Merge pull request #64 from Oefenweb/pr-59

Add userlist support
Oefenweb · Oct 9, 2017 · 82de5f8 · 82de5f8
2 parents a5c31c9 + c7518b1
commit 82de5f8
Show file tree

Hide file tree

Showing 6 changed files with 69 additions and 0 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,20 @@
+FROM ubuntu:16.04
+MAINTAINER Mischa ter Smitten <[email protected]>
+
+# python
+RUN apt-get update && \
+  DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal python-dev curl && \
+  apt-get clean
+RUN curl -sL https://bootstrap.pypa.io/get-pip.py | python -
+RUN rm -rf $HOME/.cache
+
+# ansible
+RUN DEBIAN_FRONTEND=noninteractive apt-get install -y gcc libffi-dev libssl-dev && \
+  apt-get clean
+RUN pip install ansible==2.3.2.0
+RUN rm -rf $HOME/.cache
+
+# provision
+COPY . /etc/ansible/roles/ansible-role
+WORKDIR /etc/ansible/roles/ansible-role
+RUN ansible-playbook -i tests/inventory tests/test.yml --connection=local
diff --git a/README.md b/README.md
@@ -219,6 +219,14 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst
 * `haproxy_backend.{n}.server.{n}.listen`: [required]: Defines a listening address and/or ports
 * `haproxy_backend.{n}.server.{n}.param`: [optional]: A list of parameters for this server
 
+* `haproxy_userlists`: [default: `[]`]: Userlist declarations
+* `haproxy_userlists.{n}.name`: [required]: The name of the userlist
+* `haproxy_userlists.{n}.users`: [required] Userlist users declarations
+* `haproxy_userlists.{n}.users.{n}.name`: [required] The username of this user
+* `haproxy_userlists.{n}.users.{n}.password`: [optional] Password hash of this user. **One of `password` or `insecure_password` must be set**
+* `haproxy_userlists.{n}.users.{n}.insecure_password`: [optional] Plaintext password of this user. **One of `password` or `insecure_password` must be set**
+* `haproxy_userlists.{n}.users.{n}.groups`: [optional] List of groups to add the user to
+
 ## Dependencies
 
 None

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -70,3 +70,6 @@ haproxy_frontend: []
 
 # back-end section
 haproxy_backend: []
+
+# user-lists section
+haproxy_userlists: []
diff --git a/templates/etc/haproxy/haproxy.cfg.j2 b/templates/etc/haproxy/haproxy.cfg.j2
@@ -6,6 +6,8 @@ global
 defaults
 {% include 'defaults.cfg.j2' %}
 
+{% include 'userlist.cfg.j2' %}
+
 {% include 'listen.cfg.j2' %}
 
 {% include 'frontend.cfg.j2' %}

diff --git a/templates/etc/haproxy/userlist.cfg.j2 b/templates/etc/haproxy/userlist.cfg.j2
@@ -0,0 +1,21 @@
+{% for userlist in haproxy_userlists %}
+{% set groups = [] %}
+userlist {{ userlist.name }}
+{% for user in userlist.users %}
+{% if user['groups'] is defined %}
+{% set _ = groups.extend(user['groups']) %}
+{% set user_groups = ' groups ' ~ user['groups'] | join(',') %}
+{% else %}
+{% set user_groups = '' %}
+{% endif %}
+{% if user['password'] is defined %}
+  user {{ user.name }} password {{ user.password }}{{ user_groups }}
+{% elif user['insecure_password'] is defined %}
+  user {{ user.name }} insecure-password {{ user.insecure_password }}{{ user_groups }}
+{% endif %}
+{% endfor %}
+{% for group in groups | unique %}
+  group {{ group }}
+{% endfor %}
+
+{% endfor %}
diff --git a/tests/test.yml b/tests/test.yml
@@ -23,3 +23,18 @@
           - forwardfor
           - 'httpchk HEAD / HTTP/1.1\r\nHost:localhost'
         server: []
+
+    # user-lists section
+    haproxy_userlists:
+      - name: test_userlist
+        users:
+          - name: testuser1
+            # secrete
+            password: $6$gLMr0TwOYURPhpXh$onP.5aHZGPE3xufyF8U0/wEKHMz71ECFBx4.uiO7t2ypgyvXS6MNFKHTo16qLttYJYObb0WbXyDmoNRsO4jtq.
+            groups:
+              - test_grp1
+              - test_grp2
+          - name: testuser2
+            insecure_password: secrete
+            groups:
+              - test_grp2