Merge pull request #27 from stackhpc/django-users

Add pulp_django_user role

Author: markgoddard

roles/pulp_django_user/README.md

@@ -0,0 +1,31 @@
+pulp_django_user
+================
+
+This role creates Django users using the Django admin site.
+
+Role variables
+--------------
+
+* `pulp_url`: URL of Pulp server. Default is `https://localhost:8080`
+* `pulp_admin_username`: Username used to access Pulp server. Default is `admin`
+* `pulp_admin_password`: Password used to access Pulp server. Default is unset
+* `pulp_validate_certs`: Whether to validate Pulp server certificate. Default is `true`
+* `pulp_django_users`: List of Django users to create. Default is an empty list.
+
+Example playbook
+----------------
+
+```
+---
+- name: Create Pulp Django users
+  gather_facts: True
+  hosts: localhost
+  roles:
+    - role: stackhpc.pulp.pulp_django_user
+      pulp_url: https://pulp.example.com
+      pulp_admin_username: admin
+      pulp_admin_password: "{{ secrets_pulp_admin_password }}"
+      pulp_django_users:
+        - username: test-user
+          password: correct horse battery staple
+```

roles/pulp_django_user/defaults/main.yml

@@ -0,0 +1,7 @@
+---
+pulp_url: https://localhost:8080
+pulp_admin_username: admin
+pulp_admin_password:
+pulp_validate_certs: true
+
+pulp_django_users: []

roles/pulp_django_user/tasks/main.yml

@@ -0,0 +1,48 @@
+---
+# Interacting with Django requires us to use cookies for CSRF and login.
+# It also requires the use of a Referer header.
+
+- name: Get a CSRF token
+  uri:
+    url: "{{ pulp_login_url }}"
+    method: GET
+    headers:
+      Referer: "{{ pulp_login_url }}"
+    validate_certs: "{{ pulp_validate_certs | bool }}"
+  register: result_csrf
+
+- name: Login
+  uri:
+    url: "{{ pulp_login_url }}"
+    method: POST
+    headers:
+      Referer: "{{ pulp_login_url }}"
+      Cookie: "{{ result_csrf.cookies_string }}"
+    body:
+      csrfmiddlewaretoken: "{{ result_csrf.cookies.csrftoken }}"
+      username: "{{ pulp_admin_username }}"
+      password: "{{ pulp_admin_password }}"
+    body_format: form-urlencoded
+    follow_redirects: all
+    validate_certs: "{{ pulp_validate_certs | bool }}"
+  register: result_login
+
+# This returns 200 even if the user exists.
+- name: Create a user
+  uri:
+    url: "{{ pulp_add_user_url }}"
+    method: POST
+    headers:
+      Referer: "{{ pulp_login_url }}"
+      Cookie: "{{ result_login.cookies_string }}"
+    body:
+      csrfmiddlewaretoken: "{{ result_login.cookies.csrftoken }}"
+      username: "{{ item.username }}"
+      password1: "{{ item.password }}"
+      password2: "{{ item.password }}"
+    body_format: form-urlencoded
+    follow_redirects: all
+    validate_certs: "{{ pulp_validate_certs | bool }}"
+  loop: "{{ pulp_django_users }}"
+  loop_control:
+    label: "{{ item.username }}"

roles/pulp_django_user/vars/main.yml

@@ -0,0 +1,3 @@
+---
+pulp_login_url: "{{ pulp_url }}/admin/login/?next=/admin/"
+pulp_add_user_url: "{{ pulp_url }}/admin/auth/user/add/"