roles/user_mgmt: improve by using state and default values

2020-09-17 14:12:22 +00:00 · 2020-09-17 14:12:22 +00:00 · a771624793
parent dee5a45271
commit a771624793
5 changed files with 16 additions and 10 deletions
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -1,3 +1,5 @@
+# do NOT create every user on every maschine
+user_mgmt_default_state: absent
 user_mgmt_default:
  crest:
    ssh_key:
--- a/host_vars/cloud.emma.ccchb.de.yml
+++ b/host_vars/cloud.emma.ccchb.de.yml
@ -14,8 +14,8 @@ php_fpm_env:

 user_mgmt:
  crest:
-    created: true
+    state: present
    groups: sudo
  genofire:
-    created: true
+    state: present
    groups: sudo
--- a/host_vars/dn42.emma.ccchb.de.yml
+++ b/host_vars/dn42.emma.ccchb.de.yml
@ -8,11 +8,11 @@ dns: 213.133.98.98 8.8.8.8

 user_mgmt:
  crest:
-    created: true
+    state: present
    groups: sudo
  genofire:
-    created: true
+    state: present
    groups: sudo
  fritz:
-    created: true
+    state: present
    groups: sudo
--- a/roles/user_mgmt/defaults/main.yml
+++ b/roles/user_mgmt/defaults/main.yml
@ -1,2 +1,6 @@
+---
+user_mgmt_default_state: "present"
+user_mgmt_default_groups: []
+
 user_mgmt_default: {}
 user_mgmt: {}
--- a/roles/user_mgmt/tasks/main.yml
+++ b/roles/user_mgmt/tasks/main.yml
@ -5,9 +5,9 @@
 - name: Add User
  user:
    name: "{{ item.key }}"
-    groups: "{{ item.value.groups | default([]) }}"
+    groups: "{{ item.value.groups | default(user_mgmt_default_groups) }}"
    state: present
-  when: item.value.created | default
+  when: (item.value.state | default(user_mgmt_default_state)) == "present"
  with_dict: "{{ _user_mgmt }}"

 - name: Add ssh-key to user
@ -15,7 +15,7 @@
    user: "{{ item.0.key }}"  
    key: "{{ item.1 }}"
    state: present
-  when: _user_mgmt[item.0.key].created | default
+  when: (_user_mgmt[item.0.key].created | default(user_mgmt_default_state)) == "present"
  loop: "{{ _user_mgmt |dict2items | subelements('value.ssh_key.present') }}"

 - name: Remove ssh-key to user
@ -23,12 +23,12 @@
    user: "{{ item.0.key }}"  
    key: "{{ item.1 }}"
    state: absent
-  when: _user_mgmt[item.0.key].created | default
+  when: (_user_mgmt[item.0.key].created | default(user_mgmt_default_state)) == "present"
  loop: "{{ _user_mgmt |dict2items | subelements('value.ssh_key.absent') }}"

 - name: Remove user
  user:
    name: "{{ item.key }}"
    state: absent
-  when: not (item.value.created | default)
+  when: (item.value.state | default(user_mgmt_default_state)) == "absent"
  with_dict: "{{ _user_mgmt }}"