Add ldap support to vault container in docker dev environment (#14777)

* add ldap_auth mount and configure it

* added in key engines, userpass auth method, still needs testing

* add policies and fix ldap_user

* start awx automation for vault demo and move ldap

* update docs with new flags/new credentials

tools/docker-compose/ansible/roles/sources/defaults/main.yml

@@ -34,6 +34,7 @@ ldap_cert_subject: "/C=US/ST=NC/L=Durham/O=awx/CN="
 enable_vault: false
 vault_tls: false
 hashivault_cert_dir: '{{ sources_dest }}/vault_certs'
+hashivault_vars_file: '../vault/defaults/main.yml'
 hashivault_server_cert_subject: "/C=US/ST=NC/L=Durham/O=awx/CN=tools-vault-1"
 hashivault_server_cert_extensions:
   - "subjectAltName = DNS:tools_vault_1, DNS:localhost"

tools/docker-compose/ansible/roles/sources/tasks/ldap.yml

@@ -7,12 +7,15 @@
     - "{{ ldap_cert_dir }}"
     - "{{ ldap_diff_dir }}"
 
+- name: include vault vars
+  include_vars: "{{ hashivault_vars_file }}"
+
 - name: General LDAP cert
   command: 'openssl req -new -x509 -days 365 -nodes -out {{ ldap_public_key_file }} -keyout {{ ldap_private_key_file }} -subj "{{ ldap_cert_subject }}"'
   args:
     creates: "{{ ldap_public_key_file }}"
 
 - name: Copy ldap.diff
-  copy:
-    src: "ldap.ldif"
+  ansible.builtin.template:
+    src: "ldap.ldif.j2"
     dest: "{{ ldap_diff_dir }}/ldap.ldif"

tools/docker-compose/ansible/roles/sources/templates/ldap.ldif.j2

@@ -84,3 +84,16 @@ objectClass: top
 objectClass: groupOfNames
 member: cn=awx_ldap_org_admin,ou=users,dc=example,dc=org
 
+{% if enable_ldap|bool and enable_vault|bool %}
+dn: cn={{ vault_ldap_username }},ou=users,dc=example,dc=org
+changetype: add
+mail: vault@example.org
+sn: LdapVaultAdmin
+cn: {{ vault_ldap_username }}
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: {{ vault_ldap_password }}
+givenName: awx
+{% endif %}