From 9dfcfe1ef36afe920b06a87f6e97808018c81068 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Tue, 23 Aug 2022 17:45:19 -0400 Subject: [PATCH 1/4] Made it possible to only create a subset of users The evolinux_users_create variable is a list of tags that defaults to ['active']. Only the users that have one of the tags in the evolinux_users_create list will be created. --- CHANGELOG.md | 1 + evolinux-users/defaults/main.yml | 4 ++++ evolinux-users/tasks/main.yml | 4 +++- evolinux-users/tasks/ssh.yml | 1 + evolinux-users/tasks/sudo.yml | 4 ++++ 5 files changed, 13 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a4d0f3a6..b01a2bb1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ The **patch** part changes is incremented if multiple releases happen the same m ### Added * php: install php-xml with recent PHP versions +* evolinux_user_create variable for evolinux-users that allows creating only a subset of users, defaults to active ### Changed diff --git a/evolinux-users/defaults/main.yml b/evolinux-users/defaults/main.yml index 8ff94551..cbe6bca4 100644 --- a/evolinux-users/defaults/main.yml +++ b/evolinux-users/defaults/main.yml @@ -6,3 +6,7 @@ evolinux_ssh_group: "evolinux-ssh" evolinux_internal_group: "" evolinux_root_disable_ssh: True + +# Defines which groups of users are created +evolinux_users_create: + - active \ No newline at end of file diff --git a/evolinux-users/tasks/main.yml b/evolinux-users/tasks/main.yml index 1b838e01..e8c52408 100644 --- a/evolinux-users/tasks/main.yml +++ b/evolinux-users/tasks/main.yml @@ -16,7 +16,9 @@ vars: user: "{{ item.value }}" loop: "{{ evolinux_users | dict2items }}" - when: evolinux_users | length > 0 + when: + - user.create | intersect(evolinux_users_create) | length > 0 + - evolinux_users | length > 0 - name: Configure sudo include: sudo.yml diff --git a/evolinux-users/tasks/ssh.yml b/evolinux-users/tasks/ssh.yml index b0bf8b58..16c4eb67 100644 --- a/evolinux-users/tasks/ssh.yml +++ b/evolinux-users/tasks/ssh.yml @@ -50,6 +50,7 @@ user: "{{ item.value }}" loop: "{{ evolinux_users | dict2items }}" when: + - user.create | intersect(evolinux_users_create) | length > 0 - ssh_allowusers - not ssh_allowgroups diff --git a/evolinux-users/tasks/sudo.yml b/evolinux-users/tasks/sudo.yml index 4056e7ad..fa537079 100644 --- a/evolinux-users/tasks/sudo.yml +++ b/evolinux-users/tasks/sudo.yml @@ -6,6 +6,7 @@ loop: "{{ evolinux_users | dict2items }}" when: - evolinux_users | length > 0 + - user.create | intersect(evolinux_users_create) | length > 0 - ansible_distribution_release == "jessie" @@ -16,6 +17,9 @@ vars: user: "{{ item.value }}" loop: "{{ evolinux_users | dict2items }}" + when: + - evolinux_users | length > 0 + - user.create | intersect(evolinux_users_create) | length > 0 when: - ansible_distribution_major_version is defined - ansible_distribution_major_version is version('9', '>=') From 2c1ec040d18ba3c7b3417e421b3fbfcf848d6e18 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Wed, 24 Aug 2022 09:05:29 -0400 Subject: [PATCH 2/4] Simplify user subset creation Instead of tags, allow only one subset of users to be created at a time. --- CHANGELOG.md | 2 +- evolinux-users/defaults/main.yml | 3 +-- evolinux-users/tasks/main.yml | 2 +- evolinux-users/tasks/ssh.yml | 2 +- evolinux-users/tasks/sudo.yml | 4 ++-- 5 files changed, 6 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b01a2bb1..d4405a2b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,7 +13,7 @@ The **patch** part changes is incremented if multiple releases happen the same m ### Added * php: install php-xml with recent PHP versions -* evolinux_user_create variable for evolinux-users that allows creating only a subset of