6 changed files with 1 additions and 88 deletions
--- a/README.md
+++ b/README.md
@ -45,8 +45,3 @@ Im Ansible-Repo müssen diese Sachen hinzugefügt werden:
    * Individuelle Config für den Service. Wenn Docker Compose, hier weiterleiten auf den eigentlichen Dienst in Compose.
    * Cert-Dateinamen anpassen
 * `resources/chaosknoten/`*host*`/docker_compose/compose.yaml.j2`: Config für Docker Compose (wenn verwendet)
 ## License
 This CCCHH ansible-ccchh repository is licensed under the [MIT License](./LICENSE).  
 [`0001_oidc_group_and_role_mapping_custom_pipeline.patch`](./roles/netbox/files/0001_oidc_group_and_role_mapping_custom_pipeline.patch) is licensed under the Creative Commons: CC BY-SA 4.0 license.
--- a/roles/netbox/README.md
+++ b/roles/netbox/README.md
@ -18,9 +18,7 @@ Should work on Debian-based distributions.
 ## Optional Arguments
- `netbox__patch_oidc_group_and_role_mapping_custom_pipeline`: Whether or not to patch NetBox to add custom pipeline code for OIDC group and role mapping.
+None.
  See [Custom Pipeline Code for OIDC Group and Role Mapping](#custom-pipeline-code-for-oidc-group-and-role-mapping) for more infos.  
  Defaults to `false`.
 ## NetBox Configuration
@ -73,14 +71,6 @@ The relevant documentation on how to do that can be found here:
 - Web server setup docs: <https://netboxlabs.com/docs/netbox/en/stable/installation/5-http-server/>
 - Example base nginx config: <https://github.com/netbox-community/netbox/blob/main/contrib/nginx.conf>
 ## Custom Pipeline Code for OIDC Group and Role Mapping
 Setting the option `netbox__patch_oidc_group_and_role_mapping_custom_pipeline` to `true` makes this role patch NetBox to add custom pipeline code for OIDC group and role mapping.
 Note that this role uses a patch for NetBox >= 4.0.0.  
 The patch is available in `files/0001_oidc_group_and_role_mapping_custom_pipeline.patch`, licensed under the CC BY-SA 4.0 license and taken from [this authentik NetBox documentation](https://docs.goauthentik.io/integrations/services/netbox/).
 The documentation also shows how to use the pipeline code by defining a custom `SOCIAL_AUTH_PIPELINE`, which you also need to do, as the configuration isn't provided by this role.
 See also [the default settings.py](https://github.com/netbox-community/netbox/blob/main/netbox/netbox/settings.py) for the default `SOCIAL_AUTH_PIPELINE`.
 ## Links & Resources
 - The NetBox Git Repo: <https://github.com/netbox-community/netbox>
--- a/roles/netbox/defaults/main.yaml
+++ b/roles/netbox/defaults/main.yaml
@ -1 +0,0 @@
 netbox__patch_oidc_group_and_role_mapping_custom_pipeline: false
--- a/roles/netbox/files/0001_oidc_group_and_role_mapping_custom_pipeline.patch
+++ b/roles/netbox/files/0001_oidc_group_and_role_mapping_custom_pipeline.patch
@ -1,61 +0,0 @@
 diff --git a/netbox/netbox/custom_pipeline.py b/netbox/netbox/custom_pipeline.py
 new file mode 100644
 index 000000000..470f388dc
 --- /dev/null
 +++ b/netbox/netbox/custom_pipeline.py
@@ -0,0 +1,55 @@
 +# Licensed under Creative Commons: CC BY-SA 4.0 license.
 +# https://github.com/goauthentik/authentik/blob/main/LICENSE
 +# https://github.com/goauthentik/authentik/blob/main/website/integrations/services/netbox/index.md
 +# https://docs.goauthentik.io/integrations/services/netbox/
 +from netbox.authentication import Group
 +
 +class AuthFailed(Exception):
 +    pass
 +
 +def add_groups(response, user, backend, *args, **kwargs):
 +    try:
 +        groups = response['groups']
 +    except KeyError:
 +        pass
 +
 +    # Add all groups from oAuth token
 +    for group in groups:
 +        group, created = Group.objects.get_or_create(name=group)
 +        user.groups.add(group)
 +
 +def remove_groups(response, user, backend, *args, **kwargs):
 +    try:
 +        groups = response['groups']
 +    except KeyError:
 +        # Remove all groups if no groups in oAuth token
 +        user.groups.clear()
 +        pass
 +
 +    # Get all groups of user
 +    user_groups = [item.name for item in user.groups.all()]
 +    # Get groups of user which are not part of oAuth token
 +    delete_groups = list(set(user_groups) - set(groups))
 +
 +    # Delete non oAuth token groups
 +    for delete_group in delete_groups:
 +        group = Group.objects.get(name=delete_group)
 +        user.groups.remove(group)
 +
 +
 +def set_roles(response, user, backend, *args, **kwargs):
 +    # Remove Roles temporary
 +    user.is_superuser = False
 +    user.is_staff = False
 +    try:
 +        groups = response['groups']
 +    except KeyError:
 +        # When no groups are set
 +        # save the user without Roles
 +        user.save()
 +        pass
 +
 +    # Set roles is role (superuser or staff) is in groups
 +    user.is_superuser = True if 'superusers' in groups else False
 +    user.is_staff = True if 'staff' in groups else False
 +    user.save()
--- a/roles/netbox/meta/argument_specs.yaml
+++ b/roles/netbox/meta/argument_specs.yaml
@ -10,7 +10,3 @@ argument_specs:
      netbox__config:
        type: str
        required: true
      netbox__patch_oidc_group_and_role_mapping_custom_pipeline:
        type: bool
        required: false
        default: false
--- a/roles/netbox/tasks/main.yaml
+++ b/roles/netbox/tasks/main.yaml
@ -25,12 +25,6 @@
    - Run upgrade script
    - Ensure netbox systemd services are set up and up-to-date
 - name: Ensure patch for adding custom pipeline code for OIDC group and role mapping is applied
  ansible.posix.patch:
    src: 0001_oidc_group_and_role_mapping_custom_pipeline.patch
    basedir: /opt/netbox/
  when: netbox__patch_oidc_group_and_role_mapping_custom_pipeline
 - name: Ensure netbox user
  block:
    - name: Ensure netbox group exists
		`@ -1 +0,0 @@`
			`netbox__patch_oidc_group_and_role_mapping_custom_pipeline: false`