diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..7004794 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,81 @@ +--- +name: CI + +'on': + pull_request: + push: + branches: + - main + schedule: + - cron: "0 7 * * 0" + +defaults: + run: + working-directory: 'AliMehraji.users' + +jobs: + + yaml_lint: + name: Yaml Lint + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v4 + with: + path: 'AliMehraji.users' + + - name: Set up Python 3. + uses: actions/setup-python@v5 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install yamllint + + - name: Lint code. + run: | + yamllint . + + ansible_lint: + name: Ansible Lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Run ansible-lint + uses: ansible/ansible-lint@main + + molecule: + name: Molecule + runs-on: ubuntu-latest + strategy: + matrix: + distro: + - rockylinux9 + - ubuntu2404 + - ubuntu2204 + - debian12 + - debian11 + - fedora40 + + steps: + - name: Check out the codebase. + uses: actions/checkout@v4 + with: + path: 'AliMehraji.users' + + - name: Set up Python 3. + uses: actions/setup-python@v5 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install -r requirements.txt + + - name: Run Molecule tests. + run: molecule test + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + MOLECULE_DISTRO: ${{ matrix.distro }} + +... diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml deleted file mode 100644 index 9be03ba..0000000 --- a/.github/workflows/lint.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -name: Lint - -'on': - pull_request: - push: - branches: - - main - -jobs: - yaml_lint: - name: YAML Lint - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Run yamllint - uses: ibiqlik/action-yamllint@v3 - with: - strict: true - ansible_lint: - name: Ansible Lint - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Run ansible-lint - uses: ansible/ansible-lint@main -... diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cd32522..f03febc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,7 +7,7 @@ name: Release defaults: run: - working-directory: 'alimehraji.usersrole' + working-directory: 'AliMehraji.users' jobs: @@ -18,7 +18,7 @@ jobs: - name: Check out the codebase. uses: actions/checkout@v4 with: - path: 'alimehraji.usersrole' + path: 'AliMehraji.users' - name: Set up Python 3. uses: actions/setup-python@v5 diff --git a/defaults/main.yml b/defaults/main.yml index a7e8f77..71aaaa3 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,106 +1,106 @@ --- # List of the groups to manage -users_groups: [] +# users_groups: [] # Example: -# users_groups: -# # Example 1: Simple group with only the name specified -# - name: developers +users_groups: + # Example 1: Simple group with only the name specified + - name: developers -# # Example 2: Group with a specific GID -# - name: admins -# gid: 1001 + # Example 2: Group with a specific GID + - name: admins + gid: 1007 -# # Example 3: System group (typically has lower GID numbers) -# - name: systemgroup -# system: true + # Example 3: System group (typically has lower GID numbers) + - name: systemgroup + system: true -# # Example 4: Local group (non-system, typically for local use) -# - name: localgroup -# local: true + # Example 4: Local group (non-system, typically for local use) + # - name: localgroup + # local: true -# # Example 5: Group with custom GID and defined as a non-system local group -# - name: customgroup -# gid: 2001 -# system: false -# local: true + # Example 5: Group with custom GID and defined as a non-system local group + # - name: customgroup + # gid: 2001 + # system: false + # local: true -# # Example 6: Another system group with explicit GID -# - name: sysadmins -# gid: 1002 -# system: true + # Example 6: Another system group with explicit GID + - name: sysadmins + gid: 1008 + system: true -# # Example 7: Group with all attributes defined -# - name: fullgroup -# gid: 3001 -# system: false -# local: true + # Example 7: Group with all attributes defined + # - name: fullgroup + # gid: 3001 + # system: false + # local: true -# # Example 8: Group without specifying optional attributes (uses defaults) -# - name: guest + # Example 8: Group without specifying optional attributes (uses defaults) + - name: guest # List of the users to manage -users_users: [] +# users_users: [] # Examples: -# users_users: -# # Example 1: Simple user with only the name specified -# - name: alice - -# # Example 2: User with a specified password -# - name: bob -# password: 'securepassword' # Replace 'securepassword' with the actual password - -# # Example 3: User with a specified shell and comment -# - name: charlie -# shell: /bin/zsh -# comment: "Charlie Developer" - -# # Example 4: User with a specific UID and home directory -# - name: dave -# uid: 1500 -# home: /home/dave_custom - -# # Example 5: User with an expiration date -# - name: eve -# expires: "2025-12-31" - -# # Example 