From 393c44ef2bfd4ea7e38c63931206e8957e7d5560 Mon Sep 17 00:00:00 2001
From: Andrei Darashenka <andrei@darashenka.com>
Date: Fri, 18 Aug 2017 09:08:01 +0200
Subject: [PATCH] generate tomcat-users.xml as well

---
 README.md                     | 12 +++++++++++-
 defaults/main.yml             |  2 ++
 tasks/main.yml                | 11 +++++++++++
 templates/tomcat-users.xml.j2 |  9 +++++++++
 4 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 templates/tomcat-users.xml.j2

diff --git a/README.md b/README.md
index f156af5..83d89e1 100644
--- a/README.md
+++ b/README.md
@@ -104,7 +104,17 @@ instance. The following variables are legit to configure per instance.
 * ``service_file``: Init system configuration file per instance, e.g. tomcat.conf for Upstart (string, default: ``{{ tomcat_default_service_file }}`` (see ``vars/service/*.yml``))
 * ``service_name``: Init system service name per instance, e.g. tomcat@foo.service for Systemd (string, default: ``{{ tomcat_default_service_name }}`` (see ``vars/service/*.yml``))
 * ``umask``: Allow to configure umask for Tomcat instance (oct, default: ``|default('')``)
-* ``systemd_default_instance``: Allow to configure default instance for Systemd templated service (string, default: ``None`` }}
+* ``systemd_default_instance``: Allow to configure default instance for Systemd templated service (string, default: ``None`` 
+* ``auth_roles``: which roles should be created in tomcat-users.xml (list of strings, default: [])
+* ``auth_users``: which users should be created in tomcat-users.xml (list of auth_users, see below. default: [])
+
+### auth_users
+
+Users to be configured in tomcat_users.xml
+
+* ``name``: username
+* ``password``: password in plaintext
+* ``roles``: which roles should be configured
 
 Configuring more than one instance requires to configure some of the
 variables documented above per instance. Please see example playbooks
diff --git a/defaults/main.yml b/defaults/main.yml
index 1b4f8a1..0d3a50e 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -27,6 +27,8 @@ tomcat_default_user_system: false
 # Tomcat configuration
 #   Default template for configuration file server.xml
 tomcat_default_server_xml_template: server.xml.j2
+#   Default template for configuration file tomcat-users.xml
+tomcat_default_tomcatusers_xml_template: tomcat-users.xml.j2
 #   Default template for configuration file web.xml
 tomcat_default_web_xml_template: web.xml.j2
 #   Default shutdown port (per instance name: item.port_shutdown)
diff --git a/tasks/main.yml b/tasks/main.yml
index 88494ad..7f7536f 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -180,6 +180,17 @@
   args:
     creates: "{{ item.0.path|default(tomcat_default_instance_path) }}/conf/{{ item.1 }}"
 
+- name: Install instance tomcat-users.xml
+  tags: tomcat
+  become: true
+  with_items: "{{ tomcat_instances }}"
+  register: tomcat_registered_install_tomcatusers_xml
+  template:
+    src: "{{ item.tomcatusers_xml_template|default(tomcat_default_tomcatusers_xml_template) }}"
+    dest: "{{ item.path|default(tomcat_default_instance_path) }}/conf/tomcat-users.xml"
+    owner: "{{ item.user|default(tomcat_default_user_name) }}"
+    group: "{{ item.group|default(tomcat_default_user_group) }}"
+    mode: 0640
 
 - name: Install instance server.xml
   tags: tomcat
diff --git a/templates/tomcat-users.xml.j2 b/templates/tomcat-users.xml.j2
new file mode 100644
index 0000000..6407612
--- /dev/null
+++ b/templates/tomcat-users.xml.j2
@@ -0,0 +1,9 @@
+<?xml version='1.0' encoding='utf-8'?>
+<tomcat-users>
+{% for role in item.auth_roles|default([]) %}
+  <role rolename="{{role}}"/>
+{% endfor %}
+{% for user in item.auth_users|default([]) %}
+  <user username="{{ user.name }}" password="{{ user.password }}" roles="{{ user.roles }}"/>
+{% endfor %}
+</tomcat-users>