move to copy

README.md

@@ -49,4 +49,4 @@ Im Ansible-Repo müssen diese Sachen hinzugefügt werden:
 ## License
 
 This CCCHH ansible-ccchh repository is licensed under the [MIT License](./LICENSE).  
-[`0001_oidc_group_and_role_mapping_custom_pipeline.patch`](./roles/netbox/files/0001_oidc_group_and_role_mapping_custom_pipeline.patch) is licensed under the Creative Commons: CC BY-SA 4.0 license.
+[`custom_pipeline_oidc_group_and_role_mapping.py`](./roles/netbox/files/custom_pipeline_oidc_group_and_role_mapping.py) is licensed under the Creative Commons: CC BY-SA 4.0 license.

roles/netbox/README.md

@@ -18,7 +18,7 @@ Should work on Debian-based distributions.
 
 ## Optional Arguments
 
-- `netbox__patch_oidc_group_and_role_mapping_custom_pipeline`: Whether or not to patch NetBox to add custom pipeline code for OIDC group and role mapping.
+- `netbox__custom_pipeline_oidc_group_and_role_mapping`: Whether or not to have custom pipeline code for OIDC group and role mapping present.
   See [Custom Pipeline Code for OIDC Group and Role Mapping](#custom-pipeline-code-for-oidc-group-and-role-mapping) for more infos.  
   Defaults to `false`.
 
@@ -75,9 +75,9 @@ The relevant documentation on how to do that can be found here:
 
 ## Custom Pipeline Code for OIDC Group and Role Mapping
 
-Setting the option `netbox__patch_oidc_group_and_role_mapping_custom_pipeline` to `true` makes this role patch NetBox to add custom pipeline code for OIDC group and role mapping.
-Note that this role uses a patch for NetBox >= 4.0.0.  
-The patch is available in `files/0001_oidc_group_and_role_mapping_custom_pipeline.patch`, licensed under the CC BY-SA 4.0 license and taken from [this authentik NetBox documentation](https://docs.goauthentik.io/integrations/services/netbox/).
+Setting the option `netbox__custom_pipeline_oidc_group_and_role_mapping` to `true` makes this role ensure custom pipeline code for OIDC group and role mapping is present.
+Note that this role uses code for NetBox >= 4.0.0.  
+The code is available in `files/custom_pipeline_oidc_group_and_role_mapping.py`, licensed under the CC BY-SA 4.0 license and taken from [this authentik NetBox documentation](https://docs.goauthentik.io/integrations/services/netbox/).
 The documentation also shows how to use the pipeline code by defining a custom `SOCIAL_AUTH_PIPELINE`, which you also need to do, as the configuration isn't provided by this role.
 See also [the default settings.py](https://github.com/netbox-community/netbox/blob/main/netbox/netbox/settings.py) for the default `SOCIAL_AUTH_PIPELINE`.
 

roles/netbox/defaults/main.yaml

@@ -1 +1 @@
-netbox__patch_oidc_group_and_role_mapping_custom_pipeline: false
+netbox__custom_pipeline_oidc_group_and_role_mapping: false

roles/netbox/files/0001_oidc_group_and_role_mapping_custom_pipeline.patch

@@ -1,61 +0,0 @@
-diff --git a/netbox/netbox/custom_pipeline.py b/netbox/netbox/custom_pipeline.py
-new file mode 100644
-index 000000000..470f388dc
---- /dev/null
-+++ b/netbox/netbox/custom_pipeline.py
-@@ -0,0 +1,55 @@
-+# Licensed under Creative Commons: CC BY-SA 4.0 license.
-+# https://github.com/goauthentik/authentik/blob/main/LICENSE
-+# https://github.com/goauthentik/authentik/blob/main/website/integrations/services/netbox/index.md
-+# https://docs.goauthentik.io/integrations/services/netbox/
-+from netbox.authentication import Group
-+
-+class AuthFailed(Exception):
-+    pass
-+
-+def add_groups(response, user, backend, *args, **kwargs):
-+    try:
-+        groups = response['groups']
-+    except KeyError:
-+        pass
-+
-+    # Add all groups from oAuth token
-+    for group in groups:
-+        group, created = Group.objects.get_or_create(name=group)
-+        user.groups.add(group)
-+
-+def remove_groups(response, user, backend, *args, **kwargs):
-+    try:
-+        groups = response['groups']
-+    except KeyError:
-+        # Remove all groups if no groups in oAuth token
-+        user.groups.clear()
-+        pass
-+
-+    # Get all groups of user
-+    user_groups = [item.name for item in user.groups.all()]
-+    # Get groups of user which are not part of oAuth token
-+    delete_groups = list(set(user_groups) - set(groups))
-+
-+    # Delete non oAuth token groups
-+    for delete_group in delete_groups:
-+        group = Group.objects.get(name=delete_group)
-+        user.groups.remove(group)
-+
-+
-+def set_roles(response, user, backend, *args, **kwargs):
-+    # Remove Roles temporary
-+    user.is_superuser = False
-+    user.is_staff = False
-+    try:
-+        groups = response['groups']
-+    except KeyError:
-+        # When no groups are set
-+        # save the user without Roles
-+        user.save()
-+        pass
-+
-+    # Set roles is role (superuser or staff) is in groups
-+    user.is_superuser = True if 'superusers' in groups else False
-+    user.is_staff = True if 'staff' in groups else False
-+    user.save()