6: User assigned to a primary group and additional groups -# - name: frank -# group: developers -# groups: "docker,git" -# sudoer: true # This user will be added to the sudoer group if defined - -# # Example 7: User with SSH public key and custom SSH options -# - name: grace -# ssh_key: | -# ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3... -# ssh_key_options: -# - no-port-forwarding -# - no-agent-forwarding -# ssh_comment: "grace@domain.com" - -# # Example 8: System user with no home directory -# - name: systemuser -# system: true -# create_home: false - -# # Example 9: User with a custom password update policy and non-unique UID -# - name: heidi -# password: 'anothersecurepassword' -# update_password: "on_create" -# non_unique: true - -# # Example 10: User with creation of home directory and specific UID -# - name: judy -# uid: 2001 -# create_home: true -# shell: /bin/bash -# comment: "Judy User" -# sudoer: true +users_users: + # Example 1: Simple user with only the name specified + - name: alice + + # Example 2: User with a specified password + - name: bob + password: 'securepassword' # Replace 'securepassword' with the actual password + + # Example 3: User with a specified shell and comment + - name: charlie + shell: /bin/zsh + comment: "Charlie Developer" + + # Example 4: User with a specific UID and home directory + - name: dave + uid: 1500 + home: /home/dave_custom + + # Example 5: User with an expiration date + # - name: eve + # expires: "2025-12-31" + + # Example 6: User assigned to a primary group and additional groups + # - name: frank + # group: developers + # groups: "docker,git" + # sudoer: true # This user will be added to the sudoer group if defined + + # Example 7: User with SSH public key and custom SSH options + - name: grace + ssh_key: | + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3... + ssh_key_options: + - no-port-forwarding + - no-agent-forwarding + ssh_comment: "grace@domain.com" + + # Example 8: System user with no home directory + - name: systemuser + system: true + create_home: false + + # Example 9: User with a custom password update policy and non-unique UID + - name: heidi + password: 'anothersecurepassword' + update_password: "on_create" + non_unique: true + + # Example 10: User with creation of home directory and specific UID + - name: judy + uid: 2001 + create_home: true + shell: /bin/bash + comment: "Judy User" + sudoer: true # # Example 11: User with all possible attributes defined # - name: kate diff --git a/meta/argument_specs.yml b/meta/argument_specs.yml index c301174..98aa373 100644 --- a/meta/argument_specs.yml +++ b/meta/argument_specs.yml @@ -83,7 +83,7 @@ argument_specs: - If false, user is not sudoer. append: type: bool - default: true + default: false description: - If true, add the user to the groups specified in groups. - If false, add the user to the groups specified in groups and remove from all others. diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..a9d13d4 --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,14 @@ +--- +- name: Converge + hosts: all + become: true + + pre_tasks: + - name: Update apt cache. + ansible.builtin.apt: + update_cache: true + cache_valid_time: 600 + when: ansible_os_family == 'Debian' + + roles: + - role: AliMehraji.users diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..328cad0 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,22 @@ +--- +role_name_check: 1 +dependency: + name: galaxy + options: + ignore-errors: true + requirements-file: requirements.yml +driver: + name: docker +platforms: + - name: instance + image: "geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux9}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true +provisioner: + name: ansible + playbooks: + converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/requirements.txt b/requirements.txt index 0e6b8ee..09f7811 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,6 +2,11 @@ ansible ansible-lint yamllint +# Needed for Molecule test scenarios +molecule +molecule-plugins[docker] +docker + # Needed for jinja2 json_query templating jmespath # Needed for ansible.utils.validate module @@ -9,4 +14,3 @@ jsonschema==4.23.0 aar-doc==2.0.0 ssh-keygen - diff --git a/tasks/create.yml b/tasks/create.yml index 342e505..fe03eef 100644 --- a/tasks/create.yml +++ b/tasks/create.yml @@ -24,7 +24,7 @@ expires: "{{ item.expires | default(omit) }}" group: "{{ item.group | default(omit) }}" groups: "{{ (item.groups | default('') + (',' + users_user_sudoer_group if item.sudoer is defined and item.sudoer else '')) | trim or omit }}" - append: "{{ item.append | default(true) | bool }}" + append: "{{ item.append | default(false) | bool }}" create_home: "{{ item.create_home | default(true) | bool }}" update_password: "{{ item.update_password | default('always') }}" non_unique: "{{ item.non_unique | default(omit) | bool }}"