ansible-role-nextcloud/library/nextcloud_ldap.py

from ansible.module_utils.basic import AnsibleModule

import os
import json


def run_module():
	module_args = {
		'config': {'type': 'dict', 'default': {}}
	}

	result = {
		'changed': False,
		'message': '',
		'diff': {'before': {}, 'after': {}}
	}

	module = AnsibleModule(
		argument_spec=module_args,
		supports_check_mode=True
	)

	if 'config_id' not in module.params:
		module.params['config_id'] = 's01'

	rc, stdout, stderr = module.run_command(['nextcloud-occ', 'ldap:show-config', '--show-password', '--output', 'json'], check_rc=True)

	try:
		current_configs = json.loads(stdout)
	except Exception as e:
		module.fail_json(msg=str(e), **result)

	if module.params['config']['config_id'] not in current_configs.keys():
		new_config_id_calculated = f"s{len(current_configs.keys())+1:02d}"

		if new_config_id_calculated != module.params['config']['config_id']:
			module.fail_json(msg=f"Config ID ({module.params['config']['config_id']}) does not match next free config ID ({new_config_id})!", **result)

		if not module.check_mode:
			rc, stdout, stderr = module.run_command(['nextcloud-occ', 'ldap:create-empty-config', '--only-print-prefix'], check_rc=True)
			new_config_id = stdout.strip()

			if new_config_id != new_config_id_calculated:
				module.fail_json(msg=f"New config id ({new_config_id}) is not the same as calculated id ({new_config_id_calculated})!", **result)

			rc, stdout, stderr = module.run_command(['nextcloud-occ', 'ldap:show-config', '--show-password', '--output', 'json'], check_rc=True)

			try:
				current_configs = json.loads(stdout)
			except Exception as e:
				module.fail_json(msg=str(e), **result)

		result['changed'] = True

		if module.check_mode:
			module.exit_json(**result)

	current_config = current_configs[module.params['config']['config_id']]
	new_config = module.params['config']['config']

	for key in current_config.keys():
		if key in new_config and str(current_config[key]) != str(new_config[key]):
			result['diff']['before'][key] = current_config[key]
			result['diff']['after'][key] = new_config[key]

			result['changed'] = True

			if not module.check_mode:
				try:
					module.run_command(['nextcloud-occ', 'ldap:set-config', module.params['config']['config_id'], key,
										';'.join(new_config[key]) if isinstance(new_config[key], list) else str(new_config[key])],
										check_rc=True)
				except Exception as e:
					module.fail_json(msg="Error on key " + key + " : " + str(e), **result)

	rc, stdout, stderr = module.run_command(['nextcloud-occ', 'ldap:test-config', module.params['config']['config_id']], check_rc=True)

	if stdout.strip() != 'The configuration is valid and the connection could be established!':
		module.fail_json(msg=f"LDAP connection test failed: {stdout}", **result)

	if not module.check_mode:
		module.run_command(['nextcloud-occ', 'ldap:set-config', module.params['config']['config_id'], 'ldapConfigurationActive', '1'], check_rc=True)

		# set update interval, seems necessary to activate sync.
		module.run_command(['nextcloud-occ', 'config:app:set', 'user_ldap', 'updateAttributesInterval', '--value=86400'], check_rc=True)

	module.exit_json(**result)


if __name__ == '__main__':
	run_module()