Merge pull request 'evolinux-users: Only create a subset of users' (#162) from P10077 into unstable

Reviewed-on: #162

CHANGELOG.md

@@ -12,6 +12,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 
 ### Added
 
+* evolinux_users: create only users who have a certain value for the `create` key (default: `always`).
 * php: install php-xml with recent PHP versions
 
 ### Changed

evolinux-users/README.md

@@ -19,6 +19,7 @@ evolinux_users:
     groups: "baz"
     password_hash: 'sdfgsdfgsdfgsdfg'
     ssh_key: 'ssh-rsa AZERTYXYZ'
+    create: always
   bar:
     name: bar
     uid: 1002
@@ -30,6 +31,7 @@ evolinux_users:
     ssh_keys:
       - 'ssh-rsa QWERTYUIOP'
       - 'ssh-ed25519 QWERTYUIOP'
+    create: on_demand
 ```
 
 * `evolinux_sudo_group`: which group to use for sudo (default: `evolinux-sudo`)

evolinux-users/defaults/main.yml

@@ -6,3 +6,6 @@ evolinux_ssh_group: "evolinux-ssh"
 evolinux_internal_group: ""
 
 evolinux_root_disable_ssh: True
+
+# Defines which groups of users are created
+evolinux_users_create: always

evolinux-users/tasks/main.yml

@@ -16,7 +16,9 @@
   vars:
     user: "{{ item.value }}"
   loop: "{{ evolinux_users | dict2items }}"
-  when: evolinux_users | length > 0
+  when: 
+    - user.create == evolinux_users_create
+    - evolinux_users | length > 0
 
 - name: Configure sudo
   include: sudo.yml

evolinux-users/tasks/ssh.yml

@@ -50,6 +50,7 @@
     user: "{{ item.value }}"
   loop: "{{ evolinux_users | dict2items }}"
   when:
+    - user.create == evolinux_users_create
     - ssh_allowusers
     - not ssh_allowgroups
 

evolinux-users/tasks/sudo.yml

@@ -6,6 +6,7 @@
   loop: "{{ evolinux_users | dict2items }}"
   when:
     - evolinux_users | length > 0
+    - user.create == evolinux_users_create
     - ansible_distribution_release == "jessie"
 
 
@@ -16,6 +17,9 @@
     vars:
       user: "{{ item.value }}"
     loop: "{{ evolinux_users | dict2items }}"
+    when:
+      - evolinux_users | length > 0
+      - user.create == evolinux_users_create
   when:
     - ansible_distribution_major_version is defined
     - ansible_distribution_major_version is version('9', '>=')