roles/netbox/files/custom_pipeline_oidc_group_and_role_mapping.py

@@ -0,0 +1,55 @@
+# Licensed under Creative Commons: CC BY-SA 4.0 license.
+# https://github.com/goauthentik/authentik/blob/main/LICENSE
+# https://github.com/goauthentik/authentik/blob/main/website/integrations/services/netbox/index.md
+# https://docs.goauthentik.io/integrations/services/netbox/
+from netbox.authentication import Group
+
+class AuthFailed(Exception):
+    pass
+
+def add_groups(response, user, backend, *args, **kwargs):
+    try:
+        groups = response['groups']
+    except KeyError:
+        pass
+
+    # Add all groups from oAuth token
+    for group in groups:
+        group, created = Group.objects.get_or_create(name=group)
+        user.groups.add(group)
+
+def remove_groups(response, user, backend, *args, **kwargs):
+    try:
+        groups = response['groups']
+    except KeyError:
+        # Remove all groups if no groups in oAuth token
+        user.groups.clear()
+        pass
+
+    # Get all groups of user
+    user_groups = [item.name for item in user.groups.all()]
+    # Get groups of user which are not part of oAuth token
+    delete_groups = list(set(user_groups) - set(groups))
+
+    # Delete non oAuth token groups
+    for delete_group in delete_groups:
+        group = Group.objects.get(name=delete_group)
+        user.groups.remove(group)
+
+
+def set_roles(response, user, backend, *args, **kwargs):
+    # Remove Roles temporary
+    user.is_superuser = False
+    user.is_staff = False
+    try:
+        groups = response['groups']
+    except KeyError:
+        # When no groups are set
+        # save the user without Roles
+        user.save()
+        pass
+
+    # Set roles is role (superuser or staff) is in groups
+    user.is_superuser = True if 'superusers' in groups else False
+    user.is_staff = True if 'staff' in groups else False
+    user.save()

roles/netbox/meta/argument_specs.yaml

@@ -10,7 +10,7 @@ argument_specs:
       netbox__config:
         type: str
         required: true
-      netbox__patch_oidc_group_and_role_mapping_custom_pipeline:
+      netbox__custom_pipeline_oidc_group_and_role_mapping:
         type: bool
         required: false
         default: false

roles/netbox/tasks/main.yaml

@@ -25,11 +25,24 @@
     - Run upgrade script
     - Ensure netbox systemd services are set up and up-to-date
 
-- name: Ensure patch for adding custom pipeline code for OIDC group and role mapping is applied
-  ansible.posix.patch:
-    src: 0001_oidc_group_and_role_mapping_custom_pipeline.patch
-    basedir: /opt/netbox/
-  when: netbox__patch_oidc_group_and_role_mapping_custom_pipeline
+- name: Ensures custom pipeline code for OIDC group and role mapping is present
+  ansible.builtin.copy:
+    src: custom_pipeline_oidc_group_and_role_mapping.py
+    dest: /opt/netbox/netbox/netbox/custom_pipeline_oidc_mapping.py
+    mode: "0644"
+    owner: root
+    group: root
+  when: netbox__custom_pipeline_oidc_group_and_role_mapping
+  become: true
+  notify:
+    - Ensure netbox systemd services are set up and up-to-date
+
+- name: Ensures custom pipeline code for OIDC group and role mapping is not present
+  ansible.builtin.file:
+    path: /opt/netbox/netbox/netbox/custom_pipeline_oidc_mapping.py
+    state: absent
+  when: not netbox__custom_pipeline_oidc_group_and_role_mapping
+  become: true
   notify:
     - Ensure netbox systemd services are set up and up-to-date