Refactor LDAP variable schema to use top-level constant LDAP and nested ALL-CAPS keys.

- Converted group_vars/all/13_ldap.yml from lower-case to ALL-CAPS nested keys. - Updated all roles, tasks, templates, and filter_plugins to reference LDAP.* instead of ldap.*. - Fixed Keycloak JSON templates to properly quote Jinja variables. - Adjusted svc-db-openldap filter plugins and unit tests to handle new LDAP structure. - Updated integration test to only check uniqueness of TOP-LEVEL ALL-CAPS constants, ignoring nested keys. See: https://chatgpt.com/share/68b01017-efe0-800f-a508-7d7e2f1c8c8d
2025-08-30 15:28:12 +02:00 · 2025-08-28 10:15:48 +02:00
parent b9da6908ec
commit cb66fb2978
33 changed files with 238 additions and 249 deletions
--- a/roles/web-app-openproject/vars/ldap.yml
+++ b/roles/web-app-openproject/vars/ldap.yml
@@ -1,14 +1,14 @@
 openproject_ldap:
  name:                   "{{ PRIMARY_DOMAIN }}"                      # Display name for the LDAP connection in OpenProject
-  host:                   "{{ ldap.server.domain }}"                  # LDAP server address
-  port:                   "{{ ldap.server.port }}"                    # LDAP server port (typically 389 or 636)
-  account:                "{{ ldap.dn.administrator.data }}"          # Bind DN (used for authentication)
-  account_password:       "{{ ldap.bind_credential }}"                # Bind password
-  base_dn:                "{{ ldap.dn.ou.users }}"                       # Base DN for user search
-  attr_login:             "{{ ldap.user.attributes.id }}"             # LDAP attribute used for login
+  host:                   "{{ LDAP.SERVER.DOMAIN }}"                  # LDAP server address
+  port:                   "{{ LDAP.SERVER.PORT }}"                    # LDAP server port (typically 389 or 636)
+  account:                "{{ LDAP.DN.ADMINISTRATOR.DATA }}"          # Bind DN (used for authentication)
+  account_password:       "{{ LDAP.BIND_CREDENTIAL }}"                # Bind password
+  base_dn:                "{{ LDAP.DN.OU.USERS }}"                       # Base DN for user search
+  attr_login:             "{{ LDAP.USER.ATTRIBUTES.ID }}"             # LDAP attribute used for login
  attr_firstname:         "givenName"                                 # LDAP attribute for first name
-  attr_lastname:          "{{ ldap.user.attributes.surname }}"             # LDAP attribute for last name
-  attr_mail:              "{{ ldap.user.attributes.mail }}"                # LDAP attribute for email
+  attr_lastname:          "{{ LDAP.USER.ATTRIBUTES.SURNAME }}"             # LDAP attribute for last name
+  attr_mail:              "{{ LDAP.USER.ATTRIBUTES.MAIL }}"                # LDAP attribute for email
  attr_admin:             "{{ openproject_filters.administrators }}"  # Optional: LDAP attribute for admin group (leave empty if unused)
  onthefly_register:      true                                        # Automatically create users on first login
  tls_mode:               0                                           # 0 = No TLS, 1 = TLS, 2 = STARTTLS
--- a/roles/web-app-openproject/vars/main.yml
+++ b/roles/web-app-openproject/vars/main.yml
@@ -5,17 +5,17 @@ application_id:                 "web-app-openproject"
 database_type:                  "postgres"

 # Open Project Specific
-openproject_version:            "{{ applications | get_app_conf(application_id, 'docker.services.web.version', True) }}"
-openproject_image:              "{{ applications | get_app_conf(application_id, 'docker.services.web.image', True) }}"
-openproject_volume:             "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
-openproject_web_name:           "{{ applications | get_app_conf(application_id, 'docker.services.web.name', True) }}"
-openproject_seeder_name:        "{{ applications | get_app_conf(application_id, 'docker.services.seeder.name', True) }}"
-openproject_cron_name:          "{{ applications | get_app_conf(application_id, 'docker.services.cron.name', True) }}"
-openproject_proxy_name:         "{{ applications | get_app_conf(application_id, 'docker.services.proxy.name', True) }}"
-openproject_worker_name:        "{{ applications | get_app_conf(application_id, 'docker.services.worker.name', True) }}"
+openproject_version:            "{{ applications | get_app_conf(application_id, 'docker.services.web.version') }}"
+openproject_image:              "{{ applications | get_app_conf(application_id, 'docker.services.web.image') }}"
+openproject_volume:             "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
+openproject_web_name:           "{{ applications | get_app_conf(application_id, 'docker.services.web.name') }}"
+openproject_seeder_name:        "{{ applications | get_app_conf(application_id, 'docker.services.seeder.name') }}"
+openproject_cron_name:          "{{ applications | get_app_conf(application_id, 'docker.services.cron.name') }}"
+openproject_proxy_name:         "{{ applications | get_app_conf(application_id, 'docker.services.proxy.name') }}"
+openproject_worker_name:        "{{ applications | get_app_conf(application_id, 'docker.services.worker.name') }}"

 # Open Project Cache
-openproject_cache_name:         "{{ applications | get_app_conf(application_id, 'docker.services.cache.name', True) }}"
+openproject_cache_name:         "{{ applications | get_app_conf(application_id, 'docker.services.cache.name') }}"
 openproject_cache_image:        "{{ applications
     | get_app_conf(application_id, 'docker.services.cache.image')
     or applications
@@ -45,11 +45,11 @@ openproject_rails_settings:
  smtp_ssl:                   false

 openproject_filters:
-  administrators: "{{ '(memberOf=cn=openproject-admins,' ~ ldap.dn.ou.roles ~ ')' 
-       if applications | get_app_conf(application_id, 'ldap.filters.administrators', True) else '' }}"
+  administrators: "{{ '(memberOf=cn=openproject-admins,' ~ LDAP.DN.OU.ROLES ~ ')' 
+       if applications | get_app_conf(application_id, 'ldap.filters.administrators') else '' }}"

-  users: "{{ '(memberOf=cn=openproject-users,' ~ ldap.dn.ou.roles ~ ')' 
-       if applications | get_app_conf(application_id, 'ldap.filters.users', True) else '' }}"
+  users: "{{ '(memberOf=cn=openproject-users,' ~ LDAP.DN.OU.ROLES ~ ')' 
+       if applications | get_app_conf(application_id, 'ldap.filters.users') else '' }}"

 # Docker
 docker_repository_branch:       "stable/{{ openproject_version }}"