
  css:              true
  portfolio_iframe: false
 csp:
  whitelist:
    script-src-elem:
      - https://cdn.jsdelivr.net
      - https://kit.fontawesome.com
    style-src:
      - https://cdn.jsdelivr.net
    font-src:
      - https://ka-f.fontawesome.com
      - https://cdn.jsdelivr.net
    connect-src:
      - https://ka-f.fontawesome.com
    frame-src:
      - "{{ web_protocol }}://*.{{primary_domain}}"
  flags:
    style-src:
      unsafe-inline: true
    script-src:
      unsafe-inline: true
    script-src-elem:
      unsafe-inline: true
 domains:
  canonical:
    - "{{ primary_domain }}"
--- a/tests/unit/roles/docker-ldap/test_build_ldap_role_entries.py
+++ b/tests/unit/roles/docker-ldap/test_build_ldap_role_entries.py
@ -48,8 +48,10 @@ class TestBuildLdapRoleEntries(unittest.TestCase):
                    "roles": "ou=roles,dc=example,dc=org"
                }
            },
-            "attributes": {
+            "user":{
-                "user_id": "uid"
+                "attributes": {
                    "id": "uid"
                }
            },
            "rbac": {
                "flavors": ["posixGroup", "groupOfNames"]
		`@ -0,0 +1,2 @@`
							`# Pretix (Draft)`
							`See https://github.com/pretix/pretix`