herve4m / herve4m.quay / 1.2.0 / module / quay_team_ldap Synchronize Quay Container Registry teams with LDAP groups | "added in version" 0.0.9 of herve4m.quay" Authors: Herve Quatremain (@herve4m)herve4m.quay.quay_team_ldap (1.2.0) — module
Install with ansible-galaxy collection install herve4m.quay:==1.2.0
collections: - name: herve4m.quay version: 1.2.0
Synchronize and unsynchronize teams in organizations with LDAP groups.
- name: Ensure team operators exists before activating LDAP synchronization herve4m.quay.quay_team: name: operators organization: production role: creator # Only robot accounts can be added to a team you prepare for LDAP # synchronization. User accounts that you might add are removed when the # synchronization is activated members: - production+automationrobot append: false state: present quay_host: https://quay.example.com quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7
- name: Ensure team operators is synchronized with the op1 LDAP group herve4m.quay.quay_team_ldap: name: operators organization: production sync: true group_dn: cn=op1,ou=groups quay_host: https://quay.example.com quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7
- name: Ensure team operators is not synchronized anymore with an LDAP group herve4m.quay.quay_team_ldap: name: operators organization: production sync: false # Remove all the users from the team synchronized from the LDAP group keep_users: false quay_host: https://quay.example.com quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7
name: description: - Name of the team to synchronize or unsynchronize with an LDAP group. That team must exist (see the M(herve4m.quay.quay_team) module to create it). required: true type: str sync: default: true description: - If C(yes), then the team members are retrieved from the LDAP group that you define in I(group_dn). The pre-existing members are removed from the team before the synchronization process starts. Existing robot account members are not removed. - If C(no), then the synchronization from LDAP is disabled. Existing team members (from LDAP) are kept, except if you set I(keep_users) to C(no). type: bool group_dn: description: - LDAP group distinguished name (DN), relative to the base DN that you defined in the C(config.yaml) Quay configuration file with the C(LDAP_BASE_DN) parameter. - For example, if the LDAP group DN is C(cn=group1,ou=groups,dc=example,dc=org) and the base DN is C(dc=example,dc=org), then you must set I(group_dn) to C(cn=group1,ou=groups). - I(group_dn) is required when I(sync) is C(yes). type: str quay_host: default: http://127.0.0.1 description: - URL for accessing the API. U(https://quay.example.com:8443) for example. - If you do not set the parameter, then the module uses the C(QUAY_HOST) environment variable. - If you do no set the environment variable either, then the module uses the U(http://127.0.0.1) URL. type: str keep_users: default: true description: - If C(yes), then the current team members are kept after the synchronization is disabled. - If C(no), then the team members are removed (except robot accounts) - I(keep_users) is only used when I(sync) is C(no). type: bool quay_token: description: - OAuth access token for authenticating against the API. - If you do not set the parameter, then the module tries the C(QUAY_TOKEN) environment variable. - Mutually exclusive with I(quay_username) and I(quay_password). type: str organization: description: - Name of the organization for the team. That organization must exist. required: true type: str quay_password: description: - The password to use for authenticating against the API. - If you do not set the parameter, then the module tries the C(QUAY_PASSWORD) environment variable. - If you set I(quay_password), then you also need to set I(quay_username). - Mutually exclusive with I(quay_token). type: str quay_username: description: - The username to use for authenticating against the API. - If you do not set the parameter, then the module tries the C(QUAY_USERNAME) environment variable. - If you set I(quay_username), then you also need to set I(quay_password). - Mutually exclusive with I(quay_token). type: str validate_certs: aliases: - verify_ssl default: true description: - Whether to allow insecure connections to the API. - If C(no), then the module does not validate SSL certificates. - If you do not set the parameter, then the module tries the C(QUAY_VERIFY_SSL) environment variable (C(yes), C(1), and C(True) mean yes, and C(no), C(0), C(False), and no value mean no). type: bool