Optimized RBAC via LDAP

roles/docker-mailu/tasks/create-mailu-user.yml

@@ -12,6 +12,7 @@
       "Duplicate entry"   not in mailu_user_result.stderr
     )
   changed_when: mailu_user_result.rc == 0
+  when: "'mail-bot' in item.value.roles or 'administrator' in item.value.roles"
 
 - name: "Change password for user '{{ mailu_user_key }};{{ mailu_user_name }}@{{ mailu_domain }}'"
   command: >
@@ -19,7 +20,8 @@
       {{ mailu_user_name }} {{ mailu_domain }} '{{ mailu_password }}'
   args:
     chdir: "{{ mailu_compose_dir }}"
+  when: "'mail-bot' in item.value.roles or 'administrator' in item.value.roles"
 
 - name: "Create Mailu API Token for {{ mailu_user_name }}"
   include_tasks: create-mailu-token.yml
-  when: mailu_token_enabled
+  when: "{{ 'mail-bot' in item.value.roles }}"

roles/docker-mailu/tasks/main.yml

@@ -42,7 +42,6 @@
     mailu_user_key:           "{{ item.key }}"
     mailu_user_name:          "{{ item.value.username }}"
     mailu_password:           "{{ item.value.password }}"
-    mailu_token_enabled:      "{{ item.value.mailu_token_enabled | default(false)}}"
     mailu_token_ip:           "{{ item.value.ip | default('') }}"
   loop:                       "{{ users | dict2items }}"
   loop_control:

roles/docker-mailu/vars/configuration.yml

@@ -22,4 +22,8 @@ csp:
     script-src:
       unsafe-inline:        true
       unsafe-eval:          true
+rbac:
+  roles:
+    mail-bot:
+      description: "Has an token to send and recieve emails"