users, defaults to active +* evolinux_user_create variable for evolinux-users that allows creating only a subset of users, defaults to always ### Changed diff --git a/evolinux-users/defaults/main.yml b/evolinux-users/defaults/main.yml index cbe6bca4..658e4a31 100644 --- a/evolinux-users/defaults/main.yml +++ b/evolinux-users/defaults/main.yml @@ -8,5 +8,4 @@ evolinux_internal_group: "" evolinux_root_disable_ssh: True # Defines which groups of users are created -evolinux_users_create: - - active \ No newline at end of file +evolinux_users_create: always \ No newline at end of file diff --git a/evolinux-users/tasks/main.yml b/evolinux-users/tasks/main.yml index e8c52408..d105aefe 100644 --- a/evolinux-users/tasks/main.yml +++ b/evolinux-users/tasks/main.yml @@ -17,7 +17,7 @@ user: "{{ item.value }}" loop: "{{ evolinux_users | dict2items }}" when: - - user.create | intersect(evolinux_users_create) | length > 0 + - user.create == evolinux_users_create - evolinux_users | length > 0 - name: Configure sudo diff --git a/evolinux-users/tasks/ssh.yml b/evolinux-users/tasks/ssh.yml index 16c4eb67..25a08297 100644 --- a/evolinux-users/tasks/ssh.yml +++ b/evolinux-users/tasks/ssh.yml @@ -50,7 +50,7 @@ user: "{{ item.value }}" loop: "{{ evolinux_users | dict2items }}" when: - - user.create | intersect(evolinux_users_create) | length > 0 + - user.create == evolinux_users_create - ssh_allowusers - not ssh_allowgroups diff --git a/evolinux-users/tasks/sudo.yml b/evolinux-users/tasks/sudo.yml index fa537079..769e7a4e 100644 --- a/evolinux-users/tasks/sudo.yml +++ b/evolinux-users/tasks/sudo.yml @@ -6,7 +6,7 @@ loop: "{{ evolinux_users | dict2items }}" when: - evolinux_users | length > 0 - - user.create | intersect(evolinux_users_create) | length > 0 + - user.create == evolinux_users_create - ansible_distribution_release == "jessie" @@ -19,7 +19,7 @@ loop: "{{ evolinux_users | dict2items }}" when: - evolinux_users | length > 0 - - user.create | intersect(evolinux_users_create) | length > 0 + - user.create == evolinux_users_create when: - ansible_distribution_major_version is defined - ansible_distribution_major_version is version('9', '>=') From 018eee7ea088464aa67316c65dac56dfead0fe1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= Date: Wed, 24 Aug 2022 15:22:25 +0200 Subject: [PATCH 3/4] Update 'CHANGELOG.md' * use role name * more descriptive message * order items alphabetically --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d4405a2b..09d25126 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,8 +12,8 @@ The **patch** part changes is incremented if multiple releases happen the same m ### Added +* evolinux_users: create only users who have a certain value for the `create` key (default: `always`). * php: install php-xml with recent PHP versions -* evolinux_user_create variable for evolinux-users that allows creating only a subset of users, defaults to always ### Changed From 8e7c3a47aa52a950bae6bcbf2e80a7ba27c93c08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= Date: Wed, 24 Aug 2022 15:24:54 +0200 Subject: [PATCH 4/4] Update 'evolinux-users/README.md' Add a `create` key in examples --- evolinux-users/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/evolinux-users/README.md b/evolinux-users/README.md index c0f6e9ef..9c7beab4 100644 --- a/evolinux-users/README.md +++ b/evolinux-users/README.md @@ -19,6 +19,7 @@ evolinux_users: groups: "baz" password_hash: 'sdfgsdfgsdfgsdfg' ssh_key: 'ssh-rsa AZERTYXYZ' + create: always bar: name: bar uid: 1002 @@ -30,6 +31,7 @@ evolinux_users: ssh_keys: - 'ssh-rsa QWERTYUIOP' - 'ssh-ed25519 QWERTYUIOP' + create: on_demand ``` * `evolinux_sudo_group`: which group to use for sudo (default: `evolinux-sudo`)