diff --git a/.travis.yml b/.travis.yml index 38044e8..0c92fd9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -23,12 +23,21 @@ script: && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && exit 1) + # Should be existed - sudo cat /etc/passwd | grep testuser || exit 1 + + # Shouldn't be existed + - sudo cat /etc/passwd | grep wronguser && exit 1 + + # Should be presented - sudo cat /home/testuser/.ssh/authorized_keys | grep TESTKEY || exit 1 +# Variables users_groups: [testgroup] -users_users: +users_users: [testuser, wronguser] +users_to_install: [testuser] +users_ssh_keys: - name: testuser - ssh_keys: - - ssh-rsa TESTKEY + authorized: + - ssh-rsa TESTKEY diff --git a/README.md b/README.md index dcff7ee..7890678 100644 --- a/README.md +++ b/README.md @@ -26,8 +26,20 @@ users_users: [] # Create users # - name: name1 # groups: admin,sudo # shell: /bin/zsh - # ssh_keys: - # - ssh-rsa KEY-WILL-BE-ADDED-TO-AUTHORIZED-KEYS + +users_ssh_keys: [] # Assign allowed keys to users + # users_ssh_keys: + # - name: username1 + # authorized: + # - ssh-rsa KEY-WILL-BE-ADDED-TO-AUTHORIZED-KEYS + # - ssh-rsa KEY-WILL-BE-ADDED-TO-AUTHORIZED-KEYS + # - name: username2 + # authorized: + # - ssh-rsa KEY-WILL-BE-ADDED-TO-AUTHORIZED-KEYS + +users_to_install: [] # List of usernames. If not empty only users from the list will be installed. + # So that way you could keep a huge list of users somewhere and install only + # some of them in special environments. users_shell: /bin/bash # Default user shell @@ -50,10 +62,14 @@ Example: vars: users_groups: [admin] - users_users: - - name: klen - ssh_keys: - - ssh-rsa KEY-HERE + users_users: [tom, jerry] + users_ssh_keys: + - name: tom + authorized: + - ssh-rsa KEY-HERE + - name: jerry + authorized: + - ssh-rsa KEY-HERE ``` diff --git a/defaults/main.yml b/defaults/main.yml index 1189a56..7317918 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -19,8 +19,20 @@ users_users: [] # Create users # - name: name1 # groups: admin,sudo # shell: /bin/zsh - # ssh_keys: - # - ssh-rsa KEY-WILL-BE-ADDED-TO-AUTHORIZED-KEYS + +users_ssh_keys: [] # Assign allowed keys to users + # users_ssh_keys: + # - name: username1 + # authorized: + # - ssh-rsa KEY-WILL-BE-ADDED-TO-AUTHORIZED-KEYS + # - ssh-rsa KEY-WILL-BE-ADDED-TO-AUTHORIZED-KEYS + # - name: username2 + # authorized: + # - ssh-rsa KEY-WILL-BE-ADDED-TO-AUTHORIZED-KEYS + +users_to_install: [] # List of usernames. If not empty only users from the list will be installed. + # So that way you could keep a huge list of users somewhere and install only + # some of them in special environments. users_shell: /bin/bash # Default user shell diff --git a/tasks/users.yml b/tasks/users.yml index d3bf17d..2838150 100644 --- a/tasks/users.yml +++ b/tasks/users.yml @@ -10,6 +10,7 @@ - name: users | Create per user groups group: name={{item.name|default(item)}} + when: not users_to_install or item.name|default(item) in users_to_install with_items: users_users - name: users | Ensure the users are present @@ -18,14 +19,15 @@ comment: "{{item.comment|default('')}}" createhome: "{{item.createhome|default('yes')}}" force: "{{item.force|default('no')}}" - group: "{{item.group|default(item.name)}}" + group: "{{item.group|default(item.name|default(item))}}" groups: "{{item.groups|default('')}}" - home: "{{item.home|default('/home/' + item.name)}}" + home: "{{item.home|default('/home/' + item.name|default(item))}}" move_home: "{{item.move_home|default('no')}}" non_unique: "{{item.non_unique|default('no')}}" shell: "{{item.shell|default(users_shell)}}" system: "{{item.system|default('no')}}" update_password: "{{item.uid|default('always')}}" + when: not users_to_install or item.name|default(item) in users_to_install with_items: users_users - name: users | Ensure the removed users are not present @@ -34,6 +36,7 @@ - name: users | Ensure the users ssh keys are present authorized_key: "user={{item.0.name}} key='{{item.1}}'" + when: not users_to_install or item.0.name in users_to_install with_subelements: - - users_users - - ssh_keys + - users_ssh_keys + - authorized