gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a0f70890f1'
${ noResults }
hetzner-ansible/roles/elastic/tasks/_configure_users.yml

97 lines
2.8 KiB
YAML
Raw Blame History

---
- set_fact:
api_path: '/internal/security/users'
user_exists: False
elastic_user_cleaned__create: {}
elastic_user_cleaned__update: {}
- name: "Get all users in elasticsearch"
delegate_to: localhost
uri:
url: "https://{{ api_endpoint }}{{ api_path }}"
method: GET
status_code: [200]
user: "{{ elastic_admin_username_vault }}"
password: "{{ elastic_admin_password_vault }}"
force_basic_auth: yes
register: all_users
become: false
- set_fact:
lookup_user_object: '{{ all_users.json | community.general.json_query(users_query) }}'
vars:
users_query: "[?username=='{{ elastic_user.username }}']"
- set_fact:
user_exists: True
when:
- lookup_user_object | length > 0
- set_fact:
elastic_user_cleaned__create: "{{ elastic_user_cleaned__create | combine({item.key: item.value}) }}"
with_dict: '{{ elastic_user }}'
when:
- item.key not in ['elastic_state']
# make sure to not override userdefined password with initial password
- set_fact:
elastic_user_cleaned__update: "{{ elastic_user_cleaned__update | combine({item.key: item.value}) }}"
with_dict: '{{ elastic_user_cleaned__create }}'
when:
- item.key not in ['password']
- name: "Create user <<{{ elastic_user.username }}>>"
delegate_to: localhost
uri:
url: "https://{{ api_endpoint }}{{ api_path }}/{{ elastic_user.username }}"
method: POST
status_code: [200]
user: "{{ elastic_admin_username_vault }}"
password: "{{ elastic_admin_password_vault }}"
force_basic_auth: yes
headers:
Content-Type: application/json
kbn-xsrf: true
body_format: json
body: '{{ elastic_user_cleaned__create | to_json }}'
become: false
when:
- not user_exists
- elastic_user.elastic_state == 'present'
- name: "Update user <<{{ elastic_user.username }}>>"
delegate_to: localhost
uri:
url: "https://{{ api_endpoint }}{{ api_path }}/{{ elastic_user.username }}"
method: POST
status_code: [200]
user: "{{ elastic_admin_username_vault }}"
password: "{{ elastic_admin_password_vault }}"
force_basic_auth: yes
headers:
Content-Type: application/json
kbn-xsrf: true
body_format: json
body: '{{ elastic_user_cleaned__update | to_json }}'
become: false
when:
- user_exists
- elastic_user.elastic_state == 'present'
- name: "DELETE user << elastic_user.username >>"
delegate_to: localhost
uri:
url: "https://{{ api_endpoint }}{{ api_path }}/{{ elastic_user.username }}"
method: DELETE
status_code: [204]
user: "{{ elastic_admin_username_vault }}"
password: "{{ elastic_admin_password_vault }}"
force_basic_auth: yes
headers:
Content-Type: application/json
kbn-xsrf: true
become: false
when:
- user_exists
- elastic_user.elastic_state == 'absent'
Reference in New Issue View Git Blame Copy Permalink