[scm/quay]: Adding support for teams sync with a group_dn

roles/scm/quay/tasks/manage_prototypes.yml

@@ -1,12 +1,22 @@
 ---
-- name: Locate Existing Delegate Prototype Matches
+- name: Locate Existing Delegate Prototype Matches Robots
   set_fact:
     matched_prototypes: "{{ org_prototypes.json.prototypes | \
+      selectattr('delegate.is_robot','equalto','robot') | \
       selectattr('delegate.is_robot','equalto',true if quay_prototype.delegate.kind == 'robot' else false) | \
       selectattr('delegate.kind','equalto','user' if quay_prototype.delegate.kind != 'team' else quay_prototype.delegate.kind) | \
       selectattr('delegate.name','equalto',quay_organization.name + '+' + quay_prototype.delegate.name if quay_prototype.delegate.kind == 'robot' else quay_prototype.delegate.name) | \
       list }}"
 
+- name: Locate Existing Delegate Prototype Matches Teams
+  set_fact:
+    matched_prototypes: "{{ org_prototypes.json.prototypes | \
+      rejectattr('delegate.is_robot','equalto','robot') | \
+      selectattr('delegate.kind','equalto','team') | \
+      selectattr('delegate.name','equalto',quay_prototype.delegate.name) | \
+      list }}"
+  when: "{{ 'robot' not in quay_prototype.delegate.kind }}"
+
 - name: Locate Existing Activator Prototype Matches
   set_fact:
     matched_prototypes: "{{ matched_prototypes | default([]) | \

roles/scm/quay/tasks/manage_team.yml

@@ -15,6 +15,30 @@
     headers:
       Authorization: "{{ auth_header }}"
 
+- name: Get Team Sync Status
+  uri:
+    url: "{{ quay_api_base }}/organisation/{{ quay_organisation.name }}"
+    method: GET
+    validate_certs: "{{ quay_validate_certs }}"
+    headers:
+      Authorization: "{{ auth_header }}"
+  register: org_team_sync
+
+- name: Activate Team LDAP Sync
+  uri:
+    url: "{{ quay_api_base }}/organization/{{ quay_organization.name }}/team/{{ quay_team.name }}/syncing"
+    method: POST
+    body:
+      group_dn: "{{ quay_team.group_dn }}"
+    validate_certs: "{{ quay_validate_certs }}"
+    body_format: json
+    status_code:
+      - 200
+    headers:
+      Authorization: "{{ auth_header }}"
+  loop: "{{ org_team_sync.json.teams | dict2items }}"
+  when: "(item.key == quay_team.name and item.value.is_synced == false and quay_team.members is not defined)"
+
 - name: Get Team Members
   uri:
     url: "{{ quay_api_base }}/organization/{{ quay_organization.name }}/team/{{ quay_team.name }}/members"

roles/scm/quay/tests/inventory/group_vars/all.yml

@@ -10,9 +10,30 @@ orgs:
           - name: testteam
             type: team
             role: admin
+          - name: testteam2
+            type: team
+            role: read
     robots:
       - name: testrobot
     teams:
       - name: testteam
         members:
           - name: quay
+      - name: testteam2
+        role: member
+        permissions: read
+        group_dn: "CN=...OU=..."
+    prototypes:
+      - delegate:
+          kind: robot
+          name: testrobot
+          is_robot: true
+        role: read
+      - delegate:
+          kind: team
+          name: testteam
+        role: admin
+      - delegate:
+          kind: team
+          name: testteam2
+        role: read