feat: update all role vars to match current ansible requirements

fix: update README with up-to-date vars and playbook example fix: remove all default values - these were unsafe fix: add basic support for Ansible Check mode
tfindley · Dec 9, 2024 · aa66e1b · aa66e1b
1 parent 4f17195
commit aa66e1b
Show file tree

Hide file tree

Showing 6 changed files with 48 additions and 58 deletions.
diff --git a/README.md b/README.md
@@ -1,14 +1,24 @@
-# Users and Groups
+# Local Users and Groups
 
-A brief description of the role goes here.
+This is a very basic role for managing users and groups on a local Linux system
 
 ## Requirements
 
-Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+This role has no requirements beyond that of Ansible
 
 ## Role Variables
 
-A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+| field    | type   | required | default value | example          | description |
+| -------- | ------ | -------- | ------------- | ---------------- | ----------- |
+| username | string | true     |               | present / absent |             |
+| state    | string | true     |               |                  |             |
+| fname    | string | true     |               |                  |             |
+| sname    | string | true     |               |                  |             |
+| email    | string | true     |               |                  |             |
+| password | string | true     |               |                  |             |
+| sudo     | bool   | false    | false         | true             |             |
+| groups   | list   | false    |               |                  |             |
+| sshkeys  | list   | false    |               |                  |             |
 
 ## Dependencies
 
@@ -20,15 +30,8 @@ A list of other roles hosted on Galaxy should go here, plus any details in regar
 Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
 
 ```yml
-- hosts: servers
-  become: yes
-  gather_facts: true
-  roles:
-    - role: 'usersandgroups'
-  vars:
-
-# Adding a user
-  - username: "username"
+localusergroup_users:
+  - username: "username"  # This user will be added
     state: present
     fname: "user"
     sname: "name"
@@ -40,17 +43,18 @@ Including an example of how to use your role (for instance, with variables passe
     sshkeys:
       - 'copypaste ssh key'
       - 'or use file read'
+      - 'multiple_keys_can_be_used'
 
-# Removing a user
-  - username: "another.user"
+  - username: "another.user"  # This user will be removed
     state: absent
 
 # Managing Groups
-usersandgroups_groups:
-  - name: "dcinfra"
+localusergroup_groups:
+  - name: "infra"  # This group will be added
     state: present
 ```
 
+
 ### Generate password
 
 Preferred method:
@@ -70,4 +74,11 @@ BSD
 
 ## Author Information
 
-An optional section for the role authors to include contact information, or a website (HTML is not allowed).
+
+**Tristan Findley**
+
+Find out more about me [here](https://tfindley.github.io).
+
+If you're fan of my work and would like to show your support:
+
+[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/Z8Z016573P)
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,26 +1,2 @@
 ---
 # defaults file for users
-
-usersandgroups_users:
-# Adding a user
-  - username: "username"
-    state: present
-    fname: "user"
-    sname: "name"
-    email: [email protected]
-    password: 'set using openssl passwd -6'
-    sudo: true
-    groups:
-      - "grouphere"
-    sshkeys:
-      - 'copypaste ssh key'
-      - 'or use file read'
-
-# Removing a user
-  - username: "another.user"
-    state: absent
-
-# Managing Groups
-usersandgroups_groups:
-  - name: "dcinfra"
-    state: present
diff --git a/meta/main.yml b/meta/main.yml
@@ -1,8 +1,8 @@
 galaxy_info:
-  role_name: usersandgroups
+  role_name: localusergroup
   namespace: tfindley
   author: Tristan Findley
-  description: Manage users and groups
+  description: Manage local users and groups in  Linux
   company: TFindley (tfindley.co.uk)
 
   # If the issue tracker for your role is not on github, uncomment the

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,46 +1,49 @@
 ---
 # tasks file for users
 
-- name: Fetch local user accounts
+- name: "LocalUserGroup - Fetch local user accounts"
   become: true
   ansible.builtin.getent:
     database: group
 
-- name: Fetch local user accounts
+- name: "LocalUserGroup - Fetch local user accounts"
   become: true
   ansible.builtin.getent:
     database: passwd
 
-- name: "Manage groups"
+- name: "LocalUserGroup - Manage groups"
   become: true
-  loop: "{{ usersandgroups_groups }}"
+  ignore_errors: "{{ true if item.state == 'absent' else false }}"   # because idempotency is difficult with this module
+  loop: "{{ localusergroup_groups }}"
   loop_control:
     label: "{{ item.name }} - {{ item.state }}"
   when:
-    - usersandgroups_groups is defined
+    - localusergroup_groups is defined
   ansible.builtin.group:
     name: "{{ item.name }}"
     state: "{{ item.state }}"
 
-- name: "Manage users"
+- name: "LocalUserGroup - Manage users"
   become: true
-  loop: "{{ usersandgroups_users }}"
+  ignore_errors: "{{ true if item.state == 'absent' else false }}"   # because idempotency is difficult with this module
+  loop: "{{ localusergroup_users }}"
   loop_control:
     label: "{{ item.username }} - {{ item.state }}"
   when:
-    - usersandgroups_users
+    - localusergroup_users
   ansible.builtin.user:
     name: "{{ item.username }}"
     password: "{{ item.password if item.state == 'present' else omit }}"
     shell: "{{ item.shell | default('/bin/bash') if item.state == 'present' else omit }}"
-    groups: "{{ (item.groups | default([])) + (usersandgroups_sudo_group if item.sudo else []) if item.state == 'present' else omit }}"
+    groups: "{{ (item.groups | default([])) + (localusergroup_sudo_group if item.sudo else []) if item.state == 'present' else omit }}"
     append: "{{ true if item.state == 'present' else omit }}"
     state: "{{ item.state }}"
     update_password: "{{ 'on_create' if item.state == 'present' else omit }}"
 
-- name: "Manage authorized keys"
+- name: "LocalUserGroup - Manage authorized keys"
   become: true
-  loop: "{{ usersandgroups_users | selectattr('sshkeys', 'defined') | subelements('sshkeys') }}"
+  ignore_errors: "{{ ansible_check_mode }}"
+  loop: "{{ localusergroup_users | selectattr('sshkeys', 'defined') | subelements('sshkeys') }}"
   loop_control:
     label: "{{ item.0.username }}"
   when:

diff --git a/tests/test.yml b/tests/test.yml
@@ -3,4 +3,4 @@
   hosts: localhost
   remote_user: root
   roles:
-    - usersandgroups
+    - localusergroup
diff --git a/vars/main.yml b/vars/main.yml
@@ -1,10 +1,10 @@
 ---
 # vars file for users
 
-_usersandgroups_sudo_group_logic:
+_localusergroup_sudo_group_logic:
   Debian:
     - 'sudo'
     - 'adm'
   RedHat:
     - 'wheel'
-usersandgroups_sudo_group: "{{ _usersandgroups_sudo_group_logic[ansible_os_family] }}"
+localusergroup_sudo_group: "{{ _localusergroup_sudo_group_logic[ansible_os_family] }}"